From cvs at cvs.gnupg.org Wed Jun 1 11:12:42 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Jun 2016 11:12:42 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-149-g1cacd7d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 1cacd7d00a7b3de4a5e11ccce5ee6c50e0a5516d (commit) from 8ad17f402f6420880dcf06a13a54feadb52c0208 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1cacd7d00a7b3de4a5e11ccce5ee6c50e0a5516d Author: Werner Koch Date: Wed Jun 1 11:10:30 2016 +0200 core: Set notation flags for verify. * src/gpgme.h.in (GPGME_STATUS_NOTATION_FLAGS): New. * src/status-table.c (status_table): Add new status. * src/verify.c (parse_notation): Handle flags. Also fix NOTATION_DATA in case gpg would not percent-escape spaces. (_gpgme_verify_status_handler): Handle flags. * tests/run-verify.c (print_result): Print notaion data. -- Note that this does only work with the soon to be released GnuPG 2.1.13. diff --git a/NEWS b/NEWS index 04cfe12..7b939e7 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] * New function to format a GnuPG style public key algorithm string. + * Notation flags are now correctly set on verify. + * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_pubkey_algo_string NEW. @@ -15,6 +17,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_STATUS_TOFU_USER NEW. GPGME_STATUS_TOFU_STATS NEW. GPGME_STATUS_TOFU_STATS_LONG NEW. + GPGME_STATUS_NOTATION_FLAGS NEW. Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] diff --git a/src/gpgme.h.in b/src/gpgme.h.in index d68372c..dc2f143 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -549,7 +549,8 @@ typedef enum GPGME_STATUS_KEY_CONSIDERED = 94, GPGME_STATUS_TOFU_USER = 95, GPGME_STATUS_TOFU_STATS = 96, - GPGME_STATUS_TOFU_STATS_LONG = 97 + GPGME_STATUS_TOFU_STATS_LONG = 97, + GPGME_STATUS_NOTATION_FLAGS = 98 } gpgme_status_code_t; diff --git a/src/status-table.c b/src/status-table.c index 5850a36..1318c8e 100644 --- a/src/status-table.c +++ b/src/status-table.c @@ -102,6 +102,7 @@ static struct status_table_s status_table[] = { "NO_SGNR", GPGME_STATUS_NO_SGNR }, { "NODATA", GPGME_STATUS_NODATA }, { "NOTATION_DATA", GPGME_STATUS_NOTATION_DATA }, + { "NOTATION_FLAGS", GPGME_STATUS_NOTATION_FLAGS }, { "NOTATION_NAME", GPGME_STATUS_NOTATION_NAME }, { "PINENTRY_LAUNCHED", GPGME_STATUS_PINENTRY_LAUNCHED}, { "PKA_TRUST_BAD", GPGME_STATUS_PKA_TRUST_BAD }, diff --git a/src/verify.c b/src/verify.c index e6c9665..1ec09fe 100644 --- a/src/verify.c +++ b/src/verify.c @@ -504,13 +504,14 @@ parse_notation (gpgme_signature_t sig, gpgme_status_code_t code, char *args) gpgme_error_t err; gpgme_sig_notation_t *lastp = &sig->notations; gpgme_sig_notation_t notation = sig->notations; - char *end = strchr (args, ' '); - - if (end) - *end = '\0'; + char *p; if (code == GPGME_STATUS_NOTATION_NAME || code == GPGME_STATUS_POLICY_URL) { + p = strchr (args, ' '); + if (p) + *p = '\0'; + /* FIXME: We could keep a pointer to the last notation in the list. */ while (notation && notation->value) { @@ -538,9 +539,8 @@ parse_notation (gpgme_signature_t sig, gpgme_status_code_t code, char *args) notation->name_len = strlen (notation->name); - /* FIXME: For now we fake the human-readable flag. The - critical flag can not be reported as it is not - provided. */ + /* Set default flags for use with older gpg versions which + * do not emit a NOTATIONS_FLAG line. */ notation->flags = GPGME_SIG_NOTATION_HUMAN_READABLE; notation->human_readable = 1; } @@ -559,6 +559,37 @@ parse_notation (gpgme_signature_t sig, gpgme_status_code_t code, char *args) } *lastp = notation; } + else if (code == GPGME_STATUS_NOTATION_FLAGS) + { + char *field[2]; + + while (notation && notation->next) + { + lastp = ¬ation->next; + notation = notation->next; + } + + if (!notation || !notation->name) + { /* There are notation flags without a previous notation name. + * The crypto backend misbehaves. */ + return trace_gpg_error (GPG_ERR_INV_ENGINE); + } + if (_gpgme_split_fields (args, field, DIM (field)) < 2) + { /* Required args missing. */ + return trace_gpg_error (GPG_ERR_INV_ENGINE); + } + notation->flags = 0; + if (atoi (field[0])) + { + notation->flags |= GPGME_SIG_NOTATION_CRITICAL; + notation->critical = 1; + } + if (atoi (field[1])) + { + notation->flags |= GPGME_SIG_NOTATION_HUMAN_READABLE; + notation->human_readable = 1; + } + } else if (code == GPGME_STATUS_NOTATION_DATA) { int len = strlen (args) + 1; @@ -918,6 +949,7 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args) break; case GPGME_STATUS_NOTATION_NAME: + case GPGME_STATUS_NOTATION_FLAGS: case GPGME_STATUS_NOTATION_DATA: case GPGME_STATUS_POLICY_URL: opd->only_newsig_seen = 0; diff --git a/tests/run-verify.c b/tests/run-verify.c index df8cbf6..b174516 100644 --- a/tests/run-verify.c +++ b/tests/run-verify.c @@ -110,6 +110,7 @@ static void print_result (gpgme_verify_result_t result) { gpgme_signature_t sig; + gpgme_sig_notation_t nt; gpgme_tofu_info_t ti; int count = 0; @@ -138,8 +139,20 @@ print_result (gpgme_verify_result_t result) sig->wrong_key_usage? " wrong-key-usage":"", sig->chain_model? " chain-model":"" ); - printf (" notations .: %s\n", - sig->notations? "yes":"no"); + for (nt = sig->notations; nt; nt = nt->next) + { + printf (" notation ..: '%s'\n", nt->name); + if (strlen (nt->name) != nt->name_len) + printf (" warning : name larger (%d)\n", nt->name_len); + printf (" flags ...:%s%s (0x%02x)\n", + nt->critical? " critical":"", + nt->human_readable? " human":"", + nt->flags); + if (nt->value) + printf (" value ...: '%s'\n", nt->value); + if ((nt->value?strlen (nt->value):0) != nt->value_len) + printf (" warning : value larger (%d)\n", nt->value_len); + } for (ti = sig->tofu; ti; ti = ti->next) { printf (" tofu addr .: %s\n", ti->address); ----------------------------------------------------------------------- Summary of changes: NEWS | 3 +++ src/gpgme.h.in | 3 ++- src/status-table.c | 1 + src/verify.c | 46 +++++++++++++++++++++++++++++++++++++++------- tests/run-verify.c | 17 +++++++++++++++-- 5 files changed, 60 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 1 13:13:21 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 01 Jun 2016 13:13:21 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-150-gc88c9ef Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c88c9ef384b6f7bda9a61b58f26c2f89ae25f684 (commit) from 1cacd7d00a7b3de4a5e11ccce5ee6c50e0a5516d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c88c9ef384b6f7bda9a61b58f26c2f89ae25f684 Author: Justus Winter Date: Wed Jun 1 12:50:32 2016 +0200 tests: Fix notation tests. * lang/python/tests/t-sig-notation.py (check_result): Check critical flag. * tests/gpg/t-sig-notation.c (check_result): Likewise. Fixes-commit: 1cacd7d0 Signed-off-by: Justus Winter diff --git a/lang/python/tests/t-sig-notation.py b/lang/python/tests/t-sig-notation.py index 2d832ef..cb4a48e 100755 --- a/lang/python/tests/t-sig-notation.py +++ b/lang/python/tests/t-sig-notation.py @@ -44,9 +44,8 @@ def check_result(result): "Expected {!r}, got {!r}".format(value, r.value) assert r.human_readable \ == bool(flags&constants.SIG_NOTATION_HUMAN_READABLE) - # xxx notyet - #assert r.human_readable \ - # == bool(flags&constants.SIG_NOTATION_CRITICAL) + assert r.critical \ + == bool(flags&constants.SIG_NOTATION_CRITICAL) assert len(expected_notations) == 0 diff --git a/tests/gpg/t-sig-notation.c b/tests/gpg/t-sig-notation.c index 7345a52..843606a 100644 --- a/tests/gpg/t-sig-notation.c +++ b/tests/gpg/t-sig-notation.c @@ -83,11 +83,11 @@ check_result (gpgme_verify_result_t result) && r->value && !strcmp (r->value, expected_notations[i].value) && r->value_len == strlen (expected_notations[i].value) - && r->flags - == (expected_notations[i].flags & ~GPGME_SIG_NOTATION_CRITICAL) + && r->flags == expected_notations[i].flags && r->human_readable == !!(r->flags & GPGME_SIG_NOTATION_HUMAN_READABLE) - && r->critical == 0) + && r->critical + == !!(r->flags & GPGME_SIG_NOTATION_CRITICAL)) { expected_notations[i].seen++; any++; ----------------------------------------------------------------------- Summary of changes: lang/python/tests/t-sig-notation.py | 5 ++--- tests/gpg/t-sig-notation.c | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 1 13:48:40 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 01 Jun 2016 13:48:40 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-152-g54314a9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 54314a9c7d7ad52981c836ca742644a1fa69b518 (commit) via 9d6f85bd25e51445f1776b498875e77b529311b1 (commit) from c88c9ef384b6f7bda9a61b58f26c2f89ae25f684 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 54314a9c7d7ad52981c836ca742644a1fa69b518 Author: Andre Heinecke Date: Wed Jun 1 13:46:27 2016 +0200 Cpp: Use whitelist for status messages * lang/cpp/src/editinteractor.cpp (EditInteractor::needsNoResponse): Use whitelist instead of blacklist. -- This should be more robust when new status messages are added. The whitelist is the same GPA uses. Fixes Qt's t-ownertrust. diff --git a/lang/cpp/src/editinteractor.cpp b/lang/cpp/src/editinteractor.cpp index fb68bcb..d2633b5 100644 --- a/lang/cpp/src/editinteractor.cpp +++ b/lang/cpp/src/editinteractor.cpp @@ -201,20 +201,16 @@ Error EditInteractor::lastError() const bool EditInteractor::needsNoResponse(unsigned int status) const { switch (status) { - case GPGME_STATUS_EOF: - case GPGME_STATUS_GOT_IT: - case GPGME_STATUS_NEED_PASSPHRASE: + case GPGME_STATUS_ALREADY_SIGNED: + case GPGME_STATUS_ERROR: + case GPGME_STATUS_GET_BOOL: + case GPGME_STATUS_GET_LINE: + case GPGME_STATUS_KEY_CREATED: case GPGME_STATUS_NEED_PASSPHRASE_SYM: - case GPGME_STATUS_GOOD_PASSPHRASE: - case GPGME_STATUS_BAD_PASSPHRASE: - case GPGME_STATUS_USERID_HINT: - case GPGME_STATUS_SIGEXPIRED: - case GPGME_STATUS_KEYEXPIRED: - case GPGME_STATUS_PINENTRY_LAUNCHED: - case GPGME_STATUS_KEY_CONSIDERED: - return true; - default: + case GPGME_STATUS_SC_OP_FAILURE: return false; + default: + return true; } } commit 9d6f85bd25e51445f1776b498875e77b529311b1 Author: Andre Heinecke Date: Wed Jun 1 10:01:43 2016 +0200 Qt: Fix debug output in t-ownertrust * lang/qt/tests/t-ownertrust.cpp (testChangeOwnerTrust): Remove general debug of trust level. Add debug output for error. diff --git a/lang/qt/tests/t-ownertrust.cpp b/lang/qt/tests/t-ownertrust.cpp index d4385bf..eb6c3db 100644 --- a/lang/qt/tests/t-ownertrust.cpp +++ b/lang/qt/tests/t-ownertrust.cpp @@ -58,12 +58,14 @@ private Q_SLOTS: Q_ASSERT (!result.error()); Q_ASSERT (keys.size() == 1); Key key = keys.front(); - qDebug() << "Trust is: " << key.ownerTrust(); Q_ASSERT (key.ownerTrust() == Key::Unknown); ChangeOwnerTrustJob *job2 = openpgp()->changeOwnerTrustJob(); connect(job2, &ChangeOwnerTrustJob::result, this, [this](Error e) { + if (e) { + qDebug() << "Error in result: " << e.asString(); + } Q_ASSERT(!e); Q_EMIT asyncDone(); }); ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/editinteractor.cpp | 20 ++++++++------------ lang/qt/tests/t-ownertrust.cpp | 4 +++- 2 files changed, 11 insertions(+), 13 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 1 14:05:03 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 01 Jun 2016 14:05:03 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-40-gdb1ecc8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via db1ecc8212defdd183abbb6b1407fcc8d2dc9552 (commit) from 67a4bc8d536f6997f14daff4c039abd48a172100 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit db1ecc8212defdd183abbb6b1407fcc8d2dc9552 Author: NIIBE Yutaka Date: Wed Jun 1 20:59:09 2016 +0900 g10: Allow User ID length >= 256. * build-packet.c (do_user_id): Call write_header2 with HDRLEN not set. -- Reported-by: Daniel Kahn Gillmor GnuPG-bug-id: 2374 Signed-off-by: NIIBE Yutaka diff --git a/g10/build-packet.c b/g10/build-packet.c index 4bfc2ac..1353a86 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -329,7 +329,7 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) } else { - write_header2( out, ctb, uid->len, 2 ); + write_header2( out, ctb, uid->len, 0 ); rc = iobuf_write( out, uid->name, uid->len ); } return rc; ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 1 14:19:30 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 01 Jun 2016 14:19:30 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-153-g73c4753 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 73c47535b631a55687ecc5eff1d1d9a9fd71021e (commit) from 54314a9c7d7ad52981c836ca742644a1fa69b518 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 73c47535b631a55687ecc5eff1d1d9a9fd71021e Author: Justus Winter Date: Wed Jun 1 14:16:27 2016 +0200 python: Improve build system integration, fix warnings. * lang/python/Makefile.am: Pass CFLAGS to python build system. * lang/python/helpers.c (pyPassphraseCb): Use correct type for length. (pygpgme_data_new_from_cbs): Drop unused variable. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 8034922..18f77bb 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -40,7 +40,7 @@ gpgme_wrap.c pyme/pygpgme.py: gpgme.i errors.i gpgme.h copystamp $< all-local: gpgme_wrap.c pyme/pygpgme.py copystamp - $(PYTHON) $(srcdir)/setup.py build --verbose + CFLAGS="$(CFLAGS)" $(PYTHON) $(srcdir)/setup.py build --verbose clean-local: rm -rf -- build gpgme.h errors.i gpgme_wrap.c pyme/pygpgme.py \ diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 4792c87..4bbc298 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -207,7 +207,12 @@ static gpgme_error_t pyPassphraseCb(void *hook, if (PyBytes_Check(retval)) buf = PyBytes_AsString(retval), len = PyBytes_Size(retval); else if (PyUnicode_Check(retval)) - buf = PyUnicode_AsUTF8AndSize(retval, &len); + { + Py_ssize_t ssize; + buf = PyUnicode_AsUTF8AndSize(retval, &ssize); + assert (! buf || ssize >= 0); + len = (size_t) ssize; + } else { PyErr_Format(PyExc_TypeError, @@ -634,7 +639,6 @@ gpgme_error_t pygpgme_data_new_from_cbs(gpgme_data_t *r_data, pyDataSeekCb, pyDataReleaseCb, }; - PyObject *dataarg = NULL; assert (PyTuple_Check(pycbs)); assert (PyTuple_Size(pycbs) == 5 || PyTuple_Size(pycbs) == 6); ----------------------------------------------------------------------- Summary of changes: lang/python/Makefile.am | 2 +- lang/python/helpers.c | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 1 15:43:31 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 01 Jun 2016 15:43:31 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-155-gbbf1912 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via bbf19124bbec9eb6298cef2914baae7ac74382fe (commit) via 1607aa7fe5dd686ba3bfb6de4a2b602d6a458c86 (commit) from 73c47535b631a55687ecc5eff1d1d9a9fd71021e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bbf19124bbec9eb6298cef2914baae7ac74382fe Author: Justus Winter Date: Wed Jun 1 15:40:49 2016 +0200 python: Fix test suite with GnuPG prior to 2.1.12. * lang/python/tests/Makefile.am (gpg-agent.conf): Use 'allow-loopback-pinentry'. Signed-off-by: Justus Winter diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index b85e82e..12db3a5 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -94,4 +94,5 @@ $(top_srcdir)/tests/gpg/initial.test: check-local ./gpg-agent.conf: # This is required for gpg2, which does not support command fd. - echo pinentry-program $(abs_top_srcdir)/tests/gpg/pinentry > ./gpg-agent.conf + echo pinentry-program $(abs_top_srcdir)/tests/gpg/pinentry >$@ + echo allow-loopback-pinentry >>$@ commit 1607aa7fe5dd686ba3bfb6de4a2b602d6a458c86 Author: Justus Winter Date: Wed Jun 1 15:33:52 2016 +0200 python: Make Python detection more robust. Previously, missing Python development packages made configure fail instead of merely disabling the bindings. * configure.ac: Check for 'PYTHON_VERSION'. * m4/ax_python_devel.m4: Make test non-fatal. Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 7559559..b84b04b 100644 --- a/configure.ac +++ b/configure.ac @@ -365,6 +365,16 @@ if test "$found" = "1"; then else AM_PATH_PYTHON([3.3]) AX_SWIG_PYTHON + if test -z "$PYTHON_VERSION"; then + if test "$explicit_languages" = "1"; then + AC_MSG_ERROR([[ +*** +*** Please install the python development packages. +***]]) + else + enabled_languages=$(echo $enabled_languages | sed 's/python//') + fi + fi fi fi diff --git a/m4/ax_python_devel.m4 b/m4/ax_python_devel.m4 index 59a2ff0..de992c8 100644 --- a/m4/ax_python_devel.m4 +++ b/m4/ax_python_devel.m4 @@ -304,13 +304,12 @@ EOD` AC_MSG_RESULT([$pythonexists]) if test ! "x$pythonexists" = "xyes"; then - AC_MSG_FAILURE([ + AC_MSG_WARN([ Could not link test program to Python. Maybe the main Python library has been installed in some non-standard library path. If so, pass it to configure, via the LDFLAGS environment variable. Example: ./configure LDFLAGS="-L/usr/non-standard-path/python/lib" ============================================================================ - ERROR! You probably have to install the development version of the Python package for your distribution. The exact name of this package varies among them. ============================================================================ ----------------------------------------------------------------------- Summary of changes: configure.ac | 10 ++++++++++ lang/python/tests/Makefile.am | 3 ++- m4/ax_python_devel.m4 | 3 +-- 3 files changed, 13 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 2 16:03:31 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Jun 2016 16:03:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-44-g8f2a053 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8f2a053a0ffa0430d01a53b4d491a3f0fff683eb (commit) via d837f6b0eadb14ea08c1c6030b4d6adaaee8778e (commit) via 072acb69be55e366e2da921e3953404765fa3928 (commit) via c9f9fabdcc1022a5366e1c841acde55fb07105cb (commit) from db1ecc8212defdd183abbb6b1407fcc8d2dc9552 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8f2a053a0ffa0430d01a53b4d491a3f0fff683eb Author: Werner Koch Date: Thu Jun 2 15:54:48 2016 +0200 gpg: New command --quick-addkey. * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New. (ask_keysize): Factor code out to ... (get_keysize_range, fixup_keysize): new. (parse_parameter_usage): Factor parsing out to ... (parse_usagestr): new. Allow use of "encr" as alias for "encrypt". (parse_subkey_algostr_usagestr): New. (generate_subkeypair): Add new args. Implement unattended mode. * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ... (find_by_primary_fpr): new. (keyedit_quick_addkey): New. * g10/gpg.c (aQuickAddKey): New. (opts): Add --quick-addkey. (main): Implement. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index a09e610..9b0f1ba 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -620,6 +620,35 @@ supplied passphrase is used for the new key and the agent does not ask for it. To create a key without any protection @code{--passphrase ''} may be used. + at item --quick-addkey @code{fpr} [@code{algo} [@code{usage} [@code{expire}]]] + at opindex quick-addkey +Directly add a subkey to the key identified by the fingerprint + at code{fpr}. Without the optional arguments an encryption subkey is +added. If any of the arguments are given a more specific subkey is +added. + + at code{algo} may be any of the supported algorithms or curve names given +in the format as used by key listings. To use the default algorithm +the string ``default'' or ``-'' can be used. Supported algorithms are +``rsa'', ``dsa'', ``elg'', ``ed25519'', ``cv25519'', and other ECC +curves. For example the string ``rsa'' adds an RSA key with the +default key length; a string ``rsa4096'' requests that the key length +is 4096 bits. + +Depending on the given @code{algo} the subkey may either be an +encryption subkey or a signing subkey. If an algorithm is capable of +signing and encryption and such a subkey is desired, a @code{usage} +string must be given. This string is either ``default'' or ``-'' to +keep the default or a comma delimited list of keywords: ``sign'' for a +signing subkey, ``auth'' for an authentication subkey, and ``encr'' +for an encryption subkey (``encrypt'' can be used as alias for +``encr''). The valid combinations depend on the algorithm. + +The @code{expire} argument can be used to specify an expiration date +for the subkey. Several formats are supported; commonly the ISO +YYYY-MM-DD format is used. The values ``never'', ``none'', or ``-'' +can be used for no expiration date. + @item --gen-key @opindex gen-key Generate a new key pair using the current default parameters. This is @@ -636,6 +665,7 @@ There is also a feature which allows you to create keys in batch mode. See the manual section ``Unattended key generation'' on how to use this. + @item --gen-revoke @code{name} @opindex gen-revoke Generate a revocation certificate for the complete key. To only revoke diff --git a/g10/gpg.c b/g10/gpg.c index a88499a..2795330 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -117,6 +117,7 @@ enum cmd_and_opt_values aQuickSignKey, aQuickLSignKey, aQuickAddUid, + aQuickAddKey, aListConfig, aListGcryptConfig, aGPGConfList, @@ -426,6 +427,7 @@ static ARGPARSE_OPTS opts[] = { N_("quickly generate a new key pair")), ARGPARSE_c (aQuickAddUid, "quick-adduid", N_("quickly add a new user-id")), + ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"), ARGPARSE_c (aFullKeygen, "full-gen-key" , N_("full featured key pair generation")), ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")), @@ -2433,6 +2435,7 @@ main (int argc, char **argv) case aStore: case aQuickKeygen: case aQuickAddUid: + case aQuickAddKey: case aExportOwnerTrust: case aImportOwnerTrust: case aRebuildKeydbCaches: @@ -3775,6 +3778,7 @@ main (int argc, char **argv) case aDeleteSecretAndPublicKeys: case aQuickKeygen: case aQuickAddUid: + case aQuickAddKey: case aFullKeygen: case aKeygen: case aImport: @@ -4148,6 +4152,30 @@ main (int argc, char **argv) } break; + case aQuickAddKey: + { + const char *x_fpr, *x_algo, *x_usage, *x_expire; + + if (argc < 1 || argc > 4) + wrong_args ("--quick-addkey FINGERPRINT [ALGO [USAGE [EXPIRE]]]"); + x_fpr = *argv++; argc--; + x_algo = ""; + x_usage = ""; + x_expire = ""; + if (argc) + { + x_algo = *argv++; argc--; + if (argc) + { + x_usage = *argv++; argc--; + if (argc) + x_expire = *argv++; argc--; + } + } + keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire); + } + break; + case aFastImport: opt.import_options |= IMPORT_FAST; case aImport: diff --git a/g10/keyedit.c b/g10/keyedit.c index c78f8a3..16dbf62 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1,6 +1,6 @@ /* keyedit.c - Edit properties of a key * Copyright (C) 1998-2010 Free Software Foundation, Inc. - * Copyright (C) 1998-2015 Werner Koch + * Copyright (C) 1998-2016 Werner Koch * Copyright (C) 2015, 2016 g10 Code GmbH * * This file is part of GnuPG. @@ -2349,7 +2349,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, break; case cmdADDKEY: - if (!generate_subkeypair (ctrl, keyblock)) + if (!generate_subkeypair (ctrl, keyblock, NULL, NULL, NULL)) { redisplay = 1; modified = 1; @@ -2935,6 +2935,75 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) } +/* Find a keyblock by fingerprint because only this uniquely + * identifies a key and may thus be used to select a key for + * unattended subkey creation os key signing. */ +static gpg_error_t +find_by_primary_fpr (ctrl_t ctrl, const char *fpr, + kbnode_t *r_keyblock, KEYDB_HANDLE *r_kdbhd) +{ + gpg_error_t err; + kbnode_t keyblock = NULL; + KEYDB_HANDLE kdbhd = NULL; + KEYDB_SEARCH_DESC desc; + byte fprbin[MAX_FINGERPRINT_LEN]; + size_t fprlen; + + *r_keyblock = NULL; + *r_kdbhd = NULL; + + if (classify_user_id (fpr, &desc, 1) + || !(desc.mode == KEYDB_SEARCH_MODE_FPR + || desc.mode == KEYDB_SEARCH_MODE_FPR16 + || desc.mode == KEYDB_SEARCH_MODE_FPR20)) + { + log_error (_("\"%s\" is not a fingerprint\n"), fpr); + err = gpg_error (GPG_ERR_INV_NAME); + goto leave; + } + err = get_pubkey_byname (ctrl, NULL, NULL, fpr, &keyblock, &kdbhd, 1, 1); + if (err) + { + log_error (_("key \"%s\" not found: %s\n"), fpr, gpg_strerror (err)); + goto leave; + } + + /* Check that the primary fingerprint has been given. */ + fingerprint_from_pk (keyblock->pkt->pkt.public_key, fprbin, &fprlen); + if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR16 + && !memcmp (fprbin, desc.u.fpr, 16)) + ; + else if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR + && !memcmp (fprbin, desc.u.fpr, 16) + && !desc.u.fpr[16] + && !desc.u.fpr[17] + && !desc.u.fpr[18] + && !desc.u.fpr[19]) + ; + else if (fprlen == 20 && (desc.mode == KEYDB_SEARCH_MODE_FPR20 + || desc.mode == KEYDB_SEARCH_MODE_FPR) + && !memcmp (fprbin, desc.u.fpr, 20)) + ; + else + { + log_error (_("\"%s\" is not the primary fingerprint\n"), fpr); + err = gpg_error (GPG_ERR_INV_NAME); + goto leave; + } + + *r_keyblock = keyblock; + keyblock = NULL; + *r_kdbhd = kdbhd; + kdbhd = NULL; + err = 0; + + leave: + release_kbnode (keyblock); + keydb_release (kdbhd); + return err; +} + + /* Unattended key signing function. If the key specifified by FPR is available and FPR is the primary fingerprint all user ids of the key are signed using the default signing key. If UIDS is an empty @@ -2949,7 +3018,6 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, kbnode_t keyblock = NULL; KEYDB_HANDLE kdbhd = NULL; int modified = 0; - KEYDB_SEARCH_DESC desc; PKT_public_key *pk; kbnode_t node; strlist_t sl; @@ -2963,47 +3031,8 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, /* We require a fingerprint because only this uniquely identifies a key and may thus be used to select a key for unattended key signing. */ - if (classify_user_id (fpr, &desc, 1) - || !(desc.mode == KEYDB_SEARCH_MODE_FPR - || desc.mode == KEYDB_SEARCH_MODE_FPR16 - || desc.mode == KEYDB_SEARCH_MODE_FPR20)) - { - log_error (_("\"%s\" is not a fingerprint\n"), fpr); - goto leave; - } - err = get_pubkey_byname (ctrl, NULL, NULL, fpr, &keyblock, &kdbhd, 1, 1); - if (err) - { - log_error (_("key \"%s\" not found: %s\n"), fpr, gpg_strerror (err)); - goto leave; - } - - /* Check that the primary fingerprint has been given. */ - { - byte fprbin[MAX_FINGERPRINT_LEN]; - size_t fprlen; - - fingerprint_from_pk (keyblock->pkt->pkt.public_key, fprbin, &fprlen); - if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR16 - && !memcmp (fprbin, desc.u.fpr, 16)) - ; - else if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR - && !memcmp (fprbin, desc.u.fpr, 16) - && !desc.u.fpr[16] - && !desc.u.fpr[17] - && !desc.u.fpr[18] - && !desc.u.fpr[19]) - ; - else if (fprlen == 20 && (desc.mode == KEYDB_SEARCH_MODE_FPR20 - || desc.mode == KEYDB_SEARCH_MODE_FPR) - && !memcmp (fprbin, desc.u.fpr, 20)) - ; - else - { - log_error (_("\"%s\" is not the primary fingerprint\n"), fpr); - goto leave; - } - } + if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd)) + goto leave; if (fix_keyblock (&keyblock)) modified++; @@ -3129,6 +3158,67 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, } +/* Unattended subkey creation function. + * + */ +void +keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr, + const char *usagestr, const char *expirestr) +{ + gpg_error_t err; + kbnode_t keyblock; + KEYDB_HANDLE kdbhd; + int modified = 0; + PKT_public_key *pk; + +#ifdef HAVE_W32_SYSTEM + /* See keyedit_menu for why we need this. */ + check_trustdb_stale (ctrl); +#endif + + /* We require a fingerprint because only this uniquely identifies a + * key and may thus be used to select a key for unattended subkey + * creation. */ + if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd)) + goto leave; + + if (fix_keyblock (&keyblock)) + modified++; + + pk = keyblock->pkt->pkt.public_key; + if (pk->flags.revoked) + { + if (!opt.verbose) + show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1); + log_error ("%s%s", _("Key is revoked."), "\n"); + goto leave; + } + + /* Create the subkey. Noet that the called function already prints + * an error message. */ + if (!generate_subkeypair (ctrl, keyblock, algostr, usagestr, expirestr)) + modified = 1; + es_fflush (es_stdout); + + /* Store. */ + if (modified) + { + err = keydb_update_keyblock (kdbhd, keyblock); + if (err) + { + log_error (_("update failed: %s\n"), gpg_strerror (err)); + goto leave; + } + } + else + log_info (_("Key not changed so no update needed.\n")); + + leave: + release_kbnode (keyblock); + keydb_release (kdbhd); +} + + static void tty_print_notations (int indent, PKT_signature * sig) diff --git a/g10/keygen.c b/g10/keygen.c index f9cbf21..2ef80a7 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1,6 +1,6 @@ /* keygen.c - Generate a key pair * Copyright (C) 1998-2007, 2009-2011 Free Software Foundation, Inc. - * Copyright (C) 2014, 2015 Werner Koch + * Copyright (C) 2014, 2015, 2016 Werner Koch * * This file is part of GnuPG. * @@ -54,6 +54,7 @@ #define DEFAULT_STD_CURVE NULL #define DEFAULT_STD_SUBALGO PUBKEY_ALGO_RSA #define DEFAULT_STD_SUBKEYSIZE 2048 +#define DEFAULT_STD_SUBKEYUSE PUBKEY_USAGE_ENC #define DEFAULT_STD_SUBCURVE NULL /* Flag bits used during key generation. */ @@ -2017,88 +2018,47 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage, } -/* Ask for the key size. ALGO is the algorithm. If PRIMARY_KEYSIZE - is not 0, the function asks for the size of the encryption - subkey. */ -static unsigned -ask_keysize (int algo, unsigned int primary_keysize) +static void +get_keysize_range (int algo, + unsigned int *min, unsigned int *def, unsigned int *max) { - unsigned int nbits; - unsigned int min = 1024; - unsigned int def = DEFAULT_STD_KEYSIZE; - unsigned int max = 4096; - int for_subkey = !!primary_keysize; - int autocomp = 0; - - if (primary_keysize && !opt.expert) - { - /* Deduce the subkey size from the primary key size. */ - if (algo == PUBKEY_ALGO_DSA && primary_keysize > 3072) - nbits = 3072; /* For performance reasons we don't support more - than 3072 bit DSA. However we won't see this - case anyway because DSA can't be used as an - encryption subkey ;-). */ - else - nbits = primary_keysize; - autocomp = 1; - goto leave; - } + *min = 1024; + *def = DEFAULT_STD_KEYSIZE; + *max = 4096; /* Deviations from the standard values. */ switch(algo) { case PUBKEY_ALGO_DSA: - min = opt.expert? 768 : 1024; - def=2048; - max=3072; + *min = opt.expert? 768 : 1024; + *def=2048; + *max=3072; break; case PUBKEY_ALGO_ECDSA: case PUBKEY_ALGO_ECDH: - min=256; - def=256; - max=521; + *min=256; + *def=256; + *max=521; break; case PUBKEY_ALGO_EDDSA: - min=255; - def=255; - max=441; + *min=255; + *def=255; + *max=441; break; } +} - tty_printf(_("%s keys may be between %u and %u bits long.\n"), - openpgp_pk_algo_name (algo), min, max); - - for (;;) - { - char *prompt, *answer; - - if (for_subkey) - prompt = xasprintf (_("What keysize do you want " - "for the subkey? (%u) "), def); - else - prompt = xasprintf (_("What keysize do you want? (%u) "), def); - answer = cpr_get ("keygen.size", prompt); - cpr_kill_prompt (); - nbits = *answer? atoi (answer): def; - xfree(prompt); - xfree(answer); - - if(nbitsmax) - tty_printf(_("%s keysizes must be in the range %u-%u\n"), - openpgp_pk_algo_name (algo), min, max); - else - break; - } - - tty_printf (_("Requested keysize is %u bits\n"), nbits); - leave: +/* Return a fixed up keysize depending on ALGO. */ +static unsigned int +fixup_keysize (unsigned int nbits, int algo, int silent) +{ if (algo == PUBKEY_ALGO_DSA && (nbits % 64)) { nbits = ((nbits + 63) / 64) * 64; - if (!autocomp) + if (!silent) tty_printf (_("rounded up to %u bits\n"), nbits); } else if (algo == PUBKEY_ALGO_EDDSA) @@ -2109,7 +2069,7 @@ ask_keysize (int algo, unsigned int primary_keysize) nbits = 255; else nbits = 441; - if (!autocomp) + if (!silent) tty_printf (_("rounded to %u bits\n"), nbits); } } @@ -2123,14 +2083,14 @@ ask_keysize (int algo, unsigned int primary_keysize) nbits = 384; else nbits = 521; - if (!autocomp) + if (!silent) tty_printf (_("rounded to %u bits\n"), nbits); } } else if ((nbits % 32)) { nbits = ((nbits + 31) / 32) * 32; - if (!autocomp) + if (!silent) tty_printf (_("rounded up to %u bits\n"), nbits ); } @@ -2138,6 +2098,66 @@ ask_keysize (int algo, unsigned int primary_keysize) } +/* Ask for the key size. ALGO is the algorithm. If PRIMARY_KEYSIZE + is not 0, the function asks for the size of the encryption + subkey. */ +static unsigned +ask_keysize (int algo, unsigned int primary_keysize) +{ + unsigned int nbits; + unsigned int min, def, max; + int for_subkey = !!primary_keysize; + int autocomp = 0; + + get_keysize_range (algo, &min, &def, &max); + + if (primary_keysize && !opt.expert) + { + /* Deduce the subkey size from the primary key size. */ + if (algo == PUBKEY_ALGO_DSA && primary_keysize > 3072) + nbits = 3072; /* For performance reasons we don't support more + than 3072 bit DSA. However we won't see this + case anyway because DSA can't be used as an + encryption subkey ;-). */ + else + nbits = primary_keysize; + autocomp = 1; + goto leave; + } + + tty_printf(_("%s keys may be between %u and %u bits long.\n"), + openpgp_pk_algo_name (algo), min, max); + + for (;;) + { + char *prompt, *answer; + + if (for_subkey) + prompt = xasprintf (_("What keysize do you want " + "for the subkey? (%u) "), def); + else + prompt = xasprintf (_("What keysize do you want? (%u) "), def); + answer = cpr_get ("keygen.size", prompt); + cpr_kill_prompt (); + nbits = *answer? atoi (answer): def; + xfree(prompt); + xfree(answer); + + if(nbitsmax) + tty_printf(_("%s keysizes must be in the range %u-%u\n"), + openpgp_pk_algo_name (algo), min, max); + else + break; + } + + tty_printf (_("Requested keysize is %u bits\n"), nbits); + + leave: + nbits = fixup_keysize (nbits, algo, autocomp); + return nbits; +} + + /* Ask for the curve. ALGO is the selected algorithm which this function may adjust. Returns a malloced string with the name of the curve. BOTH tells that gpg creates a primary and subkey. */ @@ -2885,6 +2905,50 @@ get_parameter_algo( struct para_data_s *para, enum para_name key, return i; } + +/* Parse a usage string. The usage keywords "auth", "sign", "encr" + * may be elimited by space, tab, or comma. On error -1 is returned + * instead of the usage flags/ */ +static int +parse_usagestr (const char *usagestr) +{ + gpg_error_t err; + char **tokens = NULL; + const char *s; + int i; + unsigned int use = 0; + + tokens = strtokenize (usagestr, " \t,"); + if (!tokens) + { + err = gpg_error_from_syserror (); + log_error ("strtokenize failed: %s\n", gpg_strerror (err)); + return -1; + } + + for (i=0; (s = tokens[i]); i++) + { + if (!*s) + ; + else if (!ascii_strcasecmp (s, "sign")) + use |= PUBKEY_USAGE_SIG; + else if (!ascii_strcasecmp (s, "encrypt") + || !ascii_strcasecmp (s, "encr")) + use |= PUBKEY_USAGE_ENC; + else if (!ascii_strcasecmp (s, "auth")) + use |= PUBKEY_USAGE_AUTH; + else + { + xfree (tokens); + return -1; /* error */ + } + } + + xfree (tokens); + return use; +} + + /* * Parse the usage parameter and set the keyflags. Returns -1 on * error, 0 for no usage given or 1 for usage available. @@ -2893,33 +2957,24 @@ static int parse_parameter_usage (const char *fname, struct para_data_s *para, enum para_name key) { - struct para_data_s *r = get_parameter( para, key ); - char *p, *pn; - unsigned int use; - - if( !r ) - return 0; /* none (this is an optional parameter)*/ - - use = 0; - pn = r->u.value; - while ( (p = strsep (&pn, " \t,")) ) { - if ( !*p) - ; - else if ( !ascii_strcasecmp (p, "sign") ) - use |= PUBKEY_USAGE_SIG; - else if ( !ascii_strcasecmp (p, "encrypt") ) - use |= PUBKEY_USAGE_ENC; - else if ( !ascii_strcasecmp (p, "auth") ) - use |= PUBKEY_USAGE_AUTH; - else { - log_error("%s:%d: invalid usage list\n", fname, r->lnr ); - return -1; /* error */ - } + struct para_data_s *r = get_parameter( para, key ); + int i; + + if (!r) + return 0; /* none (this is an optional parameter)*/ + + i = parse_usagestr (r->u.value); + if (i == -1) + { + log_error ("%s:%d: invalid usage list\n", fname, r->lnr ); + return -1; /* error */ } - r->u.usage = use; - return 1; + + r->u.usage = i; + return 1; } + static int parse_revocation_key (const char *fname, struct para_data_s *para, enum para_name key) @@ -4260,12 +4315,119 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, } +gpg_error_t +parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr, + const char *usagestr, + int *r_algo, unsigned int *r_usage, + unsigned int *r_nbits, char **r_curve) +{ + int algo; + unsigned int use, nbits; + int wantuse; + unsigned int min, def, max; + const char *curve = NULL; + int eccalgo = 0; + + *r_curve = NULL; + + nbits = 0; + /* Parse the algo string. */ + if (!algostr || !*algostr + || !strcmp (algostr, "default") || !strcmp (algostr, "-")) + { + algo = DEFAULT_STD_SUBALGO; + use = DEFAULT_STD_SUBKEYUSE; + } + else if (*algostr == '&' && strlen (algostr) == 41) + { + /* Take algo from existing key. */ + algo = check_keygrip (ctrl, algostr+1); + /* FIXME: We need the curve name as well. */ + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + } + else if (!strncmp (algostr, "rsa", 3)) + { + algo = PUBKEY_ALGO_RSA; + use = DEFAULT_STD_SUBKEYUSE; + if (algostr[3]) + nbits = atoi (algostr + 3); + } + else if (!strncmp (algostr, "elg", 3)) + { + algo = PUBKEY_ALGO_ELGAMAL_E; + use = PUBKEY_USAGE_ENC; + if (algostr[3]) + nbits = atoi (algostr + 3); + } + else if (!strncmp (algostr, "dsa", 3)) + { + algo = PUBKEY_ALGO_DSA; + use = PUBKEY_USAGE_SIG; + if (algostr[3]) + nbits = atoi (algostr + 3); + } + else if ((curve = openpgp_is_curve_supported (algostr, &algo))) + { + if (!algo) + { + algo = PUBKEY_ALGO_ECDH; /* Default ECC algorithm. */ + eccalgo = 1; /* Remember - we may need to fix it up. */ + } + + if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA) + use = PUBKEY_USAGE_SIG; + else + use = PUBKEY_USAGE_ENC; + } + else + return gpg_error (GPG_ERR_INV_CURVE); + + /* Parse the usage string. */ + if (!usagestr || !*usagestr + || !strcmp (usagestr, "default") || !strcmp (usagestr, "-")) + ; /* Keep default usage */ + else if ((wantuse = parse_usagestr (usagestr)) != -1) + { + use = wantuse; + if (eccalgo && !(use & PUBKEY_USAGE_ENC)) + algo = PUBKEY_ALGO_ECDSA; /* Switch from ECDH to ECDSA. */ + } + else + return gpg_error (GPG_ERR_INV_VALUE); + + /* Make sure the keysize is in the allowed range. */ + get_keysize_range (algo, &min, &def, &max); + if (!nbits) + nbits = def; + else if (nbits < min) + nbits = min; + else if (nbits > max) + nbits = max; + + nbits = fixup_keysize (nbits, algo, 1); + + if (curve) + { + *r_curve = xtrystrdup (curve); + if (!*r_curve) + return gpg_error_from_syserror (); + } + *r_algo = algo; + *r_usage = use; + *r_nbits = nbits; + return 0; +} + + /* Add a new subkey to an existing key. Returns 0 if a new key has - been generated and put into the keyblocks. */ + been generated and put into the keyblocks. If any of ALGOSTR, + USAGESTR, or EXPIRESTR is NULL interactive mode is used. */ gpg_error_t -generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock) +generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, + const char *usagestr, const char *expirestr) { gpg_error_t err = 0; + int interactive; kbnode_t node; PKT_public_key *pri_psk = NULL; PKT_public_key *sub_psk = NULL; @@ -4278,6 +4440,8 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock) char *hexgrip = NULL; char *serialno = NULL; + interactive = (!algostr || !usagestr || !expirestr); + /* Break out the primary key. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); if (!node) @@ -4317,32 +4481,72 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock) goto leave; if (agent_get_keyinfo (NULL, hexgrip, &serialno)) { - tty_printf (_("Secret parts of primary key are not available.\n")); + if (interactive) + tty_printf (_("Secret parts of primary key are not available.\n")); + else + log_info ( _("Secret parts of primary key are not available.\n")); + err = gpg_error (GPG_ERR_NO_SECKEY); goto leave; } if (serialno) - tty_printf (_("Secret parts of primary key are stored on-card.\n")); + { + if (interactive) + tty_printf (_("Secret parts of primary key are stored on-card.\n")); + else + log_info ( _("Secret parts of primary key are stored on-card.\n")); + } xfree (hexgrip); hexgrip = NULL; - algo = ask_algo (ctrl, 1, NULL, &use, &hexgrip); - log_assert (algo); - - if (hexgrip) - nbits = 0; - else if (algo == PUBKEY_ALGO_ECDSA - || algo == PUBKEY_ALGO_EDDSA - || algo == PUBKEY_ALGO_ECDH) - curve = ask_curve (&algo, NULL); - else - nbits = ask_keysize (algo, 0); + if (interactive) + { + algo = ask_algo (ctrl, 1, NULL, &use, &hexgrip); + log_assert (algo); + + if (hexgrip) + nbits = 0; + else if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH) + curve = ask_curve (&algo, NULL); + else + nbits = ask_keysize (algo, 0); - expire = ask_expire_interval (0, NULL); - if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay", - _("Really create? (y/N) "))) + expire = ask_expire_interval (0, NULL); + if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay", + _("Really create? (y/N) "))) + { + err = gpg_error (GPG_ERR_CANCELED); + goto leave; + } + } + else /* Unattended mode. */ { - err = gpg_error (GPG_ERR_CANCELED); - goto leave; + err = parse_subkey_algostr_usagestr (ctrl, algostr, usagestr, + &algo, &use, &nbits, &curve); + if (err) + goto leave; + + if (!expirestr || !*expirestr || !strcmp (expirestr, "none") + || !strcmp (expirestr, "never") || !strcmp (expirestr, "-")) + expire = 0; + else + expire = parse_expire_string (expirestr); + if (expire == (u32)-1 ) + { + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } + + /* Check that usage is possible. */ + if ( ((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT)) + && !pubkey_get_nsig (algo)) + || ((use & PUBKEY_USAGE_ENC) + && !pubkey_get_nenc (algo))) + { + err = gpg_error (GPG_ERR_WRONG_KEY_USAGE); + goto leave; + } } if (hexgrip) diff --git a/g10/main.h b/g10/main.h index 5b5947e..0ca4d39 100644 --- a/g10/main.h +++ b/g10/main.h @@ -287,6 +287,8 @@ void keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, void keyedit_passwd (ctrl_t ctrl, const char *username); void keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid); +void keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr, + const char *usagestr, const char *expirestr); void keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, strlist_t locusr, int local); void show_basic_key_info (KBNODE keyblock); @@ -311,7 +313,10 @@ int keygen_add_revkey(PKT_signature *sig, void *opaque); gpg_error_t make_backsig (PKT_signature *sig, PKT_public_key *pk, PKT_public_key *sub_pk, PKT_public_key *sub_psk, u32 timestamp, const char *cache_nonce); -gpg_error_t generate_subkeypair (ctrl_t ctrl, kbnode_t pub_keyblock); +gpg_error_t generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, + const char *algostr, + const char *usagestr, + const char *expirestr); #ifdef ENABLE_CARD_SUPPORT gpg_error_t generate_card_subkeypair (kbnode_t pub_keyblock, int keyno, const char *serialno); commit d837f6b0eadb14ea08c1c6030b4d6adaaee8778e Author: Werner Koch Date: Thu Jun 2 15:14:49 2016 +0200 gpg: Do not abort on certain invalid packets. * g10/build-packet.c (write_fake_data): Check for non-opaque data. * g10/seskey.c (do_encode_md): Return NULL instead of abort. -- The first may happen if the usage flags of an algorithm do not match the allowed usage. When writing a backsig this would lead to a log_bug in libgcrypt due to the use of a regular MPI as opaque data. The second may happen with all kind of invalid data. It is easy to avoid an abort, though. Signed-off-by: Werner Koch diff --git a/g10/build-packet.c b/g10/build-packet.c index 1353a86..2745734 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -301,6 +301,8 @@ write_fake_data (IOBUF out, gcry_mpi_t a) if (!a) return 0; + if (!gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)) + return 0; /* e.g. due to generating a key with wrong usage. */ p = gcry_mpi_get_opaque ( a, &n); if (!p) return 0; /* For example due to a read error in diff --git a/g10/seskey.c b/g10/seskey.c index c41a145..e5385af 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -211,9 +211,12 @@ do_encode_md( gcry_md_hd_t md, int algo, size_t len, unsigned nbits, int i,n; gcry_mpi_t a; - if( len + asnlen + 4 > nframe ) - log_bug ("can't encode a %d bit MD into a %d bits frame, algo=%d\n", - (int)(len*8), (int)nbits, algo); + if (len + asnlen + 4 > nframe) + { + log_error ("can't encode a %d bit MD into a %d bits frame, algo=%d\n", + (int)(len*8), (int)nbits, algo); + return NULL; + } /* We encode the MD in this way: * commit 072acb69be55e366e2da921e3953404765fa3928 Author: Werner Koch Date: Thu Jun 2 15:10:52 2016 +0200 common: New function openpgp_is_curve_supported. * common/openpgp-oid.c: Include openpgpdefs.h. (oidtable): Add field pubkey_algo. (openpgp_is_curve_supported): New. -- Signed-off-by: Werner Koch diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index 1b6d5f3..7c93547 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -35,7 +35,7 @@ #include #include "util.h" - +#include "openpgpdefs.h" /* A table with all our supported OpenPGP curves. */ static struct { @@ -43,10 +43,11 @@ static struct { const char *oidstr; /* IETF formatted OID. */ unsigned int nbits; /* Nominal bit length of the curve. */ const char *alias; /* NULL or alternative name of the curve. */ + int pubkey_algo; /* Required OpenPGP algo or 0 for ECDSA/ECDH. */ } oidtable[] = { - { "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "cv25519" }, - { "Ed25519", "1.3.6.1.4.1.11591.15.1", 255, "ed25519" }, + { "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "cv25519", PUBKEY_ALGO_ECDH }, + { "Ed25519", "1.3.6.1.4.1.11591.15.1", 255, "ed25519", PUBKEY_ALGO_EDDSA }, { "NIST P-256", "1.2.840.10045.3.1.7", 256, "nistp256" }, { "NIST P-384", "1.3.132.0.34", 384, "nistp384" }, @@ -408,3 +409,29 @@ openpgp_enum_curves (int *iterp) *iterp = idx; return NULL; } + + +/* Return the Libgcrypt name for for the gpg curve NAME if supported. + * If R_ALGO is not NULL the required OpenPGP public key algo or 0 is + * stored at that address. NULL is returned if the curev is not + * supported. */ +const char * +openpgp_is_curve_supported (const char *name, int *r_algo) +{ + int idx; + + if (r_algo) + *r_algo = 0; + for (idx = 0; idx < DIM (oidtable) && oidtable[idx].name; idx++) + { + if (!strcmp (name, (oidtable[idx].alias? oidtable[idx].alias + /**/ : oidtable[idx].name)) + && curve_supported_p (oidtable[idx].name)) + { + if (r_algo) + *r_algo = oidtable[idx].pubkey_algo; + return oidtable[idx].name; + } + } + return NULL; +} diff --git a/common/util.h b/common/util.h index 84a15ab..7634885 100644 --- a/common/util.h +++ b/common/util.h @@ -214,7 +214,7 @@ int openpgp_oid_is_crv25519 (gcry_mpi_t a); const char *openpgp_curve_to_oid (const char *name, unsigned int *r_nbits); const char *openpgp_oid_to_curve (const char *oid, int canon); const char *openpgp_enum_curves (int *idxp); - +const char *openpgp_is_curve_supported (const char *name, int *r_algo); /*-- homedir.c --*/ commit c9f9fabdcc1022a5366e1c841acde55fb07105cb Author: Werner Koch Date: Thu Jun 2 15:09:42 2016 +0200 common: Add comments on how to enable backtrace(). -- diff --git a/common/logging.c b/common/logging.c index 9175b4f..b6bafc7 100644 --- a/common/logging.c +++ b/common/logging.c @@ -54,7 +54,7 @@ #include #include #include - +/* #include */ #define GNUPG_COMMON_NEED_AFLOCAL 1 #include "util.h" @@ -748,6 +748,19 @@ do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr) if (missing_lf) es_putc_unlocked ('\n', logstream ); es_funlockfile (logstream); + /* Using backtrace requires a configure test and to pass + * -rdynamic to gcc. Thus we do not enable it now. */ + /* { */ + /* void *btbuf[20]; */ + /* int btidx, btlen; */ + /* char **btstr; */ + + /* btlen = backtrace (btbuf, DIM (btbuf)); */ + /* btstr = backtrace_symbols (btbuf, btlen); */ + /* if (btstr) */ + /* for (btidx=0; btidx < btlen; btidx++) */ + /* log_debug ("[%d] %s\n", btidx, btstr[btidx]); */ + /* } */ abort (); } else ----------------------------------------------------------------------- Summary of changes: common/logging.c | 15 +- common/openpgp-oid.c | 33 +++- common/util.h | 2 +- doc/gpg.texi | 30 ++++ g10/build-packet.c | 2 + g10/gpg.c | 28 ++++ g10/keyedit.c | 178 +++++++++++++++------ g10/keygen.c | 424 ++++++++++++++++++++++++++++++++++++++------------- g10/main.h | 7 +- g10/seskey.c | 9 +- 10 files changed, 565 insertions(+), 163 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 2 18:41:20 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Jun 2016 18:41:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-46-g01285f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 01285f909e43e8d6a48fbcc77bb5af53d567d8a2 (commit) via dcc4cd83821667be22e502af86139bb4bd41bdf7 (commit) from 8f2a053a0ffa0430d01a53b4d491a3f0fff683eb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 01285f909e43e8d6a48fbcc77bb5af53d567d8a2 Author: Werner Koch Date: Thu Jun 2 18:38:10 2016 +0200 gpg: Extend the --quick-gen-key command. * g10/keygen.c (quickgen_set_para): Add arg 'use'. (quick_generate_keypair): Add args 'algostr', 'usagestr', and 'expirestr'. Implement primary only key mode. (parse_algo_usage_expire): Set NBITS for the default algo. * g10/gpg.c (main): Extend --quick-gen-key command. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 9b0f1ba..4559958 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -599,7 +599,7 @@ This section explains the main commands for key management @table @gnupgtabopt - at item --quick-gen-key @code{user-id} + at item --quick-gen-key @code{user-id} [@code{algo} [@code{usage} [@code{expire}]]] @opindex quick-gen-key This is a simple command to generate a standard key with one user id. In contrast to @option{--gen-key} the key is generated directly @@ -612,6 +612,13 @@ answer to a ``Continue?'' style confirmation prompt is required. In case the user id already exists in the key ring a second prompt to force the creation of the key will show up. +If any of the optional arguments are given, only the primary key is +created and no prompts are shown. For a description of these optional +arguments see the command @code{--quick-addkey}. The @code{usage} +accepts also the value ``cert'' which can be used to create a +certification only primary key; the default is to a create +certification and signing key. + If this command is used with @option{--batch}, @option{--pinentry-mode} has been set to @code{loopback}, and one of the passphrase options (@option{--passphrase}, diff --git a/g10/gpg.c b/g10/gpg.c index 2795330..b193fcd 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4096,11 +4096,29 @@ main (int argc, char **argv) break; case aQuickKeygen: - if (argc != 1 ) - wrong_args("--gen-key user-id"); - username = make_username (fname); - quick_generate_keypair (ctrl, username); - xfree (username); + { + const char *x_algo, *x_usage, *x_expire; + + if (argc < 1 || argc > 4) + wrong_args("--quick-gen-key USER-ID [ALGO [USAGE [EXPIRE]]]"); + username = make_username (fname); + argv++, argc--; + x_algo = ""; + x_usage = ""; + x_expire = ""; + if (argc) + { + x_algo = *argv++; argc--; + if (argc) + { + x_usage = *argv++; argc--; + if (argc) + x_expire = *argv++; argc--; + } + } + quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire); + xfree (username); + } break; case aKeygen: /* generate a key */ diff --git a/g10/keygen.c b/g10/keygen.c index 69b6a0d..940cb16 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -136,6 +136,12 @@ static byte zip_prefs[MAX_PREFS]; static int nzip_prefs; static int mdc_available,ks_modify; +static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, + const char *algostr, const char *usagestr, + const char *expirestr, + int *r_algo, unsigned int *r_usage, + u32 *r_expire, + unsigned int *r_nbits, char **r_curve); static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, struct output_control_s *outctrl, int card ); static int write_keyblock (iobuf_t out, kbnode_t node); @@ -3467,13 +3473,20 @@ read_parameter_file (ctrl_t ctrl, const char *fname ) /* Helper for quick_generate_keypair. */ static struct para_data_s * quickgen_set_para (struct para_data_s *para, int for_subkey, - int algo, int nbits, const char *curve) + int algo, int nbits, const char *curve, unsigned int use) { struct para_data_s *r; - r = xmalloc_clear (sizeof *r + 20); + r = xmalloc_clear (sizeof *r + 30); r->key = for_subkey? pSUBKEYUSAGE : pKEYUSAGE; - strcpy (r->u.value, for_subkey ? "encrypt" : "sign"); + if (use) + snprintf (r->u.value, 30, "%s%s%s%s", + (use & PUBKEY_USAGE_ENC)? "encr " : "", + (use & PUBKEY_USAGE_SIG)? "sign " : "", + (use & PUBKEY_USAGE_AUTH)? "auth " : "", + (use & PUBKEY_USAGE_CERT)? "cert " : ""); + else + strcpy (r->u.value, for_subkey ? "encr" : "sign"); r->next = para; para = r; r = xmalloc_clear (sizeof *r + 20); @@ -3507,7 +3520,8 @@ quickgen_set_para (struct para_data_s *para, int for_subkey, * Unattended generation of a standard key. */ void -quick_generate_keypair (ctrl_t ctrl, const char *uid) +quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr, + const char *usagestr, const char *expirestr) { gpg_error_t err; struct para_data_s *para = NULL; @@ -3518,6 +3532,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid) memset (&outctrl, 0, sizeof outctrl); use_tty = (!opt.batch && !opt.answer_yes + && !*algostr && !*usagestr && !*expirestr && !cpr_enabled () && gnupg_isatty (fileno (stdin)) && gnupg_isatty (fileno (stdout)) @@ -3578,12 +3593,39 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid) } } - para = quickgen_set_para (para, 0, - DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE, - DEFAULT_STD_CURVE); - para = quickgen_set_para (para, 1, - DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE, - DEFAULT_STD_SUBCURVE); + if (*algostr || *usagestr || *expirestr) + { + /* Extended unattended mode. Creates only the primary key. */ + int algo; + unsigned int use; + u32 expire; + unsigned int nbits; + char *curve; + + err = parse_algo_usage_expire (ctrl, 0, algostr, usagestr, expirestr, + &algo, &use, &expire, &nbits, &curve); + if (err) + { + log_error (_("Key generation failed: %s\n"), gpg_strerror (err) ); + goto leave; + } + + para = quickgen_set_para (para, 0, algo, nbits, curve, use); + r = xmalloc_clear (sizeof *r + 20); + r->key = pKEYEXPIRE; + r->u.expire = expire; + r->next = para; + para = r; + } + else + { + para = quickgen_set_para (para, 0, + DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE, + DEFAULT_STD_CURVE, 0); + para = quickgen_set_para (para, 1, + DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE, + DEFAULT_STD_SUBCURVE, 0); + } /* If the pinentry loopback mode is not and we have a static passphrase (i.e. set with --passphrase{,-fd,-file} while in batch @@ -3601,6 +3643,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid) } proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0); + leave: release_parameter_list (para); } @@ -3844,10 +3887,10 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname, , "--full-gen-key" ); para = quickgen_set_para (para, 0, DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE, - DEFAULT_STD_CURVE); + DEFAULT_STD_CURVE, 0); para = quickgen_set_para (para, 1, DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE, - DEFAULT_STD_SUBCURVE); + DEFAULT_STD_SUBCURVE, 0); } @@ -4318,7 +4361,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, } -gpg_error_t +static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, const char *algostr, const char *usagestr, const char *expirestr, @@ -4340,8 +4383,9 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, if (!algostr || !*algostr || !strcmp (algostr, "default") || !strcmp (algostr, "-")) { - algo = DEFAULT_STD_SUBALGO; - use = DEFAULT_STD_SUBKEYUSE; + algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO; + use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE; + nbits = for_subkey?DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE; } else if (*algostr == '&' && strlen (algostr) == 41) { diff --git a/g10/main.h b/g10/main.h index 0ca4d39..46b4ead 100644 --- a/g10/main.h +++ b/g10/main.h @@ -298,7 +298,8 @@ u32 parse_expire_string(const char *string); u32 ask_expire_interval(int object,const char *def_expire); u32 ask_expiredate(void); unsigned int ask_key_flags (int algo, int subkey, unsigned int current); -void quick_generate_keypair (ctrl_t ctrl, const char *uid); +void quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr, + const char *usagestr, const char *expirestr); void generate_keypair (ctrl_t ctrl, int full, const char *fname, const char *card_serialno, int card_backup_key); int keygen_set_std_prefs (const char *string,int personal); commit dcc4cd83821667be22e502af86139bb4bd41bdf7 Author: Werner Koch Date: Thu Jun 2 17:01:54 2016 +0200 gpg: Improve the new parse_subkey_algostr_usagestr fucntion. * g10/keygen.c (parse_usagestr): Allow "cert". (generate_subkeypair): Factor expire parsing out to ... (parse_subkey_algostr_usagestr): here. Rename to ... (parse_algo_usage_expire): this. Add arg 'for_subkey'. Set CERT for primary key and check that it is not set for subkeys. Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index 2ef80a7..69b6a0d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -51,6 +51,7 @@ is inside the bounds enforced by ask_keysize and gen_xxx. */ #define DEFAULT_STD_ALGO PUBKEY_ALGO_RSA #define DEFAULT_STD_KEYSIZE 2048 +#define DEFAULT_STD_KEYUSE (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG) #define DEFAULT_STD_CURVE NULL #define DEFAULT_STD_SUBALGO PUBKEY_ALGO_RSA #define DEFAULT_STD_SUBKEYSIZE 2048 @@ -2937,6 +2938,8 @@ parse_usagestr (const char *usagestr) use |= PUBKEY_USAGE_ENC; else if (!ascii_strcasecmp (s, "auth")) use |= PUBKEY_USAGE_AUTH; + else if (!ascii_strcasecmp (s, "cert")) + use |= PUBKEY_USAGE_CERT; else { xfree (tokens); @@ -4316,13 +4319,15 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, gpg_error_t -parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr, - const char *usagestr, - int *r_algo, unsigned int *r_usage, - unsigned int *r_nbits, char **r_curve) +parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, + const char *algostr, const char *usagestr, + const char *expirestr, + int *r_algo, unsigned int *r_usage, u32 *r_expire, + unsigned int *r_nbits, char **r_curve) { int algo; unsigned int use, nbits; + u32 expire; int wantuse; unsigned int min, def, max; const char *curve = NULL; @@ -4348,7 +4353,7 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr, else if (!strncmp (algostr, "rsa", 3)) { algo = PUBKEY_ALGO_RSA; - use = DEFAULT_STD_SUBKEYUSE; + use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE; if (algostr[3]) nbits = atoi (algostr + 3); } @@ -4395,6 +4400,27 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr, else return gpg_error (GPG_ERR_INV_VALUE); + /* Make sure a primary key has the CERT usage. */ + if (!for_subkey) + use |= PUBKEY_USAGE_CERT; + + /* Check that usage is possible. */ + if (/**/((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT)) + && !pubkey_get_nsig (algo)) + || ((use & PUBKEY_USAGE_ENC) + && !pubkey_get_nenc (algo)) + || (for_subkey && (use & PUBKEY_USAGE_CERT))) + return gpg_error (GPG_ERR_WRONG_KEY_USAGE); + + /* Parse the expire string. */ + if (!expirestr || !*expirestr || !strcmp (expirestr, "none") + || !strcmp (expirestr, "never") || !strcmp (expirestr, "-")) + expire = 0; + else + expire = parse_expire_string (expirestr); + if (expire == (u32)-1 ) + return gpg_error (GPG_ERR_INV_VALUE); + /* Make sure the keysize is in the allowed range. */ get_keysize_range (algo, &min, &def, &max); if (!nbits) @@ -4414,6 +4440,7 @@ parse_subkey_algostr_usagestr (ctrl_t ctrl, const char *algostr, } *r_algo = algo; *r_usage = use; + *r_expire = expire; *r_nbits = nbits; return 0; } @@ -4522,31 +4549,10 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, } else /* Unattended mode. */ { - err = parse_subkey_algostr_usagestr (ctrl, algostr, usagestr, - &algo, &use, &nbits, &curve); + err = parse_algo_usage_expire (ctrl, 1, algostr, usagestr, expirestr, + &algo, &use, &expire, &nbits, &curve); if (err) goto leave; - - if (!expirestr || !*expirestr || !strcmp (expirestr, "none") - || !strcmp (expirestr, "never") || !strcmp (expirestr, "-")) - expire = 0; - else - expire = parse_expire_string (expirestr); - if (expire == (u32)-1 ) - { - err = gpg_error (GPG_ERR_INV_VALUE); - goto leave; - } - - /* Check that usage is possible. */ - if ( ((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT)) - && !pubkey_get_nsig (algo)) - || ((use & PUBKEY_USAGE_ENC) - && !pubkey_get_nenc (algo))) - { - err = gpg_error (GPG_ERR_WRONG_KEY_USAGE); - goto leave; - } } if (hexgrip) ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 9 +++- g10/gpg.c | 28 +++++++++--- g10/keygen.c | 136 ++++++++++++++++++++++++++++++++++++++++------------------- g10/main.h | 3 +- 4 files changed, 126 insertions(+), 50 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 2 21:23:51 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Jun 2016 21:23:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-47-g1b460f0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1b460f049e5c1c102d8b55ad28781688252c5a6b (commit) from 01285f909e43e8d6a48fbcc77bb5af53d567d8a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1b460f049e5c1c102d8b55ad28781688252c5a6b Author: Werner Koch Date: Thu Jun 2 21:21:08 2016 +0200 gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch diff --git a/agent/command.c b/agent/command.c index dfbb831..d55e7da 100644 --- a/agent/command.c +++ b/agent/command.c @@ -207,7 +207,7 @@ clear_nonce_cache (ctrl_t ctrl) } -/* This function is called by Libassuan whenever thee client sends a +/* This function is called by Libassuan whenever the client sends a reset. It has been registered similar to the other Assuan commands. */ static gpg_error_t @@ -857,7 +857,8 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) static const char hlp_genkey[] = - "GENKEY [--no-protection] [--preset] [--inq-passwd] []\n" + "GENKEY [--no-protection] [--preset] [--inq-passwd]\n" + " [--passwd-nonce=] []\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" @@ -873,7 +874,8 @@ static const char hlp_genkey[] = "When the --preset option is used the passphrase for the generated\n" "key will be added to the cache. When --inq-passwd is used an inquire\n" "with the keyword NEWPASSWD is used to request the passphrase for the\n" - "new key.\n"; + "new key. When a --passwd-nonce is used, the corresponding cached\n" + "passphrase is used to protect the new key."; static gpg_error_t cmd_genkey (assuan_context_t ctx, char *line) { @@ -885,10 +887,12 @@ cmd_genkey (assuan_context_t ctx, char *line) unsigned char *newpasswd = NULL; membuf_t outbuf; char *cache_nonce = NULL; + char *passwd_nonce = NULL; int opt_preset; int opt_inq_passwd; size_t n; - char *p; + char *p, *pend; + int c; if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); @@ -896,6 +900,21 @@ cmd_genkey (assuan_context_t ctx, char *line) no_protection = has_option (line, "--no-protection"); opt_preset = has_option (line, "--preset"); opt_inq_passwd = has_option (line, "--inq-passwd"); + passwd_nonce = option_value (line, "--passwd-nonce"); + if (passwd_nonce) + { + for (pend = passwd_nonce; *pend && !spacep (pend); pend++) + ; + c = *pend; + *pend = '\0'; + passwd_nonce = xtrystrdup (passwd_nonce); + *pend = c; + if (!passwd_nonce) + { + rc = gpg_error_from_syserror (); + goto leave; + } + } line = skip_options (line); p = line; @@ -933,6 +952,8 @@ cmd_genkey (assuan_context_t ctx, char *line) } } + else if (passwd_nonce) + newpasswd = agent_get_cache (passwd_nonce, CACHE_MODE_NONCE); rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection, newpasswd, opt_preset, &outbuf); @@ -951,6 +972,7 @@ cmd_genkey (assuan_context_t ctx, char *line) else rc = write_and_clear_outbuf (ctx, &outbuf); xfree (cache_nonce); + xfree (passwd_nonce); return leave_cmd (ctx, rc); } @@ -1715,6 +1737,24 @@ cmd_passwd (assuan_context_t ctx, char *line) else if (opt_verify) { /* All done. */ + if (passphrase) + { + if (!passwd_nonce) + { + char buf[12]; + gcry_create_nonce (buf, 12); + passwd_nonce = bin2hex (buf, 12, NULL); + } + if (passwd_nonce + && !agent_put_cache (passwd_nonce, CACHE_MODE_NONCE, + passphrase, CACHE_TTL_NONCE)) + { + assuan_write_status (ctx, "PASSWD_NONCE", passwd_nonce); + xfree (ctrl->server_local->last_passwd_nonce); + ctrl->server_local->last_passwd_nonce = passwd_nonce; + passwd_nonce = NULL; + } + } } else { @@ -1785,6 +1825,7 @@ cmd_passwd (assuan_context_t ctx, char *line) gcry_sexp_release (s_skey); xfree (shadow_info); xfree (cache_nonce); + xfree (passwd_nonce); return leave_cmd (ctx, err); } diff --git a/g10/call-agent.c b/g10/call-agent.c index d8c6ded..818f3de 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1805,7 +1805,7 @@ inq_genkey_parms (void *opaque, const char *line) PASSPHRASE is not NULL the agent is requested to protect the key with that passphrase instead of asking for one. */ gpg_error_t -agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, +agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr, const char *keyparms, int no_protection, const char *passphrase, gcry_sexp_t *r_pubkey) { @@ -1827,19 +1827,26 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, return err; dfltparm.ctx = agent_ctx; - err = assuan_transact (agent_ctx, "RESET", - NULL, NULL, NULL, NULL, NULL, NULL); - if (err) - return err; + if (passwd_nonce_addr && *passwd_nonce_addr) + ; /* A RESET would flush the passwd nonce cache. */ + else + { + err = assuan_transact (agent_ctx, "RESET", + NULL, NULL, NULL, NULL, NULL, NULL); + if (err) + return err; + } init_membuf (&data, 1024); gk_parm.dflt = &dfltparm; gk_parm.keyparms = keyparms; gk_parm.passphrase = passphrase; - snprintf (line, sizeof line, "GENKEY%s%s%s", + snprintf (line, sizeof line, "GENKEY%s%s%s%s%s", no_protection? " --no-protection" : passphrase ? " --inq-passwd" : /* */ "", + passwd_nonce_addr && *passwd_nonce_addr? " --passwd-nonce=":"", + passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"", cache_nonce_addr && *cache_nonce_addr? " ":"", cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); cn_parm.cache_nonce_addr = cache_nonce_addr; @@ -2389,13 +2396,14 @@ agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc, /* Ask the agent to change the passphrase of the key identified by - HEXKEYGRIP. If DESC is not NULL, display DESC instead of the - default description message. If CACHE_NONCE_ADDR is not NULL the - agent is advised to first try a passphrase associated with that - nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use - the passphrase associated with that nonce. */ + * HEXKEYGRIP. If DESC is not NULL, display DESC instead of the + * default description message. If CACHE_NONCE_ADDR is not NULL the + * agent is advised to first try a passphrase associated with that + * nonce. If PASSWD_NONCE_ADDR is not NULL the agent will try to use + * the passphrase associated with that nonce for the new passphrase. + * If VERIFY is true the passphrase is only verified. */ gpg_error_t -agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, +agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify, char **cache_nonce_addr, char **passwd_nonce_addr) { gpg_error_t err; @@ -2414,7 +2422,6 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, if (!hexkeygrip || strlen (hexkeygrip) != 40) return gpg_error (GPG_ERR_INV_VALUE); - if (desc) { snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc); @@ -2424,12 +2431,18 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, return err; } - snprintf (line, DIM(line)-1, "PASSWD %s%s %s%s %s", - cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", - cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", - passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"", - passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"", - hexkeygrip); + if (verify) + snprintf (line, DIM(line)-1, "PASSWD %s%s --verify %s", + cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", + cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", + hexkeygrip); + else + snprintf (line, DIM(line)-1, "PASSWD %s%s %s%s %s", + cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"", + cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"", + passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"", + passwd_nonce_addr && *passwd_nonce_addr? *passwd_nonce_addr:"", + hexkeygrip); cn_parm.cache_nonce_addr = cache_nonce_addr; cn_parm.passwd_nonce_addr = passwd_nonce_addr; err = assuan_transact (agent_ctx, line, NULL, NULL, @@ -2438,6 +2451,7 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, return err; } + /* Return the version reported by gpg-agent. */ gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version) diff --git a/g10/call-agent.h b/g10/call-agent.h index 06a19d4..4e83388 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -156,7 +156,8 @@ gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno); /* Generate a new key. */ -gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, +gpg_error_t agent_genkey (ctrl_t ctrl, + char **cache_nonce_addr, char **passwd_nonce_addr, const char *keyparms, int no_protection, const char *passphrase, gcry_sexp_t *r_pubkey); @@ -200,6 +201,7 @@ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, /* Change the passphrase of a key. */ gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, + int verify, char **cache_nonce_addr, char **passwd_nonce_addr); /* Get the version reported by gpg-agent. */ gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version); diff --git a/g10/keyedit.c b/g10/keyedit.c index 16dbf62..a38c90a 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1728,7 +1728,8 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock) goto leave; desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_NORMAL, 1); - err = agent_passwd (ctrl, hexgrip, desc, &cache_nonce, &passwd_nonce); + err = agent_passwd (ctrl, hexgrip, desc, 0, + &cache_nonce, &passwd_nonce); xfree (desc); if (err) diff --git a/g10/keygen.c b/g10/keygen.c index 940cb16..c8057b5 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1304,14 +1304,15 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip, static int common_gen (const char *keyparms, int algo, const char *algoelem, kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { int err; PACKET *pkt; PKT_public_key *pk; gcry_sexp_t s_key; - err = agent_genkey (NULL, cache_nonce_addr, keyparms, + err = agent_genkey (NULL, cache_nonce_addr, passwd_nonce_addr, keyparms, !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), passphrase, &s_key); @@ -1372,7 +1373,8 @@ common_gen (const char *keyparms, int algo, const char *algoelem, static int gen_elg (int algo, unsigned int nbits, KBNODE pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { int err; char *keyparms; @@ -1413,7 +1415,8 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root, { err = common_gen (keyparms, algo, "pgy", pub_root, timestamp, expireval, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); xfree (keyparms); } @@ -1427,7 +1430,8 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root, static gpg_error_t gen_dsa (unsigned int nbits, KBNODE pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { int err; unsigned int qbits; @@ -1500,7 +1504,8 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, { err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy", pub_root, timestamp, expireval, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); xfree (keyparms); } @@ -1515,7 +1520,8 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, static gpg_error_t gen_ecc (int algo, const char *curve, kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { gpg_error_t err; char *keyparms; @@ -1557,7 +1563,8 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root, { err = common_gen (keyparms, algo, "", pub_root, timestamp, expireval, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); xfree (keyparms); } @@ -1571,7 +1578,8 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root, static int gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, u32 timestamp, u32 expireval, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { int err; char *keyparms; @@ -1612,7 +1620,8 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, { err = common_gen (keyparms, algo, "ne", pub_root, timestamp, expireval, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); xfree (keyparms); } @@ -2751,7 +2760,8 @@ ask_user_id (int mode, int full, KBNODE keyblock) static int do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root, u32 timestamp, u32 expiredate, int is_subkey, - int keygen_flags, const char *passphrase, char **cache_nonce_addr) + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) { gpg_error_t err; @@ -2766,18 +2776,22 @@ do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root, if (algo == PUBKEY_ALGO_ELGAMAL_E) err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); else if (algo == PUBKEY_ALGO_DSA) err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA || algo == PUBKEY_ALGO_ECDH) err = gen_ecc (algo, curve, pub_root, timestamp, expiredate, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); else if (algo == PUBKEY_ALGO_RSA) err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey, - keygen_flags, passphrase, cache_nonce_addr); + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); else BUG(); @@ -4169,7 +4183,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, get_parameter_u32( para, pKEYEXPIRE ), 0, outctrl->keygen_flags, get_parameter_passphrase (para), - &cache_nonce); + &cache_nonce, NULL); else err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, ×tamp, @@ -4232,7 +4246,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, get_parameter_u32 (para, pSUBKEYEXPIRE), 1, s ? KEYGEN_FLAG_NO_PROTECTION : outctrl->keygen_flags, get_parameter_passphrase (para), - &cache_nonce); + &cache_nonce, NULL); /* Get the pointer to the generated public subkey packet. */ if (!err) { @@ -4508,8 +4522,11 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, unsigned int nbits = 0; char *curve = NULL; u32 cur_time; + char *key_from_hexgrip = NULL; char *hexgrip = NULL; char *serialno = NULL; + char *cache_nonce = NULL; + char *passwd_nonce = NULL; interactive = (!algostr || !usagestr || !expirestr); @@ -4567,14 +4584,12 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, log_info ( _("Secret parts of primary key are stored on-card.\n")); } - xfree (hexgrip); - hexgrip = NULL; if (interactive) { - algo = ask_algo (ctrl, 1, NULL, &use, &hexgrip); + algo = ask_algo (ctrl, 1, NULL, &use, &key_from_hexgrip); log_assert (algo); - if (hexgrip) + if (key_from_hexgrip) nbits = 0; else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA @@ -4599,12 +4614,40 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, goto leave; } - if (hexgrip) - err = do_create_from_keygrip (ctrl, algo, hexgrip, - keyblock, cur_time, expire, 1); + /* Verify the passphrase now so that we get a cache item for the + * primary key passphrase. The agent also returns a passphrase + * nonce, which we can use to set the passphrase for the subkey to + * that of the primary key. */ + { + char *desc = gpg_format_keydesc (pri_psk, FORMAT_KEYDESC_NORMAL, 1); + err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/, + &cache_nonce, &passwd_nonce); + xfree (desc); + } + + /* Start creation. */ + if (key_from_hexgrip) + { + err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip, + keyblock, cur_time, expire, 1); + } else - err = do_create (algo, nbits, curve, - keyblock, cur_time, expire, 1, 0, NULL, NULL); + { + const char *passwd; + + /* If the pinentry loopback mode is not and we have a static + passphrase (i.e. set with --passphrase{,-fd,-file} while in batch + mode), we use that passphrase for the new subkey. */ + if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK + && have_static_passphrase ()) + passwd = get_static_passphrase (); + else + passwd = NULL; + + err = do_create (algo, nbits, curve, + keyblock, cur_time, expire, 1, 0, + passwd, &cache_nonce, &passwd_nonce); + } if (err) goto leave; @@ -4614,16 +4657,20 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, sub_psk = node->pkt->pkt.public_key; /* Write the binding signature. */ - err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time, NULL); + err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time, + cache_nonce); if (err) goto leave; write_status_text (STATUS_KEY_CREATED, "S"); leave: + xfree (key_from_hexgrip); xfree (curve); xfree (hexgrip); xfree (serialno); + xfree (cache_nonce); + xfree (passwd_nonce); if (err) log_error (_("Key generation failed: %s\n"), gpg_strerror (err) ); return err; ----------------------------------------------------------------------- Summary of changes: agent/command.c | 49 ++++++++++++++++++++++++--- g10/call-agent.c | 52 +++++++++++++++++----------- g10/call-agent.h | 4 ++- g10/keyedit.c | 3 +- g10/keygen.c | 101 ++++++++++++++++++++++++++++++++++++++++--------------- 5 files changed, 157 insertions(+), 52 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 2 22:03:22 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Jun 2016 22:03:22 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-48-g8d976a6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8d976a6b07c5a356631791b46b590328c1451f31 (commit) from 1b460f049e5c1c102d8b55ad28781688252c5a6b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8d976a6b07c5a356631791b46b590328c1451f31 Author: Werner Koch Date: Thu Jun 2 22:01:51 2016 +0200 gpg: Add the fingerprint to KEY_CREATED for subkeys. * g10/keygen.c (print_status_key_created): Make more robust by allowing a NULL for PK. (generate_subkeypair): Use print_status_key_created. (generate_card_subkeypair): Ditto. Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index c8057b5..a4a3110 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -166,11 +166,14 @@ print_status_key_created (int letter, PKT_public_key *pk, const char *handle) if (letter || pk) { *p++ = letter; - *p++ = ' '; - fingerprint_from_pk (pk, array, &n); - s = array; - for (i=0; i < n ; i++, s++, p += 2) - sprintf (p, "%02X", *s); + if (pk) + { + *p++ = ' '; + fingerprint_from_pk (pk, array, &n); + s = array; + for (i=0; i < n ; i++, s++, p += 2) + sprintf (p, "%02X", *s); + } } if (*handle) { @@ -4662,7 +4665,8 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, if (err) goto leave; - write_status_text (STATUS_KEY_CREATED, "S"); + print_status_key_created ('S', sub_psk, NULL); + leave: xfree (key_from_hexgrip); @@ -4691,6 +4695,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock, u32 expire; u32 cur_time; struct para_data_s *para = NULL; + PKT_public_key *sub_pk = NULL; log_assert (keyno >= 1 && keyno <= 3); @@ -4757,8 +4762,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock, /* Get the pointer to the generated public subkey packet. */ if (!err) { - PKT_public_key *sub_pk = NULL; - for (node = pub_keyblock; node; node = node->next) if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) sub_pk = node->pkt->pkt.public_key; @@ -4771,7 +4774,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock, if (err) log_error (_("Key generation failed: %s\n"), gpg_strerror (err) ); else - write_status_text (STATUS_KEY_CREATED, "S"); + print_status_key_created ('S', sub_pk, NULL); release_parameter_list (para); return err; } ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 2 22:53:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Jun 2016 22:53:08 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-7-g4121f15 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4121f15122501d8946f1589b303d1f7949c15e30 (commit) from 3e8074ecd3a534e8bd7f11cf17f0b22d252584c8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4121f15122501d8946f1589b303d1f7949c15e30 Author: Werner Koch Date: Mon Sep 7 15:38:04 2015 +0200 Fix gcc portability on Solaris 9 SPARC boxes. * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__. -- This patch has been in use by pkgsrc for SunOS mentok 5.9 Generic_117171-02 sun4u sparc SUNW,Sun-Fire-V240 since 2004. GnuPG-bug-id: 1703 Signed-off-by: Werner Koch [cherry-pick of commit d281624] Signed-off-by: Jussi Kivilinna diff --git a/mpi/longlong.h b/mpi/longlong.h index db98e47..0a5acb6 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute__ ((mode (TI))); "rJ" ((USItype)(al)), \ "rI" ((USItype)(bl)) \ __CLOBBER_CC) -# if defined (__sparc_v8__) +# if defined (__sparc_v8__) || defined(__sparcv8) /* Don't match immediate range because, 1) it is not often useful, 2) the 'I' flag thinks of the range as a 13 bit signed interval, while we want to match a 13 bit interval, sign extended to 32 bits, ----------------------------------------------------------------------- Summary of changes: mpi/longlong.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 3 15:45:36 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 03 Jun 2016 15:45:36 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-9-gef6e4d0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 (commit) via 82df6c63a72fdd969c3923523f10d0cef5713ac7 (commit) from 4121f15122501d8946f1589b303d1f7949c15e30 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 Author: Werner Koch Date: Fri Jun 3 15:42:53 2016 +0200 rsa: Implement blinding also for signing. * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ... (secret_blinded): new. (rsa_sign): Use blinding by default. -- Although blinding of the RSA sign operation has a noticable speed loss, we better be on the safe site by using it by default. Signed-off-by: Werner Koch diff --git a/cipher/rsa.c b/cipher/rsa.c index cb3c464..ce8e215 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1045,7 +1045,48 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey ) } } +static void +secret_blinded (gcry_mpi_t output, gcry_mpi_t input, + RSA_secret_key *sk, unsigned int nbits) +{ + gcry_mpi_t r; /* Random number needed for blinding. */ + gcry_mpi_t ri; /* Modular multiplicative inverse of r. */ + gcry_mpi_t bldata; /* Blinded data to decrypt. */ + + /* First, we need a random number r between 0 and n - 1, which is + * relatively prime to n (i.e. it is neither p nor q). The random + * number needs to be only unpredictable, thus we employ the + * gcry_create_nonce function by using GCRY_WEAK_RANDOM with + * gcry_mpi_randomize. */ + r = mpi_snew (nbits); + ri = mpi_snew (nbits); + bldata = mpi_snew (nbits); + + do + { + _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM); + mpi_mod (r, r, sk->n); + } + while (!mpi_invm (ri, r, sk->n)); + + /* Do blinding. We calculate: y = (x * r^e) mod n, where r is the + * random number, e is the public exponent, x is the non-blinded + * input data and n is the RSA modulus. */ + mpi_powm (bldata, r, sk->e, sk->n); + mpi_mulm (bldata, bldata, input, sk->n); + /* Perform decryption. */ + secret (output, bldata, sk); + _gcry_mpi_release (bldata); + + /* Undo blinding. Here we calculate: y = (x * r^-1) mod n, where x + * is the blinded decrypted data, ri is the modular multiplicative + * inverse of r and n is the RSA modulus. */ + mpi_mulm (output, output, ri, sk->n); + + _gcry_mpi_release (r); + _gcry_mpi_release (ri); +} /********************************************* ************** interface ****************** @@ -1266,9 +1307,6 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) gcry_mpi_t data = NULL; RSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL, NULL}; gcry_mpi_t plain = NULL; - gcry_mpi_t r = NULL; /* Random number needed for blinding. */ - gcry_mpi_t ri = NULL; /* Modular multiplicative inverse of r. */ - gcry_mpi_t bldata = NULL;/* Blinded data to decrypt. */ unsigned char *unpad = NULL; size_t unpadlen = 0; @@ -1321,44 +1359,10 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* We use blinding by default to mitigate timing attacks which can be practically mounted over the network as shown by Brumley and Boney in 2003. */ - if (!(ctx.flags & PUBKEY_FLAG_NO_BLINDING)) - { - /* First, we need a random number r between 0 and n - 1, which - is relatively prime to n (i.e. it is neither p nor q). The - random number needs to be only unpredictable, thus we employ - the gcry_create_nonce function by using GCRY_WEAK_RANDOM with - gcry_mpi_randomize. */ - r = mpi_snew (ctx.nbits); - ri = mpi_snew (ctx.nbits); - bldata = mpi_snew (ctx.nbits); - - do - { - _gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); - mpi_mod (r, r, sk.n); - } - while (!mpi_invm (ri, r, sk.n)); - - /* Do blinding. We calculate: y = (x * r^e) mod n, where r is - the random number, e is the public exponent, x is the - non-blinded data and n is the RSA modulus. */ - mpi_powm (bldata, r, sk.e, sk.n); - mpi_mulm (bldata, bldata, data, sk.n); - - /* Perform decryption. */ - secret (plain, bldata, &sk); - _gcry_mpi_release (bldata); bldata = NULL; - - /* Undo blinding. Here we calculate: y = (x * r^-1) mod n, - where x is the blinded decrypted data, ri is the modular - multiplicative inverse of r and n is the RSA modulus. */ - mpi_mulm (plain, plain, ri, sk.n); - - _gcry_mpi_release (r); r = NULL; - _gcry_mpi_release (ri); ri = NULL; - } - else + if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING)) secret (plain, data, &sk); + else + secret_blinded (plain, data, &sk, ctx.nbits); if (DBG_CIPHER) log_printmpi ("rsa_decrypt res", plain); @@ -1403,9 +1407,6 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) _gcry_mpi_release (sk.q); _gcry_mpi_release (sk.u); _gcry_mpi_release (data); - _gcry_mpi_release (r); - _gcry_mpi_release (ri); - _gcry_mpi_release (bldata); sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) @@ -1461,7 +1462,10 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* Do RSA computation. */ sig = mpi_new (0); - secret (sig, data, &sk); + if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING)) + secret (sig, data, &sk); + else + secret_blinded (sig, data, &sk, ctx.nbits); if (DBG_CIPHER) log_printmpi ("rsa_sign res", sig); commit 82df6c63a72fdd969c3923523f10d0cef5713ac7 Author: Werner Koch Date: Fri Jun 3 15:15:36 2016 +0200 random: Remove debug output for getrandom(2) output. * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug output. -- Fixes-commit: ee5a32226a7ca4ab067864e06623fc11a1768900 Signed-off-by: Werner Koch diff --git a/random/rndlinux.c b/random/rndlinux.c index 592b9ac..f08c9f9 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -271,7 +271,6 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, log_fatal ("getrandom returned only" " %ld of %zu requested bytes\n", ret, nbytes); - log_debug ("getrandom returned %zu requested bytes\n", nbytes); (*add)(buffer, nbytes, origin); length -= nbytes; continue; /* until LENGTH is zero. */ ----------------------------------------------------------------------- Summary of changes: cipher/rsa.c | 92 +++++++++++++++++++++++++++++-------------------------- random/rndlinux.c | 1 - 2 files changed, 48 insertions(+), 45 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 3 20:43:20 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 03 Jun 2016 20:43:20 +0200 Subject: [git] gnupg-doc - branch, master, updated. 8a048ed744c11e2a27aceaa1f794f1bb7d1c996c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8a048ed744c11e2a27aceaa1f794f1bb7d1c996c (commit) from 1efd48af908ae6457f32d923f08d5b9024a7b521 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8a048ed744c11e2a27aceaa1f794f1bb7d1c996c Author: Werner Koch Date: Fri Jun 3 20:41:16 2016 +0200 web: Add an ad for OpenPGP.conf. diff --git a/web/index.org b/web/index.org index 7682c1d..be1f366 100644 --- a/web/index.org +++ b/web/index.org @@ -36,17 +36,29 @@ nicely integrated into an installer and features several frontends as well as English and German manuals. A simple Windows installer for the /modern/ version is available at our [[file:download/index.org][download]] page. -* Reconquer your privacy - -Even if you have nothing to hide, using encryption helps protect the -privacy of people you communicate with, and makes life difficult for -bulk surveillance systems. If you do have something important to hide, -you are in good company; GnuPG is one of the tools that Edward Snowden -used to uncover his secrets about the NSA. - -Please visit the [[https://emailselfdefense.fsf.org][Email Self-Defense]] site to learn how and why you -should use GnuPG for your electronic communication. If you need -printed leaflets check out [[https://fsfe.org/contribute/spreadtheword.html#gnupg-leaflet][FSFE?s GnuPG leaflet]]. +# * Reconquer your privacy +# +# Even if you have nothing to hide, using encryption helps protect the +# privacy of people you communicate with, and makes life difficult for +# bulk surveillance systems. If you do have something important to hide, +# you are in good company; GnuPG is one of the tools that Edward Snowden +# used to uncover the secrets of the NSA. +# +# Please visit the [[https://emailselfdefense.fsf.org][Email Self-Defense]] site to learn how and why you +# should use GnuPG for your electronic communication. If you need +# printed leaflets check out [[https://fsfe.org/contribute/spreadtheword.html#gnupg-leaflet][FSFE?s GnuPG leaflet]]. + + +* Join us for the first OpenPGP conference + +#+html: + +[[https://www.gnupg.org/conf/index.html][OpenPGP.conf]] is a conference for users and implementers of the OpenPGP +protocol, which is at the core of GnuPG. We meet in Cologne on +September 8 and 9. [[https://www.gnupg.org/conf/index.html][OpenPGP.conf]] is a place to meet, discuss, and +learn about latest developments of GnuPG and other OpenPGP aware +applications and what technical measures can be deployed to repel the +ever increasing trend to mass surveillance. * News ----------------------------------------------------------------------- Summary of changes: web/index.org | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 4 18:51:04 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 04 Jun 2016 18:51:04 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-49-g79b7a8a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 79b7a8a9e0d41b743ceaee20dc47294359fe0d44 (commit) from 8d976a6b07c5a356631791b46b590328c1451f31 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 79b7a8a9e0d41b743ceaee20dc47294359fe0d44 Author: Werner Koch Date: Sat Jun 4 18:45:37 2016 +0200 w32: Require --enable-build-timestamp for the BUILD_HOSTNAME. * configure.ac (BUILD_HOSTNAME): Set to "" bey default. * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Add --enable-build-timestamp. -- Debian-bug-id: 826309 Signed-off-by: Werner Koch diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index d286655..67ccbb4 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -448,7 +448,9 @@ speedo_pkg_libgcrypt_configure = --disable-static speedo_pkg_libksba_configure = --disable-static ifeq ($(TARGETOS),w32) -speedo_pkg_gnupg_configure = --enable-gpg2-is-gpg --disable-g13 --disable-ntbtls +speedo_pkg_gnupg_configure = \ + --enable-gpg2-is-gpg --disable-g13 --disable-ntbtls \ + --enable-build-timestamp else speedo_pkg_gnupg_configure = --disable-g13 endif diff --git a/configure.ac b/configure.ac index 07d728a..1b8a6fc 100644 --- a/configure.ac +++ b/configure.ac @@ -1776,12 +1776,13 @@ AC_ARG_ENABLE([build-timestamp], BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` else BUILD_TIMESTAMP="$enableval" - fi], - [BUILD_TIMESTAMP=""]) + fi + BUILD_HOSTNAME="$ac_hostname"], + [BUILD_TIMESTAMP="" + BUILD_HOSTNAME=""]) AC_SUBST(BUILD_TIMESTAMP) AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", [The time this package was configured for a build]) -BUILD_HOSTNAME="$ac_hostname" AC_SUBST(BUILD_HOSTNAME) ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 4 +++- configure.ac | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 6 15:01:01 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 06 Jun 2016 15:01:01 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-160-g8196edf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8196edf9ca5c8f2f02553e7f22d9c79dbd229882 (commit) via 26c3accc95ab77ddbe60db822e2938ad5f480d41 (commit) via 89eb0cd4d65bc033ed6342810b26232797482d64 (commit) via ae06f7c2fe0e49baeab5a827dc38ba8c57a6404c (commit) via 2055a63605207bbf3b5ce1aa7bf159e7b83e87e6 (commit) from bbf19124bbec9eb6298cef2914baae7ac74382fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8196edf9ca5c8f2f02553e7f22d9c79dbd229882 Author: Justus Winter Date: Mon Jun 6 13:11:15 2016 +0200 python: Wrap file-like objects on demand. * lang/python/gpgme.i (gpgme_data_t): Use new function to create wrapper objects if necessary, and deallocate them after the function call. * lang/python/helpers.c (object_to_gpgme_data_t): New function. * lang/python/helpers.h (object_to_gpgme_data_t): New prototype. * lang/python/tests/Makefile.am (pytests): Add new test. * lang/python/tests/t-idiomatic.py: New file. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index e3c761d..e369582 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -113,13 +113,17 @@ } // Special handling for references to our objects. -%typemap(in) gpgme_data_t DATAIN { +%typemap(in) gpgme_data_t DATAIN (PyObject *wrapper) { + /* If we create a temporary wrapper object, we will store it in + wrapperN, where N is $argnum. Here in this fragment, SWIG will + automatically append $argnum. */ + wrapper = NULL; if ($input == Py_None) $1 = NULL; else { PyObject *pypointer = NULL; - if((pypointer=object_to_gpgme_t($input, "$1_ltype", $argnum)) == NULL) + if((pypointer=object_to_gpgme_data_t($input, $argnum, &wrapper)) == NULL) return NULL; /* input = $input, 1 = $1, 1_descriptor = $1_descriptor */ @@ -135,6 +139,11 @@ } } +%typemap(freearg) gpgme_data_t DATAIN { + /* Free the temporary wrapper, if any. */ + Py_XDECREF(wrapper$argnum); +} + %apply gpgme_data_t DATAIN {gpgme_data_t plain, gpgme_data_t cipher, gpgme_data_t sig, gpgme_data_t signed_text, gpgme_data_t plaintext, gpgme_data_t keydata, diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 3ecbacc..7e1c1c3 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -180,6 +180,71 @@ object_to_gpgme_t(PyObject *input, const char *objtype, int argnum) return pypointer; } +/* Convert object to a pointer to gpgme type, version for data + objects. Constructs a wrapper Python on the fly e.g. for file-like + objects with a fileno method, returning it in WRAPPER. This object + must be de-referenced when no longer needed. */ +PyObject * +object_to_gpgme_data_t(PyObject *input, int argnum, PyObject **wrapper) +{ + static PyObject *Data = NULL; + PyObject *data = input; + PyObject *fd; + PyObject *result; + *wrapper = NULL; + + if (Data == NULL) { + PyObject *core; + PyObject *from_list = PyList_New(0); + core = PyImport_ImportModuleLevel("core", PyEval_GetGlobals(), + PyEval_GetLocals(), from_list, 1); + Py_XDECREF(from_list); + if (core) { + Data = PyDict_GetItemString(PyModule_GetDict(core), "Data"); + Py_XINCREF(Data); + } + else + return NULL; + } + + fd = PyObject_CallMethod(input, "fileno", NULL); + if (fd) { + /* File-like object with file number. */ + PyObject *args = NULL; + PyObject *kw = NULL; + + /* We don't need the fd, as we have no constructor accepting file + descriptors directly. */ + Py_DECREF(fd); + + args = PyTuple_New(0); + kw = PyDict_New(); + if (args == NULL || kw == NULL) + { + fail: + Py_XDECREF(args); + Py_XDECREF(kw); + return NULL; + } + + if (PyDict_SetItemString(kw, "file", input) < 0) + goto fail; + + *wrapper = PyObject_Call(Data, args, kw); + if (*wrapper == NULL) + goto fail; + + Py_DECREF(args); + Py_DECREF(kw); + data = *wrapper; + } + else + PyErr_Clear(); + + result = object_to_gpgme_t(data, "gpgme_data_t", argnum); + return result; +} + /* Callback support. */ diff --git a/lang/python/helpers.h b/lang/python/helpers.h index 952b31f..2450263 100644 --- a/lang/python/helpers.h +++ b/lang/python/helpers.h @@ -29,6 +29,8 @@ void pygpgme_exception_init(void); gpgme_error_t pygpgme_exception2code(void); PyObject *object_to_gpgme_t(PyObject *input, const char *objtype, int argnum); +PyObject *object_to_gpgme_data_t(PyObject *input, int argnum, + PyObject **wrapper); void pygpgme_clear_generic_cb(PyObject **cb); PyObject *pygpgme_raise_callback_exception(PyObject *self); diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 12db3a5..b51562c 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -46,7 +46,8 @@ py_tests = t-wrapper.py \ t-edit.py \ t-wait.py \ t-encrypt-large.py \ - t-file-name.py + t-file-name.py \ + t-idiomatic.py TESTS = $(top_srcdir)/tests/gpg/initial.test \ $(py_tests) \ diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py new file mode 100755 index 0000000..05a377e --- /dev/null +++ b/lang/python/tests/t-idiomatic.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python3 + +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +import os +import tempfile +from pyme import core, constants, errors +import support + +support.init_gpgme(constants.PROTOCOL_OpenPGP) +c = core.Context() + +# Demonstrate automatic wrapping of file-like objects with 'fileno' +# method. +with tempfile.TemporaryFile() as source, \ + tempfile.TemporaryFile() as signed, \ + tempfile.TemporaryFile() as sink: + source.write(b"Hallo Leute\n") + source.seek(0, os.SEEK_SET) + + c.op_sign(source, signed, constants.SIG_MODE_NORMAL) + signed.seek(0, os.SEEK_SET) + c.op_verify(signed, None, sink) + result = c.op_verify_result() + + assert len(result.signatures) == 1, "Unexpected number of signatures" + sig = result.signatures[0] + assert sig.summary == 0 + assert errors.GPGMEError(sig.status).getcode() == errors.NO_ERROR + + sink.seek(0, os.SEEK_SET) + assert sink.read() == b"Hallo Leute\n" commit 26c3accc95ab77ddbe60db822e2938ad5f480d41 Author: Justus Winter Date: Thu Jun 2 17:14:53 2016 +0200 python: Move helper function. * lang/python/gpgme.i (object_to_gpgme_t): Move... * lang/python/helpers.c: ... here. * lang/python/helpers.h (object_to_gpgme_t): New prototype. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 0d1322c..e3c761d 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -79,37 +79,6 @@ %typemap(newfree) char * "free($1);"; %newobject gpgme_data_release_and_get_mem; -%{ -/* Convert object to a pointer to gpgme type */ -PyObject* object_to_gpgme_t(PyObject* input, const char* objtype, int argnum) { - PyObject *pyname = NULL, *pypointer = NULL; - pyname = PyObject_CallMethod(input, "_getctype", NULL); - if (pyname && PyUnicode_Check(pyname)) - { - if (strcmp(PyUnicode_AsUTF8(pyname), objtype) != 0) - { - PyErr_Format(PyExc_TypeError, - "arg %d: Expected value of type %s, but got %s", - argnum, objtype, PyUnicode_AsUTF8(pyname)); - Py_DECREF(pyname); - return NULL; - } - } - else - return NULL; - - Py_DECREF(pyname); - pypointer = PyObject_GetAttrString(input, "wrapped"); - if (pypointer == NULL) { - PyErr_Format(PyExc_TypeError, - "arg %d: Use of uninitialized Python object %s", - argnum, objtype); - return NULL; - } - return pypointer; -} -%} - %typemap(arginit) gpgme_key_t [] { $1 = NULL; } diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 4b6ac31..3ecbacc 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -146,7 +146,43 @@ PyObject *pygpgme_raise_callback_exception(PyObject *self) return Py_None; } #undef EXCINFO + +/* Argument conversion. */ + +/* Convert object to a pointer to gpgme type, generic version. */ +PyObject * +object_to_gpgme_t(PyObject *input, const char *objtype, int argnum) +{ + PyObject *pyname = NULL, *pypointer = NULL; + pyname = PyObject_CallMethod(input, "_getctype", NULL); + if (pyname && PyUnicode_Check(pyname)) + { + if (strcmp(PyUnicode_AsUTF8(pyname), objtype) != 0) + { + PyErr_Format(PyExc_TypeError, + "arg %d: Expected value of type %s, but got %s", + argnum, objtype, PyUnicode_AsUTF8(pyname)); + Py_DECREF(pyname); + return NULL; + } + } + else + return NULL; + + Py_DECREF(pyname); + pypointer = PyObject_GetAttrString(input, "wrapped"); + if (pypointer == NULL) { + PyErr_Format(PyExc_TypeError, + "arg %d: Use of uninitialized Python object %s", + argnum, objtype); + return NULL; + } + return pypointer; +} + + +/* Callback support. */ static gpgme_error_t pyPassphraseCb(void *hook, const char *uid_hint, const char *passphrase_info, diff --git a/lang/python/helpers.h b/lang/python/helpers.h index 1bfcaa6..952b31f 100644 --- a/lang/python/helpers.h +++ b/lang/python/helpers.h @@ -28,6 +28,8 @@ void pygpgme_exception_init(void); gpgme_error_t pygpgme_exception2code(void); +PyObject *object_to_gpgme_t(PyObject *input, const char *objtype, int argnum); + void pygpgme_clear_generic_cb(PyObject **cb); PyObject *pygpgme_raise_callback_exception(PyObject *self); commit 89eb0cd4d65bc033ed6342810b26232797482d64 Author: Justus Winter Date: Thu Jun 2 15:32:35 2016 +0200 python: Fix error handling. * lang/python/gpgme.i (object_to_gpgme_t): Properly propagate exceptions. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 4c020ff..0d1322c 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -96,14 +96,7 @@ PyObject* object_to_gpgme_t(PyObject* input, const char* objtype, int argnum) { } } else - { - PyErr_Format(PyExc_TypeError, - "Protocol violation: Expected an instance of type str " - "from _getctype, but got %s", - pyname == NULL ? "NULL" - : (pyname == Py_None ? "None" : pyname->ob_type->tp_name)); - return NULL; - } + return NULL; Py_DECREF(pyname); pypointer = PyObject_GetAttrString(input, "wrapped"); commit ae06f7c2fe0e49baeab5a827dc38ba8c57a6404c Author: Justus Winter Date: Thu Jun 2 15:18:40 2016 +0200 python: Initialize GPGME for the user. * lang/python/pyme/core.py: Call 'check_version' and explain why. * lang/python/tests/support.py (init_gpgme): Drop call here. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 8deeb90..71c6828 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -572,6 +572,12 @@ def get_protocol_name(proto): def check_version(version=None): return pygpgme.gpgme_check_version(version) +# check_version also makes sure that several subsystems are properly +# initialized, and it must be run at least once before invoking any +# other function. We do it here so that the user does not have to do +# it unless she really wants to check for a certain version. +check_version() + def engine_check_version (proto): try: errorcheck(pygpgme.gpgme_engine_check_version(proto)) diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index 99d96cf..8bafea8 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -23,7 +23,6 @@ def make_filename(name): return os.path.join(os.environ['top_srcdir'], 'tests', 'gpg', name) def init_gpgme(proto): - core.check_version() core.engine_check_version(proto) verbose = int(os.environ.get('verbose', 0)) > 1 commit 2055a63605207bbf3b5ce1aa7bf159e7b83e87e6 Author: Justus Winter Date: Mon Jun 6 14:12:09 2016 +0200 python: Drop obsolete VCS keywords. -- Signed-off-by: Justus Winter diff --git a/lang/python/examples/delkey.py b/lang/python/examples/delkey.py index 773b262..3fb71eb 100755 --- a/lang/python/examples/delkey.py +++ b/lang/python/examples/delkey.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2004,2008 Igor Belyi # # This program is free software; you can redistribute it and/or diff --git a/lang/python/examples/encrypt-to-all.py b/lang/python/examples/encrypt-to-all.py index 331933e..5e12676 100755 --- a/lang/python/examples/encrypt-to-all.py +++ b/lang/python/examples/encrypt-to-all.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2008 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/examples/exportimport.py b/lang/python/examples/exportimport.py index 6c7d5b8..d0e1fa8 100755 --- a/lang/python/examples/exportimport.py +++ b/lang/python/examples/exportimport.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2004,2008 Igor Belyi # # This program is free software; you can redistribute it and/or diff --git a/lang/python/examples/genkey.py b/lang/python/examples/genkey.py index bc70833..d5a88a7 100755 --- a/lang/python/examples/genkey.py +++ b/lang/python/examples/genkey.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/examples/inter-edit.py b/lang/python/examples/inter-edit.py index f00928b..dcb47c2 100644 --- a/lang/python/examples/inter-edit.py +++ b/lang/python/examples/inter-edit.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2005 Igor Belyi # # This program is free software; you can redistribute it and/or modify diff --git a/lang/python/examples/sign.py b/lang/python/examples/sign.py index ca43958..b6a1d3c 100755 --- a/lang/python/examples/sign.py +++ b/lang/python/examples/sign.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2002 John Goerzen # # diff --git a/lang/python/examples/signverify.py b/lang/python/examples/signverify.py index 292deee..6a63112 100755 --- a/lang/python/examples/signverify.py +++ b/lang/python/examples/signverify.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2004,2008 Igor Belyi # # This program is free software; you can redistribute it and/or modify diff --git a/lang/python/examples/simple.py b/lang/python/examples/simple.py index faa0f4c..29a4449 100755 --- a/lang/python/examples/simple.py +++ b/lang/python/examples/simple.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2005 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/examples/t-edit.py b/lang/python/examples/t-edit.py index 5c35f96..4a3b8ac 100644 --- a/lang/python/examples/t-edit.py +++ b/lang/python/examples/t-edit.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2005 Igor Belyi # # This program is free software; you can redistribute it and/or modify diff --git a/lang/python/examples/verifydetails.py b/lang/python/examples/verifydetails.py index 0aa6f15..99e5e0a 100755 --- a/lang/python/examples/verifydetails.py +++ b/lang/python/examples/verifydetails.py @@ -6,7 +6,6 @@ # added output of signature.summary (another bitfield) # printing signature bitfield in hex format # -# $Id$ # # Copyright (C) 2004,2008 Igor Belyi # Copyright (c) 2008 Bernhard Reiter diff --git a/lang/python/gpgme-h-clean.py b/lang/python/gpgme-h-clean.py index 5313a83..261e7b6 100755 --- a/lang/python/gpgme-h-clean.py +++ b/lang/python/gpgme-h-clean.py @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# $Id$ # Copyright (C) 2004,2008 Igor Belyi # # This library is free software; you can redistribute it and/or diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 87fe90d..4c020ff 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -1,5 +1,4 @@ /* -# $Id$ # Copyright (C) 2004,2008 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 4bbc298..4b6ac31 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -1,5 +1,4 @@ /* -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/helpers.h b/lang/python/helpers.h index 8b90008..1bfcaa6 100644 --- a/lang/python/helpers.h +++ b/lang/python/helpers.h @@ -1,5 +1,4 @@ /* -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/__init__.py b/lang/python/pyme/__init__.py index 7716e51..d06866a 100644 --- a/lang/python/pyme/__init__.py +++ b/lang/python/pyme/__init__.py @@ -1,4 +1,3 @@ -# $Id$ """ Pyme: GPGME Interface for Python Copyright (C) 2004 Igor Belyi diff --git a/lang/python/pyme/callbacks.py b/lang/python/pyme/callbacks.py index 3a507b9..09f8226 100644 --- a/lang/python/pyme/callbacks.py +++ b/lang/python/pyme/callbacks.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/__init__.py b/lang/python/pyme/constants/__init__.py index b557da8..2e91d76 100644 --- a/lang/python/pyme/constants/__init__.py +++ b/lang/python/pyme/constants/__init__.py @@ -1,4 +1,3 @@ -# $Id$ from pyme import util util.process_constants('GPGME_', globals()) diff --git a/lang/python/pyme/constants/data/__init__.py b/lang/python/pyme/constants/data/__init__.py index f172e0c..ed7b67b 100644 --- a/lang/python/pyme/constants/data/__init__.py +++ b/lang/python/pyme/constants/data/__init__.py @@ -1,4 +1,3 @@ -# $Id$ from . import encoding __all__ = ['encoding'] diff --git a/lang/python/pyme/constants/data/encoding.py b/lang/python/pyme/constants/data/encoding.py index d1485ad..ac6079c 100644 --- a/lang/python/pyme/constants/data/encoding.py +++ b/lang/python/pyme/constants/data/encoding.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/event.py b/lang/python/pyme/constants/event.py index 1a4fac6..3ce234e 100644 --- a/lang/python/pyme/constants/event.py +++ b/lang/python/pyme/constants/event.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/import.py b/lang/python/pyme/constants/import.py index 628177d..a824f7b 100644 --- a/lang/python/pyme/constants/import.py +++ b/lang/python/pyme/constants/import.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/keylist/__init__.py b/lang/python/pyme/constants/keylist/__init__.py index 2f2152a..8752bb2 100644 --- a/lang/python/pyme/constants/keylist/__init__.py +++ b/lang/python/pyme/constants/keylist/__init__.py @@ -1,4 +1,3 @@ -# $Id$ from . import mode __all__ = ['mode'] diff --git a/lang/python/pyme/constants/keylist/mode.py b/lang/python/pyme/constants/keylist/mode.py index 137ce17..7c3cd09 100644 --- a/lang/python/pyme/constants/keylist/mode.py +++ b/lang/python/pyme/constants/keylist/mode.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/md.py b/lang/python/pyme/constants/md.py index 2db01a5..700d872 100644 --- a/lang/python/pyme/constants/md.py +++ b/lang/python/pyme/constants/md.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/pk.py b/lang/python/pyme/constants/pk.py index 5f39235..f0e3937 100644 --- a/lang/python/pyme/constants/pk.py +++ b/lang/python/pyme/constants/pk.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/protocol.py b/lang/python/pyme/constants/protocol.py index 3d3c790..e9f9a48 100644 --- a/lang/python/pyme/constants/protocol.py +++ b/lang/python/pyme/constants/protocol.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/sig/__init__.py b/lang/python/pyme/constants/sig/__init__.py index 2f2152a..8752bb2 100644 --- a/lang/python/pyme/constants/sig/__init__.py +++ b/lang/python/pyme/constants/sig/__init__.py @@ -1,4 +1,3 @@ -# $Id$ from . import mode __all__ = ['mode'] diff --git a/lang/python/pyme/constants/sig/mode.py b/lang/python/pyme/constants/sig/mode.py index fa090ab..631bd7c 100644 --- a/lang/python/pyme/constants/sig/mode.py +++ b/lang/python/pyme/constants/sig/mode.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/sigsum.py b/lang/python/pyme/constants/sigsum.py index 7be40ae..5164347 100644 --- a/lang/python/pyme/constants/sigsum.py +++ b/lang/python/pyme/constants/sigsum.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/status.py b/lang/python/pyme/constants/status.py index 60c0c90..c1859b2 100644 --- a/lang/python/pyme/constants/status.py +++ b/lang/python/pyme/constants/status.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/constants/validity.py b/lang/python/pyme/constants/validity.py index 9590b27..fde2eee 100644 --- a/lang/python/pyme/constants/validity.py +++ b/lang/python/pyme/constants/validity.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index cc262c9..8deeb90 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004,2008 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/errors.py b/lang/python/pyme/errors.py index f716421..f96877b 100644 --- a/lang/python/pyme/errors.py +++ b/lang/python/pyme/errors.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/util.py b/lang/python/pyme/util.py index d52cd1f..5527a1a 100644 --- a/lang/python/pyme/util.py +++ b/lang/python/pyme/util.py @@ -1,4 +1,3 @@ -# $Id$ # Copyright (C) 2004,2008 Igor Belyi # Copyright (C) 2002 John Goerzen # diff --git a/lang/python/pyme/version.py b/lang/python/pyme/version.py index 3dd8d3a..b60f50c 100644 --- a/lang/python/pyme/version.py +++ b/lang/python/pyme/version.py @@ -1,4 +1,3 @@ -# $Id$ productname = 'pyme' versionstr = "0.9.1" diff --git a/lang/python/setup.py b/lang/python/setup.py index 374df5d..0d90403 100755 --- a/lang/python/setup.py +++ b/lang/python/setup.py @@ -1,6 +1,5 @@ #!/usr/bin/env python3 -# $Id$ # Module: installer # COPYRIGHT # ----------------------------------------------------------------------- Summary of changes: lang/python/examples/delkey.py | 1 - lang/python/examples/encrypt-to-all.py | 1 - lang/python/examples/exportimport.py | 1 - lang/python/examples/genkey.py | 1 - lang/python/examples/inter-edit.py | 1 - lang/python/examples/sign.py | 1 - lang/python/examples/signverify.py | 1 - lang/python/examples/simple.py | 1 - lang/python/examples/t-edit.py | 1 - lang/python/examples/verifydetails.py | 1 - lang/python/gpgme-h-clean.py | 1 - lang/python/gpgme.i | 52 +++--------- lang/python/helpers.c | 102 +++++++++++++++++++++++- lang/python/helpers.h | 5 +- lang/python/pyme/__init__.py | 1 - lang/python/pyme/callbacks.py | 1 - lang/python/pyme/constants/__init__.py | 1 - lang/python/pyme/constants/data/__init__.py | 1 - lang/python/pyme/constants/data/encoding.py | 1 - lang/python/pyme/constants/event.py | 1 - lang/python/pyme/constants/import.py | 1 - lang/python/pyme/constants/keylist/__init__.py | 1 - lang/python/pyme/constants/keylist/mode.py | 1 - lang/python/pyme/constants/md.py | 1 - lang/python/pyme/constants/pk.py | 1 - lang/python/pyme/constants/protocol.py | 1 - lang/python/pyme/constants/sig/__init__.py | 1 - lang/python/pyme/constants/sig/mode.py | 1 - lang/python/pyme/constants/sigsum.py | 1 - lang/python/pyme/constants/status.py | 1 - lang/python/pyme/constants/validity.py | 1 - lang/python/pyme/core.py | 7 +- lang/python/pyme/errors.py | 1 - lang/python/pyme/util.py | 1 - lang/python/pyme/version.py | 1 - lang/python/setup.py | 1 - lang/python/tests/Makefile.am | 3 +- lang/python/tests/support.py | 1 - lang/python/tests/{t-wait.py => t-idiomatic.py} | 37 +++++---- 39 files changed, 145 insertions(+), 94 deletions(-) copy lang/python/tests/{t-wait.py => t-idiomatic.py} (53%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 6 16:05:25 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 06 Jun 2016 16:05:25 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-51-gb047388 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b047388d57443f584f1c1d6333aac5218b685042 (commit) via e792eb1bb4e565e0461cffde205623f904b5815b (commit) from 79b7a8a9e0d41b743ceaee20dc47294359fe0d44 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b047388d57443f584f1c1d6333aac5218b685042 Author: Werner Koch Date: Mon Jun 6 16:00:50 2016 +0200 gpg: Implement --keyid-format=none. * g10/gpg.c (main): Add option "none" to --keyid-format. * g10/options.h (KF_NONE): New. * g10/keyid.c (format_keyid): Implement that. (keystr): Use format "long" is KF_NONE is in use. (keystr_with_sub): Ditto. * g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE. Factor some code out to ... (print_key_line): new. (print_fingerprint): Add mode 20. * g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by flags.primary in the PK. Fix putting a " revoked..." string into the colons format. * g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This slightly changes the putput format. * g10/revoke.c (gen_standard_revoke): Use print_key_line. This may also put "expires: " into the output. -- Due to user experience problems with the keyid and we better allow to show the fingerprint instead. Note that we do not support v3 keys anymore and thus there is no technical need for a user to know the keyid. GnuPG-bug-id: 2379 Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 4559958..f190581 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1679,13 +1679,14 @@ mechanisms, in the order they are to be tried: @end table - at item --keyid-format @code{short|0xshort|long|0xlong} + at item --keyid-format @code{none|short|0xshort|long|0xlong} @opindex keyid-format -Select how to display key IDs. "short" is the traditional 8-character -key ID. "long" is the more accurate (but less convenient) -16-character key ID. Add an "0x" to either to include an "0x" at the -beginning of the key ID, as in 0x99242560. Note that this option is -ignored if the option --with-colons is used. +Select how to display key IDs. "none" does not show the key ID at all +but shows the fingerprint in a separate line. "short" is the +traditional 8-character key ID. "long" is the more accurate (but less +convenient) 16-character key ID. Add an "0x" to either to include an +"0x" at the beginning of the key ID, as in 0x99242560. Note that this +option is ignored if the option @option{--with-colons} is used. @item --keyserver @code{name} @opindex keyserver diff --git a/g10/gpg.c b/g10/gpg.c index b193fcd..d0be4ba 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3256,6 +3256,8 @@ main (int argc, char **argv) opt.keyid_format=KF_0xSHORT; else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0) opt.keyid_format=KF_0xLONG; + else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0) + opt.keyid_format = KF_NONE; else log_error("unknown keyid-format '%s'\n",pargs.r.ret_str); break; diff --git a/g10/keyid.c b/g10/keyid.c index bd808d2..20efa01 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -337,6 +337,11 @@ format_keyid (u32 *keyid, int format, char *buffer, int len) switch (format) { + case KF_NONE: + if (len) + *buffer = 0; + break; + case KF_SHORT: snprintf (buffer, len, "%08lX", (ulong)keyid[1]); break; @@ -401,22 +406,32 @@ const char * keystr (u32 *keyid) { static char keyid_str[KEYID_STR_SIZE]; - return format_keyid (keyid, opt.keyid_format, keyid_str, sizeof (keyid_str)); -} + int format = opt.keyid_format; + if (format == KF_NONE) + format = KF_LONG; + return format_keyid (keyid, format, keyid_str, sizeof (keyid_str)); +} + +/* This function returns the key id of the main and possible the + * subkey as one string. It is used by error messages. */ const char * keystr_with_sub (u32 *main_kid, u32 *sub_kid) { static char buffer[KEYID_STR_SIZE+1+KEYID_STR_SIZE]; char *p; + int format = opt.keyid_format; + + if (format == KF_NONE) + format = KF_LONG; - mem2str (buffer, keystr (main_kid), KEYID_STR_SIZE); + format_keyid (main_kid, format, buffer, KEYID_STR_SIZE); if (sub_kid) { p = buffer + strlen (buffer); *p++ = '/'; - mem2str (p, keystr (sub_kid), KEYID_STR_SIZE); + format_keyid (sub_kid, format, p, KEYID_STR_SIZE); } return buffer; } diff --git a/g10/keylist.c b/g10/keylist.c index 2a1ef2e..abd5ffa 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1022,10 +1022,8 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, KBNODE node; PKT_public_key *pk; int skip_sigs = 0; - int s2k_char; char *hexgrip = NULL; char *serialno = NULL; - char pkstrbuf[PUBKEY_STRING_SIZE]; /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); @@ -1047,62 +1045,19 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, if (secret) { + /* Encode some info about the secret key in SECRET. */ if (!agent_get_keyinfo (NULL, hexgrip, &serialno)) - s2k_char = serialno? '>':' '; + secret = serialno? 3 : 1; else - s2k_char = '#'; /* Key not found. */ + secret = 2; /* Key not found. */ } - else - s2k_char = ' '; check_trustdb_stale (ctrl); + /* Print the "pub" line and in KF_NONE mode the fingerprint. */ + print_key_line (es_stdout, pk, secret); - es_fprintf (es_stdout, "%s%c %s/%s %s", - secret? "sec":"pub", - s2k_char, - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr_from_pk (pk), datestr_from_pk (pk)); - - if ((opt.list_options & LIST_SHOW_USAGE)) - { - es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk, 0)); - } - if (pk->flags.revoked) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk)); - es_fprintf (es_stdout, "]"); - } - else if (pk->has_expired) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk)); - es_fprintf (es_stdout, "]"); - } - else if (pk->expiredate) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk)); - es_fprintf (es_stdout, "]"); - } - -#if 0 - /* I need to think about this some more. It's easy enough to - include, but it looks sort of confusing in the listing... */ - if (opt.list_options & LIST_SHOW_VALIDITY) - { - int validity = get_validity (ctrl, pk, NULL, NULL, 0); - es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity)); - } -#endif - - if (pk->pubkey_algo >= 100) - es_fprintf (es_stdout, " [experimental algorithm %d]", pk->pubkey_algo); - - es_fprintf (es_stdout, "\n"); - - if (fpr) + if (fpr && opt.keyid_format != KF_NONE) print_fingerprint (NULL, pk, 0); if (opt.with_keygrip && hexgrip) @@ -1120,6 +1075,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, { PKT_user_id *uid = node->pkt->pkt.user_id; int indent; + int kl = opt.keyid_format == KF_NONE? 10 : keystrlen (); if ((uid->is_expired || uid->is_revoked) && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS)) @@ -1139,7 +1095,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, const char *validity; validity = uid_trust_string_fixed (ctrl, pk, uid); - indent = ((keystrlen () + (opt.legacy_list_mode? 9:11)) + indent = ((kl + (opt.legacy_list_mode? 9:11)) - atoi (uid_trust_string_fixed (ctrl, NULL, NULL))); if (indent < 0 || indent > 40) indent = 0; @@ -1148,7 +1104,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, } else { - indent = keystrlen () + (opt.legacy_list_mode? 10:12); + indent = kl + (opt.legacy_list_mode? 10:12); es_fprintf (es_stdout, "uid%*s", indent, ""); } @@ -1205,42 +1161,13 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, if (secret) { if (!agent_get_keyinfo (NULL, hexgrip, &serialno)) - s2k_char = serialno? '>':' '; + secret = serialno? 3 : 1; else - s2k_char = '#'; /* Key not found. */ + secret = '2'; /* Key not found. */ } - else - s2k_char = ' '; - - es_fprintf (es_stdout, "%s%c %s/%s %s", - secret? "ssb":"sub", - s2k_char, - pubkey_string (pk2, pkstrbuf, sizeof pkstrbuf), - keystr_from_pk (pk2), datestr_from_pk (pk2)); - if ((opt.list_options & LIST_SHOW_USAGE)) - { - es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk2, 0)); - } - if (pk2->flags.revoked) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk2)); - es_fprintf (es_stdout, "]"); - } - else if (pk2->has_expired) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("expired: %s"), expirestr_from_pk (pk2)); - es_fprintf (es_stdout, "]"); - } - else if (pk2->expiredate) - { - es_fprintf (es_stdout, " ["); - es_fprintf (es_stdout, _("expires: %s"), expirestr_from_pk (pk2)); - es_fprintf (es_stdout, "]"); - } - es_putc ('\n', es_stdout); + /* Print the "sub" line. */ + print_key_line (es_stdout, pk2, secret); if (fpr > 1) { print_fingerprint (NULL, pk2, 0); @@ -1861,6 +1788,7 @@ print_icao_hexdigit (estream_t fp, int c) * 3: direct use of tty but only primary key. * 4: direct use of tty but only subkey. * 10: Same as 0 but with_colons etc is ignored. + * 20: Same as 0 but using a compact format. * * Modes 1 and 2 will try and print both subkey and primary key * fingerprints. A MODE with bit 7 set is used internally. If @@ -1878,6 +1806,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) int primary = 0; int with_colons = opt.with_colons; int with_icao = opt.with_icao_spelling; + int compact = 0; if (mode == 10) { @@ -1885,6 +1814,12 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) with_colons = 0; with_icao = 0; } + else if (mode == 20) + { + mode = 0; + with_colons = 0; + compact = 1; + } if (pk->main_keyid[0] == pk->keyid[0] && pk->main_keyid[1] == pk->keyid[1]) @@ -1946,6 +1881,10 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) { es_fprintf (fp, "fpr:::::::::%s:", hexfpr); } + else if (compact) + { + tty_fprintf (fp, "%*s%s", 6, "", hexfpr); + } else { char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1]; @@ -1997,6 +1936,75 @@ print_card_serialno (const char *serialno) } +/* Print a public or secret (sub)key line. Example: + * + * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31] + * 80615870F5BAD690333686D0F2AD85AC1E42B367 + * + * Some global options may result in a different output format. If + * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and + * depending on the value a flag character is shown: + * + * 1 := ' ' Regular secret key + * 2 := '#' Stub secret key + * 3 := '>' Secret key is on a token. + */ +void +print_key_line (estream_t fp, PKT_public_key *pk, int secret) +{ + char pkstrbuf[PUBKEY_STRING_SIZE]; + + tty_fprintf (fp, "%s%c %s", + pk->flags.primary? (secret? "sec":"pub") + /**/ : (secret? "ssb":"sub"), + secret == 2? '#' : secret == 3? '>' : ' ', + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf)); + if (opt.keyid_format != KF_NONE) + tty_fprintf (fp, "/%s", keystr_from_pk (pk)); + tty_fprintf (fp, " %s", datestr_from_pk (pk)); + + if ((opt.list_options & LIST_SHOW_USAGE)) + { + tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0)); + } + if (pk->flags.revoked) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + else if (pk->has_expired) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + else if (pk->expiredate) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + +#if 0 + /* I need to think about this some more. It's easy enough to + include, but it looks sort of confusing in the listing... */ + if (opt.list_options & LIST_SHOW_VALIDITY) + { + int validity = get_validity (ctrl, pk, NULL, NULL, 0); + tty_fprintf (fp, " [%s]", trust_value_to_string (validity)); + } +#endif + + if (pk->pubkey_algo >= 100) + tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo); + + tty_fprintf (fp, "\n"); + + if (pk->flags.primary && opt.keyid_format == KF_NONE) + print_fingerprint (fp, pk, 20); +} + void set_attrib_fd (int fd) diff --git a/g10/main.h b/g10/main.h index 46b4ead..bda0bc1 100644 --- a/g10/main.h +++ b/g10/main.h @@ -426,6 +426,7 @@ char *format_seckey_info (PKT_public_key *pk); void print_seckey_info (PKT_public_key *pk); void print_pubkey_info (estream_t fp, PKT_public_key *pk); void print_card_key_info (estream_t fp, KBNODE keyblock); +void print_key_line (estream_t fp, PKT_public_key *pk, int secret); /*-- verify.c --*/ void print_file_status( int status, const char *name, int what ); diff --git a/g10/mainproc.c b/g10/mainproc.c index a2bfae3..15dc4b9 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -985,13 +985,10 @@ print_userid (PACKET *pkt) static void list_node (CTX c, kbnode_t node) { - int mainkey; - char pkstrbuf[PUBKEY_STRING_SIZE]; - if (!node) ; - else if ((mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY)) - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + else if (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { PKT_public_key *pk = node->pkt->pkt.public_key; @@ -1000,10 +997,10 @@ list_node (CTX c, kbnode_t node) u32 keyid[2]; keyid_from_pk( pk, keyid ); - if (mainkey) + if (pk->flags.primary) c->trustletter = (opt.fast_list_mode? 0 : get_validity_info (c->ctrl, pk, NULL)); - es_printf ("%s:", mainkey? "pub":"sub" ); + es_printf ("%s:", pk->flags.primary? "pub":"sub" ); if (c->trustletter) es_putc (c->trustletter, es_stdout); es_printf (":%u:%d:%08lX%08lX:%s:%s::", @@ -1012,33 +1009,19 @@ list_node (CTX c, kbnode_t node) (ulong)keyid[0],(ulong)keyid[1], colon_datestr_from_pk( pk ), colon_strtime (pk->expiredate) ); - if (mainkey && !opt.fast_list_mode) + if (pk->flags.primary && !opt.fast_list_mode) es_putc (get_ownertrust_info (pk), es_stdout); es_putc (':', es_stdout); + es_putc ('\n', es_stdout); } else - es_printf ("%s %s/%s %s", - mainkey? "pub":"sub", - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr_from_pk (pk), - datestr_from_pk (pk)); - - if (pk->flags.revoked) { - es_printf (" ["); - es_printf (_("revoked: %s"), revokestr_from_pk (pk)); - es_printf ("]\n"); + print_key_line (es_stdout, pk, 0); } - else if( pk->expiredate && !opt.with_colons) - { - es_printf (" ["); - es_printf (_("expires: %s"), expirestr_from_pk (pk)); - es_printf ("]\n"); - } - else - es_putc ('\n', es_stdout); - if ((mainkey && opt.fingerprint) || opt.fingerprint > 1) + if (opt.keyid_format == KF_NONE && !opt.with_colons) + ; /* Already printed. */ + else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1) print_fingerprint (NULL, pk, 0); if (opt.with_colons) @@ -1048,8 +1031,10 @@ list_node (CTX c, kbnode_t node) node->next->pkt->pkt.ring_trust->trustval); } - if (mainkey) + if (pk->flags.primary) { + int kl = opt.keyid_format == KF_NONE? 0 : keystrlen (); + /* Now list all userids with their signatures. */ for (node = node->next; node; node = node->next) { @@ -1064,7 +1049,7 @@ list_node (CTX c, kbnode_t node) node->pkt->pkt.user_id->attrib_data?"uat":"uid"); else es_printf ("uid%*s", - (int)keystrlen ()+(opt.legacy_list_mode? 9:11), + kl + (opt.legacy_list_mode? 9:11), "" ); print_userid (node->pkt); if (opt.with_colons) @@ -1086,7 +1071,7 @@ list_node (CTX c, kbnode_t node) } } } - else if ((mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) ) + else if (node->pkt->pkttype == PKT_SECRET_KEY || node->pkt->pkttype == PKT_SECRET_SUBKEY) { @@ -1719,7 +1704,7 @@ check_sig_and_print (CTX c, kbnode_t node) { log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp)); log_info (_(" using %s key %s\n"), - astr? astr: "?",keystr(sig->keyid)); + astr? astr: "?", keystr(sig->keyid)); } else log_info (_("Signature made %s using %s key ID %s\n"), diff --git a/g10/options.h b/g10/options.h index 0de0418..55f974a 100644 --- a/g10/options.h +++ b/g10/options.h @@ -137,7 +137,7 @@ struct } compliance; enum { - KF_DEFAULT, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG + KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG } keyid_format; int shm_coprocess; const char *set_filename; diff --git a/g10/pkclist.c b/g10/pkclist.c index f284107..8efa954 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -189,7 +189,6 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode, int min_num; int did_help=defer_help; unsigned int minimum = tdb_get_min_ownertrust (pk); - char pkstrbuf[PUBKEY_STRING_SIZE]; switch(minimum) { @@ -222,13 +221,12 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode, { KBNODE keyblock, un; - tty_printf(_("No trust value assigned to:\n")); - tty_printf("%s/%s %s\n", - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr(keyid), datestr_from_pk( pk ) ); - p=get_user_id_native(keyid); - tty_printf(_(" \"%s\"\n"),p); - xfree(p); + tty_printf (_("No trust value assigned to:\n")); + print_key_line (NULL, pk, 0); + + p = get_user_id_native(keyid); + tty_printf (_(" \"%s\"\n"),p); + xfree (p); keyblock = get_pubkeyblock (keyid); if (!keyblock) diff --git a/g10/revoke.c b/g10/revoke.c index 3c6e158..33dac5b 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -530,7 +530,7 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce) void *leadin; size_t len; u32 keyid[2]; - char pkstrbuf[PUBKEY_STRING_SIZE]; + int kl; char *orig_codeset; dir = get_openpgp_revocdir (opt.homedir); @@ -550,16 +550,16 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce) es_fprintf (memfp, "%s\n\n", _("This is a revocation certificate for the OpenPGP key:")); - es_fprintf (memfp, "pub %s/%s %s\n", - pubkey_string (psk, pkstrbuf, sizeof pkstrbuf), - keystr (keyid), - datestr_from_pk (psk)); + print_key_line (memfp, psk, 0); - print_fingerprint (memfp, psk, 3); + if (opt.keyid_format != KF_NONE) + print_fingerprint (memfp, psk, 3); + + kl = opt.keyid_format == KF_NONE? 0 : keystrlen (); tmpstr = get_user_id (keyid, &len); es_fprintf (memfp, "uid%*s%.*s\n\n", - (int)keystrlen () + 10, "", + kl + 10, "", (int)len, tmpstr); xfree (tmpstr); commit e792eb1bb4e565e0461cffde205623f904b5815b Author: Werner Koch Date: Mon Jun 6 12:24:53 2016 +0200 indent: Wrap strings in debug messages. -- diff --git a/g10/keyedit.c b/g10/keyedit.c index a38c90a..e9ec7e2 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -572,7 +572,8 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) sig = n->pkt->pkt.signature; - pending_desc = xasprintf (" sig: class: 0x%x, issuer: %s, timestamp: %s (%lld), digest: %02x %02x", + pending_desc = xasprintf (" sig: class: 0x%x, issuer: %s," + " timestamp: %s (%lld), digest: %02x %02x", sig->sig_class, keystr (sig->keyid), isotimestamp (sig->timestamp), @@ -598,8 +599,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) { if (pending_desc) log_debug ("%s", pending_desc); - log_debug (" Can't check signature allegedly issued by %s: %s\n", - keystr (sig->keyid), gpg_strerror (err)); + log_debug (" Can't check signature allegedly" + " issued by %s: %s\n", + keystr (sig->keyid), gpg_strerror (err)); } missing_issuer ++; break; ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 13 +++-- g10/gpg.c | 2 + g10/keyedit.c | 8 ++- g10/keyid.c | 23 ++++++-- g10/keylist.c | 180 ++++++++++++++++++++++++++++++--------------------------- g10/main.h | 1 + g10/mainproc.c | 47 +++++---------- g10/options.h | 2 +- g10/pkclist.c | 14 ++--- g10/revoke.c | 14 ++--- 10 files changed, 158 insertions(+), 146 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 6 17:06:36 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 06 Jun 2016 17:06:36 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-53-g7257ea2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7257ea2d450238afa4d162fab8001f74782fe43f (commit) via 1d1cb86694fb2223de1da0b3bfffb5c62f505847 (commit) from b047388d57443f584f1c1d6333aac5218b685042 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7257ea2d450238afa4d162fab8001f74782fe43f Author: Werner Koch Date: Mon Jun 6 17:03:47 2016 +0200 gpg: Use --keyid-format=none by default. * g10/gpg.c (main): Init keyid_format to KF_NONE. * g10/keyid.c (format_keyid): Ditto. (keystrlen): Ditto. -- GnuPG-bug-id: 2379 Signed-off-by: Werner Koch diff --git a/g10/gpg.c b/g10/gpg.c index 5b4fba6..df6c246 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2249,7 +2249,7 @@ main (int argc, char **argv) opt.mangle_dos_filenames = 0; opt.min_cert_level = 2; set_screen_dimensions (); - opt.keyid_format = KF_SHORT; + opt.keyid_format = KF_NONE; opt.def_sig_expire = "0"; opt.def_cert_expire = "0"; set_homedir (default_homedir ()); diff --git a/g10/keyid.c b/g10/keyid.c index 4cdc41d..e67f67f 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -333,7 +333,7 @@ format_keyid (u32 *keyid, int format, char *buffer, int len) if (format == KF_DEFAULT) format = opt.keyid_format; if (format == KF_DEFAULT) - format = KF_SHORT; + format = KF_NONE; switch (format) { @@ -380,7 +380,7 @@ keystrlen(void) { int format = opt.keyid_format; if (format == KF_DEFAULT) - format = KF_SHORT; + format = KF_NONE; switch(format) { commit 1d1cb86694fb2223de1da0b3bfffb5c62f505847 Author: Werner Koch Date: Mon Jun 6 16:55:03 2016 +0200 gpg: Add option --with-subkey-fingerprint. * g10/gpg.c (oWithSubkeyFingerprint): New. (opts): Add --with-subkey-fingerprint[s]. (main): Set that option. * g10/options.h (struct opt): Add 'with_subkey_fingerprint'. * g10/keylist.c (list_keyblock_print): Print subkey fingerprint. (print_fingerprint): Tweak printing to use compact format if desirable. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index f190581..f092b27 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -342,7 +342,8 @@ fingerprints. This is the same output as @option{--list-keys} but with the additional output of a line with the fingerprint. May also be combined with @option{--list-sigs} or @option{--check-sigs}. If this command is given twice, the fingerprints of all secondary keys are -listed too. +listed too. This command also forces pretty printing of fingerprints +if the keyid format has been set to "none". @item --list-packets @opindex list-packets @@ -2276,6 +2277,14 @@ allow to convey suitable information for elliptic curves. Same as the command @option{--fingerprint} but changes only the format of the output and may be used together with another command. + at item --with-subkey-fingerprint + at opindex with-subkey-fingerprint +If a fingerprint is printed for the primary key, this option forces +printing of the fingerprint for all subkeys. This could also be +achieved by using the @option{--with-fingerprint} twice but by using +this option along with keyid-format "none" a compact fingerprint is +printed. + @item --with-icao-spelling @opindex with-icao-spelling Print the ICAO spelling of the fingerprint in addition to the hex digits. diff --git a/g10/gpg.c b/g10/gpg.c index d0be4ba..5b4fba6 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -182,6 +182,7 @@ enum cmd_and_opt_values oNoAskCertLevel, oFingerprint, oWithFingerprint, + oWithSubkeyFingerprint, oWithICAOSpelling, oWithKeygrip, oWithSecret, @@ -720,6 +721,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"), ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"), ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"), + ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprint", "@"), + ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"), ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"), ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), ARGPARSE_s_n (oWithSecret, "with-secret", "@"), @@ -2566,6 +2569,9 @@ main (int argc, char **argv) opt.with_fingerprint = 1; opt.fingerprint++; break; + case oWithSubkeyFingerprint: + opt.with_subkey_fingerprint = 1; + break; case oWithICAOSpelling: opt.with_icao_spelling = 1; break; diff --git a/g10/keyid.c b/g10/keyid.c index 20efa01..4cdc41d 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -384,6 +384,9 @@ keystrlen(void) switch(format) { + case KF_NONE: + return 0; + case KF_SHORT: return 8; diff --git a/g10/keylist.c b/g10/keylist.c index abd5ffa..231f3c0 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1168,7 +1168,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, /* Print the "sub" line. */ print_key_line (es_stdout, pk2, secret); - if (fpr > 1) + if (fpr > 1 || opt.with_subkey_fingerprint) { print_fingerprint (NULL, pk2, 0); if (serialno) @@ -1821,6 +1821,10 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) compact = 1; } + if (!opt.fingerprint && !opt.with_fingerprint + && opt.with_subkey_fingerprint && opt.keyid_format == KF_NONE) + compact = 1; + if (pk->main_keyid[0] == pk->keyid[0] && pk->main_keyid[1] == pk->keyid[1]) primary = 1; @@ -1873,7 +1877,13 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) else { fp = override_fp? override_fp : es_stdout; - text = _(" Key fingerprint ="); + if (opt.keyid_format == KF_NONE) + { + text = " "; /* To indent ICAO spelling. */ + compact = 1; + } + else + text = _(" Key fingerprint ="); } hexfingerprint (pk, hexfpr, sizeof hexfpr); @@ -1881,7 +1891,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) { es_fprintf (fp, "fpr:::::::::%s:", hexfpr); } - else if (compact) + else if (compact && !opt.fingerprint && !opt.with_fingerprint) { tty_fprintf (fp, "%*s%s", 6, "", hexfpr); } @@ -1889,7 +1899,10 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) { char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1]; format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr); - tty_fprintf (fp, "%s %s", text, fmtfpr); + if (compact) + tty_fprintf (fp, "%*s%s", 6, "", fmtfpr); + else + tty_fprintf (fp, "%s %s", text, fmtfpr); } tty_fprintf (fp, "\n"); if (!with_colons && with_icao) diff --git a/g10/options.h b/g10/options.h index 55f974a..2ae1724 100644 --- a/g10/options.h +++ b/g10/options.h @@ -71,6 +71,7 @@ struct int with_key_data; int with_icao_spelling; /* Print ICAO spelling with fingerprints. */ int with_fingerprint; /* Option --with-fingerprint active. */ + int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active. */ int with_keygrip; /* Option --with-keygrip active. */ int with_secret; /* Option --with-secret active. */ int with_wkd_hash; /* Option --with-wkd-hash. */ ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 11 ++++++++++- g10/gpg.c | 8 +++++++- g10/keyid.c | 7 +++++-- g10/keylist.c | 21 +++++++++++++++++---- g10/options.h | 1 + 5 files changed, 40 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 6 18:16:36 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 06 Jun 2016 18:16:36 +0200 Subject: [git] gnupg-doc - branch, master, updated. e178040535cd0dbc91664baf7f3ae2c8192c0b6f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e178040535cd0dbc91664baf7f3ae2c8192c0b6f (commit) from 8a048ed744c11e2a27aceaa1f794f1bb7d1c996c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e178040535cd0dbc91664baf7f3ae2c8192c0b6f Author: Werner Koch Date: Mon Jun 6 18:15:03 2016 +0200 faq: Explain new key listing format since 2.1.13. Also describe --quick-addkey. diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index c1e6d09..4c24b87 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -412,7 +412,23 @@ uid [ unknown] Sample 2 uid [ unknown] EdDSA sample key 1 #+end_example +Since version 2.1.13 another subkey can directly be added to an +existing key: + +#+begin_example +$ gpg --quick-addkey 15CB723E2000A1A82505F3B7CC00B501BD19AC1C - - 2016-12-31 +$ gpg -k 15CB723E2000A1A82505F3B7CC00B501BD19AC1C +pub rsa2048 2014-11-04 [SC] + 15CB723E2000A1A82505F3B7CC00B501BD19AC1C +uid [ unknown] Daniel Ellsberg +sub rsa2048 2014-11-04 [E] +sub rsa2048 2016-06-06 [E] [expires: 2016-12-31] +#+end_example +Here we created another encryption subkey with an expiration date. +The key listing also shows the default key listing format introduced +with 2.1.13. There are a lot of other options to the =--quick-addkey= +command which are described in the manual. ** Improved Pinentry support :PROPERTIES: @@ -629,13 +645,21 @@ the name of the curve: #+begin_example pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31] -pub dsa2048/1E42B367 2007-12-31 [expires: 2018-12-31] -pub ed25519/0AA914C9 2014-10-18 + +pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31] + 80615870F5BAD690333686D0F2AD85AC1E42B367 + +pub ed25519 2014-10-18 [SC] + 0B7F0C1D690BC440D5AFF9B56902F00A0AA914C9 #+end_example -The first two lines show the same key in the old format and in the new -format. The third line shows an example of an ECC key using the -ed25519 curve. +The first two "pub"-items show the same key in the old format and in +the new format. The third "pub"-item shows an example of an ECC key +using an ed25519 curve. Note that since version 2.1.13 the key id is +not anymore shown. Instead the full fingerprint is shown in a compact +format; by using the option =--with-fingerprint= the non-compact +format is used. The =--keyid-format= option can be used to switch +back to the discouraged format which prints only the key id. As a further change the validity of a key is now shown by default; that is =show-uid-validity= is implicitly used for the ----------------------------------------------------------------------- Summary of changes: web/faq/whats-new-in-2.1.org | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 7 07:28:48 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Jun 2016 07:28:48 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-55-g650abba Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 650abbab716750d6087a457a25fa2efaaa3567cd (commit) via abeeb84a94be815a16e678b319cb5c8bffde2811 (commit) from 7257ea2d450238afa4d162fab8001f74782fe43f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 650abbab716750d6087a457a25fa2efaaa3567cd Author: NIIBE Yutaka Date: Tue Jun 7 14:27:41 2016 +0900 po: Update Japanese translation. Signed-off-by: NIIBE Yutaka diff --git a/po/ja.po b/po/ja.po index feae081..889cd8b 100644 --- a/po/ja.po +++ b/po/ja.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1.12\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2016-05-09 14:44+0900\n" +"PO-Revision-Date: 2016-06-07 14:12+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -1172,8 +1172,7 @@ msgid "a notation name may not contain an '=' character\n" msgstr "????????'='?????????????\n" msgid "a notation name must have only printable characters or spaces\n" -msgstr "" -"?????????????????????????????\n" +msgstr "?????????????????????????????\n" msgid "WARNING: invalid notation data found\n" msgstr "*??*: ???????????\n" @@ -1680,8 +1679,7 @@ msgstr "(?????'%s'??????????)\n" #, c-format msgid "Warning: '%s' should be a long key ID or a fingerprint\n" -msgstr "" -"??: '%s'????ID??????????????????\n" +msgstr "??: '%s'????ID??????????????????\n" #, c-format msgid "error looking up: %s\n" @@ -2027,335 +2025,6 @@ msgstr "?????????????????" msgid "show expiration dates during signature listings" msgstr "???????????????????" -msgid "available TOFU policies:\n" -msgstr "?????TOFU????:\n" - -#, c-format -msgid "unknown TOFU policy '%s'\n" -msgstr "???TOFU????'%s'\n" - -msgid "(use \"help\" to list choices)\n" -msgstr "(????????\"help\"????????)\n" - -#, c-format -msgid "unknown TOFU DB format '%s'\n" -msgstr "???TOFU DB??????'%s'\n" - -#, c-format -msgid "Note: old default options file '%s' ignored\n" -msgstr "*??*: ????????????????????'%s'????????\n" - -#, c-format -msgid "libgcrypt is too old (need %s, have %s)\n" -msgstr "libgcrypt ?????? (?? %s, ?? %s)\n" - -#, c-format -msgid "Note: %s is not for normal use!\n" -msgstr "*??*: ??%s??????!\n" - -#, c-format -msgid "'%s' is not a valid signature expiration\n" -msgstr "'%s'????????????????\n" - -#, c-format -msgid "invalid pinentry mode '%s'\n" -msgstr "??? pinentry mode '%s'??\n" - -#, c-format -msgid "'%s' is not a valid character set\n" -msgstr "'%s'????????????????\n" - -msgid "could not parse keyserver URL\n" -msgstr "?????URL?????\n" - -#, c-format -msgid "%s:%d: invalid keyserver options\n" -msgstr "%s:%d: ???????????????\n" - -msgid "invalid keyserver options\n" -msgstr "???????????????\n" - -#, c-format -msgid "%s:%d: invalid import options\n" -msgstr "%s:%d: ????????????????\n" - -msgid "invalid import options\n" -msgstr "????????????????\n" - -#, c-format -msgid "%s:%d: invalid export options\n" -msgstr "%s:%d: ?????????????????\n" - -msgid "invalid export options\n" -msgstr "?????????????????\n" - -#, c-format -msgid "%s:%d: invalid list options\n" -msgstr "%s:%d: ????????????\n" - -msgid "invalid list options\n" -msgstr "????????????\n" - -msgid "display photo IDs during signature verification" -msgstr "??????????ID?????" - -msgid "show policy URLs during signature verification" -msgstr "???????????URL?????" - -msgid "show all notations during signature verification" -msgstr "??????????????????" - -msgid "show IETF standard notations during signature verification" -msgstr "???????IETF?????????" - -msgid "show user-supplied notations during signature verification" -msgstr "??????????????????" - -msgid "show preferred keyserver URLs during signature verification" -msgstr "?????????????URL?????" - -msgid "show user ID validity during signature verification" -msgstr "??????????ID?????????" - -msgid "show revoked and expired user IDs in signature verification" -msgstr "??????????????ID????????????ID?????" - -msgid "show only the primary user ID in signature verification" -msgstr "????????????ID????????" - -msgid "validate signatures with PKA data" -msgstr "PKA???????????" - -msgid "elevate the trust of signatures with valid PKA data" -msgstr "???PKA????????????????" - -#, c-format -msgid "%s:%d: invalid verify options\n" -msgstr "%s:%d: ????????????\n" - -msgid "invalid verify options\n" -msgstr "????????????\n" - -#, c-format -msgid "unable to set exec-path to %s\n" -msgstr "exec-path?%s?????\n" - -#, c-format -msgid "%s:%d: invalid auto-key-locate list\n" -msgstr "%s:%d: ??? auto-key-locate ?????\n" - -msgid "invalid auto-key-locate list\n" -msgstr "??? auto-key-locate ?????\n" - -msgid "WARNING: program may create a core file!\n" -msgstr "*??*: ??????core????????????????!\n" - -#, c-format -msgid "WARNING: %s overrides %s\n" -msgstr "*??*: %s?%s????\n" - -#, c-format -msgid "%s not allowed with %s!\n" -msgstr "%s?%s??????????????!\n" - -#, c-format -msgid "%s makes no sense with %s!\n" -msgstr "%s?%s?????????????!\n" - -msgid "WARNING: running with faked system time: " -msgstr "*??*: ???????????????????: " - -#, c-format -msgid "will not run with insecure memory due to %s\n" -msgstr "%s ?????????????????????\n" - -msgid "selected cipher algorithm is invalid\n" -msgstr "???????????????????\n" - -msgid "selected digest algorithm is invalid\n" -msgstr "????????????????????????\n" - -msgid "selected compression algorithm is invalid\n" -msgstr "???????????????????\n" - -msgid "selected certification digest algorithm is invalid\n" -msgstr "???????????????????????????\n" - -msgid "completes-needed must be greater than 0\n" -msgstr "completes-needed?????????\n" - -msgid "marginals-needed must be greater than 1\n" -msgstr "marginals-needed?1???????????\n" - -msgid "max-cert-depth must be in the range from 1 to 255\n" -msgstr "max-cert-depth?1??255?????????????\n" - -msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n" -msgstr "???default-cert-level?0?1?2?3??????????\n" - -msgid "invalid min-cert-level; must be 1, 2, or 3\n" -msgstr "???min-cert-level?0?1?2?3??????????\n" - -msgid "Note: simple S2K mode (0) is strongly discouraged\n" -msgstr "*??*: ???S2K???(0)????????????\n" - -msgid "invalid S2K mode; must be 0, 1 or 3\n" -msgstr "???S2K????0?1?3??????????\n" - -msgid "invalid default preferences\n" -msgstr "?????????????\n" - -msgid "invalid personal cipher preferences\n" -msgstr "???????????????\n" - -msgid "invalid personal digest preferences\n" -msgstr "?????????????????\n" - -msgid "invalid personal compress preferences\n" -msgstr "?????????????\n" - -#, c-format -msgid "%s does not yet work with %s\n" -msgstr "%s?%s??????????\n" - -#, c-format -msgid "you may not use cipher algorithm '%s' while in %s mode\n" -msgstr "????????'%s'?%s??????????????\n" - -#, c-format -msgid "you may not use digest algorithm '%s' while in %s mode\n" -msgstr "?????????????'%s'?%s??????????????\n" - -#, c-format -msgid "you may not use compression algorithm '%s' while in %s mode\n" -msgstr "????????'%s'?%s??????????????\n" - -#, c-format -msgid "failed to initialize the TrustDB: %s\n" -msgstr "???????????????????: %s\n" - -msgid "WARNING: recipients (-r) given without using public key encryption\n" -msgstr "*??*: ?????????????? (-r) ????????\n" - -msgid "--store [filename]" -msgstr "--store [?????]" - -msgid "--symmetric [filename]" -msgstr "--symmetric [?????]" - -#, c-format -msgid "symmetric encryption of '%s' failed: %s\n" -msgstr "'%s'?????????????: %s\n" - -msgid "--encrypt [filename]" -msgstr "--encrypt [?????]" - -msgid "--symmetric --encrypt [filename]" -msgstr "--symmetric --encrypt [?????]" - -msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n" -msgstr "--symmetric --encrypt?--s2k-mode 0???????????\n" - -#, c-format -msgid "you cannot use --symmetric --encrypt while in %s mode\n" -msgstr "--symmetric --encrypt?%s??????????????\n" - -msgid "--sign [filename]" -msgstr "--sign [?????]" - -msgid "--sign --encrypt [filename]" -msgstr "--sign --encrypt [?????]" - -msgid "--symmetric --sign --encrypt [filename]" -msgstr "--symmetric --sign --encrypt [?????]" - -msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n" -msgstr "--symmetric --sign --encrypt?--s2k-mode 0???????????\n" - -#, c-format -msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n" -msgstr "--symmetric --sign --encrypt?%s??????????????\n" - -msgid "--sign --symmetric [filename]" -msgstr "--sign --symmetric [?????]" - -msgid "--clearsign [filename]" -msgstr "--clearsign [?????]" - -msgid "--decrypt [filename]" -msgstr "--decrypt [?????]" - -msgid "--sign-key user-id" -msgstr "--sign-key ???id" - -msgid "--lsign-key user-id" -msgstr "--lsign-key ???id" - -msgid "--edit-key user-id [commands]" -msgstr "--edit-key ???id [????]" - -msgid "--passwd " -msgstr "--passwd " - -#, c-format -msgid "keyserver send failed: %s\n" -msgstr "???????????????: %s\n" - -#, c-format -msgid "keyserver receive failed: %s\n" -msgstr "????????????????: %s\n" - -#, c-format -msgid "key export failed: %s\n" -msgstr "???????????????: %s\n" - -#, c-format -msgid "export as ssh key failed: %s\n" -msgstr "ssh??????????????????: %s\n" - -#, c-format -msgid "keyserver search failed: %s\n" -msgstr "??????????????: %s\n" - -#, c-format -msgid "keyserver refresh failed: %s\n" -msgstr "??????????????: %s\n" - -#, c-format -msgid "dearmoring failed: %s\n" -msgstr "???????????: %s\n" - -#, c-format -msgid "enarmoring failed: %s\n" -msgstr "?????????: %s\n" - -#, c-format -msgid "invalid hash algorithm '%s'\n" -msgstr "??????????????'%s'??\n" - -#, c-format -msgid "error parsing key specification '%s': %s\n" -msgstr "???'%s'????????: %s\n" - -#, c-format -msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" -msgstr "'%s'?????ID, ??????????keygrip?????????\n" - -msgid "[filename]" -msgstr "[?????]" - -msgid "Go ahead and type your message ...\n" -msgstr "??????????????????? ...\n" - -msgid "the given certification policy URL is invalid\n" -msgstr "?????????????URL?????\n" - -msgid "the given signature policy URL is invalid\n" -msgstr "????????????URL?????\n" - -msgid "the given preferred keyserver URL is invalid\n" -msgstr "???????????URL?????\n" - msgid "|FILE|take the keys from the keyring FILE" msgstr "|FILE|????FILE???????" @@ -2365,6 +2034,9 @@ msgstr "??????????????" msgid "|FD|write status info to this FD" msgstr "|FD|??FD?????????????" +msgid "|ALGO|reject signatures made with ALGO" +msgstr "|ALGO|ALGO?????????????" + msgid "Usage: gpgv [options] [files] (-h for help)" msgstr "???: gpgv [?????] [????] (???? -h)" @@ -2793,7 +2465,8 @@ msgstr "??????????????????(%d)???? #, c-format msgid "" "can't check signature with unsupported message-digest algorithm %d: %s.\n" -msgstr "?????????????????????(%d)???????????: %s.\n" +msgstr "" +"?????????????????????(%d)???????????: %s.\n" msgid " (reordered signatures follow)" msgstr "(?????????????)" @@ -2826,7 +2499,9 @@ msgstr[0] "%d???????\n" msgid "" "Warning: errors found and only checked self-signatures, run '%s' to check " "all signatures.\n" -msgstr "??: ????????????????????'%s'???????????????????\n" +msgstr "" +"??: ????????????????????'%s'?????????????" +"??????\n" msgid "" "Please decide how far you trust this user to correctly verify other users' " @@ -3482,6 +3157,9 @@ msgstr "???ID\"%s\"?v3????????????\n" msgid "Enter your preferred keyserver URL: " msgstr "??????URL?????????: " +msgid "could not parse keyserver URL\n" +msgstr "?????URL?????\n" + msgid "Are you sure you want to replace it? (y/N) " msgstr "????????????? (y/N) " @@ -3727,6 +3405,10 @@ msgid "No key with this keygrip\n" msgstr "??keygrip????????\n" #, c-format +msgid "rounded to %u bits\n" +msgstr "%u??????????\n" + +#, c-format msgid "%s keys may be between %u and %u bits long.\n" msgstr "%s ?? %u ?? %u ????????????\n" @@ -3742,10 +3424,6 @@ msgstr "???? (%u) " msgid "Requested keysize is %u bits\n" msgstr "????????%u???\n" -#, c-format -msgid "rounded to %u bits\n" -msgstr "%u??????????\n" - msgid "Please select which elliptic curve you want:\n" msgstr "?????????????????:\n" @@ -4164,6 +3842,10 @@ msgid "sending key %s to %s\n" msgstr "?%s?%s???\n" #, c-format +msgid "keyserver send failed: %s\n" +msgstr "???????????????: %s\n" + +#, c-format msgid "requesting key from '%s'\n" msgstr "??'%s'????\n" @@ -4923,8 +4605,8 @@ msgid "" msgstr "" "???????????????????????????????????\n" "???????????????????????????????????\n" -"??????????????????????GnuPG??????" -"gpg???? \"--gen-revoke\"???????????" +"??????????????????????GnuPG??????gpg???? \"--" +"gen-revoke\"???????????" msgid "" "To avoid an accidental use of this file, a colon has been inserted\n" @@ -5314,10 +4996,6 @@ msgid "error updating TOFU database: %s\n" msgstr "TOFU????????????: %s\n" #, c-format -msgid "public key %s not found: %s\n" -msgstr "???%s????????: %s\n" - -#, c-format msgid "error setting TOFU binding's trust level to %s\n" msgstr "TOFU??????????????????: %s\n" @@ -5330,15 +5008,16 @@ msgid "" "The key with fingerprint %s raised a conflict with the binding %s. Since " "this binding's policy was 'auto', it was changed to 'ask'." msgstr "" -"???????????%s????????%s??????????????????????" -"'auto'??????'ask'?????????" +"???????????%s????????%s?????????????????" +"?????'auto'??????'ask'?????????" #, c-format msgid "" "Please indicate whether you believe the binding %s%sis legitimate (the key " "belongs to the stated owner) or a forgery (bad)." msgstr "" -"???????%s%s???(??????????????)?????????(??)???????????" +"???????%s%s???(??????????????)?????????(?" +"?)???????????" #, c-format msgid "error gathering other user IDs: %s\n" @@ -5358,8 +5037,7 @@ msgstr "???????????: %s\n" #, c-format msgid "The email address \"%s\" is associated with %d key:\n" msgid_plural "The email address \"%s\" is associated with %d keys:\n" -msgstr[0] "" -"?????????\"%s\"?%d????????????:\n" +msgstr[0] "?????????\"%s\"?%d????????????:\n" #, c-format msgid "Statistics for keys with the email address \"%s\":\n" @@ -5406,7 +5084,9 @@ msgid "gGaAuUrRbB" msgstr "gGaAuUrRbB" msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? " -msgstr "(G)ood-?, (A)ccept once-?????, (U)nknown-??, (R)eject once-?????, (B)ad-??? " +msgstr "" +"(G)ood-?, (A)ccept once-?????, (U)nknown-??, (R)eject once-????" +"?, (B)ad-??? " #, c-format msgid "error changing TOFU policy: %s\n" @@ -5467,8 +5147,7 @@ msgid "" msgid_plural "" "Verified %ld messages signed by \"%s\"\n" "in the past %s." -msgstr[0] "" -"??????%ld???????(\"%s\"???????????? %s)?" +msgstr[0] "??????%ld???????(\"%s\"???????????? %s)?" #, c-format msgid "The most recent message was verified %s ago." @@ -5478,7 +5157,8 @@ msgid "Warning: we've have yet to see a message signed by this key!\n" msgstr "??: ???????????????????????????!\n" msgid "Warning: we've only seen a single message signed by this key!\n" -msgstr "??: ???????????????????????????????!\n" +msgstr "" +"??: ???????????????????????????????!\n" #, c-format msgid "" @@ -5494,9 +5174,9 @@ msgid_plural "" " %s\n" "to mark it as being bad.\n" msgstr[0] "" -"??: ???????????????%ld????????????" -"??????????! ?????????????????????" -"??????????????????????????\n" +"??: ???????????????%ld???????????????????" +"???! ??????????????????????????????????" +"?????????????\n" " %s\n" "??????????????\n" @@ -5561,6 +5241,10 @@ msgstr "?????'%s'????????????????? msgid "no need for a trustdb update with '%s' trust model\n" msgstr "?????'%s'??????????????????\n" +#, c-format +msgid "public key %s not found: %s\n" +msgstr "???%s????????: %s\n" + msgid "please do a --check-trustdb\n" msgstr "--check-trustdb?????????\n" @@ -5599,7 +5283,7 @@ msgid "undefined" msgstr "???" msgid "never" -msgstr "?????" +msgstr "????" msgid "marginal" msgstr "????" @@ -5633,6 +5317,9 @@ msgstr "[ ?? ]" msgid "[ undef ]" msgstr "[ ??? ]" +msgid "[ never ]" +msgstr "[????]" + msgid "[marginal]" msgstr "[????]" @@ -6522,9 +6209,25 @@ msgstr "%s:%u: ????????????????\n" msgid "%s:%u: skipping this line\n" msgstr "%s:%u: ????????\n" +#, c-format +msgid "invalid pinentry mode '%s'\n" +msgstr "??? pinentry mode '%s'??\n" + msgid "could not parse keyserver\n" msgstr "?????URL?????\n" +msgid "WARNING: program may create a core file!\n" +msgstr "*??*: ??????core????????????????!\n" + +msgid "WARNING: running with faked system time: " +msgstr "*??*: ???????????????????: " + +msgid "selected cipher algorithm is invalid\n" +msgstr "???????????????????\n" + +msgid "selected digest algorithm is invalid\n" +msgstr "????????????????????????\n" + #, c-format msgid "importing common certificates '%s'\n" msgstr "???????????????: %s\n" @@ -8247,6 +7950,277 @@ msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" +#~ msgid "available TOFU policies:\n" +#~ msgstr "?????TOFU????:\n" + +#~ msgid "unknown TOFU policy '%s'\n" +#~ msgstr "???TOFU????'%s'\n" + +#~ msgid "(use \"help\" to list choices)\n" +#~ msgstr "(????????\"help\"????????)\n" + +#~ msgid "unknown TOFU DB format '%s'\n" +#~ msgstr "???TOFU DB??????'%s'\n" + +#~ msgid "Note: old default options file '%s' ignored\n" +#~ msgstr "" +#~ "*??*: ????????????????????'%s'????????\n" + +#~ msgid "libgcrypt is too old (need %s, have %s)\n" +#~ msgstr "libgcrypt ?????? (?? %s, ?? %s)\n" + +#~ msgid "Note: %s is not for normal use!\n" +#~ msgstr "*??*: ??%s??????!\n" + +#~ msgid "'%s' is not a valid signature expiration\n" +#~ msgstr "'%s'????????????????\n" + +#~ msgid "'%s' is not a valid character set\n" +#~ msgstr "'%s'????????????????\n" + +#~ msgid "%s:%d: invalid keyserver options\n" +#~ msgstr "%s:%d: ???????????????\n" + +#~ msgid "invalid keyserver options\n" +#~ msgstr "???????????????\n" + +#~ msgid "%s:%d: invalid import options\n" +#~ msgstr "%s:%d: ????????????????\n" + +#~ msgid "invalid import options\n" +#~ msgstr "????????????????\n" + +#~ msgid "%s:%d: invalid export options\n" +#~ msgstr "%s:%d: ?????????????????\n" + +#~ msgid "invalid export options\n" +#~ msgstr "?????????????????\n" + +#~ msgid "%s:%d: invalid list options\n" +#~ msgstr "%s:%d: ????????????\n" + +#~ msgid "invalid list options\n" +#~ msgstr "????????????\n" + +#~ msgid "display photo IDs during signature verification" +#~ msgstr "??????????ID?????" + +#~ msgid "show policy URLs during signature verification" +#~ msgstr "???????????URL?????" + +#~ msgid "show all notations during signature verification" +#~ msgstr "??????????????????" + +#~ msgid "show IETF standard notations during signature verification" +#~ msgstr "???????IETF?????????" + +#~ msgid "show user-supplied notations during signature verification" +#~ msgstr "??????????????????" + +#~ msgid "show preferred keyserver URLs during signature verification" +#~ msgstr "?????????????URL?????" + +#~ msgid "show user ID validity during signature verification" +#~ msgstr "??????????ID?????????" + +#~ msgid "show revoked and expired user IDs in signature verification" +#~ msgstr "??????????????ID????????????ID?????" + +#~ msgid "show only the primary user ID in signature verification" +#~ msgstr "????????????ID????????" + +#~ msgid "validate signatures with PKA data" +#~ msgstr "PKA???????????" + +#~ msgid "elevate the trust of signatures with valid PKA data" +#~ msgstr "???PKA????????????????" + +#~ msgid "%s:%d: invalid verify options\n" +#~ msgstr "%s:%d: ????????????\n" + +#~ msgid "invalid verify options\n" +#~ msgstr "????????????\n" + +#~ msgid "unable to set exec-path to %s\n" +#~ msgstr "exec-path?%s?????\n" + +#~ msgid "%s:%d: invalid auto-key-locate list\n" +#~ msgstr "%s:%d: ??? auto-key-locate ?????\n" + +#~ msgid "invalid auto-key-locate list\n" +#~ msgstr "??? auto-key-locate ?????\n" + +#~ msgid "WARNING: %s overrides %s\n" +#~ msgstr "*??*: %s?%s????\n" + +#~ msgid "%s not allowed with %s!\n" +#~ msgstr "%s?%s??????????????!\n" + +#~ msgid "%s makes no sense with %s!\n" +#~ msgstr "%s?%s?????????????!\n" + +#~ msgid "will not run with insecure memory due to %s\n" +#~ msgstr "%s ?????????????????????\n" + +#~ msgid "selected compression algorithm is invalid\n" +#~ msgstr "???????????????????\n" + +#~ msgid "selected certification digest algorithm is invalid\n" +#~ msgstr "???????????????????????????\n" + +#~ msgid "completes-needed must be greater than 0\n" +#~ msgstr "completes-needed?????????\n" + +#~ msgid "marginals-needed must be greater than 1\n" +#~ msgstr "marginals-needed?1???????????\n" + +#~ msgid "max-cert-depth must be in the range from 1 to 255\n" +#~ msgstr "max-cert-depth?1??255?????????????\n" + +#~ msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n" +#~ msgstr "???default-cert-level?0?1?2?3??????????\n" + +#~ msgid "invalid min-cert-level; must be 1, 2, or 3\n" +#~ msgstr "???min-cert-level?0?1?2?3??????????\n" + +#~ msgid "Note: simple S2K mode (0) is strongly discouraged\n" +#~ msgstr "*??*: ???S2K???(0)????????????\n" + +#~ msgid "invalid S2K mode; must be 0, 1 or 3\n" +#~ msgstr "???S2K????0?1?3??????????\n" + +#~ msgid "invalid default preferences\n" +#~ msgstr "?????????????\n" + +#~ msgid "invalid personal cipher preferences\n" +#~ msgstr "???????????????\n" + +#~ msgid "invalid personal digest preferences\n" +#~ msgstr "?????????????????\n" + +#~ msgid "invalid personal compress preferences\n" +#~ msgstr "?????????????\n" + +#~ msgid "%s does not yet work with %s\n" +#~ msgstr "%s?%s??????????\n" + +#~ msgid "you may not use cipher algorithm '%s' while in %s mode\n" +#~ msgstr "????????'%s'?%s??????????????\n" + +#~ msgid "you may not use digest algorithm '%s' while in %s mode\n" +#~ msgstr "?????????????'%s'?%s??????????????\n" + +#~ msgid "you may not use compression algorithm '%s' while in %s mode\n" +#~ msgstr "????????'%s'?%s??????????????\n" + +#~ msgid "failed to initialize the TrustDB: %s\n" +#~ msgstr "???????????????????: %s\n" + +#~ msgid "WARNING: recipients (-r) given without using public key encryption\n" +#~ msgstr "*??*: ?????????????? (-r) ????????\n" + +#~ msgid "--store [filename]" +#~ msgstr "--store [?????]" + +#~ msgid "--symmetric [filename]" +#~ msgstr "--symmetric [?????]" + +#~ msgid "symmetric encryption of '%s' failed: %s\n" +#~ msgstr "'%s'?????????????: %s\n" + +#~ msgid "--encrypt [filename]" +#~ msgstr "--encrypt [?????]" + +#~ msgid "--symmetric --encrypt [filename]" +#~ msgstr "--symmetric --encrypt [?????]" + +#~ msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n" +#~ msgstr "--symmetric --encrypt?--s2k-mode 0???????????\n" + +#~ msgid "you cannot use --symmetric --encrypt while in %s mode\n" +#~ msgstr "--symmetric --encrypt?%s??????????????\n" + +#~ msgid "--sign [filename]" +#~ msgstr "--sign [?????]" + +#~ msgid "--sign --encrypt [filename]" +#~ msgstr "--sign --encrypt [?????]" + +#~ msgid "--symmetric --sign --encrypt [filename]" +#~ msgstr "--symmetric --sign --encrypt [?????]" + +#~ msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n" +#~ msgstr "--symmetric --sign --encrypt?--s2k-mode 0???????????\n" + +#~ msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n" +#~ msgstr "--symmetric --sign --encrypt?%s??????????????\n" + +#~ msgid "--sign --symmetric [filename]" +#~ msgstr "--sign --symmetric [?????]" + +#~ msgid "--clearsign [filename]" +#~ msgstr "--clearsign [?????]" + +#~ msgid "--decrypt [filename]" +#~ msgstr "--decrypt [?????]" + +#~ msgid "--sign-key user-id" +#~ msgstr "--sign-key ???id" + +#~ msgid "--lsign-key user-id" +#~ msgstr "--lsign-key ???id" + +#~ msgid "--edit-key user-id [commands]" +#~ msgstr "--edit-key ???id [????]" + +#~ msgid "--passwd " +#~ msgstr "--passwd " + +#~ msgid "keyserver receive failed: %s\n" +#~ msgstr "????????????????: %s\n" + +#~ msgid "key export failed: %s\n" +#~ msgstr "???????????????: %s\n" + +#~ msgid "export as ssh key failed: %s\n" +#~ msgstr "ssh??????????????????: %s\n" + +#~ msgid "keyserver search failed: %s\n" +#~ msgstr "??????????????: %s\n" + +#~ msgid "keyserver refresh failed: %s\n" +#~ msgstr "??????????????: %s\n" + +#~ msgid "dearmoring failed: %s\n" +#~ msgstr "???????????: %s\n" + +#~ msgid "enarmoring failed: %s\n" +#~ msgstr "?????????: %s\n" + +#~ msgid "invalid hash algorithm '%s'\n" +#~ msgstr "??????????????'%s'??\n" + +#~ msgid "error parsing key specification '%s': %s\n" +#~ msgstr "???'%s'????????: %s\n" + +#~ msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" +#~ msgstr "'%s'?????ID, ??????????keygrip?????????\n" + +#~ msgid "[filename]" +#~ msgstr "[?????]" + +#~ msgid "Go ahead and type your message ...\n" +#~ msgstr "??????????????????? ...\n" + +#~ msgid "the given certification policy URL is invalid\n" +#~ msgstr "?????????????URL?????\n" + +#~ msgid "the given signature policy URL is invalid\n" +#~ msgstr "????????????URL?????\n" + +#~ msgid "the given preferred keyserver URL is invalid\n" +#~ msgstr "???????????URL?????\n" + #~ msgid "you found a bug ... (%s:%d)\n" #~ msgstr "????????????? ... (%s:%d)\n" commit abeeb84a94be815a16e678b319cb5c8bffde2811 Author: NIIBE Yutaka Date: Tue Jun 7 14:16:32 2016 +0900 gpg: Fix command line parsing of --quick-addkey and --quick-gen-key. * g10/gpg.c (main): Compose a block by curly braces. Signed-off-by: NIIBE Yutaka diff --git a/g10/gpg.c b/g10/gpg.c index df6c246..9adf169 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4121,7 +4121,9 @@ main (int argc, char **argv) { x_usage = *argv++; argc--; if (argc) - x_expire = *argv++; argc--; + { + x_expire = *argv++; argc--; + } } } quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire); @@ -4195,7 +4197,9 @@ main (int argc, char **argv) { x_usage = *argv++; argc--; if (argc) - x_expire = *argv++; argc--; + { + x_expire = *argv++; argc--; + } } } keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire); ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 8 +- po/ja.po | 692 ++++++++++++++++++++++++++++++-------------------------------- 2 files changed, 339 insertions(+), 361 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 7 11:01:43 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 07 Jun 2016 11:01:43 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-56-g22a7ef0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 22a7ef01aa2c0eb77bcc40174d09104acc35cab1 (commit) from 650abbab716750d6087a457a25fa2efaaa3567cd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 22a7ef01aa2c0eb77bcc40174d09104acc35cab1 Author: Werner Koch Date: Tue Jun 7 10:59:46 2016 +0200 Replace use of opt.homedir by accessor functions. * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch diff --git a/agent/agent.h b/agent/agent.h index 0dcb201..42a580c 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -62,7 +62,6 @@ struct int quiet; /* Be as quiet as possible */ int dry_run; /* Don't change any persistent data */ int batch; /* Batch mode */ - const char *homedir; /* Configuration directory name */ /* True if we handle sigusr2. */ int sigusr2_enabled; diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 0e1d9fc..e3cd4b9 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -897,7 +897,7 @@ open_control_file (ssh_control_file_t *r_cf, int append) /* Note: As soon as we start to use non blocking functions here (i.e. where Pth might switch threads) we need to employ a mutex. */ - cf->fname = make_filename_try (opt.homedir, SSH_CONTROL_FILE_NAME, NULL); + cf->fname = make_filename_try (gnupg_homedir (), SSH_CONTROL_FILE_NAME, NULL); if (!cf->fname) { err = gpg_error_from_syserror (); @@ -2734,7 +2734,7 @@ ssh_handler_request_identities (ctrl_t ctrl, { char *dname; - dname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, NULL); + dname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR, NULL); if (!dname) { err = gpg_err_code_from_syserror (); diff --git a/agent/command.c b/agent/command.c index d55e7da..1898d6c 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1258,7 +1258,8 @@ cmd_keyinfo (assuan_context_t ctx, char *line) char *dirname; struct dirent *dir_entry; - dirname = make_filename_try (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, NULL); + dirname = make_filename_try (gnupg_homedir (), + GNUPG_PRIVATE_KEYS_DIR, NULL); if (!dirname) { err = gpg_error_from_syserror (); diff --git a/agent/findkey.c b/agent/findkey.c index a78709c..d3780b9 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -135,7 +135,8 @@ agent_write_private_key (const unsigned char *grip, bin2hex (grip, 20, hexgrip); strcpy (hexgrip+40, ".key"); - fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL); + fname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR, + hexgrip, NULL); /* FIXME: Write to a temp file first so that write failures during key updates won't lead to a key loss. */ @@ -652,7 +653,8 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) bin2hex (grip, 20, hexgrip); strcpy (hexgrip+40, ".key"); - fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL); + fname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR, + hexgrip, NULL); fp = es_fopen (fname, "rb"); if (!fp) { @@ -767,7 +769,8 @@ remove_key_file (const unsigned char *grip) bin2hex (grip, 20, hexgrip); strcpy (hexgrip+40, ".key"); - fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL); + fname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR, + hexgrip, NULL); if (gnupg_remove (fname)) err = gpg_error_from_syserror (); xfree (fname); @@ -1289,7 +1292,8 @@ agent_key_available (const unsigned char *grip) bin2hex (grip, 20, hexgrip); strcpy (hexgrip+40, ".key"); - fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL); + fname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR, + hexgrip, NULL); result = !access (fname, R_OK)? 0 : -1; xfree (fname); return result; diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index a950530..1832296 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -804,8 +804,6 @@ main (int argc, char **argv ) if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) csh_style = 1; - opt.homedir = default_homedir (); - /* Record some of the original environment strings. */ { const char *s; @@ -861,7 +859,7 @@ main (int argc, char **argv ) else if (pargs.r_opt == oNoOptions) default_config = 0; /* --no-options */ else if (pargs.r_opt == oHomedir) - opt.homedir = pargs.r.ret_str; + gnupg_set_homedir (pargs.r.ret_str); else if (pargs.r_opt == oDebugQuickRandom) { gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); @@ -878,8 +876,8 @@ main (int argc, char **argv ) */ if (default_config) - configname = make_filename (opt.homedir, GPG_AGENT_NAME EXTSEP_S "conf", - NULL ); + configname = make_filename (gnupg_homedir (), + GPG_AGENT_NAME EXTSEP_S "conf", NULL); argc = orig_argc; argv = orig_argv; @@ -944,7 +942,7 @@ main (int argc, char **argv ) case oNoGreeting: /* Dummy option. */ break; case oNoVerbose: opt.verbose = 0; break; case oNoOptions: break; /* no-options */ - case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oNoDetach: nodetach = 1; break; case oLogFile: logfile = pargs.r.ret_str; break; case oCsh: csh_style = 1; break; @@ -1030,7 +1028,7 @@ main (int argc, char **argv ) finalize_rereadable_options (); /* Turn the homedir into an absolute one. */ - opt.homedir = make_absfilename (opt.homedir, NULL); + gnupg_set_homedir (make_absfilename (gnupg_homedir (), NULL)); /* Print a warning if an argument looks like an option. */ if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN)) @@ -1104,8 +1102,8 @@ main (int argc, char **argv ) char *filename_esc; /* List options and default values in the GPG Conf format. */ - filename = make_filename (opt.homedir, GPG_AGENT_NAME EXTSEP_S "conf", - NULL ); + filename = make_filename (gnupg_homedir (), + GPG_AGENT_NAME EXTSEP_S "conf", NULL); filename_esc = percent_escape (filename, NULL); es_printf ("%s-%s.conf:%lu:\"%s\n", @@ -1764,7 +1762,7 @@ create_socket_name (char *standard_name, int with_homedir) char *name; if (with_homedir) - name = make_filename (opt.homedir, standard_name, NULL); + name = make_filename (gnupg_homedir (), standard_name, NULL); else name = make_filename (standard_name, NULL); if (strchr (name, PATHSEP_C)) @@ -1932,7 +1930,7 @@ create_directories (void) const char *defhome = standard_homedir (); char *home; - home = make_filename (opt.homedir, NULL); + home = make_filename (gnupg_homedir (), NULL); if ( stat (home, &statbuf) ) { if (errno == ENOENT) @@ -2731,7 +2729,7 @@ check_own_socket (void) if (check_own_socket_running || shutdown_pending) return; /* Still running or already shutting down. */ - sockname = make_filename (opt.homedir, GPG_AGENT_SOCK_NAME, NULL); + sockname = make_filename_try (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); if (!sockname) return; /* Out of memory. */ @@ -2757,7 +2755,9 @@ check_for_running_agent (int silent) char *sockname; assuan_context_t ctx = NULL; - sockname = make_filename (opt.homedir, GPG_AGENT_SOCK_NAME, NULL); + sockname = make_filename_try (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); + if (!sockname) + return gpg_error_from_syserror (); err = assuan_new (&ctx); if (!err) diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c index 1ebf181..29fdfe8 100644 --- a/agent/preset-passphrase.c +++ b/agent/preset-passphrase.c @@ -66,7 +66,6 @@ enum cmd_and_opt_values aTest }; -static const char *opt_homedir; static const char *opt_passphrase; static ARGPARSE_OPTS opts[] = { @@ -219,8 +218,6 @@ main (int argc, char **argv) i18n_init (); init_common_subsystems (&argc, &argv); - opt_homedir = default_homedir (); - pargs.argc = &argc; pargs.argv = &argv; pargs.flags= 1; /* (do not remove the args) */ @@ -229,7 +226,7 @@ main (int argc, char **argv) switch (pargs.r_opt) { case oVerbose: opt.verbose++; break; - case oHomedir: opt_homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oPreset: cmd = oPreset; break; case oForget: cmd = oForget; break; @@ -248,7 +245,7 @@ main (int argc, char **argv) /* Tell simple-pwquery about the the standard socket name. */ { - char *tmp = make_filename (opt_homedir, GPG_AGENT_SOCK_NAME, NULL); + char *tmp = make_filename (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); simple_pw_set_socket (tmp); xfree (tmp); } diff --git a/agent/protect-tool.c b/agent/protect-tool.c index ad036ee..fdb7913 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -86,7 +86,6 @@ struct rsa_secret_key_s }; -static const char *opt_homedir; static int opt_armor; static int opt_canonical; static int opt_store; @@ -577,9 +576,6 @@ main (int argc, char **argv ) gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); - opt_homedir = default_homedir (); - - pargs.argc = &argc; pargs.argv = &argv; pargs.flags= 1; /* (do not remove the args) */ @@ -590,7 +586,7 @@ main (int argc, char **argv ) case oVerbose: opt.verbose++; break; case oArmor: opt_armor=1; break; case oCanonical: opt_canonical=1; break; - case oHomedir: opt_homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oAgentProgram: opt_agent_program = pargs.r.ret_str; break; @@ -634,7 +630,7 @@ main (int argc, char **argv ) /* Set the information which can't be taken from envvars. */ gnupg_prepare_get_passphrase (GPG_ERR_SOURCE_DEFAULT, opt.verbose, - opt_homedir, + gnupg_homedir (), opt_agent_program, NULL, NULL, NULL); diff --git a/agent/trustlist.c b/agent/trustlist.c index af5f645..b8df3fd 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -344,7 +344,14 @@ read_trustfiles (void) return gpg_error_from_syserror (); tableidx = 0; - fname = make_filename (opt.homedir, "trustlist.txt", NULL); + fname = make_filename_try (gnupg_homedir (), "trustlist.txt", NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + xfree (table); + return err; + } + if ( access (fname, F_OK) ) { if ( errno == ENOENT ) @@ -608,7 +615,10 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) trustlist with only admin priviliges to modify it. Of course this is not a secure way of denying access, but it avoids the usual clicking on an Okay button most users are used to. */ - fname = make_filename (opt.homedir, "trustlist.txt", NULL); + fname = make_filename_try (gnupg_homedir (), "trustlist.txt", NULL); + if (!fname) + return gpg_error_from_syserror (); + if ( access (fname, W_OK) && errno != ENOENT) { xfree (fname); @@ -733,7 +743,15 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) return is_disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0; } - fname = make_filename (opt.homedir, "trustlist.txt", NULL); + fname = make_filename_try (gnupg_homedir (), "trustlist.txt", NULL); + if (!fname) + { + err = gpg_error_from_syserror (); + unlock_trusttable (); + xfree (fprformatted); + xfree (nameformatted); + return err; + } if ( access (fname, F_OK) && errno == ENOENT) { fp = es_fopen (fname, "wx,mode=-rw-r"); diff --git a/common/homedir.c b/common/homedir.c index 5bf5173..eccffec 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -1,6 +1,6 @@ /* homedir.c - Setup the home directory. * Copyright (C) 2004, 2006, 2007, 2010 Free Software Foundation, Inc. - * Copyright (C) 2013 Werner Koch + * Copyright (C) 2013, 2016 Werner Koch * * This file is part of GnuPG. * @@ -58,6 +58,12 @@ #include "util.h" #include "sysutils.h" + +/* The GnuPG homedir. This is only accessed by the functions + * gnupg_homedir and gnupg_set_homedir. Malloced. */ +static char *the_gnupg_homedir; + + #ifdef HAVE_W32_SYSTEM /* A flag used to indicate that a control file for gpgconf has been detected. Under Windows the presence of this file indicates a @@ -368,6 +374,30 @@ w32_commondir (void) #endif /*HAVE_W32_SYSTEM*/ +/* Change the homedir. Some care must be taken to set this early + * enough becuase previous calls to gnupg_homedir may else return a + * different string. */ +void +gnupg_set_homedir (const char *newdir) +{ + if (!newdir || !*newdir) + newdir = default_homedir (); + xfree (the_gnupg_homedir); + the_gnupg_homedir = xstrdup (newdir); +} + + +/* Return the homedir. The returned string is valid until another + * gnupg-set-homedir call. Note that this may be a relative string. + * This function replaced the former global opt.homedir. */ +const char * +gnupg_homedir (void) +{ + /* If a homedir has not been set, set it to the default. */ + if (!the_gnupg_homedir) + the_gnupg_homedir = xstrdup (default_homedir ()); + return the_gnupg_homedir; +} /* Return the name of the sysconfdir. This is a static string. This diff --git a/common/util.h b/common/util.h index 7634885..634ae06 100644 --- a/common/util.h +++ b/common/util.h @@ -220,6 +220,8 @@ const char *openpgp_is_curve_supported (const char *name, int *r_algo); /*-- homedir.c --*/ const char *standard_homedir (void); const char *default_homedir (void); +void gnupg_set_homedir (const char *newdir); +const char *gnupg_homedir (void); const char *gnupg_sysconfdir (void); const char *gnupg_bindir (void); const char *gnupg_libexecdir (void); diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index f249d68..bc71a40 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -795,9 +795,7 @@ main (int argc, char **argv) if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) csh_style = 1; - opt.homedir = default_homedir (); - - /* Now with NPth running we can set the logging callback. Our + /* Now with NPth running we can set the logging callback. Our windows implementation does not yet feature the NPth TLS functions. */ #ifndef HAVE_W32_SYSTEM @@ -835,7 +833,7 @@ main (int argc, char **argv) default_config = 0; /* --no-options */ else if (pargs.r_opt == oHomedir) { - opt.homedir = pargs.r.ret_str; + gnupg_set_homedir (pargs.r.ret_str); homedir_seen = 1; } else if (pargs.r_opt == aDaemon) @@ -862,9 +860,9 @@ main (int argc, char **argv) if (opt.system_daemon && !homedir_seen) { #ifdef HAVE_W32CE_SYSTEM - opt.homedir = DIRSEP_S "gnupg"; + gnupg_set_homedir (DIRSEP_S "gnupg"); #else - opt.homedir = gnupg_sysconfdir (); + gnupg_set_homedir (gnupg_sysconfdir ()); #endif opt.homedir_cache = gnupg_cachedir (); socket_name = dirmngr_sys_socket_name (); @@ -875,7 +873,7 @@ main (int argc, char **argv) socket_name = dirmngr_sys_socket_name (); if (default_config) - configname = make_filename (opt.homedir, DIRMNGR_NAME".conf", NULL ); + configname = make_filename (gnupg_homedir (), DIRMNGR_NAME".conf", NULL ); argc = orig_argc; argv = orig_argv; @@ -989,7 +987,7 @@ main (int argc, char **argv) greeting = 0; if (!opt.homedir_cache) - opt.homedir_cache = opt.homedir; + opt.homedir_cache = xstrdup (gnupg_homedir ()); if (greeting) { @@ -1019,7 +1017,8 @@ main (int argc, char **argv) log_info (_("Note: '%s' is not considered an option\n"), argv[i]); } - if (!access ("/etc/"DIRMNGR_NAME, F_OK) && !strncmp (opt.homedir, "/etc/", 5)) + if (!access ("/etc/"DIRMNGR_NAME, F_OK) + && !strncmp (gnupg_homedir (), "/etc/", 5)) log_info ("NOTE: DirMngr is now a proper part of %s. The configuration and" " other directory names changed. Please check that no other version" @@ -1043,7 +1042,7 @@ main (int argc, char **argv) #if USE_LDAP if (!ldapfile) { - ldapfile = make_filename (opt.homedir, + ldapfile = make_filename (gnupg_homedir (), opt.system_daemon? "ldapservers.conf":"dirmngr_ldapservers.conf", NULL); @@ -1396,7 +1395,7 @@ main (int argc, char **argv) /* First the configuration file. This is not an option, but it is vital information for GPG Conf. */ if (!opt.config_filename) - opt.config_filename = make_filename (opt.homedir, + opt.config_filename = make_filename (gnupg_homedir (), "dirmngr.conf", NULL ); filename = percent_escape (opt.config_filename, NULL); @@ -1416,7 +1415,7 @@ main (int argc, char **argv) and having both of them is thus problematic. --no-detach is also only usable on the command line. --batch is unused. */ - filename = make_filename (opt.homedir, + filename = make_filename (gnupg_homedir (), opt.system_daemon? "ldapservers.conf":"dirmngr_ldapservers.conf", NULL); @@ -1658,7 +1657,7 @@ parse_ocsp_signer (const char *string) { if (string[0] == '.' && string[1] == '/' ) string += 2; - fname = make_filename (opt.homedir, string, NULL); + fname = make_filename (gnupg_homedir (), string, NULL); } fp = es_fopen (fname, "r"); diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 6078884..8d90ae4 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -79,8 +79,7 @@ struct int quiet; /* be as quiet as possible */ int dry_run; /* don't change any persistent data */ int batch; /* batch mode */ - const char *homedir; /* Configuration directory name */ - const char *homedir_cache; /* Ditto for cache files (/var/cache/dirmngr). */ + const char *homedir_cache; /* Dir for cache files (/var/cache/dirmngr). */ char *config_filename; /* Name of a config file, which will be reread on a HUP if it is not NULL. */ diff --git a/dirmngr/server.c b/dirmngr/server.c index bca0d8e..6eb6f1b 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2440,22 +2440,13 @@ start_command_handler (assuan_fd_t fd) if (!hello_line) { - size_t n; - const char *cfgname; - - cfgname = opt.config_filename? opt.config_filename : "[none]"; - - n = (30 + strlen (opt.homedir) + strlen (cfgname) - + strlen (hello) + 1); - hello_line = xmalloc (n+1); - snprintf (hello_line, n, - "Home: %s\n" - "Config: %s\n" - "%s", - opt.homedir, - cfgname, - hello); - hello_line[n] = 0; + hello_line = xtryasprintf + ("Home: %s\n" + "Config: %s\n" + "%s", + gnupg_homedir (), + opt.config_filename? opt.config_filename : "[none]", + hello); } ctrl->server_local->assuan_ctx = ctx; diff --git a/g10/call-agent.c b/g10/call-agent.c index 818f3de..ad4e67c 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -303,7 +303,7 @@ start_agent (ctrl_t ctrl, int for_card) { rc = start_new_gpg_agent (&agent_ctx, GPG_ERR_SOURCE_DEFAULT, - opt.homedir, + gnupg_homedir (), opt.agent_program, opt.lc_ctype, opt.lc_messages, opt.session_env, diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index d35a5cf..f9a0e19 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -177,7 +177,7 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx) *r_ctx = NULL; err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, - opt.homedir, + gnupg_homedir (), opt.dirmngr_program, opt.autostart, opt.verbose, DBG_IPC, NULL /*gpg_status2*/, ctrl); diff --git a/g10/gpg.c b/g10/gpg.c index 9adf169..0a5af70 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1000,9 +1000,9 @@ my_strusage( int level ) case 31: p = "\nHome: "; break; #ifndef __riscos__ - case 32: p = opt.homedir; break; + case 32: p = gnupg_homedir (); break; #else /* __riscos__ */ - case 32: p = make_filename(opt.homedir, NULL); break; + case 32: p = make_filename(gnupg_homedir (), NULL); break; #endif /* __riscos__ */ case 33: p = _("\nSupported algorithms:\n"); break; case 34: @@ -1180,18 +1180,6 @@ set_debug (const char *level) } - -/* We need the home directory also in some other directories, so make - sure that both variables are always in sync. */ -static void -set_homedir (const char *dir) -{ - if (!dir) - dir = ""; - opt.homedir = dir; -} - - /* We set the screen dimensions for UI purposes. Do not allow screens smaller than 80x24 for the sake of simplicity. */ static void @@ -1412,7 +1400,8 @@ check_permissions (const char *path, int item) could be rectified if the homedir itself had proper permissions. */ if(item!=0 && homedir_cache>-1 - && ascii_strncasecmp(opt.homedir,tmppath,strlen(opt.homedir))==0) + && !ascii_strncasecmp (gnupg_homedir (), tmppath, + strlen (gnupg_homedir ()))) { ret=homedir_cache; goto end; @@ -2082,18 +2071,19 @@ get_default_configname (void) break; } - configname = make_filename (opt.homedir, name, NULL); + configname = make_filename (gnupg_homedir (), name, NULL); } while (access (configname, R_OK)); xfree(name); if (! configname) - configname = make_filename (opt.homedir, GPG_NAME EXTSEP_S "conf", NULL); + configname = make_filename (gnupg_homedir (), + GPG_NAME EXTSEP_S "conf", NULL); if (! access (configname, R_OK)) { /* Print a warning when both config files are present. */ - char *p = make_filename (opt.homedir, "options", NULL); + char *p = make_filename (gnupg_homedir (), "options", NULL); if (! access (p, R_OK)) log_info (_("Note: old default options file '%s' ignored\n"), p); xfree (p); @@ -2101,7 +2091,7 @@ get_default_configname (void) else { /* Use the old default only if it exists. */ - char *p = make_filename (opt.homedir, "options", NULL); + char *p = make_filename (gnupg_homedir (), "options", NULL); if (!access (p, R_OK)) { xfree (configname); @@ -2252,7 +2242,7 @@ main (int argc, char **argv) opt.keyid_format = KF_NONE; opt.def_sig_expire = "0"; opt.def_cert_expire = "0"; - set_homedir (default_homedir ()); + gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; opt.emit_version = 1; /* Limit to the major number. */ opt.weak_digests = NULL; @@ -2281,7 +2271,7 @@ main (int argc, char **argv) opt.no_homedir_creation = 1; } else if( pargs.r_opt == oHomedir ) - set_homedir ( pargs.r.ret_str ); + gnupg_set_homedir (pargs.r.ret_str); else if( pargs.r_opt == oNoPermissionWarn ) opt.no_perm_warn=1; else if (pargs.r_opt == oStrict ) @@ -2295,10 +2285,10 @@ main (int argc, char **argv) } #ifdef HAVE_DOSISH_SYSTEM - if ( strchr (opt.homedir,'\\') ) { - char *d, *buf = xmalloc (strlen (opt.homedir)+1); - const char *s = opt.homedir; - for (d=buf,s=opt.homedir; *s; s++) + if ( strchr (gnupg_homedir, '\\') ) { + char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1); + const char *s; + for (d=buf, s = gnupg_homedir (); *s; s++) { *d++ = *s == '\\'? '/': *s; #ifdef HAVE_W32_SYSTEM @@ -2307,7 +2297,7 @@ main (int argc, char **argv) #endif } *d = 0; - set_homedir (buf); + gnupg_set_homedir (buf); } #endif @@ -2344,7 +2334,7 @@ main (int argc, char **argv) pargs.flags= ARGPARSE_FLAG_KEEP; /* By this point we have a homedir, and cannot change it. */ - check_permissions(opt.homedir,0); + check_permissions (gnupg_homedir (), 0); next_pass: if( configname ) { @@ -3668,7 +3658,7 @@ main (int argc, char **argv) /* Set the random seed file. */ if( use_random_seed ) { - char *p = make_filename(opt.homedir, "random_seed", NULL ); + char *p = make_filename (gnupg_homedir (), "random_seed", NULL ); gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p); if (!access (p, F_OK)) register_secured_file (p); diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c index d6f0307..7d8b1b7 100644 --- a/g10/gpgcompose.c +++ b/g10/gpgcompose.c @@ -2956,10 +2956,6 @@ main (int argc, char *argv[]) int processed; ctrl_t ctrl; - opt.homedir = default_homedir (); - if (! opt.homedir) - opt.homedir = ""; - opt.ignore_time_conflict = 1; /* Allow notations in the IETF space, for instance. */ opt.expert = 1; diff --git a/g10/gpgv.c b/g10/gpgv.c index f1e994b..30b4422 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -169,7 +169,6 @@ main( int argc, char **argv ) opt.trust_model = TM_ALWAYS; opt.batch = 1; - opt.homedir = default_homedir (); opt.weak_digests = NULL; tty_no_terminal(1); @@ -196,7 +195,7 @@ main( int argc, char **argv ) case oLoggerFD: log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1)); break; - case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oWeakDigest: additional_weak_digest(pargs.r.ret_str); break; diff --git a/g10/keydb.c b/g10/keydb.c index 0164348..17ddd5d 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -666,7 +666,7 @@ keydb_add_resource (const char *url, unsigned int flags) ) filename = make_filename (resname, NULL); else - filename = make_filename (opt.homedir, resname, NULL); + filename = make_filename (gnupg_homedir (), resname, NULL); } else filename = xstrdup (resname); diff --git a/g10/keyedit.c b/g10/keyedit.c index e9ec7e2..aa62cc1 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2428,7 +2428,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, else if (*arg_string == '~') fname = make_filename (arg_string, NULL); else - fname = make_filename (opt.homedir, arg_string, NULL); + fname = make_filename (gnupg_homedir (), arg_string, NULL); /* Open that file. */ a = iobuf_open (fname); diff --git a/g10/keygen.c b/g10/keygen.c index a4a3110..ad5dfa4 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4261,7 +4261,8 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, log_assert (sub_psk); if (s) - err = card_store_key_with_backup (ctrl, sub_psk, opt.homedir); + err = card_store_key_with_backup (ctrl, + sub_psk, gnupg_homedir ()); } } else diff --git a/g10/migrate.c b/g10/migrate.c index f4881b4..a9da5a0 100644 --- a/g10/migrate.c +++ b/g10/migrate.c @@ -49,10 +49,10 @@ migrate_secring (ctrl_t ctrl) char *flagfile = NULL; char *agent_version = NULL; - secring = make_filename (opt.homedir, "secring" EXTSEP_S "gpg", NULL); + secring = make_filename (gnupg_homedir (), "secring" EXTSEP_S "gpg", NULL); if (access (secring, F_OK)) goto leave; /* Does not exist or is not readable. */ - flagfile = make_filename (opt.homedir, V21_MIGRATION_FNAME, NULL); + flagfile = make_filename (gnupg_homedir (), V21_MIGRATION_FNAME, NULL); if (!access (flagfile, F_OK)) goto leave; /* Does exist - fine. */ diff --git a/g10/options.h b/g10/options.h index 2ae1724..bf5831d 100644 --- a/g10/options.h +++ b/g10/options.h @@ -106,7 +106,6 @@ struct int marginals_needed; int completes_needed; int max_cert_depth; - const char *homedir; const char *agent_program; const char *dirmngr_program; diff --git a/g10/revoke.c b/g10/revoke.c index 33dac5b..218ca59 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -533,7 +533,7 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce) int kl; char *orig_codeset; - dir = get_openpgp_revocdir (opt.homedir); + dir = get_openpgp_revocdir (gnupg_homedir ()); tmpstr = hexfingerprint (psk, NULL, 0); fname = xstrconcat (dir, DIRSEP_S, tmpstr, NULL); xfree (tmpstr); diff --git a/g10/server.c b/g10/server.c index 9ec263f..771a8a7 100644 --- a/g10/server.c +++ b/g10/server.c @@ -695,12 +695,12 @@ gpg_server (ctrl_t ctrl) assuan_set_pointer (ctx, ctrl); if (opt.verbose || opt.debug) { - char *tmp = NULL; + char *tmp; tmp = xtryasprintf ("Home: %s\n" "Config: %s\n" "%s", - opt.homedir, + gnupg_homedir (), "fixme: need config filename", hello); if (tmp) diff --git a/g10/tdbio.c b/g10/tdbio.c index 5fdd946..a414709 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -617,14 +617,15 @@ tdbio_set_dbname (const char *new_dbname, int create, int *r_nofile) if (!new_dbname) { - fname = make_filename (opt.homedir, "trustdb" EXTSEP_S GPGEXT_GPG, NULL); + fname = make_filename (gnupg_homedir (), + "trustdb" EXTSEP_S GPGEXT_GPG, NULL); } else if (*new_dbname != DIRSEP_C ) { if (strchr (new_dbname, DIRSEP_C)) fname = make_filename (new_dbname, NULL); else - fname = make_filename (opt.homedir, new_dbname, NULL); + fname = make_filename (gnupg_homedir (), new_dbname, NULL); } else { diff --git a/g10/tofu.c b/g10/tofu.c index 043ecb1..d11a8de 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -747,7 +747,7 @@ opendb (char *filename, enum db_type type) log_assert (! filename); log_assert (type == DB_COMBINED); - filename = make_filename (opt.homedir, "tofu.db", NULL); + filename = make_filename (gnupg_homedir (), "tofu.db", NULL); filename_free = 1; } else @@ -895,10 +895,10 @@ getdb (tofu_dbs_t dbs, const char *name, enum db_type type) char *name_db; /* Make the directory. */ - rc = gnupg_mkdir_p (opt.homedir, "tofu.d", type_str, prefix, NULL); + rc = gnupg_mkdir_p (gnupg_homedir (), "tofu.d", type_str, prefix, NULL); if (rc) { - name_db = xstrconcat (opt.homedir, "tofu.d", + name_db = xstrconcat (gnupg_homedir (), "tofu.d", type_str, prefix, NULL); log_error (_("can't create directory '%s': %s\n"), name_db, gpg_strerror (rc)); @@ -908,7 +908,7 @@ getdb (tofu_dbs_t dbs, const char *name, enum db_type type) name_db = xstrconcat (name_sanitized, ".db", NULL); filename = make_filename - (opt.homedir, "tofu.d", type_str, prefix, name_db, NULL); + (gnupg_homedir (), "tofu.d", type_str, prefix, name_db, NULL); xfree (name_db); } } @@ -989,7 +989,7 @@ opendbs (ctrl_t ctrl) if (opt.tofu_db_format == TOFU_DB_AUTO) { - char *filename = make_filename (opt.homedir, "tofu.db", NULL); + char *filename = make_filename (gnupg_homedir (), "tofu.db", NULL); struct stat s; int have_tofu_db = 0; int have_tofu_d = 0; diff --git a/g13/g13-common.h b/g13/g13-common.h index 316b94a..a205081 100644 --- a/g13/g13-common.h +++ b/g13/g13-common.h @@ -55,7 +55,6 @@ struct int quiet; /* Be as quiet as possible. */ int dry_run; /* Don't change any persistent data. */ - const char *homedir; /* Configuration directory name. */ const char *config_filename; /* Name of the used config file. */ /* Filename of the AGENT program. */ diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c index 645730f..f3c20f5 100644 --- a/g13/g13-syshelp.c +++ b/g13/g13-syshelp.c @@ -159,7 +159,7 @@ my_strusage( int level ) break; case 31: p = "\nHome: "; break; - case 32: p = opt.homedir; break; + case 32: p = gnupg_homedir (); break; default: p = NULL; break; } @@ -269,7 +269,6 @@ main ( int argc, char **argv) log_fatal ("error allocating session environment block: %s\n", strerror (errno)); - opt.homedir = default_homedir (); /* Fixme: We enable verbose mode here because there is currently no way to do this when starting g13-syshelp. To fix that we should add a g13-syshelp.conf file in /etc/gnupg. */ @@ -393,7 +392,7 @@ main ( int argc, char **argv) case oStatusFD: ctrl.status_fd = pargs.r.ret_int; break; case oLoggerFD: log_set_fd (pargs.r.ret_int ); break; - case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oFakedSystemTime: { @@ -427,7 +426,8 @@ main ( int argc, char **argv) configname = NULL; if (!opt.config_filename) - opt.config_filename = make_filename (opt.homedir, G13_NAME".conf", NULL); + opt.config_filename = make_filename (gnupg_homedir (), + G13_NAME".conf", NULL); if (log_get_errorcount(0)) g13_exit(2); @@ -472,7 +472,7 @@ main ( int argc, char **argv) /* Set the standard GnuPG random seed file. */ if (use_random_seed) { - char *p = make_filename (opt.homedir, "random_seed", NULL); + char *p = make_filename (gnupg_homedir (), "random_seed", NULL); gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p); xfree(p); } diff --git a/g13/g13.c b/g13/g13.c index 4489b2f..0499a18 100644 --- a/g13/g13.c +++ b/g13/g13.c @@ -247,7 +247,7 @@ my_strusage( int level ) break; case 31: p = "\nHome: "; break; - case 32: p = opt.homedir; break; + case 32: p = gnupg_homedir (); break; default: p = NULL; break; } @@ -391,8 +391,6 @@ main ( int argc, char **argv) log_fatal ("error allocating session environment block: %s\n", strerror (errno)); - opt.homedir = default_homedir (); - /* First check whether we have a config file on the commandline. */ orig_argc = argc; orig_argv = argv; @@ -412,7 +410,7 @@ main ( int argc, char **argv) else if (pargs.r_opt == oNoOptions) default_config = 0; /* --no-options */ else if (pargs.r_opt == oHomedir) - opt.homedir = pargs.r.ret_str; + gnupg_set_homedir (pargs.r.ret_str); } /* Initialize the secure memory. */ @@ -446,7 +444,7 @@ main ( int argc, char **argv) /* Set the default option file */ if (default_config ) - configname = make_filename (opt.homedir, G13_NAME".conf", NULL); + configname = make_filename (gnupg_homedir (), G13_NAME".conf", NULL); argc = orig_argc; argv = orig_argv; @@ -552,7 +550,7 @@ main ( int argc, char **argv) } break; - case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oAgentProgram: opt.agent_program = pargs.r.ret_str; break; case oGpgProgram: opt.gpg_program = pargs.r.ret_str; break; @@ -623,7 +621,8 @@ main ( int argc, char **argv) configname = NULL; if (!opt.config_filename) - opt.config_filename = make_filename (opt.homedir, G13_NAME".conf", NULL); + opt.config_filename = make_filename (gnupg_homedir (), + G13_NAME".conf", NULL); if (log_get_errorcount(0)) g13_exit(2); @@ -690,7 +689,7 @@ main ( int argc, char **argv) /* Set the standard GnuPG random seed file. */ if (use_random_seed) { - char *p = make_filename (opt.homedir, "random_seed", NULL); + char *p = make_filename (gnupg_homedir (), "random_seed", NULL); gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p); xfree(p); } diff --git a/g13/server.c b/g13/server.c index 33885d6..a96ec6e 100644 --- a/g13/server.c +++ b/g13/server.c @@ -631,12 +631,12 @@ g13_server (ctrl_t ctrl) if (opt.verbose || opt.debug) { - char *tmp = NULL; + char *tmp; tmp = xtryasprintf ("Home: %s\n" "Config: %s\n" "%s", - opt.homedir, + gnupg_homedir (), opt.config_filename, hello); if (tmp) diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h index 6af5448..d74a7ef 100644 --- a/kbx/keybox-defs.h +++ b/kbx/keybox-defs.h @@ -140,7 +140,6 @@ typedef struct _keybox_openpgp_info *keybox_openpgp_info_t; /* Don't know whether this is needed: */ /* static struct { */ -/* const char *homedir; */ /* int dry_run; */ /* int quiet; */ /* int verbose; */ diff --git a/scd/command.c b/scd/command.c index 72ff132..a4a2ba0 100644 --- a/scd/command.c +++ b/scd/command.c @@ -2281,7 +2281,7 @@ update_reader_status_file (int set_card_removed_flag) depends on how client sessions will associate the reader status with their session. */ snprintf (templ, sizeof templ, "reader_%d.status", vr->slot); - fname = make_filename (opt.homedir, templ, NULL ); + fname = make_filename (gnupg_homedir (), templ, NULL ); fp = fopen (fname, "w"); if (fp) { @@ -2300,7 +2300,7 @@ update_reader_status_file (int set_card_removed_flag) char *homestr, *envstr; gpg_error_t err; - homestr = make_filename (opt.homedir, NULL); + homestr = make_filename (gnupg_homedir (), NULL); if (gpgrt_asprintf (&envstr, "GNUPGHOME=%s", homestr) < 0) log_error ("out of core while building environment\n"); else @@ -2323,7 +2323,7 @@ update_reader_status_file (int set_card_removed_flag) (status & 2)? "PRESENT": "NOCARD"); args[8] = NULL; - fname = make_filename (opt.homedir, "scd-event", NULL); + fname = make_filename (gnupg_homedir (), "scd-event", NULL); err = gnupg_spawn_process_detached (fname, args, envs); if (err && gpg_err_code (err) != GPG_ERR_ENOENT) log_error ("failed to run event handler '%s': %s\n", diff --git a/scd/scdaemon.c b/scd/scdaemon.c index e8218ca..576dbf9 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -463,8 +463,6 @@ main (int argc, char **argv ) if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) csh_style = 1; - opt.homedir = default_homedir (); - /* Check whether we have a config file on the commandline */ orig_argc = argc; orig_argv = argv; @@ -484,7 +482,7 @@ main (int argc, char **argv ) else if (pargs.r_opt == oNoOptions) default_config = 0; /* --no-options */ else if (pargs.r_opt == oHomedir) - opt.homedir = pargs.r.ret_str; + gnupg_set_homedir (pargs.r.ret_str); } /* initialize the secure memory. */ @@ -497,7 +495,7 @@ main (int argc, char **argv ) if (default_config) - configname = make_filename (opt.homedir, SCDAEMON_NAME EXTSEP_S "conf", + configname = make_filename (gnupg_homedir (), SCDAEMON_NAME EXTSEP_S "conf", NULL ); @@ -582,7 +580,7 @@ main (int argc, char **argv ) case oNoGreeting: nogreeting = 1; break; case oNoVerbose: opt.verbose = 0; break; case oNoOptions: break; /* no-options */ - case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oNoDetach: nodetach = 1; break; case oLogFile: logfile = pargs.r.ret_str; break; case oCsh: csh_style = 1; break; @@ -674,8 +672,8 @@ main (int argc, char **argv ) if (config_filename) filename = xstrdup (config_filename); else - filename = make_filename (opt.homedir, SCDAEMON_NAME EXTSEP_S "conf", - NULL); + filename = make_filename (gnupg_homedir (), + SCDAEMON_NAME EXTSEP_S "conf", NULL); filename_esc = percent_escape (filename, NULL); es_printf ("%s-%s.conf:%lu:\"%s\n", @@ -1044,7 +1042,7 @@ create_socket_name (char *standard_name) { char *name; - name = make_filename (opt.homedir, standard_name, NULL); + name = make_filename (gnupg_homedir (), standard_name, NULL); if (strchr (name, PATHSEP_C)) { log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S); diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 1a95ba7..448cb84 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -51,7 +51,6 @@ struct int quiet; /* Be as quiet as possible. */ int dry_run; /* Don't change any persistent data. */ int batch; /* Batch mode. */ - const char *homedir; /* Configuration directory name. */ const char *ctapi_driver; /* Library to access the ctAPI. */ const char *pcsc_driver; /* Library to access the PC/SC system. */ const char *reader_port; /* NULL or reder port to use. */ diff --git a/sm/call-agent.c b/sm/call-agent.c index 8c1c727..09ae359 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -133,7 +133,7 @@ start_agent (ctrl_t ctrl) { rc = start_new_gpg_agent (&agent_ctx, GPG_ERR_SOURCE_DEFAULT, - opt.homedir, + gnupg_homedir (), opt.agent_program, opt.lc_ctype, opt.lc_messages, opt.session_env, diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 881c484..a3b9ca8 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -248,7 +248,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r) to take care of the implicit option sending caching. */ err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, - opt.homedir, opt.dirmngr_program, + gnupg_homedir (), opt.dirmngr_program, opt.autostart, opt.verbose, DBG_IPC, gpgsm_status2, ctrl); if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR) diff --git a/sm/gpgsm.c b/sm/gpgsm.c index fc6d1c7..e6fd703 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -581,7 +581,7 @@ my_strusage( int level ) break; case 31: p = "\nHome: "; break; - case 32: p = opt.homedir; break; + case 32: p = gnupg_homedir (); break; case 33: p = _("\nSupported algorithms:\n"); break; case 34: if (!ciphers) @@ -964,8 +964,6 @@ main ( int argc, char **argv) remember to update the Gpgconflist entry as well. */ opt.def_cipher_algoid = DEFAULT_CIPHER_ALGO; - opt.homedir = default_homedir (); - /* First check whether we have a config file on the commandline */ orig_argc = argc; @@ -989,7 +987,7 @@ main ( int argc, char **argv) opt.no_homedir_creation = 1; } else if (pargs.r_opt == oHomedir) - opt.homedir = pargs.r.ret_str; + gnupg_set_homedir (pargs.r.ret_str); else if (pargs.r_opt == aCallProtectTool) break; /* This break makes sure that --version and --help are passed to the protect-tool. */ @@ -1024,9 +1022,10 @@ main ( int argc, char **argv) /* Set the default option file */ if (default_config ) - configname = make_filename (opt.homedir, GPGSM_NAME EXTSEP_S "conf", NULL); + configname = make_filename (gnupg_homedir (), + GPGSM_NAME EXTSEP_S "conf", NULL); /* Set the default policy file */ - opt.policy_file = make_filename (opt.homedir, "policies.txt", NULL); + opt.policy_file = make_filename (gnupg_homedir (), "policies.txt", NULL); argc = orig_argc; argv = orig_argv; @@ -1304,7 +1303,7 @@ main ( int argc, char **argv) } break; case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */ - case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oAgentProgram: opt.agent_program = pargs.r.ret_str; break; case oDisplay: @@ -1468,7 +1467,7 @@ main ( int argc, char **argv) configname = NULL; if (!opt.config_filename) - opt.config_filename = make_filename (opt.homedir, + opt.config_filename = make_filename (gnupg_homedir (), GPGSM_NAME EXTSEP_S "conf", NULL); @@ -1605,7 +1604,7 @@ main ( int argc, char **argv) /* Set the random seed file. */ if (use_random_seed) { - char *p = make_filename (opt.homedir, "random_seed", NULL); + char *p = make_filename (gnupg_homedir (), "random_seed", NULL); gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p); xfree(p); } diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 5aad4b1..9751df4 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -61,7 +61,6 @@ struct int dry_run; /* don't change any persistent data */ int no_homedir_creation; - const char *homedir; /* Configuration directory name */ const char *config_filename; /* Name of the used config file. */ const char *agent_program; diff --git a/sm/keydb.c b/sm/keydb.c index 495eb49..8a1efd4 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -287,7 +287,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created) if (strchr(resname, DIRSEP_C) ) filename = make_filename (resname, NULL); else - filename = make_filename (opt.homedir, resname, NULL); + filename = make_filename (gnupg_homedir (), resname, NULL); } else filename = xstrdup (resname); diff --git a/sm/server.c b/sm/server.c index a43ff34..8b4a29c 100644 --- a/sm/server.c +++ b/sm/server.c @@ -1308,7 +1308,7 @@ gpgsm_server (certlist_t default_recplist) } if (opt.verbose || opt.debug) { - char *tmp = NULL; + char *tmp; /* Fixme: Use the really used socket name. */ if (asprintf (&tmp, @@ -1316,7 +1316,7 @@ gpgsm_server (certlist_t default_recplist) "Config: %s\n" "DirmngrInfo: %s\n" "%s", - opt.homedir, + gnupg_homedir (), opt.config_filename, (dirmngr_user_socket_name () ? dirmngr_user_socket_name () diff --git a/tools/gpg-check-pattern.c b/tools/gpg-check-pattern.c index fbf30a2..37283a1 100644 --- a/tools/gpg-check-pattern.c +++ b/tools/gpg-check-pattern.c @@ -181,8 +181,6 @@ main (int argc, char **argv ) setup_libgcrypt_logging (); gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); - opt.homedir = default_homedir (); - pargs.argc = &argc; pargs.argv = &argv; pargs.flags= 1; /* (do not remove the args) */ @@ -191,7 +189,7 @@ main (int argc, char **argv ) switch (pargs.r_opt) { case oVerbose: opt.verbose++; break; - case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oCheck: opt.checkonly = 1; break; case oNull: opt.null = 1; break; diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index 2e00b8f..eb8b51f 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -209,7 +209,7 @@ my_strusage( int level ) "Connect to a running agent and send commands\n"); break; case 31: p = "\nHome: "; break; - case 32: p = opt.homedir; break; + case 32: p = gnupg_homedir (); break; case 33: p = "\n"; break; default: p = NULL; break; @@ -555,7 +555,7 @@ get_var_ext (const char *name) log_error ("getcwd failed: %s\n", strerror (errno)); } else if (!strcmp (s, "homedir")) - result = make_filename (opt.homedir, NULL); + result = make_filename (gnupg_homedir (), NULL); else if (!strcmp (s, "sysconfdir")) result = xstrdup (gnupg_sysconfdir ()); else if (!strcmp (s, "bindir")) @@ -1181,7 +1181,6 @@ main (int argc, char **argv) assuan_set_gpg_err_source (0); - opt.homedir = default_homedir (); opt.autostart = 1; opt.connect_flags = 1; @@ -1196,7 +1195,7 @@ main (int argc, char **argv) case oQuiet: opt.quiet = 1; break; case oVerbose: opt.verbose++; break; case oNoVerbose: opt.verbose = 0; break; - case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oAgentProgram: opt.agent_program = pargs.r.ret_str; break; case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break; case oNoAutostart: opt.autostart = 0; break; @@ -1225,7 +1224,7 @@ main (int argc, char **argv) in particular handy on Windows. */ if (opt.use_uiserver) { - opt.raw_socket = make_absfilename (opt.homedir, "S.uiserver", NULL); + opt.raw_socket = make_absfilename (gnupg_homedir (), "S.uiserver", NULL); } /* Print a warning if an argument looks like an option. */ @@ -2209,7 +2208,7 @@ start_agent (void) if (opt.use_dirmngr) err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, - opt.homedir, + gnupg_homedir (), opt.dirmngr_program, opt.autostart, !opt.quiet, 0, @@ -2217,7 +2216,7 @@ start_agent (void) else err = start_new_gpg_agent (&ctx, GPG_ERR_SOURCE_DEFAULT, - opt.homedir, + gnupg_homedir (), opt.agent_program, NULL, NULL, session_env, diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c index 4b90cd2..49c17c5 100644 --- a/tools/symcryptrun.c +++ b/tools/symcryptrun.c @@ -214,7 +214,7 @@ my_strusage (int level) "Call a simple symmetric encryption tool\n"); break; case 31: p = "\nHome: "; break; - case 32: p = opt.homedir; break; + case 32: p = gnupg_homedir (); break; case 33: p = "\n"; break; default: p = NULL; break; @@ -896,8 +896,6 @@ main (int argc, char **argv) i18n_init(); init_common_subsystems (&argc, &argv); - opt.homedir = default_homedir (); - /* Check whether we have a config file given on the commandline */ orig_argc = argc; orig_argv = argv; @@ -915,11 +913,11 @@ main (int argc, char **argv) else if (pargs.r_opt == oNoOptions) default_config = 0; /* --no-options */ else if (pargs.r_opt == oHomedir) - opt.homedir = pargs.r.ret_str; + gnupg_set_homedir (pargs.r.ret_str); } if (default_config) - configname = make_filename (opt.homedir, "symcryptrun.conf", NULL ); + configname = make_filename (gnupg_homedir (), "symcryptrun.conf", NULL ); argc = orig_argc; argv = orig_argv; @@ -1010,7 +1008,7 @@ main (int argc, char **argv) /* Tell simple-pwquery about the the standard socket name. */ { - char *tmp = make_filename (opt.homedir, GPG_AGENT_SOCK_NAME, NULL); + char *tmp = make_filename (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); simple_pw_set_socket (tmp); xfree (tmp); } ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 1 - agent/command-ssh.c | 4 ++-- agent/command.c | 3 ++- agent/findkey.c | 12 ++++++++---- agent/gpg-agent.c | 26 +++++++++++++------------- agent/preset-passphrase.c | 7 ++----- agent/protect-tool.c | 8 ++------ agent/trustlist.c | 24 +++++++++++++++++++++--- common/homedir.c | 32 +++++++++++++++++++++++++++++++- common/util.h | 2 ++ dirmngr/dirmngr.c | 25 ++++++++++++------------- dirmngr/dirmngr.h | 3 +-- dirmngr/server.c | 23 +++++++---------------- g10/call-agent.c | 2 +- g10/call-dirmngr.c | 2 +- g10/gpg.c | 46 ++++++++++++++++++---------------------------- g10/gpgcompose.c | 4 ---- g10/gpgv.c | 3 +-- g10/keydb.c | 2 +- g10/keyedit.c | 2 +- g10/keygen.c | 3 ++- g10/migrate.c | 4 ++-- g10/options.h | 1 - g10/revoke.c | 2 +- g10/server.c | 4 ++-- g10/tdbio.c | 5 +++-- g10/tofu.c | 10 +++++----- g13/g13-common.h | 1 - g13/g13-syshelp.c | 10 +++++----- g13/g13.c | 15 +++++++-------- g13/server.c | 4 ++-- kbx/keybox-defs.h | 1 - scd/command.c | 6 +++--- scd/scdaemon.c | 14 ++++++-------- scd/scdaemon.h | 1 - sm/call-agent.c | 2 +- sm/call-dirmngr.c | 2 +- sm/gpgsm.c | 17 ++++++++--------- sm/gpgsm.h | 1 - sm/keydb.c | 2 +- sm/server.c | 4 ++-- tools/gpg-check-pattern.c | 4 +--- tools/gpg-connect-agent.c | 13 ++++++------- tools/symcryptrun.c | 10 ++++------ 44 files changed, 188 insertions(+), 179 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 7 13:50:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 07 Jun 2016 13:50:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-58-g36550dd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 36550dde998fa1d497098050ca2d4e1a952ed6b6 (commit) via fb88f37c40dc156fa0b5bfba4ac85f1e553fd7e9 (commit) from 22a7ef01aa2c0eb77bcc40174d09104acc35cab1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 36550dde998fa1d497098050ca2d4e1a952ed6b6 Author: Werner Koch Date: Tue Jun 7 13:48:46 2016 +0200 common: New function gnupg_socketdir. * common/homedir.c (gnupg_socketdir): New. * agent/gpg-agent.c (create_socket_name): Use new function instead of gnupg_homedir. (check_own_socket): Ditto. (check_for_running_agent): Ditto. * agent/preset-passphrase.c (main): Ditto. * common/asshelp.c (start_new_gpg_agent): Ditto. * scd/scdaemon.c (create_socket_name): Ditto. * tools/gpgconf.c (main): Ditto. * tools/symcryptrun.c (main): Ditto. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 1832296..e5b352c 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1762,7 +1762,7 @@ create_socket_name (char *standard_name, int with_homedir) char *name; if (with_homedir) - name = make_filename (gnupg_homedir (), standard_name, NULL); + name = make_filename (gnupg_socketdir (), standard_name, NULL); else name = make_filename (standard_name, NULL); if (strchr (name, PATHSEP_C)) @@ -2729,7 +2729,7 @@ check_own_socket (void) if (check_own_socket_running || shutdown_pending) return; /* Still running or already shutting down. */ - sockname = make_filename_try (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); + sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL); if (!sockname) return; /* Out of memory. */ @@ -2755,7 +2755,7 @@ check_for_running_agent (int silent) char *sockname; assuan_context_t ctx = NULL; - sockname = make_filename_try (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); + sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL); if (!sockname) return gpg_error_from_syserror (); diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c index 29fdfe8..549ecc3 100644 --- a/agent/preset-passphrase.c +++ b/agent/preset-passphrase.c @@ -245,7 +245,7 @@ main (int argc, char **argv) /* Tell simple-pwquery about the the standard socket name. */ { - char *tmp = make_filename (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); + char *tmp = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL); simple_pw_set_socket (tmp); xfree (tmp); } diff --git a/common/asshelp.c b/common/asshelp.c index f89d1d5..5c32c6e 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -374,7 +374,14 @@ start_new_gpg_agent (assuan_context_t *r_ctx, return err; } - sockname = make_absfilename (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); + sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL); + if (!sockname) + { + err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + assuan_release (ctx); + return err; + } + err = assuan_socket_connect (ctx, sockname, 0, 0); if (err && autostart) { diff --git a/common/homedir.c b/common/homedir.c index eccffec..8992bc6 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -375,7 +375,7 @@ w32_commondir (void) /* Change the homedir. Some care must be taken to set this early - * enough becuase previous calls to gnupg_homedir may else return a + * enough because previous calls to gnupg_homedir may else return a * different string. */ void gnupg_set_homedir (const char *newdir) @@ -400,6 +400,35 @@ gnupg_homedir (void) } +/* + * Return the name of the socket dir. That is the directory used for + * the IPC local sockets. This is an absolute filename. + */ +const char * +gnupg_socketdir (void) +{ + static char *name; + + if (!name) + { + /* Check XDG variable. */ + + /* XDG is not set: Check whether we have a /run directory. */ + + /* If there is no run directpry we assume a /var/run directory. */ + + /* Check that the user directory exists or create it if + * required, */ + + /* If nothing works fall back to the homedir. */ + if (!name) + name = make_absfilename (gnupg_homedir (), NULL); + } + + return name; +} + + /* Return the name of the sysconfdir. This is a static string. This function is required because under Windows we can't simply compile it in. */ @@ -631,7 +660,7 @@ dirmngr_user_socket_name (void) static char *name; if (!name) - name = make_absfilename (default_homedir (), DIRMNGR_SOCK_NAME, NULL); + name = make_filename (gnupg_socketdir (), DIRMNGR_SOCK_NAME, NULL); return name; } diff --git a/common/util.h b/common/util.h index 634ae06..0621047 100644 --- a/common/util.h +++ b/common/util.h @@ -222,6 +222,7 @@ const char *standard_homedir (void); const char *default_homedir (void); void gnupg_set_homedir (const char *newdir); const char *gnupg_homedir (void); +const char *gnupg_socketdir (void); const char *gnupg_sysconfdir (void); const char *gnupg_bindir (void); const char *gnupg_libexecdir (void); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 576dbf9..215e63f 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -1042,7 +1042,7 @@ create_socket_name (char *standard_name) { char *name; - name = make_filename (gnupg_homedir (), standard_name, NULL); + name = make_filename (gnupg_socketdir (), standard_name, NULL); if (strchr (name, PATHSEP_C)) { log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S); diff --git a/tools/gpgconf.c b/tools/gpgconf.c index 180c88a..e5a6c22 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -375,7 +375,7 @@ main (int argc, char **argv) } { - char *tmp = make_filename (default_homedir (), + char *tmp = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL); es_fprintf (outfp, "agent-socket:%s\n", gc_percent_escape (tmp)); xfree (tmp); diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c index 49c17c5..98813d5 100644 --- a/tools/symcryptrun.c +++ b/tools/symcryptrun.c @@ -1008,7 +1008,7 @@ main (int argc, char **argv) /* Tell simple-pwquery about the the standard socket name. */ { - char *tmp = make_filename (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); + char *tmp = make_filename (gnupg_socketgdir (), GPG_AGENT_SOCK_NAME, NULL); simple_pw_set_socket (tmp); xfree (tmp); } commit fb88f37c40dc156fa0b5bfba4ac85f1e553fd7e9 Author: Werner Koch Date: Tue Jun 7 13:09:00 2016 +0200 common: Remove homedir arg from start_new_{dirmngr,gpg_agent}. * common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in favor of gnupg_homedir (). Change all callers. (start_new_dirmngr): Ditto. * common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg 'homedir'. Signed-off-by: Werner Koch diff --git a/agent/protect-tool.c b/agent/protect-tool.c index fdb7913..c2bf87d 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -630,7 +630,6 @@ main (int argc, char **argv ) /* Set the information which can't be taken from envvars. */ gnupg_prepare_get_passphrase (GPG_ERR_SOURCE_DEFAULT, opt.verbose, - gnupg_homedir (), opt_agent_program, NULL, NULL, NULL); diff --git a/common/asshelp.c b/common/asshelp.c index f2b4402..f89d1d5 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -351,7 +351,6 @@ unlock_spawning (lock_spawn_t *lock, const char *name) gpg_error_t start_new_gpg_agent (assuan_context_t *r_ctx, gpg_err_source_t errsource, - const char *homedir, const char *agent_program, const char *opt_lc_ctype, const char *opt_lc_messages, @@ -375,7 +374,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx, return err; } - sockname = make_absfilename (homedir, GPG_AGENT_SOCK_NAME, NULL); + sockname = make_absfilename (gnupg_homedir (), GPG_AGENT_SOCK_NAME, NULL); err = assuan_socket_connect (ctx, sockname, 0, 0); if (err && autostart) { @@ -418,7 +417,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx, /* We better pass an absolute home directory to the agent just in case gpg-agent does not convert the passed name to an absolute one (which it should do). */ - abs_homedir = make_absfilename_try (homedir, NULL); + abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); if (!abs_homedir) { gpg_error_t tmperr = gpg_err_make (errsource, @@ -455,7 +454,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx, argv[i++] = "--daemon"; argv[i++] = NULL; - if (!(err = lock_spawning (&lock, homedir, "agent", verbose)) + if (!(err = lock_spawning (&lock, gnupg_homedir (), "agent", verbose)) && assuan_socket_connect (ctx, sockname, 0, 0)) { err = gnupg_spawn_process_detached (program? program : agent_program, @@ -538,7 +537,6 @@ start_new_gpg_agent (assuan_context_t *r_ctx, gpg_error_t start_new_dirmngr (assuan_context_t *r_ctx, gpg_err_source_t errsource, - const char *homedir, const char *dirmngr_program, int autostart, int verbose, int debug, @@ -605,7 +603,7 @@ start_new_dirmngr (assuan_context_t *r_ctx, status_cb (status_cb_arg, STATUS_PROGRESS, "starting_dirmngr ? 0 0", NULL); - abs_homedir = make_absfilename (homedir, NULL); + abs_homedir = make_absfilename (gnupg_homedir (), NULL); if (!abs_homedir) { gpg_error_t tmperr = gpg_err_make (errsource, @@ -641,7 +639,7 @@ start_new_dirmngr (assuan_context_t *r_ctx, TRY_SYSTEM_DAEMON should never be true because dirmngr_user_socket_name() won't return NULL. */ - if (!(err = lock_spawning (&lock, homedir, "dirmngr", verbose)) + if (!(err = lock_spawning (&lock, gnupg_homedir (), "dirmngr", verbose)) && assuan_socket_connect (ctx, sockname, 0, 0)) { err = gnupg_spawn_process_detached (dirmngr_program, argv, NULL); @@ -678,7 +676,6 @@ start_new_dirmngr (assuan_context_t *r_ctx, xfree (abs_homedir); } #else - (void)homedir; (void)dirmngr_program; (void)verbose; (void)status_cb; diff --git a/common/asshelp.h b/common/asshelp.h index 20414bd..4eb1d92 100644 --- a/common/asshelp.h +++ b/common/asshelp.h @@ -54,7 +54,6 @@ send_pinentry_environment (assuan_context_t ctx, gpg_error_t start_new_gpg_agent (assuan_context_t *r_ctx, gpg_err_source_t errsource, - const char *homedir, const char *agent_program, const char *opt_lc_ctype, const char *opt_lc_messages, @@ -68,7 +67,6 @@ start_new_gpg_agent (assuan_context_t *r_ctx, gpg_error_t start_new_dirmngr (assuan_context_t *r_ctx, gpg_err_source_t errsource, - const char *homedir, const char *dirmngr_program, int autostart, int verbose, int debug, gpg_error_t (*status_cb)(ctrl_t, int, ...), diff --git a/common/get-passphrase.c b/common/get-passphrase.c index f1517fb..8f3137b 100644 --- a/common/get-passphrase.c +++ b/common/get-passphrase.c @@ -47,7 +47,6 @@ static struct { gpg_err_source_t errsource; int verbosity; - const char *homedir; const char *agent_program; const char *lc_ctype; const char *lc_messages; @@ -62,7 +61,6 @@ static struct void gnupg_prepare_get_passphrase (gpg_err_source_t errsource, int verbosity, - const char *homedir, const char *agent_program, const char *opt_lc_ctype, const char *opt_lc_messages, @@ -70,7 +68,6 @@ gnupg_prepare_get_passphrase (gpg_err_source_t errsource, { agentargs.errsource = errsource; agentargs.verbosity = verbosity; - agentargs.homedir = homedir; agentargs.agent_program = agent_program; agentargs.lc_ctype = opt_lc_ctype; agentargs.lc_messages = opt_lc_messages; @@ -93,7 +90,6 @@ start_agent (void) err = start_new_gpg_agent (&agent_ctx, agentargs.errsource, - agentargs.homedir, agentargs.agent_program, agentargs.lc_ctype, agentargs.lc_messages, diff --git a/common/get-passphrase.h b/common/get-passphrase.h index a69262f..7e5cac0 100644 --- a/common/get-passphrase.h +++ b/common/get-passphrase.h @@ -34,7 +34,6 @@ void gnupg_prepare_get_passphrase (gpg_err_source_t errsource, int verbosity, - const char *homedir, const char *agent_program, const char *opt_lc_ctype, const char *opt_lc_messages, diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c index c6a33d7..9b004cc 100644 --- a/dirmngr/dirmngr-client.c +++ b/dirmngr/dirmngr-client.c @@ -298,7 +298,6 @@ main (int argc, char **argv ) err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, - default_homedir (), opt.dirmngr_program ? opt.dirmngr_program : gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR), diff --git a/g10/call-agent.c b/g10/call-agent.c index ad4e67c..46dfd57 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -303,7 +303,6 @@ start_agent (ctrl_t ctrl, int for_card) { rc = start_new_gpg_agent (&agent_ctx, GPG_ERR_SOURCE_DEFAULT, - gnupg_homedir (), opt.agent_program, opt.lc_ctype, opt.lc_messages, opt.session_env, diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index f9a0e19..75a7f46 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -177,7 +177,6 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx) *r_ctx = NULL; err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, - gnupg_homedir (), opt.dirmngr_program, opt.autostart, opt.verbose, DBG_IPC, NULL /*gpg_status2*/, ctrl); diff --git a/sm/call-agent.c b/sm/call-agent.c index 09ae359..c7facbb 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -133,7 +133,6 @@ start_agent (ctrl_t ctrl) { rc = start_new_gpg_agent (&agent_ctx, GPG_ERR_SOURCE_DEFAULT, - gnupg_homedir (), opt.agent_program, opt.lc_ctype, opt.lc_messages, opt.session_env, diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index a3b9ca8..7e26c3a 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -248,7 +248,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r) to take care of the implicit option sending caching. */ err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, - gnupg_homedir (), opt.dirmngr_program, + opt.dirmngr_program, opt.autostart, opt.verbose, DBG_IPC, gpgsm_status2, ctrl); if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR) diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index eb8b51f..0eb43fb 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -2208,7 +2208,6 @@ start_agent (void) if (opt.use_dirmngr) err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, - gnupg_homedir (), opt.dirmngr_program, opt.autostart, !opt.quiet, 0, @@ -2216,7 +2215,6 @@ start_agent (void) else err = start_new_gpg_agent (&ctx, GPG_ERR_SOURCE_DEFAULT, - gnupg_homedir (), opt.agent_program, NULL, NULL, session_env, ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 6 +++--- agent/preset-passphrase.c | 2 +- agent/protect-tool.c | 1 - common/asshelp.c | 20 ++++++++++++-------- common/asshelp.h | 2 -- common/get-passphrase.c | 4 ---- common/get-passphrase.h | 1 - common/homedir.c | 33 +++++++++++++++++++++++++++++++-- common/util.h | 1 + dirmngr/dirmngr-client.c | 1 - g10/call-agent.c | 1 - g10/call-dirmngr.c | 1 - scd/scdaemon.c | 2 +- sm/call-agent.c | 1 - sm/call-dirmngr.c | 2 +- tools/gpg-connect-agent.c | 2 -- tools/gpgconf.c | 2 +- tools/symcryptrun.c | 2 +- 18 files changed, 52 insertions(+), 32 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 7 19:38:14 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 07 Jun 2016 19:38:14 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-161-gf8f9bf0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via f8f9bf06bc3190968ba6613032d60a3bf2c8a6d9 (commit) from 8196edf9ca5c8f2f02553e7f22d9c79dbd229882 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f8f9bf06bc3190968ba6613032d60a3bf2c8a6d9 Author: Justus Winter Date: Tue Jun 7 16:07:33 2016 +0200 python: Fix error handling. * lang/python/gpgme.i: Fix freeing an uninitialized pointer in the error handling of generated wrapper functions by explicitly storing the pointer in a local variable which can be initialized. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index e369582..f466a87 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -1,4 +1,5 @@ /* +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi # Copyright (C) 2002 John Goerzen # @@ -42,11 +43,11 @@ %typemap(freearg) const char * ""; /* Likewise for a list of strings. */ -%typemap(in) const char *[] { +%typemap(in) const char *[] (void *vector = NULL) { /* Check if is a list */ if (PyList_Check($input)) { size_t i, size = PyList_Size($input); - $1 = (char **) malloc((size+1) * sizeof(char *)); + $1 = (char **) (vector = malloc((size+1) * sizeof(char *))); for (i = 0; i < size; i++) { PyObject *o = PyList_GetItem($input,i); @@ -72,7 +73,7 @@ } } %typemap(freearg) const char *[] { - free((char *) $1); + free(vector$argnum); } // Release returned buffers as necessary. ----------------------------------------------------------------------- Summary of changes: lang/python/gpgme.i | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 8 14:07:36 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Jun 2016 14:07:36 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-63-gcf49104 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cf4910419e09daf414f76ca2c8ab685c3d488ec1 (commit) via aab8a0b05292b0d06e3001a0b289224cb7156dbd (commit) via def512eb67c8a380f3b873cee0f156deef0b6dda (commit) via 173fa97102fec68670a46ae1b460231e2a183c81 (commit) via 0faf8951544f43790c412777a926c969540174bd (commit) from 36550dde998fa1d497098050ca2d4e1a952ed6b6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cf4910419e09daf414f76ca2c8ab685c3d488ec1 Author: Werner Koch Date: Wed Jun 8 14:04:47 2016 +0200 gpgconf: New commands --create-socketdir and --remove-socketdir. * tools/gpgconf.c: Include unistd.h. (aCreateSocketDir, aRemoveSocketDir): New. (opts): Add --create-socketdir and --remove-socketdir. (main): Implement them. Signed-off-by: Werner Koch diff --git a/doc/tools.texi b/doc/tools.texi index 425790e..8fdaa96 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -319,6 +319,17 @@ gpg-agent and scdaemon. Components which don't support reloading are ignored. Note that as of now reload and kill have the same effect for scdaemon. + at item --create-socketdir + at opindex create-socketdir +Create a directory for sockets below /run/user or /var/run/user. This +is command is only required if a non default home directory is used +and the /run based sockets shall be used. For the default home +directory GnUPG creates a directory on the fly. + + at item --remove-socketdir + at opindex remove-socketdir +Remove a directory created with command @option{--create-socketdir}. + @end table diff --git a/tools/gpgconf.c b/tools/gpgconf.c index fb1032b..2b177e2 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -22,6 +22,7 @@ #include #include #include +#include #include "gpgconf.h" #include "i18n.h" @@ -53,6 +54,8 @@ enum cmd_and_opt_values aListDirs, aLaunch, aKill, + aCreateSocketDir, + aRemoveSocketDir, aReload }; @@ -78,6 +81,8 @@ static ARGPARSE_OPTS opts[] = { aReload, "reload", 256, N_("reload all or a given component")}, { aLaunch, "launch", 256, N_("launch a given component")}, { aKill, "kill", 256, N_("kill a given component")}, + { aCreateSocketDir, "create-socketdir", 256, "@"}, + { aRemoveSocketDir, "remove-socketdir", 256, "@"}, { 301, NULL, 0, N_("@\nOptions:\n ") }, @@ -191,6 +196,8 @@ main (int argc, char **argv) case aReload: case aLaunch: case aKill: + case aCreateSocketDir: + case aRemoveSocketDir: cmd = pargs.r_opt; break; @@ -388,6 +395,66 @@ main (int argc, char **argv) xfree (tmp); } break; + + case aCreateSocketDir: + { + char *socketdir; + unsigned int flags; + + /* Make sure that the top /run/user/UID/gnupg dir has been + * created. */ + gnupg_socketdir (); + + /* Check the /var/run dir. */ + socketdir = _gnupg_socketdir_internal (1, &flags); + if ((flags & 64) && !opt.dry_run) + { + /* No sub dir - create it. */ + if (gnupg_mkdir (socketdir, "-rwx")) + gc_error (1, errno, "error creating '%s'", socketdir); + /* Try again. */ + socketdir = _gnupg_socketdir_internal (1, &flags); + } + + /* Give some info. */ + if ( (flags & ~32) || opt.verbose || opt.dry_run) + { + log_info ("socketdir is '%s'\n", socketdir); + if ((flags & 1)) log_info ("\tgeneral error\n"); + if ((flags & 2)) log_info ("\tno /run/user dir\n"); + if ((flags & 4)) log_info ("\tbad permissions\n"); + if ((flags & 8)) log_info ("\tbad permissions (subdir)\n"); + if ((flags & 16)) log_info ("\tmkdir failed\n"); + if ((flags & 32)) log_info ("\tnon-default homedir\n"); + if ((flags & 64)) log_info ("\tno such subdir\n"); + if ((flags & 128)) log_info ("\tusing homedir as fallback\n"); + } + + if ((flags & ~32) && !opt.dry_run) + gc_error (1, 0, "error creating socket directory"); + + xfree (socketdir); + } + break; + + case aRemoveSocketDir: + { + char *socketdir; + unsigned int flags; + + /* Check the /var/run dir. */ + socketdir = _gnupg_socketdir_internal (1, &flags); + if ((flags & 128)) + log_info ("ignoring request to remove non /run/user socket dir\n"); + else if (opt.dry_run) + ; + else if (rmdir (socketdir)) + gc_error (1, errno, "error removing '%s'", socketdir); + + xfree (socketdir); + } + break; + } if (outfp != es_stdout) commit aab8a0b05292b0d06e3001a0b289224cb7156dbd Author: Werner Koch Date: Wed Jun 8 10:12:32 2016 +0200 Implement /run/user/UID/gnupg based sockets. * common/homedir.c: Include sys/stat.h and zb32.h. (w32_portable_app, w32_bin_is_bin): Change type from int to byte. (non_default_homedir): New. (is_gnupg_default_homedir): New. (default_homedir): Set non_default_homedir. (gnupg_set_homedir): Set non_default_homedir and make the_gnupg_homedir and absolute directory name. (gnupg_homedir): Return an absolute directory name. (_gnupg_socketdir_internal): New. (gnupg_socketdir): Implement /run/user/ based sockets. * tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete make_filename by xstrdup. * tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output. -- If a [/var]/run/user/$(id -u)/ directory exists, a gnupg subdir is created as needed and the permissions of the directories are checked. If that all matches that directory name is returned instead of the homedir. To cope with non standard homedirs (via GNUPGHOME or --homedir) the SHA-1 hash of the homedir is computed, left truncated to 120 bits, zBase-32 encoded, prefixed with "d.", and appended to "[/var]/run/user/$(id -u)/gnupg/". If that directory exists and has proper permissions it is returned as socket dir - if not the homedir is used. Due to cleanup issues, this directory will not be auto-created but needs to be created by the user in advance. The required permissions are: directory owned by the user, group and others bits not set. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 3e23a19..d140ba5 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1020,9 +1020,6 @@ main (int argc, char **argv ) finalize_rereadable_options (); - /* Turn the homedir into an absolute one. */ - gnupg_set_homedir (make_absfilename (gnupg_homedir (), NULL)); - /* Print a warning if an argument looks like an option. */ if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN)) { diff --git a/common/homedir.c b/common/homedir.c index 8992bc6..58f100f 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -53,16 +53,23 @@ #endif #endif /*HAVE_W32_SYSTEM*/ +#ifdef HAVE_STAT +#include /* for stat() */ +#endif + #include "util.h" #include "sysutils.h" - +#include "zb32.h" /* The GnuPG homedir. This is only accessed by the functions * gnupg_homedir and gnupg_set_homedir. Malloced. */ static char *the_gnupg_homedir; +/* Flag indicating that home directory is not the default one. */ +static byte non_default_homedir; + #ifdef HAVE_W32_SYSTEM /* A flag used to indicate that a control file for gpgconf has been @@ -76,13 +83,13 @@ static char *the_gnupg_homedir; This flag is not used on Unix systems. */ -static int w32_portable_app; +static byte w32_portable_app; #endif /*HAVE_W32_SYSTEM*/ #ifdef HAVE_W32_SYSTEM /* This flag is true if this process' binary has been installed under bin and not in the root directory as often used before GnuPG 2.1. */ -static int w32_bin_is_bin; +static byte w32_bin_is_bin; #endif /*HAVE_W32_SYSTEM*/ @@ -150,6 +157,20 @@ w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e) #endif /*HAVE_W32_SYSTEM*/ +/* Check whether DIR is the default homedir. */ +static int +is_gnupg_default_homedir (const char *dir) +{ + int result; + char *a = make_absfilename (dir, NULL); + char *b = make_absfilename (GNUPG_DEFAULT_HOMEDIR, NULL); + result = !compare_filenames (a, b); + xfree (b); + xfree (a); + return result; +} + + /* Get the standard home directory. In general this function should not be used as it does not consider a registry value (under W32) or the GNUPGHOME environment variable. It is better to use @@ -248,6 +269,8 @@ default_homedir (void) #endif /*HAVE_W32_SYSTEM*/ if (!dir || !*dir) dir = GNUPG_DEFAULT_HOMEDIR; + else if (!is_gnupg_default_homedir (dir)) + non_default_homedir = 1; return dir; } @@ -382,27 +405,217 @@ gnupg_set_homedir (const char *newdir) { if (!newdir || !*newdir) newdir = default_homedir (); + else if (!is_gnupg_default_homedir (newdir)) + non_default_homedir = 1; xfree (the_gnupg_homedir); - the_gnupg_homedir = xstrdup (newdir); + the_gnupg_homedir = make_absfilename (newdir, NULL);; } /* Return the homedir. The returned string is valid until another - * gnupg-set-homedir call. Note that this may be a relative string. - * This function replaced the former global opt.homedir. */ + * gnupg-set-homedir call. This is always an absolute directory name. + * The function replaces the former global var opt.homedir. */ const char * gnupg_homedir (void) { /* If a homedir has not been set, set it to the default. */ if (!the_gnupg_homedir) - the_gnupg_homedir = xstrdup (default_homedir ()); + the_gnupg_homedir = make_absfilename (default_homedir (), NULL); return the_gnupg_homedir; } +/* Return whether the home dir is the default one. */ +int +gnupg_default_homedir_p (void) +{ + return !non_default_homedir; +} + + +/* Helper for gnupg-socketdir. This is a global function, so that + * gpgconf can use it for its --create-socketdir command. If + * SKIP_CHECKS is set permission checks etc. are not done. The + * function always returns a malloced directory name and stores these + * bit flags at R_INFO: + * + * 1 := Internal error, stat failed, out of core, etc. + * 2 := No /run/user directory. + * 4 := Directory not owned by the user, not a directory + * or wrong permissions. + * 8 := Same as 4 but for the subdir. + * 16 := mkdir failed + * 32 := Non default homedir; checking subdir. + * 64 := Subdir does not exist. + * 128 := Using homedir as fallback. + */ +char * +_gnupg_socketdir_internal (int skip_checks, unsigned *r_info) +{ +#if defined(HAVE_W32_SYSTEM) || !defined(HAVE_STAT) + + (void)skip_checks; + *r_info = 0; + name = xstrdup (gnupg_homedir ()); + +#else /* Unix and stat(2) available. */ + + static const char * const bases[] = { "/run", "/var/run", NULL}; + int i; + struct stat sb; + char prefix[13 + 1 + 20 + 6 + 1]; + const char *s; + char *name = NULL; + + *r_info = 0; + + /* First make sure that non_default_homedir can be set. */ + gnupg_homedir (); + + /* It has been suggested to first check XDG_RUNTIME_DIR envvar. + * However, the specs state that the lifetime of the directory MUST + * be bound to the user being logged in. Now GnuPG may also be run + * as a background process with no (desktop) user logged in. Thus + * we better don't do that. */ + + /* Check whether we have a /run/user dir. */ + for (i=0; bases[i]; i++) + { + snprintf (prefix, sizeof prefix, "%s/user/%u", + bases[i], (unsigned int)getuid ()); + if (!stat (prefix, &sb) && S_ISDIR(sb.st_mode)) + break; + } + if (!bases[i]) + { + *r_info |= 2; /* No /run/user directory. */ + goto leave; + } + + if (sb.st_uid != getuid ()) + { + *r_info |= 4; /* Not owned by the user. */ + if (!skip_checks) + goto leave; + } + + if (strlen (prefix) + 7 >= sizeof prefix) + { + *r_info |= 1; /* Ooops: Buffer too short to append "/gnupg". */ + goto leave; + } + strcat (prefix, "/gnupg"); + + /* Check whether the gnupg sub directory has proper permissions. */ + if (stat (prefix, &sb)) + { + if (errno != ENOENT) + { + *r_info |= 1; /* stat failed. */ + goto leave; + } + + /* Try to create the directory and check again. */ + if (gnupg_mkdir (prefix, "-rwx")) + { + *r_info |= 16; /* mkdir failed. */ + goto leave; + } + if (stat (prefix, &sb)) + { + *r_info |= 1; /* stat failed. */ + goto leave; + } + } + /* Check that it is a directory, owned by the user, and only the + * user has permissions to use it. */ + if (!S_ISDIR(sb.st_mode) + || sb.st_uid != getuid () + || (sb.st_mode & (S_IRWXG|S_IRWXO))) + { + *r_info |= 4; /* Bad permissions or not a directory. */ + if (!skip_checks) + goto leave; + } + + /* If a non default homedir is used, we check whether an + * corresponding sub directory below the socket dir is available + * and use that. We has the non default homedir to keep the new + * subdir short enough. */ + if (non_default_homedir) + { + char sha1buf[20]; + char *suffix; + + *r_info |= 32; /* Testing subdir. */ + s = gnupg_homedir (); + gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, s, strlen (s)); + suffix = zb32_encode (sha1buf, 8*15); + if (!suffix) + { + *r_info |= 1; /* Out of core etc. */ + goto leave; + } + name = strconcat (prefix, "/d.", suffix, NULL); + xfree (suffix); + if (!name) + { + *r_info |= 1; /* Out of core etc. */ + goto leave; + } + + /* Stat that directory and check constraints. Note that we + * do not auto create such a directory because we would not + * have a way to remove it. Thus the directory needs to be + * pre-created. The command + * gpgconf --create-socketdir + * can be used tocreate that directory. */ + if (stat (name, &sb)) + { + if (errno != ENOENT) + *r_info |= 1; /* stat failed. */ + else + *r_info |= 64; /* Subdir does not exist. */ + if (!skip_checks) + { + xfree (name); + name = NULL; + goto leave; + } + } + else if (!S_ISDIR(sb.st_mode) + || sb.st_uid != getuid () + || (sb.st_mode & (S_IRWXG|S_IRWXO))) + { + *r_info |= 8; /* Bad permissions or subdir is not a directory. */ + if (!skip_checks) + { + xfree (name); + name = NULL; + goto leave; + } + } + } + else + name = xstrdup (prefix); + + leave: + /* If nothing works fall back to the homedir. */ + if (!name) + { + *r_info |= 128; /* Fallback. */ + name = xstrdup (gnupg_homedir ()); + } + +#endif /* Unix */ + + return name; +} + + /* * Return the name of the socket dir. That is the directory used for - * the IPC local sockets. This is an absolute filename. + * the IPC local sockets. This is an absolute directory name. */ const char * gnupg_socketdir (void) @@ -411,18 +624,8 @@ gnupg_socketdir (void) if (!name) { - /* Check XDG variable. */ - - /* XDG is not set: Check whether we have a /run directory. */ - - /* If there is no run directpry we assume a /var/run directory. */ - - /* Check that the user directory exists or create it if - * required, */ - - /* If nothing works fall back to the homedir. */ - if (!name) - name = make_absfilename (gnupg_homedir (), NULL); + unsigned int dummy; + name = _gnupg_socketdir_internal (0, &dummy); } return name; diff --git a/common/util.h b/common/util.h index 0621047..c84847a 100644 --- a/common/util.h +++ b/common/util.h @@ -222,6 +222,7 @@ const char *standard_homedir (void); const char *default_homedir (void); void gnupg_set_homedir (const char *newdir); const char *gnupg_homedir (void); +int gnupg_default_homedir_p (void); const char *gnupg_socketdir (void); const char *gnupg_sysconfdir (void); const char *gnupg_bindir (void); @@ -233,6 +234,8 @@ const char *gnupg_cachedir (void); const char *dirmngr_sys_socket_name (void); const char *dirmngr_user_socket_name (void); +char *_gnupg_socketdir_internal (int skip_checks, unsigned *r_info); + /* All module names. We also include gpg and gpgsm for the sake for gpgconf. */ #define GNUPG_MODULE_NAME_AGENT 1 diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index 0eb43fb..1cd554f 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -555,7 +555,7 @@ get_var_ext (const char *name) log_error ("getcwd failed: %s\n", strerror (errno)); } else if (!strcmp (s, "homedir")) - result = make_filename (gnupg_homedir (), NULL); + result = xstrdup (gnupg_homedir ()); else if (!strcmp (s, "sysconfdir")) result = xstrdup (gnupg_sysconfdir ()); else if (!strcmp (s, "bindir")) diff --git a/tools/gpgconf.c b/tools/gpgconf.c index 63cc654..fb1032b 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -383,8 +383,7 @@ main (int argc, char **argv) xfree (tmp); } { - /* We need to use make_filename to expand a possible "~/". */ - char *tmp = make_filename (default_homedir (), NULL); + char *tmp = xstrdup (gnupg_homedir ()); es_fprintf (outfp, "homedir:%s\n", gc_percent_escape (tmp)); xfree (tmp); } commit def512eb67c8a380f3b873cee0f156deef0b6dda Author: Werner Koch Date: Wed Jun 8 09:54:09 2016 +0200 gpgconf: Add option --homedir * tools/gpgconf.c (opts): Add --homedir. (main): Set homedir. Signed-off-by: Werner Koch diff --git a/tools/gpgconf.c b/tools/gpgconf.c index e5a6c22..63cc654 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -87,6 +87,7 @@ static ARGPARSE_OPTS opts[] = { oDryRun, "dry-run", 0, N_("do not make any changes") }, { oRuntime, "runtime", 0, N_("activate changes at runtime, if possible") }, /* hidden options */ + { oHomedir, "homedir", 2, "@" }, { oNoVerbose, "no-verbose", 0, "@"}, {0} }; @@ -176,6 +177,7 @@ main (int argc, char **argv) break; case oVerbose: opt.verbose++; break; case oNoVerbose: opt.verbose = 0; break; + case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case aListDirs: case aListComponents: commit 173fa97102fec68670a46ae1b460231e2a183c81 Author: Werner Koch Date: Wed Jun 8 09:17:49 2016 +0200 Do not use no-libgcrypt dummy for tools * tools/Makefile.am (gpgconf_SOURCES): Remove no-libgcrypt.c. (gpgconf_LDADD): Add LIBGCRYPT_LIBS. (gpg_connect_agent_LDADD): Ditto. (gpgtar_LDADD): Ditto. * dirmngr/Makefile.am (dirmngr_client_LDADD): Ditto. (t_common_ldadd): Ditto. Remove no-libgcrypt.o. -- We need this change so that a future code in common/ can use Libgcrypt functions; in particular hashing. Signed-off-by: Werner Koch diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index cbc0090..aaa9050 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -99,18 +99,17 @@ dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o \ endif dirmngr_client_SOURCES = dirmngr-client.c -dirmngr_client_LDADD = $(libcommon) no-libgcrypt.o \ - $(LIBASSUAN_LIBS) \ - $(GPG_ERROR_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV) +dirmngr_client_LDADD = $(libcommon) \ + $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ + $(LIBGCRYPT_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV) dirmngr_client_LDFLAGS = $(extra_bin_ldflags) - no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c cat $(top_srcdir)/tools/no-libgcrypt.c > no-libgcrypt.c t_common_src = t-support.h -t_common_ldadd = $(libcommon) no-libgcrypt.o $(LIBASSUAN_LIBS) \ +t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \ $(GPG_ERROR_LIBS) $(NETLIBS) \ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \ $(DNSLIBS) $(LIBINTL) $(LIBICONV) diff --git a/tools/Makefile.am b/tools/Makefile.am index 39c0f9c..f9424fa 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -91,12 +91,12 @@ gpgsplit_LDADD = $(common_libs) \ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(ZLIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) -gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c +gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c # common sucks in gpg-error, will they, nil they (some compilers # do not eliminate the supposed-to-be-unused-inline-functions). gpgconf_LDADD = $(maybe_commonpth_libs) $(opt_libassuan_libs) \ - $(LIBINTL) $(GPG_ERROR_LIBS) $(NETLIBS) \ + $(LIBINTL) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ $(LIBICONV) $(W32SOCKLIBS) gpgconf_LDFLAGS = $(extra_bin_ldflags) @@ -111,10 +111,11 @@ symcryptrun_LDADD = $(LIBUTIL_LIBS) $(common_libs) $(pwquery_libs) \ watchgnupg_SOURCES = watchgnupg.c watchgnupg_LDADD = $(NETLIBS) -gpg_connect_agent_SOURCES = gpg-connect-agent.c no-libgcrypt.c -# FIXME: remove PTH_LIBS (why do we need them at all?) +gpg_connect_agent_SOURCES = gpg-connect-agent.c +# FIXME: remove NPTH_LIBS (why do we need them at all?) gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \ - $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \ + $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \ + $(NPTH_LIBS) $(GPG_ERROR_LIBS) \ $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV) \ $(resource_objs) @@ -130,10 +131,9 @@ gpgtar_SOURCES = \ gpgtar.c gpgtar.h \ gpgtar-create.c \ gpgtar-extract.c \ - gpgtar-list.c \ - no-libgcrypt.c + gpgtar-list.c gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS) -gpgtar_LDADD = $(libcommon) $(GPG_ERROR_LIBS) \ +gpgtar_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) commit 0faf8951544f43790c412777a926c969540174bd Author: Werner Koch Date: Wed Jun 8 09:04:29 2016 +0200 Do not try to remove the enclosing directory of sockets. * agent/gpg-agent.c (remove_socket): Do not remove the enclosing directory. * scd/scdaemon.c (cleanup): Ditto. -- The socket directory is now below /run or at ~/.gnupg. Thus we should not try to remove the directory of the socket. The auto-removal was introduced at a time we used a temporary directory for the sockets. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index e5b352c..3e23a19 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1,6 +1,6 @@ /* gpg-agent.c - The GnuPG Agent * Copyright (C) 2000-2007, 2009-2010 Free Software Foundation, Inc. - * Copyright (C) 2000-2014 Werner Koch + * Copyright (C) 2000-2016 Werner Koch * * This file is part of GnuPG. * @@ -561,13 +561,6 @@ remove_socket (char *name, char *redir_name) name = redir_name; gnupg_remove (name); - p = strrchr (name, '/'); - if (p) - { - *p = 0; - rmdir (name); - *p = '/'; - } *name = 0; } } diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 215e63f..c468a84 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -376,13 +376,6 @@ cleanup (void) name = redir_socket_name? redir_socket_name : socket_name; gnupg_remove (name); - p = strrchr (name, '/'); - if (p) - { - *p = 0; - rmdir (name); - *p = '/'; - } *socket_name = 0; } } ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 12 +-- common/homedir.c | 243 ++++++++++++++++++++++++++++++++++++++++++---- common/util.h | 3 + dirmngr/Makefile.am | 9 +- doc/tools.texi | 11 +++ scd/scdaemon.c | 7 -- tools/Makefile.am | 16 +-- tools/gpg-connect-agent.c | 2 +- tools/gpgconf.c | 72 +++++++++++++- 9 files changed, 321 insertions(+), 54 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 8 15:19:17 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Jun 2016 15:19:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-64-g6790115 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6790115fd9059e066b4e6feb6b1e3876a1c1d522 (commit) from cf4910419e09daf414f76ca2c8ab685c3d488ec1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6790115fd9059e066b4e6feb6b1e3876a1c1d522 Author: Werner Koch Date: Wed Jun 8 15:14:06 2016 +0200 w32: Fix recent build regression. * common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition for NAME. * g10/gpg.c (main) [W32]: Fix use og gnupg_homedir. * agent/gpg-agent.c (remove_socket): Remove unused var P. * scd/scdaemon.c (cleanup): Ditto. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index d140ba5..538ff08 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -555,8 +555,6 @@ remove_socket (char *name, char *redir_name) { if (name && *name) { - char *p; - if (redir_name) name = redir_name; diff --git a/common/homedir.c b/common/homedir.c index 58f100f..9a69022 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -454,6 +454,8 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info) { #if defined(HAVE_W32_SYSTEM) || !defined(HAVE_STAT) + char *name; + (void)skip_checks; *r_info = 0; name = xstrdup (gnupg_homedir ()); diff --git a/g10/gpg.c b/g10/gpg.c index 0a5af70..87d06af 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2285,7 +2285,7 @@ main (int argc, char **argv) } #ifdef HAVE_DOSISH_SYSTEM - if ( strchr (gnupg_homedir, '\\') ) { + if ( strchr (gnupg_homedir (), '\\') ) { char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1); const char *s; for (d=buf, s = gnupg_homedir (); *s; s++) diff --git a/scd/scdaemon.c b/scd/scdaemon.c index c468a84..8303acc 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -371,7 +371,6 @@ cleanup (void) if (socket_name && *socket_name) { char *name; - char *p; name = redir_socket_name? redir_socket_name : socket_name; ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 2 -- common/homedir.c | 2 ++ g10/gpg.c | 2 +- scd/scdaemon.c | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 8 16:19:52 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Jun 2016 16:19:52 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-65-g8127043 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8127043d549a5843ea1ba2dc6da4906fc2258d53 (commit) from 6790115fd9059e066b4e6feb6b1e3876a1c1d522 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8127043d549a5843ea1ba2dc6da4906fc2258d53 Author: Werner Koch Date: Wed Jun 8 16:18:02 2016 +0200 Explicitly restrict socket permissions. * agent/gpg-agent.c (create_server_socket): Call chmod before listen. * scd/scdaemon.c (create_server_socket): Ditto. * dirmngr/dirmngr.c (main): Ditto. -- This is just in case of a improperly set umask. Note that a connect requires a write permissions. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 538ff08..90b0eaf 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1865,6 +1865,10 @@ create_server_socket (char *name, int primary, int cygwin, agent_exit (2); } + if (gnupg_chmod (unaddr->sun_path, "-rwx")) + log_error (_("can't set permissions of '%s': %s\n"), + unaddr->sun_path, strerror (errno)); + if (listen (FD2INT(fd), 5 ) == -1) { log_error (_("listen() failed: %s\n"), strerror (errno)); diff --git a/common/sysutils.c b/common/sysutils.c index d82eb8e..0f7b7f5 100644 --- a/common/sysutils.c +++ b/common/sysutils.c @@ -628,7 +628,7 @@ gnupg_mkdir (const char *name, const char *modestr) } -/* A wrapper around mkdir which takes a string for the mode argument. +/* A wrapper around chmod which takes a string for the mode argument. This makes it easier to handle the mode argument which is not defined on all systems. The format of the modestring is the same as for gnupg_mkdir. */ diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index bc71a40..7e629db 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -1183,6 +1183,10 @@ main (int argc, char **argv) } cleanup_socket = 1; + if (gnupg_chmod (serv_addr.sun_path, "-rwx")) + log_error (_("can't set permissions of '%s': %s\n"), + serv_addr.sun_path, strerror (errno)); + if (listen (FD2INT (fd), 5) == -1) { log_error (_("listen() failed: %s\n"), strerror (errno)); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 8303acc..9c11cad 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -1112,6 +1112,10 @@ create_server_socket (const char *name, char **r_redir_name, scd_exit (2); } + if (gnupg_chmod (unaddr->sun_path, "-rwx")) + log_error (_("can't set permissions of '%s': %s\n"), + unaddr->sun_path, strerror (errno)); + if (listen (FD2INT(fd), 5 ) == -1) { log_error (_("listen() failed: %s\n"), ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 4 ++++ common/sysutils.c | 2 +- dirmngr/dirmngr.c | 4 ++++ scd/scdaemon.c | 4 ++++ 4 files changed, 13 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 8 17:26:13 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Jun 2016 17:26:13 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-164-g8426304 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8426304b67a0b0a5630db500abf740b0e0b9e43c (commit) via 990492ea4f7dafbb75de15ea91c30cbf090034b5 (commit) via e3c5913a33edcbd7329b8d154c669f95ce782038 (commit) from f8f9bf06bc3190968ba6613032d60a3bf2c8a6d9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8426304b67a0b0a5630db500abf740b0e0b9e43c Author: Justus Winter Date: Wed Jun 8 16:51:35 2016 +0200 python: Fix stripping deprecated functionality. * lang/python/Makefile.am (gpgme.h): Add script as input. * lang/python/gpgme-h-clean.py (deprec_func): Also match struct members. (line_break): Fix matching on struct members. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 18f77bb..a9b39e7 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -20,7 +20,7 @@ EXTRA_DIST = README.rst SUBDIRS = tests # Cleanup gpgme.h from deprecated functions and typedefs. -gpgme.h: ../../src/gpgme.h +gpgme.h: ../../src/gpgme.h $(srcdir)/gpgme-h-clean.py $(PYTHON) $(srcdir)/gpgme-h-clean.py $< >$@ # For VPATH builds we need to copy some files because Python's diff --git a/lang/python/gpgme-h-clean.py b/lang/python/gpgme-h-clean.py index 261e7b6..b7052ff 100755 --- a/lang/python/gpgme-h-clean.py +++ b/lang/python/gpgme-h-clean.py @@ -1,4 +1,6 @@ #!/usr/bin/env python3 + +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi # # This library is free software; you can redistribute it and/or @@ -21,8 +23,11 @@ if len(sys.argv) < 2: sys.stderr.write("Usage: %s gpgme.h\n" % sys.argv[0]) sys.exit(1) -deprec_func=re.compile('^(.*typedef.*|.*$.*$)\s*_GPGME_DEPRECATED;\s*',re.S) -line_break=re.compile(';|\\$|\\x0c|^\s*#'); +deprec_func = re.compile(r'^(.*typedef.*|.*$.*$|[^#]+\s+.+)' + + r'\s*_GPGME_DEPRECATED(_OUTSIDE_GPGME)?;\s*', + re.S) +line_break = re.compile(';|\\$|\\x0c|^\s*#|{'); + try: gpgme = open(sys.argv[1]) tmp = gpgme.readline() commit 990492ea4f7dafbb75de15ea91c30cbf090034b5 Author: Justus Winter Date: Wed Jun 8 17:04:02 2016 +0200 python: Fix type. * lang/python/gpgme.i: Use correct Python type for size. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index f466a87..98f30d5 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -183,18 +183,28 @@ /* For gpgme_data_write, but should be universal. */ %typemap(in) (const void *buffer, size_t size) { + Py_ssize_t ssize; + if ($input == Py_None) $1 = NULL, $2 = 0; else if (PyUnicode_Check($input)) - $1 = PyUnicode_AsUTF8AndSize($input, (size_t *) &$2); + $1 = PyUnicode_AsUTF8AndSize($input, &ssize); else if (PyBytes_Check($input)) - PyBytes_AsStringAndSize($input, (char **) &$1, (size_t *) &$2); + PyBytes_AsStringAndSize($input, (char **) &$1, &ssize); else { PyErr_Format(PyExc_TypeError, "arg %d: expected str, bytes, or None, got %s", $argnum, $input->ob_type->tp_name); return NULL; } + + if (! $1) + $2 = 0; + else + { + assert (ssize >= 0); + $2 = (size_t) ssize; + } } %typemap(freearg) (const void *buffer, size_t size) ""; commit e3c5913a33edcbd7329b8d154c669f95ce782038 Author: Justus Winter Date: Tue Jun 7 19:31:10 2016 +0200 python: Implement the context manager protocol. * lang/python/pyme/core.py (Context.__del__): Make function idemptotent. (Context.{__enter__,__exit__}): Implement the context manager protocol. (Data.__del__): Make function idemptotent, drop debug print. (Data.{__enter__,__exit__}): Implement the context manager protocol. * lang/python/tests/t-idiomatic.py: Demonstrate this. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 71c6828..4b3e08a 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -147,8 +147,15 @@ class Context(GpgmeWrapper): self._free_passcb() self._free_progresscb() self._free_statuscb() - if self.own and pygpgme.gpgme_release: + if self.own and self.wrapped and pygpgme.gpgme_release: pygpgme.gpgme_release(self.wrapped) + self.wrapped = None + + # Implement the context manager protocol. + def __enter__(self): + return self + def __exit__(self, type, value, tb): + self.__del__() def _free_passcb(self): if self.last_passcb != None: @@ -420,10 +427,16 @@ class Data(GpgmeWrapper): if self.wrapped != None and pygpgme.gpgme_data_release: pygpgme.gpgme_data_release(self.wrapped) if self._callback_excinfo: - print(self._callback_excinfo) pygpgme.pygpgme_raise_callback_exception(self) + self.wrapped = None self._free_datacbs() + # Implement the context manager protocol. + def __enter__(self): + return self + def __exit__(self, type, value, tb): + self.__del__() + def _free_datacbs(self): if self.data_cbs != None: if pygpgme.pygpgme_clear_generic_cb: diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py index 05a377e..37cfb64 100755 --- a/lang/python/tests/t-idiomatic.py +++ b/lang/python/tests/t-idiomatic.py @@ -23,7 +23,15 @@ from pyme import core, constants, errors import support support.init_gpgme(constants.PROTOCOL_OpenPGP) -c = core.Context() + +# Both Context and Data can be used as context manager: +with core.Context() as c, core.Data() as d: + c.get_engine_info() + d.write(b"Halloechen") + leak_c = c + leak_d = d +assert leak_c.wrapped == None +assert leak_d.wrapped == None # Demonstrate automatic wrapping of file-like objects with 'fileno' # method. @@ -33,10 +41,11 @@ with tempfile.TemporaryFile() as source, \ source.write(b"Hallo Leute\n") source.seek(0, os.SEEK_SET) - c.op_sign(source, signed, constants.SIG_MODE_NORMAL) - signed.seek(0, os.SEEK_SET) - c.op_verify(signed, None, sink) - result = c.op_verify_result() + with core.Context() as c: + c.op_sign(source, signed, constants.SIG_MODE_NORMAL) + signed.seek(0, os.SEEK_SET) + c.op_verify(signed, None, sink) + result = c.op_verify_result() assert len(result.signatures) == 1, "Unexpected number of signatures" sig = result.signatures[0] ----------------------------------------------------------------------- Summary of changes: lang/python/Makefile.am | 2 +- lang/python/gpgme-h-clean.py | 9 +++++++-- lang/python/gpgme.i | 14 ++++++++++++-- lang/python/pyme/core.py | 17 +++++++++++++++-- lang/python/tests/t-idiomatic.py | 19 ++++++++++++++----- 5 files changed, 49 insertions(+), 12 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 8 18:05:56 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Jun 2016 18:05:56 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.20-10-g536c721 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 536c721183e76087492054307cd49276c0ed62b8 (commit) from bedcef635221398e7bbb5dc0df7b04e9a7ce97cf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 536c721183e76087492054307cd49276c0ed62b8 Author: Werner Koch Date: Wed Jun 8 18:03:43 2016 +0200 doc: Remove non-implemented option --skip-hidden-recipients. -- GnuPG-bug-id: 1394 Note that --try-secret-key was already removed with commit 2889a70c102271a1b6ff529bafb6748c4e773014 Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index b770e0e..ee756d8 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1839,18 +1839,6 @@ behaviour as used by anonymous recipients (created by using @option{--throw-keyids} or @option{--hidden-recipient}) and might come handy in case where an encrypted message contains a bogus key ID. - at item --skip-hidden-recipients - at itemx --no-skip-hidden-recipients - at opindex skip-hidden-recipients - at opindex no-skip-hidden-recipients -During decryption skip all anonymous recipients. This option helps in -the case that people use the hidden recipients feature to hide there -own encrypt-to key from others. If oneself has many secret keys this -may lead to a major annoyance because all keys are tried in turn to -decrypt soemthing which was not really intended for it. The drawback -of this option is that it is currently not possible to decrypt a -message which includes real anonymous recipients. - @end table ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 12 ------------ 1 file changed, 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 8 18:20:16 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Jun 2016 18:20:16 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.0-8-g1f769e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via 1f769e3e8442bae2f1f73c656920bb2df70153c0 (commit) via 52cdfb1960808aaad48b5a501bbce0e3141c3961 (commit) via b766ea14ad1c27d6160531b200cc70aaa479c6dc (commit) via dc76313308c184c92eb78452b503405b90fc7ebd (commit) via bd39eb9fba47dc8500c83769a679cc8b683d6c6e (commit) via c05837211e5221d3f56146865e823bc20b4ff1ab (commit) from caa9d14c914bf6116ec3f773a322a94e2be0c0fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f769e3e8442bae2f1f73c656920bb2df70153c0 Author: Werner Koch Date: Fri Jun 3 15:42:53 2016 +0200 rsa: Implement blinding also for signing. * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ... (secret_blinded): new. (rsa_sign): Use blinding by default. -- Although blinding of the RSA sign operation has a noticable speed loss, we better be on the safe site by using it by default. Signed-off-by: Werner Koch diff --git a/cipher/rsa.c b/cipher/rsa.c index cb3c464..ce8e215 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1045,7 +1045,48 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey ) } } +static void +secret_blinded (gcry_mpi_t output, gcry_mpi_t input, + RSA_secret_key *sk, unsigned int nbits) +{ + gcry_mpi_t r; /* Random number needed for blinding. */ + gcry_mpi_t ri; /* Modular multiplicative inverse of r. */ + gcry_mpi_t bldata; /* Blinded data to decrypt. */ + + /* First, we need a random number r between 0 and n - 1, which is + * relatively prime to n (i.e. it is neither p nor q). The random + * number needs to be only unpredictable, thus we employ the + * gcry_create_nonce function by using GCRY_WEAK_RANDOM with + * gcry_mpi_randomize. */ + r = mpi_snew (nbits); + ri = mpi_snew (nbits); + bldata = mpi_snew (nbits); + + do + { + _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM); + mpi_mod (r, r, sk->n); + } + while (!mpi_invm (ri, r, sk->n)); + + /* Do blinding. We calculate: y = (x * r^e) mod n, where r is the + * random number, e is the public exponent, x is the non-blinded + * input data and n is the RSA modulus. */ + mpi_powm (bldata, r, sk->e, sk->n); + mpi_mulm (bldata, bldata, input, sk->n); + /* Perform decryption. */ + secret (output, bldata, sk); + _gcry_mpi_release (bldata); + + /* Undo blinding. Here we calculate: y = (x * r^-1) mod n, where x + * is the blinded decrypted data, ri is the modular multiplicative + * inverse of r and n is the RSA modulus. */ + mpi_mulm (output, output, ri, sk->n); + + _gcry_mpi_release (r); + _gcry_mpi_release (ri); +} /********************************************* ************** interface ****************** @@ -1266,9 +1307,6 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) gcry_mpi_t data = NULL; RSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL, NULL}; gcry_mpi_t plain = NULL; - gcry_mpi_t r = NULL; /* Random number needed for blinding. */ - gcry_mpi_t ri = NULL; /* Modular multiplicative inverse of r. */ - gcry_mpi_t bldata = NULL;/* Blinded data to decrypt. */ unsigned char *unpad = NULL; size_t unpadlen = 0; @@ -1321,44 +1359,10 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* We use blinding by default to mitigate timing attacks which can be practically mounted over the network as shown by Brumley and Boney in 2003. */ - if (!(ctx.flags & PUBKEY_FLAG_NO_BLINDING)) - { - /* First, we need a random number r between 0 and n - 1, which - is relatively prime to n (i.e. it is neither p nor q). The - random number needs to be only unpredictable, thus we employ - the gcry_create_nonce function by using GCRY_WEAK_RANDOM with - gcry_mpi_randomize. */ - r = mpi_snew (ctx.nbits); - ri = mpi_snew (ctx.nbits); - bldata = mpi_snew (ctx.nbits); - - do - { - _gcry_mpi_randomize (r, ctx.nbits, GCRY_WEAK_RANDOM); - mpi_mod (r, r, sk.n); - } - while (!mpi_invm (ri, r, sk.n)); - - /* Do blinding. We calculate: y = (x * r^e) mod n, where r is - the random number, e is the public exponent, x is the - non-blinded data and n is the RSA modulus. */ - mpi_powm (bldata, r, sk.e, sk.n); - mpi_mulm (bldata, bldata, data, sk.n); - - /* Perform decryption. */ - secret (plain, bldata, &sk); - _gcry_mpi_release (bldata); bldata = NULL; - - /* Undo blinding. Here we calculate: y = (x * r^-1) mod n, - where x is the blinded decrypted data, ri is the modular - multiplicative inverse of r and n is the RSA modulus. */ - mpi_mulm (plain, plain, ri, sk.n); - - _gcry_mpi_release (r); r = NULL; - _gcry_mpi_release (ri); ri = NULL; - } - else + if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING)) secret (plain, data, &sk); + else + secret_blinded (plain, data, &sk, ctx.nbits); if (DBG_CIPHER) log_printmpi ("rsa_decrypt res", plain); @@ -1403,9 +1407,6 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) _gcry_mpi_release (sk.q); _gcry_mpi_release (sk.u); _gcry_mpi_release (data); - _gcry_mpi_release (r); - _gcry_mpi_release (ri); - _gcry_mpi_release (bldata); sexp_release (l1); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) @@ -1461,7 +1462,10 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* Do RSA computation. */ sig = mpi_new (0); - secret (sig, data, &sk); + if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING)) + secret (sig, data, &sk); + else + secret_blinded (sig, data, &sk, ctx.nbits); if (DBG_CIPHER) log_printmpi ("rsa_sign res", sig); commit 52cdfb1960808aaad48b5a501bbce0e3141c3961 Author: Werner Koch Date: Fri Jun 3 15:15:36 2016 +0200 random: Remove debug output for getrandom(2) output. * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug output. -- Fixes-commit: ee5a32226a7ca4ab067864e06623fc11a1768900 Signed-off-by: Werner Koch diff --git a/random/rndlinux.c b/random/rndlinux.c index 592b9ac..f08c9f9 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -271,7 +271,6 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, log_fatal ("getrandom returned only" " %ld of %zu requested bytes\n", ret, nbytes); - log_debug ("getrandom returned %zu requested bytes\n", nbytes); (*add)(buffer, nbytes, origin); length -= nbytes; continue; /* until LENGTH is zero. */ commit b766ea14ad1c27d6160531b200cc70aaa479c6dc Author: Werner Koch Date: Mon Sep 7 15:38:04 2015 +0200 Fix gcc portability on Solaris 9 SPARC boxes. * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__. -- This patch has been in use by pkgsrc for SunOS mentok 5.9 Generic_117171-02 sun4u sparc SUNW,Sun-Fire-V240 since 2004. GnuPG-bug-id: 1703 Signed-off-by: Werner Koch [cherry-pick of commit d281624] Signed-off-by: Jussi Kivilinna diff --git a/mpi/longlong.h b/mpi/longlong.h index db98e47..0a5acb6 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute__ ((mode (TI))); "rJ" ((USItype)(al)), \ "rI" ((USItype)(bl)) \ __CLOBBER_CC) -# if defined (__sparc_v8__) +# if defined (__sparc_v8__) || defined(__sparcv8) /* Don't match immediate range because, 1) it is not often useful, 2) the 'I' flag thinks of the range as a 13 bit signed interval, while we want to match a 13 bit interval, sign extended to 32 bits, commit dc76313308c184c92eb78452b503405b90fc7ebd Author: J?r?mie Courr?ges-Anglas Date: Mon May 9 04:04:59 2016 +0200 Check for compiler SSE4.1 support in PCLMUL CRC code. * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if compiler supports PCLMUL *and* SSE4.1 * cipher/crc.c: Ditto * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New. -- Fixes build with the native gcc on OpenBSD/amd64, which supports PCLMUL but not SSE4.1. Signed-off-by: J?r?mie Courr?ges-Anglas diff --git a/cipher/crc-intel-pclmul.c b/cipher/crc-intel-pclmul.c index c034e2e..2972fb4 100644 --- a/cipher/crc-intel-pclmul.c +++ b/cipher/crc-intel-pclmul.c @@ -30,7 +30,8 @@ #include "bufhelp.h" -#if defined(ENABLE_PCLMUL_SUPPORT) && __GNUC__ >= 4 && \ +#if defined(ENABLE_PCLMUL_SUPPORT) && defined(ENABLE_SSE41_SUPPORT) && \ + __GNUC__ >= 4 && \ ((defined(__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)) diff --git a/cipher/crc.c b/cipher/crc.c index ee0e4e2..a1ce50b 100644 --- a/cipher/crc.c +++ b/cipher/crc.c @@ -31,10 +31,10 @@ #include "bufhelp.h" -/* USE_INTEL_PCLMUL indicates whether to compile CRC with Intel PCLMUL +/* USE_INTEL_PCLMUL indicates whether to compile CRC with Intel PCLMUL/SSE4.1 * code. */ #undef USE_INTEL_PCLMUL -#ifdef ENABLE_PCLMUL_SUPPORT +#if defined(ENABLE_PCLMUL_SUPPORT) && defined(ENABLE_SSE41_SUPPORT) # if ((defined(__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)) # if __GNUC__ >= 4 # define USE_INTEL_PCLMUL 1 diff --git a/configure.ac b/configure.ac index ad06dfd..ad0f64d 100644 --- a/configure.ac +++ b/configure.ac @@ -597,6 +597,14 @@ AC_ARG_ENABLE(pclmul-support, pclmulsupport=$enableval,pclmulsupport=yes) AC_MSG_RESULT($pclmulsupport) +# Implementation of the --disable-sse41-support switch. +AC_MSG_CHECKING([whether SSE4.1 support is requested]) +AC_ARG_ENABLE(sse41-support, + AC_HELP_STRING([--disable-sse41-support], + [Disable support for the Intel SSE4.1 instructions]), + sse41support=$enableval,sse41support=yes) +AC_MSG_RESULT($sse41support) + # Implementation of the --disable-drng-support switch. AC_MSG_CHECKING([whether DRNG support is requested]) AC_ARG_ENABLE(drng-support, @@ -1109,6 +1117,7 @@ AM_CONDITIONAL(MPI_MOD_C_UDIV_QRNND, test "$mpi_mod_c_udiv_qrnnd" = yes) if test "$mpi_cpu_arch" != "x86" ; then aesnisupport="n/a" pclmulsupport="n/a" + sse41support="n/a" avxsupport="n/a" avx2support="n/a" padlocksupport="n/a" @@ -1257,6 +1266,27 @@ if test "$gcry_cv_gcc_inline_asm_pclmul" = "yes" ; then [Defined if inline assembler supports PCLMUL instructions]) fi +# +# Check whether GCC inline assembler supports SSE4.1 instructions. +# +AC_CACHE_CHECK([whether GCC inline assembler supports SSE4.1 instructions], + [gcry_cv_gcc_inline_asm_sse41], + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_inline_asm_sse41="n/a" + else + gcry_cv_gcc_inline_asm_sse41=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[void a(void) { + int i; + __asm__("pextrd \$2, %%xmm0, %[out]\n\t" : [out] "=m" (i)); + }]])], + [gcry_cv_gcc_inline_asm_sse41=yes]) + fi]) +if test "$gcry_cv_gcc_inline_asm_sse41" = "yes" ; then + AC_DEFINE(HAVE_GCC_INLINE_ASM_SSE41,1, + [Defined if inline assembler supports SSE4.1 instructions]) +fi + # # Check whether GCC inline assembler supports AVX instructions @@ -1711,6 +1741,11 @@ if test x"$pclmulsupport" = xyes ; then pclmulsupport="no (unsupported by compiler)" fi fi +if test x"$sse41support" = xyes ; then + if test "$gcry_cv_gcc_inline_asm_sse41" != "yes" ; then + sse41support="no (unsupported by compiler)" + fi +fi if test x"$avxsupport" = xyes ; then if test "$gcry_cv_gcc_inline_asm_avx" != "yes" ; then avxsupport="no (unsupported by compiler)" @@ -1735,6 +1770,10 @@ if test x"$pclmulsupport" = xyes ; then AC_DEFINE(ENABLE_PCLMUL_SUPPORT, 1, [Enable support for Intel PCLMUL instructions.]) fi +if test x"$sse41support" = xyes ; then + AC_DEFINE(ENABLE_SSE41_SUPPORT, 1, + [Enable support for Intel SSE4.1 instructions.]) +fi if test x"$avxsupport" = xyes ; then AC_DEFINE(ENABLE_AVX_SUPPORT,1, [Enable support for Intel AVX instructions.]) @@ -2340,6 +2379,7 @@ GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities]) GCRY_MSG_SHOW([Try using Padlock crypto: ],[$padlocksupport]) GCRY_MSG_SHOW([Try using AES-NI crypto: ],[$aesnisupport]) GCRY_MSG_SHOW([Try using Intel PCLMUL: ],[$pclmulsupport]) +GCRY_MSG_SHOW([Try using Intel SSE4.1: ],[$sse41support]) GCRY_MSG_SHOW([Try using DRNG (RDRAND): ],[$drngsupport]) GCRY_MSG_SHOW([Try using Intel AVX: ],[$avxsupport]) GCRY_MSG_SHOW([Try using Intel AVX2: ],[$avx2support]) commit bd39eb9fba47dc8500c83769a679cc8b683d6c6e Author: NIIBE Yutaka Date: Fri May 6 13:21:17 2016 +0900 ecc: Fix ecc_verify for cofactor support. * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h". -- Thanks to onitake. GnuPG-bug-id: 2347 Signed-off-by: NIIBE Yutaka diff --git a/cipher/ecc.c b/cipher/ecc.c index a437a1f..b09902e 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1071,7 +1071,7 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) if ((ctx.flags & PUBKEY_FLAG_PARAM)) rc = sexp_extract_param (s_keyparms, NULL, "-p?a?b?g?n?h?/q", &pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n, - &pk.E.n, &mpi_q, NULL); + &pk.E.h, &mpi_q, NULL); else rc = sexp_extract_param (s_keyparms, NULL, "/q", &mpi_q, NULL); commit c05837211e5221d3f56146865e823bc20b4ff1ab Author: Werner Koch Date: Tue Apr 26 15:46:30 2016 +0200 random: Try to use getrandom() instead of /dev/urandom (Linux only). * configure.ac: Check for syscall. * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h. (_gcry_rndlinux_gather_random): Use getrandom is available. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 5f9f711..ad06dfd 100644 --- a/configure.ac +++ b/configure.ac @@ -1514,7 +1514,7 @@ AC_CHECK_FUNCS(strtoul memmove stricmp atexit raise) # Other checks AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4) AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime syslog) -AC_CHECK_FUNCS(fcntl ftruncate flockfile) +AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile) GNUPG_CHECK_MLOCK diff --git a/random/rndlinux.c b/random/rndlinux.c index 0cb65df..592b9ac 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -32,6 +32,10 @@ #include #include #include +#if defined(__linux__) && defined(HAVE_SYSCALL) +# include +#endif + #include "types.h" #include "g10lib.h" #include "rand-internal.h" @@ -232,6 +236,50 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, } } + /* If we have a modern Linux kernel and we want to read from the + * the non-blocking /dev/urandom, we first try to use the new + * getrandom syscall. That call guarantees that the kernel's + * RNG has been properly seeded before returning any data. This + * is different from /dev/urandom which may, due to its + * non-blocking semantics, return data even if the kernel has + * not been properly seeded. Unfortunately we need to use a + * syscall and not a new device and thus we are not able to use + * select(2) to have a timeout. */ +#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom) + if (fd == fd_urandom) + { + long ret; + size_t nbytes; + + do + { + nbytes = length < sizeof(buffer)? length : sizeof(buffer); + if (nbytes > 256) + nbytes = 256; + ret = syscall (__NR_getrandom, + (void*)buffer, (size_t)nbytes, (unsigned int)0); + } + while (ret == -1 && errno == EINTR); + if (ret == -1 && errno == ENOSYS) + ; /* The syscall is not supported - fallback to /dev/urandom. */ + else + { /* The syscall is supported. Some sanity checks. */ + if (ret == -1) + log_fatal ("unexpected error from getrandom: %s\n", + strerror (errno)); + else if (ret != nbytes) + log_fatal ("getrandom returned only" + " %ld of %zu requested bytes\n", ret, nbytes); + + log_debug ("getrandom returned %zu requested bytes\n", nbytes); + (*add)(buffer, nbytes, origin); + length -= nbytes; + continue; /* until LENGTH is zero. */ + } + log_debug ("syscall(getrandom) not supported; errno = %d\n", errno); + } +#endif + do { size_t nbytes; ----------------------------------------------------------------------- Summary of changes: cipher/crc-intel-pclmul.c | 3 +- cipher/crc.c | 4 +-- cipher/ecc.c | 2 +- cipher/rsa.c | 92 ++++++++++++++++++++++++----------------------- configure.ac | 42 +++++++++++++++++++++- mpi/longlong.h | 2 +- random/rndlinux.c | 47 ++++++++++++++++++++++++ 7 files changed, 142 insertions(+), 50 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 8 19:22:02 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Jun 2016 19:22:02 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-166-g77d149e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 77d149e8614c381458e07808a7930ce3fb92cdc3 (commit) via 5ebc205439cac266685d2532466df8b3457dea23 (commit) from 8426304b67a0b0a5630db500abf740b0e0b9e43c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 77d149e8614c381458e07808a7930ce3fb92cdc3 Author: Justus Winter Date: Wed Jun 8 18:06:24 2016 +0200 python: Improve error handling. * lang/python/helpers.c (pyPassphraseCb): Handle write errors. (pyEditCb): Likewise. Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 5c620e6..0033ef0 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -320,7 +320,10 @@ static gpgme_error_t pyPassphraseCb(void *hook, err_status = pygpgme_exception2code(); } else { if (!retval) { - write(fd, "\n", 1); + if (write(fd, "\n", 1) < 0) { + err_status = gpgme_error_from_syserror (); + pygpgme_raise_exception (err_status); + } } else { char *buf; size_t len; @@ -342,8 +345,15 @@ static gpgme_error_t pyPassphraseCb(void *hook, goto leave; } - write(fd, buf, len); - write(fd, "\n", 1); + if (write(fd, buf, len) < 0) { + err_status = gpgme_error_from_syserror (); + pygpgme_raise_exception (err_status); + } + if (! err_status && write(fd, "\n", 1) < 0) { + err_status = gpgme_error_from_syserror (); + pygpgme_raise_exception (err_status); + } + Py_DECREF(retval); } } @@ -512,17 +522,24 @@ gpgme_error_t pyEditCb(void *opaque, gpgme_status_code_t status, Py_DECREF(pyargs); if (PyErr_Occurred()) { err_status = pygpgme_exception2code(); - pygpgme_stash_callback_exception(self); } else { if (fd>=0 && retval && PyUnicode_Check(retval)) { const char *buffer; Py_ssize_t size; buffer = PyUnicode_AsUTF8AndSize(retval, &size); - write(fd, buffer, size); - write(fd, "\n", 1); + if (write(fd, buffer, size) < 0) { + err_status = gpgme_error_from_syserror (); + pygpgme_raise_exception (err_status); + } + if (! err_status && write(fd, "\n", 1) < 0) { + err_status = gpgme_error_from_syserror (); + pygpgme_raise_exception (err_status); + } } } + if (err_status) + pygpgme_stash_callback_exception(self); Py_XDECREF(retval); return err_status; commit 5ebc205439cac266685d2532466df8b3457dea23 Author: Justus Winter Date: Wed Jun 8 17:54:45 2016 +0200 python: Add function to raise exceptions from c. * lang/python/helpers.c (pygpgme_raise_exception): New function. Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 7e1c1c3..5c620e6 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -1,4 +1,5 @@ /* +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # @@ -41,6 +42,25 @@ void pygpgme_exception_init(void) { } } +static PyObject * +pygpgme_raise_exception(gpgme_error_t err) +{ + PyObject *e; + + pygpgme_exception_init(); + if (GPGMEError == NULL) + return PyErr_Format(PyExc_RuntimeError, "Got gpgme_error_t %d", err); + + e = PyObject_CallFunction(GPGMEError, "l", (long) err); + if (e == NULL) + return NULL; + + PyErr_SetObject(GPGMEError, e); + Py_DECREF(e); + + return NULL; /* raise */ +} + gpgme_error_t pygpgme_exception2code(void) { gpgme_error_t err_status = gpg_error(GPG_ERR_GENERAL); if (GPGMEError && PyErr_ExceptionMatches(GPGMEError)) { ----------------------------------------------------------------------- Summary of changes: lang/python/helpers.c | 49 +++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 9 12:22:15 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 09 Jun 2016 12:22:15 +0200 Subject: [git] gnupg-doc - branch, master, updated. 203d0abedd4e7d9ae026e8a2651368bc968d5bad Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 203d0abedd4e7d9ae026e8a2651368bc968d5bad (commit) from e178040535cd0dbc91664baf7f3ae2c8192c0b6f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 203d0abedd4e7d9ae026e8a2651368bc968d5bad Author: Werner Koch Date: Thu Jun 9 12:20:50 2016 +0200 bugs.gnupg.org: Add a note about security bugs. diff --git a/misc/bugs.gnupg.org/index.html b/misc/bugs.gnupg.org/index.html index 4b45f1a..47cf93f 100644 --- a/misc/bugs.gnupg.org/index.html +++ b/misc/bugs.gnupg.org/index.html @@ -59,6 +59,12 @@ You should follow these steps to enter a new bug (issue): (resolved) issue.
+
If you consider the bug a severe security problem and you do not + want to publish it, please write to security at gnupg.org to ask + for advice and our encryption keys. See also the AUTHORS file in + each package. +
+
Select the Create New menu entry. An empty page will be presented.
----------------------------------------------------------------------- Summary of changes: misc/bugs.gnupg.org/index.html | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 9 13:12:46 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 09 Jun 2016 13:12:46 +0200 Subject: [git] gnupg-doc - branch, master, updated. bea8041a37c710ed7c31fdab7401d35a36bfbc18 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via bea8041a37c710ed7c31fdab7401d35a36bfbc18 (commit) from 203d0abedd4e7d9ae026e8a2651368bc968d5bad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bea8041a37c710ed7c31fdab7401d35a36bfbc18 Author: Werner Koch Date: Thu Jun 9 13:11:22 2016 +0200 web: Add a link to service.html from the mailing list page diff --git a/web/documentation/mailing-lists.org b/web/documentation/mailing-lists.org index 04e529c..8554226 100644 --- a/web/documentation/mailing-lists.org +++ b/web/documentation/mailing-lists.org @@ -11,7 +11,9 @@ available; please click on the mailing list name below. Please check the [[file:faqs.org][FAQ]] before you ask on one of the lists. If you want to search these mailing lists (as well as other archives) please use -the service provided at [[http://marc.info/]]. +the service provided at [[http://marc.info/]]. If you do not want to +write to a public mailing list, check out the [[../service.org][commercial support]] +options. | Name | Purpose | Lang | |----------------+---------------------------------------------+------| @@ -34,9 +36,9 @@ the service provided at [[http://marc.info/]]. A complete list of all mailing lists can also be found at our -[[http://lists.gnupg.org/mailman/listinfo/][mailing list manager]]. +[[https://lists.gnupg.org/mailman/listinfo/][mailing list manager]]. -You may subscribe to these lists [[http://lists.gnupg.org/][via web]] or by sending an e-mail: +You may subscribe to these lists [[https://lists.gnupg.org/][via web]] or by sending an e-mail: #+begin_example To: -request at gnupg.org ----------------------------------------------------------------------- Summary of changes: web/documentation/mailing-lists.org | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 10 16:15:51 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 10 Jun 2016 16:15:51 +0200 Subject: [git] gnupg-doc - branch, master, updated. c0ddb5e4626defb4dc8341d4c06709ee96f69623 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c0ddb5e4626defb4dc8341d4c06709ee96f69623 (commit) from bea8041a37c710ed7c31fdab7401d35a36bfbc18 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c0ddb5e4626defb4dc8341d4c06709ee96f69623 Author: Werner Koch Date: Fri Jun 10 15:59:07 2016 +0200 web: Add a separate Security page. Also change "Documentaion" to "Support" in the main menu. diff --git a/web/documentation/index.org b/web/documentation/index.org index 66ff139..92194a4 100644 --- a/web/documentation/index.org +++ b/web/documentation/index.org @@ -1,8 +1,8 @@ -#+TITLE: GnuPG - Documentation +#+TITLE: GnuPG - Support #+STARTUP: showall #+SETUPFILE: "../share/setup.inc" -* Documentation Sources +* Documentation - [[file:howtos.org][HOWTOs]] :: Includes links to some HOWTOs available in several languages to get out the best from GnuPG. @@ -16,6 +16,14 @@ - [[file:faqs.org][FAQs]] :: Online version of the FAQs is now available. Please consult these FAQs before you ask on one of the mailing lists or report a bug. + + - [[file:security.org][Security]] :: How to report security problems. + + You may also notice that OpenPGP is a proposed Internet standard, + described by [[https://www.rfc-editor.org/rfc/rfc4880.txt][RFC-4880]]. + +* Community support + - [[file:mailing-lists.org][Mailing lists]] :: Describes the purposes of each mailing list hosted on this server and gives instruction on how to subscribe. Links to other GnuPG-related @@ -23,8 +31,10 @@ - [[https://wiki.gnupg.org][Wiki]] :: The official GnuPG Wiki contains community-maintained documentation for GnuPG and related software. - [[file:bts.org][BTS]] :: Before you report a bug, please consult the list of bugs. - - [[http://twitter.com/gnupg][@gnupg]] :: We sometimes post short messages to Twitter. +* Other types of support - You may also notice that OpenPGP is a proposed Internet standard, - described by RFC4880 (found at [[http://www.rfc-editor.org/][RFC Editor]]). + - [[../service.org][Commercial support]] :: Listing of companies offering commercial + support for GnuPG + + - [[http://twitter.com/gnupg][@gnupg]] :: We sometimes post short messages to Twitter. diff --git a/web/documentation/security.org b/web/documentation/security.org new file mode 100644 index 0000000..726497e --- /dev/null +++ b/web/documentation/security.org @@ -0,0 +1,29 @@ +#+TITLE: GnuPG - Security +#+STARTUP: showall +#+SETUPFILE: "../share/setup.inc" + +* Security + +The GnuPG Project takes the security of software it develops very +seriously. In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_%2528computer_security%2529][full disclosure]] approach and all +bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/cvs_access.org][software +repository]] are public. Given that GnuPG is an important part of many +software distributions and severe bugs in GnuPG would affect their +users directly, we co-ordinate with them in private as soon as we +learn about a severe vulnerability. + +Sometimes we receive pre-notifications of research which may lead to a +new kind of vulnerability. In these cases we may work with the +researchers in private on a solution and co-ordinate our fix release +with them. + +** Security contact + +If you found a *severe* security problem and you do not want to +publish it, please report it by mail to security at gnupg.org. + +Note that we do not use a team OpenPGP key. Thus please write a +non-encrypted message to the security address and ask for the keys of +the developers at duty and then encrypt the mail to all of them. A +list of our core developers can be found [[../people/index.org][here]]; the are all active on +the gnupg-devel mailing list. diff --git a/web/index.org b/web/index.org index be1f366..3f0f422 100644 --- a/web/index.org +++ b/web/index.org @@ -17,9 +17,9 @@ features for easy integration with other applications. A wealth of [[file:related_software/frontends.html][frontend applications]] and [[file:related_software/libraries.html][libraries]] are available. Version 2 of GnuPG also provides support for S/MIME and Secure Shell (ssh). -GnuPG is [[http://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can +GnuPG is [[https://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the -[[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]] . +[[https://www.gnu.org/copyleft/gpl.html][GNU General Public License]] . GnuPG comes in three flavours: diff --git a/web/service.org b/web/service.org index 181c9ca..1ec6de8 100644 --- a/web/service.org +++ b/web/service.org @@ -2,7 +2,7 @@ #+STARTUP: showall #+SETUPFILE: "share/setup.inc" -* Support +* Commercial support As part of the GNU project, GnuPG is community developed, and everyone is welcome to contribute under certain conditions. Some companies are diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index f65684f..8d5e379 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -76,6 +76,7 @@ if not available." ("/features.html" "Features") ("/news.html" "News") ("/people/index.html" "People") + ("/documentation/sites.html" "Sites") ("/service.html" "Service"))) ("/donate/index.html" "Donate" @@ -90,14 +91,14 @@ if not available." ("/download/mirrors.html" "Mirrors") ("/download/cvs_access.html" "GIT"))) ("/documentation/index.html" - "Documentation" + "Support" (("/documentation/howtos.html" "HOWTOs") ("/documentation/manuals.html" "Manuals") ("/documentation/guides.html" "Guides") ("/documentation/faqs.html" "FAQs") ("/documentation/mailing-lists.html" "Mailing Lists") - ("/documentation/sites.html" "Sites") - ("/documentation/bts.html" "Bug Tracker"))) + ("/documentation/bts.html" "Bug Tracker") + ("/documentation/security.html" "Security"))) ("/related_software/index.html" "Related software" (("/related_software/frontends.html" "Frontends") ----------------------------------------------------------------------- Summary of changes: web/documentation/index.org | 20 +++++++++++++++----- web/documentation/security.org | 29 +++++++++++++++++++++++++++++ web/index.org | 4 ++-- web/service.org | 2 +- web/share/gpgweb.el | 7 ++++--- 5 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 web/documentation/security.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 13 11:35:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Jun 2016 11:35:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-78-g8d0ff5c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8d0ff5c2c23f556c8c88a8f7f0ab1555f8a17e74 (commit) via 9e126af215143fddbdc3949681abb9ffdb9153bb (commit) via 61e7fd68c05ed185728e9da45f7a44a2323065ad (commit) via 08c82b1b55d28ffd09b859205b7686bcefae5011 (commit) via 18b03e756b0f16a055a4bc5b919bd911f571d74f (commit) via 2494ce190bff85e94146ce960bde89fde1596a6e (commit) from 334e993a71d3abb7d30cb5ee05d578cecf0c3f67 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8d0ff5c2c23f556c8c88a8f7f0ab1555f8a17e74 Author: Werner Koch Date: Mon Jun 13 11:34:16 2016 +0200 speedo,w32: Add gpg-preset-passphrase also to the uninstaller. -- Signed-off-by: Werner Koch diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index 44696e8..c8a09ae 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -1276,6 +1276,7 @@ Section "-un.gnupg" Delete "$INSTDIR\bin\gpgconf.exe" Delete "$INSTDIR\bin\gpg-connect-agent.exe" Delete "$INSTDIR\bin\gpgtar.exe" + Delete "$INSTDIR\bin\gpg-preset-passphrase.exe" Delete "$INSTDIR\share\gnupg\dirmngr-conf.skel" Delete "$INSTDIR\share\gnupg\distsigkey.gpg" commit 9e126af215143fddbdc3949681abb9ffdb9153bb Author: Werner Koch Date: Mon Jun 13 11:32:38 2016 +0200 gpg: Un-deprecate option --auto-key-retrieve. * g10/gpg.c (main): Remove deprecation warning. -- Most options for the keyserver have been moved to dirmngr and thus it does not make sense to favor "--keyserver-options auto-key-retrieve" over the direct options --auto-key-retrieve and --no-auto-key-retrieve. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 182abb1..0f5a181 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1292,8 +1292,8 @@ the opposite meaning. The options are: Enable PKA lookups to verify sender addresses. Note that PKA is based on DNS, and so enabling this option may disclose information on when and what signatures are verified or to whom data is encrypted. This - is similar to the "web bug" described for the auto-key-retrieve - feature. + is similar to the "web bug" described for the @option{--auto-key-retrieve} + option. @item pka-trust-increase @opindex verify-options:pka-trust-increase @@ -1680,6 +1680,26 @@ mechanisms, in the order they are to be tried: @end table + at item --auto-key-retrieve + at itemx --no-auto-key-retrieve + at opindex auto-key-retrieve + at opindex no-auto-key-retrieve +This option enables the automatic retrieving of keys from a keyserver +when verifying signatures made by keys that are not on the local +keyring. + +If the method "wkd" is included in the list of methods given to + at option{auto-key-locate}, the Signer's User ID is part of the +signature, and the option @option{--disable-signer-uid} is not used, +the "wkd" method may also be used to retrieve a key. + +Note that this option makes a "web bug" like behavior possible. +Keyserver or Web Key Directory operators can see which keys you +request, so by sending you a message signed by a brand new key (which +you naturally will not have on your local keyring), the operator can +tell both your IP address and the time when you verified the +signature. + @item --keyid-format @code{none|short|0xshort|long|0xlong} @opindex keyid-format Select how to display key IDs. "none" does not show the key ID at all @@ -1738,19 +1758,7 @@ are available for all keyserver types, some common options are: used with HKP keyservers. @item auto-key-retrieve - This option enables the automatic retrieving of keys from a keyserver - when verifying signatures made by keys that are not on the local - keyring. If the method "wkd" is included in the list of methods - given to @option{auto-key-locate}, the Signer's User ID is part of - the signature, and the option @option{--disable-signer-uid} is not used, - the "wkd" method may also be used to retrieve a key. - - Note that this option makes a "web bug" like behavior possible. - Keyserver or Web Key Directory operators can see which keys you - request, so by sending you a message signed by a brand new key (which - you naturally will not have on your local keyring), the operator can - tell both your IP address and the time when you verified the - signature. + This is the same as the option @option{auto-key-retrieve}. @item honor-keyserver-url When using @option{--refresh-keys}, if the key in question has a preferred @@ -1762,9 +1770,9 @@ are available for all keyserver types, some common options are: refreshed. Thus this option is not enabled by default. @item honor-pka-record - If auto-key-retrieve is set, and the signature being verified has a - PKA record, then use the PKA information to fetch the key. Defaults - to "yes". + If @option{--auto-key-retrieve} is used, and the signature being + verified has a PKA record, then use the PKA information to fetch + the key. Defaults to "yes". @item include-subkeys When receiving a key, include subkeys as potential targets. Note that @@ -2354,7 +2362,7 @@ By default the user ID of the signing key is embedded in the data signature. As of now this is only done if the signing key has been specified with @option{local-user} using a mail address. This information can be helpful for verifier to locate the key; see - at option{--auto-key-retrieve}. +option @option{--auto-key-retrieve}. @item --personal-cipher-preferences @code{string} @opindex personal-cipher-preferences diff --git a/g10/gpg.c b/g10/gpg.c index f6088f0..62e3227 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3150,12 +3150,6 @@ main (int argc, char **argv) opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE; else opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE; - - deprecated_warning(configname,configlineno, - pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve": - "--no-auto-key-retrieve","--keyserver-options ", - pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve": - "no-auto-key-retrieve"); break; case oShowSessionKey: opt.show_session_key = 1; break; case oOverrideSessionKey: commit 61e7fd68c05ed185728e9da45f7a44a2323065ad Author: Werner Koch Date: Mon Jun 13 11:24:09 2016 +0200 gpg: New option --disable-signer-uid, create Signer's UID sub-packet. * g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index f092b27..182abb1 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1740,13 +1740,17 @@ are available for all keyserver types, some common options are: @item auto-key-retrieve This option enables the automatic retrieving of keys from a keyserver when verifying signatures made by keys that are not on the local - keyring. + keyring. If the method "wkd" is included in the list of methods + given to @option{auto-key-locate}, the Signer's User ID is part of + the signature, and the option @option{--disable-signer-uid} is not used, + the "wkd" method may also be used to retrieve a key. Note that this option makes a "web bug" like behavior possible. - Keyserver operators can see which keys you request, so by sending you - a message signed by a brand new key (which you naturally will not have - on your local keyring), the operator can tell both your IP address and - the time when you verified the signature. + Keyserver or Web Key Directory operators can see which keys you + request, so by sending you a message signed by a brand new key (which + you naturally will not have on your local keyring), the operator can + tell both your IP address and the time when you verified the + signature. @item honor-keyserver-url When using @option{--refresh-keys}, if the key in question has a preferred @@ -2344,6 +2348,14 @@ Disable the use of the modification detection code. Note that by using this option, the encrypted message becomes vulnerable to a message modification attack. + at item --disable-signer-uid + at opindex disable-signer-uid +By default the user ID of the signing key is embedded in the data +signature. As of now this is only done if the signing key has been +specified with @option{local-user} using a mail address. This +information can be helpful for verifier to locate the key; see + at option{--auto-key-retrieve}. + @item --personal-cipher-preferences @code{string} @opindex personal-cipher-preferences Set the list of personal cipher preferences to @code{string}. Use diff --git a/g10/gpg.c b/g10/gpg.c index 87d06af..f6088f0 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -396,6 +396,7 @@ enum cmd_and_opt_values oWeakDigest, oUnwrap, oOnlySignTextIDs, + oDisableSignerUID, oNoop }; @@ -550,6 +551,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"), ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"), + ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"), + ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")), @@ -2799,6 +2802,9 @@ main (int argc, char **argv) case oNoForceMDC: opt.force_mdc = 0; break; case oDisableMDC: opt.disable_mdc = 1; break; case oNoDisableMDC: opt.disable_mdc = 0; break; + + case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; + case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break; case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break; diff --git a/g10/mainproc.c b/g10/mainproc.c index 7033de7..453d1b0 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1823,6 +1823,7 @@ check_sig_and_print (CTX c, kbnode_t node) * key from the WKD. */ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE) + && !opt.flags.disable_signer_uid && akl_has_wkd_method () && sig->signers_uid) { diff --git a/g10/options.h b/g10/options.h index bf5831d..0a87b90 100644 --- a/g10/options.h +++ b/g10/options.h @@ -234,6 +234,7 @@ struct unsigned int allow_multiple_messages:1; unsigned int allow_weak_digest_algos:1; unsigned int large_rsa:1; + unsigned int disable_signer_uid:1; } flags; /* Linked list of ways to find a key if the key isn't on the local @@ -290,7 +291,7 @@ struct { #define DBG_IPC_VALUE 1024 /* debug assuan communication */ #define DBG_CARD_IO_VALUE 2048 /* debug smart card I/O. */ #define DBG_CLOCK_VALUE 4096 -#define DBG_LOOKUP_VALUE 8192 /* debug the kety lookup */ +#define DBG_LOOKUP_VALUE 8192 /* debug the key lookup */ #define DBG_EXTPROG_VALUE 16384 /* debug external program calls */ /* Tests for the debugging flags. */ diff --git a/g10/sign.c b/g10/sign.c index 833b6ef..a4974be 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -40,7 +40,7 @@ #include "pkglue.h" #include "sysutils.h" #include "call-agent.h" - +#include "mbox-util.h" #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" @@ -144,6 +144,20 @@ mk_notation_policy_etc (PKT_signature *sig, p, strlen (p)); xfree (p); } + + /* Set signer's user id. */ + if (IS_SIG (sig) && !opt.flags.disable_signer_uid) + { + char *mbox; + + /* For now we use the uid which was used to locate the key. */ + if (pksk->user_id && (mbox = mailbox_from_userid (pksk->user_id->name))) + { + if (DBG_LOOKUP) + log_debug ("setting Signer's UID to '%s'\n", mbox); + build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID, mbox, strlen (mbox)); + } + } } commit 08c82b1b55d28ffd09b859205b7686bcefae5011 Author: Werner Koch Date: Mon Jun 13 10:40:34 2016 +0200 gpg: Try Signer's User ID sub-packet with --auto-key-retrieve. * g10/packet.h (PKT_signature): Add field 'signers_uid'. * g10/parse-packet.c (parse_signature): Set this field. * g10/free-packet.c (free_seckey_enc): Free field. (copy_signature): Copy field. * g10/mainproc.c (akl_has_wkd_method): New. (check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to locate a missing key via the signature's Signer's User ID sub-packet. Do this right before trying a keyserver lookup. -- Signed-off-by: Werner Koch diff --git a/doc/DETAILS b/doc/DETAILS index d2df9ac..2fcdb28 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -341,10 +341,12 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: arguments in future versions. ** General status codes -*** NEWSIG +*** NEWSIG [] Is issued right before a signature verification starts. This is - useful to define a context for parsing ERROR status messages. No - arguments are currently defined. + useful to define a context for parsing ERROR status messages. + arguments are currently defined. If SIGNERS_UID is given and is + not "-" this is the percent escape value of the OpenPGP Signer's + User ID signature sub-packet. *** GOODSIG The signature with the keyid is good. For each signature only one diff --git a/g10/free-packet.c b/g10/free-packet.c index 8176e36..3883f87 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -82,6 +82,7 @@ free_seckey_enc( PKT_signature *sig ) xfree (sig->pka_info->uri); xfree (sig->pka_info); } + xfree (sig->signers_uid); xfree(sig); } @@ -258,6 +259,8 @@ copy_signature( PKT_signature *d, PKT_signature *s ) d->pka_info = s->pka_info? cp_pka_info (s->pka_info) : NULL; d->hashed = cp_subpktarea (s->hashed); d->unhashed = cp_subpktarea (s->unhashed); + if (s->signers_uid) + d->signers_uid = xstrdup (s->signers_uid); if(s->numrevkeys) { d->revkey=NULL; diff --git a/g10/mainproc.c b/g10/mainproc.c index 15dc4b9..7033de7 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1541,6 +1541,19 @@ pka_uri_from_sig (CTX c, PKT_signature *sig) } +/* Return true if the AKL has the WKD method specified. */ +static int +akl_has_wkd_method (void) +{ + struct akl *akl; + + for (akl = opt.auto_key_locate; akl; akl = akl->next) + if (akl->type == AKL_WKD) + return 1; + return 0; +} + + static void print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un, PKT_signature *sig, int rc) @@ -1697,7 +1710,11 @@ check_sig_and_print (CTX c, kbnode_t node) } } - write_status_text (STATUS_NEWSIG, NULL); + if (sig->signers_uid) + write_status_buffer (STATUS_NEWSIG, + sig->signers_uid, strlen (sig->signers_uid), 0); + else + write_status_text (STATUS_NEWSIG, NULL); astr = openpgp_pk_algo_name ( sig->pubkey_algo ); if (keystrlen () > 8) @@ -1713,8 +1730,7 @@ check_sig_and_print (CTX c, kbnode_t node) rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); - /* If the key isn't found, check for a preferred keyserver */ - + /* If the key isn't found, check for a preferred keyserver. */ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && sig->flags.pref_ks) { const byte *p; @@ -1755,8 +1771,8 @@ check_sig_and_print (CTX c, kbnode_t node) } } - /* If the preferred keyserver thing above didn't work, our second - try is to use the URI from a DNS PKA record. */ + /* If the avove methods didn't work, our next try is to use the URI + * from a DNS PKA record. */ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE) && (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD)) @@ -1775,17 +1791,54 @@ check_sig_and_print (CTX c, kbnode_t node) { glo_ctrl.in_auto_key_retrieve++; res = keyserver_import_keyid (c->ctrl, sig->keyid, spec); - glo_ctrl.in_auto_key_retrieve--; - free_keyserver_spec (spec); - if (!res) - rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + glo_ctrl.in_auto_key_retrieve--; + free_keyserver_spec (spec); + if (!res) + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); } } } - /* If the preferred keyserver thing above didn't work and we got - no information from the DNS PKA, this is a third try. */ + /* If the above methods didn't work, our next try is to use locate + * the key via its fingerprint from a keyserver. This requires + * that the signers fingerprint is encoded in the signature. We + * favor this over the WKD method (to be tried next), because an + * arbitrary keyserver is less subject to web bug like + * monitoring. */ + /* if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY */ + /* && signature_hash_full_fingerprint (sig) */ + /* && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) */ + /* && keyserver_any_configured (c->ctrl)) */ + /* { */ + /* int res; */ + + /* glo_ctrl.in_auto_key_retrieve++; */ + /* res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver ); */ + /* glo_ctrl.in_auto_key_retrieve--; */ + /* if (!res) */ + /* rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); */ + /* } */ + + /* If the above methods didn't work, our next try is to retrieve the + * key from the WKD. */ + if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY + && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE) + && akl_has_wkd_method () + && sig->signers_uid) + { + int res; + + glo_ctrl.in_auto_key_retrieve++; + res = keyserver_import_wkd (c->ctrl, sig->signers_uid, NULL, NULL); + glo_ctrl.in_auto_key_retrieve--; + /* Fixme: If the fingerprint is embedded in the signature, + * compare it to the fingerprint of the returned key. */ + if (!res) + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + } + /* If the above methods did't work, our next try is to use a + * keyserver. */ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) && keyserver_any_configured (c->ctrl)) @@ -1793,7 +1846,7 @@ check_sig_and_print (CTX c, kbnode_t node) int res; glo_ctrl.in_auto_key_retrieve++; - res=keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver ); + res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver ); glo_ctrl.in_auto_key_retrieve--; if (!res) rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); diff --git a/g10/packet.h b/g10/packet.h index 6ea2f83..8fb6fc4 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -230,6 +230,8 @@ typedef struct int numrevkeys; pka_info_t *pka_info; /* Malloced PKA data or NULL if not available. See also flags.pka_tried. */ + char *signers_uid; /* Malloced value of the SIGNERS_UID + * subpacket. */ subpktarea_t *hashed; /* All subpackets with hashed data (v4 only). */ subpktarea_t *unhashed; /* Ditto for unhashed data. */ /* First 2 bytes of the digest. (Serialized. Note: this is not diff --git a/g10/parse-packet.c b/g10/parse-packet.c index c77e409..c30abcb 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1915,6 +1915,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, if (p) sig->flags.pref_ks = 1; + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len); + if (p && len) + { + sig->signers_uid = xtrymalloc (len+1); + if (!sig->signers_uid) + { + rc = gpg_error_from_syserror (); + goto leave; + } + /* Note that we don't care about binary zeroes in the value. */ + memcpy (sig->signers_uid, p, len); + sig->signers_uid[len] = 0; + } + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL); if (p) sig->flags.notation = 1; commit 18b03e756b0f16a055a4bc5b919bd911f571d74f Author: Werner Koch Date: Mon Jun 13 09:37:53 2016 +0200 gpg,indent: Re-indent and chnage var names in sign.c -- Signed-off-by: Werner Koch diff --git a/g10/sign.c b/g10/sign.c index 15c18ee..833b6ef 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -59,92 +59,91 @@ static void mk_notation_policy_etc (PKT_signature *sig, PKT_public_key *pk, PKT_public_key *pksk) { - const char *string; - char *s=NULL; - strlist_t pu=NULL; - struct notation *nd=NULL; - struct expando_args args; + const char *string; + char *p = NULL; + strlist_t pu = NULL; + struct notation *nd = NULL; + struct expando_args args; - log_assert(sig->version>=4); + log_assert (sig->version >= 4); - memset(&args,0,sizeof(args)); - args.pk=pk; - args.pksk=pksk; + memset (&args, 0, sizeof(args)); + args.pk = pk; + args.pksk = pksk; - /* notation data */ - if(IS_SIG(sig) && opt.sig_notations) - nd=opt.sig_notations; - else if( IS_CERT(sig) && opt.cert_notations ) - nd=opt.cert_notations; + /* Notation data. */ + if (IS_SIG(sig) && opt.sig_notations) + nd = opt.sig_notations; + else if (IS_CERT(sig) && opt.cert_notations) + nd = opt.cert_notations; - if(nd) - { - struct notation *i; + if (nd) + { + struct notation *item; - for(i=nd;i;i=i->next) - { - i->altvalue=pct_expando(i->value,&args); - if(!i->altvalue) - log_error(_("WARNING: unable to %%-expand notation " - "(too large). Using unexpanded.\n")); - } + for (item = nd; item; item = item->next) + { + item->altvalue = pct_expando (item->value,&args); + if (!item->altvalue) + log_error (_("WARNING: unable to %%-expand notation " + "(too large). Using unexpanded.\n")); + } - keygen_add_notations(sig,nd); + keygen_add_notations (sig, nd); - for(i=nd;i;i=i->next) - { - xfree(i->altvalue); - i->altvalue=NULL; - } - } - - /* set policy URL */ - if( IS_SIG(sig) && opt.sig_policy_url ) - pu=opt.sig_policy_url; - else if( IS_CERT(sig) && opt.cert_policy_url ) - pu=opt.cert_policy_url; + for (item = nd; item; item = item->next) + { + xfree (item->altvalue); + item->altvalue = NULL; + } + } - for(;pu;pu=pu->next) - { - string = pu->d; + /* Set policy URL. */ + if (IS_SIG(sig) && opt.sig_policy_url) + pu = opt.sig_policy_url; + else if (IS_CERT(sig) && opt.cert_policy_url) + pu = opt.cert_policy_url; - s=pct_expando(string,&args); - if(!s) - { - log_error(_("WARNING: unable to %%-expand policy URL " - "(too large). Using unexpanded.\n")); - s=xstrdup(string); - } + for (; pu; pu = pu->next) + { + string = pu->d; - build_sig_subpkt(sig,SIGSUBPKT_POLICY| - ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0), - s,strlen(s)); + p = pct_expando (string, &args); + if (!p) + { + log_error(_("WARNING: unable to %%-expand policy URL " + "(too large). Using unexpanded.\n")); + p = xstrdup(string); + } - xfree(s); - } + build_sig_subpkt (sig, (SIGSUBPKT_POLICY + | ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0)), + p, strlen (p)); - /* preferred keyserver URL */ - if( IS_SIG(sig) && opt.sig_keyserver_url ) - pu=opt.sig_keyserver_url; + xfree (p); + } - for(;pu;pu=pu->next) - { - string = pu->d; + /* Preferred keyserver URL. */ + if (IS_SIG(sig) && opt.sig_keyserver_url) + pu = opt.sig_keyserver_url; - s=pct_expando(string,&args); - if(!s) - { - log_error(_("WARNING: unable to %%-expand preferred keyserver URL" - " (too large). Using unexpanded.\n")); - s=xstrdup(string); - } + for (; pu; pu = pu->next) + { + string = pu->d; - build_sig_subpkt(sig,SIGSUBPKT_PREF_KS| - ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0), - s,strlen(s)); + p = pct_expando (string, &args); + if (!p) + { + log_error (_("WARNING: unable to %%-expand preferred keyserver URL" + " (too large). Using unexpanded.\n")); + p = xstrdup (string); + } - xfree(s); - } + build_sig_subpkt (sig, (SIGSUBPKT_PREF_KS + | ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0)), + p, strlen (p)); + xfree (p); + } } commit 2494ce190bff85e94146ce960bde89fde1596a6e Author: Werner Koch Date: Sun Jun 12 13:43:55 2016 +0200 common: Fix bad printf format in t-stringhelp.c -- diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c index db0e811..4f4555e 100644 --- a/common/t-stringhelp.c +++ b/common/t-stringhelp.c @@ -733,7 +733,7 @@ test_split_fields (void) if (field_count != field_count_expected) { printf ("%s: tidx %d: expected %d, got %d\n", - __func__, tidx, i, field_count_expected, field_count); + __func__, tidx, field_count_expected, field_count); fail (tidx * 1000); } else ----------------------------------------------------------------------- Summary of changes: build-aux/speedo/w32/inst.nsi | 1 + common/t-stringhelp.c | 2 +- doc/DETAILS | 8 ++- doc/gpg.texi | 48 +++++++++---- g10/free-packet.c | 3 + g10/gpg.c | 12 ++-- g10/mainproc.c | 78 +++++++++++++++++---- g10/options.h | 3 +- g10/packet.h | 2 + g10/parse-packet.c | 14 ++++ g10/sign.c | 153 +++++++++++++++++++++++------------------- 11 files changed, 217 insertions(+), 107 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 13 16:35:37 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Jun 2016 16:35:37 +0200 Subject: [git] gnupg-doc - branch, master, updated. 8b5fc20b96a2808b1c36d4bedb17c502db4108ca Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8b5fc20b96a2808b1c36d4bedb17c502db4108ca (commit) from c0ddb5e4626defb4dc8341d4c06709ee96f69623 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8b5fc20b96a2808b1c36d4bedb17c502db4108ca Author: Werner Koch Date: Mon Jun 13 16:33:59 2016 +0200 web: URL fix diff --git a/web/documentation/security.org b/web/documentation/security.org index 726497e..e328928 100644 --- a/web/documentation/security.org +++ b/web/documentation/security.org @@ -5,7 +5,7 @@ * Security The GnuPG Project takes the security of software it develops very -seriously. In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_%2528computer_security%2529][full disclosure]] approach and all +seriously. In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_(computer_security)][full disclosure]] approach and all bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/cvs_access.org][software repository]] are public. Given that GnuPG is an important part of many software distributions and severe bugs in GnuPG would affect their ----------------------------------------------------------------------- Summary of changes: web/documentation/security.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 08:40:13 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 08:40:13 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-167-g8173c4f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8173c4f1f8a145c4b1d454f6f05e26950e23d675 (commit) from 77d149e8614c381458e07808a7930ce3fb92cdc3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8173c4f1f8a145c4b1d454f6f05e26950e23d675 Author: Werner Koch Date: Tue Jun 14 08:35:12 2016 +0200 core: Make sure FD_SET is not used with an out of range fd. * src/posix-io.c (_gpgme_io_select): Check for FD out of range. -- Signed-off-by: Werner Koch diff --git a/src/posix-io.c b/src/posix-io.c index f336153..258e8ea 100644 --- a/src/posix-io.c +++ b/src/posix-io.c @@ -604,6 +604,12 @@ _gpgme_io_select (struct io_select_fd_s *fds, size_t nfds, int nonblock) continue; if (fds[i].for_read) { + if (fds[i].fd >= FD_SETSIZE) + { + TRACE_END (dbg_help, " -BAD- ]"); + gpg_err_set_errno (EBADF); + return TRACE_SYSRES (-1); + } assert (!FD_ISSET (fds[i].fd, &readfds)); FD_SET (fds[i].fd, &readfds); if (fds[i].fd > max_fd) @@ -613,6 +619,12 @@ _gpgme_io_select (struct io_select_fd_s *fds, size_t nfds, int nonblock) } else if (fds[i].for_write) { + if (fds[i].fd >= FD_SETSIZE) + { + TRACE_END (dbg_help, " -BAD- ]"); + gpg_err_set_errno (EBADF); + return TRACE_SYSRES (-1); + } assert (!FD_ISSET (fds[i].fd, &writefds)); FD_SET (fds[i].fd, &writefds); if (fds[i].fd > max_fd) ----------------------------------------------------------------------- Summary of changes: src/posix-io.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 09:09:20 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 09:09:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-79-g5ddccf4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5ddccf4fc650eeb08bee7bea3e6cd889e4e32fab (commit) from 8d0ff5c2c23f556c8c88a8f7f0ab1555f8a17e74 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5ddccf4fc650eeb08bee7bea3e6cd889e4e32fab Author: Werner Koch Date: Tue Jun 14 09:06:44 2016 +0200 doc: Consistently use 'keyserver'. -- GnuPG-bug-id: 2383 Signed-off-by: Werner Koch diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h index e200d6b..f8b86e1 100644 --- a/common/openpgpdefs.h +++ b/common/openpgpdefs.h @@ -106,7 +106,7 @@ typedef enum SIGSUBPKT_PREF_HASH = 21, /* Preferred hash algorithms. */ SIGSUBPKT_PREF_COMPR = 22, /* Preferred compression algorithms. */ SIGSUBPKT_KS_FLAGS = 23, /* Key server preferences. */ - SIGSUBPKT_PREF_KS = 24, /* Preferred key server. */ + SIGSUBPKT_PREF_KS = 24, /* Preferred keyserver. */ SIGSUBPKT_PRIMARY_UID = 25, /* Primary user id. */ SIGSUBPKT_POLICY = 26, /* Policy URL. */ SIGSUBPKT_KEY_FLAGS = 27, /* Key flags. */ diff --git a/dirmngr/http.c b/dirmngr/http.c index f0fcd0d..941ad4f 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -937,7 +937,7 @@ http_wait_response (http_t hd) /* Shutdown one end of the socket is desired. As per HTTP/1.0 this is not required but some very old servers (e.g. the original pksd - key server didn't worked without it. */ + keyserver didn't worked without it. */ if ((hd->flags & HTTP_FLAG_SHUTDOWN)) shutdown (hd->sock->fd, 1); hd->in_data = 0; diff --git a/doc/DETAILS b/doc/DETAILS index 2fcdb28..4b3f0af 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1266,7 +1266,7 @@ Status codes are: /pks/lookup/?op= This can be implemented using Hurd's translator mechanism. - However, I think the whole key server stuff has to be re-thought; + However, I think the whole keyserver stuff has to be re-thought; I have some ideas and probably create a white paper. ** Algorithm names for the "keygen.algo" prompt diff --git a/g10/gpg.c b/g10/gpg.c index 62e3227..1f2d416 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -448,10 +448,10 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")), ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ), ARGPARSE_c (aExport, "export" , N_("export keys") ), - ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a key server") ), - ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a key server") ), + ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a keyserver") ), + ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a keyserver") ), ARGPARSE_c (aSearchKeys, "search-keys" , - N_("search for keys on a key server") ), + N_("search for keys on a keyserver") ), ARGPARSE_c (aRefreshKeys, "refresh-keys", N_("update all keys from a keyserver")), ARGPARSE_c (aLocateKeys, "locate-keys", "@"), diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c index 7d8b1b7..cd5346f 100644 --- a/g10/gpgcompose.c +++ b/g10/gpgcompose.c @@ -1509,10 +1509,10 @@ static struct option sig_options[] = { "that VALUE is a file to read the data from. " "(RFC 4880, Section 5.2.3.16)" }, { "--key-server-preferences", sig_big_endian_arg, - "Big-endian number encoding the key server preferences. " + "Big-endian number encoding the keyserver preferences. " "(RFC 4880, Section 5.2.3.17)" }, { "--key-server", sig_string_arg, - "The preferred key server. (RFC 4880, Section 5.2.3.18)" }, + "The preferred keyserver. (RFC 4880, Section 5.2.3.18)" }, { "--primary-user-id", sig_flag, "Sets the primary user id flag. (RFC 4880, Section 5.2.3.19)" }, { "--policy-uri", sig_string_arg, diff --git a/g10/keyserver.c b/g10/keyserver.c index 40659f0..d7105de 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1841,7 +1841,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs) /* Loop over all URLs in STRLIST and fetch the key at that URL. Note - that the fetch operation ignores the configured key servers and + that the fetch operation ignores the configured keyservers and instead directly retrieves the keys. */ int keyserver_fetch (ctrl_t ctrl, strlist_t urilist) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index c30abcb..e02238b 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1374,12 +1374,12 @@ dump_sig_subpkt (int hashed, int type, int critical, es_fprintf (listfp, " %d", buffer[i]); break; case SIGSUBPKT_KS_FLAGS: - es_fputs ("key server preferences:", listfp); + es_fputs ("keyserver preferences:", listfp); for (i = 0; i < length; i++) es_fprintf (listfp, " %02X", buffer[i]); break; case SIGSUBPKT_PREF_KS: - es_fputs ("preferred key server: ", listfp); + es_fputs ("preferred keyserver: ", listfp); es_write_sanitized (listfp, buffer, length, ")", NULL); break; case SIGSUBPKT_PRIMARY_UID: diff --git a/po/ca.po b/po/ca.po index 0a64bc4..e5fcd81 100644 --- a/po/ca.po +++ b/po/ca.po @@ -2033,13 +2033,13 @@ msgstr "canvia la contrasenya" msgid "export keys" msgstr "exporta claus" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "exporta claus a un servidor de claus" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importa claus d'un servidor de claus" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "cerca claus en un servidor de claus" msgid "update all keys from a keyserver" diff --git a/po/cs.po b/po/cs.po index 535f74c..211fb54 100644 --- a/po/cs.po +++ b/po/cs.po @@ -1869,13 +1869,13 @@ msgstr "zm??nit heslo" msgid "export keys" msgstr "exportovat kl????e" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "exportovat kl????e na server kl??????" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importovat kl????e ze serveru kl??????" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "vyhledat kl????e na serveru kl??????" msgid "update all keys from a keyserver" diff --git a/po/da.po b/po/da.po index 7e6ff4b..8dfdaaf 100644 --- a/po/da.po +++ b/po/da.po @@ -1985,13 +1985,13 @@ msgstr "??ndr en adgangsfrase" msgid "export keys" msgstr "eksporter n??gler" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "eksporter n??gler til en n??gletjener" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importer n??gler fra en n??gleserver" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "s??g efter n??gler p?? en n??gleserver" msgid "update all keys from a keyserver" diff --git a/po/de.po b/po/de.po index f5886ef..c2fcf34 100644 --- a/po/de.po +++ b/po/de.po @@ -1861,13 +1861,13 @@ msgstr "Die Passphrase ??ndern" msgid "export keys" msgstr "Schl??ssel exportieren" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "Schl??ssel zu einem Schl??.server exportieren" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "Schl??ssel von einem Schl??.server importieren" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "Schl??ssel auf einem Schl??.server suchen" msgid "update all keys from a keyserver" diff --git a/po/el.po b/po/el.po index d4316dd..99373ad 100644 --- a/po/el.po +++ b/po/el.po @@ -1963,13 +1963,13 @@ msgstr " msgid "export keys" msgstr "??????? ????????" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "??????? ???????? ?? ??? ?????????? ????????" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "???????? ???????? ??? ??? ?????????? ????????" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "????????? ???????? ?? ??? ?????????? ????????" msgid "update all keys from a keyserver" diff --git a/po/eo.po b/po/eo.po index 43b29a8..02ee245 100644 --- a/po/eo.po +++ b/po/eo.po @@ -1949,13 +1949,13 @@ msgstr " msgid "export keys" msgstr "eksporti ?losilojn" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "eksporti ?losilojn al ?losilservilo" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importi ?losilojn de ?losilservilo" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "ser?i ?losilojn ?e ?losilservilo" msgid "update all keys from a keyserver" diff --git a/po/es.po b/po/es.po index 09fc298..0d2ce38 100644 --- a/po/es.po +++ b/po/es.po @@ -2004,13 +2004,13 @@ msgstr "cambia una frase contrase msgid "export keys" msgstr "exporta claves" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "exporta claves a un servidor de claves" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importa claves desde un servidor de claves" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "busca claves en un servidor de claves" msgid "update all keys from a keyserver" diff --git a/po/et.po b/po/et.po index ccd011b..c4a195b 100644 --- a/po/et.po +++ b/po/et.po @@ -1956,13 +1956,13 @@ msgstr "muuda parooli" msgid "export keys" msgstr "ekspordi v?tmed" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "ekspordi v?tmed v?tmeserverisse" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "impordi v?tmed v?tmeserverist" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "otsi v?tmeid v?tmeserverist" msgid "update all keys from a keyserver" diff --git a/po/fi.po b/po/fi.po index 48b8b2e..de8dcf4 100644 --- a/po/fi.po +++ b/po/fi.po @@ -1971,13 +1971,13 @@ msgstr "muuta salasanaa" msgid "export keys" msgstr "vie avaimia" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "vie avaimia palvelimelle" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "nouda avaimia avainpalvelimelta" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "etsi avaimia avainpalvelimelta" msgid "update all keys from a keyserver" diff --git a/po/fr.po b/po/fr.po index 33eea36..0bd0e38 100644 --- a/po/fr.po +++ b/po/fr.po @@ -1898,13 +1898,13 @@ msgstr "modifier une phrase secr??te" msgid "export keys" msgstr "exporter les clefs" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "exporter les clefs vers un serveur de clefs" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importer les clefs d'un serveur de clefs" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "chercher les clefs avec un serveur de clefs" msgid "update all keys from a keyserver" diff --git a/po/gl.po b/po/gl.po index 7ea0c18..4293f23 100644 --- a/po/gl.po +++ b/po/gl.po @@ -1964,13 +1964,13 @@ msgstr "cambia-lo contrasinal" msgid "export keys" msgstr "exportar chaves" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "exportar chaves a un servidor de chaves" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importar chaves dun servidor de chaves" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "buscar chaves nun servidor de chaves" msgid "update all keys from a keyserver" diff --git a/po/hu.po b/po/hu.po index 539aa00..21c66bc 100644 --- a/po/hu.po +++ b/po/hu.po @@ -1952,13 +1952,13 @@ msgstr "jelsz msgid "export keys" msgstr "kulcsok export?l?sa" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "kulcsok export?l?sa kulcsszerverre" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "kulcsok import?l?sa kulcsszerverr?l" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "kulcsok keres?se kulcsszerveren" msgid "update all keys from a keyserver" diff --git a/po/id.po b/po/id.po index c017cd4..619bfd5 100644 --- a/po/id.po +++ b/po/id.po @@ -344,7 +344,7 @@ msgstr "" #, fuzzy msgid "use a log file for the server" -msgstr "cari kunci di key server" +msgstr "cari kunci di keyserver" msgid "|PGM|use PGM as the PIN-Entry program" msgstr "" @@ -1955,14 +1955,14 @@ msgstr "ubah passphrase" msgid "export keys" msgstr "ekspor kunci" -msgid "export keys to a key server" -msgstr "ekspor kunci ke key server" +msgid "export keys to a keyserver" +msgstr "ekspor kunci ke keyserver" -msgid "import keys from a key server" -msgstr "impor kunci dari key server" +msgid "import keys from a keyserver" +msgstr "impor kunci dari keyserver" -msgid "search for keys on a key server" -msgstr "cari kunci di key server" +msgid "search for keys on a keyserver" +msgstr "cari kunci di keyserver" msgid "update all keys from a keyserver" msgstr "update semua kunci dari keyserver" diff --git a/po/it.po b/po/it.po index 6b30fbd..df563ed 100644 --- a/po/it.po +++ b/po/it.po @@ -339,7 +339,7 @@ msgstr "" #, fuzzy msgid "use a log file for the server" -msgstr "cerca delle chiavi su un key server" +msgstr "cerca delle chiavi su un keyserver" msgid "|PGM|use PGM as the PIN-Entry program" msgstr "" @@ -1962,17 +1962,17 @@ msgstr "cambia la passphrase" msgid "export keys" msgstr "esporta delle chiavi" -msgid "export keys to a key server" -msgstr "esporta le chiavi a un key server" +msgid "export keys to a keyserver" +msgstr "esporta le chiavi a un keyserver" -msgid "import keys from a key server" -msgstr "importa le chiavi da un key server" +msgid "import keys from a keyserver" +msgstr "importa le chiavi da un keyserver" -msgid "search for keys on a key server" -msgstr "cerca delle chiavi su un key server" +msgid "search for keys on a keyserver" +msgstr "cerca delle chiavi su un keyserver" msgid "update all keys from a keyserver" -msgstr "aggiorna tutte le chiavi da un key server" +msgstr "aggiorna tutte le chiavi da un keyserver" msgid "import/merge keys" msgstr "importa/aggiungi delle chiavi" diff --git a/po/ja.po b/po/ja.po index 889cd8b..49b2e1e 100644 --- a/po/ja.po +++ b/po/ja.po @@ -1802,13 +1802,13 @@ msgstr "???????????????????????????" msgid "export keys" msgstr "??????????????????????????????" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "?????????????????????????????????????????????" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "?????????????????????????????????????????????" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "?????????????????????????????????" msgid "update all keys from a keyserver" diff --git a/po/nb.po b/po/nb.po index 970241e..5d813db 100644 --- a/po/nb.po +++ b/po/nb.po @@ -1915,13 +1915,13 @@ msgstr "endre passfrasen" msgid "export keys" msgstr "eksportere n?kler" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "eksportere n?kler til en n?kkelserver" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importere n?kler fra en n?kkelserver" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "s?ke etter n?kler p? en n?kkelserver" msgid "update all keys from a keyserver" diff --git a/po/pl.po b/po/pl.po index 2b8c12c..771d340 100644 --- a/po/pl.po +++ b/po/pl.po @@ -1970,13 +1970,13 @@ msgstr "zmiana has msgid "export keys" msgstr "eksport kluczy do pliku" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "eksport kluczy do serwera kluczy" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "import kluczy z serwera kluczy" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "szukanie kluczy na serwerze" msgid "update all keys from a keyserver" diff --git a/po/pt.po b/po/pt.po index c271492..17021a3 100644 --- a/po/pt.po +++ b/po/pt.po @@ -1954,13 +1954,13 @@ msgstr "muda a frase secreta" msgid "export keys" msgstr "exportar chaves" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "exportar chaves para um servidor de chaves" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importar chaves de um servidor de chaves" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "procurar chaves num servidor de chaves" msgid "update all keys from a keyserver" diff --git a/po/ro.po b/po/ro.po index 79d9bae..a40a28d 100644 --- a/po/ro.po +++ b/po/ro.po @@ -1954,13 +1954,13 @@ msgstr "schimb msgid "export keys" msgstr "export? chei" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "export? chei pentru un server de chei" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "import? chei de la un server de chei" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "caut? pentru chei pe un server de chei" msgid "update all keys from a keyserver" diff --git a/po/ru.po b/po/ru.po index f311cd1..55a7e75 100644 --- a/po/ru.po +++ b/po/ru.po @@ -1836,13 +1836,13 @@ msgstr "?????????????? ??????????-????????????" msgid "export keys" msgstr "???????????????????????????? ??????????" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "???????????????????????????? ?????????? ???? ???????????? ????????????" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "?????????????????????????? ?????????? ?? ?????????????? ????????????" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "???????????? ?????????? ???? ?????????????? ????????????" msgid "update all keys from a keyserver" diff --git a/po/sk.po b/po/sk.po index 3bf2c2b..0c0e13f 100644 --- a/po/sk.po +++ b/po/sk.po @@ -1960,13 +1960,13 @@ msgstr "zmeni msgid "export keys" msgstr "exportova? k???e" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "exportova? k???e na server k???ov" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importova? k???e zo servera k???ov" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "vyh?ada? k???e na serveri k???ov" msgid "update all keys from a keyserver" diff --git a/po/sv.po b/po/sv.po index a88dd81..bac433f 100644 --- a/po/sv.po +++ b/po/sv.po @@ -2019,13 +2019,13 @@ msgstr "??ndra en l??senfras" msgid "export keys" msgstr "exportera nycklar" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "exportera nycklar till en nyckelserver" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "importera nycklar fr??n en nyckelserver" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "s??k efter nycklar hos en nyckelserver" msgid "update all keys from a keyserver" diff --git a/po/tr.po b/po/tr.po index c9417fb..f522850 100644 --- a/po/tr.po +++ b/po/tr.po @@ -1964,13 +1964,13 @@ msgstr "anahtar parolas?? de??i??tirir" msgid "export keys" msgstr "anahtarlar?? g??nderir" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "anahtarlar?? bir anahtar sunucusuna g??nderir" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "anahtarlar?? bir anahtar sunucusundan indirir" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "bir anahtar sunucusunda anahtarlar?? arar" msgid "update all keys from a keyserver" diff --git a/po/uk.po b/po/uk.po index b2d6860..2cb2202 100644 --- a/po/uk.po +++ b/po/uk.po @@ -1857,13 +1857,13 @@ msgstr "?????????????? ????????????" msgid "export keys" msgstr "???????????????????????? ??????????" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "???????????????????????? ?????????? ???? ???????????? ????????????" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "?????????????????????? ?????????? ?? ?????????????? ????????????" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "???????????? ?????????? ???? ?????????????? ????????????" msgid "update all keys from a keyserver" diff --git a/po/zh_CN.po b/po/zh_CN.po index 3d5f8bc..51364a7 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -1924,13 +1924,13 @@ msgstr "????????????" msgid "export keys" msgstr "????????????" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "??????????????????????????????????????????" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "?????????????????????????????????" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "?????????????????????????????????" msgid "update all keys from a keyserver" diff --git a/po/zh_TW.po b/po/zh_TW.po index 22aebfa..991db81 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -1823,13 +1823,13 @@ msgstr "????????????" msgid "export keys" msgstr "????????????" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "?????????????????????????????????" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "??????????????????????????????" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "?????????????????????????????????" msgid "update all keys from a keyserver" diff --git a/sm/gpgsm.c b/sm/gpgsm.c index e6fd703..8663ac8 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -211,8 +211,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")), ARGPARSE_c (aDeleteKey, "delete-keys", N_("remove keys from the public keyring")), -/*ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a key server")),*/ -/*ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")),*/ +/*ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a keyserver")),*/ +/*ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a keyserver")),*/ ARGPARSE_c (aImport, "import", N_("import certificates")), ARGPARSE_c (aExport, "export", N_("export certificates")), ----------------------------------------------------------------------- Summary of changes: common/openpgpdefs.h | 2 +- dirmngr/http.c | 2 +- doc/DETAILS | 2 +- g10/gpg.c | 6 +++--- g10/gpgcompose.c | 4 ++-- g10/keyserver.c | 2 +- g10/parse-packet.c | 4 ++-- po/ca.po | 6 +++--- po/cs.po | 6 +++--- po/da.po | 6 +++--- po/de.po | 6 +++--- po/el.po | 6 +++--- po/eo.po | 6 +++--- po/es.po | 6 +++--- po/et.po | 6 +++--- po/fi.po | 6 +++--- po/fr.po | 6 +++--- po/gl.po | 6 +++--- po/hu.po | 6 +++--- po/id.po | 14 +++++++------- po/it.po | 16 ++++++++-------- po/ja.po | 6 +++--- po/nb.po | 6 +++--- po/pl.po | 6 +++--- po/pt.po | 6 +++--- po/ro.po | 6 +++--- po/ru.po | 6 +++--- po/sk.po | 6 +++--- po/sv.po | 6 +++--- po/tr.po | 6 +++--- po/uk.po | 6 +++--- po/zh_CN.po | 6 +++--- po/zh_TW.po | 6 +++--- sm/gpgsm.c | 4 ++-- 34 files changed, 100 insertions(+), 100 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 12:06:11 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 12:06:11 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-81-gf980cd2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f980cd2e0e4694a38038f518f290017087d4ce33 (commit) via 1affdf1efc42ed22dc023c92ca5134d5bcbf2686 (commit) from 5ddccf4fc650eeb08bee7bea3e6cd889e4e32fab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f980cd2e0e4694a38038f518f290017087d4ce33 Author: Werner Koch Date: Tue Jun 14 12:04:01 2016 +0200 gpg: Avoid endless loop in a tofu error case. * g10/tofu.c (get_trust): Do not jump to out. -- Signed-off-by: Werner Koch diff --git a/g10/tofu.c b/g10/tofu.c index 4b752f7..471aec6 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2258,7 +2258,7 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, { log_error (_("error changing TOFU policy: %s\n"), sqerr); sqlite3_free (sqerr); - goto out; /* FIXME */ + sqerr = NULL; } } commit 1affdf1efc42ed22dc023c92ca5134d5bcbf2686 Author: Werner Koch Date: Tue Jun 14 12:02:22 2016 +0200 gpg: Split tofu's get_trust function into several smaller ones. * g10/tofu.c (get_trust): Factor code out to ... (format_conflict_msg_part1): new and to ... (ask_about_binding): new. -- Signed-off-by: Werner Koch diff --git a/g10/tofu.c b/g10/tofu.c index d11a8de..4b752f7 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1602,6 +1602,411 @@ get_policy (tofu_dbs_t dbs, const char *fingerprint, const char *email, return policy; } + +/* Format the first part of a conflict message and return that as a + * malloced string. */ +static char * +format_conflict_msg_part1 (int policy, const char *conflict, + const char *fingerprint, const char *email) +{ + estream_t fp; + char *binding; + int binding_shown = 0; + char *tmpstr, *text; + + binding = xasprintf ("<%s, %s>", fingerprint, email); + + fp = es_fopenmem (0, "rw,samethread"); + if (!fp) + log_fatal ("error creating memory stream: %s\n", + gpg_strerror (gpg_error_from_syserror())); + + if (policy == TOFU_POLICY_NONE) + { + es_fprintf (fp, _("The binding %s is NOT known."), binding); + es_fputs (" ", fp); + binding_shown = 1; + } + else if (policy == TOFU_POLICY_ASK + /* If there the conflict is with itself, then don't + * display this message. */ + && conflict && strcmp (conflict, fingerprint)) + { + es_fprintf (fp, + _("The key with fingerprint %s raised a conflict " + "with the binding %s." + " Since this binding's policy was 'auto', it was " + "changed to 'ask'."), + conflict, binding); + es_fputs (" ", fp); + binding_shown = 1; + } + + /* TRANSLATORS: The %s%s is replaced by either a fingerprint and a + blank or by two empty strings. */ + es_fprintf (fp, + _("Please indicate whether you believe the binding %s%s" + "is legitimate (the key belongs to the stated owner) " + "or a forgery (bad)."), + binding_shown ? "" : binding, + binding_shown ? "" : " "); + es_fputc ('\n', fp); + + xfree (binding); + + es_fputc (0, fp); + if (es_fclose_snatch (fp, (void **)&tmpstr, NULL)) + log_fatal ("error snatching memory stream\n"); + text = format_text (tmpstr, 0, 72, 80); + es_free (tmpstr); + + return text; +} + + +/* Ask the user about the binding. There are three ways we could end + * up here: + * + * - This is a new binding and there is a conflict + * (policy == TOFU_POLICY_NONE && bindings_with_this_email_count > 0), + * + * - This is a new binding and opt.tofu_default_policy is set to + * ask. (policy == TOFU_POLICY_NONE && opt.tofu_default_policy == + * TOFU_POLICY_ASK), or, + * + * - The policy is ask (the user deferred last time) (policy == + * TOFU_POLICY_ASK). + */ +static void +ask_about_binding (tofu_dbs_t dbs, + struct db *db, + enum tofu_policy *policy, + int *trust_level, + int bindings_with_this_email_count, + strlist_t bindings_with_this_email, + char *conflict, + const char *fingerprint, + const char *email, + const char *user_id) +{ + char *sqerr = NULL; + int rc; + estream_t fp; + strlist_t other_user_ids = NULL; + struct signature_stats *stats = NULL; + struct signature_stats *stats_iter = NULL; + char *prompt; + char *choices; + struct db *db_key; + + fp = es_fopenmem (0, "rw,samethread"); + if (!fp) + log_fatal ("error creating memory stream: %s\n", + gpg_strerror (gpg_error_from_syserror())); + + { + char *text = format_conflict_msg_part1 (*policy, conflict, + fingerprint, email); + es_fputs (text, fp); + es_fputc ('\n', fp); + xfree (text); + } + + /* Find other user ids associated with this key and whether the + * bindings are marked as good or bad. */ + if (opt.tofu_db_format == TOFU_DB_SPLIT) + { + /* In the split format, we need to search in the fingerprint DB + * for all the emails associated with this key, not the email DB. */ + db_key = getdb (dbs, fingerprint, DB_KEY); + } + else + db_key = db; + + if (db_key) + { + rc = gpgsql_stepx + (db_key->db, &db_key->s.get_trust_gather_other_user_ids, + strings_collect_cb2, &other_user_ids, &sqerr, + opt.tofu_db_format == TOFU_DB_SPLIT + ? "select user_id, email from bindings where fingerprint = ?;" + : "select user_id, policy from bindings where fingerprint = ?;", + SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_END); + if (rc) + { + log_error (_("error gathering other user IDs: %s\n"), sqerr); + sqlite3_free (sqerr); + sqerr = NULL; + } + } + + if (other_user_ids) + { + strlist_t strlist_iter; + + es_fprintf (fp, _("Known user IDs associated with this key:\n")); + for (strlist_iter = other_user_ids; + strlist_iter; + strlist_iter = strlist_iter->next) + { + char *other_user_id = strlist_iter->d; + char *other_thing; + enum tofu_policy other_policy; + + log_assert (strlist_iter->next); + strlist_iter = strlist_iter->next; + other_thing = strlist_iter->d; + + if (opt.tofu_db_format == TOFU_DB_SPLIT) + other_policy = get_policy (dbs, fingerprint, other_thing, NULL); + else + other_policy = atoi (other_thing); + + es_fprintf (fp, " %s (", other_user_id); + es_fprintf (fp, _("policy: %s"), tofu_policy_str (other_policy)); + es_fprintf (fp, ")\n"); + } + es_fprintf (fp, "\n"); + + free_strlist (other_user_ids); + } + + /* Find other keys associated with this email address. */ + /* FIXME: When generating the statistics, do we want the time + embedded in the signature (column 'sig_time') or the time that + we first verified the signature (column 'time'). */ + rc = gpgsql_stepx + (db->db, &db->s.get_trust_gather_other_keys, + signature_stats_collect_cb, &stats, &sqerr, + "select fingerprint, policy, time_ago, count(*)\n" + " from (select bindings.*,\n" + " case\n" + /* From the future (but if its just a couple of hours in the + * future don't turn it into a warning)? Or should we use + * small, medium or large units? (Note: whatever we do, we + * keep the value in seconds. Then when we group, everything + * that rounds to the same number of seconds is grouped.) */ + " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then -1\n" + " when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n" + " then max(0,\n" + " round(delta / ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" + " * ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" + " when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n" + " then round(delta / ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)"))\n" + " * ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)")\n" + " else round(delta / ("STRINGIFY (TIME_AGO_UNIT_LARGE)"))\n" + " * ("STRINGIFY (TIME_AGO_UNIT_LARGE)")\n" + " end time_ago,\n" + " delta time_ago_raw\n" + " from bindings\n" + " left join\n" + " (select *,\n" + " cast(strftime('%s','now') - sig_time as real) delta\n" + " from signatures) ss\n" + " on ss.binding = bindings.oid)\n" + " where email = ?\n" + " group by fingerprint, time_ago\n" + /* Make sure the current key is first. */ + " order by fingerprint = ? asc, fingerprint desc, time_ago desc;\n", + SQLITE_ARG_STRING, email, SQLITE_ARG_STRING, fingerprint, + SQLITE_ARG_END); + if (rc) + { + strlist_t strlist_iter; + + log_error (_("error gathering signature stats: %s\n"), sqerr); + sqlite3_free (sqerr); + sqerr = NULL; + + es_fprintf (fp, ngettext("The email address \"%s\" is" + " associated with %d key:\n", + "The email address \"%s\" is" + " associated with %d keys:\n", + bindings_with_this_email_count), + email, bindings_with_this_email_count); + for (strlist_iter = bindings_with_this_email; + strlist_iter; + strlist_iter = strlist_iter->next) + es_fprintf (fp, " %s\n", strlist_iter->d); + } + else + { + char *key = NULL; + + if (! stats || strcmp (stats->fingerprint, fingerprint)) + { + /* If we have already added this key to the DB, then it will + * be first (see the above select). Since the first key on + * the list is not this key, we must not yet have verified any + * messages signed by this key. Add a dummy entry. */ + signature_stats_prepend (&stats, fingerprint, TOFU_POLICY_AUTO, 0, 0); + } + + es_fprintf (fp, _("Statistics for keys with the email address \"%s\":\n"), + email); + for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) + { + if (! key || strcmp (key, stats_iter->fingerprint)) + { + int this_key; + char *key_pp; + + key = stats_iter->fingerprint; + this_key = strcmp (key, fingerprint) == 0; + key_pp = format_hexfingerprint (key, NULL, 0); + es_fprintf (fp, " %s (", key_pp); + if (this_key) + es_fprintf (fp, _("this key")); + else + es_fprintf (fp, _("policy: %s"), + tofu_policy_str (stats_iter->policy)); + es_fputs ("):\n", fp); + xfree (key_pp); + } + + es_fputs (" ", fp); + if (stats_iter->time_ago == -1) + es_fprintf (fp, ngettext("%ld message signed in the future.", + "%ld messages signed in the future.", + stats_iter->count), stats_iter->count); + else + { + long t_scaled = time_ago_scale (stats_iter->time_ago); + + /* TANSLATORS: This string is concatenated with one of + * the day/week/month strings to form one sentence. */ + es_fprintf (fp, ngettext("%ld message signed", + "%ld messages signed", + stats_iter->count), stats_iter->count); + if (!stats_iter->count) + es_fputs (".", fp); + else if (stats_iter->time_ago < TIME_AGO_UNIT_MEDIUM) + es_fprintf (fp, ngettext(" over the past %ld day.", + " over the past %ld days.", + t_scaled), t_scaled); + else if (stats_iter->time_ago < TIME_AGO_UNIT_LARGE) + es_fprintf (fp, ngettext(" over the past %ld week.", + " over the past %ld weeks.", + t_scaled), t_scaled); + else + es_fprintf (fp, ngettext(" over the past %ld month.", + " over the past %ld months.", + t_scaled), t_scaled); + } + es_fputs ("\n", fp); + } + } + + + if ((*policy == TOFU_POLICY_NONE && bindings_with_this_email_count > 0) + || (*policy == TOFU_POLICY_ASK && conflict)) + { + /* This is a conflict. */ + + /* TRANSLATORS: Please translate the text found in the source + * file below. We don't directly internationalize that text so + * that we can tweak it without breaking translations. */ + char *text = _("TOFU detected a binding conflict"); + char *textbuf; + if (!strcmp (text, "TOFU detected a binding conflict")) + { + /* No translation. Use the English text. */ + text = + "Normally, there is only a single key associated with an email " + "address. However, people sometimes generate a new key if " + "their key is too old or they think it might be compromised. " + "Alternatively, a new key may indicate a man-in-the-middle " + "attack! Before accepting this key, you should talk to or " + "call the person to make sure this new key is legitimate."; + } + textbuf = format_text (text, 0, 72, 80); + es_fprintf (fp, "\n%s\n", text); + xfree (textbuf); + } + + es_fputc ('\n', fp); + + /* Add a NUL terminator. */ + es_fputc (0, fp); + if (es_fclose_snatch (fp, (void **) &prompt, NULL)) + log_fatal ("error snatching memory stream\n"); + + /* I think showing the large message once is sufficient. If we + * would move it right before the cpr_get many lines will scroll + * away and the user might not realize that he merely entered a + * wrong choise (because he does not see that either). As a small + * benefit we allow C-L to redisplay everything. */ + tty_printf ("%s", prompt); + while (1) + { + char *response; + + /* TRANSLATORS: Two letters (normally the lower and upper case + * version of the hotkey) for each of the five choices. If + * there is only one choice in your language, repeat it. */ + choices = _("gG" "aA" "uU" "rR" "bB"); + if (strlen (choices) != 10) + log_bug ("Bad TOFU conflict translation! Please report."); + + response = cpr_get + ("tofu.conflict", + _("(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? ")); + trim_spaces (response); + cpr_kill_prompt (); + if (*response == CONTROL_L) + tty_printf ("%s", prompt); + else if (strlen (response) == 1) + { + char *choice = strchr (choices, *response); + if (choice) + { + int c = ((size_t) choice - (size_t) choices) / 2; + + switch (c) + { + case 0: /* Good. */ + *policy = TOFU_POLICY_GOOD; + *trust_level = tofu_policy_to_trust_level (*policy); + break; + case 1: /* Accept once. */ + *policy = TOFU_POLICY_ASK; + *trust_level = tofu_policy_to_trust_level (TOFU_POLICY_GOOD); + break; + case 2: /* Unknown. */ + *policy = TOFU_POLICY_UNKNOWN; + *trust_level = tofu_policy_to_trust_level (*policy); + break; + case 3: /* Reject once. */ + *policy = TOFU_POLICY_ASK; + *trust_level = tofu_policy_to_trust_level (TOFU_POLICY_BAD); + break; + case 4: /* Bad. */ + *policy = TOFU_POLICY_BAD; + *trust_level = tofu_policy_to_trust_level (*policy); + break; + default: + log_bug ("c should be between 0 and 4 but it is %d!", c); + } + + if (record_binding (dbs, fingerprint, email, user_id, + *policy, 0)) + { + /* If there's an error registering the + * binding, don't save the signature. */ + *trust_level = _tofu_GET_TRUST_ERROR; + } + break; + } + } + xfree (response); + } + + xfree (prompt); + + signature_stats_free (stats); +} + + /* Return the trust level (TRUST_NEVER, etc.) for the binding * (email is already normalized). If no policy * is registered, returns TOFU_POLICY_NONE. If an error occurs, @@ -1621,12 +2026,11 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, const char *fingerprint, const char *email, const char *user_id, int may_ask) { - char *fingerprint_pp; struct db *db; enum tofu_policy policy; char *conflict = NULL; int rc; - char *err = NULL; + char *sqerr = NULL; strlist_t bindings_with_this_email = NULL; int bindings_with_this_email_count; int change_conflicting_to_ask = 0; @@ -1649,8 +2053,6 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, if (! db) return _tofu_GET_TRUST_ERROR; - fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); - policy = get_policy (dbs, fingerprint, email, &conflict); if (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_NONE) { /* See if the key is ultimately trusted. If so, we're done. */ @@ -1692,7 +2094,7 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, case TOFU_POLICY_UNKNOWN: case TOFU_POLICY_BAD: /* The saved judgement is auto -> auto, good, unknown or bad. - We don't need to ask the user anything. */ + * We don't need to ask the user anything. */ if (DBG_TRUST) log_debug ("TOFU: Known binding <%s, %s>'s policy: %s\n", fingerprint, email, tofu_policy_str (policy)); @@ -1711,7 +2113,7 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, case TOFU_POLICY_NONE: /* The binding is new, we need to check for conflicts. Case #3 - below. */ + * below. */ break; case _tofu_GET_POLICY_ERROR: @@ -1724,49 +2126,51 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, /* We get here if: - - 1. The saved policy is auto and the default policy is ask - (get_policy() == TOFU_POLICY_AUTO - && opt.tofu_default_policy == TOFU_POLICY_ASK) - - 2. The saved policy is ask (either last time the user selected - accept once or reject once or there was a conflict and this - binding's policy was changed from auto to ask) - (policy == TOFU_POLICY_ASK), or, - - 3. We don't have a saved policy (policy == TOFU_POLICY_NONE) - (need to check for a conflict). + * + * 1. The saved policy is auto and the default policy is ask + * (get_policy() == TOFU_POLICY_AUTO + * && opt.tofu_default_policy == TOFU_POLICY_ASK) + * + * 2. The saved policy is ask (either last time the user selected + * accept once or reject once or there was a conflict and this + * binding's policy was changed from auto to ask) + * (policy == TOFU_POLICY_ASK), or, + * + * 3. We don't have a saved policy (policy == TOFU_POLICY_NONE) + * (need to check for a conflict). */ /* Look for conflicts. This is needed in all 3 cases. - - Get the fingerprints of any bindings that share the email - address. Note: if the binding in question is in the DB, it will - also be returned. Thus, if the result set is empty, then this is - a new binding. */ + * + * Get the fingerprints of any bindings that share the email + * address. Note: if the binding in question is in the DB, it will + * also be returned. Thus, if the result set is empty, then this is + * a new binding. */ rc = gpgsql_stepx (db->db, &db->s.get_trust_bindings_with_this_email, - strings_collect_cb2, &bindings_with_this_email, &err, + strings_collect_cb2, &bindings_with_this_email, &sqerr, "select distinct fingerprint from bindings where email = ?;", SQLITE_ARG_STRING, email, SQLITE_ARG_END); if (rc) { - log_error (_("error reading TOFU database: %s\n"), err); + log_error (_("error reading TOFU database: %s\n"), sqerr); print_further_info ("listing fingerprints"); - sqlite3_free (err); + sqlite3_free (sqerr); goto out; } bindings_with_this_email_count = strlist_length (bindings_with_this_email); if (bindings_with_this_email_count == 0 && opt.tofu_default_policy != TOFU_POLICY_ASK) - /* New binding with no conflict and a concrete default policy. - - We've never observed a binding with this email address - (BINDINGS_WITH_THIS_EMAIL_COUNT is 0 and the above query would return - the current binding if it were in the DB) and we have a default - policy, which is not to ask the user. */ { + /* New binding with no conflict and a concrete default policy. + * + * We've never observed a binding with this email address + * BINDINGS_WITH_THIS_EMAIL_COUNT is 0 and the above query would + * return the current binding if it were in the DB) and we have + * a default policy, which is not to ask the user. + */ + /* If we've seen this binding, then we've seen this email and policy couldn't possibly be TOFU_POLICY_NONE. */ log_assert (policy == TOFU_POLICY_NONE); @@ -1789,18 +2193,20 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, } if (policy == TOFU_POLICY_NONE) - /* This is a new binding and we have a conflict. Mark any - conflicting bindings that have an automatic policy as now - requiring confirmation. Note: we delay this until after we ask - for confirmation so that when the current policy is printed, it - is correct. */ - change_conflicting_to_ask = 1; + { + /* This is a new binding and we have a conflict. Mark any + * conflicting bindings that have an automatic policy as now + * requiring confirmation. Note: we delay this until after we + * ask for confirmation so that when the current policy is + * printed, it is correct. */ + change_conflicting_to_ask = 1; + } if (! may_ask) - /* We can only get here in the third case (no saved policy) and if - there is a conflict. (If the policy was ask (cases #1 and #2) - and we weren't allowed to ask, we'd have already exited). */ { + /* We can only get here in the third case (no saved policy) and + * if there is a conflict. (If the policy was ask (cases #1 and + * #2) and we weren't allowed to ask, we'd have already exited). */ log_assert (policy == TOFU_POLICY_NONE); if (record_binding (dbs, fingerprint, email, user_id, @@ -1812,412 +2218,52 @@ get_trust (tofu_dbs_t dbs, PKT_public_key *pk, goto out; } - /* If we get here, we need to ask the user about the binding. There - are three ways we could end up here: - - - This is a new binding and there is a conflict - (policy == TOFU_POLICY_NONE && bindings_with_this_email_count > 0), - - - This is a new binding and opt.tofu_default_policy is set to - ask. (policy == TOFU_POLICY_NONE && opt.tofu_default_policy == - TOFU_POLICY_ASK), or, - - - The policy is ask (the user deferred last time) (policy == - TOFU_POLICY_ASK). - */ - { - int is_conflict = - ((policy == TOFU_POLICY_NONE && bindings_with_this_email_count > 0) - || (policy == TOFU_POLICY_ASK && conflict)); - estream_t fp; - strlist_t other_user_ids = NULL; - struct signature_stats *stats = NULL; - struct signature_stats *stats_iter = NULL; - char *prompt; - char *choices; - - fp = es_fopenmem (0, "rw,samethread"); - if (! fp) - log_fatal ("error creating memory stream: %s\n", - gpg_strerror (gpg_error_from_syserror())); - - /* Format the first part of the message. */ - { - estream_t fp1; - char *binding = xasprintf ("<%s, %s>", fingerprint, email); - int binding_shown = 0; - char *tmpstr, *text; - - fp1 = es_fopenmem (0, "rw,samethread"); - if (!fp1) - log_fatal ("error creating memory stream: %s\n", - gpg_strerror (gpg_error_from_syserror())); - - if (policy == TOFU_POLICY_NONE) - { - es_fprintf (fp1, _("The binding %s is NOT known."), binding); - es_fputs (" ", fp1); - binding_shown = 1; - } - else if (policy == TOFU_POLICY_ASK - /* If there the conflict is with itself, then don't - display this message. */ - && conflict && strcmp (conflict, fingerprint) != 0) - { - es_fprintf (fp1, - _("The key with fingerprint %s raised a conflict " - "with the binding %s." - " Since this binding's policy was 'auto', it was " - "changed to 'ask'."), - conflict, binding); - es_fputs (" ", fp1); - binding_shown = 1; - } - - /* TRANSLATORS: The %s%s is replaced by either a fingerprint and a - blank or by two empty strings. */ - es_fprintf (fp1, - _("Please indicate whether you believe the binding %s%s" - "is legitimate (the key belongs to the stated owner) " - "or a forgery (bad)."), - binding_shown ? "" : binding, - binding_shown ? "" : " "); - es_fputc ('\n', fp1); - - xfree (binding); - - es_fputc (0, fp1); - if (es_fclose_snatch (fp1, (void **)&tmpstr, NULL)) - log_fatal ("error snatching memory stream\n"); - text = format_text (tmpstr, 0, 72, 80); - es_free (tmpstr); - - es_fputs (text, fp); - xfree (text); - } - - es_fputc ('\n', fp); - - /* Find other user ids associated with this key and whether the - bindings are marked as good or bad. */ - { - struct db *db_key; - - if (opt.tofu_db_format == TOFU_DB_SPLIT) - /* In the split format, we need to search in the fingerprint - DB for all the emails associated with this key, not the - email DB. */ - db_key = getdb (dbs, fingerprint, DB_KEY); - else - db_key = db; - - if (db_key) - { - rc = gpgsql_stepx - (db_key->db, &db_key->s.get_trust_gather_other_user_ids, - strings_collect_cb2, &other_user_ids, &err, - opt.tofu_db_format == TOFU_DB_SPLIT - ? "select user_id, email from bindings where fingerprint = ?;" - : "select user_id, policy from bindings where fingerprint = ?;", - SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_END); - if (rc) - { - log_error (_("error gathering other user IDs: %s\n"), err); - sqlite3_free (err); - err = NULL; - } - } - } - - if (other_user_ids) - { - strlist_t strlist_iter; - - es_fprintf (fp, _("Known user IDs associated with this key:\n")); - for (strlist_iter = other_user_ids; - strlist_iter; - strlist_iter = strlist_iter->next) - { - char *other_user_id = strlist_iter->d; - char *other_thing; - enum tofu_policy other_policy; - - log_assert (strlist_iter->next); - strlist_iter = strlist_iter->next; - other_thing = strlist_iter->d; - - if (opt.tofu_db_format == TOFU_DB_SPLIT) - other_policy = get_policy (dbs, fingerprint, other_thing, NULL); - else - other_policy = atoi (other_thing); - - es_fprintf (fp, " %s (", other_user_id); - es_fprintf (fp, _("policy: %s"), tofu_policy_str (other_policy)); - es_fprintf (fp, ")\n"); - } - es_fprintf (fp, "\n"); - - free_strlist (other_user_ids); - } - - /* Find other keys associated with this email address. */ - /* XXX: When generating the statistics, do we want the time - embedded in the signature (column 'sig_time') or the time that - we first verified the signature (column 'time'). */ - rc = gpgsql_stepx - (db->db, &db->s.get_trust_gather_other_keys, - signature_stats_collect_cb, &stats, &err, - "select fingerprint, policy, time_ago, count(*)\n" - " from (select bindings.*,\n" - " case\n" - /* From the future (but if its just a couple of hours in the - future don't turn it into a warning)? Or should we use - small, medium or large units? (Note: whatever we do, we - keep the value in seconds. Then when we group, everything - that rounds to the same number of seconds is grouped.) */ - " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then -1\n" - " when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n" - " then max(0,\n" - " round(delta / ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n" - " when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n" - " then round(delta / ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)")\n" - " else round(delta / ("STRINGIFY (TIME_AGO_UNIT_LARGE)"))\n" - " * ("STRINGIFY (TIME_AGO_UNIT_LARGE)")\n" - " end time_ago,\n" - " delta time_ago_raw\n" - " from bindings\n" - " left join\n" - " (select *,\n" - " cast(strftime('%s','now') - sig_time as real) delta\n" - " from signatures) ss\n" - " on ss.binding = bindings.oid)\n" - " where email = ?\n" - " group by fingerprint, time_ago\n" - /* Make sure the current key is first. */ - " order by fingerprint = ? asc, fingerprint desc, time_ago desc;\n", - SQLITE_ARG_STRING, email, SQLITE_ARG_STRING, fingerprint, - SQLITE_ARG_END); - if (rc) - { - strlist_t strlist_iter; - - log_error (_("error gathering signature stats: %s\n"), err); - sqlite3_free (err); - err = NULL; - - es_fprintf (fp, ngettext("The email address \"%s\" is" - " associated with %d key:\n", - "The email address \"%s\" is" - " associated with %d keys:\n", - bindings_with_this_email_count), - email, bindings_with_this_email_count); - for (strlist_iter = bindings_with_this_email; - strlist_iter; - strlist_iter = strlist_iter->next) - es_fprintf (fp, " %s\n", strlist_iter->d); - } - else - { - char *key = NULL; - - if (! stats || strcmp (stats->fingerprint, fingerprint) != 0) - /* If we have already added this key to the DB, then it will - be first (see the above select). Since the first key on - the list is not this key, we must not yet have verified - any messages signed by this key. Add a dummy entry. */ - signature_stats_prepend (&stats, fingerprint, TOFU_POLICY_AUTO, 0, 0); - - es_fprintf - (fp, _("Statistics for keys with the email address \"%s\":\n"), - email); - for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) - { - if (! key || strcmp (key, stats_iter->fingerprint) != 0) - { - int this_key; - char *key_pp; - key = stats_iter->fingerprint; - this_key = strcmp (key, fingerprint) == 0; - key_pp = format_hexfingerprint (key, NULL, 0); - es_fprintf (fp, " %s (", key_pp); - if (this_key) - es_fprintf (fp, _("this key")); - else - es_fprintf (fp, _("policy: %s"), - tofu_policy_str (stats_iter->policy)); - es_fputs ("):\n", fp); - xfree (key_pp); - } - - es_fputs (" ", fp); - if (stats_iter->time_ago == -1) - es_fprintf (fp, ngettext("%ld message signed in the future.", - "%ld messages signed in the future.", - stats_iter->count), stats_iter->count); - else - { - long t_scaled = time_ago_scale (stats_iter->time_ago); - - /* TANSLATORS: This string is concatenated with one of - * the day/week/month strings to form one sentence. */ - es_fprintf (fp, ngettext("%ld message signed", - "%ld messages signed", - stats_iter->count), stats_iter->count); - if (!stats_iter->count) - es_fputs (".", fp); - else if (stats_iter->time_ago < TIME_AGO_UNIT_MEDIUM) - es_fprintf (fp, ngettext(" over the past %ld day.", - " over the past %ld days.", - t_scaled), t_scaled); - else if (stats_iter->time_ago < TIME_AGO_UNIT_LARGE) - es_fprintf (fp, ngettext(" over the past %ld week.", - " over the past %ld weeks.", - t_scaled), t_scaled); - else - es_fprintf (fp, ngettext(" over the past %ld month.", - " over the past %ld months.", - t_scaled), t_scaled); - } - es_fputs ("\n", fp); - } - } - - if (is_conflict) - { - /* TRANSLATORS: Please translate the text found in the source - file below. We don't directly internationalize that text - so that we can tweak it without breaking translations. */ - char *text = _("TOFU detected a binding conflict"); - char *textbuf; - if (strcmp (text, "TOFU detected a binding conflict") == 0) - /* No translation. Use the English text. */ - text = - "Normally, there is only a single key associated with an email " - "address. However, people sometimes generate a new key if " - "their key is too old or they think it might be compromised. " - "Alternatively, a new key may indicate a man-in-the-middle " - "attack! Before accepting this key, you should talk to or " - "call the person to make sure this new key is legitimate."; - textbuf = format_text (text, 0, 72, 80); - es_fprintf (fp, "\n%s\n", text); - xfree (textbuf); - } - - es_fputc ('\n', fp); - - /* Add a NUL terminator. */ - es_fputc (0, fp); - if (es_fclose_snatch (fp, (void **) &prompt, NULL)) - log_fatal ("error snatching memory stream\n"); - - /* I think showing the large message once is sufficient. If we - would move it right before the cpr_get many lines will scroll - away and the user might not realize that he merely entered a - wrong choise (because he does not see that either). As a small - benefit we allow C-L to redisplay everything. */ - tty_printf ("%s", prompt); - while (1) - { - char *response; - - /* TRANSLATORS: Two letters (normally the lower and upper case - version of the hotkey) for each of the five choices. If - there is only one choice in your language, repeat it. */ - choices = _("gG" "aA" "uU" "rR" "bB"); - if (strlen (choices) != 10) - log_bug ("Bad TOFU conflict translation! Please report."); - - response = cpr_get - ("tofu.conflict", - _("(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? ")); - trim_spaces (response); - cpr_kill_prompt (); - if (*response == CONTROL_L) - tty_printf ("%s", prompt); - else if (strlen (response) == 1) - { - char *choice = strchr (choices, *response); - if (choice) - { - int c = ((size_t) choice - (size_t) choices) / 2; - - switch (c) - { - case 0: /* Good. */ - policy = TOFU_POLICY_GOOD; - trust_level = tofu_policy_to_trust_level (policy); - break; - case 1: /* Accept once. */ - policy = TOFU_POLICY_ASK; - trust_level = - tofu_policy_to_trust_level (TOFU_POLICY_GOOD); - break; - case 2: /* Unknown. */ - policy = TOFU_POLICY_UNKNOWN; - trust_level = tofu_policy_to_trust_level (policy); - break; - case 3: /* Reject once. */ - policy = TOFU_POLICY_ASK; - trust_level = - tofu_policy_to_trust_level (TOFU_POLICY_BAD); - break; - case 4: /* Bad. */ - policy = TOFU_POLICY_BAD; - trust_level = tofu_policy_to_trust_level (policy); - break; - default: - log_bug ("c should be between 0 and 4 but it is %d!", c); - } - - if (record_binding (dbs, fingerprint, email, user_id, - policy, 0) != 0) - /* If there's an error registering the - binding, don't save the signature. */ - trust_level = _tofu_GET_TRUST_ERROR; - - break; - } - } - xfree (response); - } - - xfree (prompt); - - signature_stats_free (stats); - } + /* If we get here, we need to ask the user about the binding. */ + ask_about_binding (dbs, db, + &policy, + &trust_level, + bindings_with_this_email_count, + bindings_with_this_email, + conflict, + fingerprint, + email, + user_id); out: if (change_conflicting_to_ask) { if (! may_ask) - /* If we weren't allowed to ask, also update this key as - conflicting with itself. */ - rc = gpgsql_exec_printf - (db->db, NULL, NULL, &err, - "update bindings set policy = %d, conflict = %Q" - " where email = %Q" - " and (policy = %d or (policy = %d and fingerprint = %Q));", - TOFU_POLICY_ASK, fingerprint, email, TOFU_POLICY_AUTO, - TOFU_POLICY_ASK, fingerprint); + { + /* If we weren't allowed to ask, also update this key as + conflicting with itself. */ + rc = gpgsql_exec_printf + (db->db, NULL, NULL, &sqerr, + "update bindings set policy = %d, conflict = %Q" + " where email = %Q" + " and (policy = %d or (policy = %d and fingerprint = %Q));", + TOFU_POLICY_ASK, fingerprint, email, TOFU_POLICY_AUTO, + TOFU_POLICY_ASK, fingerprint); + } else - rc = gpgsql_exec_printf - (db->db, NULL, NULL, &err, - "update bindings set policy = %d, conflict = %Q" - " where email = %Q and fingerprint != %Q and policy = %d;", - TOFU_POLICY_ASK, fingerprint, email, fingerprint, TOFU_POLICY_AUTO); + { + rc = gpgsql_exec_printf + (db->db, NULL, NULL, &sqerr, + "update bindings set policy = %d, conflict = %Q" + " where email = %Q and fingerprint != %Q and policy = %d;", + TOFU_POLICY_ASK, fingerprint, email, fingerprint, + TOFU_POLICY_AUTO); + } + if (rc) { - log_error (_("error changing TOFU policy: %s\n"), err); - sqlite3_free (err); - goto out; + log_error (_("error changing TOFU policy: %s\n"), sqerr); + sqlite3_free (sqerr); + goto out; /* FIXME */ } } xfree (conflict); free_strlist (bindings_with_this_email); - xfree (fingerprint_pp); return trust_level; } ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 914 ++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 480 insertions(+), 434 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 15:54:57 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 15:54:57 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.0-9-g6cc2100 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4 (commit) from 1f769e3e8442bae2f1f73c656920bb2df70153c0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4 Author: Werner Koch Date: Tue Jun 14 15:53:10 2016 +0200 cipher: Assign OIDs to the Serpent cipher. * cipher/serpent.c (serpent128_oids, serpent192_oids) (serpent256_oids): New. Add them to the specs blow. (serpent128_aliases): Add "SERPENT-128". (serpent256_aliases, serpent192_aliases): New. Signed-off-by: Werner Koch diff --git a/cipher/serpent.c b/cipher/serpent.c index 4ef7f52..ef19d3b 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -1734,18 +1734,54 @@ serpent_test (void) } +static gcry_cipher_oid_spec_t serpent128_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.1", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.2", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.3", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.4", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; + +static gcry_cipher_oid_spec_t serpent192_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.21", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.22", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.23", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.24", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; + +static gcry_cipher_oid_spec_t serpent256_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.41", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.42", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.43", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.44", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; -/* "SERPENT" is an alias for "SERPENT128". */ -static const char *cipher_spec_serpent128_aliases[] = +static const char *serpent128_aliases[] = { "SERPENT", + "SERPENT-128", + NULL + }; +static const char *serpent192_aliases[] = + { + "SERPENT-192", + NULL + }; +static const char *serpent256_aliases[] = + { + "SERPENT-256", NULL }; gcry_cipher_spec_t _gcry_cipher_spec_serpent128 = { GCRY_CIPHER_SERPENT128, {0, 0}, - "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128, + "SERPENT128", serpent128_aliases, serpent128_oids, 16, 128, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; @@ -1753,7 +1789,7 @@ gcry_cipher_spec_t _gcry_cipher_spec_serpent128 = gcry_cipher_spec_t _gcry_cipher_spec_serpent192 = { GCRY_CIPHER_SERPENT192, {0, 0}, - "SERPENT192", NULL, NULL, 16, 192, + "SERPENT192", serpent192_aliases, serpent192_oids, 16, 192, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; @@ -1761,7 +1797,7 @@ gcry_cipher_spec_t _gcry_cipher_spec_serpent192 = gcry_cipher_spec_t _gcry_cipher_spec_serpent256 = { GCRY_CIPHER_SERPENT256, {0, 0}, - "SERPENT256", NULL, NULL, 16, 256, + "SERPENT256", serpent256_aliases, serpent256_oids, 16, 256, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; ----------------------------------------------------------------------- Summary of changes: cipher/serpent.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 15:55:57 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 15:55:57 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-10-ge13a6a1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e13a6a1ba53127af602713d0c2aaa85c94b3cd7e (commit) from ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e13a6a1ba53127af602713d0c2aaa85c94b3cd7e Author: Werner Koch Date: Tue Jun 14 15:53:10 2016 +0200 cipher: Assign OIDs to the Serpent cipher. * cipher/serpent.c (serpent128_oids, serpent192_oids) (serpent256_oids): New. Add them to the specs blow. (serpent128_aliases): Add "SERPENT-128". (serpent256_aliases, serpent192_aliases): New. Signed-off-by: Werner Koch diff --git a/cipher/serpent.c b/cipher/serpent.c index 4ef7f52..ef19d3b 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -1734,18 +1734,54 @@ serpent_test (void) } +static gcry_cipher_oid_spec_t serpent128_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.1", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.2", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.3", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.4", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; + +static gcry_cipher_oid_spec_t serpent192_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.21", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.22", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.23", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.24", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; + +static gcry_cipher_oid_spec_t serpent256_oids[] = + { + {"1.3.6.1.4.1.11591.13.2.41", GCRY_CIPHER_MODE_ECB }, + {"1.3.6.1.4.1.11591.13.2.42", GCRY_CIPHER_MODE_CBC }, + {"1.3.6.1.4.1.11591.13.2.43", GCRY_CIPHER_MODE_OFB }, + {"1.3.6.1.4.1.11591.13.2.44", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; -/* "SERPENT" is an alias for "SERPENT128". */ -static const char *cipher_spec_serpent128_aliases[] = +static const char *serpent128_aliases[] = { "SERPENT", + "SERPENT-128", + NULL + }; +static const char *serpent192_aliases[] = + { + "SERPENT-192", + NULL + }; +static const char *serpent256_aliases[] = + { + "SERPENT-256", NULL }; gcry_cipher_spec_t _gcry_cipher_spec_serpent128 = { GCRY_CIPHER_SERPENT128, {0, 0}, - "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128, + "SERPENT128", serpent128_aliases, serpent128_oids, 16, 128, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; @@ -1753,7 +1789,7 @@ gcry_cipher_spec_t _gcry_cipher_spec_serpent128 = gcry_cipher_spec_t _gcry_cipher_spec_serpent192 = { GCRY_CIPHER_SERPENT192, {0, 0}, - "SERPENT192", NULL, NULL, 16, 192, + "SERPENT192", serpent192_aliases, serpent192_oids, 16, 192, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; @@ -1761,7 +1797,7 @@ gcry_cipher_spec_t _gcry_cipher_spec_serpent192 = gcry_cipher_spec_t _gcry_cipher_spec_serpent256 = { GCRY_CIPHER_SERPENT256, {0, 0}, - "SERPENT256", NULL, NULL, 16, 256, + "SERPENT256", serpent256_aliases, serpent256_oids, 16, 256, sizeof (serpent_context_t), serpent_setkey, serpent_encrypt, serpent_decrypt }; ----------------------------------------------------------------------- Summary of changes: cipher/serpent.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 16:08:40 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 16:08:40 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-83-g5f9bd7a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5f9bd7a9e1ed4edcbb6c4e908d4bea5cd7dc9e68 (commit) via 2423238ee4c8a8c531dfe9e45c95f2760b638faa (commit) from f980cd2e0e4694a38038f518f290017087d4ce33 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5f9bd7a9e1ed4edcbb6c4e908d4bea5cd7dc9e68 Author: Werner Koch Date: Tue Jun 14 15:57:57 2016 +0200 gpgsm: Allow ciphers AES192 and SERPENT256 * sm/gpgsm.c (main): Add AES192 cipher. Allow SERPENT256. -- Note that currently released Libcgrypt versions miss OIDs for Serpent and thus Serpent can only be used with tye forthcoming Libgcrypt 1.7.1. GnuPG-bug-id: 2273 Signed-off-by: Werner Koch diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 8663ac8..9b7dd4b 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1559,6 +1559,8 @@ main ( int argc, char **argv) else if (!strcmp (opt.def_cipher_algoid, "AES") || !strcmp (opt.def_cipher_algoid, "AES128")) opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.2"; + else if (!strcmp (opt.def_cipher_algoid, "AES192") ) + opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.22"; else if (!strcmp (opt.def_cipher_algoid, "AES256") ) opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.42"; else if (!strcmp (opt.def_cipher_algoid, "SERPENT") @@ -1566,7 +1568,7 @@ main ( int argc, char **argv) opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.2"; else if (!strcmp (opt.def_cipher_algoid, "SERPENT192") ) opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.22"; - else if (!strcmp (opt.def_cipher_algoid, "SERPENT192") ) + else if (!strcmp (opt.def_cipher_algoid, "SERPENT256") ) opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.42"; else if (!strcmp (opt.def_cipher_algoid, "SEED") ) opt.def_cipher_algoid = "1.2.410.200004.1.4"; commit 2423238ee4c8a8c531dfe9e45c95f2760b638faa Author: Werner Koch Date: Tue Jun 14 14:57:49 2016 +0200 doc: Add files and envvars to a new index. * doc/gnupg.texi: Define new index "ef". (Environment Index): New. Signed-off-by: Werner Koch diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 5b73d7b..e87442f 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -312,6 +312,7 @@ value to access HTTP servers. @item --http-proxy @var{host}[:@var{port}] @opindex http-proxy + at efindex http_proxy Use @var{host} and @var{port} to access HTTP servers. The use of this option overrides the environment variable @env{http_proxy} regardless whether @option{--honor-http-proxy} has been set. diff --git a/doc/gnupg.texi b/doc/gnupg.texi index d0e5199..c99c129 100644 --- a/doc/gnupg.texi +++ b/doc/gnupg.texi @@ -15,13 +15,22 @@ @macro mancont @end macro + + @c Create a separate index for command line options. @defcodeindex op - at c Merge the standard indexes into a single one. + at c Create an index vor environment variables and files. + at defcodeindex ef + + at c Merge the function index into the concept index. @syncodeindex fn cp + at c Merge the variable index into the concept index. @syncodeindex vr cp + at c Merge the keystroke index into the concept index. @syncodeindex ky cp + at c Merge the program index into the concept index. @syncodeindex pg cp + at c Merge the data type index into the concept index. @syncodeindex tp cp @c %**end of header @copying @@ -144,6 +153,7 @@ the administration and the architecture. * Glossary:: Short description of terms used. * Option Index:: Index to command line options. +* Environment Index:: Index to environment variables and files. * Index:: Index of concepts and symbol names. @end menu @@ -192,6 +202,11 @@ the administration and the architecture. @printindex op + at node Environment Index + at unnumbered Environment Variable and File Index + + at printindex ef + @node Index @unnumbered Index diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index b45874d..37774dd 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -85,6 +85,7 @@ gpg-connect-agent /bye @end example @noindent + at efindex GPG_TTY You should always add the following lines to your @code{.bashrc} or whatever initialization file is used for all shell invocations: @@ -295,6 +296,7 @@ debugging. @itemx --csh @opindex sh @opindex csh + at efindex SHELL Format the info output in daemon mode for use with the standard Bourne shell or the C-shell respectively. The default is to guess it based on the environment variable @code{SHELL} which is correct in almost all @@ -309,6 +311,7 @@ should in general not be used to avoid X-sniffing attacks. @anchor{option --log-file} @item --log-file @var{file} @opindex log-file + at efindex HKCU\Software\GNU\GnuPG:DefaultLogFile Append all logging output to @var{file}. This is very helpful in seeing what the agent actually does. If neither a log file nor a log file descriptor has been set on a Windows platform, the Registry entry @@ -613,7 +616,7 @@ agent. By default they may all be found in the current home directory @table @file @item gpg-agent.conf - at cindex gpg-agent.conf + at efindex gpg-agent.conf This is the standard configuration file read by @command{gpg-agent} on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. @@ -623,6 +626,7 @@ agent. By default they may all be found in the current home directory You should backup this file. @item trustlist.txt + at efindex trustlist.txt This is the list of trusted keys. You should backup this file. Comment lines, indicated by a leading hash mark, as well as empty @@ -684,7 +688,7 @@ fails, try again using the chain validation model. @item sshcontrol - at cindex sshcontrol + at efindex sshcontrol This file is used when support for the secure shell agent protocol has been enabled (@pxref{option --enable-ssh-support}). Only keys present in this file are used in the SSH protocol. You should backup this file. @@ -718,6 +722,7 @@ implicitly added to this list; i.e. there is no need to list them. @end cartouche @item private-keys-v1.d/ + at efindex private-keys-v1.d This is the directory where gpg-agent stores the private keys. Each key is stored in a file with the name made up of the keygrip and the @@ -794,7 +799,7 @@ This signal is used for internal purposes. @node Agent Examples @section Examples -It is important to set the GPG_TTY environment variable in +It is important to set the environment variable @code{GPG_TTY} in your login shell, for example in the @file{~/.bashrc} init script: @cartouche diff --git a/doc/gpg.texi b/doc/gpg.texi index 0f5a181..be80450 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1341,9 +1341,10 @@ executing it from GnuPG does not make it secure. @item --exec-path @code{string} @opindex exec-path + at efindex PATH Sets a list of directories to search for photo viewers and keyserver helpers. If not provided, keyserver helpers use the compiled-in -default directory, and photo viewers use the $PATH environment +default directory, and photo viewers use the @code{PATH} environment variable. Note, that on W32 system this value is ignored when searching for keyserver helpers. @@ -1886,9 +1887,7 @@ file name. @item --dirmngr-program @var{file} @opindex dirmngr-program Specify a dirmngr program to be used for keyserver access. The -default value is @file{@value{BINDIR}/dirmngr}. This is only used as a -fallback when the environment variable @code{DIRMNGR_INFO} is not set or -a running dirmngr cannot be connected. +default value is @file{@value{BINDIR}/dirmngr}. @item --no-autostart @opindex no-autostart @@ -3162,7 +3161,7 @@ current home directory (@pxref{option --homedir}). @table @file @item gpg.conf - @cindex gpg.conf + @efindex gpg.conf This is the standard configuration file read by @command{@gpgname} on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. This default @@ -3184,13 +3183,21 @@ files; They all live in in the current home directory (@pxref{option @table @file + @item ~/.gnupg + @efindex ~/.gnupg + This is the default home directory which is used if neither the + environment variable @code{GNUPGHOME} nor the option + @option{--homedir} is given. + @item ~/.gnupg/pubring.gpg + @efindex pubring.gpg The public keyring. You should backup this file. @item ~/.gnupg/pubring.gpg.lock The lock file for the public keyring. @item ~/.gnupg/pubring.kbx + @efindex pubring.kbx The public keyring using a different format. This file is sharred with @command{gpgsm}. You should backup this file. @@ -3198,13 +3205,19 @@ files; They all live in in the current home directory (@pxref{option The lock file for @file{pubring.kbx}. @item ~/.gnupg/secring.gpg + @efindex secring.gpg A secret keyring as used by GnuPG versions before 2.1. It is not used by GnuPG 2.1 and later. + @item ~/.gnupg/secring.gpg.lock + The lock file for the secret keyring. + @item ~/.gnupg/.gpg-v21-migrated + @efindex .gpg-v21-migrated File indicating that a migration to GnuPG 2.1 has been done. @item ~/.gnupg/trustdb.gpg + @efindex trustdb.gpg The trust database. There is no need to backup this file; it is better to backup the ownertrust values (@pxref{option --export-ownertrust}). @@ -3212,12 +3225,11 @@ files; They all live in in the current home directory (@pxref{option The lock file for the trust database. @item ~/.gnupg/random_seed + @efindex random_seed A file used to preserve the state of the internal random pool. - @item ~/.gnupg/secring.gpg.lock - The lock file for the secret keyring. - @item ~/.gnupg/openpgp-revocs.d/ + @efindex openpgp-revocs.d This is the directory where gpg stores pre-generated revocation certificates. The file name corresponds to the OpenPGP fingerprint of the respective key. It is suggested to backup those certificates and @@ -3228,11 +3240,9 @@ files; They all live in in the current home directory (@pxref{option this backup closed away. @item @value{DATADIR}/options.skel + @efindex options.skel The skeleton options file. - @item @value{LIBDIR}/ - Default location for extensions. - @end table @c man:.RE @@ -3241,24 +3251,29 @@ Operation is further controlled by a few environment variables: @table @asis @item HOME + @efindex HOME Used to locate the default home directory. @item GNUPGHOME + @efindex GNUPGHOME If set directory used instead of "~/.gnupg". @item GPG_AGENT_INFO - This variable was used by GnuPG versions before 2.1 + This variable is obsolete; it was used by GnuPG versions before 2.1. @item PINENTRY_USER_DATA + @efindex PINENTRY_USER_DATA This value is passed via gpg-agent to pinentry. It is useful to convey extra information to a custom pinentry. @item COLUMNS @itemx LINES + @efindex COLUMNS + @efindex LINES Used to size some displays to the full size of the screen. - @item LANGUAGE + @efindex LANGUAGE Apart from its use by GNU, it is used in the W32 version to override the language selection done through the Registry. If used and set to a valid and available language name (@var{langid}), the file with the diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index b585975..2f6c297 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -357,9 +357,7 @@ suite hack and may thus not be used in the file name. @item --dirmngr-program @var{file} @opindex dirmngr-program Specify a dirmngr program to be used for @acronym{CRL} checks. The -default value is @file{@value{BINDIR}/dirmngr}. This is only used as a -fallback when the environment variable @code{DIRMNGR_INFO} is not set or -a running dirmngr cannot be connected. +default value is @file{@value{BINDIR}/dirmngr}. @item --prefer-system-dirmngr @opindex prefer-system-dirmngr @@ -800,7 +798,7 @@ current home directory (@pxref{option --homedir}). @table @file @item gpgsm.conf - at cindex gpgsm.conf + at efindex gpgsm.conf This is the standard configuration file read by @command{gpgsm} on startup. It may contain any valid long option; the leading two dashes may not be entered and the option may not be abbreviated. This default @@ -809,7 +807,7 @@ You should backup this file. @item policies.txt - at cindex policies.txt + at efindex policies.txt This is a list of allowed CA policies. This file should list the object identifiers of the policies line by line. Empty lines and lines starting with a hash mark are ignored. Policies missing in this @@ -829,7 +827,7 @@ like this: @c man:.RE @item qualified.txt - at cindex qualified.txt + at efindex qualified.txt This is the list of root certificates used for qualified certificates. They are defined as certificates capable of creating legally binding signatures in the same way as handwritten signatures are. Comments @@ -865,7 +863,7 @@ Because this software has not yet been approved for use with such certificates, appropriate notices will be shown to indicate this fact. @item help.txt - at cindex help.txt + at efindex help.txt This is plain text file with a few help entries used with @command{pinentry} as well as a large list of help items for @command{gpg} and @command{gpgsm}. The standard file has English help @@ -879,7 +877,7 @@ For a reference of the help file's syntax, please see the installed @item com-certs.pem - at cindex com-certs.pem + at efindex com-certs.pem This file is a collection of common certificates used to populated a newly created @file{pubring.kbx}. An administrator may replace this file with a custom one. The format is a concatenation of PEM encoded @@ -901,20 +899,20 @@ they all live in in the current home directory (@pxref{option @table @file @item pubring.kbx - at cindex pubring.kbx + at efindex pubring.kbx This a database file storing the certificates as well as meta information. For debugging purposes the tool @command{kbxutil} may be used to show the internal structure of this file. You should backup this file. @item random_seed - at cindex random_seed + at efindex random_seed This content of this file is used to maintain the internal state of the random number generator across invocations. The same file is used by other programs of this software too. @item S.gpg-agent - at cindex S.gpg-agent + at efindex S.gpg-agent If this file exists @command{gpgsm} will first try to connect to this socket for accessing @command{gpg-agent} before starting a new @command{gpg-agent} @@ -1535,18 +1533,25 @@ set to the empty string, and if @code{} is given it is set to that string. @item display + at efindex DISPLAY Set the session environment variable @code{DISPLAY} is set to @var{value}. @item ttyname + at efindex GPG_TTY Set the session environment variable @code{GPG_TTY} is set to @var{value}. @item ttytype + at efindex TERM Set the session environment variable @code{TERM} is set to @var{value}. @item lc-ctype + at efindex LC_CTYPE Set the session environment variable @code{LC_CTYPE} is set to @var{value}. @item lc-messages + at efindex LC_MESSAGES Set the session environment variable @code{LC_MESSAGES} is set to @var{value}. @item xauthority + at efindex XAUTHORITY Set the session environment variable @code{XAUTHORITY} is set to @var{value}. @item pinentry-user-data + at efindex PINENTRY_USER_DATA Set the session environment variable @code{PINENTRY_USER_DATA} is set to @var{value}. diff --git a/doc/opt-homedir.texi b/doc/opt-homedir.texi index 7bcce46..e1ce077 100644 --- a/doc/opt-homedir.texi +++ b/doc/opt-homedir.texi @@ -1,6 +1,8 @@ @c This option is included at several places. @item --homedir @var{dir} @opindex homedir + at efindex GNUPGHOME + at efindex HKCU\Software\GNU\GnuPG:HomeDir Set the name of the home directory to @var{dir}. If this option is not used, the home directory defaults to @file{~/.gnupg}. It is only recognized when given on the command line. It also overrides any home @@ -12,6 +14,7 @@ On Windows systems it is possible to install GnuPG as a portable application. In this case only this command line option is considered, all other ways to set a home directory are ignored. + at efindex gpgconf.ctl To install GnuPG as a portable application under Windows, create an empty file name @file{gpgconf.ctl} in the same directory as the tool @file{gpgconf.exe}. The root of the installation is than that diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 7f1058b..5e53223 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -222,11 +222,12 @@ This option appends a thread ID to the PID in the log output. @item --debug-assuan-log-cats @var{cats} @opindex debug-assuan-log-cats + at efindex ASSUAN_DEBUG Changes the active Libassuan logging categories to @var{cats}. The value for @var{cats} is an unsigned integer given in usual C-Syntax. A value of of 0 switches to a default category. If this option is not used the categories are taken from the environment variable - at samp{ASSUAN_DEBUG}. Note that this option has only an effect if the + at code{ASSUAN_DEBUG}. Note that this option has only an effect if the Assuan debug flag has also been with the option @option{--debug}. For a list of categories see the Libassuan manual. diff --git a/doc/yat2m.c b/doc/yat2m.c index 1634985..3de908c 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -705,6 +705,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "emph", 0, "\\fI", "\\fR" }, { "w", 1 }, { "c", 5 }, + { "efindex", 1 }, { "opindex", 1 }, { "cpindex", 1 }, { "cindex", 1 }, ----------------------------------------------------------------------- Summary of changes: doc/dirmngr.texi | 1 + doc/gnupg.texi | 17 ++++++++++++++++- doc/gpg-agent.texi | 11 ++++++++--- doc/gpg.texi | 41 ++++++++++++++++++++++++++++------------- doc/gpgsm.texi | 27 ++++++++++++++++----------- doc/opt-homedir.texi | 3 +++ doc/scdaemon.texi | 3 ++- doc/yat2m.c | 1 + sm/gpgsm.c | 4 +++- 9 files changed, 78 insertions(+), 30 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 20:43:48 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 14 Jun 2016 20:43:48 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-84-g5faddcb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5faddcb2927a997e05fb34eb270982096d1fe3a4 (commit) from 5f9bd7a9e1ed4edcbb6c4e908d4bea5cd7dc9e68 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5faddcb2927a997e05fb34eb270982096d1fe3a4 Author: Andre Heinecke Date: Tue Jun 14 19:20:31 2016 +0200 dirmngr: Print ldap error if bind fails * dirmngr/dirmngr_ldap.c (fetch_ldap): Use ldap_err2string on bind return. -- ldap_simple_bind_s does not set errno. Signed-off-by: Andre Heinecke diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c index 6309413..a31b14a 100644 --- a/dirmngr/dirmngr_ldap.c +++ b/dirmngr/dirmngr_ldap.c @@ -644,7 +644,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp) if (ret) { log_error (_("binding to '%s:%d' failed: %s\n"), - host, port, strerror (errno)); + host, port, ldap_err2string (ret)); ldap_unbind (ld); return -1; } ----------------------------------------------------------------------- Summary of changes: dirmngr/dirmngr_ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 20:53:17 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 20:53:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-86-gb7e3dfc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b7e3dfcf139284d30921cf44e7bab43d4244cc37 (commit) via f989b6ee0db96c36f13f093cbbcfd1d5b472d03c (commit) from 5faddcb2927a997e05fb34eb270982096d1fe3a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b7e3dfcf139284d30921cf44e7bab43d4244cc37 Author: Werner Koch Date: Tue Jun 14 20:51:22 2016 +0200 ldap: Improve info output for v3 fallback * dirmngr/dirmngr_ldap.c (fetch_ldap): Do not use log_debug in an unprotected section. Replace log_debug by log_info in verbose mode. -- GnuPG-bug-id: 2376 diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c index 9e12f88..c5702b1 100644 --- a/dirmngr/dirmngr_ldap.c +++ b/dirmngr/dirmngr_ldap.c @@ -644,10 +644,11 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp) #ifdef LDAP_VERSION3 if (ret == LDAP_PROTOCOL_ERROR) { + /* Protocol error could mean that the server only supports v3. */ int version = LDAP_VERSION3; - /* Protocol error could mean that the server only supports v3 */ + if (myopt->verbose) + log_info ("protocol error; retrying bind with v3 protocol\n"); npth_unprotect (); - log_debug ("Protocol error, retrying bind with V3 Protocol. \n"); ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version); ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass); npth_protect (); commit f989b6ee0db96c36f13f093cbbcfd1d5b472d03c Author: Andre Heinecke Date: Tue Jun 14 19:22:52 2016 +0200 dirmngr: Try ldap protocol V3 as fallback * dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case default Protocol gives error. -- Servers may have blocked V2 Protocol, in which case the bind will result in a Protocol Error. In that case we try again with v3 Protocol if the ldap libarary used to compile dirmngr supports V3. Signed-off-by: Andre Heinecke diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c index a31b14a..9e12f88 100644 --- a/dirmngr/dirmngr_ldap.c +++ b/dirmngr/dirmngr_ldap.c @@ -641,6 +641,18 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp) /* Fixme: Can we use MYOPT->user or is it shared with other theeads?. */ ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass); npth_protect (); +#ifdef LDAP_VERSION3 + if (ret == LDAP_PROTOCOL_ERROR) + { + int version = LDAP_VERSION3; + /* Protocol error could mean that the server only supports v3 */ + npth_unprotect (); + log_debug ("Protocol error, retrying bind with V3 Protocol. \n"); + ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version); + ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass); + npth_protect (); + } +#endif if (ret) { log_error (_("binding to '%s:%d' failed: %s\n"), ----------------------------------------------------------------------- Summary of changes: dirmngr/dirmngr_ldap.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 14 23:17:29 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Jun 2016 23:17:29 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-87-gb56aebe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b56aebe76657ce6efa9c6819d5a8c2a31c2bbbba (commit) from b7e3dfcf139284d30921cf44e7bab43d4244cc37 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b56aebe76657ce6efa9c6819d5a8c2a31c2bbbba Author: Werner Koch Date: Tue Jun 14 23:15:32 2016 +0200 gpg: Print the subkey's curve and not the primary key curve. * g10/keylist.c (list_keyblock_colon): Use PK2 for the subkey's curve. -- Reported-by: mantorix at vollbio punkt de Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index d77c86b..0ac763d 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1542,11 +1542,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, } es_putc (':', es_stdout); /* End of field 15. */ es_putc (':', es_stdout); /* End of field 16. */ - if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA - || pk->pubkey_algo == PUBKEY_ALGO_EDDSA - || pk->pubkey_algo == PUBKEY_ALGO_ECDH) + if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA + || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA + || pk2->pubkey_algo == PUBKEY_ALGO_ECDH) { - char *curve = openpgp_oid_to_str (pk->pkey[0]); + char *curve = openpgp_oid_to_str (pk2->pkey[0]); const char *name = openpgp_oid_to_curve (curve, 0); if (!name) name = curve; ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 01:50:27 2016 From: cvs at cvs.gnupg.org (by Niibe Yutaka) Date: Wed, 15 Jun 2016 01:50:27 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.12-88-g35a3ce2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 35a3ce2acf78a95fecbccfd8db0560cca24232df (commit) from b56aebe76657ce6efa9c6819d5a8c2a31c2bbbba (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 35a3ce2acf78a95fecbccfd8db0560cca24232df Author: Niibe Yutaka Date: Wed Jun 15 08:41:56 2016 +0900 g10: Fix another race condition for trustdb access. * g10/tdbio.c (create_version_record): Call create_hashtable to always make hashtable, together with the version record. (get_trusthashrec): Remove call to create_hashtable. -- GnuPG-bug-id: 1675 Thanks to Scott Moser for a reproducible script and patience. Signed-off-by: NIIBE Yutaka diff --git a/g10/tdbio.c b/g10/tdbio.c index a414709..e27788e 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -119,6 +119,7 @@ static int in_transaction; static void open_db (void); +static void create_hashtable (TRUSTREC *vr, int type); @@ -582,8 +583,13 @@ create_version_record (void) rec.rectype = RECTYPE_VER; rec.recnum = 0; rc = tdbio_write_record (&rec); + if (!rc) tdbio_sync (); + + if (!rc) + create_hashtable (&rec, 0); + return rc; } @@ -957,8 +963,6 @@ get_trusthashrec(void) if (rc) log_fatal (_("%s: error reading version record: %s\n"), db_name, gpg_strerror (rc) ); - if (!vr.r.ver.trusthashtbl) - create_hashtable (&vr, 0); trusthashtbl = vr.r.ver.trusthashtbl; } ----------------------------------------------------------------------- Summary of changes: g10/tdbio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 02:03:16 2016 From: cvs at cvs.gnupg.org (by Niibe Yutaka) Date: Wed, 15 Jun 2016 02:03:16 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-4-g00d737e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 00d737e3fde84e7df7ba19080c83237b769cd0d0 (commit) from d8775285e94b23f8e56a2997f9491dc486d74d79 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 00d737e3fde84e7df7ba19080c83237b769cd0d0 Author: Niibe Yutaka Date: Wed Jun 15 08:41:56 2016 +0900 g10: Fix another race condition for trustdb access. * g10/tdbio.c (create_version_record): Call create_hashtable to always make hashtable, together with the version record. (get_trusthashrec): Remove call to create_hashtable. -- GnuPG-bug-id: 1675 Thanks to Scott Moser to reproducible script and patience. Signed-off-by: NIIBE Yutaka (backport from master commit 35a3ce2acf78a95fecbccfd8db0560cca24232df) diff --git a/g10/tdbio.c b/g10/tdbio.c index 5c2fdd1..725c3c2 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -92,6 +92,7 @@ static int db_fd = -1; static int in_transaction; static void open_db(void); +static void create_hashtable (TRUSTREC *vr, int type); static int take_write_lock (void) @@ -471,6 +472,10 @@ create_version_record (void) rc = tdbio_write_record( &rec ); if( !rc ) tdbio_sync(); + + if (!rc) + create_hashtable (&rec, 0); + return rc; } @@ -763,8 +768,6 @@ get_trusthashrec(void) if( rc ) log_fatal( _("%s: error reading version record: %s\n"), db_name, g10_errstr(rc) ); - if( !vr.r.ver.trusthashtbl ) - create_hashtable( &vr, 0 ); trusthashtbl = vr.r.ver.trusthashtbl; } ----------------------------------------------------------------------- Summary of changes: g10/tdbio.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 09:20:22 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 09:20:22 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-12-gc3173bb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc (commit) via 131b4f0634cee0e5c47d2250c59f51127b10f7b3 (commit) from e13a6a1ba53127af602713d0c2aaa85c94b3cd7e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc Author: Werner Koch Date: Wed Jun 15 09:18:31 2016 +0200 doc: Describe envvars. * doc/gcrypt.texi: Add chapter Configuration. Signed-off-by: Werner Koch diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 0171cd6..c2c39ad 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -14,7 +14,7 @@ which is GNU's library of cryptographic building blocks. @noindent Copyright @copyright{} 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 Free Software Foundation, Inc. @* -Copyright @copyright{} 2012, 2013 g10 Code GmbH +Copyright @copyright{} 2012, 2013, 2016 g10 Code GmbH @quotation Permission is granted to copy, distribute and/or modify this document @@ -94,7 +94,8 @@ section entitled ``GNU General Public License''. * MPI library:: How to work with multi-precision-integers. * Prime numbers:: How to use the Prime number related functions. * Utilities:: Utility functions. -* Tools:: Utility tools +* Tools:: Utility tools. +* Configuration:: Configuration files and evironment variables. * Architecture:: How Libgcrypt works internally. Appendices @@ -497,6 +498,7 @@ Just like the function @code{gpg_strerror}, the function @cindex FIPS mode @cindex FIPS 140 + at anchor{enabling fips mode} Libgcrypt may be used in a FIPS 140-2 mode. Note, that this does not necessary mean that Libcgrypt is an appoved FIPS 140-2 module. Check the NIST database at @url{http://csrc.nist.gov/groups/STM/cmvp/} to see what @@ -545,6 +547,7 @@ If the logging verbosity level of Libgcrypt has been set to at least @section How to disable hardware features @cindex hardware features + at anchor{hardware features} Libgcrypt makes use of certain hardware features. If the use of a feature is not desired it may be either be disabled by a program or globally using a configuration file. The currently supported features @@ -5306,6 +5309,82 @@ Print version of the program and exit. @manpause @c ********************************************************** + at c **************** Environment Variables ***************** + at c ********************************************************** + at node Configuration + at chapter Configuration files and evironment variables + +This chapter describes which files and environment variables can be +used to change the behaviour of Libgcrypt. + + at noindent +The environment variables considered by Libgcrypt are: + + at table @code + + at item GCRYPT_BARRETT + at cindex GCRYPT_BARRETT +By setting this variable to any value a different algorithm for +modular reduction is used for ECC. + + at item GCRYPT_RNDUNIX_DBG + at item GCRYPT_RNDUNIX_DBGALL + at cindex GCRYPT_RNDUNIX_DBG + at cindex GCRYPT_RNDUNIX_DBGALL +These two environment variables are used to enable debug output for +the rndunix entropy gatherer, which is used on systems lacking a +/dev/random device. The value of @code{GCRYPT_RNDUNIX_DBG} is a file +name or @code{-} for stdout. Debug output is the written to this +file. By setting @code{GCRYPT_RNDUNIX_DBGALL} to any value the debug +output will be more verbose. + + at item GCRYPT_RNDW32_NOPERF + at cindex GCRYPT_RNDW32_NOPERF +Setting this environment variable on Windows to any value disables +the use of performance data (@code{HKEY_PERFORMANCE_DATA}) as source +for entropy. On some older Windows systems this could help to speed +up the creation of random numbers but also decreases the amount of +data used to init the random number generator. + + at item HOME + at cindex HOME +This is used to locate the socket to connect to the EGD random +daemon. The EGD can be used on system without a /dev/random to speed +up the random number generator. It is not needed on the majority of +today's operating systems and support for EGD requires the use of a +configure option at build time. + + at end table + + at noindent +The files which Libgcrypt uses to retrieve system information and the +files which can be created by the user to modify Libgcrypt's behavior +are: + + at table @file + + at item /etc/gcrypt/hwf.deny + at cindex /etc/gcrypt/hwf.deny +This file can be used to disable the use of hardware based +optimizations, @pxref{hardware features}. + + at item /etc/gcrypt/fips_enabled + at itemx /proc/sys/crypto/fips_enabled + at cindex /etc/gcrypt/fips_enabled + at cindex fips_enabled +On Linux these files are used to enable FIPS mode, @pxref{enabling fips mode}. + + at item /proc/cpuinfo + at itemx /proc/self/auxv + at cindex /proc/cpuinfo + at cindex /proc/self/auxv +On Linux running on the ARM architecture, these files are used to read +hardware capabilities of the CPU. + + at end table + + + at c ********************************************************** @c ***************** Architecure Overview ***************** @c ********************************************************** @node Architecture commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3 Author: Werner Koch Date: Wed Jun 15 09:17:44 2016 +0200 random: Change names of debug envvars. * random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG, change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG. * random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to GCRYPT_RNDW32_NOPERF. Signed-off-by: Werner Koch diff --git a/random/rndunix.c b/random/rndunix.c index 2e13298..e7238f4 100644 --- a/random/rndunix.c +++ b/random/rndunix.c @@ -714,7 +714,7 @@ start_gatherer( int pipefd ) int dbgall; { - const char *s = getenv("GNUPG_RNDUNIX_DBG"); + const char *s = getenv("GCRYPT_RNDUNIX_DBG"); if( s ) { dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a"); if( !dbgfp ) @@ -723,7 +723,7 @@ start_gatherer( int pipefd ) else fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid()); } - dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL"); + dbgall = !!getenv("GCRYPT_RNDUNIX_DBGALL"); } /* close all files but the ones we need */ { int nmax, n1, n2, i; diff --git a/random/rndw32.c b/random/rndw32.c index 1c0fc3d..de6e783 100644 --- a/random/rndw32.c +++ b/random/rndw32.c @@ -419,7 +419,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins), this can consume tens of MB of memory and huge amounts of CPU time while it gathers its data, and even running once can still consume about 1/2MB of memory */ - if (getenv ("GNUPG_RNDW32_NOPERF")) + if (getenv ("GCRYPT_RNDW32_NOPERF")) { static int shown; ----------------------------------------------------------------------- Summary of changes: doc/gcrypt.texi | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- random/rndunix.c | 4 +-- random/rndw32.c | 2 +- 3 files changed, 84 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 09:53:16 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 09:53:16 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.0-23-gfa917d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via fa917d2e24b0c98143a079ab4889ad8f69bee446 (commit) via 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223 (commit) via 33b6637a56231f66792fb66ff30a0c4145bfac68 (commit) via c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc (commit) via 131b4f0634cee0e5c47d2250c59f51127b10f7b3 (commit) via e13a6a1ba53127af602713d0c2aaa85c94b3cd7e (commit) via ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 (commit) via 82df6c63a72fdd969c3923523f10d0cef5713ac7 (commit) via 4121f15122501d8946f1589b303d1f7949c15e30 (commit) via 3e8074ecd3a534e8bd7f11cf17f0b22d252584c8 (commit) via eb6427c3b5993d62e0527b8a08b23a219824b965 (commit) via c7430aa752232aa690c5d8f16575a345442ad8d7 (commit) via ee5a32226a7ca4ab067864e06623fc11a1768900 (commit) via 4545372c0f8dd35aef2a7abc12b588ed1a4a0363 (commit) from 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fa917d2e24b0c98143a079ab4889ad8f69bee446 Author: Werner Koch Date: Wed Jun 15 09:50:31 2016 +0200 Post release updates -- diff --git a/NEWS b/NEWS index e0113fc..be5e084 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.7.2 (unreleased) [C21/A1/R_] +------------------------------------------------ + + Noteworthy changes in version 1.7.1 (2016-06-15) [C21/A1/R1] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index d0c7f9c..80e64fa 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.14" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [7]) -m4_define(mym4_version_micro, [1]) +m4_define(mym4_version_micro, [2]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223 Author: Werner Koch Date: Wed Jun 15 09:34:02 2016 +0200 Release 1.7.1 diff --git a/NEWS b/NEWS index 777c1e5..e0113fc 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,24 @@ -Noteworthy changes in version 1.7.1 (unreleased) [C21/A1/R_] +Noteworthy changes in version 1.7.1 (2016-06-15) [C21/A1/R1] ------------------------------------------------ + * Bug fixes: + + - Fix ecc_verify for cofactor support. + + - Fix portability bug when using gcc with Solaris 9 SPARC. + + - Build fix for OpenBSD/amd64 + + - Add OIDs to the Serpent ciphers. + + * Internal changes: + + - Use getrandom system call on Linux if available. + + - Blinding is now also used for RSA signature creation. + + - Changed names of debug envvars + Noteworthy changes in version 1.7.0 (2016-04-15) [C21/A1/R0] ------------------------------------------------ diff --git a/README b/README index f9f49b5..1148a24 100644 --- a/README +++ b/README @@ -27,10 +27,14 @@ The download canonical location for libgcrypt is: ftp://ftp.gnupg.org/gcrypt/libgcrypt/ + or + https://gnupg.org/ftp/gcrypt/libgcrypt/ To build libgcrypt you need libgpg-error: ftp://ftp.gnupg.org/gcrypt/libgpg-error/ + or + https://gnupg.org/ftp/gcrypt/libgpg-error/ You should get the latest versions of course. diff --git a/configure.ac b/configure.ac index ad0f64d..d0c7f9c 100644 --- a/configure.ac +++ b/configure.ac @@ -56,7 +56,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=21 LIBGCRYPT_LT_AGE=1 -LIBGCRYPT_LT_REVISION=0 +LIBGCRYPT_LT_REVISION=1 # If the API is changed in an incompatible way: increment the next counter. commit 33b6637a56231f66792fb66ff30a0c4145bfac68 Merge: 6cc2100 c3173bb Author: Werner Koch Date: Wed Jun 15 09:24:02 2016 +0200 Merge branch 'master' into LIBGCRYPT-1-7-BRANCH -- ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 ++ NEWS | 24 +++++++++++++++- README | 4 +++ configure.ac | 4 +-- doc/gcrypt.texi | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- random/rndunix.c | 4 +-- random/rndw32.c | 2 +- 7 files changed, 116 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 09:56:23 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 09:56:23 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-23-gfa917d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via fa917d2e24b0c98143a079ab4889ad8f69bee446 (commit) via 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223 (commit) via 33b6637a56231f66792fb66ff30a0c4145bfac68 (commit) via 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4 (commit) via 1f769e3e8442bae2f1f73c656920bb2df70153c0 (commit) via 52cdfb1960808aaad48b5a501bbce0e3141c3961 (commit) via b766ea14ad1c27d6160531b200cc70aaa479c6dc (commit) via dc76313308c184c92eb78452b503405b90fc7ebd (commit) via bd39eb9fba47dc8500c83769a679cc8b683d6c6e (commit) via c05837211e5221d3f56146865e823bc20b4ff1ab (commit) via caa9d14c914bf6116ec3f773a322a94e2be0c0fb (commit) from c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: NEWS | 24 +++++++++++++++++++++++- README | 4 ++++ configure.ac | 4 ++-- 3 files changed, 29 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 11:35:34 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 11:35:34 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.22-4-gbaf4bcc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via baf4bcc0973c8b04bd760aaab0f4232c9354e203 (commit) from 1ee822f9ff73a9a302ad0eb298640797d735e62b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit baf4bcc0973c8b04bd760aaab0f4232c9354e203 Author: Werner Koch Date: Sat May 28 11:27:45 2016 +0200 Adjust memory limit of es_fopenmem to the block size. * src/estream.c (func_mem_create): Round up memory limit. -- This is required so that giving a memory limit to es_fopenmem won't fail if it is below the block size. Signed-off-by: Werner Koch diff --git a/src/estream.c b/src/estream.c index 499cc75..2033b23 100644 --- a/src/estream.c +++ b/src/estream.c @@ -639,6 +639,14 @@ func_mem_create (void *_GPGRT__RESTRICT *_GPGRT__RESTRICT cookie, return -1; } + /* Round a memory limit up to the next block length. */ + if (memory_limit && block_size) + { + memory_limit += block_size - 1; + memory_limit /= block_size; + memory_limit *= block_size; + } + mem_cookie = mem_alloc (sizeof (*mem_cookie)); if (!mem_cookie) err = -1; ----------------------------------------------------------------------- Summary of changes: src/estream.c | 8 ++++++++ 1 file changed, 8 insertions(+) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 11:52:18 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 15 Jun 2016 11:52:18 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.22-5-g28fd0ab Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 28fd0ab40739e8cb73f208e30f78d8aa7a0a6d19 (commit) from baf4bcc0973c8b04bd760aaab0f4232c9354e203 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 28fd0ab40739e8cb73f208e30f78d8aa7a0a6d19 Author: NIIBE Yutaka Date: Wed Jun 15 11:44:35 2016 +0200 estream: Fix assertion failure due to es_flush. * src/estream.c (es_writen): Set writing flag even if no data was written. -- GnuPG-bug-id: 2371 Signed-off-by: Werner Koch gniibe tracked the problem down to a fully valid change in GnuPG (gnupg commit 12af2630cf4d1a39179179925fac8f2cce7504ff). He wrote: This is the first instance for estream to do READ and WRITE (in the history of the code > 10 years :-). In the [gnupg] function agent_write_private_key, the pattern is: es_fopen es_fread es_fseek es_fwrite which should work well, but if results core dump by assertion failure in the function es_flush of libgpg-error. diff --git a/src/estream.c b/src/estream.c index 2033b23..e382a29 100644 --- a/src/estream.c +++ b/src/estream.c @@ -2679,6 +2679,7 @@ es_writen (estream_t _GPGRT__RESTRICT stream, else goto out; } + stream->flags.writing = 1; } } @@ -2701,9 +2702,6 @@ es_writen (estream_t _GPGRT__RESTRICT stream, if (bytes_written) *bytes_written = data_written; - if (data_written) - if (!stream->flags.writing) - stream->flags.writing = 1; return err; } ----------------------------------------------------------------------- Summary of changes: src/estream.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 15:01:34 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 15:01:34 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.22-6-g7ed1502 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 7ed150201cc5058650cf9673a4e53720a37841c8 (commit) from 28fd0ab40739e8cb73f208e30f78d8aa7a0a6d19 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7ed150201cc5058650cf9673a4e53720a37841c8 Author: Werner Koch Date: Wed Jun 15 14:59:10 2016 +0200 tests: Fix rare deadlock condition in t-poll. * tests/t-poll.c (launch_thread): Use es_fileno before starting the thread. -- GnuPG-bug-id: 2257 diff --git a/tests/t-poll.c b/tests/t-poll.c index 56b29c8..811f895 100644 --- a/tests/t-poll.c +++ b/tests/t-poll.c @@ -122,19 +122,22 @@ consumer_thread (void *argaddr) static void launch_thread (THREAD_RET_TYPE (*fnc)(void *), struct thread_arg *th) { + int fd; + + th->stop_me = 0; + fd = es_fileno (th->stream); #ifdef _WIN32 th->thread = CreateThread (NULL, 0, fnc, th, 0, NULL); if (!th->thread) die ("creating thread '%s' failed: rc=%d", th->name, (int)GetLastError ()); - show ("thread '%s' launched (fd=%d)\n", th->name, es_fileno (th->stream)); + show ("thread '%s' launched (fd=%d)\n", th->name, fd); #elif USE_POSIX_THREADS - th->stop_me = 0; if (pthread_create (&th->thread, NULL, fnc, th)) die ("creating thread '%s' failed: %s\n", th->name, strerror (errno)); - show ("thread '%s' launched (fd=%d)\n", th->name, es_fileno (th->stream)); + show ("thread '%s' launched (fd=%d)\n", th->name, fd); # else /* no thread support */ ----------------------------------------------------------------------- Summary of changes: tests/t-poll.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 16:18:37 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 16:18:37 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.22-11-g32d671c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 32d671c87db54e397e75309fc9215d84d1107c0d (commit) via e444cacc74c488063336c196f0c01e98f67cf999 (commit) via 427e5eaa455ee094d2500f5d2f6ed1737205056e (commit) via d878afa4b884149dca587131bdf5b6d8f96227fa (commit) via b908104846a71cf8ae3d3323be6bbc6edcef6ee0 (commit) from 7ed150201cc5058650cf9673a4e53720a37841c8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 32d671c87db54e397e75309fc9215d84d1107c0d Author: Werner Koch Date: Wed Jun 15 16:16:49 2016 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 11a598e..5f8d6f2 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Noteworthy changes in version 1.24 (unreleased) [C19/A19/R_) +----------------------------------------------- + Noteworthy changes in version 1.23 (2016-06-15) [C19/A19/R0) ----------------------------------------------- diff --git a/configure.ac b/configure.ac index c2790aa..682fd84 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.14" # another commit, and a push so that the git magic is able to work. # See below for the LT versions. m4_define([mym4_version_major], [1]) -m4_define([mym4_version_minor], [23]) +m4_define([mym4_version_minor], [24]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit e444cacc74c488063336c196f0c01e98f67cf999 Author: Werner Koch Date: Wed Jun 15 16:08:20 2016 +0200 Release 1.23 diff --git a/NEWS b/NEWS index be14b91..11a598e 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,13 @@ -Noteworthy changes in version 1.23 (unreleased) [C18/A18/R_) +Noteworthy changes in version 1.23 (2016-06-15) [C19/A19/R0) ----------------------------------------------- + * Fixes an assertion failure due to es_flush on read/write streams. + + * Fixes a bug with a too short memory limit is es_fopenmen. + + * Cross-build support for powerpc-unknown-linux-gnuspe and + tilegx-unknown-linux-gnu architectures. + * Interface changes relative to the 1.22 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPG_ERR_SUBKEYS_EXP_OR_REV NEW. diff --git a/configure.ac b/configure.ac index 939d6ef..c2790aa 100644 --- a/configure.ac +++ b/configure.ac @@ -51,8 +51,8 @@ AC_INIT([libgpg-error],[mym4_full_version],[https://bugs.gnupg.org]) # (Interfaces added: AGE++) # (Interfaces removed: AGE=0) # Note that added error codes don't constitute an interface change. -LIBGPG_ERROR_LT_CURRENT=18 -LIBGPG_ERROR_LT_AGE=18 +LIBGPG_ERROR_LT_CURRENT=19 +LIBGPG_ERROR_LT_AGE=19 LIBGPG_ERROR_LT_REVISION=0 ################################################ diff --git a/doc/errorref.txt b/doc/errorref.txt index 2922b9f..f3b4b3d 100644 --- a/doc/errorref.txt +++ b/doc/errorref.txt @@ -375,6 +375,8 @@ GPG_ERR_CARD_NOT_INITIALIZED Card not initialized 124 GPG_ERR_UNSUPPORTED_OPERATION Unsupported operation 125 GPG_ERR_WRONG_KEY_USAGE Wrong key usage + GNUPG: - Key usage not possible with selected algorithm. + GPG_ERR_NOTHING_FOUND Nothing found Indicates that the operation was not possible because nothing has commit 427e5eaa455ee094d2500f5d2f6ed1737205056e Author: Werner Koch Date: Wed Jun 15 16:01:30 2016 +0200 po: Auto-update -- diff --git a/po/cs.po b/po/cs.po index 1d27209..f4b0bcf 100644 --- a/po/cs.po +++ b/po/cs.po @@ -736,6 +736,9 @@ msgstr "Lich?? ??estn??ctkov?? ????sla v S-v??razu" msgid "Bad octal character in S-expression" msgstr "Chybn?? osmi??kov?? znak v??S-v??razu" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/da.po b/po/da.po index 6a6a8eb..a55872c 100644 --- a/po/da.po +++ b/po/da.po @@ -731,6 +731,9 @@ msgstr "Ulige hexadecimalt tal i S-udtryk" msgid "Bad octal character in S-expression" msgstr "??delagt oktalt tegn i S-udtryk" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/eo.po b/po/eo.po index 87e9d7b..79d5054 100644 --- a/po/eo.po +++ b/po/eo.po @@ -764,6 +764,9 @@ msgstr "Malparaj deksesumaj numeroj en S-esprimo" msgid "Bad octal character in S-expression" msgstr "Mal??usta okuma signo en S-esprimo" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/fr.po b/po/fr.po index 55a5819..b807d1b 100644 --- a/po/fr.po +++ b/po/fr.po @@ -729,6 +729,9 @@ msgstr "Nombre hexad??cimal impair dans l'expression symbolique" msgid "Bad octal character in S-expression" msgstr "Mauvais caract??re octal dans l'expression symbolique" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/hu.po b/po/hu.po index d5ccc0d..8e60405 100644 --- a/po/hu.po +++ b/po/hu.po @@ -762,6 +762,9 @@ msgstr "P??ratlan hexadecim??lis sz??mok az S-kifejez??sben" msgid "Bad octal character in S-expression" msgstr "Rossz oktadecim??lis karakter az S-kifejez??sben" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/it.po b/po/it.po index 44616c7..c6afd2d 100644 --- a/po/it.po +++ b/po/it.po @@ -727,6 +727,9 @@ msgstr "Numeri esadecimali dispari in S-expression" msgid "Bad octal character in S-expression" msgstr "Carattere ottale errato in S-expression" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/ja.po b/po/ja.po index 78d0b60..5b6c88b 100644 --- a/po/ja.po +++ b/po/ja.po @@ -728,6 +728,9 @@ msgstr "S??????????????????16?????????????????????????????????" msgid "Bad octal character in S-expression" msgstr "S??????????????????8?????????????????????????????????" +msgid "All subkeys are expired or revoked" +msgstr "" + msgid "Database is corrupted" msgstr "????????????????????????????????????????????????" diff --git a/po/nl.po b/po/nl.po index fad8b81..90c0f23 100644 --- a/po/nl.po +++ b/po/nl.po @@ -728,6 +728,9 @@ msgstr "Vreemde hexadecimale getallen in S-expressie" msgid "Bad octal character in S-expression" msgstr "Fout octaal teken in S-expressie" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/pl.po b/po/pl.po index 85ec595..f986aa3 100644 --- a/po/pl.po +++ b/po/pl.po @@ -726,6 +726,9 @@ msgstr "Nieparzysta liczba cyfr szesnastkowych w S-wyra??eniu" msgid "Bad octal character in S-expression" msgstr "B????dny znak ??semkowy w S-wyra??eniu" +msgid "All subkeys are expired or revoked" +msgstr "" + msgid "Database is corrupted" msgstr "Baza danych jest uszkodzona" diff --git a/po/pt.po b/po/pt.po index 4eb64a8..f2709b2 100644 --- a/po/pt.po +++ b/po/pt.po @@ -728,6 +728,9 @@ msgstr "N??meros hexadecimais ??mpares na express??o simb??lica" msgid "Bad octal character in S-expression" msgstr "Car??cter octal errado na express??o simb??lica" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/ro.po b/po/ro.po index 029be1f..0402e2d 100644 --- a/po/ro.po +++ b/po/ro.po @@ -765,6 +765,9 @@ msgstr "Numere hexazecimale ciudate msgid "Bad octal character in S-expression" msgstr "Caracter octal incorect ?n expresia-S" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/ru.po b/po/ru.po index b80060a..0e46f24 100644 --- a/po/ru.po +++ b/po/ru.po @@ -726,6 +726,9 @@ msgstr "?????????????????????????????????? ?????????? ???????????????? ???????? msgid "Bad octal character in S-expression" msgstr "???????????? ???????????????????????? ???????????? ?? S-??????????????????" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/sr.po b/po/sr.po index cfed426..de76e9b 100644 --- a/po/sr.po +++ b/po/sr.po @@ -761,6 +761,9 @@ msgstr "?????????????? ???????????????????????????? ?????????????? ?? ??-?????? msgid "Bad octal character in S-expression" msgstr "?????? ?????????????????????????? ???????? ?? ??-????????????" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/sv.po b/po/sv.po index a1d6a6d..8477b00 100644 --- a/po/sv.po +++ b/po/sv.po @@ -752,6 +752,9 @@ msgstr "Udda hexadecimala tal i S-uttryck" msgid "Bad octal character in S-expression" msgstr "Felaktigt oktadecimalt tecken i S-uttryck" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/uk.po b/po/uk.po index 85d5384..88e8189 100644 --- a/po/uk.po +++ b/po/uk.po @@ -728,6 +728,9 @@ msgstr "?????????? ???????????????????????????? ?????????? ?? S-????????????" msgid "Bad octal character in S-expression" msgstr "???????????????????? ???????????????????? ???????????? ?? S-????????????" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/vi.po b/po/vi.po index 02e437e..a17f2fa 100644 --- a/po/vi.po +++ b/po/vi.po @@ -754,6 +754,9 @@ msgstr "C?? s??? th???p l???c l??? trong bi???u th???c S" msgid "Bad octal character in S-expression" msgstr "K?? t??? b??t ph??n sai trong bi???u th???c S" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/zh_CN.po b/po/zh_CN.po index c056dc6..8db4a72 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -751,6 +751,9 @@ msgstr "" msgid "Bad octal character in S-expression" msgstr "" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" diff --git a/po/zh_TW.po b/po/zh_TW.po index 7034928..324b9a5 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -730,6 +730,9 @@ msgstr "S-??????????????????????????????????????????" msgid "Bad octal character in S-expression" msgstr "S-???????????????????????????????????????" +msgid "All subkeys are expired or revoked" +msgstr "" + #, fuzzy #| msgid "Data not encrypted" msgid "Database is corrupted" commit d878afa4b884149dca587131bdf5b6d8f96227fa Author: Werner Koch Date: Wed Jun 15 16:00:29 2016 +0200 po: Update German translation diff --git a/po/de.po b/po/de.po index d558c39..9620d17 100644 --- a/po/de.po +++ b/po/de.po @@ -729,6 +729,9 @@ msgstr "Ungerade Anzahl von Hex-Zeichen in S-expression" msgid "Bad octal character in S-expression" msgstr "Falsches Oktal-Zeichen in S-expression" +msgid "All subkeys are expired or revoked" +msgstr "Alle Unterschl??ssel sind abgelaufen oder widerrufen" + msgid "Database is corrupted" msgstr "Besch??digte Datenbank" @@ -1244,7 +1247,5 @@ msgstr "%s: Warnung: %s konnte nicht erkannt werden\n" #~ msgid "LDAP Other general error" #~ msgstr "Sonstiger allgemeiner LDAP Fehler" -#, fuzzy -#~| msgid "dirmngr error" #~ msgid "Encoding error" -#~ msgstr "Fehler im Dirmngr" +#~ msgstr "Kodierungsfehler" commit b908104846a71cf8ae3d3323be6bbc6edcef6ee0 Author: Jakub Bogusz Date: Wed Jun 15 15:56:17 2016 +0200 po: Update Polish translation diff --git a/po/pl.po b/po/pl.po index 596edd7..85ec595 100644 --- a/po/pl.po +++ b/po/pl.po @@ -1,13 +1,13 @@ # Polish translation for libgpg-error. # Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. # This file is distributed under the same license as the libgpg-error package. -# Jakub Bogusz , 2004-2014. +# Jakub Bogusz , 2004-2016. # msgid "" msgstr "" -"Project-Id-Version: libgpg-error 1.17\n" +"Project-Id-Version: libgpg-error 1.22\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-10-16 21:15+0200\n" +"PO-Revision-Date: 2016-05-11 18:02+0200\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" @@ -726,39 +726,29 @@ msgstr "Nieparzysta liczba cyfr szesnastkowych w S-wyra??eniu" msgid "Bad octal character in S-expression" msgstr "B????dny znak ??semkowy w S-wyra??eniu" -#, fuzzy -#| msgid "Data not encrypted" msgid "Database is corrupted" -msgstr "Dane nie zaszyfrowane" +msgstr "Baza danych jest uszkodzona" msgid "Server indicated a failure" -msgstr "" +msgstr "Serwer wskaza?? niepowodzenie" -#, fuzzy -#| msgid "Unknown name" msgid "No name" -msgstr "Nieznana nazwa" +msgstr "Brak nazwy" -#, fuzzy -#| msgid "No public key" msgid "No key" -msgstr "Brak klucza publicznego" +msgstr "Brak klucza" msgid "Legacy key" -msgstr "" +msgstr "Stary typ klucza" -#, fuzzy -#| msgid "Buffer too short" msgid "Request too short" -msgstr "Bufor zbyt ma??y" +msgstr "????danie za kr??tkie" -#, fuzzy -#| msgid "Line too long" msgid "Request too long" -msgstr "Linia zbyt d??uga" +msgstr "????danie za d??ugie" msgid "Object is in termination state" -msgstr "" +msgstr "Obiekt jest w stanie ko??cowym" msgid "No certificate chain" msgstr "Brak ??a??cucha certyfikat??w" @@ -836,7 +826,7 @@ msgid "Bogus string" msgstr "Fa??szywy ??a??cuch" msgid "Forbidden" -msgstr "" +msgstr "Zabronione" msgid "Key disabled" msgstr "Klucz dezaktywowany" @@ -848,10 +838,10 @@ msgid "Invalid lock object" msgstr "Niepoprawny obiekt blokady" msgid "True" -msgstr "" +msgstr "Prawda" msgid "False" -msgstr "" +msgstr "Fa??sz" msgid "General IPC error" msgstr "B????d og??lny IPC" @@ -925,362 +915,248 @@ msgstr "B????d parametru IPC" msgid "Unknown IPC inquire" msgstr "Nieznane zapytanie IPC" -#, fuzzy -#| msgid "General IPC error" msgid "General LDAP error" -msgstr "B????d og??lny IPC" +msgstr "B????d og??lny LDAP" -#, fuzzy -#| msgid "General error" msgid "General LDAP attribute error" -msgstr "B????d og??lny" +msgstr "B????d og??lny atrybutu LDAP" -#, fuzzy -#| msgid "General error" msgid "General LDAP name error" -msgstr "B????d og??lny" +msgstr "B????d og??lny nazwy LDAP" -#, fuzzy -#| msgid "General Assuan error" msgid "General LDAP security error" -msgstr "B????d og??lny Assuana" +msgstr "B????d og??lny bezpiecze??stwa LDAP" -#, fuzzy -#| msgid "General error" msgid "General LDAP service error" -msgstr "B????d og??lny" +msgstr "B????d og??lny us??ugi LDAP" -#, fuzzy -#| msgid "General Assuan error" msgid "General LDAP update error" -msgstr "B????d og??lny Assuana" +msgstr "B????d og??lny aktualizacji LDAP" msgid "Experimental LDAP error code" -msgstr "" +msgstr "Eksperymentalny kod b????du LDAP" -#, fuzzy -#| msgid "IPC write error" msgid "Private LDAP error code" -msgstr "B????d zapisu IPC" +msgstr "Prywatny kod b????du LDAP" -#, fuzzy -#| msgid "General IPC error" msgid "Other general LDAP error" -msgstr "B????d og??lny IPC" +msgstr "Inny b????d og??lny LDAP" -#, fuzzy -#| msgid "IPC connect call failed" msgid "LDAP connecting failed (X)" -msgstr "Wywo??anie connect dla IPC nie powiod??o si??" +msgstr "Po????czenie z LDAP nie powiod??o si?? (X)" -#, fuzzy -#| msgid "General error" msgid "LDAP referral limit exceeded" -msgstr "B????d og??lny" +msgstr "Przekroczony limit odniesie?? LDAP" msgid "LDAP client loop" -msgstr "" +msgstr "P??tla klienta LDAP" -#, fuzzy -#| msgid "Card reset required" msgid "No LDAP results returned" -msgstr "Wymagany reset karty" +msgstr "Nie zwr??cono wynik??w LDAP" -#, fuzzy -#| msgid "Element not found" msgid "LDAP control not found" -msgstr "Element nie znaleziony" +msgstr "Nie znaleziono sterowania LDAP" -#, fuzzy -#| msgid "Not supported" msgid "Not supported by LDAP" -msgstr "Nie obs??ugiwane" +msgstr "Nie obs??ugiwane przez LDAP" -#, fuzzy -#| msgid "Unexpected error" msgid "LDAP connect error" -msgstr "Nieoczekiwany b????d" +msgstr "B????d po????czenia z LDAP" msgid "Out of memory in LDAP" -msgstr "" +msgstr "Brak pami??ci w LDAP" msgid "Bad parameter to an LDAP routine" -msgstr "" +msgstr "B????dny parametr procedury LDAP" -#, fuzzy -#| msgid "Unsupported operation" msgid "User cancelled LDAP operation" -msgstr "Nieobs??ugiwana operacja" +msgstr "Operacja LDAP anulowana przez u??ytkownika" -#, fuzzy -#| msgid "Bad certificate" msgid "Bad LDAP search filter" -msgstr "B????dny certyfikat" +msgstr "B????dny filtr wyszukiwania LDAP" -#, fuzzy -#| msgid "Unknown extension" msgid "Unknown LDAP authentication method" -msgstr "Nieznane rozszerzenie" +msgstr "Nieznana metoda uwierzytelnienia LDAP" -#, fuzzy -#| msgid "Timeout" msgid "Timeout in LDAP" -msgstr "Up??yn???? limit czasu" +msgstr "Limit czasu w LDAP" -#, fuzzy -#| msgid "dirmngr error" msgid "LDAP decoding error" -msgstr "B????d dirmngr" +msgstr "B????d dekodowania LDAP" -#, fuzzy -#| msgid "dirmngr error" msgid "LDAP encoding error" -msgstr "B????d dirmngr" +msgstr "B????d kodowania LDAP" -#, fuzzy -#| msgid "IPC read error" msgid "LDAP local error" -msgstr "B????d odczytu IPC" +msgstr "B????d lokalny LDAP" -#, fuzzy -#| msgid "Not an IPC server" msgid "Cannot contact LDAP server" -msgstr "To nie jest serwer IPC" +msgstr "Nie mo??na po????czy?? si?? z serwerem LDAP" -#, fuzzy -#| msgid "Success" msgid "LDAP success" -msgstr "Sukces" +msgstr "Sukces LDAP" -#, fuzzy -#| msgid "Configuration error" msgid "LDAP operations error" -msgstr "B????d konfiguracji" +msgstr "B????d operacji LDAP" -#, fuzzy -#| msgid "Protocol violation" msgid "LDAP protocol error" -msgstr "Naruszenie protoko??u" +msgstr "B????d protoko??u LDAP" msgid "Time limit exceeded in LDAP" -msgstr "" +msgstr "Przekroczony limit czasu w LDAP" msgid "Size limit exceeded in LDAP" -msgstr "" +msgstr "Przekroczony limit rozmiaru w LDAP" msgid "LDAP compare false" -msgstr "" +msgstr "Por??wnanie LDAP fa??szywe" msgid "LDAP compare true" -msgstr "" +msgstr "Por??wnanie LDAP prawdziwe" -#, fuzzy -#| msgid "Unknown extension" msgid "LDAP authentication method not supported" -msgstr "Nieznane rozszerzenie" +msgstr "Nieobs??ugiwana metoda uwierzytelnienia LDAP" msgid "Strong(er) LDAP authentication required" -msgstr "" +msgstr "Wymagana silniejsze uwierzytelnienie LDAP" -#, fuzzy -#| msgid "Fatal alert message received" msgid "Partial LDAP results+referral received" -msgstr "Otrzymano komunikat alarmu krytycznego" +msgstr "Otrzymano cz????ciowe wyniki+odniesienie LDAP" -#, fuzzy -#| msgid "General error" msgid "LDAP referral" -msgstr "B????d og??lny" +msgstr "Odniesienie LDAP" msgid "Administrative LDAP limit exceeded" -msgstr "" +msgstr "Przekroczony limit administracyjny LDAP" msgid "Critical LDAP extension is unavailable" -msgstr "" +msgstr "Krytyczne rozszerzenie LDAP jest niedost??pne" -#, fuzzy -#| msgid "Card reset required" msgid "Confidentiality required by LDAP" -msgstr "Wymagany reset karty" +msgstr "Zaufanie wymagane przez LDAP" msgid "LDAP SASL bind in progress" -msgstr "" +msgstr "Wi??zanie LDAP SASL w trakcie" msgid "No such LDAP attribute" -msgstr "" +msgstr "Nie ma takiego atrybutu LDAP" -#, fuzzy -#| msgid "Invalid attribute" msgid "Undefined LDAP attribute type" -msgstr "Niepoprawny atrybut" +msgstr "Niezdefiniowany typ atrybutu LDAP" -#, fuzzy -#| msgid "Unsupported protection" msgid "Inappropriate matching in LDAP" -msgstr "Nieobs??ugiwane zabezpieczenie" +msgstr "Niew??a??ciwe dopasowanie w LDAP" -#, fuzzy -#| msgid "Protocol violation" msgid "Constraint violation in LDAP" -msgstr "Naruszenie protoko??u" +msgstr "Naruszenie ograniczenia w LDAP" msgid "LDAP type or value exists" -msgstr "" +msgstr "Typ lub warto???? LDAP istnieje" -#, fuzzy -#| msgid "Invalid state" msgid "Invalid syntax in LDAP" -msgstr "Niepoprawny stan" +msgstr "B????dna sk??adnia w LDAP" -#, fuzzy -#| msgid "No CMS object" msgid "No such LDAP object" -msgstr "Brak obiektu CMS" +msgstr "Nie ma takiego obiektu LDAP" -#, fuzzy -#| msgid "Hardware problem" msgid "LDAP alias problem" -msgstr "Problem sprz??towy" +msgstr "Problem z aliasem LDAP" -#, fuzzy -#| msgid "Invalid state" msgid "Invalid DN syntax in LDAP" -msgstr "Niepoprawny stan" +msgstr "B????dna sk??adnia DN w LDAP" msgid "LDAP entry is a leaf" -msgstr "" +msgstr "Wpis LDAP jest li??ciem" -#, fuzzy -#| msgid "Encoding problem" msgid "LDAP alias dereferencing problem" -msgstr "Problem z kodowaniem" +msgstr "Problem z rozwini??ciem aliasu LDAP" msgid "LDAP proxy authorization failure (X)" -msgstr "" +msgstr "B????d autoryzacji do proxy LDAP (X)" -#, fuzzy -#| msgid "Unsupported protection" msgid "Inappropriate LDAP authentication" -msgstr "Nieobs??ugiwane zabezpieczenie" +msgstr "Niew??a??ciwe uwierzytelnienie LDAP" -#, fuzzy -#| msgid "Invalid card" msgid "Invalid LDAP credentials" -msgstr "Niepoprawna karta" +msgstr "B????dne dane uwierzytelniaj??ce LDAP" msgid "Insufficient access for LDAP" -msgstr "" +msgstr "Niewystarczaj??cy dost??p dla LDAP" msgid "LDAP server is busy" -msgstr "" +msgstr "Serwer LDAP jest zaj??ty" -#, fuzzy -#| msgid "No keyserver available" msgid "LDAP server is unavailable" -msgstr "Brak dost??pnego serwera kluczy" +msgstr "Serwer LDAP jest niedost??pny" msgid "LDAP server is unwilling to perform" -msgstr "" +msgstr "Serwer LDAP nie zamierza wykona?? ????dania" msgid "Loop detected by LDAP" -msgstr "" +msgstr "P??tla wykryta przez LDAP" -#, fuzzy -#| msgid "Missing action" msgid "LDAP naming violation" -msgstr "Brak akcji" +msgstr "Naruszenie nazw LDAP" -#, fuzzy -#| msgid "Protocol violation" msgid "LDAP object class violation" -msgstr "Naruszenie protoko??u" +msgstr "Naruszenie klasy obiektu LDAP" -#, fuzzy -#| msgid "Operation not yet finished" msgid "LDAP operation not allowed on non-leaf" -msgstr "Operacja jeszcze nie zako??czona" +msgstr "Operacja LDAP nie jest dozwolona na nie-li??ciu" -#, fuzzy -#| msgid "Operation cancelled" msgid "LDAP operation not allowed on RDN" -msgstr "Operacja anulowana" +msgstr "Operacja LDAP nie jest dozwolona na RDN" msgid "Already exists (LDAP)" -msgstr "" +msgstr "Ju?? istnieje (LDAP)" msgid "Cannot modify LDAP object class" -msgstr "" +msgstr "Nie mo??na zmodyfikowa?? klasy obiektu LDAP" -#, fuzzy -#| msgid "Line too long" msgid "LDAP results too large" -msgstr "Linia zbyt d??uga" +msgstr "Wyniki LDAP zbyt du??e" -#, fuzzy -#| msgid "Operation cancelled" msgid "LDAP operation affects multiple DSAs" -msgstr "Operacja anulowana" +msgstr "Operacja LDAP obejmuje wiele DSA" msgid "Virtual LDAP list view error" -msgstr "" +msgstr "B????d widoku wirtualnej listy LDAP" -#, fuzzy -#| msgid "General IPC error" msgid "Other LDAP error" -msgstr "B????d og??lny IPC" +msgstr "Inny b????d LDAP" -#, fuzzy -#| msgid "Resources exhausted" msgid "Resources exhausted in LCUP" -msgstr "Zasoby wyczerpane" +msgstr "Zasoby wyczerpane w LCUP" -#, fuzzy -#| msgid "Protocol violation" msgid "Security violation in LCUP" -msgstr "Naruszenie protoko??u" +msgstr "Naruszenie bezpiecze??stwa w LCUP" -#, fuzzy -#| msgid "Invalid state" msgid "Invalid data in LCUP" -msgstr "Niepoprawny stan" +msgstr "B????dne dane w LCUP" -#, fuzzy -#| msgid "Unsupported certificate" msgid "Unsupported scheme in LCUP" -msgstr "Nieobs??ugiwany certyfikat" +msgstr "Nieobs??ugiwany schemat w LCUP" -#, fuzzy -#| msgid "Card reset required" msgid "Reload required in LCUP" -msgstr "Wymagany reset karty" +msgstr "Wymagane prze??adowanie w LCUP" -#, fuzzy -#| msgid "Success" msgid "LDAP cancelled" -msgstr "Sukces" +msgstr "LDAP anulowane" -#, fuzzy -#| msgid "Not operational" msgid "No LDAP operation to cancel" -msgstr "Nie gotowy" +msgstr "Brak operacji LDAP do anulowania" -#, fuzzy -#| msgid "Not operational" msgid "Too late to cancel LDAP" -msgstr "Nie gotowy" +msgstr "Za p????no na anulowanie LDAP" -#, fuzzy -#| msgid "Not an IPC server" msgid "Cannot cancel LDAP" -msgstr "To nie jest serwer IPC" +msgstr "Nie mo??na anulowa?? LDAP" -#, fuzzy -#| msgid "Decryption failed" msgid "LDAP assertion failed" -msgstr "Odszyfrowywanie nie powiod??o si??" +msgstr "Zapewnienie LDAP nie powiod??o si??" msgid "Proxied authorization denied by LDAP" -msgstr "" +msgstr "Autoryzacja przez proxy odrzucona przez LDAP" msgid "User defined error code 1" msgstr "Zdefiniowany przez u??ytkownika kod b????du 1" @@ -1349,28 +1225,3 @@ msgstr "Sk??adnia: %s B????D-GPG [...]\n" #, c-format msgid "%s: warning: could not recognize %s\n" msgstr "%s: uwaga: nie rozpoznano %s\n" - -#, fuzzy -#~| msgid "Resources exhausted" -#~ msgid "LCUP Resources exhausted" -#~ msgstr "Zasoby wyczerpane" - -#, fuzzy -#~| msgid "Invalid data" -#~ msgid "LCUP Invalid data" -#~ msgstr "Niepoprawne dane" - -#, fuzzy -#~| msgid "Decryption failed" -#~ msgid "Assertion failed in lDAP" -#~ msgstr "Odszyfrowywanie nie powiod??o si??" - -#, fuzzy -#~| msgid "General error" -#~ msgid "LDAP Other general error" -#~ msgstr "B????d og??lny" - -#, fuzzy -#~| msgid "dirmngr error" -#~ msgid "Encoding error" -#~ msgstr "B????d dirmngr" ----------------------------------------------------------------------- Summary of changes: NEWS | 12 +- configure.ac | 6 +- doc/errorref.txt | 2 + po/cs.po | 3 + po/da.po | 3 + po/de.po | 7 +- po/eo.po | 3 + po/fr.po | 3 + po/hu.po | 3 + po/it.po | 3 + po/ja.po | 3 + po/nl.po | 3 + po/pl.po | 342 ++++++++++++++++--------------------------------------- po/pt.po | 3 + po/ro.po | 3 + po/ru.po | 3 + po/sr.po | 3 + po/sv.po | 3 + po/uk.po | 3 + po/vi.po | 3 + po/zh_CN.po | 3 + po/zh_TW.po | 3 + 22 files changed, 169 insertions(+), 251 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 16:29:18 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 16:29:18 +0200 Subject: [git] gnupg-doc - branch, master, updated. c2a66b9d857bb7b82b77df60e9f95a205aa19ba9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c2a66b9d857bb7b82b77df60e9f95a205aa19ba9 (commit) from 8b5fc20b96a2808b1c36d4bedb17c502db4108ca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c2a66b9d857bb7b82b77df60e9f95a205aa19ba9 Author: Werner Koch Date: Wed Jun 15 16:26:30 2016 +0200 swdb: Release libgpg-error and libgrypt diff --git a/web/Makefile b/web/Makefile index d65dc10..16a3099 100644 --- a/web/Makefile +++ b/web/Makefile @@ -6,3 +6,9 @@ swdb.lst: swdb.mac swdb.lst.sig: swdb.lst gpg -sbu 0x249B39D24F25E3B6 swdb.lst + +upload: swdb.lst.sig + scp swdb.lst.sig swdb.lst playfair.gnupg.org:/var/www/git/versions.gnupg.org/htdocs/ + scp swdb.lst.sig swdb.lst werner at trithemius.gnupg.org:/var/www/www/www.gnupg.org/htdocs/ + +.PHONY: upload all diff --git a/web/swdb.mac b/web/swdb.mac index f4bda88..b7f774f 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -83,11 +83,11 @@ # # LIBGCRYPT # -#+macro: libgcrypt_ver 1.7.0 -#+macro: libgcrypt_date 2016-04-15 -#+macro: libgcrypt_size 2774k -#+macro: libgcrypt_sha1 f840b737faafded451a084ae143285ad68bbfb01 -#+macro: libgcrypt_sha2 b0e67ea74474939913c4d9d9ef4ef5ec378efbe2bebe36389dee319c79bffa92 +#+macro: libgcrypt_ver 1.7.1 +#+macro: libgcrypt_date 2016-06-15 +#+macro: libgcrypt_size 2777k +#+macro: libgcrypt_sha1 b688add52b622bb96bbd823ba21aa05a116d442f +#+macro: libgcrypt_sha2 450d9cfcbf1611c64dbe3bd04b627b83379ef89f11406d94c8bba305e36d7a95 # @@ -112,11 +112,11 @@ # # LIBGPG-ERROR # -#+macro: libgpg_error_ver 1.22 -#+macro: libgpg_error_date 2016-04-25 -#+macro: libgpg_error_size 759k -#+macro: libgpg_error_sha1 c40015ed88bf5f50fa58d02252d75cf20b858951 -#+macro: libgpg_error_sha2 f2a04ee6317bdb41a625bea23fdc7f0b5a63fb677f02447c647ed61fb9e69d7b +#+macro: libgpg_error_ver 1.23 +#+macro: libgpg_error_date 2016-06-15 +#+macro: libgpg_error_size 763k +#+macro: libgpg_error_sha1 c6a0c49211955e924593527b32e4b2736cafcda5 +#+macro: libgpg_error_sha2 7f0c7f65b98c4048f649bfeebfa4d4c1559707492962504592b985634c939eaa # ----------------------------------------------------------------------- Summary of changes: web/Makefile | 6 ++++++ web/swdb.mac | 20 ++++++++++---------- 2 files changed, 16 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 15 19:17:54 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Jun 2016 19:17:54 +0200 Subject: [git] gnupg-doc - branch, master, updated. 25d475420ec0302a87c79a463a72a1e42bb113a1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 25d475420ec0302a87c79a463a72a1e42bb113a1 (commit) from c2a66b9d857bb7b82b77df60e9f95a205aa19ba9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 25d475420ec0302a87c79a463a72a1e42bb113a1 Author: Werner Koch Date: Wed Jun 15 16:47:50 2016 +0200 web: Announce Libgcrypt 1.7.1. diff --git a/web/index.org b/web/index.org index 3f0f422..f17cd71 100644 --- a/web/index.org +++ b/web/index.org @@ -78,6 +78,12 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** Libgcrypt 1.7.1 released (2016-06-15) + +We are pleased to announce the availability of Libgcrypt version +1.7.1. This is a maintenance release for the stable version of +[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000389.html][{more}]] + ** First OpenPGP conference (2016-05-20) If you are a user or implementer of OpenPGP related software, you may ----------------------------------------------------------------------- Summary of changes: web/index.org | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 16 04:02:33 2016 From: cvs at cvs.gnupg.org (by Niibe Yutaka) Date: Thu, 16 Jun 2016 04:02:33 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-2-g0f3a069 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7 (commit) from fa917d2e24b0c98143a079ab4889ad8f69bee446 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7 Author: Niibe Yutaka Date: Thu Jun 16 10:56:28 2016 +0900 ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM. * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify) (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default cofactor as 1, when not specified. -- GnuPG-bug-id: 2347 Signed-off-by: NIIBE Yutaka diff --git a/cipher/ecc.c b/cipher/ecc.c index b09902e..8af0d14 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -806,6 +806,8 @@ ecc_check_secret_key (gcry_sexp_t keyparms) sk.E.dialect = ((flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -941,6 +943,8 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) sk.E.dialect = ((ctx.flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -1107,6 +1111,8 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) pk.E.dialect = ((sigflags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!pk.E.h) + pk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) @@ -1322,6 +1328,8 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) { pk.E.model = MPI_EC_WEIERSTRASS; pk.E.dialect = ECC_DIALECT_STANDARD; + if (!pk.E.h) + pk.E.h = mpi_const (MPI_C_ONE); } /* @@ -1577,6 +1585,8 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) { sk.E.model = MPI_EC_WEIERSTRASS; sk.E.dialect = ECC_DIALECT_STANDARD; + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -1859,6 +1869,8 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) dialect = ((flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!values[5]) + values[5] = mpi_const (MPI_C_ONE); } /* Check that all parameters are known and normalize all MPIs (that ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 16 04:07:11 2016 From: cvs at cvs.gnupg.org (by Niibe Yutaka) Date: Thu, 16 Jun 2016 04:07:11 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.1-2-gb0b70e7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via b0b70e7fe37b1bf13ec0bfc8effcb5c7f5db6b7d (commit) from fa917d2e24b0c98143a079ab4889ad8f69bee446 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b0b70e7fe37b1bf13ec0bfc8effcb5c7f5db6b7d Author: Niibe Yutaka Date: Thu Jun 16 10:56:28 2016 +0900 ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM. * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify) (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default cofactor as 1, when not specified. -- GnuPG-bug-id: 2347 Signed-off-by: NIIBE Yutaka (backport from master commit 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7) diff --git a/cipher/ecc.c b/cipher/ecc.c index b09902e..8af0d14 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -806,6 +806,8 @@ ecc_check_secret_key (gcry_sexp_t keyparms) sk.E.dialect = ((flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -941,6 +943,8 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) sk.E.dialect = ((ctx.flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -1107,6 +1111,8 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) pk.E.dialect = ((sigflags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!pk.E.h) + pk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) @@ -1322,6 +1328,8 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) { pk.E.model = MPI_EC_WEIERSTRASS; pk.E.dialect = ECC_DIALECT_STANDARD; + if (!pk.E.h) + pk.E.h = mpi_const (MPI_C_ONE); } /* @@ -1577,6 +1585,8 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) { sk.E.model = MPI_EC_WEIERSTRASS; sk.E.dialect = ECC_DIALECT_STANDARD; + if (!sk.E.h) + sk.E.h = mpi_const (MPI_C_ONE); } if (DBG_CIPHER) { @@ -1859,6 +1869,8 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) dialect = ((flags & PUBKEY_FLAG_EDDSA) ? ECC_DIALECT_ED25519 : ECC_DIALECT_STANDARD); + if (!values[5]) + values[5] = mpi_const (MPI_C_ONE); } /* Check that all parameters are known and normalize all MPIs (that ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 16 14:26:25 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 16 Jun 2016 14:26:25 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-178-g8997d88 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8997d88bf97d1784706becbf8e9dc74e4656e311 (commit) via a324d0cffe93cab955698c2c065b2f2227e379e4 (commit) via 856bcfe2934237011984fab0bc69800a7c25c34b (commit) via 6641c7814b30e3e8f18105b2636545cc1bd07552 (commit) via f3618bc615e3eff1f52fb5849cbf0f0b95515a61 (commit) via 616929b6edf00b4a774b727385d39b785a112b90 (commit) via 5464060baef2da8f5ea377118758e451c55e3787 (commit) via 5492853d7b84b4e1d0b11b234e32252ba8d1608d (commit) via 7eef399d89d4c3877cb795ed5ba45ecb241e67be (commit) via a852f99a0ac9dc7f7493b403f811f5f7518fae40 (commit) via 3bacce03e60dc45cc2da99a2f5c504612202e802 (commit) from 8173c4f1f8a145c4b1d454f6f05e26950e23d675 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8997d88bf97d1784706becbf8e9dc74e4656e311 Author: Justus Winter Date: Tue Jun 14 13:28:37 2016 +0200 python: Improve autmatically generated docstrings. * lang/python/gpgme.i: Add comment. * lang/python/pyme/core.py (__getattr__): Rewrite automatically generated doctrings for the wrapper methods. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index c6ddbb4..8dbb0c2 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -21,11 +21,21 @@ %include "cpointer.i" %include "cstring.i" -// Generate doc strings for all methods. +/* Generate doc strings for all methods. + + This will generate docstrings of the form + + gpgme_op_encrypt(ctx, recp, flags, plain, cipher) -> gpgme_error_t + + which we transform into + + ctx.op_encrypt(recp, flags, plain, cipher) -> gpgme_error_t + + for automagically wrapped functions. */ %feature("autodoc", "0"); -/* Allow use of Unicode objects, bytes, and None for strings. */ +/* Allow use of Unicode objects, bytes, and None for strings. */ %typemap(in) const char * { if ($input == Py_None) $1 = NULL; diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index c090331..09f71a1 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -24,6 +24,7 @@ and the 'Data' class describing buffers of data. """ +import re import weakref from . import pygpgme from .errors import errorcheck, GPGMEError @@ -107,6 +108,7 @@ class GpgmeWrapper(object): else: return get(self) + _munge_docstring = re.compile(r'gpgme_([^(]*)$([^,]*), (.*$ -> .*)') def __getattr__(self, key): """On-the-fly generation of wrapper methods and properties""" if key[0] == '_' or self._cprefix == None: @@ -119,27 +121,28 @@ class GpgmeWrapper(object): func = getattr(pygpgme, name) if self._errorcheck(name): - def _funcwrap(slf, *args, **kwargs): - result = func(slf.wrapped, *args, **kwargs) + def _funcwrap(slf, *args): + result = func(slf.wrapped, *args) if slf._callback_excinfo: pygpgme.pygpgme_raise_callback_exception(slf) return errorcheck(result, "Invocation of " + name) else: - def _funcwrap(slf, *args, **kwargs): - result = func(slf.wrapped, *args, **kwargs) + def _funcwrap(slf, *args): + result = func(slf.wrapped, *args) if slf._callback_excinfo: pygpgme.pygpgme_raise_callback_exception(slf) return result - _funcwrap.__doc__ = getattr(func, "__doc__") + doc = self._munge_docstring.sub(r'\2.\1(\3', getattr(func, "__doc__")) + _funcwrap.__doc__ = doc # Monkey-patch the class. setattr(self.__class__, key, _funcwrap) # Bind the method to 'self'. - def wrapper(*args, **kwargs): - return _funcwrap(self, *args, **kwargs) - _funcwrap.__doc__ = getattr(func, "__doc__") + def wrapper(*args): + return _funcwrap(self, *args) + wrapper.__doc__ = doc return wrapper commit a324d0cffe93cab955698c2c065b2f2227e379e4 Author: Justus Winter Date: Tue Jun 14 17:33:12 2016 +0200 python: Make result objects more robust. Results returned by the GPGME are fragile, i.e. they are only valid until the next operation is performed in the context. We cannot arbitrarily constrain the lifetime of Python objects, we therefore create deep copies of the results. * lang/python/gpgme.i (gpgme_tofu_info_t): Turn these into a list. (gpgme_*_result_t): Create deep copies of these objects. * lang/python/helpers.c (pygpgme_wrap_fragile_result): New function. * lang/python/helpers.h (pygpgme_wrap_fragile_result): New prototype. * lang/python/pyme/results.py: New file. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 9cc2022..c6ddbb4 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -283,10 +283,11 @@ // Make types containing 'next' field to be lists %ignore next; -%typemap(out) gpgme_sig_notation_t, gpgme_engine_info_t, gpgme_subkey_t, gpgme_key_sig_t, - gpgme_user_id_t, gpgme_invalid_key_t, gpgme_recipient_t, gpgme_new_signature_t, - gpgme_signature_t, gpgme_import_status_t, gpgme_conf_arg_t, gpgme_conf_opt_t, - gpgme_conf_comp_t { +%typemap(out) gpgme_sig_notation_t, gpgme_engine_info_t, gpgme_subkey_t, + gpgme_key_sig_t, gpgme_user_id_t, gpgme_invalid_key_t, + gpgme_recipient_t, gpgme_new_signature_t, gpgme_signature_t, + gpgme_import_status_t, gpgme_conf_arg_t, gpgme_conf_opt_t, + gpgme_conf_comp_t, gpgme_tofu_info_t { int i; int size = 0; $1_ltype curr; @@ -300,6 +301,75 @@ } } + + +/* Wrap the fragile result objects into robust Python ones. */ +%typemap(out) gpgme_encrypt_result_t { + PyObject *fragile; + fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor, + %newpointer_flags); + $result = pygpgme_wrap_fragile_result(fragile, "EncryptResult"); + Py_DECREF(fragile); +} + +%typemap(out) gpgme_decrypt_result_t { + PyObject *fragile; + fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor, + %newpointer_flags); + $result = pygpgme_wrap_fragile_result(fragile, "DecryptResult"); + Py_DECREF(fragile); +} + +%typemap(out) gpgme_sign_result_t { + PyObject *fragile; + fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor, + %newpointer_flags); + $result = pygpgme_wrap_fragile_result(fragile, "SignResult"); + Py_DECREF(fragile); +} + +%typemap(out) gpgme_verify_result_t { + PyObject *fragile; + fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor, + %newpointer_flags); + $result = pygpgme_wrap_fragile_result(fragile, "VerifyResult"); + Py_DECREF(fragile); +} + +%typemap(out) gpgme_import_result_t { + PyObject *fragile; + fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor, + %newpointer_flags); + $result = pygpgme_wrap_fragile_result(fragile, "ImportResult"); + Py_DECREF(fragile); +} + +%typemap(out) gpgme_genkey_result_t { + PyObject *fragile; + fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor, + %newpointer_flags); + $result = pygpgme_wrap_fragile_result(fragile, "GenkeyResult"); + Py_DECREF(fragile); +} + +%typemap(out) gpgme_keylist_result_t { + PyObject *fragile; + fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor, + %newpointer_flags); + $result = pygpgme_wrap_fragile_result(fragile, "KeylistResult"); + Py_DECREF(fragile); +} + +%typemap(out) gpgme_vfs_mount_result_t { + PyObject *fragile; + fragile = SWIG_NewPointerObj(SWIG_as_voidptr($1), $1_descriptor, + %newpointer_flags); + $result = pygpgme_wrap_fragile_result(fragile, "VFSMountResult"); + Py_DECREF(fragile); +} + + + // Include mapper for edit callbacks %typemap(in) (gpgme_edit_cb_t fnc, void *fnc_value) { if (! PyTuple_Check($input)) diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 6de2b8d..1b66146 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -272,6 +272,38 @@ object_to_gpgme_data_t(PyObject *input, int argnum, gpgme_data_t *wrapper, +PyObject * +pygpgme_wrap_fragile_result(PyObject *fragile, const char *classname) +{ + static PyObject *results; + PyObject *class; + PyObject *replacement; + + if (results == NULL) + { + PyObject *from_list = PyList_New(0); + if (from_list == NULL) + return NULL; + + results = PyImport_ImportModuleLevel("results", PyEval_GetGlobals(), + PyEval_GetLocals(), from_list, 1); + Py_DECREF(from_list); + + if (results == NULL) + return NULL; + } + + class = PyMapping_GetItemString(PyModule_GetDict(results), classname); + if (class == NULL) + return NULL; + + replacement = PyObject_CallFunctionObjArgs(class, fragile, NULL); + Py_DECREF(class); + return replacement; +} + + + /* Callback support. */ static gpgme_error_t pyPassphraseCb(void *hook, const char *uid_hint, diff --git a/lang/python/helpers.h b/lang/python/helpers.h index 1564290..beb2682 100644 --- a/lang/python/helpers.h +++ b/lang/python/helpers.h @@ -34,6 +34,8 @@ PyObject *object_to_gpgme_data_t(PyObject *input, int argnum, gpgme_data_t *wrapper, PyObject **bytesio, Py_buffer *view); +PyObject *pygpgme_wrap_fragile_result(PyObject *fragile, const char *classname); + PyObject *pygpgme_raise_callback_exception(PyObject *self); PyObject *pygpgme_set_passphrase_cb(PyObject *self, PyObject *cb); diff --git a/lang/python/pyme/results.py b/lang/python/pyme/results.py new file mode 100644 index 0000000..e6e8968 --- /dev/null +++ b/lang/python/pyme/results.py @@ -0,0 +1,116 @@ +# Robust result objects +# +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as +# published by the Free Software Foundation; either version 2.1 of the +# License, or (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +"""Robust result objects + +Results returned by the underlying library are fragile, i.e. they are +only valid until the next operation is performed in the context. + +We cannot arbitrarily constrain the lifetime of Python objects, we +therefore create deep copies of the results. + +""" + +class Result(object): + """Result object + + Describes the result of an operation. + + """ + + """Convert to types""" + _type = {} + + """Map functions over list attributes""" + _map = {} + + """Automatically copy unless blacklisted""" + _blacklist = { + 'acquire', 'append', 'disown', 'next', 'own', 'this', 'thisown', + } + def __init__(self, fragile): + for key, func in self._type.items(): + setattr(self, key, func(getattr(fragile, key))) + + for key, func in self._map.items(): + setattr(self, key, list(map(func, getattr(fragile, key)))) + + for key, func in self._map.items(): + setattr(self, key, list(map(func, getattr(fragile, key)))) + + for key in dir(fragile): + if key.startswith('_') or key in self._blacklist: + continue + if hasattr(self, key): + continue + + setattr(self, key, getattr(fragile, key)) + + def __str__(self): + return '<{} {}>'.format( + self.__class__.__name__, + ', '.join('{}: {}'.format(k, getattr(self, k)) + for k in dir(self) if not k.startswith('_'))) + +class InvalidKey(Result): + pass + +class EncryptResult(Result): + _map = dict(invalid_recipients=InvalidKey) + +class Recipient(Result): + pass + +class DecryptResult(Result): + _type = dict(wrong_key_usage=bool) + _map = dict(recipients=Recipient) + +class NewSignature(Result): + pass + +class SignResult(Result): + _map = dict(invalid_signers=InvalidKey, signatures=NewSignature) + +class Notation(Result): + pass + +class TofuInfo(Result): + pass + +class Signature(Result): + _type = dict(wrong_key_usage=bool, chain_model=bool) + _map = dict(notations=Notation, tofu=TofuInfo) + +class VerifyResult(Result): + _map = dict(signatures=Signature) + +class ImportStatus(Result): + pass + +class ImportResult(Result): + _map = dict(imports=ImportStatus) + +class GenkeyResult(Result): + _type = dict(primary=bool, sub=bool) + +class KeylistResult(Result): + _type = dict(truncated=bool) + +class VFSMountResult(Result): + pass commit 856bcfe2934237011984fab0bc69800a7c25c34b Author: Justus Winter Date: Tue Jun 14 13:48:33 2016 +0200 python: Avoid creating SWIG proxy classes. * lang/python/Makefile.am (gpgme_wrap.c): Use '-builtin' to make SWIG generate builtin types for c types. * lang/python/gpgme.i (pygpgme_wrap_gpgme_data_t): Adapt slightly. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index e156d46..8f0e74f 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -40,7 +40,7 @@ errors.i: `$(GPG_ERROR_CONFIG) --prefix`/include/gpg-error.h >$@ gpgme_wrap.c pyme/pygpgme.py: gpgme.i errors.i gpgme.h copystamp - $(SWIG) -python -py3 $(SWIGOPT) \ + $(SWIG) -python -py3 -builtin $(SWIGOPT) \ -o $(builddir)/gpgme_wrap.c -outdir $(builddir)/pyme \ $< diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 65cd235..9cc2022 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -373,7 +373,7 @@ FILE *fdopen(int fildes, const char *mode); PyObject * pygpgme_wrap_gpgme_data_t(gpgme_data_t data) { - return SWIG_NewPointerObj(data, SWIGTYPE_p_gpgme_data, 0); + return SWIG_Python_NewPointerObj(NULL, data, SWIGTYPE_p_gpgme_data, 0); } gpgme_ctx_t commit 6641c7814b30e3e8f18105b2636545cc1bd07552 Author: Justus Winter Date: Tue Jun 14 12:37:26 2016 +0200 python: Simplify wrapping glue. * lang/python/pyme/core.py: Rename '_getctype' to '_ctype' and turn it into a string. Likewise rename '_getnameprepend' to '_cprefix'. * lang/python/helpers.c: Adapt accordingly. Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 5380ff2..6de2b8d 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -171,7 +171,7 @@ PyObject * object_to_gpgme_t(PyObject *input, const char *objtype, int argnum) { PyObject *pyname = NULL, *pypointer = NULL; - pyname = PyObject_CallMethod(input, "_getctype", NULL); + pyname = PyObject_GetAttrString(input, "_ctype"); if (pyname && PyUnicode_Check(pyname)) { if (strcmp(PyUnicode_AsUTF8(pyname), objtype) != 0) @@ -261,7 +261,7 @@ object_to_gpgme_data_t(PyObject *input, int argnum, gpgme_data_t *wrapper, } /* As last resort we assume it is a wrapped data object. */ - if (PyObject_HasAttrString(data, "_getctype")) + if (PyObject_HasAttrString(data, "_ctype")) return object_to_gpgme_t(data, "gpgme_data_t", argnum); return PyErr_Format(PyExc_TypeError, diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index e5a5061..c090331 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -61,17 +61,22 @@ class GpgmeWrapper(object): else: return repr(self.wrapped) == repr(other.wrapped) - def _getctype(self): - """Must be implemented by child classes. + @property + def _ctype(self): + """The name of the c type wrapped by this class + + Must be set by child classes. - Must return the name of the c type.""" + """ raise NotImplementedError() - def _getnameprepend(self): - """Must be implemented by child classes. + @property + def _cprefix(self): + """The common prefix of c functions wrapped by this class + + Must be set by child classes. - Must return the prefix of all c functions mapped to methods of - this class.""" + """ raise NotImplementedError() def _errorcheck(self, name): @@ -86,9 +91,9 @@ class GpgmeWrapper(object): def __wrap_boolean_property(self, key, do_set=False, value=None): get_func = getattr(pygpgme, - "{}get_{}".format(self._getnameprepend(), key)) + "{}get_{}".format(self._cprefix, key)) set_func = getattr(pygpgme, - "{}set_{}".format(self._getnameprepend(), key)) + "{}set_{}".format(self._cprefix, key)) def get(slf): return bool(get_func(slf.wrapped)) def set_(slf, value): @@ -104,13 +109,13 @@ class GpgmeWrapper(object): def __getattr__(self, key): """On-the-fly generation of wrapper methods and properties""" - if key[0] == '_' or self._getnameprepend() == None: + if key[0] == '_' or self._cprefix == None: return None if key in self._boolean_properties: return self.__wrap_boolean_property(key) - name = self._getnameprepend() + key + name = self._cprefix + key func = getattr(pygpgme, name) if self._errorcheck(name): @@ -181,11 +186,8 @@ class Context(GpgmeWrapper): def pinentry_mode(self, value): self.set_pinentry_mode(value) - def _getctype(self): - return 'gpgme_ctx_t' - - def _getnameprepend(self): - return 'gpgme_' + _ctype = 'gpgme_ctx_t' + _cprefix = 'gpgme_' def _errorcheck(self, name): """This function should list all functions returning gpgme_error_t""" @@ -432,11 +434,8 @@ class Data(GpgmeWrapper): """ - def _getctype(self): - return 'gpgme_data_t' - - def _getnameprepend(self): - return 'gpgme_data_' + _ctype = 'gpgme_data_t' + _cprefix = 'gpgme_data_' def _errorcheck(self, name): """This function should list all functions returning gpgme_error_t""" commit f3618bc615e3eff1f52fb5849cbf0f0b95515a61 Author: Justus Winter Date: Mon Jun 13 19:16:30 2016 +0200 python: Rework callbacks. Simplify how the lifetime of callback arguments is managed. * lang/python/gpgme.i (gpgme_edit_cb_t): Check arguments. (PyObject_p_p, void_p_p): Drop rather dangerous interface. (pygpgme_unwrap_gpgme_ctx_t): New function. * lang/python/helpers.c (pygpgme_clear_generic_cb): Drop dangerous function. (pyPassphraseCb): Assert contract. (pygpgme_set_passphrase_cb): Use Python's calling convention so that we can raise exceptions. Hand in 'self', get the wrapped object, and simply store the hook data as attribute of the wrapper object. (pyProgressCb, pygpgme_set_progress_cb): Likewise. (pygpgme_set_status_cb): Likewise. (pygpgme_data_new_from_cbs): Likewise. * lang/python/helpers.h (pygpgme_clear_generic_cb): Drop prototype. (pygpgme_set_passphrase_cb): Update prototype. (pygpgme_set_progress_cb): Likewise. (pygpgme_set_status_cb): Likewise. (pygpgme_data_new_from_cbs): Likewise. (pygpgme_unwrap_gpgme_ctx_t): New prottotype. * lang/python/pyme/core.py (Context, Data): Update callsites. Signed-off-by: Justus Winter diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 1e4c9ff..65cd235 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -302,11 +302,14 @@ // Include mapper for edit callbacks %typemap(in) (gpgme_edit_cb_t fnc, void *fnc_value) { + if (! PyTuple_Check($input)) + return PyErr_Format(PyExc_TypeError, "edit callback must be a tuple"); + if (PyTuple_Size($input) != 2 && PyTuple_Size($input) != 3) + return PyErr_Format(PyExc_TypeError, + "edit callback must be a tuple of size 2 or 3"); + $1 = (gpgme_edit_cb_t) pyEditCb; - if ($input == Py_None) - $2 = NULL; - else - $2 = $input; + $2 = $input; } /* Include the unmodified for cc, and the cleaned-up local @@ -355,8 +358,6 @@ struct _gpgme_sig_notation %pointer_functions(gpgme_error_t, gpgme_error_t_p); %pointer_functions(gpgme_trust_item_t, gpgme_trust_item_t_p); %pointer_functions(gpgme_engine_info_t, gpgme_engine_info_t_p); -%pointer_functions(PyObject *, PyObject_p_p); -%pointer_functions(void *, void_p_p); // Helper functions. @@ -374,6 +375,18 @@ pygpgme_wrap_gpgme_data_t(gpgme_data_t data) { return SWIG_NewPointerObj(data, SWIGTYPE_p_gpgme_data, 0); } + +gpgme_ctx_t +pygpgme_unwrap_gpgme_ctx_t(PyObject *wrapped) +{ + gpgme_ctx_t result; + if (SWIG_ConvertPtr(wrapped, + (void **) &result, + SWIGTYPE_p_gpgme_context, + SWIG_POINTER_EXCEPTION) == -1) + return NULL; + return result; +} %} %include "helpers.h" diff --git a/lang/python/helpers.c b/lang/python/helpers.c index ad33d07..5380ff2 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -76,10 +76,6 @@ gpgme_error_t pygpgme_exception2code(void) { return err_status; } -void pygpgme_clear_generic_cb(PyObject **cb) { - Py_DECREF(*cb); -} - /* Exception support for callbacks. */ #define EXCINFO "_callback_excinfo" @@ -293,6 +289,7 @@ static gpgme_error_t pyPassphraseCb(void *hook, pygpgme_exception_init(); assert (PyTuple_Check(pyhook)); + assert (PyTuple_Size(pyhook) == 2 || PyTuple_Size(pyhook) == 3); self = PyTuple_GetItem(pyhook, 0); func = PyTuple_GetItem(pyhook, 1); if (PyTuple_Size(pyhook) == 3) { @@ -374,15 +371,47 @@ static gpgme_error_t pyPassphraseCb(void *hook, return err_status; } -void pygpgme_set_passphrase_cb(gpgme_ctx_t ctx, PyObject *cb, - PyObject **freelater) { +PyObject * +pygpgme_set_passphrase_cb(PyObject *self, PyObject *cb) { + PyObject *wrapped; + gpgme_ctx_t ctx; + + wrapped = PyObject_GetAttrString(self, "wrapped"); + if (wrapped == NULL) + { + assert (PyErr_Occurred ()); + return NULL; + } + + ctx = pygpgme_unwrap_gpgme_ctx_t(wrapped); + Py_DECREF(wrapped); + if (ctx == NULL) + { + if (cb == Py_None) + goto out; + else + return PyErr_Format(PyExc_RuntimeError, "wrapped is NULL"); + } + if (cb == Py_None) { gpgme_set_passphrase_cb(ctx, NULL, NULL); - return; + PyObject_SetAttrString(self, "_passphrase_cb", Py_None); + goto out; } - Py_INCREF(cb); - *freelater = cb; - gpgme_set_passphrase_cb(ctx, (gpgme_passphrase_cb_t)pyPassphraseCb, (void *) cb); + + if (! PyTuple_Check(cb)) + return PyErr_Format(PyExc_TypeError, "cb must be a tuple"); + if (PyTuple_Size(cb) != 2 && PyTuple_Size(cb) != 3) + return PyErr_Format(PyExc_TypeError, + "cb must be a tuple of size 2 or 3"); + + gpgme_set_passphrase_cb(ctx, (gpgme_passphrase_cb_t) pyPassphraseCb, + (void *) cb); + PyObject_SetAttrString(self, "_passphrase_cb", cb); + + out: + Py_INCREF(Py_None); + return Py_None; } static void pyProgressCb(void *hook, const char *what, int type, int current, @@ -392,6 +421,7 @@ static void pyProgressCb(void *hook, const char *what, int type, int current, PyObject *self = NULL; assert (PyTuple_Check(pyhook)); + assert (PyTuple_Size(pyhook) == 2 || PyTuple_Size(pyhook) == 3); self = PyTuple_GetItem(pyhook, 0); func = PyTuple_GetItem(pyhook, 1); if (PyTuple_Size(pyhook) == 3) { @@ -423,14 +453,46 @@ static void pyProgressCb(void *hook, const char *what, int type, int current, Py_XDECREF(retval); } -void pygpgme_set_progress_cb(gpgme_ctx_t ctx, PyObject *cb, PyObject **freelater){ +PyObject * +pygpgme_set_progress_cb(PyObject *self, PyObject *cb) { + PyObject *wrapped; + gpgme_ctx_t ctx; + + wrapped = PyObject_GetAttrString(self, "wrapped"); + if (wrapped == NULL) + { + assert (PyErr_Occurred ()); + return NULL; + } + + ctx = pygpgme_unwrap_gpgme_ctx_t(wrapped); + Py_DECREF(wrapped); + if (ctx == NULL) + { + if (cb == Py_None) + goto out; + else + return PyErr_Format(PyExc_RuntimeError, "wrapped is NULL"); + } + if (cb == Py_None) { gpgme_set_progress_cb(ctx, NULL, NULL); - return; + PyObject_SetAttrString(self, "_progress_cb", Py_None); + goto out; } - Py_INCREF(cb); - *freelater = cb; + + if (! PyTuple_Check(cb)) + return PyErr_Format(PyExc_TypeError, "cb must be a tuple"); + if (PyTuple_Size(cb) != 2 && PyTuple_Size(cb) != 3) + return PyErr_Format(PyExc_TypeError, + "cb must be a tuple of size 2 or 3"); + gpgme_set_progress_cb(ctx, (gpgme_progress_cb_t) pyProgressCb, (void *) cb); + PyObject_SetAttrString(self, "_progress_cb", cb); + + out: + Py_INCREF(Py_None); + return Py_None; } /* Status callbacks. */ @@ -488,15 +550,46 @@ static gpgme_error_t pyStatusCb(void *hook, const char *keyword, return err; } -void pygpgme_set_status_cb(gpgme_ctx_t ctx, PyObject *cb, - PyObject **freelater) { +PyObject * +pygpgme_set_status_cb(PyObject *self, PyObject *cb) { + PyObject *wrapped; + gpgme_ctx_t ctx; + + wrapped = PyObject_GetAttrString(self, "wrapped"); + if (wrapped == NULL) + { + assert (PyErr_Occurred ()); + return NULL; + } + + ctx = pygpgme_unwrap_gpgme_ctx_t(wrapped); + Py_DECREF(wrapped); + if (ctx == NULL) + { + if (cb == Py_None) + goto out; + else + return PyErr_Format(PyExc_RuntimeError, "wrapped is NULL"); + } + if (cb == Py_None) { gpgme_set_status_cb(ctx, NULL, NULL); - return; + PyObject_SetAttrString(self, "_status_cb", Py_None); + goto out; } - Py_INCREF(cb); - *freelater = cb; + + if (! PyTuple_Check(cb)) + return PyErr_Format(PyExc_TypeError, "cb must be a tuple"); + if (PyTuple_Size(cb) != 2 && PyTuple_Size(cb) != 3) + return PyErr_Format(PyExc_TypeError, + "cb must be a tuple of size 2 or 3"); + gpgme_set_status_cb(ctx, (gpgme_status_cb_t) pyStatusCb, (void *) cb); + PyObject_SetAttrString(self, "_status_cb", cb); + + out: + Py_INCREF(Py_None); + return Py_None; } /* Edit callbacks. */ @@ -775,9 +868,10 @@ static void pyDataReleaseCb(void *hook) pygpgme_stash_callback_exception(self); } -gpgme_error_t pygpgme_data_new_from_cbs(gpgme_data_t *r_data, - PyObject *pycbs, - PyObject **freelater) +PyObject * +pygpgme_data_new_from_cbs(PyObject *self, + PyObject *pycbs, + gpgme_data_t *r_data) { static struct gpgme_data_cbs cbs = { pyDataReadCb, @@ -785,12 +879,20 @@ gpgme_error_t pygpgme_data_new_from_cbs(gpgme_data_t *r_data, pyDataSeekCb, pyDataReleaseCb, }; + gpgme_error_t err; + + if (! PyTuple_Check(pycbs)) + return PyErr_Format(PyExc_TypeError, "pycbs must be a tuple"); + if (PyTuple_Size(pycbs) != 5 && PyTuple_Size(pycbs) != 6) + return PyErr_Format(PyExc_TypeError, + "pycbs must be a tuple of size 5 or 6"); - assert (PyTuple_Check(pycbs)); - assert (PyTuple_Size(pycbs) == 5 || PyTuple_Size(pycbs) == 6); + err = gpgme_data_new_from_cbs(r_data, &cbs, (void *) pycbs); + if (err) + return pygpgme_raise_exception(err); - Py_INCREF(pycbs); - *freelater = pycbs; + PyObject_SetAttrString(self, "_data_cbs", pycbs); - return gpgme_data_new_from_cbs(r_data, &cbs, (void *) pycbs); + Py_INCREF(Py_None); + return Py_None; } diff --git a/lang/python/helpers.h b/lang/python/helpers.h index 37362ae..1564290 100644 --- a/lang/python/helpers.h +++ b/lang/python/helpers.h @@ -34,21 +34,18 @@ PyObject *object_to_gpgme_data_t(PyObject *input, int argnum, gpgme_data_t *wrapper, PyObject **bytesio, Py_buffer *view); -void pygpgme_clear_generic_cb(PyObject **cb); PyObject *pygpgme_raise_callback_exception(PyObject *self); -void pygpgme_set_passphrase_cb(gpgme_ctx_t ctx, PyObject *cb, - PyObject **freelater); -void pygpgme_set_progress_cb(gpgme_ctx_t ctx, PyObject *cb, PyObject **freelater); -void pygpgme_set_status_cb(gpgme_ctx_t ctx, PyObject *cb, - PyObject **freelater); +PyObject *pygpgme_set_passphrase_cb(PyObject *self, PyObject *cb); +PyObject *pygpgme_set_progress_cb(PyObject *self, PyObject *cb); +PyObject *pygpgme_set_status_cb(PyObject *self, PyObject *cb); gpgme_error_t pyEditCb(void *opaque, gpgme_status_code_t status, const char *args, int fd); -gpgme_error_t pygpgme_data_new_from_cbs(gpgme_data_t *r_data, - PyObject *pycbs, - PyObject **freelater); +PyObject *pygpgme_data_new_from_cbs(PyObject *self, PyObject *pycbs, + gpgme_data_t *r_data); /* SWIG support for helpers.c */ PyObject *pygpgme_wrap_gpgme_data_t(gpgme_data_t data); +gpgme_ctx_t pygpgme_unwrap_gpgme_ctx_t(PyObject *wrapped); diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 64dc787..e5a5061 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -220,9 +220,6 @@ class Context(GpgmeWrapper): pygpgme.delete_gpgme_ctx_t_p(tmp) self.own = True super().__init__(wrapped) - self.last_passcb = None - self.last_progresscb = None - self.last_statuscb = None self.armor = armor self.textmode = textmode self.offline = offline @@ -247,30 +244,6 @@ class Context(GpgmeWrapper): def __exit__(self, type, value, tb): self.__del__() - def _free_passcb(self): - if self.last_passcb != None: - if pygpgme.pygpgme_clear_generic_cb: - pygpgme.pygpgme_clear_generic_cb(self.last_passcb) - if pygpgme.delete_PyObject_p_p: - pygpgme.delete_PyObject_p_p(self.last_passcb) - self.last_passcb = None - - def _free_progresscb(self): - if self.last_progresscb != None: - if pygpgme.pygpgme_clear_generic_cb: - pygpgme.pygpgme_clear_generic_cb(self.last_progresscb) - if pygpgme.delete_PyObject_p_p: - pygpgme.delete_PyObject_p_p(self.last_progresscb) - self.last_progresscb = None - - def _free_statuscb(self): - if self.last_statuscb != None: - if pygpgme.pygpgme_clear_generic_cb: - pygpgme.pygpgme_clear_generic_cb(self.last_statuscb) - if pygpgme.delete_PyObject_p_p: - pygpgme.delete_PyObject_p_p(self.last_statuscb) - self.last_statuscb = None - def op_keylist_all(self, *args, **kwargs): self.op_keylist_start(*args, **kwargs) key = self.op_keylist_next() @@ -341,16 +314,18 @@ class Context(GpgmeWrapper): Please see the GPGME manual for more information. """ - self._free_passcb() if func == None: hookdata = None else: - self.last_passcb = pygpgme.new_PyObject_p_p() if hook == None: hookdata = (weakref.ref(self), func) else: hookdata = (weakref.ref(self), func, hook) - pygpgme.pygpgme_set_passphrase_cb(self.wrapped, hookdata, self.last_passcb) + pygpgme.pygpgme_set_passphrase_cb(self, hookdata) + + def _free_passcb(self): + if pygpgme.pygpgme_set_passphrase_cb: + self.set_passphrase_cb(None) def set_progress_cb(self, func, hook=None): """Sets the progress meter callback to the function specified by FUNC. @@ -364,16 +339,18 @@ class Context(GpgmeWrapper): Please see the GPGME manual for more information. """ - self._free_progresscb() if func == None: hookdata = None else: - self.last_progresscb = pygpgme.new_PyObject_p_p() if hook == None: hookdata = (weakref.ref(self), func) else: hookdata = (weakref.ref(self), func, hook) - pygpgme.pygpgme_set_progress_cb(self.wrapped, hookdata, self.last_progresscb) + pygpgme.pygpgme_set_progress_cb(self, hookdata) + + def _free_progresscb(self): + if pygpgme.pygpgme_set_progress_cb: + self.set_progress_cb(None) def set_status_cb(self, func, hook=None): """Sets the status callback to the function specified by FUNC. If @@ -386,17 +363,18 @@ class Context(GpgmeWrapper): Please see the GPGME manual for more information. """ - self._free_statuscb() if func == None: hookdata = None else: - self.last_statuscb = pygpgme.new_PyObject_p_p() if hook == None: hookdata = (weakref.ref(self), func) else: hookdata = (weakref.ref(self), func, hook) - pygpgme.pygpgme_set_status_cb(self.wrapped, hookdata, - self.last_statuscb) + pygpgme.pygpgme_set_status_cb(self, hookdata) + + def _free_statuscb(self): + if pygpgme.pygpgme_set_status_cb: + self.set_status_cb(None) def get_engine_info(self): """Returns this context specific engine info""" @@ -547,12 +525,7 @@ class Data(GpgmeWrapper): self.__del__() def _free_datacbs(self): - if self.data_cbs != None: - if pygpgme.pygpgme_clear_generic_cb: - pygpgme.pygpgme_clear_generic_cb(self.data_cbs) - if pygpgme.delete_PyObject_p_p: - pygpgme.delete_PyObject_p_p(self.data_cbs) - self.data_cbs = None + self._data_cbs = None def new(self): tmp = pygpgme.new_gpgme_data_t_p() @@ -579,8 +552,6 @@ class Data(GpgmeWrapper): pygpgme.delete_gpgme_data_t_p(tmp) def new_from_cbs(self, read_cb, write_cb, seek_cb, release_cb, hook=None): - assert self.data_cbs == None - self.data_cbs = pygpgme.new_PyObject_p_p() tmp = pygpgme.new_gpgme_data_t_p() if hook != None: hookdata = (weakref.ref(self), @@ -588,8 +559,7 @@ class Data(GpgmeWrapper): else: hookdata = (weakref.ref(self), read_cb, write_cb, seek_cb, release_cb) - errorcheck( - pygpgme.pygpgme_data_new_from_cbs(tmp, hookdata, self.data_cbs)) + pygpgme.pygpgme_data_new_from_cbs(self, hookdata, tmp) self.wrapped = pygpgme.gpgme_data_t_p_value(tmp) pygpgme.delete_gpgme_data_t_p(tmp) commit 616929b6edf00b4a774b727385d39b785a112b90 Author: Justus Winter Date: Wed Jun 8 17:56:33 2016 +0200 python: Wrap objects implementing the buffer protocol. * lang/python/Makefile.am: Add the toplevel source directory to CFLAGS when compiling the bindings so that we can use private header files. * lang/python/gpgme.i (gpgme_data_t): Rework the object wrapping. Do not create a Python wrapper object, merely a gpgme_data_t object, and keep references to buffer objects, if any. If necessary, update the buffer after the function call. (pygpgme_wrap_gpgme_data_t): New function. * lang/python/helpers.c (object_to_gpgme_data_t): Rework object wrapping. Also wrap objects implementing the buffer protocol. * lang/python/helpers.h (object_to_gpgme_data_t): Update prototype. (pygpgme_wrap_gpgme_data_t): New prototype. * lang/python/tests/t-idiomatic.py: Demonstrate this. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 18005bf..e156d46 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -45,7 +45,7 @@ gpgme_wrap.c pyme/pygpgme.py: gpgme.i errors.i gpgme.h copystamp $< all-local: gpgme_wrap.c pyme/pygpgme.py copystamp - CFLAGS="$(CFLAGS)" \ + CFLAGS="$(CFLAGS) -I$(top_srcdir)" \ $(PYTHON) setup.py build --verbose clean-local: diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index 98f30d5..1e4c9ff 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -114,17 +114,19 @@ } // Special handling for references to our objects. -%typemap(in) gpgme_data_t DATAIN (PyObject *wrapper) { +%typemap(in) gpgme_data_t DATAIN (gpgme_data_t wrapper = NULL, + PyObject *bytesio = NULL, Py_buffer view) { /* If we create a temporary wrapper object, we will store it in wrapperN, where N is $argnum. Here in this fragment, SWIG will automatically append $argnum. */ - wrapper = NULL; + memset(&view, 0, sizeof view); if ($input == Py_None) $1 = NULL; else { - PyObject *pypointer = NULL; - - if((pypointer=object_to_gpgme_data_t($input, $argnum, &wrapper)) == NULL) + PyObject *pypointer; + pypointer = object_to_gpgme_data_t($input, $argnum, &wrapper, + &bytesio, &view); + if (pypointer == NULL) return NULL; /* input = $input, 1 = $1, 1_descriptor = $1_descriptor */ @@ -141,8 +143,79 @@ } %typemap(freearg) gpgme_data_t DATAIN { + /* See whether we need to update the Python buffer. */ + if (resultobj && wrapper$argnum && view$argnum.buf + && wrapper$argnum->data.mem.buffer != NULL) + { + /* The buffer is dirty. */ + if (view$argnum.readonly) + { + Py_XDECREF(resultobj); + resultobj = NULL; + PyErr_SetString(PyExc_ValueError, "cannot update read-only buffer"); + } + + /* See if we need to truncate the buffer. */ + if (resultobj && view$argnum.len != wrapper$argnum->data.mem.length) + { + if (bytesio$argnum == NULL) + { + Py_XDECREF(resultobj); + resultobj = NULL; + PyErr_SetString(PyExc_ValueError, "cannot resize buffer"); + } + else + { + PyObject *retval; + PyBuffer_Release(&view$argnum); + retval = PyObject_CallMethod(bytesio$argnum, "truncate", "l", + (long) + wrapper$argnum->data.mem.length); + if (retval == NULL) + { + Py_XDECREF(resultobj); + resultobj = NULL; + } + else + { + Py_DECREF(retval); + + retval = PyObject_CallMethod(bytesio$argnum, "getbuffer", NULL); + if (retval == NULL + || PyObject_GetBuffer(retval, &view$argnum, + PyBUF_SIMPLE|PyBUF_WRITABLE) < 0) + { + Py_XDECREF(resultobj); + resultobj = NULL; + } + + Py_XDECREF(retval); + + if (resultobj && view$argnum.len + != wrapper$argnum->data.mem.length) + { + Py_XDECREF(resultobj); + resultobj = NULL; + PyErr_Format(PyExc_ValueError, + "Expected buffer of length %zu, got %zi", + wrapper$argnum->data.mem.length, + view$argnum.len); + } + } + } + } + + if (resultobj) + memcpy(view$argnum.buf, wrapper$argnum->data.mem.buffer, + wrapper$argnum->data.mem.length); + } + /* Free the temporary wrapper, if any. */ - Py_XDECREF(wrapper$argnum); + if (wrapper$argnum) + gpgme_data_release(wrapper$argnum); + Py_XDECREF (bytesio$argnum); + if (wrapper$argnum && view$argnum.buf) + PyBuffer_Release(&view$argnum); } %apply gpgme_data_t DATAIN {gpgme_data_t plain, gpgme_data_t cipher, @@ -240,7 +313,10 @@ version for SWIG. We do, however, want to hide certain fields on some structs, which we provide prior to including the version for SWIG. */ - %{ #include %} +%{ +#include +#include "src/data.h" /* For struct gpgme_data. */ +%} /* This is for notations, where we want to hide the length fields, and the unused bit field block. */ @@ -291,5 +367,13 @@ FILE *fdopen(int fildes, const char *mode); %{ #include "helpers.h" + +/* SWIG support for helpers.c */ +PyObject * +pygpgme_wrap_gpgme_data_t(gpgme_data_t data) +{ + return SWIG_NewPointerObj(data, SWIGTYPE_p_gpgme_data, 0); +} %} + %include "helpers.h" diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 810423d..ad33d07 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -206,64 +206,72 @@ object_to_gpgme_t(PyObject *input, const char *objtype, int argnum) objects with a fileno method, returning it in WRAPPER. This object must be de-referenced when no longer needed. */ PyObject * -object_to_gpgme_data_t(PyObject *input, int argnum, PyObject **wrapper) +object_to_gpgme_data_t(PyObject *input, int argnum, gpgme_data_t *wrapper, + PyObject **bytesio, Py_buffer *view) { - static PyObject *Data = NULL; - PyObject *data = input; + gpgme_error_t err; + PyObject *data; PyObject *fd; - PyObject *result; - *wrapper = NULL; - - if (Data == NULL) { - PyObject *core; - PyObject *from_list = PyList_New(0); - core = PyImport_ImportModuleLevel("core", PyEval_GetGlobals(), - PyEval_GetLocals(), from_list, 1); - Py_XDECREF(from_list); - if (core) { - Data = PyDict_GetItemString(PyModule_GetDict(core), "Data"); - Py_XINCREF(Data); - } - else - return NULL; - } + /* See if it is a file-like object with file number. */ fd = PyObject_CallMethod(input, "fileno", NULL); if (fd) { - /* File-like object with file number. */ - PyObject *args = NULL; - PyObject *kw = NULL; - - /* We don't need the fd, as we have no constructor accepting file - descriptors directly. */ + err = gpgme_data_new_from_fd(wrapper, (int) PyLong_AsLong(fd)); Py_DECREF(fd); + if (err) + return pygpgme_raise_exception (err); + + return pygpgme_wrap_gpgme_data_t(*wrapper); + } + else + PyErr_Clear(); - args = PyTuple_New(0); - kw = PyDict_New(); - if (args == NULL || kw == NULL) - { - fail: - Py_XDECREF(args); - Py_XDECREF(kw); + /* No? Maybe it implements the buffer protocol. */ + data = PyObject_CallMethod(input, "getbuffer", NULL); + if (data) + { + /* Save a reference to input, which seems to be a BytesIO + object. */ + Py_INCREF(input); + *bytesio = input; + } + else + { + PyErr_Clear(); + + /* No, but maybe the user supplied a buffer object? */ + data = input; + } + + /* Do we have a buffer object? */ + if (PyObject_CheckBuffer(data)) + { + if (PyObject_GetBuffer(data, view, PyBUF_SIMPLE) < 0) return NULL; - } - if (PyDict_SetItemString(kw, "file", input) < 0) - goto fail; + if (data != input) + Py_DECREF(data); - *wrapper = PyObject_Call(Data, args, kw); - if (*wrapper == NULL) - goto fail; + assert (view->ndim == 1); + assert (view->shape == NULL); + assert (view->strides == NULL); + assert (view->suboffsets == NULL); - Py_DECREF(args); - Py_DECREF(kw); - data = *wrapper; - } - else - PyErr_Clear(); + err = gpgme_data_new_from_mem(wrapper, view->buf, (size_t) view->len, 0); + if (err) + return pygpgme_raise_exception (err); - result = object_to_gpgme_t(data, "gpgme_data_t", argnum); - return result; + return pygpgme_wrap_gpgme_data_t(*wrapper); + } + + /* As last resort we assume it is a wrapped data object. */ + if (PyObject_HasAttrString(data, "_getctype")) + return object_to_gpgme_t(data, "gpgme_data_t", argnum); + + return PyErr_Format(PyExc_TypeError, + "arg %d: expected pyme.Data, file, or an object " + "implementing the buffer protocol, got %s", + argnum, data->ob_type->tp_name); } diff --git a/lang/python/helpers.h b/lang/python/helpers.h index 2450263..37362ae 100644 --- a/lang/python/helpers.h +++ b/lang/python/helpers.h @@ -1,4 +1,5 @@ /* +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # @@ -30,7 +31,8 @@ gpgme_error_t pygpgme_exception2code(void); PyObject *object_to_gpgme_t(PyObject *input, const char *objtype, int argnum); PyObject *object_to_gpgme_data_t(PyObject *input, int argnum, - PyObject **wrapper); + gpgme_data_t *wrapper, + PyObject **bytesio, Py_buffer *view); void pygpgme_clear_generic_cb(PyObject **cb); PyObject *pygpgme_raise_callback_exception(PyObject *self); @@ -47,3 +49,6 @@ gpgme_error_t pyEditCb(void *opaque, gpgme_status_code_t status, gpgme_error_t pygpgme_data_new_from_cbs(gpgme_data_t *r_data, PyObject *pycbs, PyObject **freelater); + +/* SWIG support for helpers.c */ +PyObject *pygpgme_wrap_gpgme_data_t(gpgme_data_t data); diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py index 37cfb64..b252690 100755 --- a/lang/python/tests/t-idiomatic.py +++ b/lang/python/tests/t-idiomatic.py @@ -17,6 +17,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . +import io import os import tempfile from pyme import core, constants, errors @@ -33,14 +34,7 @@ with core.Context() as c, core.Data() as d: assert leak_c.wrapped == None assert leak_d.wrapped == None -# Demonstrate automatic wrapping of file-like objects with 'fileno' -# method. -with tempfile.TemporaryFile() as source, \ - tempfile.TemporaryFile() as signed, \ - tempfile.TemporaryFile() as sink: - source.write(b"Hallo Leute\n") - source.seek(0, os.SEEK_SET) - +def sign_and_verify(source, signed, sink): with core.Context() as c: c.op_sign(source, signed, constants.SIG_MODE_NORMAL) signed.seek(0, os.SEEK_SET) @@ -54,3 +48,28 @@ with tempfile.TemporaryFile() as source, \ sink.seek(0, os.SEEK_SET) assert sink.read() == b"Hallo Leute\n" + +# Demonstrate automatic wrapping of file-like objects with 'fileno' +# method. +with tempfile.TemporaryFile() as source, \ + tempfile.TemporaryFile() as signed, \ + tempfile.TemporaryFile() as sink: + source.write(b"Hallo Leute\n") + source.seek(0, os.SEEK_SET) + + sign_and_verify(source, signed, sink) + +# XXX: Python's io.BytesIo.truncate does not work as advertised. +# http://bugs.python.org/issue27261 +bio = io.BytesIO() +bio.truncate(1) +if len(bio.getvalue()) != 1: + # This version of Python is affected, preallocate buffer. + preallocate = 128*b'\x00' +else: + preallocate = b'' + +# Demonstrate automatic wrapping of objects implementing the buffer +# interface, and the use of data objects with the 'with' statement. +with io.BytesIO(preallocate) as signed, core.Data() as sink: + sign_and_verify(b"Hallo Leute\n", signed, sink) commit 5464060baef2da8f5ea377118758e451c55e3787 Author: Justus Winter Date: Fri Jun 10 13:00:33 2016 +0200 python: Add properties to wrapped object. * lang/python/pyme/core.py (GpgmeWrapper.__repr__): Saner representation. (GpgmeWrapper.__str__): Construct a nicer human readable string. (GpgmeWrapper._boolean_properties): New field. (GpgmeWrapper.__wrap_boolean_property): New function. (GpgmeWrapper.__getattr__): Wrap functions using properties. (GpgmeWrapper.__setattr__): New method. Likewise wrap functions. (Context.signers): New property. (Context.pinentry_mode): Likewise. (Context._boolean_properties): List boolean properties. (Context.__init__): Add keyword arguments for properties and apply them. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 293df09..64dc787 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -27,6 +27,7 @@ and the 'Data' class describing buffers of data. import weakref from . import pygpgme from .errors import errorcheck, GPGMEError +from . import constants from . import errors class GpgmeWrapper(object): @@ -41,12 +42,15 @@ class GpgmeWrapper(object): self.wrapped = wrapped def __repr__(self): - return '' % \ - (__name__, self.__class__.__name__, - self.wrapped) + return '<{}/{!r}>'.format(super().__repr__(), self.wrapped) def __str__(self): - return repr(self) + acc = ['{}.{}'.format(__name__, self.__class__.__name__)] + flags = [f for f in self._boolean_properties if getattr(self, f)] + if flags: + acc.append('({})'.format(' '.join(flags))) + + return '<{}>'.format(' '.join(acc)) def __hash__(self): return hash(repr(self.wrapped)) @@ -77,10 +81,35 @@ class GpgmeWrapper(object): returning gpgme_error_t.""" raise NotImplementedError() + """The set of all boolean properties""" + _boolean_properties = set() + + def __wrap_boolean_property(self, key, do_set=False, value=None): + get_func = getattr(pygpgme, + "{}get_{}".format(self._getnameprepend(), key)) + set_func = getattr(pygpgme, + "{}set_{}".format(self._getnameprepend(), key)) + def get(slf): + return bool(get_func(slf.wrapped)) + def set_(slf, value): + set_func(slf.wrapped, bool(value)) + + p = property(get, set_, doc="{} flag".format(key)) + setattr(self.__class__, key, p) + + if do_set: + set_(self, bool(value)) + else: + return get(self) + def __getattr__(self, key): - """On-the-fly generation of wrapper methods.""" + """On-the-fly generation of wrapper methods and properties""" if key[0] == '_' or self._getnameprepend() == None: return None + + if key in self._boolean_properties: + return self.__wrap_boolean_property(key) + name = self._getnameprepend() + key func = getattr(pygpgme, name) @@ -109,6 +138,13 @@ class GpgmeWrapper(object): return wrapper + def __setattr__(self, key, value): + """On-the-fly generation of properties""" + if key in self._boolean_properties: + self.__wrap_boolean_property(key, True, value) + else: + super().__setattr__(key, value) + class Context(GpgmeWrapper): """Context for cryptographic operations @@ -122,6 +158,29 @@ class Context(GpgmeWrapper): """ + @property + def signers(self): + """Keys used for signing""" + return [self.signers_enum(i) for i in range(self.signers_count())] + @signers.setter + def signers(self, signers): + old = self.signers + self.signers_clear() + try: + for key in signers: + self.signers_add(key) + except: + self.signers = old + raise + + @property + def pinentry_mode(self): + """Pinentry mode""" + return self.get_pinentry_mode() + @pinentry_mode.setter + def pinentry_mode(self, value): + self.set_pinentry_mode(value) + def _getctype(self): return 'gpgme_ctx_t' @@ -139,7 +198,19 @@ class Context(GpgmeWrapper): return 1 return 0 - def __init__(self, wrapped=None): + _boolean_properties = {'armor', 'textmode', 'offline'} + def __init__(self, armor=False, textmode=False, offline=False, + signers=[], pinentry_mode=constants.PINENTRY_MODE_DEFAULT, + wrapped=None): + """Construct a context object + + Keyword arguments: + armor -- enable ASCII armoring (default False) + textmode -- enable canonical text mode (default False) + offline -- do not contact external key sources (default False) + signers -- list of keys used for signing (default []) + pinentry_mode -- pinentry mode (default PINENTRY_MODE_DEFAULT) + """ if wrapped: self.own = False else: @@ -152,6 +223,11 @@ class Context(GpgmeWrapper): self.last_passcb = None self.last_progresscb = None self.last_statuscb = None + self.armor = armor + self.textmode = textmode + self.offline = offline + self.signers = signers + self.pinentry_mode = pinentry_mode def __del__(self): if not pygpgme: commit 5492853d7b84b4e1d0b11b234e32252ba8d1608d Author: Justus Winter Date: Mon Jun 6 14:08:59 2016 +0200 python: Improve the documentation. * lang/python/Makefile.am: Copy the README file. * lang/python/README: Rename, convert to org, and update. * lang/python/pyme/__init__.py: Move license out of the docstring, update docstring. * lang/python/pyme/core.py: Add and update docstrings. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 2c84f2b..18005bf 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -16,16 +16,21 @@ # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . -EXTRA_DIST = README.rst +EXTRA_DIST = README SUBDIRS = tests +COPY_FILES = \ + $(srcdir)/README \ + $(srcdir)/pyme \ + $(srcdir)/helpers.c $(srcdir)/helpers.h + # Cleanup gpgme.h from deprecated functions and typedefs. gpgme.h: ../../src/gpgme.h $(srcdir)/gpgme-h-clean.py $(PYTHON) $(srcdir)/gpgme-h-clean.py $< >$@ # For VPATH builds we need to copy some files because Python's # distutils are not VPATH-aware. -copystamp: $(srcdir)/pyme $(srcdir)/helpers.c $(srcdir)/helpers.h +copystamp: $(COPY_FILES) if test "$(srcdir)" != "$(builddir)" ; then cp -r $^ . ; fi touch $@ diff --git a/lang/python/README b/lang/python/README new file mode 100644 index 0000000..7ce8894 --- /dev/null +++ b/lang/python/README @@ -0,0 +1,57 @@ +PyME - GPGME for Python emacs, please switch to -*- org -*- mode +======================= + +PyMe is a python interface to the GPGME library: +https://www.gnupg.org/related_software/gpgme/ + +PyMe uses SWIG to create wrapper functions with automatic type +conversions. This way most of the functions and types are converted +from C into Python 3 automatically by SWIG, reducing the maintenance +cost of the binginds. + +* Authors + +PyME has been created by John Goerzen, and maintained, developed, and +cherished by Igor Belyi, Martin Albrecht, Ben McGinnes, and everyone +who contributed to it in any way. + +In 2016 we merged a port of PyME to into the GPGME repository, and +development will continue there. Please see the VCS history for the +list of contributors, and if you do find bugs, or want to contribute, +please get in touch and help maintain PyME. + +Please see the section 'History' further down this document for +references to previous versions. + +* Mailing List + +For general discussion and help see the gnupg-users mailing list: +https://lists.gnupg.org/mailman/listinfo/gnupg-users + +For development see the gnupg-devel mailing list: +https://lists.gnupg.org/mailman/listinfo/gnupg-devel + +* Bugs + +Please report bugs using our bug tracker using the category 'gpgme', +and topic 'python': +https://bugs.gnupg.org/gnupg/ + +* History + + - The bindings have been merged into the GPGME repository in 2016. + + - The latest version of PyME for Python 3.2 and above (as of + May, 2015) is v0.9.1. + https://git.gnupg.org/gpgme.git/lang/py3-pyme + + - The latest version of PyME for Python 2.6 and 2.7 (as of this + writing) is v0.9.0. https://bitbucket.org/malb/pyme + + - A previous version of PyME v0.8.0 can be found on sourceforge: + http://pyme.sourceforge.net/ + + - A previous version of PyME v0.5.1 which works with GPGME v0.3.15 + can be found on John Goerzen's PyMe page: + http://quux.org/devel/pyme/ + http://www.complete.org/JohnGoerzen diff --git a/lang/python/README.rst b/lang/python/README.rst deleted file mode 100644 index 57df1f2..0000000 --- a/lang/python/README.rst +++ /dev/null @@ -1,48 +0,0 @@ -==== -PyME -==== - -PyMe is a python interface to the `GPGME -`_ library. - -PyMe's development model is a `GPGME -`_ + Python 3 + `SWIG -`_ combination which means that most of the functions and -types are converted from C into Python 3 automatically by SWIG. In short, to be -able to use PyMe you need to be `familiar with GPGME -`_. - - -------- -Authors -------- - -* John Goerzen, `Complete.Org `_, 2002. -* Igor Belyi, `PyME 0.8 `_, 2004-2008. -* Martin Albrecht, `PyME 0.9+ `_, 2014 to present. -* Ben McGinnes, `PyME Python 3 Port `_, 2015 to present. - - ------------- -Mailing List ------------- - -PyME's support and development `mailing list -`_ is hosted by sourceforge. - - -------- -History -------- - -* The latest version of PyME for Python 3.2 and above (as of May, 2015) is v0.9.1. - https://git.gnupg.org/gpgme.git/lang/py3-pyme - -* The latest version of PyME for Python 2.6 and 2.7 (as of this writing) is v0.9.0. - https://bitbucket.org/malb/pyme - -* A previous version of PyME v0.8.0 can be found on sourceforge: - http://pyme.sourceforge.net/ - -* A previous version of PyME v0.5.1 which works with GPGME v0.3.15 can be found - on John Goerzen's PyMe page: http://quux.org/devel/pyme/ diff --git a/lang/python/pyme/__init__.py b/lang/python/pyme/__init__.py index d06866a..e377f59 100644 --- a/lang/python/pyme/__init__.py +++ b/lang/python/pyme/__init__.py @@ -1,36 +1,38 @@ -""" -Pyme: GPGME Interface for Python -Copyright (C) 2004 Igor Belyi -Copyright (C) 2002 John Goerzen - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# Copyright (C) 2016 g10 Code GmbH +# Copyright (C) 2004 Igor Belyi +# Copyright (C) 2002 John Goerzen +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +"""Pyme: GPGME Interface for Python Welcome to PyME, the GPGME Interface for Python. "Pyme", when prounced, rhymes with "Pine". The latest release of this package may be obtained from +https://www.gnupg.org + +Previous releases of this package for Python 2 can be obtained from http://pyme.sourceforge.net -Previous releases of this package can be obtained from -http://quux.org/devel/pyme/ FEATURES -------- * Feature-rich, full implementation of the GPGME library. Supports - all GPGME features except interactive editing (coming soon). - Callback functions may be written in pure Python. + all GPGME features. Callback functions may be written in pure + Python. Exceptions raised in callbacks are properly propagated. * Ability to sign, encrypt, decrypt, and verify data. @@ -50,9 +52,7 @@ defined here -- they correspond directly to certain object types in GPGME for C. For instance, the following C code: gpgme_ctx_t context; - gpgme_new(&context); - ... gpgme_op_encrypt(context, recp, 1, plain, cipher); @@ -130,8 +130,6 @@ Version information: pyme.version Utilities: pyme.util Base classes are documented at pyme.core. -Classes of pyme.util usually are not instantiated by users -directly but return by methods of base classes. """ diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 4b3e08a..293df09 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -1,3 +1,4 @@ +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi # Copyright (C) 2002 John Goerzen # @@ -15,14 +16,25 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +"""Core functionality + +Core functionality of GPGME wrapped in a object-oriented fashion. +Provides the 'Context' class for performing cryptographic operations, +and the 'Data' class describing buffers of data. + +""" + import weakref from . import pygpgme from .errors import errorcheck, GPGMEError from . import errors class GpgmeWrapper(object): - """Base class all Pyme wrappers for GPGME functionality. Not to be - instantiated directly.""" + """Base wrapper class + + Not to be instantiated directly. + + """ def __init__(self, wrapped): self._callback_excinfo = None @@ -66,7 +78,7 @@ class GpgmeWrapper(object): raise NotImplementedError() def __getattr__(self, key): - """On-the-fly function generation.""" + """On-the-fly generation of wrapper methods.""" if key[0] == '_' or self._getnameprepend() == None: return None name = self._getnameprepend() + key @@ -98,15 +110,17 @@ class GpgmeWrapper(object): return wrapper class Context(GpgmeWrapper): - """From the GPGME C documentation: + """Context for cryptographic operations + + All cryptographic operations in GPGME are performed within a + context, which contains the internal state of the operation as + well as configuration parameters. By using several contexts you + can run several cryptographic operations in parallel, with + different configuration. - * All cryptographic operations in GPGME are performed within a - * context, which contains the internal state of the operation as well as - * configuration parameters. By using several contexts you can run - * several cryptographic operations in parallel, with different - * configuration. + Access to a context must be synchronized. - Thus, this is the place that you will usually start.""" + """ def _getctype(self): return 'gpgme_ctx_t' @@ -348,18 +362,21 @@ class Context(GpgmeWrapper): errorcheck(result) class Data(GpgmeWrapper): - """From the GPGME C manual: + """Data buffer -* A lot of data has to be exchanged between the user and the crypto -* engine, like plaintext messages, ciphertext, signatures and information -* about the keys. The technical details about exchanging the data -* information are completely abstracted by GPGME. The user provides and -* receives the data via `gpgme_data_t' objects, regardless of the -* communication protocol between GPGME and the crypto engine in use. + A lot of data has to be exchanged between the user and the crypto + engine, like plaintext messages, ciphertext, signatures and + information about the keys. The technical details about + exchanging the data information are completely abstracted by + GPGME. The user provides and receives the data via `gpgme_data_t' + objects, regardless of the communication protocol between GPGME + and the crypto engine in use. - This Data class is the implementation of the GpgmeData objects. + This Data class is the implementation of the GpgmeData objects. - Please see the information about __init__ for instantiation.""" + Please see the information about __init__ for instantiation. + + """ def _getctype(self): return 'gpgme_data_t' @@ -393,15 +410,31 @@ class Data(GpgmeWrapper): (read_cb, write_cb, seek_cb, release_cb[, hook]) - where func is a callback function taking two arguments (count, - hook) and returning a string of read data, or None on EOF. - This will supply the read() method for the system. + where the first four items are functions implementing reading, + writing, seeking the data, and releasing any resources once + the data object is deallocated. The functions must match the + following prototypes: + + def read(amount, hook=None): + return + + def write(data, hook=None): + return + + def seek(offset, whence, hook=None): + return + + def release(hook=None): + + + The functions may be bound methods. In that case, you can + simply use the 'self' reference instead of using a hook. If file is specified without any other arguments, then it must be a filename, and the object will be initialized from that file. - Any other use will result in undefined or erroneous behavior.""" + """ super().__init__(None) self.data_cbs = None @@ -488,9 +521,10 @@ class Data(GpgmeWrapper): """This wraps the GPGME gpgme_data_new_from_filepart() function. The argument "file" may be: - 1. a string specifying a file name, or - 3. a a file-like object. supporting the fileno() call and the mode - attribute.""" + * a string specifying a file name, or + * a file-like object supporting the fileno() and the mode attribute. + + """ tmp = pygpgme.new_gpgme_data_t_p() filename = None commit 7eef399d89d4c3877cb795ed5ba45ecb241e67be Author: Justus Winter Date: Thu Jun 9 12:38:50 2016 +0200 python: Get version information from the build system. * configure.ac: Generate 'setup.py' and 'version.py'. * lang/python/Makefile.am: Use generated setup script. * lang/python/pyme/version.py: Turn it into a template, and get version information from the build system. Also drop some variables. * lang/python/setup.py: Likewise. This way we can avoid importing the version module, which is frowned upon and actually caused a problem. Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index b84b04b..4269540 100644 --- a/configure.ac +++ b/configure.ac @@ -775,7 +775,10 @@ AC_CONFIG_FILES(lang/qt/tests/Makefile) AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd]) AM_COND_IF([HAVE_DOXYGEN], [AC_CONFIG_FILES([lang/qt/doc/Doxyfile])]) AC_CONFIG_FILES(lang/qt/doc/Makefile) -AC_CONFIG_FILES([lang/python/Makefile lang/python/tests/Makefile]) +AC_CONFIG_FILES([lang/python/Makefile + lang/python/setup.py + lang/python/pyme/version.py + lang/python/tests/Makefile]) AC_OUTPUT echo " diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 46f45d0..2c84f2b 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -40,7 +40,8 @@ gpgme_wrap.c pyme/pygpgme.py: gpgme.i errors.i gpgme.h copystamp $< all-local: gpgme_wrap.c pyme/pygpgme.py copystamp - CFLAGS="$(CFLAGS)" $(PYTHON) $(srcdir)/setup.py build --verbose + CFLAGS="$(CFLAGS)" \ + $(PYTHON) setup.py build --verbose clean-local: rm -rf -- build gpgme.h errors.i gpgme_wrap.c pyme/pygpgme.py \ @@ -50,7 +51,7 @@ clean-local: fi install-exec-local: - $(PYTHON) $(srcdir)/setup.py install \ + $(PYTHON) setup.py install \ --prefix $(DESTDIR)$(prefix) \ --record $(DESTDIR)$(pythondir)/pyme/install_files.txt \ --verbose diff --git a/lang/python/pyme/version.py b/lang/python/pyme/version.py deleted file mode 100644 index b60f50c..0000000 --- a/lang/python/pyme/version.py +++ /dev/null @@ -1,42 +0,0 @@ - -productname = 'pyme' -versionstr = "0.9.1" -revno = int('$Rev: 281 $'[6:-2]) -revstr = "Rev %d" % revno -datestr = '$Date$' - -versionlist = versionstr.split(".") -major = versionlist[0] -minor = versionlist[1] -patch = versionlist[2] -copyright = "Copyright (C) 2015 Ben McGinnes, 2014-2015 Martin Albrecht, 2004-2008 Igor Belyi, 2002 John Goerzen" -author = "Ben McGinnes" -author_email = "ben at adversary.org" -description = "Python 3 support for GPGME GnuPG cryptography library" -bigcopyright = """%(productname)s %(versionstr)s (%(revstr)s) -%(copyright)s <%(author_email)s>""" % locals() - -banner = bigcopyright + """ -This software comes with ABSOLUTELY NO WARRANTY; see the file -COPYING for details. This is free software, and you are welcome -to distribute it under the conditions laid out in COPYING.""" - -homepage = "https://gnupg.org" -license = """Copyright (C) 2015 Ben McGinnes -Copyright (C) 2014, 2015 Martin Albrecht -Copyright (C) 2004, 2008 Igor Belyi -Copyright (C) 2002 John Goerzen - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2.1 of the License, or (at your option) any later version. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA""" diff --git a/lang/python/pyme/version.py.in b/lang/python/pyme/version.py.in new file mode 100644 index 0000000..764bf69 --- /dev/null +++ b/lang/python/pyme/version.py.in @@ -0,0 +1,62 @@ +# Copyright (C) 2016 g10 Code GmbH +# Copyright (C) 2015 Ben McGinnes +# Copyright (C) 2004 Igor Belyi +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +productname = 'pyme' +versionstr = "@VERSION@" + +# XXX: Do we want to embed such information? +#revno = int('$Rev: 281 $'[6:-2]) +#revstr = "Rev %d" % revno + +versionlist = versionstr.split(".") +major = versionlist[0] +minor = versionlist[1] +patch = versionlist[2] + +copyright = """\ +Copyright (C) 2016 g10 Code GmbH +Copyright (C) 2015 Ben McGinnes +Copyright (C) 2014-2015 Martin Albrecht +Copyright (C) 2004-2008 Igor Belyi +Copyright (C) 2002 John Goerzen""" + +author = "The GnuPG hackers" +author_email = "gnupg-devel at gnupg.org" + +description = "Python 3 support for GPGME GnuPG cryptography library" +homepage = "https://gnupg.org" + +license = """Copyright (C) 2016 g10 Code GmbH +Copyright (C) 2015 Ben McGinnes +Copyright (C) 2014, 2015 Martin Albrecht +Copyright (C) 2004, 2008 Igor Belyi +Copyright (C) 2002 John Goerzen + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, write to the Free Software +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA""" diff --git a/lang/python/setup.py b/lang/python/setup.py.in similarity index 87% rename from lang/python/setup.py rename to lang/python/setup.py.in index 0d90403..9e6e008 100755 --- a/lang/python/setup.py +++ b/lang/python/setup.py.in @@ -1,8 +1,6 @@ #!/usr/bin/env python3 - -# Module: installer -# COPYRIGHT # +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # @@ -19,15 +17,11 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# END OF COPYRIGHT # from distutils.core import setup, Extension import os, os.path, sys import subprocess -sys.path.insert(0, os.path.dirname(__file__)) -import pyme.version - def getconfig(what): confdata = subprocess.Popen(["../../src/gpgme-config", "--%s" % what], stdout=subprocess.PIPE).communicate()[0] @@ -80,14 +74,13 @@ swige = Extension("pyme._pygpgme", ["gpgme_wrap.c", "helpers.c"], extra_link_args = libs) setup(name = "pyme", - version=pyme.version.versionstr, - description=pyme.version.description, - author=pyme.version.author, - author_email=pyme.version.author_email, - url=pyme.version.homepage, + version="@VERSION@", + description='Python bindings for GPGME GnuPG cryptography library', + author='The GnuPG hackers', + author_email='gnupg-devel at gnupg.org', + url='https://www.gnupg.org', ext_modules=[swige], packages = ['pyme', 'pyme.constants', 'pyme.constants.data', 'pyme.constants.keylist', 'pyme.constants.sig'], - license=pyme.version.copyright + \ - ", Licensed under the GPL version 2 and the LGPL version 2.1" + license="LGPL2.1+ (the library), GPL2+ (tests and examples)" ) commit a852f99a0ac9dc7f7493b403f811f5f7518fae40 Author: Justus Winter Date: Mon Jun 13 18:35:47 2016 +0200 python: Fix exception leak. * lang/python/helpers.c (pygpgme_stash_callback_exception): Fix leak. Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 0033ef0..810423d 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -122,6 +122,7 @@ static void pygpgme_stash_callback_exception(PyObject *weak_self) } else PyObject_SetAttrString(self, EXCINFO, excinfo); + Py_DECREF(excinfo); } PyObject *pygpgme_raise_callback_exception(PyObject *self) commit 3bacce03e60dc45cc2da99a2f5c504612202e802 Author: Justus Winter Date: Tue Jun 14 16:54:26 2016 +0200 python: Fix license. Other parts of the build system are also LGPLed. * lang/python/Makefile.am: Fix license. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index a9b39e7..46f45d0 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -4,9 +4,9 @@ # This file is part of GPGME. # # GPGME is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# under the terms of the GNU Lesser General Public License as +# published by the Free Software Foundation; either version 2.1 of the +# License, or (at your option) any later version. # # GPGME is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ----------------------------------------------------------------------- Summary of changes: configure.ac | 5 +- lang/python/Makefile.am | 22 ++- lang/python/README | 57 +++++++ lang/python/README.rst | 48 ------ lang/python/gpgme.i | 215 +++++++++++++++++++++--- lang/python/helpers.c | 291 ++++++++++++++++++++++++--------- lang/python/helpers.h | 24 +-- lang/python/pyme/__init__.py | 50 +++--- lang/python/pyme/core.py | 296 ++++++++++++++++++++++------------ lang/python/pyme/results.py | 116 +++++++++++++ lang/python/pyme/version.py | 42 ----- lang/python/pyme/version.py.in | 62 +++++++ lang/python/{setup.py => setup.py.in} | 21 +-- lang/python/tests/t-idiomatic.py | 35 +++- 14 files changed, 927 insertions(+), 357 deletions(-) create mode 100644 lang/python/README delete mode 100644 lang/python/README.rst create mode 100644 lang/python/pyme/results.py delete mode 100644 lang/python/pyme/version.py create mode 100644 lang/python/pyme/version.py.in rename lang/python/{setup.py => setup.py.in} (87%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 16 18:47:59 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Jun 2016 18:47:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-3-g5dea40f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5dea40f810d3350151425e68f1016be0765e01f1 (commit) via 88d8dc8d68afe83d930b171e5882459908489d3f (commit) via b3df4e2ac6aa9b4154e923f71b4221533043e5ac (commit) via 2ba8afb892e4306bfdaeaa3354dcd47d1de01373 (commit) via d4ce1b04431cf02ebc1bdc7150ad587d599f2a95 (commit) via 2273e4f999325cdc9d275507cd07c7e95d62a377 (commit) via 69f1b0b041c251abb66f000db173a602693bb18f (commit) via c4c4de329ba504548f8d838b696441afbfd1de3e (commit) via 4d7d292cd5b616b209dfd4302a1deffe11b7be0e (commit) via e44dd878df58dab27c9cd411d80c4c81501e649a (commit) from 35a3ce2acf78a95fecbccfd8db0560cca24232df (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5dea40f810d3350151425e68f1016be0765e01f1 Merge: 88d8dc8 35a3ce2 Author: Werner Koch Date: Thu Jun 16 18:44:05 2016 +0200 Merge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg ----------------------------------------------------------------------- Summary of changes: NEWS | 52 +++- build-aux/speedo/w32/inst.nsi | 2 +- configure.ac | 4 +- po/ca.po | 49 ++-- po/cs.po | 54 ++-- po/da.po | 54 ++-- po/de.po | 56 ++-- po/el.po | 49 ++-- po/eo.po | 48 +-- po/es.po | 54 ++-- po/et.po | 49 ++-- po/fi.po | 49 ++-- po/fr.po | 52 ++-- po/gl.po | 49 ++-- po/hu.po | 49 ++-- po/id.po | 49 ++-- po/it.po | 49 ++-- po/ja.po | 647 +++++++++++++++++++++------------------- po/nb.po | 48 +-- po/pl.po | 54 ++-- po/pt.po | 48 +-- po/ro.po | 50 ++-- po/ru.po | 573 ++++++++++++------------------------ po/sk.po | 49 ++-- po/sv.po | 56 ++-- po/tr.po | 54 ++-- po/uk.po | 668 ++++++++++++++++++++---------------------- po/zh_CN.po | 50 ++-- po/zh_TW.po | 52 ++-- tests/openpgp/Makefile.am | 3 +- tools/Makefile.am | 2 +- tools/symcryptrun.c | 2 +- 32 files changed, 1564 insertions(+), 1560 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 16 18:48:15 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Jun 2016 18:48:15 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.1.13-3-geae301b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via eae301bf9c24fd17599c005ed3415450d6dce7e3 (commit) via 35a3ce2acf78a95fecbccfd8db0560cca24232df (commit) from 88d8dc8d68afe83d930b171e5882459908489d3f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eae301bf9c24fd17599c005ed3415450d6dce7e3 Merge: 88d8dc8 35a3ce2 Author: Werner Koch Date: Thu Jun 16 18:41:42 2016 +0200 Merge branch 'master' into STABLE-BRANCH-2-2 -- ----------------------------------------------------------------------- Summary of changes: g10/tdbio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 16 19:13:50 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Jun 2016 19:13:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-4-ge1a9298 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e1a929849c1fdbbe6a1858833e21b1a4a529889f (commit) from 5dea40f810d3350151425e68f1016be0765e01f1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e1a929849c1fdbbe6a1858833e21b1a4a529889f Author: Werner Koch Date: Thu Jun 16 19:12:00 2016 +0200 speedo: New target w32-release-offline -- As long as a current swdb.lst is available and all directories below ~/b carry the appropriate tarballs this target can be used to build a w32-installer w/0 any network access. diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 67ccbb4..fbe258c 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -109,6 +109,10 @@ w32-release: check-tools $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=0 SELFCHECK=0 \ installer-from-source +w32-release-offline: check-tools + $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=0 SELFCHECK=0 \ + CUSTOM_SWDB=1 pkgrep=${HOME}/b pkg10rep=${HOME}/b \ + installer-from-source # Set this to "git" to build from git, ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 16 19:54:49 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Jun 2016 19:54:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-5-gaece9e8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via aece9e87f39bea7643cb9169338e64e988e400eb (commit) from e1a929849c1fdbbe6a1858833e21b1a4a529889f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit aece9e87f39bea7643cb9169338e64e988e400eb Author: Werner Koch Date: Thu Jun 16 19:53:14 2016 +0200 doc: Add more strong hints towards --with-colons. -- diff --git a/doc/gpg.texi b/doc/gpg.texi index be80450..6437b90 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -281,9 +281,10 @@ List all keys from the public keyrings, or just the keys given on the command line. Avoid using the output of this command in scripts or other programs as -it is likely to change as GnuPG changes. See @option{--with-colons} for a -machine-parseable key listing command that is appropriate for use in -scripts and other programs. +it is likely to change as GnuPG changes. See @option{--with-colons} +for a machine-parseable key listing command that is appropriate for +use in scripts and other programs. Never use the regular output for +scripts - it is only for human consumption. @item --list-secret-keys @itemx -K @@ -291,7 +292,7 @@ scripts and other programs. List all keys from the secret keyrings, or just the ones given on the command line. A @code{#} after the letters @code{sec} means that the secret key is not usable (for example, if it was created via - at option{--export-secret-subkeys}). + at option{--export-secret-subkeys}). See also @option{--list-keys}. @item --list-sigs @opindex list-sigs ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 16 20:46:23 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Jun 2016 20:46:23 +0200 Subject: [git] gnupg-doc - branch, master, updated. 4067a95404b385f133ac4bdecc190bcf09b56d48 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 4067a95404b385f133ac4bdecc190bcf09b56d48 (commit) from 25d475420ec0302a87c79a463a72a1e42bb113a1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4067a95404b385f133ac4bdecc190bcf09b56d48 Author: Werner Koch Date: Thu Jun 16 20:35:54 2016 +0200 swdb: Release gnupg 2.1.13 diff --git a/web/index.org b/web/index.org index f17cd71..ab14258 100644 --- a/web/index.org +++ b/web/index.org @@ -78,6 +78,11 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.1.13 released (2016-06-16) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html][announcement mail]] for details. + ** Libgcrypt 1.7.1 released (2016-06-15) We are pleased to announce the availability of Libgcrypt version diff --git a/web/swdb.mac b/web/swdb.mac index b7f774f..44cf687 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -21,18 +21,18 @@ # # GnuPG-2.1 # -#+macro: gnupg21_ver 2.1.12 -#+macro: gnupg21_date 2016-05-04 -#+macro: gnupg21_branch STABLE-BRANCH-2-2 -#+macro: gnupg21_size 5381k -#+macro: gnupg21_sha1 3b01a35ac04277ea31cc01b4ac4e230e54b5480c -#+macro: gnupg21_sha2 ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 -# -#+macro: gnupg21_w32_ver 2.1.12_20160504 -#+macro: gnupg21_w32_date 2016-05-04 -#+macro: gnupg21_w32_size 3477k -#+macro: gnupg21_w32_sha1 0195d8b551e35b958f5efb4b678c3a178ba1ecb7 -#+macro: gnupg21_w32_sha2 68fadfb85068605d6248076977af30b1adbcee98bb6235e5f30eeb8934f02481 +#+macro: gnupg21_ver 2.1.13 +#+macro: gnupg21_date 2016-06-16 +#+macro: gnupg21_branch STABLE-BRANCH-2-2 +#+macro: gnupg21_size 5415k +#+macro: gnupg21_sha1 6ec1ae6db7815fdbd4151fb6b0b7197b65b05d1f +#+macro: gnupg21_sha2 4f9d83a6221daa60130fa79f0b1d37d6c20fffdd0320b640c7a597c5b6219675 +# +#+macro: gnupg21_w32_ver 2.1.13_20160616 +#+macro: gnupg21_w32_date 2016-06-16 +#+macro: gnupg21_w32_size 3527k +#+macro: gnupg21_w32_sha1 2debd757534d777bb9c69c18f9492e9a9e5a3a72 gnupg-w32-2.1.13_20160616.exe +#+macro: gnupg21_w32_sha2 c868b7fadd5907bb598b11490e0214ce2f11340609bb5829e0d9b0875684d876 gnupg-w32-2.1.13_20160616.exe ----------------------------------------------------------------------- Summary of changes: web/index.org | 5 +++++ web/swdb.mac | 24 ++++++++++++------------ 2 files changed, 17 insertions(+), 12 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 17 08:39:42 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Jun 2016 08:39:42 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-6-g4e41745 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4e41745b3ea3bb8ffc50af6bafeb1de9c928812f (commit) from aece9e87f39bea7643cb9169338e64e988e400eb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4e41745b3ea3bb8ffc50af6bafeb1de9c928812f Author: Werner Koch Date: Fri Jun 17 08:36:07 2016 +0200 scd: Make option --homedir work. * scd/scdaemon.c (opts): Add --homedir. -- Without that entry the homedir setting won't work. GnuPG-bug-id: 2386 Signed-off-by: Werner Koch diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 9c11cad..7dbb9c7 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -156,6 +156,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oDisableApplication, "disable-application", "@"), ARGPARSE_s_n (oEnablePinpadVarlen, "enable-pinpad-varlen", N_("use variable length input for pinpad")), + ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_end () }; ----------------------------------------------------------------------- Summary of changes: scd/scdaemon.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 17 18:40:14 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Jun 2016 18:40:14 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-18-g7abb14a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7abb14a16f5098641fc2aed0d3a1b9204eda7c24 (commit) from 9609cb20e4caee739b9fc4fd36797029d2970041 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7abb14a16f5098641fc2aed0d3a1b9204eda7c24 Author: Werner Koch Date: Fri Jun 17 08:56:13 2016 +0200 build: Ignore two build image files in doc/ -- Reported-by: Daniel Kahn Gillmor diff --git a/.gitignore b/.gitignore index dd3d031..4ae758f 100644 --- a/.gitignore +++ b/.gitignore @@ -59,6 +59,8 @@ doc/faq.raw.xref doc/gnupg-card-architecture.eps doc/gnupg-card-architecture.pdf doc/gnupg-card-architecture.png +doc/gnupg-module-overview.pdf +doc/gnupg-module-overview.png doc/gnupg.7 doc/gpg-agent.1 doc/gpg-connect-agent.1 ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 17 18:56:01 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Jun 2016 18:56:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-19-gdc1db12 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via dc1db12d2c4f9f12bc3f7de37f76293b316c3f35 (commit) from 7abb14a16f5098641fc2aed0d3a1b9204eda7c24 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dc1db12d2c4f9f12bc3f7de37f76293b316c3f35 Author: Werner Koch Date: Fri Jun 17 18:53:14 2016 +0200 Add license notices for TinySCHEME. * tests/gpgscm/COPYING: Rename to ... * tests/gpgscm/LICENSE.TinySCHEME: this. * AUTHORS: Add a note about TinySCHEME. * build-aux/speedo/w32/pkg-copyright.txt: Add TinySCHEME notice. -- I renamed the file with the license terms to avoid confusion with the standard name for the GPL. Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index b192214..242d28e 100644 --- a/AUTHORS +++ b/AUTHORS @@ -30,7 +30,7 @@ List of Copyright holders Copyright (C) 1999-2003 Symas Corporation. Copyright (C) 1998-2003 Hallvard B. Furuseth. Copyright (C) 1992-1996 Regents of the University of Michigan. - + Copyright (C) 2000 Dimitrios Souflis Authors with a FSF copyright assignment @@ -211,6 +211,10 @@ Alexandre Julliard. The gpg-zip documentation is based on the manpage for gpg-zip, written by Colin Tuckley and Daniel Leidert for the GNU/Debian distribution. +The test driver is based on TinySCHEME by Dimitrios Souflis and +available under a permissive license. For the terms see the file +tests/gpgscm/LICENSE.TinySCHEME. + Copyright ========= diff --git a/build-aux/speedo/w32/pkg-copyright.txt b/build-aux/speedo/w32/pkg-copyright.txt index 9495bcd..daf2881 100644 --- a/build-aux/speedo/w32/pkg-copyright.txt +++ b/build-aux/speedo/w32/pkg-copyright.txt @@ -1,5 +1,5 @@ Here is a list with collected copyright notices. For details see the -description of each individual package. [Compiled by wk 2016-04-20] +description of each individual package. [Compiled by wk 2016-06-17] GnuPG is @@ -18,6 +18,7 @@ GnuPG is Copyright (C) 1999-2003 Symas Corporation. Copyright (C) 1998-2003 Hallvard B. Furuseth. Copyright (C) 1992-1996 Regents of the University of Michigan. + Copyright (C) 2000 Dimitrios Souflis GnuPG is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -111,6 +112,39 @@ ADNS is Copyright (C) 1991 Massachusetts Institute of Technology +TinySCHEME is part of the GnuPG package and is + + Copyright (c) 2000, Dimitrios Souflis + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + Neither the name of Dimitrios Souflis nor the names of the + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + SQLite has been put into the public-domain by its author D. Richard Hipp: diff --git a/tests/gpgscm/COPYING b/tests/gpgscm/LICENSE.TinySCHEME similarity index 100% rename from tests/gpgscm/COPYING rename to tests/gpgscm/LICENSE.TinySCHEME ----------------------------------------------------------------------- Summary of changes: AUTHORS | 6 ++++- build-aux/speedo/w32/pkg-copyright.txt | 36 +++++++++++++++++++++++++++- tests/gpgscm/{COPYING => LICENSE.TinySCHEME} | 0 3 files changed, 40 insertions(+), 2 deletions(-) rename tests/gpgscm/{COPYING => LICENSE.TinySCHEME} (100%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 17 19:34:32 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Jun 2016 19:34:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-20-gdfe5282 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via dfe5282e5859409849a17d68b2b3a046370f65bd (commit) from dc1db12d2c4f9f12bc3f7de37f76293b316c3f35 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dfe5282e5859409849a17d68b2b3a046370f65bd Author: Werner Koch Date: Fri Jun 17 19:32:49 2016 +0200 gpgscm: Silence compiler warnings. * tests/gpgscm/scheme.c (mk_integer): Rename arg NUM to N. (fill_vector): Ditto. (mark): Rename var NUM to N. (set_slot_in_env): Mark SC as unused. (is_any): Mark P as unused. -- Signed-off-by: Werner Koch diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 748a022..ff595fa 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -958,11 +958,11 @@ INTERFACE pointer mk_character(scheme *sc, int c) { } /* get number atom (integer) */ -INTERFACE pointer mk_integer(scheme *sc, long num) { +INTERFACE pointer mk_integer(scheme *sc, long n) { pointer x = get_cell(sc,sc->NIL, sc->NIL); typeflag(x) = (T_NUMBER | T_ATOM); - ivalue_unchecked(x)= num; + ivalue_unchecked(x)= n; set_num_integer(x); return (x); } @@ -1028,8 +1028,8 @@ INTERFACE static pointer mk_vector(scheme *sc, int len) INTERFACE static void fill_vector(pointer vec, pointer obj) { int i; - int num=ivalue(vec)/2+ivalue(vec)%2; - for(i=0; i=0 && is_integer(p); ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/scheme.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 17 21:18:41 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Jun 2016 21:18:41 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-21-gce1689e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ce1689ea0720552ac900d7b2c4139caf24452018 (commit) from dfe5282e5859409849a17d68b2b3a046370f65bd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ce1689ea0720552ac900d7b2c4139caf24452018 Author: Werner Koch Date: Fri Jun 17 21:16:37 2016 +0200 tests: Make make distcheck work again. * Makefile.am (tests): Remove test code which would led to doubling calls to for e.g. "make distclean". * tests/Makefile.am: Typo fixes. * tests/gpgscm/Makefile.am (EXTRA_DIST): Fix name of License file. Add repl.scm. (check): Replace by check-local because check is a standard automake target. * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Replace gmake0sim by automake generated macro. (EXTRA_DIST): Add defs.scm Signed-off-by: Werner Koch diff --git a/Makefile.am b/Makefile.am index 3612854..bf12302 100644 --- a/Makefile.am +++ b/Makefile.am @@ -93,7 +93,7 @@ endif if RUN_TESTS tests = tests else -tests = tests/gpgscm tests/openpgp +tests = endif SUBDIRS = m4 common kbx \ diff --git a/tests/Makefile.am b/tests/Makefile.am index e49c283..ee8f3a4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -48,12 +48,12 @@ EXTRA_DIST = runtest inittests $(testscripts) ChangeLog-2011 \ samplekeys/cert_g10code_test1.pem \ samplekeys/cert_g10code_theo1.pem -# We used to run $(testscripts) here but these asschk scripts ares not -# completely reliable in all enviromnets and thus we better disable -# them. The tests are anyway way to minimal. We will eventually +# We used to run $(testscripts) here but these asschk scripts are not +# completely reliable in all enviroments and thus we better disable +# them. The tests are anyway way too minimal. We will eventually # write new tests based on gpg-connect-agent which has a full fledged # script language and thus makes it far easier to write tests than to -# use the low--level asschk stuff. +# use that low-level asschk stuff. TESTS = CLEANFILES = inittests.stamp x y y z out err \ diff --git a/tests/gpgscm/Makefile.am b/tests/gpgscm/Makefile.am index 1fb9647..e57a4bb 100644 --- a/tests/gpgscm/Makefile.am +++ b/tests/gpgscm/Makefile.am @@ -18,11 +18,12 @@ # along with this program; if not, see . EXTRA_DIST = \ - COPYING \ + LICENSE.TinySCHEME \ Manual.txt \ ffi.scm \ init.scm \ lib.scm \ + repl.scm \ t-child.scm \ tests.scm @@ -31,6 +32,8 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = +CLEANFILES = + bin_PROGRAMS = gpgscm noinst_PROGRAMS = t-child @@ -51,7 +54,6 @@ t_child_SOURCES = t-child.c # important for things like make -j2. $(PROGRAMS): $(common_libs) -.PHONY: check -check: gpgscm$(EXEEXT) t-child$(EXEEXT) +check-local: gpgscm$(EXEEXT) t-child$(EXEEXT) EXEEXT=$(EXEEXT) GPGSCM_PATH=$(srcdir) \ ./gpgscm$(EXEEXT) $(srcdir)/t-child.scm diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index f1fdad7..921619f 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -37,7 +37,7 @@ fake_pinentry_SOURCES = fake-pinentry.c TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \ EXEEXT=$(EXEEXT) \ PATH=../gpgscm:$(PATH) \ - objdir=$(shell readlink -f ../..) \ + objdir=$(abs_top_builddir) \ GPGSCM_PATH=$(top_srcdir)/tests/gpgscm:$(top_srcdir)/tests/openpgp if SQLITE3 @@ -142,8 +142,9 @@ sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/e2e-p256-1-prt.asc \ samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc -EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \ - mkdemodirs signdemokey $(priv_keys) $(sample_keys) +EXTRA_DIST = defs.inc defs.scm pinentry.sh $(TESTS) $(TEST_FILES) \ + mkdemodirs signdemokey $(priv_keys) $(sample_keys) \ + ChangeLog-2011 CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ ----------------------------------------------------------------------- Summary of changes: Makefile.am | 2 +- tests/Makefile.am | 8 ++++---- tests/gpgscm/Makefile.am | 8 +++++--- tests/openpgp/Makefile.am | 7 ++++--- 4 files changed, 14 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jun 19 04:32:55 2016 From: cvs at cvs.gnupg.org (by Niibe Yutaka) Date: Sun, 19 Jun 2016 04:32:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-22-g971064f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 971064f8b7ad676326b2a468f688037a303717df (commit) from ce1689ea0720552ac900d7b2c4139caf24452018 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 971064f8b7ad676326b2a468f688037a303717df Author: Niibe Yutaka Date: Sun Jun 19 11:24:50 2016 +0900 scd: Reset nonnull_nad to zero for VENDOR_GEMPC. * (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device. -- We can't use the driver for 08E6:3438, while it works well under PC/SC service. I found that the library of ccid always uses the node address = ZERO for all transactions. So, we extend the same handling for not only GEMPC_CT30, but also for all its devices. Debian-bug-id: 814584 Signed-off-by: NIIBE Yutaka diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 985404f..7a093f6 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -975,7 +975,7 @@ parse_ccid_descriptor (ccid_driver_t handle, handle->max_ifsd = 48; } - if (handle->id_vendor == VENDOR_GEMPC && handle->id_product == GEMPC_CT30) + if (handle->id_vendor == VENDOR_GEMPC) { DEBUGOUT ("enabling product quirk: disable non-null NAD\n"); handle->nonnull_nad = 0; ----------------------------------------------------------------------- Summary of changes: scd/ccid-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jun 19 04:33:59 2016 From: cvs at cvs.gnupg.org (by Niibe Yutaka) Date: Sun, 19 Jun 2016 04:33:59 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-5-gc68d39f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via c68d39f7114623075c0b407b05927b61b190a377 (commit) from 00d737e3fde84e7df7ba19080c83237b769cd0d0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c68d39f7114623075c0b407b05927b61b190a377 Author: Niibe Yutaka Date: Sun Jun 19 11:24:50 2016 +0900 scd: Reset nonnull_nad to zero for VENDOR_GEMPC. * (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device. -- We can't use the driver for 08E6:3438, while it works well under PC/SC service. I found that the library of ccid always uses the node address = ZERO for all transactions. So, we extend the same handling for not only GEMPC_CT30, but also for all its devices. Debian-bug-id: 814584 Signed-off-by: NIIBE Yutaka (backport form master commit 971064f8b7ad676326b2a468f688037a303717df) diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 8f9c1bd..23b992d 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1013,7 +1013,7 @@ parse_ccid_descriptor (ccid_driver_t handle, handle->max_ifsd = 48; } - if (handle->id_vendor == VENDOR_GEMPC && handle->id_product == GEMPC_CT30) + if (handle->id_vendor == VENDOR_GEMPC) { DEBUGOUT ("enabling product quirk: disable non-null NAD\n"); handle->nonnull_nad = 0; ----------------------------------------------------------------------- Summary of changes: scd/ccid-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 21 09:49:43 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 21 Jun 2016 09:49:43 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-25-gc19b206 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c19b2061274cd50838e62a2acbdc7e7d24888e7e (commit) from 955baf04364721457cd99aad21942523cd50498c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c19b2061274cd50838e62a2acbdc7e7d24888e7e Author: Werner Koch Date: Tue Jun 21 09:47:49 2016 +0200 sm: Do not install cacert and other root certificates. * doc/Makefile.am (dist_pkgdata_DATA): Move qualified.txt and com-certs.pem to ... (EXTRA_DIST): here. -- With Let's Encrypt there is no more need to push CA Cert. Signed-off-by: Werner Koch diff --git a/doc/Makefile.am b/doc/Makefile.am index bc06cd5..52ac398 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -32,7 +32,7 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \ help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt -EXTRA_DIST = samplekeys.asc mksamplekeys \ +EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \ gnupg-module-overview.png gnupg-module-overview.pdf \ gnupg-card-architecture.png gnupg-card-architecture.pdf \ @@ -46,7 +46,7 @@ BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \ info_TEXINFOS = gnupg.texi -dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles) +dist_pkgdata_DATA = $(helpfiles) nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \ $(examples) ----------------------------------------------------------------------- Summary of changes: doc/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 21 16:22:30 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 21 Jun 2016 16:22:30 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-30-g0340fcd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0340fcdac864109e3dd6edee759efc96e4d3f84e (commit) via 65081c31e7536d8fb5effcc2c9aeeffc120c9a69 (commit) via 5fbbc4b334a73150e709a4802cac99abd8ada61d (commit) via d99949fc8cf541018267964629992d55c97ca9ab (commit) via 616582071a2c76c4fb529d4da549aa95ee5d78d6 (commit) from c19b2061274cd50838e62a2acbdc7e7d24888e7e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0340fcdac864109e3dd6edee759efc96e4d3f84e Author: Justus Winter Date: Tue Jun 21 13:20:29 2016 +0200 tests/openpgp: Port the remaining tests to Scheme. * tests/openpgp/Makefile.am (TESTS): Add new tests. * tests/openpgp/defs.scm (gpg-with-colons): New function. (get-config): Use new function. * tests/openpgp/export.scm: New file. * tests/openpgp/tofu.scm: Likewise. Signed-off-by: Justus Winter diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 921619f..5c4c370 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -40,12 +40,6 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \ objdir=$(abs_top_builddir) \ GPGSCM_PATH=$(top_srcdir)/tests/gpgscm:$(top_srcdir)/tests/openpgp -if SQLITE3 -sqlite3_dependent_tests = tofu.test -else -sqlite3_dependent_tests = -endif - # Note: setup.scm needs to be the first test to run and finish.scm # the last one TESTS = setup.scm \ @@ -79,11 +73,11 @@ TESTS = setup.scm \ import.scm \ ecc.scm \ 4gb-packet.scm \ - $(sqlite3_dependent_tests) \ + tofu.scm \ gpgtar.scm \ use-exact-key.scm \ default-key.scm \ - export.test \ + export.scm \ finish.scm diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 6fdb955..4257b28 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -82,12 +82,13 @@ (define (pipe:gpg args) (pipe:spawn `(, at GPG --output - , at args -))) +(define (gpg-with-colons args) + (let ((s (call-popen `(, at GPG --with-colons , at args) ""))) + (map (lambda (line) (string-split line #\:)) + (string-split s #\newline)))) + (define (get-config what) - (let* ((config-string - (call-popen `(, at GPG --with-colons --list-config ,what) "")) - (config (string-splitn - (string-rtrim char-whitespace? config-string) #\: 2))) - (string-split (caddr config) #\;))) + (string-split (caddar (gpg-with-colons `(--list-config ,what))) #\;)) (define all-pubkey-algos (get-config "pubkeyname")) (define all-hash-algos (get-config "digestname")) diff --git a/tests/openpgp/export.scm b/tests/openpgp/export.scm new file mode 100755 index 0000000..8291705 --- /dev/null +++ b/tests/openpgp/export.scm @@ -0,0 +1,99 @@ +#!/usr/bin/env gpgscm + +;; Copyright (C) 2016 g10 Code GmbH +;; +;; This file is part of GnuPG. +;; +;; GnuPG is free software; you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation; either version 3 of the License, or +;; (at your option) any later version. +;; +;; GnuPG is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. +;; +;; You should have received a copy of the GNU General Public License +;; along with this program; if not, see . + +(load (with-path "defs.scm")) + +(define (check-for predicate lines message) + (unless (any predicate lines) + (error message))) + +(define (check-exported-key dump keyid) + (check-for (lambda (l) + (and (string-prefix? l " keyid: ") + (string-suffix? l keyid))) dump + "Keyid not found") + (check-for (lambda (l) (string-prefix? l ":user ID packet:")) dump + "User ID packet not found") + (check-for (lambda (l) + (and (string-prefix? l ":signature packet:") + (string-contains? l "keyid") + (string-suffix? l keyid))) dump + "Signature packet not found")) + +(define (check-exported-public-key packet-dump keyid) + (let ((dump (string-split packet-dump #\newline))) + (check-for (lambda (l) (string-prefix? l ":public key packet:")) dump + "Public key packet not found") + (check-exported-key dump keyid))) + +(define (check-exported-private-key packet-dump keyid) + (let ((dump (string-split packet-dump #\newline))) + (check-for (lambda (l) (string-prefix? l ":secret key packet:")) dump + "Secret key packet not found") + (check-exported-key dump keyid))) + +(lettmp + ;; Prepare two temporary files for communication with the fake + ;; pinentry program. + (logfile ppfile) + + (define (prepare-passphrases . passphrases) + (call-with-output-file ppfile + (lambda (port) + (for-each (lambda (passphrase) + (display passphrase port) + (display #\newline port)) passphrases)))) + + (define CONFIRM "fake-entry being started to CONFIRM the weak phrase") + + (define (assert-passphrases-consumed) + (call-with-input-file ppfile + (lambda (port) + (unless + (eof-object? (peek-char port)) + (error (string-append + "Expected all passphrases to be consumed, but found: " + (read-all port))))))) + + (setenv "PINENTRY_USER_DATA" + (string-append "--logfile=" logfile " --passphrasefile=" ppfile) #t) + + (for-each-p + "Checking key export" + (lambda (keyid) + (tr:do + (tr:pipe-do + (pipe:gpg `(--export ,keyid)) + (pipe:gpg '(--list-packets))) + (tr:call-with-content check-exported-public-key keyid)) + + (if (string=? "D74C5F22" keyid) + ;; Key D74C5F22 is protected by a passphrase. Prepare this + ;; one. Currently, GnuPG does not ask for an export passphrase + ;; in this case. + (prepare-passphrases usrpass1)) + + (tr:do + (tr:pipe-do + (pipe:gpg `(--export-secret-keys ,keyid)) + (pipe:gpg '(--list-packets))) + (tr:call-with-content check-exported-private-key keyid)) + + (assert-passphrases-consumed)) + '("D74C5F22" "C40FDECF" "ECABF51D"))) diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm new file mode 100755 index 0000000..24fa9df --- /dev/null +++ b/tests/openpgp/tofu.scm @@ -0,0 +1,165 @@ +#!/usr/bin/env gpgscm + +;; Copyright (C) 2016 g10 Code GmbH +;; +;; This file is part of GnuPG. +;; +;; GnuPG is free software; you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation; either version 3 of the License, or +;; (at your option) any later version. +;; +;; GnuPG is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. +;; +;; You should have received a copy of the GNU General Public License +;; along with this program; if not, see . + +(load (with-path "defs.scm")) + +(define GPG `(,(tool 'gpg) --no-permission-warning)) ;; w/o --always-trust +(define GNUPGHOME (getenv "GNUPGHOME")) +(if (string=? "" GNUPGHOME) + (error "GNUPGHOME not set")) + +(catch (skip "Tofu not supported") + (call-check `(, at GPG --trust-model=tofu --list-config))) + +(define KEYS '("2183839A" "BC15C85A" "EE37CF96")) + +;; Import the test keys. +(call-check `(, at GPG --import ,(in-srcdir "tofu-keys.asc"))) + +;; Make sure the keys are imported. +(for-each (lambda (keyid) + (catch (error "Missing key" keyid) + (call-check `(, at GPG --list-keys ,keyid)))) + KEYS) + +;; Get tofu policy for KEYID. Any remaining arguments are simply +;; passed to GPG. +;; +;; This function only supports keys with a single user id. +(define (getpolicy keyid format . args) + (let ((policy + (list-ref (assoc "uid" (gpg-with-colons + `(--tofu-db-format ,format + --trust-model=tofu + , at args + --list-keys ,keyid))) 17))) + (unless (member policy '("auto" "good" "unknown" "bad" "ask")) + (error "Bad policy:" policy)) + policy)) + +;; Check that KEYID's tofu policy matches EXPECTED-POLICY. Any +;; remaining arguments are simply passed to GPG. +;; +;; This function only supports keys with a single user id. +(define (checkpolicy keyid format expected-policy . args) + (let ((policy (apply getpolicy `(,keyid ,format , at args)))) + (unless (string=? policy expected-policy) + (error keyid ": Expected policy to be" expected-policy + "but got" policy)))) + +;; Get the trust level for KEYID. Any remaining arguments are simply +;; passed to GPG. +;; +;; This function only supports keys with a single user id. +(define (gettrust keyid format . args) + (let ((trust + (list-ref (assoc "pub" (gpg-with-colons + `(--tofu-db-format ,format + --trust-model=tofu + , at args + --list-keys ,keyid))) 1))) + (unless (and (= 1 (string-length trust)) + (member (string-ref trust 0) (string->list "oidreqnmfuws-"))) + (error "Bad trust value:" trust)) + trust)) + +;; Check that KEYID's trust level matches EXPECTED-TRUST. Any +;; remaining arguments are simply passed to GPG. +;; +;; This function only supports keys with a single user id. +(define (checktrust keyid format expected-trust . args) + (let ((trust (apply gettrust `(,keyid ,format , at args)))) + (unless (string=? trust expected-trust) + (error keyid ": Expected trust to be" expected-trust + "but got" trust)))) + +;; Set key KEYID's policy to POLICY. Any remaining arguments are +;; passed as options to gpg. +(define (setpolicy keyid format policy . args) + (call-check `(, at GPG --tofu-db-format ,format + --trust-model=tofu , at args + --tofu-policy ,policy ,keyid))) + +(for-each-p + "Testing tofu db formats" + (lambda (format) + ;; Carefully remove the TOFU db. + (catch '() (unlink (string-append GNUPGHOME "/tofu.db"))) + (catch '() (unlink-recursively (string-append GNUPGHOME "/tofu.d"))) + + ;; Verify a message. There should be no conflict and the trust + ;; policy should be set to auto. + (call-check `(, at GPG --tofu-db-format ,format --trust-model=tofu + --verify ,(in-srcdir "tofu-2183839A-1.txt"))) + + (checkpolicy "2183839A" format "auto") + ;; Check default trust. + (checktrust "2183839A" format "m") + + ;; Trust should be derived lazily. Thus, if the policy is set to + ;; auto and we change --tofu-default-policy, then the trust should + ;; change as well. Try it. + (checktrust "2183839A" format "f" '--tofu-default-policy=good) + (checktrust "2183839A" format "-" '--tofu-default-policy=unknown) + (checktrust "2183839A" format "n" '--tofu-default-policy=bad) + + ;; Change the policy to something other than auto and make sure the + ;; policy and the trust are correct. + (for-each-p + "" + (lambda (policy) + (let ((expected-trust + (cond + ((string=? "good" policy) "f") + ((string=? "unknown" policy) "-") + (else "n")))) + (setpolicy "2183839A" format policy) + + ;; Since we have a fixed policy, the trust level shouldn't + ;; change if we change the default policy. + (for-each-p + "" + (lambda (default-policy) + (checkpolicy "2183839A" format policy + '--tofu-default-policy default-policy) + (checktrust "2183839A" format expected-trust + '--tofu-default-policy default-policy)) + '("auto" "good" "unknown" "bad" "ask")))) + '("good" "unknown" "bad")) + + ;; BC15C85A conflicts with 2183839A. On conflict, this will set + ;; BC15C85A to ask. If 2183839A is auto (it's not, it's bad), then + ;; it will be set to ask. + (call-check `(, at GPG --tofu-db-format ,format --trust-model=tofu + --verify ,(in-srcdir "tofu-BC15C85A-1.txt"))) + (checkpolicy "BC15C85A" format "ask") + (checkpolicy "2183839A" format "bad") + + ;; EE37CF96 conflicts with 2183839A and BC15C85A. We change + ;; BC15C85A's policy to auto and leave 2183839A's policy at bad. + ;; This conflict should cause BC15C85A's policy to be changed to + ;; ask (since it is auto), but not affect 2183839A's policy. + (setpolicy "BC15C85A" format "auto") + (checkpolicy "BC15C85A" format "auto") + (call-check `(, at GPG --tofu-db-format ,format --trust-model=tofu + --verify ,(in-srcdir "tofu-EE37CF96-1.txt"))) + (checkpolicy "BC15C85A" format "ask") + (checkpolicy "2183839A" format "bad") + (checkpolicy "EE37CF96" format "ask")) + '("split" "flat")) commit 65081c31e7536d8fb5effcc2c9aeeffc120c9a69 Author: Justus Winter Date: Tue Jun 21 12:21:10 2016 +0200 gpgscm: Improve test framework. * tests/gpgscm/lib.scm (echo): Move... * tests/gpgscm/tests.scm (echo): ... here. (info, error, skip): And use echo here. (file-exists?): New function. (tr:spawn): Check that source exists and if the sink has been created. (tr:call-with-content): Hand in optional arguments. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/lib.scm b/tests/gpgscm/lib.scm index 48f53ea..e23977a 100644 --- a/tests/gpgscm/lib.scm +++ b/tests/gpgscm/lib.scm @@ -120,10 +120,6 @@ (assert (string-contains? "Hallo" "llo")) (assert (not (string-contains? "Hallo" "olla"))) -(define (echo . msg) - (for-each (lambda (x) (display x) (display " ")) msg) - (newline)) - ;; Read a word from port P. (define (read-word . p) (list->string diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 7e20c34..6d70dca 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -30,17 +30,20 @@ (get-output-string p))) ;; Reporting. -(define (info msg) - (display msg) - (newline) +(define (echo . msg) + (for-each (lambda (x) (display x) (display " ")) msg) + (newline)) + +(define (info . msg) + (apply echo msg) (flush-stdio)) -(define (error msg) - (info msg) +(define (error . msg) + (apply info msg) (exit 1)) -(define (skip msg) - (info msg) +(define (skip . msg) + (apply info msg) (exit 77)) (define (make-counter) @@ -136,6 +139,9 @@ ;; ;; File management. ;; +(define (file-exists? name) + (call-with-input-file name (lambda (port) #t))) + (define (file=? a b) (file-equal a b #t)) @@ -361,6 +367,8 @@ (define (tr:spawn input command) (lambda (tmpfiles source) + (if (and (member '**in** command) (not source)) + (error (string-append (stringify cmd) " needs an input"))) (let* ((t (make-temporary-file)) (cmd (map (lambda (x) (cond @@ -368,6 +376,8 @@ ((equal? '**out** x) t) (else x))) command))) (call-popen cmd input) + (if (and (member '**out** command) (not (file-exists? t))) + (error (string-append (stringify cmd) " did not produce '" t "'."))) (list (cons t tmpfiles) t)))) (define (tr:write-to pathname) @@ -396,7 +406,7 @@ (error "mismatch")) (list tmpfiles source))) -(define (tr:call-with-content function) +(define (tr:call-with-content function . args) (lambda (tmpfiles source) - (function (call-with-input-file source read-all)) + (apply function `(,(call-with-input-file source read-all) , at args)) (list tmpfiles source))) commit 5fbbc4b334a73150e709a4802cac99abd8ada61d Author: Justus Winter Date: Tue Jun 21 12:12:56 2016 +0200 gpgscm: Use native string searching functions. * tests/gpgscm/ffi-private.h: Handle character arguments. * tests/gpgscm/ffi.c (do_string_index): New function. (do_string_rindex): Likewise. (do_string_contains): Likewise. (ffi_init): Define new functions. * tests/gpgscm/ffi.scm (ffi-define): New macro. * tests/gpgscm/lib.scm (string-index): Use native function, demonstrate behavior. (string-rindex): Likewise. (string-contains?): Likewise. Demonstrate behavior of various other functions. (read-all): Rework so that it can handle large files. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi-private.h b/tests/gpgscm/ffi-private.h index 5467dac..849d1b7 100644 --- a/tests/gpgscm/ffi-private.h +++ b/tests/gpgscm/ffi-private.h @@ -33,6 +33,7 @@ int ffi_bool_value (scheme *sc, pointer p); #define CONVERSION_number(SC, X) (SC)->vptr->ivalue (X) #define CONVERSION_string(SC, X) (SC)->vptr->string_value (X) +#define CONVERSION_character(SC, X) (SC)->vptr->charvalue (X) #define CONVERSION_list(SC, X) (X) #define CONVERSION_bool(SC, X) ffi_bool_value ((SC), (X)) #define CONVERSION_path(SC, X) (((SC)->vptr->is_string (X) \ @@ -41,6 +42,7 @@ int ffi_bool_value (scheme *sc, pointer p); #define IS_A_number(SC, X) (SC)->vptr->is_number (X) #define IS_A_string(SC, X) (SC)->vptr->is_string (X) +#define IS_A_character(SC, X) (SC)->vptr->is_character (X) #define IS_A_list(SC, X) (SC)->vptr->is_list ((SC), X) #define IS_A_bool(SC, X) ((X) == (SC)->F || (X) == (SC)->T) #define IS_A_path(SC, X) ((SC)->vptr->is_string (X) \ diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index babf1e1..fe418fc 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -939,6 +939,72 @@ do_splice (scheme *sc, pointer args) FFI_RETURN (sc); } +static pointer +do_string_index (scheme *sc, pointer args) +{ + FFI_PROLOG (); + char *haystack; + char needle; + ssize_t offset = 0; + char *position; + FFI_ARG_OR_RETURN (sc, char *, haystack, string, args); + FFI_ARG_OR_RETURN (sc, char, needle, character, args); + if (args != sc->NIL) + { + FFI_ARG_OR_RETURN (sc, ssize_t, offset, number, args); + if (offset < 0) + return ffi_sprintf (sc, "offset must be positive"); + if (offset > strlen (haystack)) + return ffi_sprintf (sc, "offset exceeds haystack"); + } + FFI_ARGS_DONE_OR_RETURN (sc, args); + + position = strchr (haystack+offset, needle); + if (position) + FFI_RETURN_INT (sc, position - haystack); + else + FFI_RETURN_POINTER (sc, sc->F); +} + +static pointer +do_string_rindex (scheme *sc, pointer args) +{ + FFI_PROLOG (); + char *haystack; + char needle; + ssize_t offset = 0; + char *position; + FFI_ARG_OR_RETURN (sc, char *, haystack, string, args); + FFI_ARG_OR_RETURN (sc, char, needle, character, args); + if (args != sc->NIL) + { + FFI_ARG_OR_RETURN (sc, ssize_t, offset, number, args); + if (offset < 0) + return ffi_sprintf (sc, "offset must be positive"); + if (offset > strlen (haystack)) + return ffi_sprintf (sc, "offset exceeds haystack"); + } + FFI_ARGS_DONE_OR_RETURN (sc, args); + + position = strrchr (haystack+offset, needle); + if (position) + FFI_RETURN_INT (sc, position - haystack); + else + FFI_RETURN_POINTER (sc, sc->F); +} + +static pointer +do_string_contains (scheme *sc, pointer args) +{ + FFI_PROLOG (); + char *haystack; + char *needle; + FFI_ARG_OR_RETURN (sc, char *, haystack, string, args); + FFI_ARG_OR_RETURN (sc, char *, needle, string, args); + FFI_ARGS_DONE_OR_RETURN (sc, args); + FFI_RETURN_POINTER (sc, strstr (haystack, needle) ? sc->T : sc->F); +} + gpg_error_t ffi_list2argv (scheme *sc, pointer list, char ***argv, size_t *len) @@ -1134,6 +1200,9 @@ ffi_init (scheme *sc, const char *argv0, int argc, const char **argv) /* Test helper functions. */ ffi_define_function (sc, file_equal); ffi_define_function (sc, splice); + ffi_define_function (sc, string_index); + ffi_define_function (sc, string_rindex); + ffi_define_function_name (sc, "string-contains?", string_contains); /* User interface. */ ffi_define_function (sc, flush_stdio); diff --git a/tests/gpgscm/ffi.scm b/tests/gpgscm/ffi.scm index d0b8a99..7c2f93a 100644 --- a/tests/gpgscm/ffi.scm +++ b/tests/gpgscm/ffi.scm @@ -38,3 +38,7 @@ (write (cons (string->symbol name) args) args') (throw (string-append (get-output-string args') ": " message)))) + +;; Pseudo-definitions for foreign functions. Evaluates to no code, +;; but serves as documentation. +(macro (ffi-define form)) diff --git a/tests/gpgscm/lib.scm b/tests/gpgscm/lib.scm index 871cc8f..48f53ea 100644 --- a/tests/gpgscm/lib.scm +++ b/tests/gpgscm/lib.scm @@ -55,48 +55,50 @@ (string-length s))))) (assert (string-suffix? "Scheme" "eme")) -;; Locate the first occurrence of needle in haystack. -(define (string-index haystack needle) - (define (index i haystack needle) - (if (= (length haystack) 0) - #f - (if (char=? (car haystack) needle) - i - (index (+ i 1) (cdr haystack) needle)))) - (index 0 (string->list haystack) needle)) - -;; Locate the last occurrence of needle in haystack. -(define (string-rindex haystack needle) - (let ((rindex (string-index (list->string (reverse (string->list haystack))) - needle))) - (if rindex (- (string-length haystack) rindex 1) #f))) +;; Locate the first occurrence of needle in haystack starting at offset. +(ffi-define (string-index haystack needle [offset])) +(assert (= 2 (string-index "Hallo" #\l))) +(assert (= 3 (string-index "Hallo" #\l 3))) +(assert (equal? #f (string-index "Hallo" #\.))) + +;; Locate the last occurrence of needle in haystack starting at offset. +(ffi-define (string-rindex haystack needle [offset])) +(assert (= 3 (string-rindex "Hallo" #\l))) +(assert (equal? #f (string-rindex "Hallo" #\a 2))) +(assert (equal? #f (string-rindex "Hallo" #\.))) ;; Split haystack at delimiter at most n times. (define (string-splitn haystack delimiter n) - (define (split acc haystack delimiter n) - (if (= (string-length haystack) 0) - (reverse acc) - (let ((i (string-index haystack delimiter))) - (if (not (or (eq? i #f) (= 0 n))) - (split (cons (substring haystack 0 i) acc) - (substring haystack (+ i 1) (string-length haystack)) - delimiter (- n 1)) - (split (cons haystack acc) "" delimiter 0) - )))) - (split '() haystack delimiter n)) + (let ((length (string-length haystack))) + (define (split acc delimiter offset n) + (if (>= offset length) + (reverse acc) + (let ((i (string-index haystack delimiter offset))) + (if (or (eq? i #f) (= 0 n)) + (reverse (cons (substring haystack offset length) acc)) + (split (cons (substring haystack offset i) acc) + delimiter (+ i 1) (- n 1)))))) + (split '() delimiter 0 n))) +(assert (= 2 (length (string-splitn "foo:bar:baz" #\: 1)))) +(assert (string=? "foo" (car (string-splitn "foo:bar:baz" #\: 1)))) +(assert (string=? "bar:baz" (cadr (string-splitn "foo:bar:baz" #\: 1)))) ;; Split haystack at delimiter. (define (string-split haystack delimiter) (string-splitn haystack delimiter -1)) +(assert (= 3 (length (string-split "foo:bar:baz" #\:)))) +(assert (string=? "foo" (car (string-split "foo:bar:baz" #\:)))) +(assert (string=? "bar" (cadr (string-split "foo:bar:baz" #\:)))) +(assert (string=? "baz" (caddr (string-split "foo:bar:baz" #\:)))) ;; Trim the prefix of S containing only characters that make PREDICATE -;; true. For example (string-ltrim char-whitespace? " foo") => -;; "foo". +;; true. (define (string-ltrim predicate s) (let loop ((s' (string->list s))) (if (predicate (car s')) (loop (cdr s')) (list->string s')))) +(assert (string=? "foo" (string-ltrim char-whitespace? " foo"))) ;; Trim the suffix of S containing only characters that make PREDICATE ;; true. @@ -105,20 +107,18 @@ (if (predicate (car s')) (loop (cdr s')) (list->string (reverse s'))))) +(assert (string=? "foo" (string-rtrim char-whitespace? "foo "))) ;; Trim both the prefix and suffix of S containing only characters ;; that make PREDICATE true. (define (string-trim predicate s) (string-ltrim predicate (string-rtrim predicate s))) +(assert (string=? "foo" (string-trim char-whitespace? " foo "))) -(define (string-contains? s contained) - (let loop ((offset 0)) - (if (<= (+ offset (string-length contained)) (string-length s)) - (if (string=? (substring s offset (+ offset (string-length contained))) - contained) - #t - (loop (+ 1 offset))) - #f))) +;; Check if needle is contained in haystack. +(ffi-define (string-contains? haystack needle)) +(assert (string-contains? "Hallo" "llo")) +(assert (not (string-contains? "Hallo" "olla"))) (define (echo . msg) (for-each (lambda (x) (display x) (display " ")) msg) @@ -154,10 +154,10 @@ ;; Read everything from port P. (define (read-all . p) - (list->string - (let f () - (let ((c (apply peek-char p))) - (cond - ((eof-object? c) '()) - (else (apply read-char p) - (cons c (f)))))))) + (let loop ((acc (open-output-string))) + (let ((c (apply peek-char p))) + (cond + ((eof-object? c) (get-output-string acc)) + (else + (write-char (apply read-char p) acc) + (loop acc)))))) commit d99949fc8cf541018267964629992d55c97ca9ab Author: Justus Winter Date: Tue Jun 21 16:09:49 2016 +0200 gpgscm: Improve error reporting. * tests/gpgscm/scheme.c (type_to_string): New function. (Eval_Cycle): Include actual type in error message. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 22b726f..3c7910c 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -129,6 +129,30 @@ enum scheme_types { T_LAST_SYSTEM_TYPE=15 }; +static const char * +type_to_string (enum scheme_types typ) +{ + switch (typ) + { + case T_STRING: return "string"; + case T_NUMBER: return "number"; + case T_SYMBOL: return "symbol"; + case T_PROC: return "proc"; + case T_PAIR: return "pair"; + case T_CLOSURE: return "closure"; + case T_CONTINUATION: return "configuration"; + case T_FOREIGN: return "foreign"; + case T_CHARACTER: return "character"; + case T_PORT: return "port"; + case T_VECTOR: return "vector"; + case T_MACRO: return "macro"; + case T_PROMISE: return "promise"; + case T_ENVIRONMENT: return "environment"; + case T_FOREIGN_OBJECT: return "foreign object"; + } + assert (! "not reached"); +} + /* ADJ is enough slack to align cells in a TYPE_BITS-bit boundary */ #define ADJ 32 #define TYPE_BITS 5 @@ -4509,10 +4533,11 @@ static void Eval_Cycle(scheme *sc, enum scheme_opcodes op) { } while(iname, i+1, - tests[j].kind); + tests[j].kind, + type_to_string(type(car(arglist)))); } } } commit 616582071a2c76c4fb529d4da549aa95ee5d78d6 Author: Justus Winter Date: Tue Jun 21 12:19:07 2016 +0200 gpgscm: Make memory allocation failures fatal. * tests/gpgscm/scheme.c (Eval_Cycle): Exit if we run out of memory. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index ff595fa..22b726f 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -4529,7 +4529,7 @@ static void Eval_Cycle(scheme *sc, enum scheme_opcodes op) { } if(sc->no_memory) { fprintf(stderr,"No memory!\n"); - return; + exit(1); } } } ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/ffi-private.h | 2 + tests/gpgscm/ffi.c | 69 +++++++++++++++++++ tests/gpgscm/ffi.scm | 4 ++ tests/gpgscm/lib.scm | 90 ++++++++++++------------- tests/gpgscm/scheme.c | 31 ++++++++- tests/gpgscm/tests.scm | 28 +++++--- tests/openpgp/Makefile.am | 10 +-- tests/openpgp/defs.scm | 11 +-- tests/openpgp/export.scm | 99 +++++++++++++++++++++++++++ tests/openpgp/tofu.scm | 165 +++++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 437 insertions(+), 72 deletions(-) create mode 100755 tests/openpgp/export.scm create mode 100755 tests/openpgp/tofu.scm hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 21 16:23:07 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 21 Jun 2016 16:23:07 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-180-g5905e8b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 5905e8bbd809c1408edad4fa4eb0527fa51cbea3 (commit) via 32d4bbf5e3e5f88e4a6852d72a35ee30df9d5279 (commit) from 8997d88bf97d1784706becbf8e9dc74e4656e311 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5905e8bbd809c1408edad4fa4eb0527fa51cbea3 Author: Werner Koch Date: Tue Jun 21 16:17:26 2016 +0200 tests: Add new test tool run-identify. * src/gpgme-tool.c (gt_identify): Add new strings. * tests/run-identify.c: New. * tests/Makefile.am (noinst_PROGRAMS): Add run-identify. Signed-off-by: Werner Koch diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index 557ed64..ccda973 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -1683,6 +1683,8 @@ gt_identify (gpgme_tool_t gt, gpgme_data_t data) case GPGME_DATA_TYPE_INVALID: return gpg_error (GPG_ERR_GENERAL); case GPGME_DATA_TYPE_UNKNOWN : s = "unknown"; break; case GPGME_DATA_TYPE_PGP_SIGNED : s = "PGP-signed"; break; + case GPGME_DATA_TYPE_PGP_SIGNATURE: s = "PGP-signature"; break; + case GPGME_DATA_TYPE_PGP_ENCRYPTED: s = "PGP-encrypted"; break; case GPGME_DATA_TYPE_PGP_OTHER : s = "PGP"; break; case GPGME_DATA_TYPE_PGP_KEY : s = "PGP-key"; break; case GPGME_DATA_TYPE_CMS_SIGNED : s = "CMS-signed"; break; diff --git a/tests/Makefile.am b/tests/Makefile.am index 22c07d2..bfd8e36 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -32,7 +32,7 @@ LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@ noinst_HEADERS = run-support.h noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import run-sign \ - run-verify run-encrypt + run-verify run-encrypt run-identify if RUN_GPG_TESTS diff --git a/tests/run-identify.c b/tests/run-identify.c new file mode 100644 index 0000000..d5ce55f --- /dev/null +++ b/tests/run-identify.c @@ -0,0 +1,129 @@ +/* run-identify - Helper to run the identify command + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include + +#define PGM "run-identify" + +#include "run-support.h" + + +static int verbose; + + +static const char * +data_type_to_string (gpgme_data_type_t dt) +{ + const char *s = "[?]"; + + switch (dt) + { + case GPGME_DATA_TYPE_INVALID : s = "invalid"; break; + case GPGME_DATA_TYPE_UNKNOWN : s = "unknown"; break; + case GPGME_DATA_TYPE_PGP_SIGNED : s = "PGP-signed"; break; + case GPGME_DATA_TYPE_PGP_SIGNATURE: s = "PGP-signature"; break; + case GPGME_DATA_TYPE_PGP_ENCRYPTED: s = "PGP-encrypted"; break; + case GPGME_DATA_TYPE_PGP_OTHER : s = "PGP"; break; + case GPGME_DATA_TYPE_PGP_KEY : s = "PGP-key"; break; + case GPGME_DATA_TYPE_CMS_SIGNED : s = "CMS-signed"; break; + case GPGME_DATA_TYPE_CMS_ENCRYPTED: s = "CMS-encrypted"; break; + case GPGME_DATA_TYPE_CMS_OTHER : s = "CMS"; break; + case GPGME_DATA_TYPE_X509_CERT : s = "X.509"; break; + case GPGME_DATA_TYPE_PKCS12 : s = "PKCS12"; break; + } + return s; +} + + +static int +show_usage (int ex) +{ + fputs ("usage: " PGM " [options] FILENAMEs\n\n" + "Options:\n" + " --verbose run in verbose mode\n" + , stderr); + exit (ex); +} + +int +main (int argc, char **argv) +{ + int last_argc = -1; + gpgme_error_t err; + int anyerr = 0; + gpgme_data_t data; + gpgme_data_type_t dt; + + if (argc) + { argc--; argv++; } + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + show_usage (0); + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + show_usage (1); + + } + + init_gpgme (GPGME_PROTOCOL_OpenPGP); + + for (; argc; argc--, argv++) + { + if (verbose) + printf ("reading file `%s'\n", *argv); + err = gpgme_data_new_from_file (&data, *argv, 1); + if (err) + { + fprintf (stderr, PGM ": error reading '%s': %s\n", + *argv, gpg_strerror (err)); + anyerr = 1; + } + else + { + dt = gpgme_data_identify (data, 0); + if (dt == GPGME_DATA_TYPE_INVALID) + anyerr = 1; + printf ("%s: %s\n", *argv, data_type_to_string (dt)); + gpgme_data_release (data); + } + } + + return anyerr; +} commit 32d4bbf5e3e5f88e4a6852d72a35ee30df9d5279 Author: Werner Koch Date: Tue Jun 21 16:14:02 2016 +0200 core: Enhance gpgme_data_identify to detect binary PGP messages. * src/gpgme.h.in (GPGME_DATA_TYPE_PGP_ENCRYPTED): New. (GPGME_DATA_TYPE_PGP_SIGNATURE): New. * src/data-identify.c: Add enum for OpenPGP packet types. (buf32_to_ulong): New. (next_openpgp_packet): New. Based on the gnupg/kbx/keybox-openpgp.c implementation and relicensed to LGPL by g10 Code. (pgp_binary_detection): New. (basic_detection): Call pgp_binary_detection instead of returning unknown. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 7b939e7..32f3c84 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,8 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_STATUS_TOFU_STATS NEW. GPGME_STATUS_TOFU_STATS_LONG NEW. GPGME_STATUS_NOTATION_FLAGS NEW. + GPGME_DATA_TYPE_PGP_ENCRYPTED NEW. + GPGME_DATA_TYPE_PGP_SIGNATURE NEW. Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] diff --git a/src/data-identify.c b/src/data-identify.c index 9600633..f7107e0 100644 --- a/src/data-identify.c +++ b/src/data-identify.c @@ -29,10 +29,238 @@ #include "util.h" #include "parsetlv.h" + /* The size of the sample data we take for detection. */ #define SAMPLE_SIZE 2048 +/* OpenPGP packet types. */ +enum + { + PKT_NONE = 0, + PKT_PUBKEY_ENC = 1, /* Public key encrypted packet. */ + PKT_SIGNATURE = 2, /* Secret key encrypted packet. */ + PKT_SYMKEY_ENC = 3, /* Session key packet. */ + PKT_ONEPASS_SIG = 4, /* One pass sig packet. */ + PKT_SECRET_KEY = 5, /* Secret key. */ + PKT_PUBLIC_KEY = 6, /* Public key. */ + PKT_SECRET_SUBKEY = 7, /* Secret subkey. */ + PKT_COMPRESSED = 8, /* Compressed data packet. */ + PKT_ENCRYPTED = 9, /* Conventional encrypted data. */ + PKT_MARKER = 10, /* Marker packet. */ + PKT_PLAINTEXT = 11, /* Literal data packet. */ + PKT_RING_TRUST = 12, /* Keyring trust packet. */ + PKT_USER_ID = 13, /* User id packet. */ + PKT_PUBLIC_SUBKEY = 14, /* Public subkey. */ + PKT_OLD_COMMENT = 16, /* Comment packet from an OpenPGP draft. */ + PKT_ATTRIBUTE = 17, /* PGP's attribute packet. */ + PKT_ENCRYPTED_MDC = 18, /* Integrity protected encrypted data. */ + PKT_MDC = 19, /* Manipulation detection code packet. */ + }; + + +static inline unsigned long +buf32_to_ulong (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned long)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} + + +/* Parse the next openpgp packet. This function assumes a valid + * OpenPGP packet at the address pointed to by BUFPTR which has a + * maximum length as stored at BUFLEN. Return the header information + * of that packet and advance the pointer stored at BUFPTR to the next + * packet; also adjust the length stored at BUFLEN to match the + * remaining bytes. If there are no more packets, store NULL at + * BUFPTR. Return an non-zero error code on failure or the following + * data on success: + * + * R_PKTTYPE = The packet type. + * R_NTOTAL = The total number of bytes of this packet + * + * If GPG_ERR_TRUNCATED is returned, a packet type is anyway stored at + * R_PKTTYPE but R_NOTAL won't have a usable value, + */ +static gpg_error_t +next_openpgp_packet (unsigned char const **bufptr, size_t *buflen, + int *r_pkttype, size_t *r_ntotal) +{ + const unsigned char *buf = *bufptr; + size_t len = *buflen; + int c, ctb, pkttype; + unsigned long pktlen; + + if (!len) + return gpg_error (GPG_ERR_NO_DATA); + + ctb = *buf++; len--; + if ( !(ctb & 0x80) ) + return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */ + + if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */ + { + pkttype = (ctb & 0x3f); + if (!len) + return gpg_error (GPG_ERR_INV_PACKET); /* No 1st length byte. */ + c = *buf++; len--; + if ( c < 192 ) + pktlen = c; + else if ( c < 224 ) + { + pktlen = (c - 192) * 256; + if (!len) + return gpg_error (GPG_ERR_INV_PACKET); /* No 2nd length byte. */ + c = *buf++; len--; + pktlen += c + 192; + } + else if (c == 255) + { + if (len < 4) + return gpg_error (GPG_ERR_INV_PACKET); /* No length bytes. */ + pktlen = buf32_to_ulong (buf); + buf += 4; + len -= 4; + } + else /* Partial length encoding is not allowed for key packets. */ + return gpg_error (GPG_ERR_UNEXPECTED); + } + else /* Old style CTB. */ + { + int lenbytes; + + pktlen = 0; + pkttype = (ctb>>2)&0xf; + lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3)); + if (!lenbytes) /* Not allowed in key packets. */ + return gpg_error (GPG_ERR_UNEXPECTED); + if (len < lenbytes) + return gpg_error (GPG_ERR_INV_PACKET); /* Not enough length bytes. */ + for (; lenbytes; lenbytes--) + { + pktlen <<= 8; + pktlen |= *buf++; len--; + } + } + + /* Do some basic sanity check. */ + switch (pkttype) + { + case PKT_PUBKEY_ENC: + case PKT_SIGNATURE: + case PKT_SYMKEY_ENC: + case PKT_ONEPASS_SIG: + case PKT_SECRET_KEY: + case PKT_PUBLIC_KEY: + case PKT_SECRET_SUBKEY: + case PKT_COMPRESSED: + case PKT_ENCRYPTED: + case PKT_MARKER: + case PKT_PLAINTEXT: + case PKT_RING_TRUST: + case PKT_USER_ID: + case PKT_PUBLIC_SUBKEY: + case PKT_OLD_COMMENT: + case PKT_ATTRIBUTE: + case PKT_ENCRYPTED_MDC: + case PKT_MDC: + break; /* Okay these are allowed packets. */ + default: + return gpg_error (GPG_ERR_UNEXPECTED); + } + + if (pktlen > len) + { + /* Packet length header too long. This is possible because we + * may have only a truncated image. */ + *r_pkttype = pkttype; + *r_ntotal = 0; + *bufptr = NULL; + return gpg_error (GPG_ERR_TRUNCATED); + } + + *r_pkttype = pkttype; + *r_ntotal = (buf - *bufptr) + pktlen; + + *bufptr = buf + pktlen; + *buflen = len - pktlen; + if (!*buflen) + *bufptr = NULL; + + return 0; +} + + +/* Detection of PGP binary data. This function parses an OpenPGP + * message. This parser is robust enough to work on a truncated + * version. Returns a GPGME_DATA_TYPE_. */ +static gpgme_data_type_t +pgp_binary_detection (const void *image_arg, size_t imagelen) +{ + gpg_error_t err = 0; + const unsigned char *image = image_arg; + size_t n; + int pkttype; + int anypacket = 0; + int allsignatures = 0; + + while (!err && image) + { + err = next_openpgp_packet (&image, &imagelen, &pkttype, &n); + if (gpg_err_code (err) == GPG_ERR_TRUNCATED) + ; + else if (err) + break; + + if (pkttype == PKT_SIGNATURE) + { + if (!anypacket) + allsignatures = 1; + } + else + allsignatures = 0; + anypacket = 1; + + switch (pkttype) + { + case PKT_SIGNATURE: + break; /* We decide later. */ + + case PKT_PLAINTEXT: + /* Old style signature format: {sig}+,plaintext */ + if (allsignatures) + return GPGME_DATA_TYPE_PGP_SIGNED; + break; + + case PKT_ONEPASS_SIG: + return GPGME_DATA_TYPE_PGP_SIGNED; + + case PKT_SECRET_KEY: + case PKT_PUBLIC_KEY: + return GPGME_DATA_TYPE_PGP_KEY; + + case PKT_SECRET_SUBKEY: + case PKT_PUBLIC_SUBKEY: + return GPGME_DATA_TYPE_PGP_OTHER; + case PKT_PUBKEY_ENC: + case PKT_SYMKEY_ENC: + return GPGME_DATA_TYPE_PGP_ENCRYPTED; + + case PKT_MARKER: + break; /* Skip this packet. */ + + default: + return GPGME_DATA_TYPE_PGP_OTHER; + } + } + + if (allsignatures) + return GPGME_DATA_TYPE_PGP_SIGNATURE; + + return GPGME_DATA_TYPE_UNKNOWN; +} + /* Note that DATA may be binary but a final nul is required so that string operations will find a terminator. @@ -167,7 +395,7 @@ basic_detection (const char *data, size_t datalen) at all defined and in any case it is uncommon. Thus we don't do any further plausibility checks but stupidly assume no CMS armored data will follow. */ - return GPGME_DATA_TYPE_UNKNOWN; + return pgp_binary_detection (data, datalen); } /* Now check whether there are armor lines. */ diff --git a/src/gpgme.h.in b/src/gpgme.h.in index dc2f143..790485d 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -239,8 +239,10 @@ typedef enum GPGME_DATA_TYPE_INVALID = 0, /* Not detected. */ GPGME_DATA_TYPE_UNKNOWN = 1, GPGME_DATA_TYPE_PGP_SIGNED = 0x10, + GPGME_DATA_TYPE_PGP_ENCRYPTED= 0x11, GPGME_DATA_TYPE_PGP_OTHER = 0x12, GPGME_DATA_TYPE_PGP_KEY = 0x13, + GPGME_DATA_TYPE_PGP_SIGNATURE= 0x18, /* Detached signature */ GPGME_DATA_TYPE_CMS_SIGNED = 0x20, GPGME_DATA_TYPE_CMS_ENCRYPTED= 0x21, GPGME_DATA_TYPE_CMS_OTHER = 0x22, ----------------------------------------------------------------------- Summary of changes: NEWS | 2 + src/data-identify.c | 230 ++++++++++++++++++++++++++++++++++++++++++++++++++- src/gpgme-tool.c | 2 + src/gpgme.h.in | 2 + tests/Makefile.am | 2 +- tests/run-identify.c | 129 +++++++++++++++++++++++++++++ 6 files changed, 365 insertions(+), 2 deletions(-) create mode 100644 tests/run-identify.c hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 22 11:29:15 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Jun 2016 11:29:15 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-34-gda63f15 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via da63f15d983d7141326067f782188f851c60ec86 (commit) via ea78b37f0d6233293e58401442f146b27785aa4c (commit) from f548383d9af912bf93217068cc8aa99a9a6eda93 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit da63f15d983d7141326067f782188f851c60ec86 Author: Werner Koch Date: Wed Jun 22 11:21:50 2016 +0200 tests: Add a set of sample messages for the two new keys to the repo. -- Signed-off-by: Werner Koch diff --git a/tests/openpgp/samplemsgs/clearsig-1-key-1.asc b/tests/openpgp/samplemsgs/clearsig-1-key-1.asc new file mode 100644 index 0000000..4673c40 --- /dev/null +++ b/tests/openpgp/samplemsgs/clearsig-1-key-1.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +You are scrupulously honest, frank, and straightforward. Therefore you +have few friends. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQE0BAEBCAAeBQJXakWmFxxzdGV2ZS5iaWtvQGV4YW1wbGUubmV0AAoJEKpD8dzH +/tG3OiIH/18NlMSXXRFRrxXq9OZySzJxgLI7BjGilRTqb4ALeFzNjmCwu3Y+Gkdg +t7NjYjSe0erWiKYDEmALICwcpmSmXHA//gol3QkHJKIlKQGXJP1qLvIde5+lnK8K +YVwLKLBQBQtlGMkMXPdUEn9PgzSoBFoFIqrzQmAdLO3yijSdm0Mzl9wyIhtbUXk+ +VgX2d/6DRIwcKcFoX2QbFlM/z1kdrS6cOYFbJWavEpLDz9ON8Q8a8uqcBiqRlSpW +eGOMMsysJs+44+qX6uE3hu2KJE9xvHwhSjJOxqtw8dN3KZ1+8IkxsDrvDAhn+Klf +Hbtj647f/iTOF88o1ihO7goDi93Bpv4= +=xAv4 +-----END PGP SIGNATURE----- diff --git a/tests/openpgp/samplemsgs/clearsig-2-keys-1.asc b/tests/openpgp/samplemsgs/clearsig-2-keys-1.asc new file mode 100644 index 0000000..0d7823e --- /dev/null +++ b/tests/openpgp/samplemsgs/clearsig-2-keys-1.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +"The geeks shall inherit the earth." + -- Karl Lehenbauer +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQE0BAEBCAAeBQJXakX/FxxzdGV2ZS5iaWtvQGV4YW1wbGUubmV0AAoJEKpD8dzH +/tG3g1AH/iQakK5FoXpNQs6Nj9NR4NUwtIPmlLS/Tas21CDs1Lo1Fum1gjU0VUFN +63+FTnbRg8nXfee9RPddLnec9lYWVqWSkggTFER8qQrj/EurltLMv/tHAZ+B0ueI +mh2XkNHA6KXu3DFipAXQezWaUqi485TGTY6Qv9JtG/plOZBakcRTgCSAamyaDPBA +PHgp85bPf5Zu4aFRBfmJp+IUH/EFLNFIHNXpYyZZy5ZdB3GuhAHGFp6tlpRFk4Z5 +vRU9BtdoeiIeoRHp4orMESGlbeZxUXG3CCrgzVk0e1pab0NrehwQ23+axMxFipya +t6mi8Zrxpp7eFc9+ozp+7r4cH//uw8+IewQBFggAIwUCV2pF/xwccGF0cmljZS5s +dW11bWJhQGV4YW1wbGUubmV0AAoJEBOVY2gqAg0Ko1YBAKVC98xZvGsNoaq0yDHG +AJKmsvjnc8z3qmEHzGtxOQCiAP92ffXZr0EM4qNqbDR0EAws9qNo0XlDPcm0LDxy +0JVcDw== +=Ta4l +-----END PGP SIGNATURE----- diff --git a/tests/openpgp/samplemsgs/clearsig-2-keys-2.asc b/tests/openpgp/samplemsgs/clearsig-2-keys-2.asc new file mode 100644 index 0000000..992f2ba --- /dev/null +++ b/tests/openpgp/samplemsgs/clearsig-2-keys-2.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +The very remembrance of my former misfortune proves a new one to me. + -- Miguel de Cervantes +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iHsEARYIACMFAldqRlwcHHBhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldAAKCRAT +lWNoKgINCubRAQC0VyMKKFXWWxLOwCFO5ovhONxq2VLQ6c7jklZt0AAETgEA8ikc +doPxIamOCta2QwgS0JHPhvgmL98GWM1dMLfD3gOJATQEAQEIAB4FAldqRlwXHHN0 +ZXZlLmJpa29AZXhhbXBsZS5uZXQACgkQqkPx3Mf+0beYKQgAp60uW2OmVAyaP2MC +F6alWqWVkxw66L6QW6ciOpiuqjEoc9TN6pNIIP+MeSPu+SE71kw4nD0Vvu5mgH/2 +74dZMf7vFX3vERL/g8u7lTOv2GkXyKpFKAwvMxqPJ7zKUH9z6LxeBc2tNImjQ4mS +7OL30n+SPrsY4FR3BS/d/EY2y+L9spi92oiJeXjgNHH7iIr5iWiSSXS7AwBla0zu +r+mkX2Aats488CEfENACugg79q7cNLpUioeKdOHcqDxCS9wSpYK5Y2+IBqmFEv6t +DKZ1iZnLlk6rHpkZ8aQi96PFbZVZPGnxsOFKkNPWwHjniKeJzoJwd7FqR5i2vrsJ +UiWYwA== +=gWAP +-----END PGP SIGNATURE----- diff --git a/tests/openpgp/samplemsgs/enc-1-key-1.asc b/tests/openpgp/samplemsgs/enc-1-key-1.asc new file mode 100644 index 0000000..bd65330 --- /dev/null +++ b/tests/openpgp/samplemsgs/enc-1-key-1.asc @@ -0,0 +1,9 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hF4DkYWHjk/NdMASAQdAPDV6Y3JTfAGDX8pfZcT6YggC7qV3g8B1ezijcfIcdVAw ++hCFGXS1EikBbZ21v79GtGh6Wp3fmyZFRQcsJZciLE/EFcbf9Mv4Q2qfRhKYHlqj +0lwBRYQrwTJbMNspOwd2MidjYYUxb/02PNiqZSrWUeX0iPsgHFToJol9RVAqs4Zz +bZNKL6y/GeRIRZY12Lzo2TIXSLfjvbMTdkoz53mMKiUXsi/fCKXkTmgIheni8w== +=kmqY +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/enc-1-key-1.gpg b/tests/openpgp/samplemsgs/enc-1-key-1.gpg new file mode 100644 index 0000000..6f0fe4f Binary files /dev/null and b/tests/openpgp/samplemsgs/enc-1-key-1.gpg differ diff --git a/tests/openpgp/samplemsgs/enc-1-key-2.asc b/tests/openpgp/samplemsgs/enc-1-key-2.asc new file mode 100644 index 0000000..e9e6e70 --- /dev/null +++ b/tests/openpgp/samplemsgs/enc-1-key-2.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMAx13dhm+MQ15AQf8DKnGFmadCHP3k8blxdRa73pC3BL0fn9YSp2+EvKP7n4Y +KsVHmKSZ43RL2pq24y5CImLCu6gPkyFGzTn/vmxq8E2Ul8WOvyJiEuRTczNr5NNs +rZiF7dRMSjeZXCEHme24XIXKGzbnlkALHxh83GpgxVmLqKIlHEjgXYn9fneH85M4 +KTBxIxpAhIKzninnGk2ikmAS2C6z370tRLYP+tQ6gcP8BbehCZFM+TRqyS3aXjdq +WaV3OgY7uWzj4P0PBXBWx0V829tfgRF9Z70Zx+HA1BpOqvmOcsztah1Jq/pyAaeR +7t2FunUZuUwbBIYg67/cxStYAXF9ih70tjSRfYBiotLAEAEvZfW1G7lMnfFCWxx8 +S8L+AD+BEdycI/kUZhgxFVde985CSYcpIcQZE4IuTYCoc96ZXsvil5Zlf5I//KDz +toq+bxa+VU4Gr+h4lbcq8Sj8OPkx11/P4dOyydiYKLqEThig5l/h5IiROL8AvIMf +TpNhu8TnECbjaEDaDt3RE3vIFP7ZV8zfpsibSFDaK9K0UhniSt/wF4NekBltUcBc +kozlxWbvQ0k3A+xl1dBCBEpFaJrywRYFvz2sY5ISJS1X3ePJ4c9fsPXePTiy9a3W +ItE= +=rFeH +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/enc-1-key-2.gpg b/tests/openpgp/samplemsgs/enc-1-key-2.gpg new file mode 100644 index 0000000..c62b63a Binary files /dev/null and b/tests/openpgp/samplemsgs/enc-1-key-2.gpg differ diff --git a/tests/openpgp/samplemsgs/enc-2-keys-1.asc b/tests/openpgp/samplemsgs/enc-2-keys-1.asc new file mode 100644 index 0000000..abff596 --- /dev/null +++ b/tests/openpgp/samplemsgs/enc-2-keys-1.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMAx13dhm+MQ15AQgAkI1KV+RVcuDJlzwXShDT9d2r+1GlV2r16z5vp0aDLETz +Ga+OCTSiDR8So9xqM8kNKp12t2OrhmIerYu3dHQxZAWuqbhj/xkxfh0OyAP2wZb4 +MtwXIcRKWgUz5pUPYcp/7+Eo/dlBs1QaqxF8Lnh5jAlpxDeQvfSgjTZicZAS0rtY +XONLWaX4nuuHb2DNrQWLDsMvDrwu8fJLPMNy7+tEzECs1G7Tv7D9xu/QHbGw6Zvk +fxjWlLsD2nUQYwn/GpqitD02y7BHDoZKXIO8GccHdPhPOxZHLCiGIHQ7r61ResHA +3SlqEsNF9OV81RaIg55ndM72ZLbDTC8ZQDIu/5cXaoReA5GFh45PzXTAEgEHQIFu +PbA2WmzBGnzmBfXmRg8AVKE2JVvSYLjBynfTPbtKMAUbz9U2grH/0BdZPWaGuYUh +HNPg9vmmzL5Ch3rSSunzhtxadesh/Gsic9ETkFz/d9K3AVzb9WEneFuEkk43lJAu +X+btUyQ8rBhkmBQPorvZN+1i+NL0XOP3UJ0iIpo3bn/J7Dy9IEDojQAFtdOBuw6F +hbWOMoRVodE5aA6JcRDR2HLj68X3TAou91a8krHJ8NAK84ilrZd07XEwGtNbaom5 +rZK9xNFIUV0Ddog6r5rJ/pqsN6o3iEYI2uhh0KYntbIHrRD05ZWRCXhQIGPb6qp8 +wEEydtbQpfJFRru8q7Y0V6MlzYflxI1H +=m6X7 +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/enc-2-keys-1.gpg b/tests/openpgp/samplemsgs/enc-2-keys-1.gpg new file mode 100644 index 0000000..1485b04 Binary files /dev/null and b/tests/openpgp/samplemsgs/enc-2-keys-1.gpg differ diff --git a/tests/openpgp/samplemsgs/enc-2-keys-2.asc b/tests/openpgp/samplemsgs/enc-2-keys-2.asc new file mode 100644 index 0000000..ec6202c --- /dev/null +++ b/tests/openpgp/samplemsgs/enc-2-keys-2.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hF4DkYWHjk/NdMASAQdALju99o8iXdJNYTuUNrk3ZgfLNvw4GuaLed/2PDLbLUEw +LaFnwh5u4djUOPPtZHbNzmJimOobJxYg3gwDew3ERLBqweQqRcqFaypu9+Ss86Df +hQEMAx13dhm+MQ15AQgAwHCbQ5TeyLGsrs+oC/dB7AZphqWwsSoVXTuxAi3NPbEF +upvp3mu19HpBJFXijsjysaMbwUGB+DRVhMYwAANfnJJ2oxltNbhMeGic/vRsCjHx +cJhjv/T0Jc3Yuh3YFlp4V3wMiTa7METMBL/2CQtT+MSQbBubkegcNPBkB5ss1civ +WpQckerDKtv9ik0+gvYCgHw0wLyf7UmHRekiJigUats0IhEHoZYv/qa3kvcmJaKV +WffHsOwxoS0jCwj15eV2YHQVJp7nnyxXlX9E7z4gzjxH4MbXpi+tVvBLGM8pHEg6 +EJ3U7koABqQ8446CnWC+OJKWO5cHoJjkOSCGALDoENKRAenz/t9qGzMWPInAx2iH +lNg2brHS7UM8z53ESeqpYfaHS1QiMvtZWo8Wl9QPJa8vfrDw/bCtNALYU/OHw95N +k9E+/JgWk9oQFc+syNHDJzw0qfEzblxzng5/d6W8vjggFkIrKwMwE1/6x1w6ZLoV +MYG0TXjnLNBGzGCFRSoDx/RuzybgdDSySV/6OFfPAMSo1g== +=iPxe +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/enc-2-keys-2.gpg b/tests/openpgp/samplemsgs/enc-2-keys-2.gpg new file mode 100644 index 0000000..a2889cb Binary files /dev/null and b/tests/openpgp/samplemsgs/enc-2-keys-2.gpg differ diff --git a/tests/openpgp/samplemsgs/encsig-2-2-keys-3.asc b/tests/openpgp/samplemsgs/encsig-2-2-keys-3.asc new file mode 100644 index 0000000..e563e8d --- /dev/null +++ b/tests/openpgp/samplemsgs/encsig-2-2-keys-3.asc @@ -0,0 +1,35 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMAx13dhm+MQ15AQf7B8SvOp1oKADLmqzPCJp8kLUvt2oemNHYvSU06gTlTT8m +DGJnA8a4S0+3q3Oqt/CObBX5tNr9KIB3OOgL8LujUffFVo2A6qfBWYnpyrDeJQOH +idilyZvAu4CdovVvp+2DxAfBYNb0jinIjZEcF3YuIFqk1o5n9Jx0C3LDMgQwjKkb +xEZeUkjt4i9Pb2JNP6+LQ8deDwLLcpS5ykP98MTHgG1OGw5QX1xxKArEq4YJXye3 +ubQBAifE3fGKswGiV5UuwrP3cB92KdtqYLCckrheDa96YJp7kZNDPFds4aqaD5i4 +Ps/bxXeZmeybhgxTT8Q1Ld7wUd+sFV36uRieHOMEIoReA5GFh45PzXTAEgEHQEyw +MoBXgqtfF8+TdiUcIqeH+eXNOHjqGujt00BRn8JTMJNuCXoMZDmu45AaXZqiYxov +TTfDyKGLVvaiTxEJdl/ty55X9C9ANppdFm3qZGZ6GdLqAQBRsaHHa5lSfUBrgJXC +DLidkt1TA0u7owjuWRkUDlzBt3lEcgYEFd6c2zy3wxljpU0zB/gEmlEQiQAYB9dR +alrnENgo93aExGoTW0LgsZlf1n8GuPCyK+3m+1+2ryr3qNreg69Y5HaW3aV4pEG/ +mMnxVffq0sJGtEQRAx8dESImO+jPVmdKx6JcGWQ4B3RmD3qzOgbGwRoeC+C/isV7 +t+VEC0iOlC+QyK7S1QgxcWwzl9ExSs1d+BM3cwNlwe2mLckgsayEUGXrafpifiTR +w1CSyt25fb23iwOu1XZeHGnth/XAAJQcUsi02E+fpMPyS4S0v71PBn8By7iXHE8W +stFZMP9Gcly6lh9qOFg108P+mIWOVj7xtCUMl0RRwxS2hrKypucJtPSmVZ6EgVok +8j0tNm5nSjLzQ4A8I+O20Tx0sPBjmvH3IbMNCvjAQp6gXYlDgiHv2zxAgHwNJjRh +ft1AJy/61HG3MtRNV1QP06l6tofGAzP4gBBqLJkVcK1bCGpx17LZ7t9GI573Y7Jr +CIFN+CUWqzN64Q90IMDFwOl2ghQGZsIRh0jG3wOjd3C5cFo176BJiAq5WVelVEO8 +A3J/xMofeDdAVTkbpDpW+rE66I5dBwa8s9ej1zTpM0hmbiON+Ld9cCW3VPuDjjj3 +pAndSOcbfoq0Qd1RwshQVpfJJYjuhz9qCdlp392KWSvwTD/YuMIZ+nudgxk9Vbu/ +Z3ro/ggyH0FmnaJ53GnJ3NjsiJkSbQ21fSw0zJDNabpwdVPSzSvPtflh1qKiU60M +eNI/QI6lKyZzwFCuAkcZKGWGQrDLjmbRtSMJHAw2cT1sQQJ5XtciiL+pOixawyNE +pTnYI4f/983JewwweUwFJ5GkD/uY6hM10b4OKpjjm8rfpBVmW8rsuAGa5sSOAZB4 +xt+u6/dzVDCdQKtYV4pQHsHahAAkIGT1pWi0PMyWM3deo3sGaiCGcpM7qpO2qE4b +paimL2Un0J1qPkr4cbykzzUx4U1zgHUHKDPhmSEtqLfPEd2DjUHsAvJZJFER4lD9 +yursATLzunEYiWUTuE6DKjcfQYPrAmat/mzquvf+oV5YgPvcY85U3t1XeyW9Zyip +APYSJdgYdN8Wemh21vvGj8B7xnWMaJlcbsCbvuu2GALUGQKbhYzV02lMPSbEUHRH +pRI8NviMcR4UD0/FK7g91I7yDqX6BLBckUw+W1KYKqVvlcMuDUOc5nQTxWXrPWJu +o6EU4sD4bDaFOdDW8cuSBhxiifU+I+1s89p6+6M/Qwenh0hTvUsQwpUx/cXwjNXT +0uRaIk/yjbEZj80lTKyAn1TvlJ4A2vYjscqfiiVYBU1/enfnsYgUf+TTK2qm3TtV +HiuLLNvE2uy2IQfeZ3DnzZlMoCY8PA67yQCxJXR/hVX+/hzlZ0PoPylkYejs +=yD/C +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/encsig-2-2-keys-3.gpg b/tests/openpgp/samplemsgs/encsig-2-2-keys-3.gpg new file mode 100644 index 0000000..b262d45 Binary files /dev/null and b/tests/openpgp/samplemsgs/encsig-2-2-keys-3.gpg differ diff --git a/tests/openpgp/samplemsgs/encsig-2-2-keys-4.asc b/tests/openpgp/samplemsgs/encsig-2-2-keys-4.asc new file mode 100644 index 0000000..1b63617 --- /dev/null +++ b/tests/openpgp/samplemsgs/encsig-2-2-keys-4.asc @@ -0,0 +1,33 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hF4DkYWHjk/NdMASAQdAtNe4V9DKNR+N65wm9hJk8xRewYZPhmWADCcFraD0rnUw +MWX9tj1E6GIKEhCAMomt/PoboZ8ncBJ4JZ/x4fltX5qsfIZkVqILolPAzrp5EbeE +hQEMAx13dhm+MQ15AQgAkQn04BIdVZ6w0q13WfIoSepk2aQs39E6rmfZRUUs5Axk +aTkHLQa3jSIpWXtSdrm5DBX0rhuNSiFk1h2pwc0OSnIhl6jxrjX1TN4dbXrtaJUz +rguevhF72sfksr7p5sy/yFF1DBv3Z6MRKyyt4FjpbhzczDU0BD4cz0IGMb5tHLB0 +kTS1pJYtkajuWEGiyfT2dR1g0SdNoVwXiu+Hw+buPabAdjgVKocyGmdbYr/ip88t +9o9AayTN2BH0z35YBwpdULcoM3Dww+sTcO2sG6xiy7E24t8RPFUQOfFm5vfmI8EH +Zy4nId6ZkGEdkzX2UkU6FvX5vvru76My07nqKENDBdLpAXp08EPSUkTgnl9d7Hyq +R1jMFiML3/QtMH7azdmjKdmkhrYPMgNoAiK1lO7pw3dU4eHfWDnPUWw8y/WHmoUT +lxtZunT8GUh8ZxXl+skOqy2UXHPPRSN602oqma+yYKZrzn8hQm7Rq/tbmFPRTE7V +cPCuRD0u3Rwnhldq//r5w6AgG1jKu0gXXzLYcubEl7S8fvXG/udSg1ASjhdhbYPD +larTKCby1fESurfhwFnyaIGPknpzGooGFU7sIkrjilNPfVGv8CC10yMp7jOM7nXH +hZ3w6JNHzB3UxlVjOjUkXFRxm3X4ydNXFgrp8soGyOnhjcUcN8A8gIXJoDQwB9G1 +STIilDwsBzFJOZfJSdy0/mjecvqT2slFsl3fjr0h0M2cTsYw1Ws5iG17HTJBVjpW +frmWVjGVLRXkLGkumNbLpGxImlz2wlvuSlk/mqgrbRyyz6ifEpQc2o7uFvT6BGTp +pG6qPafKLEAOkfOZGt/BKMsWESoOXlIa5B8B/4/t8me0Lni7RS09908ait1poKEM +cDYNPtClQlBLJB3GLxPDDUT1WNcEBc+vScU317S5BRgDXBdao16DLzoIoh0C8kYu +JBIQvXYLw23IBilHxzv0Fr/ta2joAUOnojNZMAaOawWj8i8/EwO2Hl0epx8Ww3ft +VMnCF3nVuAIhjYEEzYI90dzA35lcSyEcBDXKBUAnOLi0LhwySi3rzM/d0yxdDGZH +oPw2JQWpgCuv4OMin5YSRowUPhgFmltNc9I6qgVdy1vLKndC/OnCCtQj2OpUrYsH +l1H3ADreaiunjtCrFTGYLey4EK6koLcb+qdKAOkRTaH28nRQGEyzZ4U93mbTsNmJ +nAW4JCbZtMap9on9koJwiopEA+ONuktCD0j6RSAC+HdyhwN+MTWqCtTbO/tIvaqZ +HtAlhiHk3GSi/qaox5dLKZqu5pa92OwiZrS6vS+dWTQpmyCyHYZcglsaRiHAGIEB +3MVPKMvLgp5wV9uuSnr0aXaXoyEXjjMHbP8UnAxojnVxGJTOzsijE59ovddLgqUD +81jYd4K3XIX+aWy3GicJaiAgzOYwJzBrOLZFGIlm9HkXKwM2gqd6TNjKQHxS63o0 +H6vXirtZmnRfA2SnmkGACbwTEa7vKARt4W45rXXk1GiQcxV0U7QrdQ9jMHIPtJF+ +py8jqdfjnNsUNM7PyTVjB9nTk9V3BkwIjUs46R6LqElZsAQQGcVo/EzBoPhjNUaf +K+I= +=kQLr +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/encsig-2-2-keys-4.gpg b/tests/openpgp/samplemsgs/encsig-2-2-keys-4.gpg new file mode 100644 index 0000000..940a964 Binary files /dev/null and b/tests/openpgp/samplemsgs/encsig-2-2-keys-4.gpg differ diff --git a/tests/openpgp/samplemsgs/encsig-2-keys-1.asc b/tests/openpgp/samplemsgs/encsig-2-keys-1.asc new file mode 100644 index 0000000..649921e --- /dev/null +++ b/tests/openpgp/samplemsgs/encsig-2-keys-1.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMAx13dhm+MQ15AQgAiZPJa/zmtJ6cDpHVze6zBS+4OCbGeEpzcHBkpWiLKV91 +6CiwLTtL6Fhs7P/i5lEUzWQnRp0IGmUe8Ft5tugAL3ibv3Xm9PstXPZ2Q6EGzDCY +98x1aQooSuiUwIB4uQ8zFqA2TYGNfRcDCGdHHLpWAps4F/QkZkQGEWmy7KQZetc+ +mLP6z04fQz5XemL0MaJcarLRE0OK8FI4+413DqQB3RyZsMFiFDAY46g3rA7xymuo +Elum8PjMDXtAEpYAs2NHR29okFMinB7rR/DFGabQtzWIJPlgyGOFUVXs7YWj0Git +SgEje73u8eEYAJYTpud1zup/KPUYOqJzyIMvOHDMz4ReA5GFh45PzXTAEgEHQGSH +2coczePYstzayq418VjtNF+0ohoFKm8lrR9THREYMFJ4oA6/e7r3g38CWlb8kKxN +butxPKCcO2OjZYU5PZMk03CwbpSWM0FTNJEzXfqdKtLAOgHgccG9wgBqAbcTejiX +FQBBsLXRybq8Bra8qW+RVJ5noCav3TH06h8ZVXz/jJMLSUfKt8l+xRQDkYZ88cN3 +GhWNSc1eBOjS8e3JwGYaGs4vuoRVECbzee1DWNk3CUQOgeqZKLoSYHDRwHMpzP/N +suXLpGTV7EoN4+qOcF5q/6cZV4gaGxgokoCUrM+IYfhOjmqK3lfo9/1GUxppyE+x +XsWKiUMta3tJ6zhWYJPCZCqIZvzmkSfk3pNtOnsmmhF9gzwN8ehi/FHGFyHc8/gW +qxx0KsCG7FO4Y514pdoa70KqA8QO63YjxTaFBH858yZr5ORlhzElwctgivU= +=cWGf +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/encsig-2-keys-1.gpg b/tests/openpgp/samplemsgs/encsig-2-keys-1.gpg new file mode 100644 index 0000000..38ff6b6 Binary files /dev/null and b/tests/openpgp/samplemsgs/encsig-2-keys-1.gpg differ diff --git a/tests/openpgp/samplemsgs/encsig-2-keys-2.asc b/tests/openpgp/samplemsgs/encsig-2-keys-2.asc new file mode 100644 index 0000000..4eee21d --- /dev/null +++ b/tests/openpgp/samplemsgs/encsig-2-keys-2.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hF4DkYWHjk/NdMASAQdA9op1WNWUj4E0PZ2h33tolomYTag75nRNg8qLo/2xfXcw +QrekSuMoLtkv1KO6/tLIohqYYYdZL5cGadTxlBLyIEj32ISVj7El6DxJrmqKIK3y +hQEMAx13dhm+MQ15AQgAnY6drrcce7MeloBIECLSbFIDjKOloUT4xtqspTg3GM1d +wkXtTJOdEm1yLcNQsb+d8ZdZZfYZhotCyMlZ5QQtvf+0XOieb/FlitUI0twAMsj/ +kwjN9dop+KGLZadFoar5A8TBXUz25PfWmwEzz2qSmIPuoIUzhK90B3eGUG6foGzm +1zEAawfyJ9w7XVAV6pNGJWG2LHSQr2POaMbZs/3iqxQl8p2yb25SlKrg3I35UClZ +0FC9Hidw8bZ8/rZCyX9KYtHIENHzqT5+XEpaXwN4hBqwpVgUn6DcESv2BAR7KCHD +ZwRRNVZtUvrftj05UIxAgnSAdK5GAyhLfWjCsH5Q3tLAPQGFdlgyYU9q+hWrrqwW +1tAvUJQpSW97WyK1Aa9RJOLPNpfU1wzRGzzOuNuuqbL4l9OQktJ81Mihh4IWCXQD +4mN7+nvltCm13bANdujRvZstGGFefRiwkBlEQq9uQMM2SVXA+JAff+AvD5F1Ofq8 +DPVMf/WDsKcoTTdqJahk/zoX4yFHprS50tO2z0Mb9souX14+AN+JJzAGQaGRlXXD +TWeEkUXD18HcVzHfooqLUlYYr5zD2f2gNNVskPYH/iP3FGllvzBeQI1NCznAj+Zr +AdOEXHKOkCJmj2RKnxXeOWTJSczoBlQgIQGd/yP/2TPsGesd4SbqFStYuefEZtw= +=hq0A +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/encsig-2-keys-2.gpg b/tests/openpgp/samplemsgs/encsig-2-keys-2.gpg new file mode 100644 index 0000000..6407387 Binary files /dev/null and b/tests/openpgp/samplemsgs/encsig-2-keys-2.gpg differ diff --git a/tests/openpgp/samplemsgs/encsig-2-keys-3.asc b/tests/openpgp/samplemsgs/encsig-2-keys-3.asc new file mode 100644 index 0000000..f10e92a --- /dev/null +++ b/tests/openpgp/samplemsgs/encsig-2-keys-3.asc @@ -0,0 +1,23 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMAx13dhm+MQ15AQf+KX1A2pYF9HnvwZZU6kmiOKs6NL/d/8Y+kwfiLot5SnQW +S/2JJm0b7ijyxBOoTyXu8UOqyaPa/eIJWeMqNANExkX83S1hoKfzgrBluzZR4sUB +r6bZ5E26pn+gy+r1RvQJnxUWMX41ux+DSc+oqf36cZ5A4R1Ai6cD9jqW7vE0KINo +jn6Od45NHNG16Q7igH9HgJiOXaibHFyiAfV5du0XB0HxpBlBKIBSV/4ewFUzxVy+ +oR4/3F7SkaUtGwcEi+PUEU26KuYz2ltYA9Ex/yTd59YcYbPTiiq+ynGRpOTgB0ti +y7aYzJVOPWGCKn/TFy69QIoJZgcWTrmUJK39wxFNM4ReA5GFh45PzXTAEgEHQKqL +epFBazPDtJvYGye9GW9gHMSjuTFuEm3yuo6kPIggMBRK/vWfTa7emGniukdA/8Bn +hXrpSZUBab19RlT/mDhC8+CBE7MvEQMHsZvwsEWzt9LBAQFgEPLmrwSchnzw5+vN +bcfeBye2n5STluKZ5IrW4XwZAvmp54w2OI/FDzf5dL1r+KCNiZpcmVO6IVVbEIeL +eZj++YAPDS0cf/bPfWbyfvC/MLNM6IFICdkdlKQ30FC801Xv4OuXvgctjIkZBEDR +CkDvkyrIEUtN9jJaAWjP3KopsCsxGtZ/ZPVU2yv8ekPRZ1paUIb370/NhEz9l2kK +GwmqNm9g6/ekJwIF6kZKoEzncX7cpF0diSTHCyB/CsWc1ncWgn/nktZDsd7UicKP +ypHScloUZfXDiQBcKV+0p6BxYib1MJOFrRbJTu+0Xu3KjcbecQ/mymgfDlkVUwXP +QeGaQNUgQzO+iAW1hPH5Qf8eB8n2DlbqsFEWIXG7B3pGCI0eBWPeR/JpuCnIHMTh +50YOwGqNQLjqRnl6hFi8amSIK5jRvRMzRWYO8TSZaYVh7uLh83cKkSV2e7d2pax6 +CqubZsoiaX71x+r3NaPYf+4hzAQUxPDZET2hTR4GOeEGT14t9RhqMPLTS+f9Ij7D +/LbCpm6sc6eSmbKXZF/XAPpkBmnRIpgqJuA0TgNBnU7a0NEQP6nsicOpviH9SFEL +waeu +=6uha +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/encsig-2-keys-3.gpg b/tests/openpgp/samplemsgs/encsig-2-keys-3.gpg new file mode 100644 index 0000000..1449366 Binary files /dev/null and b/tests/openpgp/samplemsgs/encsig-2-keys-3.gpg differ diff --git a/tests/openpgp/samplemsgs/encsig-2-keys-4.asc b/tests/openpgp/samplemsgs/encsig-2-keys-4.asc new file mode 100644 index 0000000..8937f5e --- /dev/null +++ b/tests/openpgp/samplemsgs/encsig-2-keys-4.asc @@ -0,0 +1,23 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hF4DkYWHjk/NdMASAQdAM+CNEu/KZIBKoKmvE96atl4CEdxThqamGsRt9IgeMxcw +Te0hTUQf5LrrK9MhGymBcB2nCCy0bPtqVhA8TdZ6y3CH0QYMObkbSbIcVnGaVmGd +hQEMAx13dhm+MQ15AQf9FcEbvw9ocsmqrteF2Cu6W2ChxrNy6ay0gcDwvd2QfbAE +muM+OcKrvXhgDikOt3gAv4ES+2/ACzsqIZZJGUVWlrkSXYq9Uon+YX1zeK3BfmOK +GvfLqc7p9x0YtrC8KEeMaqpd8z5bRhpF0ZPF4WbvZyiauDAa62FJiH/r4YngGLoY +2hXFNZ2FFHa2EuobUfJUJwfA7VC13IdvqZ76bixrSSjxJjhntiswxYQI+OaXnEg8 +S/UwxR06GT7vOra1O9TGIHYwTcRGQT/3NHcIO3aJMRCHVP2dOLBMkFqkYf44kGeA +e718nBN1UB7cfgv+n2bj7SYGdlEH0bmmpNTavEsDZdLBGQEcNlkdz3CqdqRhXUek +hoWzCKTzOhIkoIhdyZd0stBlYJ54dT+9470JogkVqkNCWjAP1svI6LprOAR5b1sV +m5ar5pCspumNRfMv6oDjXIsjCaux4zJfJV8XO38wmMn30eMPg1CzbKjhqMW+IfXe +Tn8yxDBVGScIKkmaks6AE1v9WtfBSz+zT8sFe1ZFUMRcJ4+vohYmLVZXqkXGFJu7 +F3j8URhctnGb88h33y2+xglaqptso7XpM91OR17e6Vhh4dNAWB/GdKy4VviVY3W+ +fJ+zoimrPTFmPo2Ag+mveTsnTzmGdy4FHDDQCKE6QVcJPfVcfN0+yiPIOx/XacZR +ZnQlI9Z+iYuN5yEchnVK65XZGQkdK+4/5Q/QGq7vLwaOHkMtItplIsretCGHAGEj +XcCeHIY4pVZOd8Of8CSSPvtcaz4+FbZ/cfKXXf1zjdxg5BRkVvBAAtAYqquDUPJn +qcG7tcUD6pQXVDHq+s0j8BofK9BXjjicrTI64RZw2RYntdbRSqd82offshvF4MJm +72hIMbg5ExZsvdUa+IcRw49PoX/fEhKkmElZCI+5fsMG/NJuTfAtNjG5RbdgrYzQ +eR6eIMr6BnY9ZZQRPbuv0te4di55B+HqmTry +=/grx +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/encsig-2-keys-4.gpg b/tests/openpgp/samplemsgs/encsig-2-keys-4.gpg new file mode 100644 index 0000000..46d2037 Binary files /dev/null and b/tests/openpgp/samplemsgs/encsig-2-keys-4.gpg differ diff --git a/tests/openpgp/samplemsgs/encz0-1-key-1.asc b/tests/openpgp/samplemsgs/encz0-1-key-1.asc new file mode 100644 index 0000000..cf534db --- /dev/null +++ b/tests/openpgp/samplemsgs/encz0-1-key-1.asc @@ -0,0 +1,12 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hF4DkYWHjk/NdMASAQdAPo9H2rEUOisFYLfLQu91wGJCSIGs9jFiYwQsKlhsZlMw +itRELU7+unvpPp8bIINqu4X6FP7hDzkZjOlQM/5JS0Z/q2jaWo4av8DCxYCK+yHU +0sATAZtMvHD99HWEAis3GUlFBzf/jxPBmayNElVyifc5eH4d2pRfCqlZPx9gKX69 +OYymTKuUkkmzCgBxVfA7XPdIdqTmDbSjVwQ2LFeB8hQv6PsYFHY1vqs4xVmeotIu +pgG1a40+6f8HC9YDNn2lUzktui/mi/VNqDwV9vOHYklGqpVDd81nHAl1wGkAzgBs +8sYAcQjRAArAPKBaPTCtn6PZF4p4sDcabGImGR8cWwZHb9yxkHIomJRHUVTF1Uz4 +MUANuPQHpJE4eqKHUaE6wyTXyGEqJQ== +=UB/1 +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/encz0-1-key-2.asc b/tests/openpgp/samplemsgs/encz0-1-key-2.asc new file mode 100644 index 0000000..a885f5b --- /dev/null +++ b/tests/openpgp/samplemsgs/encz0-1-key-2.asc @@ -0,0 +1,13 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hQEMAx13dhm+MQ15AQf/WO25gVi//kxCs0RH+BbJ5OWRRkyZ5fD7mYUs6anJ/zRE +SE/SKwNk4KsWi4ajRR7b7txj7HQN8l6RpjUFXDJwd0onkb5JoCcvVIdaSTRR8z3s +5tkI/KTkPhlDPN+E5jCllUnJNSLoUwIIMw5Zgn0gRXxZeR6pUCB00+GmSPpoV+6X +pEk8yuP5gcCFz2uiPmRl6QBezq6QLwlzYS6Kj+m2k2zqgEEgBc31aVnze8FTElbf +Mm2wQ+w50PVaqHKkH7206PMIAd3Jsv2QP4XfgDDRxOe1/s6dHiCOfnhdrx/Fblp2 +VjluZFc/yL2YfofqqEWAxLLzh47aVN6JLr3bhdAVvNJEATedhlr+GTfhfI+KYO9r +rZlP9aDHzvMKkqyX4WDD0O6a+698AnoseFVmrrBIsokdIt1RjLcpycE4BsCQOXHe +EDBJtGo= +=O1Fl +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/sig-1-key-1.asc b/tests/openpgp/samplemsgs/sig-1-key-1.asc new file mode 100644 index 0000000..875cf83 --- /dev/null +++ b/tests/openpgp/samplemsgs/sig-1-key-1.asc @@ -0,0 +1,8 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iHsEABYIACMFAldqTEMcHHBhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldAAKCRAT +lWNoKgINCu0XAQC6VSdsGyTbvFPp5e6BmkmBzPcb5Kex4ar722k0jzhLzgD+Js2q +Y1JIdjfW4GnFhdzqyUbuGTlk1wNY7Re1uNyD6gw= +=c0oW +-----END PGP SIGNATURE----- diff --git a/tests/openpgp/samplemsgs/sig-1-key-1.sig b/tests/openpgp/samplemsgs/sig-1-key-1.sig new file mode 100644 index 0000000..9c823cd Binary files /dev/null and b/tests/openpgp/samplemsgs/sig-1-key-1.sig differ diff --git a/tests/openpgp/samplemsgs/sig-1-key-2.asc b/tests/openpgp/samplemsgs/sig-1-key-2.asc new file mode 100644 index 0000000..f7ae120 --- /dev/null +++ b/tests/openpgp/samplemsgs/sig-1-key-2.asc @@ -0,0 +1,12 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQE0BAABCAAeBQJXaky2FxxzdGV2ZS5iaWtvQGV4YW1wbGUubmV0AAoJEKpD8dzH +/tG3LSUH+gJ++JOZuy5GfHwK+5GEGmeVbex4U9N84tYYAwZOsOpQsh4JxT44IH8S +OG9OViY9xUaUmeSvVsuDR890RiZtKOXO3hCMwUo+HCDFLXgIXxosLlS55G1vfi8X +NPl78Y9NFdtwtAkirpOT0oULJcbZ9NItkPjhoxZ16TlgG3GUE6lZzlZJLFAVCw7u +6twOtPnq1AB4xB49rsIIW1XhCNrajwzBCghhl/PD4uM7ptSpGkZur5uOJ7nLjNEM +Qo1mF+jQ6rjWA4OrvpmtW482yvNWejAS+JMlhNcP63hlBySjX3tFhGm8tWtUauCT +3Ky7iF4dFFmhpIXUBT6mMmci4WdA3gE= +=VdOj +-----END PGP SIGNATURE----- diff --git a/tests/openpgp/samplemsgs/sig-1-key-2.sig b/tests/openpgp/samplemsgs/sig-1-key-2.sig new file mode 100644 index 0000000..a4f5199 Binary files /dev/null and b/tests/openpgp/samplemsgs/sig-1-key-2.sig differ diff --git a/tests/openpgp/samplemsgs/sig-2-keys-1.asc b/tests/openpgp/samplemsgs/sig-2-keys-1.asc new file mode 100644 index 0000000..8c767b2 --- /dev/null +++ b/tests/openpgp/samplemsgs/sig-2-keys-1.asc @@ -0,0 +1,15 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iHsEABYIACMFAldqTMccHHBhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldAAKCRAT +lWNoKgINCgcQAP0f1yNJcHiBvy3nK7SSuzBf1EgSpy/lFlVSjZ1e/7CEKQD/W68C +Zs8iGAyZplpsXKoz/g7LWSU5z/K3lLWwfre7gAGJATQEAAEIAB4FAldqTMcXHHN0 +ZXZlLmJpa29AZXhhbXBsZS5uZXQACgkQqkPx3Mf+0bdg8wf/ff4tEMfqdwk1dXJm +4+iyrNvKyCfv/T5W8BVL16wc8jn+80HJkHK/pSw5Rr6nsEf1P00u5AnothUPfUl2 +Yqvjg4+oQYvutePo1uLq0LA1lyWfQ1PV6I14B/dd9rBYdPjYIJJsPjr/k5N3Qz9M +8RNtDp/rPDVNVHzDbZN77oGE2jokGRfodRo6qnurqU4CnJYinrnzKV4wqrilNKlE +R2CBieb3riDFUH59PH9S9fHuTHBV7q0HlxNJkI6NeoFwtRcS2f8P5B7FK7VCMrUB +R46JExeWhvUlY2ZkKLU98bI3TLnFD0aQHRzKgJj8sWjD+Akzf408EmnOIyyf6MF8 +H7uIHg== +=ErBQ +-----END PGP SIGNATURE----- diff --git a/tests/openpgp/samplemsgs/sig-2-keys-1.sig b/tests/openpgp/samplemsgs/sig-2-keys-1.sig new file mode 100644 index 0000000..541285f Binary files /dev/null and b/tests/openpgp/samplemsgs/sig-2-keys-1.sig differ diff --git a/tests/openpgp/samplemsgs/sig-2-keys-2.asc b/tests/openpgp/samplemsgs/sig-2-keys-2.asc new file mode 100644 index 0000000..16ae64c --- /dev/null +++ b/tests/openpgp/samplemsgs/sig-2-keys-2.asc @@ -0,0 +1,15 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQE0BAABCAAeBQJXakzUFxxzdGV2ZS5iaWtvQGV4YW1wbGUubmV0AAoJEKpD8dzH +/tG3B8EH/247hq+cJ8eR8eXb1mv1Bdj9SwYI4yDs/xCZ7FIkU8vVSRYQpeYz59ie +3WZw8Cj1Sd44tr3+viVK682lWXwpHIAl3xUizP+HTFs23tfyH3er7IhDO/aApZ+V +Wd+0oDJY7E/ztsD3CpU50ptKU9D72CgJT8K1/pwBtivzOiMto/scPwVFNDzGlny8 +FC06j+2FyXFkXCLwvz/Xdk+hJmv8lQRGNxnSIB5bU+0/GLEd9wJUFTV3WSs5enEM +zqtGBh6v395BXnqrDHpOmT+EkWrpBOSo5vkPZrbN4bOC9nKSa9isCvU/+fjHW3Dn +GpHVTH1hCWsKRhQjxuOOq/X21YpvgJ2IewQAFggAIwUCV2pM1BwccGF0cmljZS5s +dW11bWJhQGV4YW1wbGUubmV0AAoJEBOVY2gqAg0KPJMA/0+3s4HPotwYw8K8pug3 +7Mxgd9LNIBi/d0nSpBnZTHySAQDURAoIZp0IZI/PS7Jc9A8M3TgWdm1LUkj+qU9x +3L6RCQ== +=3oWb +-----END PGP SIGNATURE----- diff --git a/tests/openpgp/samplemsgs/sig-2-keys-2.sig b/tests/openpgp/samplemsgs/sig-2-keys-2.sig new file mode 100644 index 0000000..187e22a Binary files /dev/null and b/tests/openpgp/samplemsgs/sig-2-keys-2.sig differ diff --git a/tests/openpgp/samplemsgs/signed-1-key-1.asc b/tests/openpgp/samplemsgs/signed-1-key-1.asc new file mode 100644 index 0000000..d71c74d --- /dev/null +++ b/tests/openpgp/samplemsgs/signed-1-key-1.asc @@ -0,0 +1,15 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +owGbwMvMwMG4yvnjneP/Lm5nPJ2exBCe5XbZI7E8O7UyVb1YwTk/LzmntDgzP8+K +i9OzBCiSl1+ikJpYXKlQkq9QkJMIpDNSFZJz8svzFMozUvMUKvNL1ctSFdKByoAq +ikrzwArKM/JzUrk4kzOLkkuL9bg6GU1YGBg5GORYmUD2icsUl6SWpeolZWbnO6RW +JOYW5KTq5aWWMHBxCsAcl9zJ/od/6lrXa9snvZR9wrpXuEblNq/F3pzYWed8DZd8 +aApUzgkTy1K64+QU7HuL525G4vM3Yibfvq+VLTf/aFx46FSc7I2MpE2vElhvztZ5 +8SQ2ZWe7m5apT9qu7UfXyhrxxfutyt+ot3daXp3hyxuVPzdfKD147N8djoc5634y +6n9Uvfa7Uec030zZjae3VHScMDY1tD7yQjrFNnXptYQXP+RPtD1l+Kn33I87jeHT +SYnUk8r3zD71zahJbfZYwem0c+WbOzs/+qQeKeE/kaL+Y8GHeY9vbkq6eGNKWag+ +Y+Ydhac6bccZHEpXHFBfy3iBJ9OrZub93Oulx4Tnz5U5tZuL31VZOSzlyESvoJeb +/0kDAA== +=T94L +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplemsgs/signed-1-key-1.gpg b/tests/openpgp/samplemsgs/signed-1-key-1.gpg new file mode 100644 index 0000000..8ab90c1 --- /dev/null +++ b/tests/openpgp/samplemsgs/signed-1-key-1.gpg @@ -0,0 +1,6 @@ +?5RkhTG??????????]??S?L??F_1I???A|d??l?d???w??fU?ZT??T#Zm}?????D?[b??????B?>?CD???.??9?;???w???>??KN/yy????????b?????kl +??TT*XJ?(h????R??N?Xp???.x???p?8?X +LB?/?\?-??1S??[i?????{.?-03R??H?!/?@???y.?D?b2?\!?dc????+?I:? +H?B?0????K???p?4??A +???re{??2 )?+??T?g)?g:??Y?YK8IK?arK??R?8;~??r?E?J???8?C?d???dm?h?i?????h8???qq?iT??g?*????iT#????W?L#?WU#?M?Yw???K??%??O??-?Ze? $XB?3p]????p2??k7??b?YzS(}??9????=J9?eTT?jE????94S?m,"??????;b?????{K????o?????M +?z2?2??b!m#??C+9U>????"_u???s??k?'_??????????O????Y?;?|;?v~??9??O??k ?w?>o?????\????}??w??d?K?3???]?????o?/??g=?b?wwN??kU?Fp(??:r!?T??+??_?`?????g??????????v???z????v?-?:??>??|?????GW??_ Date: Wed Jun 22 11:20:35 2016 +0200 tests: Add two more sample keys for OpenPGP. -- Signed-off-by: Werner Koch diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 5c4c370..005ca0d 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -118,8 +118,11 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc \ privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc \ privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc \ - privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc - + privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc \ + privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc \ + privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc \ + privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc \ + privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/ecc-sample-2-pub.asc \ @@ -134,7 +137,9 @@ sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/whats-new-in-2.1.asc \ samplekeys/e2e-p256-1-clr.asc \ samplekeys/e2e-p256-1-prt.asc \ - samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc + samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc \ + samplekeys/rsa-rsa-sample-1.asc \ + samplekeys/ed25519-cv25519-sample-1.asc EXTRA_DIST = defs.inc defs.scm pinentry.sh $(TESTS) $(TEST_FILES) \ mkdemodirs signdemokey $(priv_keys) $(sample_keys) \ diff --git a/tests/openpgp/README b/tests/openpgp/README index 498d5f5..1f8654b 100644 --- a/tests/openpgp/README +++ b/tests/openpgp/README @@ -1,4 +1,4 @@ -Emacs, this is an -*- org -*- file. +# Emacs, this is an -*- org -*- file. * How to run the test suite ** using the legacy driver @@ -158,3 +158,4 @@ exception if the command does not return 0. (call-popen cmdline input) calls a command, writes input to its stdin, and returns any output from stdout, or raises an exception containing stderr on failure. +* Sample messages diff --git a/tests/openpgp/privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc b/tests/openpgp/privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc new file mode 100644 index 0000000..d0b621a --- /dev/null +++ b/tests/openpgp/privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc @@ -0,0 +1,9 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZWNjKDU6Y3VydmU3OkVkMjU1MTkpKDU6ZmxhZ3M1 +OmVkZHNhKSgxOnEzMzpAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhLnTEoBRkp +KDE6ZDMyOnicJkwzhZjYg5Fd8zqmEsZLPdGwe+z+8DU6lq6zj5HcKSkp +=ZStX +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc b/tests/openpgp/privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc new file mode 100644 index 0000000..939e8ab --- /dev/null +++ b/tests/openpgp/privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc @@ -0,0 +1,27 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjI1NzoAqBvNbHXRfWWcek7De5Xpw8bO +d8KibdW2sE6F2ZeqifoTvLTDcv2lIGqqovKQuRV9x5UkUIY0RQ0F6uI0d/o3nBSt +8H8JsUylzCoTeds4UiFgpRA+O+egd8DyE7sABtlmBXHApYa7Vl/I/sASuSKS1VQF +0JzkWSzj+381GZDtSg7t2z+A+n9S0MmrSM4EtPHZ5aelr7CQ65FHhmOkebJqcfX/ +j6gVX1FaZnJGzDkfgWDybaZWU9JXs+KlrJnVm6lO2YXb54TBnE2wW5PVm30dSCab +YoHrivL01NuCadhUI+oiAVfTg41H69dRCelt07x2lrnXXdIX1/Q58h/a4IawxSko +MTplMzoBAAEpKDE6ZDI1Njog6qS8HovBCoLrvf1v9wg5YfWupIlKiWTGu/FgjF6D +uthfhGOa4giRwuEbm/RzkT46NL1SGR0mAilM9zL/5Ro7cR8n7rAWq+PxCLIck6zB +BDEY0QfmkfGtUTX1YBHexXXBDieDIdEP1hyUqUZhQuBObi/fS8E4pt4TMjLTCTo1 +XEqZxqvK11AD6y2GddnCtH8vTgUaALzxNks23nngDEAdaDfJMHobST4Jb9RYVHNN +zsZnLkKRr+GIemOoRXlCvTmTaw+8Vh6vUq8OWB5jryNxmt64FtWAHpLcW0n5OE6S +6OlndqM92Xe9NT12wu75Mn+qTYrVauSPQvVveZMakG/hKSgxOnAxMjk6AMNAbeJx +Bb6BlIWYMYrpAhkuPBgB3HvS0wZQ/n0j8LLEh+BJI8xa9HgDz7LOJPo00w6ERHvb +Q+8VVBP69wxwHFJSfxJsImqUmQYXgoA2n/6GAqfj4oFK/FAsFd350bkaFnZcSxqj +hJai8JQPku0cZqPudfRzThX5XIBbynMBNqIxKSgxOnExMjk6ANxpdW6WqMrWGerg +X1i4MQd9ofyyWaT2XaGrnwMJY1qUqAqPViqZWPpPmya8mVrT9XkajdtPUm0zVzeK +IjEScdvoS/pwkIMmM2+GRCFCo9zrsExeqa1cQpc8GFDZgynZ9/jXWeRiidU1xTMt +gANAiZWOb8Ww6ti9p+t96liUEB7VKSgxOnUxMjk6AK/BZIZC/C6GJyRhEoTBlzmn +nSC5eC6MojPTOQwd5VIkeEq4illBE7DF/5gFw/fufn7s+0vicZx/8yLH1mFYkbwq +DfuoY/Da5lnRFw6fGOj4N0ikS26FApjlh2DS09HtIFuNAhErr5PDPjF1F31XL/1M +50jkxfKPamxMiEs8it0VKSkp +=GHvX +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc b/tests/openpgp/privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc new file mode 100644 index 0000000..86f6acf --- /dev/null +++ b/tests/openpgp/privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc @@ -0,0 +1,27 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjI1NzoA255CUJxFEKLVwEoSgwZqXd94 +AhjGUbMY6NXdFj5cCq0JmWZrbpT/5OblTrymiH1iLmI0ymo+/s8vh6NtB98dhr1s +yH3asNQfXZRfF+u5X5hLDNPF4sUelsl4+EUef0Hbc9U+e+8F8A9TMxELSqQ8Ul3H +u42hc+/ugkc1G/8++Sv/f60TqWcUR2GmuiAvkuS1WmdATMhwPr7vMfssV0X0mboz +32//b/UfuOyctso5FM+bRaKrEJDQ2WDg57yqnaqsKEgajW0jElpAVIn792W6YWKO +k4auYSpO5f7BVs40Z+bxKGxiH87z9fnmlYAsQwPOOxZwWaCSrReeheK6c6emASko +MTplMzoBAAEpKDE6ZDI1NjoYgHaQ5xkEJcvyhmZm/H8/doq9XnrkazZ7O5OimKsi +Jx4BYZ4uGdeBd9/bbKFTwaauMBddrIQstNFuW5BIJt9KGgtvRC3y49JABClRJ45o +mOVpSp3dkp+6s5hDHUsCvZvjN3D02LzxLx8u0lb6fopFp4rSD5dqB48KNTGQAbvK +hqYZ521wmTfYLiy9taVAhqZLHlhfmrHYmdvvKjdNE3tSActlHWXdu119rdHhJ0zJ +Rxx/N845rl+PXXdFHveQxCBhHBQpSUaKpte+ZbT4vrjyNugD6XjDi4HLI9CysUDP +A0IFD+BJWw7NgYY51yamT7nNcMD6bJdgtt1FXbSgh7jVKSgxOnAxMjk6AN7btgbl +HEHrKf77a9ptklDvd2bEkUOwj3bFavB1lpkliW1USoWMx97zjxRPzQOs6EoE7u9Z +JRDO8xA9ZbI0WOk7io5OHpVp1BHyeqebqfxHzN5wsRphu+peg7vYfENVf0lA8LIU +NeUkbfEWDQ+inXxqkgD51gPfrU3PRdCDM8fnKSgxOnExMjk6APxHMsTrjaUoITcI +LqT35wDinFnX1+OgKD00krcUmc+G0ylLMolVxsB4yDVIkY8QfhbaGtFoP45PCnxS +rvHKrTt/6sZJCWXf+3KaN0QSxyfi/mEPj3KbXhmaY6x8R4aB/M7ipLXNdj/308pu +a50YPwIYyX0L0qoRBBo/xQDgOsXXKSgxOnUxMjk6AMzWw92nzShDRzPZwBvb48YY +YzZFiFtJbcZ1n8DaiM7VmzAkRqwmCu6HPP/8IC4d6UkFUUlHyDyxSaKuA45Y+FR1 +Pb2/Y/mQVsBanK4i+1oL4fYGexFO0qjA+8l2+6BEWbKQX60nIcFXD2hAP0aqWDGO +lXrPhpWPRrwDd4j9DEvfKSkp +=1cwG +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc b/tests/openpgp/privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc new file mode 100644 index 0000000..ede9a91 --- /dev/null +++ b/tests/openpgp/privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZWNjKDU6Y3VydmUxMDpDdXJ2ZTI1NTE5KSg1OmZs +YWdzOTpkamItdHdlYWspKDE6cTMzOkAWeeZlz31O4qTmIKr3CZhlRUXZFxc3YKyo +CXyIZBBRaykoMTpkMzI6VN/VGmlcwGBPcLTya2hfU4t37nMcFCKdNSXjJ5DFA0Ap +KSk= +=eVhB +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index 20d9f51..27df615 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -14,3 +14,5 @@ whats-new-in-2.1.asc Collection of sample keys. e2e-p256-1-clr.asc Google End-end-End test key (no protection) e2e-p256-1-prt.asc Ditto, but protected with passphrase "a". E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection) +rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase) +ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase) diff --git a/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc b/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc new file mode 100644 index 0000000..54d2044 --- /dev/null +++ b/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc @@ -0,0 +1,21 @@ +pub ed25519 2016-06-22 [SC] + B21DEAB4F875FB3DA42F1D1D139563682A020D0A + Keygrip = 1E28F20E41B54C2D1234D896096495FF57E08D18 +uid [ unknown] patrice.lumumba at example.net +sub cv25519 2016-06-22 [E] + 8D0221D9B2877A741D69AC4E9185878E4FCD74C0 + Keygrip = EB33B687EB8581AB64D04852A54453E85F3DF62D + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mDMEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL +nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIh5BBMWCAAhBQJXaj1d +AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEBOVY2gqAg0KmQ0BAMUNzAlT +OzG7tolSI92lhePi5VqutdqTEQTyYYWi1aEsAP0YfiuosNggTc0oRTSz46S3i0Qj +AlpXwfU00888yIreDbg4BFdqPY0SCisGAQQBl1UBBQEBB0AWeeZlz31O4qTmIKr3 +CZhlRUXZFxc3YKyoCXyIZBBRawMBCAeIYQQYFggACQUCV2o9jQIbDAAKCRATlWNo +KgINCsuFAP9BplWl813pi779V8OMsRGs/ynyihnOESft/H8qlM8PDQEAqIUPpIty +OX/OBFy2RIlIi7J1bTp9RzcbzQ/4Fk4hWQQ= +=qRfF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/rsa-rsa-sample-1.asc b/tests/openpgp/samplekeys/rsa-rsa-sample-1.asc new file mode 100644 index 0000000..382d4e6 --- /dev/null +++ b/tests/openpgp/samplekeys/rsa-rsa-sample-1.asc @@ -0,0 +1,38 @@ +pub rsa2048 2016-06-22 [SC] + 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 + Keygrip = C6A6390E9388CDBAD71EAEA698233FE5E04F001E +uid [ unknown] steve.biko at example.net +sub rsa2048 2016-06-22 [E] + 4CB4D8C018C57E60EB3847901D777619BE310D79 + Keygrip = D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQENBFdqP+gBCACoG81sddF9ZZx6TsN7lenDxs53wqJt1bawToXZl6qJ+hO8tMNy +/aUgaqqi8pC5FX3HlSRQhjRFDQXq4jR3+jecFK3wfwmxTKXMKhN52zhSIWClED47 +56B3wPITuwAG2WYFccClhrtWX8j+wBK5IpLVVAXQnORZLOP7fzUZkO1KDu3bP4D6 +f1LQyatIzgS08dnlp6WvsJDrkUeGY6R5smpx9f+PqBVfUVpmckbMOR+BYPJtplZT +0lez4qWsmdWbqU7ZhdvnhMGcTbBbk9WbfR1IJptigeuK8vTU24Jp2FQj6iIBV9OD +jUfr11EJ6W3TvHaWuddd0hfX9DnyH9rghrDFABEBAAG0FnN0ZXZlLmJpa29AZXhh +bXBsZS5uZXSJATcEEwEIACEFAldqP+gCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgEC +F4AACgkQqkPx3Mf+0bd5kggAphS7UDycKadfaRH5JENmKXeI+UUd+E0iERwv7eXq +RcgjNK1oHQSXN+ejDEXzZv2fcCRB7rWEvEXL0pCtPveyzDAQJdhZTRVgmfCXTr1m +9pJfVC3B20jgx6ZxZO8jKDL+bqvufWJczWDT0iHP0Jv04SqASLRs2JRPy+a+w3GJ ++DzG8orfAKiIE1Qycovr8Ol+jdo9ZV9blRA8/j4eqZYg4b7AOf8/mDyXsx3xzSPV +uwkDSluhaOrsV8N0suZ51rfdpapv6VJsXlyQbceJwwgSt2A1n2Sw3ZINwpO7BODy +wO6J44751+qY4cmap4NItyqGQTT6TUEL9ANfrZFmPWmFWLkBDQRXaj/oAQgA255C +UJxFEKLVwEoSgwZqXd94AhjGUbMY6NXdFj5cCq0JmWZrbpT/5OblTrymiH1iLmI0 +ymo+/s8vh6NtB98dhr1syH3asNQfXZRfF+u5X5hLDNPF4sUelsl4+EUef0Hbc9U+ +e+8F8A9TMxELSqQ8Ul3Hu42hc+/ugkc1G/8++Sv/f60TqWcUR2GmuiAvkuS1WmdA +TMhwPr7vMfssV0X0mboz32//b/UfuOyctso5FM+bRaKrEJDQ2WDg57yqnaqsKEga +jW0jElpAVIn792W6YWKOk4auYSpO5f7BVs40Z+bxKGxiH87z9fnmlYAsQwPOOxZw +WaCSrReeheK6c6emAQARAQABiQEfBBgBCAAJBQJXaj/oAhsMAAoJEKpD8dzH/tG3 +baoH/0KI3pIUiIYiLESGXqF+s/W2BmGNwdkYldcyFwkXz84VXoG0B3k7nrwT2DOJ +AEeToavzd3J+aZ4PmxBRAMtDhah0wsMXrwCI8y9Stmm6PIssnu9IP9+jgr4IkKIR +UB/Wn6nzgseaNd7vN4JChCyLSvF+vLd3D56Wzq+hBjybaE+zcEusVLdKYDm2i0YC +pkBkmSuC18lLxhNC8oSCCvVOiyw+TqGHhLnrpA4nGi0MLjAR3OgJ5d/TclYgkLcp +yOupg9GplQsAZUFfQPrY80SJuN9ijBp4xtA1U+WCGKh4ySv1+odpRjPX3eOGUFKZ +sJRKpZupoGWfVN78wm1nPLBKTvM= +=6N/A +-----END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------- Summary of changes: tests/openpgp/Makefile.am | 11 ++++-- tests/openpgp/README | 3 +- .../1E28F20E41B54C2D1234D896096495FF57E08D18.asc | 9 +++++ .../C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc | 27 +++++++++++++++ .../D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc | 27 +++++++++++++++ .../EB33B687EB8581AB64D04852A54453E85F3DF62D.asc | 10 ++++++ tests/openpgp/samplekeys/README | 2 ++ .../samplekeys/ed25519-cv25519-sample-1.asc | 21 ++++++++++++ tests/openpgp/samplekeys/rsa-rsa-sample-1.asc | 38 +++++++++++++++++++++ tests/openpgp/samplemsgs/clearsig-1-key-1.asc | 17 +++++++++ tests/openpgp/samplemsgs/clearsig-2-keys-1.asc | 20 +++++++++++ tests/openpgp/samplemsgs/clearsig-2-keys-2.asc | 20 +++++++++++ tests/openpgp/samplemsgs/enc-1-key-1.asc | 9 +++++ tests/openpgp/samplemsgs/enc-1-key-1.gpg | Bin 0 -> 207 bytes tests/openpgp/samplemsgs/enc-1-key-2.asc | 16 +++++++++ tests/openpgp/samplemsgs/enc-1-key-2.gpg | Bin 0 -> 486 bytes tests/openpgp/samplemsgs/enc-2-keys-1.asc | 17 +++++++++ tests/openpgp/samplemsgs/enc-2-keys-1.gpg | Bin 0 -> 602 bytes tests/openpgp/samplemsgs/enc-2-keys-2.asc | 16 +++++++++ tests/openpgp/samplemsgs/enc-2-keys-2.gpg | Bin 0 -> 546 bytes tests/openpgp/samplemsgs/encsig-2-2-keys-3.asc | 35 +++++++++++++++++++ tests/openpgp/samplemsgs/encsig-2-2-keys-3.gpg | Bin 0 -> 937 bytes tests/openpgp/samplemsgs/encsig-2-2-keys-4.asc | 33 ++++++++++++++++++ tests/openpgp/samplemsgs/encsig-2-2-keys-4.gpg | Bin 0 -> 1016 bytes tests/openpgp/samplemsgs/encsig-2-keys-1.asc | 18 ++++++++++ tests/openpgp/samplemsgs/encsig-2-keys-1.gpg | Bin 0 -> 659 bytes tests/openpgp/samplemsgs/encsig-2-keys-2.asc | 18 ++++++++++ tests/openpgp/samplemsgs/encsig-2-keys-2.gpg | Bin 0 -> 635 bytes tests/openpgp/samplemsgs/encsig-2-keys-3.asc | 23 +++++++++++++ tests/openpgp/samplemsgs/encsig-2-keys-3.gpg | Bin 0 -> 812 bytes tests/openpgp/samplemsgs/encsig-2-keys-4.asc | 23 +++++++++++++ tests/openpgp/samplemsgs/encsig-2-keys-4.gpg | Bin 0 -> 877 bytes tests/openpgp/samplemsgs/encz0-1-key-1.asc | 12 +++++++ tests/openpgp/samplemsgs/encz0-1-key-2.asc | 13 +++++++ tests/openpgp/samplemsgs/sig-1-key-1.asc | 8 +++++ tests/openpgp/samplemsgs/sig-1-key-1.sig | Bin 0 -> 125 bytes tests/openpgp/samplemsgs/sig-1-key-2.asc | 12 +++++++ tests/openpgp/samplemsgs/sig-1-key-2.sig | Bin 0 -> 311 bytes tests/openpgp/samplemsgs/sig-2-keys-1.asc | 15 ++++++++ tests/openpgp/samplemsgs/sig-2-keys-1.sig | Bin 0 -> 436 bytes tests/openpgp/samplemsgs/sig-2-keys-2.asc | 15 ++++++++ tests/openpgp/samplemsgs/sig-2-keys-2.sig | Bin 0 -> 436 bytes tests/openpgp/samplemsgs/signed-1-key-1.asc | 15 ++++++++ tests/openpgp/samplemsgs/signed-1-key-1.gpg | 6 ++++ tests/openpgp/samplemsgs/signed-1-key-2.asc | 12 +++++++ tests/openpgp/samplemsgs/signed-1-key-2.gpg | Bin 0 -> 226 bytes tests/openpgp/samplemsgs/signed-2-keys-1.asc | 17 +++++++++ tests/openpgp/samplemsgs/signed-2-keys-1.gpg | Bin 0 -> 998 bytes tests/openpgp/samplemsgs/signed-2-keys-2.asc | 24 +++++++++++++ tests/openpgp/samplemsgs/signed-2-keys-2.gpg | Bin 0 -> 549 bytes tests/openpgp/samplemsgs/signed-data-1.txt | 7 ++++ 51 files changed, 565 insertions(+), 4 deletions(-) create mode 100644 tests/openpgp/privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc create mode 100644 tests/openpgp/privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc create mode 100644 tests/openpgp/privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc create mode 100644 tests/openpgp/privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc create mode 100644 tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc create mode 100644 tests/openpgp/samplekeys/rsa-rsa-sample-1.asc create mode 100644 tests/openpgp/samplemsgs/clearsig-1-key-1.asc create mode 100644 tests/openpgp/samplemsgs/clearsig-2-keys-1.asc create mode 100644 tests/openpgp/samplemsgs/clearsig-2-keys-2.asc create mode 100644 tests/openpgp/samplemsgs/enc-1-key-1.asc create mode 100644 tests/openpgp/samplemsgs/enc-1-key-1.gpg create mode 100644 tests/openpgp/samplemsgs/enc-1-key-2.asc create mode 100644 tests/openpgp/samplemsgs/enc-1-key-2.gpg create mode 100644 tests/openpgp/samplemsgs/enc-2-keys-1.asc create mode 100644 tests/openpgp/samplemsgs/enc-2-keys-1.gpg create mode 100644 tests/openpgp/samplemsgs/enc-2-keys-2.asc create mode 100644 tests/openpgp/samplemsgs/enc-2-keys-2.gpg create mode 100644 tests/openpgp/samplemsgs/encsig-2-2-keys-3.asc create mode 100644 tests/openpgp/samplemsgs/encsig-2-2-keys-3.gpg create mode 100644 tests/openpgp/samplemsgs/encsig-2-2-keys-4.asc create mode 100644 tests/openpgp/samplemsgs/encsig-2-2-keys-4.gpg create mode 100644 tests/openpgp/samplemsgs/encsig-2-keys-1.asc create mode 100644 tests/openpgp/samplemsgs/encsig-2-keys-1.gpg create mode 100644 tests/openpgp/samplemsgs/encsig-2-keys-2.asc create mode 100644 tests/openpgp/samplemsgs/encsig-2-keys-2.gpg create mode 100644 tests/openpgp/samplemsgs/encsig-2-keys-3.asc create mode 100644 tests/openpgp/samplemsgs/encsig-2-keys-3.gpg create mode 100644 tests/openpgp/samplemsgs/encsig-2-keys-4.asc create mode 100644 tests/openpgp/samplemsgs/encsig-2-keys-4.gpg create mode 100644 tests/openpgp/samplemsgs/encz0-1-key-1.asc create mode 100644 tests/openpgp/samplemsgs/encz0-1-key-2.asc create mode 100644 tests/openpgp/samplemsgs/sig-1-key-1.asc create mode 100644 tests/openpgp/samplemsgs/sig-1-key-1.sig create mode 100644 tests/openpgp/samplemsgs/sig-1-key-2.asc create mode 100644 tests/openpgp/samplemsgs/sig-1-key-2.sig create mode 100644 tests/openpgp/samplemsgs/sig-2-keys-1.asc create mode 100644 tests/openpgp/samplemsgs/sig-2-keys-1.sig create mode 100644 tests/openpgp/samplemsgs/sig-2-keys-2.asc create mode 100644 tests/openpgp/samplemsgs/sig-2-keys-2.sig create mode 100644 tests/openpgp/samplemsgs/signed-1-key-1.asc create mode 100644 tests/openpgp/samplemsgs/signed-1-key-1.gpg create mode 100644 tests/openpgp/samplemsgs/signed-1-key-2.asc create mode 100644 tests/openpgp/samplemsgs/signed-1-key-2.gpg create mode 100644 tests/openpgp/samplemsgs/signed-2-keys-1.asc create mode 100644 tests/openpgp/samplemsgs/signed-2-keys-1.gpg create mode 100644 tests/openpgp/samplemsgs/signed-2-keys-2.asc create mode 100644 tests/openpgp/samplemsgs/signed-2-keys-2.gpg create mode 100644 tests/openpgp/samplemsgs/signed-data-1.txt hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 23 05:14:59 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 23 Jun 2016 05:14:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-35-g6f5ff1c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6f5ff1cfe449cf1f4cb7287bc57570eb794216b2 (commit) from da63f15d983d7141326067f782188f851c60ec86 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6f5ff1cfe449cf1f4cb7287bc57570eb794216b2 Author: NIIBE Yutaka Date: Thu Jun 23 12:12:43 2016 +0900 g10: Fix regression of card-edit/fetch. * g10/card-util.c (fetch_url): Call keyserver_fetch instead of keyserver_import_fprint. -- Signed-off-by: NIIBE Yutaka diff --git a/g10/card-util.c b/g10/card-util.c index be1a593..2cb44f9 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -733,28 +733,18 @@ fetch_url (ctrl_t ctrl) log_error("error retrieving URL from card: %s\n",gpg_strerror(rc)); else { - struct keyserver_spec *spec=NULL; - rc=agent_scd_getattr("KEY-FPR",&info); if(rc) log_error("error retrieving key fingerprint from card: %s\n", gpg_strerror(rc)); else if (info.pubkey_url && *info.pubkey_url) - { - spec = parse_keyserver_uri (info.pubkey_url, 1); - if(spec && info.fpr1valid) - { - /* This is not perfectly right. Currently, all card - fingerprints are 20 digits, but what about - fingerprints for a future v5 key? We should get the - length from somewhere lower in the code. In any - event, the fpr/keyid is not meaningful for straight - HTTP fetches, but using it allows the card to point - to HKP and LDAP servers as well. */ - rc = keyserver_import_fprint (ctrl, info.fpr1, 20, spec); - free_keyserver_spec(spec); - } - } + { + strlist_t sl = NULL; + + add_to_strlist (&sl, info.pubkey_url); + rc = keyserver_fetch (ctrl, sl); + free_strlist (sl); + } else if (info.fpr1valid) { rc = keyserver_import_fprint (ctrl, info.fpr1, 20, opt.keyserver); ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 23 09:40:17 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Jun 2016 09:40:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-38-ge430ff6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e430ff6ad0b7dcfcebd92b825dd5168205447ff3 (commit) via 3694579bc4eef27ed53e1845bf03be38c299ce76 (commit) via 679aadb03ed272491ddf7f341a547dceb72b0a55 (commit) from 6f5ff1cfe449cf1f4cb7287bc57570eb794216b2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e430ff6ad0b7dcfcebd92b825dd5168205447ff3 Author: Werner Koch Date: Thu Jun 23 09:21:45 2016 +0200 common: Change license of b64dec.c and b64enc.c to LGPLv2.1+ -- The code as solely been written by employees of g10 Code. Signed-off-by: Werner Koch diff --git a/common/b64dec.c b/common/b64dec.c index e4128b3..9e8fb78 100644 --- a/common/b64dec.c +++ b/common/b64dec.c @@ -1,29 +1,20 @@ /* b64dec.c - Simple Base64 decoder. * Copyright (C) 2008, 2011 Free Software Foundation, Inc. + * Copyright (C) 2008, 2011, 2016 g10 Code GmbH * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License + * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . */ diff --git a/common/b64enc.c b/common/b64enc.c index 9101d98..af861fc 100644 --- a/common/b64enc.c +++ b/common/b64enc.c @@ -1,30 +1,22 @@ /* b64enc.c - Simple Base64 encoder. * Copyright (C) 2001, 2003, 2004, 2008, 2010, * 2011 Free Software Foundation, Inc. + * Copyright (C) 2001, 2003, 2004, 2008, 2010, + * 2011 g10 Code GmbH * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License + * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . */ commit 3694579bc4eef27ed53e1845bf03be38c299ce76 Author: Werner Koch Date: Thu Jun 23 09:20:24 2016 +0200 common: Add PGP armor decoding to b64dec. * common/b64dec.c (decoder_states): Add new states. (b64dec_proc): Handle PGP armored format. -- Signed-off-by: Werner Koch diff --git a/common/b64dec.c b/common/b64dec.c index 3e02e4a..e4128b3 100644 --- a/common/b64dec.c +++ b/common/b64dec.c @@ -61,7 +61,7 @@ static unsigned char const asctobin[128] = enum decoder_states { - s_init, s_idle, s_lfseen, s_begin, + s_init, s_idle, s_lfseen, s_beginseen, s_waitheader, s_waitblank, s_begin, s_b64_0, s_b64_1, s_b64_2, s_b64_3, s_waitendtitle, s_waitend }; @@ -71,26 +71,18 @@ enum decoder_states /* Initialize the context for the base64 decoder. If TITLE is NULL a plain base64 decoding is done. If it is the empty string the decoder will skip everything until a "-----BEGIN " line has been - seen, decoding ends at a "----END " line. - - Not yet implemented: If TITLE is either "PGP" or begins with "PGP " - the PGP armor lines are skipped as well. */ + seen, decoding ends at a "----END " line. */ gpg_error_t b64dec_start (struct b64state *state, const char *title) { memset (state, 0, sizeof *state); if (title) { - if (!strncmp (title, "PGP", 3) && (!title[3] || title[3] == ' ')) - state->lasterr = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + state->title = xtrystrdup (title); + if (!state->title) + state->lasterr = gpg_error_from_syserror (); else - { - state->title = xtrystrdup (title); - if (!state->title) - state->lasterr = gpg_error_from_syserror (); - else - state->idx = s_init; - } + state->idx = s_init; } else state->idx = s_b64_0; @@ -123,6 +115,7 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length, for (s=d=buffer; length && !state->stop_seen; length--, s++) { + again: switch (ds) { case s_idle: @@ -136,12 +129,42 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length, ds = s_lfseen; case s_lfseen: if (*s != "-----BEGIN "[pos]) - ds = s_idle; + { + ds = s_idle; + goto again; + } else if (pos == 10) - ds = s_begin; + { + pos = 0; + ds = s_beginseen; + } else pos++; break; + case s_beginseen: + if (*s != "PGP "[pos]) + ds = s_begin; /* Not a PGP armor. */ + else if (pos == 3) + ds = s_waitheader; + else + pos++; + break; + case s_waitheader: + if (*s == '\n') + ds = s_waitblank; + break; + case s_waitblank: + if (*s == '\n') + ds = s_b64_0; /* blank line found. */ + else if (*s == ' ' || *s == '\r' || *s == '\t') + ; /* Ignore spaces. */ + else + { + /* Armor header line. Note that we don't care that our + * FSM accepts a header prefixed with spaces. */ + ds = s_waitheader; /* Wait for next header. */ + } + break; case s_begin: if (*s == '\n') ds = s_b64_0; commit 679aadb03ed272491ddf7f341a547dceb72b0a55 Author: Werner Koch Date: Wed Jun 22 18:40:35 2016 +0200 tests: Add four more sample messages for the two new keys to the repo. -- These are uncompressed signed messages diff --git a/tests/openpgp/samplemsgs/signedz0-1-key-1.gpg b/tests/openpgp/samplemsgs/signedz0-1-key-1.gpg new file mode 100644 index 0000000..400bcba Binary files /dev/null and b/tests/openpgp/samplemsgs/signedz0-1-key-1.gpg differ diff --git a/tests/openpgp/samplemsgs/signedz0-1-key-2.gpg b/tests/openpgp/samplemsgs/signedz0-1-key-2.gpg new file mode 100644 index 0000000..55f3637 Binary files /dev/null and b/tests/openpgp/samplemsgs/signedz0-1-key-2.gpg differ diff --git a/tests/openpgp/samplemsgs/signedz0-2-keys-1.gpg b/tests/openpgp/samplemsgs/signedz0-2-keys-1.gpg new file mode 100644 index 0000000..84f2fd2 Binary files /dev/null and b/tests/openpgp/samplemsgs/signedz0-2-keys-1.gpg differ diff --git a/tests/openpgp/samplemsgs/signedz0-2-keys-2.gpg b/tests/openpgp/samplemsgs/signedz0-2-keys-2.gpg new file mode 100644 index 0000000..7e142b9 Binary files /dev/null and b/tests/openpgp/samplemsgs/signedz0-2-keys-2.gpg differ ----------------------------------------------------------------------- Summary of changes: common/b64dec.c | 74 +++++++++++++++---------- common/b64enc.c | 20 ++----- tests/openpgp/samplemsgs/signedz0-1-key-1.gpg | Bin 0 -> 382 bytes tests/openpgp/samplemsgs/signedz0-1-key-2.gpg | Bin 0 -> 220 bytes tests/openpgp/samplemsgs/signedz0-2-keys-1.gpg | Bin 0 -> 571 bytes tests/openpgp/samplemsgs/signedz0-2-keys-2.gpg | Bin 0 -> 585 bytes 6 files changed, 50 insertions(+), 44 deletions(-) create mode 100644 tests/openpgp/samplemsgs/signedz0-1-key-1.gpg create mode 100644 tests/openpgp/samplemsgs/signedz0-1-key-2.gpg create mode 100644 tests/openpgp/samplemsgs/signedz0-2-keys-1.gpg create mode 100644 tests/openpgp/samplemsgs/signedz0-2-keys-2.gpg hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 23 10:17:06 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Jun 2016 10:17:06 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-183-gcf37a57 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via cf37a57d28c43ec36277e84ca44458b7287b940b (commit) via f8b8027ae63c957557ed6bdc7e5a30ef1bdd8e77 (commit) via bb8cf6236582fc9eb6564046599989af52779a26 (commit) from 5905e8bbd809c1408edad4fa4eb0527fa51cbea3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cf37a57d28c43ec36277e84ca44458b7287b940b Author: Werner Koch Date: Thu Jun 23 10:14:57 2016 +0200 core: Add closer inspection of "PGP MESSAGE". * src/data-identify.c (inspect_pgp_message): New. (basic_detection): Un-const arg DATA. Call inspect_pgp_message. Signed-off-by: Werner Koch diff --git a/src/data-identify.c b/src/data-identify.c index ae31117..1cfccd7 100644 --- a/src/data-identify.c +++ b/src/data-identify.c @@ -271,12 +271,36 @@ pgp_binary_detection (const void *image_arg, size_t imagelen) } +/* This is probably an armored "PGP MESSAGE" which can encode + * different PGP data types. STRING is modified after a call to this + * fucntion. */ +static gpgme_data_type_t +inspect_pgp_message (char *string) +{ + struct b64state state; + size_t nbytes; + + if (_gpgme_b64dec_start (&state, "")) + return GPGME_DATA_TYPE_INVALID; /* oops */ + + if (_gpgme_b64dec_proc (&state, string, strlen (string), &nbytes)) + { + _gpgme_b64dec_finish (&state); + return GPGME_DATA_TYPE_UNKNOWN; /* bad encoding etc. */ + } + _gpgme_b64dec_finish (&state); + string[nbytes] = 0; /* Better append a Nul. */ + + return pgp_binary_detection (string, nbytes); +} + + /* Note that DATA may be binary but a final nul is required so that string operations will find a terminator. Returns: GPGME_DATA_TYPE_xxxx */ static gpgme_data_type_t -basic_detection (const char *data, size_t datalen) +basic_detection (char *data, size_t datalen) { tlvinfo_t ti; const char *s; @@ -430,7 +454,8 @@ basic_detection (const char *data, size_t datalen) return GPGME_DATA_TYPE_PGP_KEY; if (!strncmp (s+15, "ARMORED FILE", 12)) return GPGME_DATA_TYPE_UNKNOWN; - return GPGME_DATA_TYPE_PGP_OTHER; /* PGP MESSAGE */ + + return inspect_pgp_message (data); } if (!strncmp (s+11, "CERTIFICATE", 11)) return GPGME_DATA_TYPE_X509_CERT; commit f8b8027ae63c957557ed6bdc7e5a30ef1bdd8e77 Author: Werner Koch Date: Thu Jun 23 09:48:54 2016 +0200 core: Add a base 64 decoder. * src/b64dec.c: New. Taken from gnupg. Prefix function names with _gpgme_ and change to use standard C malloc functions. * src/util.h.h (struct b64state): New. * src/Makefile.am (main_sources): Add file. -- The file b64dec.c has been taken from gnupg commit e430ff6ad0b7dcfcebd92b825dd5168205447ff3 Signed-off-by: Werner Koch diff --git a/src/Makefile.am b/src/Makefile.am index 951fc00..6691540 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -74,7 +74,7 @@ endif # right linking order with libtool, as the non-installed version has # unresolved symbols to the thread module. main_sources = \ - util.h conversion.c get-env.c context.h ops.h \ + util.h conversion.c b64dec.c get-env.c context.h ops.h \ parsetlv.c parsetlv.h \ data.h data.c data-fd.c data-stream.c data-mem.c data-user.c \ data-compat.c data-identify.c \ diff --git a/src/b64dec.c b/src/b64dec.c new file mode 100644 index 0000000..7965a30 --- /dev/null +++ b/src/b64dec.c @@ -0,0 +1,251 @@ +/* b64dec.c - Simple Base64 decoder. + * Copyright (C) 2008, 2011 Free Software Foundation, Inc. + * Copyright (C) 2008, 2011, 2016 g10 Code GmbH + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include + +#include "gpgme.h" +#include "util.h" + + +/* The reverse base-64 list used for base-64 decoding. */ +static unsigned char const asctobin[128] = + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, + 0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, + 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, + 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, + 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, + 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, + 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff + }; + +enum decoder_states + { + s_init, s_idle, s_lfseen, s_beginseen, s_waitheader, s_waitblank, s_begin, + s_b64_0, s_b64_1, s_b64_2, s_b64_3, + s_waitendtitle, s_waitend + }; + + + +/* Initialize the context for the base64 decoder. If TITLE is NULL a + plain base64 decoding is done. If it is the empty string the + decoder will skip everything until a "-----BEGIN " line has been + seen, decoding ends at a "----END " line. */ +gpg_error_t +_gpgme_b64dec_start (struct b64state *state, const char *title) +{ + memset (state, 0, sizeof *state); + if (title) + { + state->title = strdup (title); + if (!state->title) + state->lasterr = gpg_error_from_syserror (); + else + state->idx = s_init; + } + else + state->idx = s_b64_0; + return state->lasterr; +} + + +/* Do in-place decoding of base-64 data of LENGTH in BUFFER. Stores the + new length of the buffer at R_NBYTES. */ +gpg_error_t +_gpgme_b64dec_proc (struct b64state *state, void *buffer, size_t length, + size_t *r_nbytes) +{ + enum decoder_states ds = state->idx; + unsigned char val = state->radbuf[0]; + int pos = state->quad_count; + char *d, *s; + + if (state->lasterr) + return state->lasterr; + + if (state->stop_seen) + { + *r_nbytes = 0; + state->lasterr = gpg_error (GPG_ERR_EOF); + free (state->title); + state->title = NULL; + return state->lasterr; + } + + for (s=d=buffer; length && !state->stop_seen; length--, s++) + { + again: + switch (ds) + { + case s_idle: + if (*s == '\n') + { + ds = s_lfseen; + pos = 0; + } + break; + case s_init: + ds = s_lfseen; + case s_lfseen: + if (*s != "-----BEGIN "[pos]) + { + ds = s_idle; + goto again; + } + else if (pos == 10) + { + pos = 0; + ds = s_beginseen; + } + else + pos++; + break; + case s_beginseen: + if (*s != "PGP "[pos]) + ds = s_begin; /* Not a PGP armor. */ + else if (pos == 3) + ds = s_waitheader; + else + pos++; + break; + case s_waitheader: + if (*s == '\n') + ds = s_waitblank; + break; + case s_waitblank: + if (*s == '\n') + ds = s_b64_0; /* blank line found. */ + else if (*s == ' ' || *s == '\r' || *s == '\t') + ; /* Ignore spaces. */ + else + { + /* Armor header line. Note that we don't care that our + * FSM accepts a header prefixed with spaces. */ + ds = s_waitheader; /* Wait for next header. */ + } + break; + case s_begin: + if (*s == '\n') + ds = s_b64_0; + break; + case s_b64_0: + case s_b64_1: + case s_b64_2: + case s_b64_3: + { + int c; + + if (*s == '-' && state->title) + { + /* Not a valid Base64 character: assume end + header. */ + ds = s_waitend; + } + else if (*s == '=') + { + /* Pad character: stop */ + if (ds == s_b64_1) + *d++ = val; + ds = state->title? s_waitendtitle : s_waitend; + } + else if (*s == '\n' || *s == ' ' || *s == '\r' || *s == '\t') + ; /* Skip white spaces. */ + else if ( (*s & 0x80) + || (c = asctobin[*(unsigned char *)s]) == 255) + { + /* Skip invalid encodings. */ + state->invalid_encoding = 1; + } + else if (ds == s_b64_0) + { + val = c << 2; + ds = s_b64_1; + } + else if (ds == s_b64_1) + { + val |= (c>>4)&3; + *d++ = val; + val = (c<<4)&0xf0; + ds = s_b64_2; + } + else if (ds == s_b64_2) + { + val |= (c>>2)&15; + *d++ = val; + val = (c<<6)&0xc0; + ds = s_b64_3; + } + else + { + val |= c&0x3f; + *d++ = val; + ds = s_b64_0; + } + } + break; + case s_waitendtitle: + if (*s == '-') + ds = s_waitend; + break; + case s_waitend: + if ( *s == '\n') + state->stop_seen = 1; + break; + default: + assert (!"invalid state"); + } + } + + + state->idx = ds; + state->radbuf[0] = val; + state->quad_count = pos; + *r_nbytes = (d -(char*) buffer); + return 0; +} + + +/* This function needs to be called before releasing the decoder + state. It may return an error code in case an encoding error has + been found during decoding. */ +gpg_error_t +_gpgme_b64dec_finish (struct b64state *state) +{ + if (state->lasterr) + return state->lasterr; + + free (state->title); + state->title = NULL; + return state->invalid_encoding? gpg_error(GPG_ERR_BAD_DATA): 0; +} diff --git a/src/util.h b/src/util.h index 9c62f57..5a0f790 100644 --- a/src/util.h +++ b/src/util.h @@ -147,6 +147,26 @@ gpgme_error_t _gpgme_map_gnupg_error (char *err); int _gpgme_map_pk_algo (int algo, gpgme_protocol_t protocol); +/*-- b64dec.c --*/ + +struct b64state +{ + int idx; + int quad_count; + char *title; + unsigned char radbuf[4]; + int stop_seen:1; + int invalid_encoding:1; + gpg_error_t lasterr; +}; + +gpg_error_t _gpgme_b64dec_start (struct b64state *state, const char *title); +gpg_error_t _gpgme_b64dec_proc (struct b64state *state, + void *buffer, size_t length, size_t *r_nbytes); +gpg_error_t _gpgme_b64dec_finish (struct b64state *state); + + + /* Retrieve the environment variable NAME and return a copy of it in a malloc()'ed buffer in *VALUE. If the environment variable is not set, return NULL in *VALUE. */ commit bb8cf6236582fc9eb6564046599989af52779a26 Author: Werner Koch Date: Wed Jun 22 18:43:26 2016 +0200 core: Detect compressed signed OpenPGP data. * src/data-identify.c (next_openpgp_packet): Allow partial encoding. (pgp_binary_detection): Handle compressed packets. -- Signed-off-by: Werner Koch diff --git a/src/data-identify.c b/src/data-identify.c index f7107e0..ae31117 100644 --- a/src/data-identify.c +++ b/src/data-identify.c @@ -1,5 +1,5 @@ /* data-identify.c - Try to identify the data - Copyright (C) 2013 g10 Code GmbH + Copyright (C) 2013, 2016 g10 Code GmbH This file is part of GPGME. @@ -122,9 +122,11 @@ next_openpgp_packet (unsigned char const **bufptr, size_t *buflen, pktlen = buf32_to_ulong (buf); buf += 4; len -= 4; - } - else /* Partial length encoding is not allowed for key packets. */ - return gpg_error (GPG_ERR_UNEXPECTED); + } + else /* Partial length encoding. */ + { + pktlen = 0; + } } else /* Old style CTB. */ { @@ -133,8 +135,6 @@ next_openpgp_packet (unsigned char const **bufptr, size_t *buflen, pktlen = 0; pkttype = (ctb>>2)&0xf; lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3)); - if (!lenbytes) /* Not allowed in key packets. */ - return gpg_error (GPG_ERR_UNEXPECTED); if (len < lenbytes) return gpg_error (GPG_ERR_INV_PACKET); /* Not enough length bytes. */ for (; lenbytes; lenbytes--) @@ -213,6 +213,10 @@ pgp_binary_detection (const void *image_arg, size_t imagelen) else if (err) break; + /* Skip all leading marker packets. */ + if (!anypacket && pkttype == PKT_MARKER) + continue; + if (pkttype == PKT_SIGNATURE) { if (!anypacket) @@ -220,7 +224,6 @@ pgp_binary_detection (const void *image_arg, size_t imagelen) } else allsignatures = 0; - anypacket = 1; switch (pkttype) { @@ -247,12 +250,18 @@ pgp_binary_detection (const void *image_arg, size_t imagelen) case PKT_SYMKEY_ENC: return GPGME_DATA_TYPE_PGP_ENCRYPTED; - case PKT_MARKER: - break; /* Skip this packet. */ + case PKT_COMPRESSED: + /* If this is the first packet we assume that that a signed + * packet follows. We do not want to uncompress it here due + * to the need of a lot of code and the potentail DoS. */ + if (!anypacket) + return GPGME_DATA_TYPE_PGP_SIGNED; + return GPGME_DATA_TYPE_PGP_OTHER; default: return GPGME_DATA_TYPE_PGP_OTHER; } + anypacket = 1; } if (allsignatures) ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 2 +- src/b64dec.c | 251 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/data-identify.c | 56 +++++++++--- src/util.h | 20 +++++ 4 files changed, 317 insertions(+), 12 deletions(-) create mode 100644 src/b64dec.c hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 23 13:20:32 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Jun 2016 13:20:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-41-g3ead21d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3ead21da80da4570e77036cc05303914c9b1f364 (commit) via d74d23d860c1e5039bd595c31c846782c5cb8025 (commit) via b841a883a2a66807aa427e65d49067584bedfbe2 (commit) from e430ff6ad0b7dcfcebd92b825dd5168205447ff3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3ead21da80da4570e77036cc05303914c9b1f364 Author: Werner Koch Date: Thu Jun 23 13:17:25 2016 +0200 common: Add dedicated private key functions to name-value.c. * common/name-value.c (struct name_value_container): Add field 'private_key_mode'. (my_error): New. Use instead of gpg_error. (nvc_new_private_key): New. (nve_release): Add arg 'private_key_mode'. (nvc_release): Call nve_release with private_key_mode flag. (nvc_delete): Ditto. (_nvc_add): Do no special case "Key:" in non-private_key_mode. (nvc_get_private_key): Return error in non-private_key_mode. (nvc_set_private_key): Ditto. (nvc_parse): Factor all code out to ... (do_nvc_parse): new. Add arg 'for_private_key'. (nvc_parse_private_key): New. * agent/findkey.c (write_extended_private_key): Replace nvc_parse by nvc_parse_private_key. (read_key_file): Ditto. * common/t-name-value.c (private_key_mode): New variable. (my_nvc_new): New. Replace all callers. (test_key_extraction): Take mode in account. (run_tests): Ditto. (run_modification_tests): Ditto. (parse): Ditto. (main): Add option --parse and rename --parse to --parse-key. -- Signed-off-by: Werner Koch diff --git a/agent/findkey.c b/agent/findkey.c index dc7099c..c5ab0e9 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -62,7 +62,7 @@ write_extended_private_key (char *fname, estream_t fp, int remove = 0; int line; - err = nvc_parse (&pk, &line, fp); + err = nvc_parse_private_key (&pk, &line, fp); if (err) { log_error ("error parsing '%s' line %d: %s\n", @@ -690,7 +690,7 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) nvc_t pk; int line; - rc = nvc_parse (&pk, &line, fp); + rc = nvc_parse_private_key (&pk, &line, fp); es_fclose (fp); if (rc) diff --git a/common/name-value.c b/common/name-value.c index e297f1a..0b32a44 100644 --- a/common/name-value.c +++ b/common/name-value.c @@ -47,6 +47,7 @@ struct name_value_container { struct name_value_entry *first; struct name_value_entry *last; + unsigned int private_key_mode:1; }; @@ -75,6 +76,13 @@ my_error_from_syserror (void) } +static inline gpg_error_t +my_error (gpg_err_code_t ec) +{ + return gpg_err_make (default_errsource, ec); +} + + /* Allocation and deallocation. */ @@ -87,17 +95,31 @@ nvc_new (void) } +/* Allocate a private key container structure for use with private keys. */ +nvc_t +nvc_new_private_key (void) +{ + nvc_t nvc = nvc_new (); + if (nvc) + nvc->private_key_mode = 1; + return nvc; +} + + static void -nve_release (nve_t entry) +nve_release (nve_t entry, int private_key_mode) { if (entry == NULL) return; xfree (entry->name); - if (entry->value) + if (entry->value && private_key_mode) wipememory (entry->value, strlen (entry->value)); xfree (entry->value); - free_strlist_wipe (entry->raw_value); + if (private_key_mode) + free_strlist_wipe (entry->raw_value); + else + free_strlist (entry->raw_value); xfree (entry); } @@ -114,7 +136,7 @@ nvc_release (nvc_t pk) for (e = pk->first; e; e = next) { next = e->next; - nve_release (e); + nve_release (e, pk->private_key_mode); } xfree (pk); @@ -336,13 +358,16 @@ _nvc_add (nvc_t pk, char *name, char *value, strlist_t raw_value, if (name && ! valid_name (name)) { - err = gpg_error (GPG_ERR_INV_NAME); + err = my_error (GPG_ERR_INV_NAME); goto leave; } - if (name && ascii_strcasecmp (name, "Key:") == 0 && nvc_lookup (pk, "Key:")) + if (name + && pk->private_key_mode + && !ascii_strcasecmp (name, "Key:") + && nvc_lookup (pk, "Key:")) { - err = gpg_error (GPG_ERR_INV_NAME); + err = my_error (GPG_ERR_INV_NAME); goto leave; } @@ -486,7 +511,7 @@ nvc_delete (nvc_t pk, nve_t entry) else pk->last = entry->prev; - nve_release (entry); + nve_release (entry, pk->private_key_mode); } @@ -549,9 +574,9 @@ nvc_get_private_key (nvc_t pk, gcry_sexp_t *retsexp) gpg_error_t err; nve_t e; - e = nvc_lookup (pk, "Key:"); + e = pk->private_key_mode? nvc_lookup (pk, "Key:") : NULL; if (e == NULL) - return gpg_error (GPG_ERR_MISSING_KEY); + return my_error (GPG_ERR_MISSING_KEY); err = assert_value (e); if (err) @@ -569,6 +594,9 @@ nvc_set_private_key (nvc_t pk, gcry_sexp_t sexp) char *raw, *clean, *p; size_t len, i; + if (!pk->private_key_mode) + return my_error (GPG_ERR_MISSING_KEY); + len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0); raw = xtrymalloc (len); @@ -620,11 +648,9 @@ nvc_set_private_key (nvc_t pk, gcry_sexp_t sexp) /* Parsing and serialization. */ -/* Parse STREAM and return a newly allocated private key container - structure in RESULT. If ERRLINEP is given, the line number the - parser was last considering is stored there. */ -gpg_error_t -nvc_parse (nvc_t *result, int *errlinep, estream_t stream) +static gpg_error_t +do_nvc_parse (nvc_t *result, int *errlinep, estream_t stream, + int for_private_key) { gpg_error_t err = 0; gpgrt_ssize_t len; @@ -633,8 +659,7 @@ nvc_parse (nvc_t *result, int *errlinep, estream_t stream) char *name = NULL; strlist_t raw_value = NULL; - - *result = nvc_new (); + *result = for_private_key? nvc_new_private_key () : nvc_new (); if (*result == NULL) return my_error_from_syserror (); @@ -680,7 +705,7 @@ nvc_parse (nvc_t *result, int *errlinep, estream_t stream) colon = strchr (buf, ':'); if (colon == NULL) { - err = gpg_error (GPG_ERR_INV_VALUE); + err = my_error (GPG_ERR_INV_VALUE); goto leave; } @@ -727,6 +752,27 @@ nvc_parse (nvc_t *result, int *errlinep, estream_t stream) } +/* Parse STREAM and return a newly allocated name value container + structure in RESULT. If ERRLINEP is given, the line number the + parser was last considering is stored there. */ +gpg_error_t +nvc_parse (nvc_t *result, int *errlinep, estream_t stream) +{ + return do_nvc_parse (result, errlinep, stream, 0); +} + + +/* Parse STREAM and return a newly allocated name value container + structure in RESULT - assuming the extended private key format. If + ERRLINEP is given, the line number the parser was last considering + is stored there. */ +gpg_error_t +nvc_parse_private_key (nvc_t *result, int *errlinep, estream_t stream) +{ + return do_nvc_parse (result, errlinep, stream, 1); +} + + /* Write a representation of PK to STREAM. */ gpg_error_t nvc_write (nvc_t pk, estream_t stream) diff --git a/common/name-value.h b/common/name-value.h index 21a5293..f5f17e6 100644 --- a/common/name-value.h +++ b/common/name-value.h @@ -40,10 +40,14 @@ typedef struct name_value_entry *nve_t; /* Memory management, and dealing with entries. */ -/* Allocate a private key container structure. */ +/* Allocate a name value container structure. */ nvc_t nvc_new (void); -/* Release a private key container structure. */ +/* Allocate a name value container structure for use with the extended + * private key format. */ +nvc_t nvc_new_private_key (void); + +/* Release a name value container structure. */ void nvc_release (nvc_t pk); /* Get the name. */ @@ -103,6 +107,13 @@ gpg_error_t nvc_set_private_key (nvc_t pk, gcry_sexp_t sexp); parser was last considering is stored there. */ gpg_error_t nvc_parse (nvc_t *result, int *errlinep, estream_t stream); +/* Parse STREAM and return a newly allocated name value container + structure in RESULT - assuming the extended private key format. If + ERRLINEP is given, the line number the parser was last considering + is stored there. */ +gpg_error_t nvc_parse_private_key (nvc_t *result, int *errlinep, + estream_t stream); + /* Write a representation of PK to STREAM. */ gpg_error_t nvc_write (nvc_t pk, estream_t stream); diff --git a/common/t-name-value.c b/common/t-name-value.c index 810c85c..fc9303b 100644 --- a/common/t-name-value.c +++ b/common/t-name-value.c @@ -29,6 +29,18 @@ #include "name-value.h" static int verbose; +static int private_key_mode; + + +static nvc_t +my_nvc_new (void) +{ + if (private_key_mode) + return nvc_new_private_key (); + else + return nvc_new (); +} + void test_getting_values (nvc_t pk) @@ -55,14 +67,22 @@ test_key_extraction (nvc_t pk) gpg_error_t err; gcry_sexp_t key; - err = nvc_get_private_key (pk, &key); - assert (err == 0); - assert (key); + if (private_key_mode) + { + err = nvc_get_private_key (pk, &key); + assert (err == 0); + assert (key); - if (verbose) - gcry_sexp_dump (key); + if (verbose) + gcry_sexp_dump (key); - gcry_sexp_release (key); + gcry_sexp_release (key); + } + else + { + err = nvc_get_private_key (pk, &key); + assert (gpg_err_code (err) == GPG_ERR_MISSING_KEY); + } } @@ -240,7 +260,10 @@ run_tests (void) 0, dummy_realloc, dummy_free, "r"); assert (source); - err = nvc_parse (&pk, NULL, source); + if (private_key_mode) + err = nvc_parse_private_key (&pk, NULL, source); + else + err = nvc_parse (&pk, NULL, source); assert (err == 0); assert (pk); @@ -272,7 +295,7 @@ run_modification_tests (void) gcry_sexp_t key; char *buf; - pk = nvc_new (); + pk = my_nvc_new (); assert (pk); nvc_set (pk, "Foo:", "Bar"); @@ -354,20 +377,29 @@ run_modification_tests (void) xfree (buf); nvc_release (pk); - pk = nvc_new (); + pk = my_nvc_new (); assert (pk); err = gcry_sexp_build (&key, NULL, "(hello world)"); assert (err == 0); assert (key); - err = nvc_set_private_key (pk, key); - gcry_sexp_release (key); - assert (err == 0); - buf = nvc_to_string (pk); - assert (strcmp (buf, "Key: (hello world)\n") == 0); - xfree (buf); - nvc_release (pk); + if (private_key_mode) + { + err = nvc_set_private_key (pk, key); + gcry_sexp_release (key); + assert (err == 0); + + buf = nvc_to_string (pk); + assert (strcmp (buf, "Key: (hello world)\n") == 0); + xfree (buf); + nvc_release (pk); + } + else + { + err = nvc_set_private_key (pk, key); + assert (gpg_err_code (err) == GPG_ERR_MISSING_KEY); + } } @@ -403,7 +435,7 @@ convert (const char *fname) exit (1); } - pk = nvc_new (); + pk = my_nvc_new (); assert (pk); err = nvc_set_private_key (pk, key); @@ -437,7 +469,10 @@ parse (const char *fname) exit (1); } - err = nvc_parse (&pk_a, &line, source); + if (private_key_mode) + err = nvc_parse_private_key (&pk_a, &line, source); + else + err = nvc_parse (&pk_a, &line, source); if (err) { fprintf (stderr, "failed to parse %s line %d: %s\n", @@ -448,14 +483,14 @@ parse (const char *fname) buf = nvc_to_string (pk_a); xfree (buf); - pk_b = nvc_new (); + pk_b = my_nvc_new (); assert (pk_b); for (e = nvc_first (pk_a); e; e = nve_next (e)) { gcry_sexp_t key = NULL; - if (strcasecmp (nve_name (e), "Key:") == 0) + if (private_key_mode && !strcasecmp (nve_name (e), "Key:")) { err = nvc_get_private_key (pk_a, &key); if (err) @@ -487,7 +522,8 @@ print_usage (void) fprintf (stderr, "usage: t-private-keys [--verbose]" " [--convert " - " || --parse ]\n"); + " || --parse-key " + " || --parse ]\n"); exit (2); } @@ -495,7 +531,7 @@ print_usage (void) int main (int argc, char **argv) { - enum { TEST, CONVERT, PARSE } command = TEST; + enum { TEST, CONVERT, PARSE, PARSEKEY } command = TEST; if (argc) { argc--; argv++; } @@ -513,6 +549,14 @@ main (int argc, char **argv) print_usage (); } + if (argc && !strcmp (argv[0], "--parse-key")) + { + command = PARSEKEY; + argc--; argv++; + if (argc != 1) + print_usage (); + } + if (argc && !strcmp (argv[0], "--parse")) { command = PARSE; @@ -526,12 +570,20 @@ main (int argc, char **argv) case TEST: run_tests (); run_modification_tests (); + private_key_mode = 1; + run_tests (); + run_modification_tests (); break; case CONVERT: convert (*argv); break; + case PARSEKEY: + private_key_mode = 1; + parse (*argv); + break; + case PARSE: parse (*argv); break; commit d74d23d860c1e5039bd595c31c846782c5cb8025 Author: Werner Koch Date: Thu Jun 23 12:12:50 2016 +0200 common: Rename external symbols in name-value.c. * common/name-value.c, common/name-value.h: Rename symbol prefixes from "pkc_" to "nvc_" and from "pke_" to "nve_". Change all callers. Signed-off-by: Werner Koch diff --git a/agent/findkey.c b/agent/findkey.c index b221510..dc7099c 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -57,12 +57,12 @@ write_extended_private_key (char *fname, estream_t fp, const void *buf, size_t len) { gpg_error_t err; - pkc_t pk = NULL; + nvc_t pk = NULL; gcry_sexp_t key = NULL; int remove = 0; int line; - err = pkc_parse (&pk, &line, fp); + err = nvc_parse (&pk, &line, fp); if (err) { log_error ("error parsing '%s' line %d: %s\n", @@ -74,7 +74,7 @@ write_extended_private_key (char *fname, estream_t fp, if (err) goto leave; - err = pkc_set_private_key (pk, key); + err = nvc_set_private_key (pk, key); if (err) goto leave; @@ -82,7 +82,7 @@ write_extended_private_key (char *fname, estream_t fp, if (err) goto leave; - err = pkc_write (pk, fp); + err = nvc_write (pk, fp); if (err) { log_error ("error writing '%s': %s\n", fname, gpg_strerror (err)); @@ -117,7 +117,7 @@ write_extended_private_key (char *fname, estream_t fp, gnupg_remove (fname); xfree (fname); gcry_sexp_release (key); - pkc_release (pk); + nvc_release (pk); return err; } @@ -687,10 +687,10 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) if (first != '(') { /* Key is in extended format. */ - pkc_t pk; + nvc_t pk; int line; - rc = pkc_parse (&pk, &line, fp); + rc = nvc_parse (&pk, &line, fp); es_fclose (fp); if (rc) @@ -698,8 +698,8 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) fname, line, gpg_strerror (rc)); else { - rc = pkc_get_private_key (pk, result); - pkc_release (pk); + rc = nvc_get_private_key (pk, result); + nvc_release (pk); if (rc) log_error ("error getting private key from '%s': %s\n", fname, gpg_strerror (rc)); diff --git a/common/name-value.c b/common/name-value.c index 601ddd4..e297f1a 100644 --- a/common/name-value.c +++ b/common/name-value.c @@ -43,17 +43,17 @@ #include "util.h" #include "name-value.h" -struct private_key_container +struct name_value_container { - struct private_key_entry *first; - struct private_key_entry *last; + struct name_value_entry *first; + struct name_value_entry *last; }; -struct private_key_entry +struct name_value_entry { - struct private_key_entry *prev; - struct private_key_entry *next; + struct name_value_entry *prev; + struct name_value_entry *next; /* The name. Comments and blank lines have NAME set to NULL. */ char *name; @@ -80,15 +80,15 @@ my_error_from_syserror (void) /* Allocation and deallocation. */ /* Allocate a private key container structure. */ -pkc_t -pkc_new (void) +nvc_t +nvc_new (void) { - return xtrycalloc (1, sizeof (struct private_key_container)); + return xtrycalloc (1, sizeof (struct name_value_container)); } static void -pke_release (pke_t entry) +nve_release (nve_t entry) { if (entry == NULL) return; @@ -104,9 +104,9 @@ pke_release (pke_t entry) /* Release a private key container structure. */ void -pkc_release (pkc_t pk) +nvc_release (nvc_t pk) { - pke_t e, next; + nve_t e, next; if (pk == NULL) return; @@ -114,7 +114,7 @@ pkc_release (pkc_t pk) for (e = pk->first; e; e = next) { next = e->next; - pke_release (e); + nve_release (e); } xfree (pk); @@ -145,7 +145,7 @@ valid_name (const char *name) /* Makes sure that ENTRY has a RAW_VALUE. */ static gpg_error_t -assert_raw_value (pke_t entry) +assert_raw_value (nve_t entry) { gpg_error_t err = 0; size_t len, offset; @@ -261,7 +261,7 @@ continuation_length (const char *s, int *swallow_ws, const char **start) /* Makes sure that ENTRY has a VALUE. */ static gpg_error_t -assert_value (pke_t entry) +assert_value (nve_t entry) { size_t len; int swallow_ws; @@ -302,7 +302,7 @@ assert_value (pke_t entry) /* Get the name. */ char * -pke_name (pke_t pke) +nve_name (nve_t pke) { return pke->name; } @@ -310,7 +310,7 @@ pke_name (pke_t pke) /* Get the value. */ char * -pke_value (pke_t pke) +nve_value (nve_t pke) { if (assert_value (pke)) return NULL; @@ -326,11 +326,11 @@ pke_value (pke_t pke) given. If PRESERVE_ORDER is not given, entries with the same name are grouped. NAME, VALUE and RAW_VALUE is consumed. */ static gpg_error_t -_pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value, +_nvc_add (nvc_t pk, char *name, char *value, strlist_t raw_value, int preserve_order) { gpg_error_t err = 0; - pke_t e; + nve_t e; assert (value || raw_value); @@ -340,7 +340,7 @@ _pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value, goto leave; } - if (name && ascii_strcasecmp (name, "Key:") == 0 && pkc_lookup (pk, "Key:")) + if (name && ascii_strcasecmp (name, "Key:") == 0 && nvc_lookup (pk, "Key:")) { err = gpg_error (GPG_ERR_INV_NAME); goto leave; @@ -359,21 +359,21 @@ _pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value, if (pk->first) { - pke_t last; + nve_t last; if (preserve_order || name == NULL) last = pk->last; else { /* See if there is already an entry with NAME. */ - last = pkc_lookup (pk, name); + last = nvc_lookup (pk, name); /* If so, find the last in that block. */ if (last) { while (last->next) { - pke_t next = last->next; + nve_t next = last->next; if (next->name && ascii_strcasecmp (next->name, name) == 0) last = next; @@ -419,7 +419,7 @@ _pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value, /* Add (NAME, VALUE) to PK. If an entry with NAME already exists, it is not updated but the new entry is appended. */ gpg_error_t -pkc_add (pkc_t pk, const char *name, const char *value) +nvc_add (nvc_t pk, const char *name, const char *value) { char *k, *v; @@ -434,7 +434,7 @@ pkc_add (pkc_t pk, const char *name, const char *value) return my_error_from_syserror (); } - return _pkc_add (pk, k, v, NULL, 0); + return _nvc_add (pk, k, v, NULL, 0); } @@ -442,14 +442,14 @@ pkc_add (pkc_t pk, const char *name, const char *value) is updated with VALUE. If multiple entries with NAME exist, the first entry is updated. */ gpg_error_t -pkc_set (pkc_t pk, const char *name, const char *value) +nvc_set (nvc_t pk, const char *name, const char *value) { - pke_t e; + nve_t e; if (! valid_name (name)) return GPG_ERR_INV_NAME; - e = pkc_lookup (pk, name); + e = nvc_lookup (pk, name); if (e) { char *v; @@ -468,13 +468,13 @@ pkc_set (pkc_t pk, const char *name, const char *value) return 0; } else - return pkc_add (pk, name, value); + return nvc_add (pk, name, value); } /* Delete the given entry from PK. */ void -pkc_delete (pkc_t pk, pke_t entry) +nvc_delete (nvc_t pk, nve_t entry) { if (entry->prev) entry->prev->next = entry->next; @@ -486,7 +486,7 @@ pkc_delete (pkc_t pk, pke_t entry) else pk->last = entry->prev; - pke_release (entry); + nve_release (entry); } @@ -494,10 +494,10 @@ pkc_delete (pkc_t pk, pke_t entry) /* Lookup and iteration. */ /* Get the first non-comment entry. */ -pke_t -pkc_first (pkc_t pk) +nve_t +nvc_first (nvc_t pk) { - pke_t entry; + nve_t entry; for (entry = pk->first; entry; entry = entry->next) if (entry->name) return entry; @@ -506,10 +506,10 @@ pkc_first (pkc_t pk) /* Get the first entry with the given name. */ -pke_t -pkc_lookup (pkc_t pk, const char *name) +nve_t +nvc_lookup (nvc_t pk, const char *name) { - pke_t entry; + nve_t entry; for (entry = pk->first; entry; entry = entry->next) if (entry->name && ascii_strcasecmp (entry->name, name) == 0) return entry; @@ -518,8 +518,8 @@ pkc_lookup (pkc_t pk, const char *name) /* Get the next non-comment entry. */ -pke_t -pke_next (pke_t entry) +nve_t +nve_next (nve_t entry) { for (entry = entry->next; entry; entry = entry->next) if (entry->name) @@ -529,8 +529,8 @@ pke_next (pke_t entry) /* Get the next entry with the given name. */ -pke_t -pke_next_value (pke_t entry, const char *name) +nve_t +nve_next_value (nve_t entry, const char *name) { for (entry = entry->next; entry; entry = entry->next) if (entry->name && ascii_strcasecmp (entry->name, name) == 0) @@ -544,12 +544,12 @@ pke_next_value (pke_t entry, const char *name) /* Get the private key. */ gpg_error_t -pkc_get_private_key (pkc_t pk, gcry_sexp_t *retsexp) +nvc_get_private_key (nvc_t pk, gcry_sexp_t *retsexp) { gpg_error_t err; - pke_t e; + nve_t e; - e = pkc_lookup (pk, "Key:"); + e = nvc_lookup (pk, "Key:"); if (e == NULL) return gpg_error (GPG_ERR_MISSING_KEY); @@ -563,7 +563,7 @@ pkc_get_private_key (pkc_t pk, gcry_sexp_t *retsexp) /* Set the private key. */ gpg_error_t -pkc_set_private_key (pkc_t pk, gcry_sexp_t sexp) +nvc_set_private_key (nvc_t pk, gcry_sexp_t sexp) { gpg_error_t err; char *raw, *clean, *p; @@ -610,7 +610,7 @@ pkc_set_private_key (pkc_t pk, gcry_sexp_t sexp) } *p = 0; - err = pkc_set (pk, "Key:", clean); + err = nvc_set (pk, "Key:", clean); xfree (raw); xfree (clean); return err; @@ -624,7 +624,7 @@ pkc_set_private_key (pkc_t pk, gcry_sexp_t sexp) structure in RESULT. If ERRLINEP is given, the line number the parser was last considering is stored there. */ gpg_error_t -pkc_parse (pkc_t *result, int *errlinep, estream_t stream) +nvc_parse (nvc_t *result, int *errlinep, estream_t stream) { gpg_error_t err = 0; gpgrt_ssize_t len; @@ -634,7 +634,7 @@ pkc_parse (pkc_t *result, int *errlinep, estream_t stream) strlist_t raw_value = NULL; - *result = pkc_new (); + *result = nvc_new (); if (*result == NULL) return my_error_from_syserror (); @@ -664,7 +664,7 @@ pkc_parse (pkc_t *result, int *errlinep, estream_t stream) /* No continuation. Add the current entry if any. */ if (raw_value) { - err = _pkc_add (*result, name, NULL, raw_value, 1); + err = _nvc_add (*result, name, NULL, raw_value, 1); if (err) goto leave; } @@ -713,13 +713,13 @@ pkc_parse (pkc_t *result, int *errlinep, estream_t stream) /* Add the final entry. */ if (raw_value) - err = _pkc_add (*result, name, NULL, raw_value, 1); + err = _nvc_add (*result, name, NULL, raw_value, 1); leave: gpgrt_free (buf); if (err) { - pkc_release (*result); + nvc_release (*result); *result = NULL; } @@ -729,10 +729,10 @@ pkc_parse (pkc_t *result, int *errlinep, estream_t stream) /* Write a representation of PK to STREAM. */ gpg_error_t -pkc_write (pkc_t pk, estream_t stream) +nvc_write (nvc_t pk, estream_t stream) { gpg_error_t err; - pke_t entry; + nve_t entry; strlist_t s; for (entry = pk->first; entry; entry = entry->next) diff --git a/common/name-value.h b/common/name-value.h index 0a8694a..21a5293 100644 --- a/common/name-value.h +++ b/common/name-value.h @@ -30,43 +30,43 @@ #ifndef GNUPG_COMMON_NAME_VALUE_H #define GNUPG_COMMON_NAME_VALUE_H -struct private_key_container; -typedef struct private_key_container *pkc_t; +struct name_value_container; +typedef struct name_value_container *nvc_t; -struct private_key_entry; -typedef struct private_key_entry *pke_t; +struct name_value_entry; +typedef struct name_value_entry *nve_t; /* Memory management, and dealing with entries. */ /* Allocate a private key container structure. */ -pkc_t pkc_new (void); +nvc_t nvc_new (void); /* Release a private key container structure. */ -void pkc_release (pkc_t pk); +void nvc_release (nvc_t pk); /* Get the name. */ -char *pke_name (pke_t pke); +char *nve_name (nve_t pke); /* Get the value. */ -char *pke_value (pke_t pke); +char *nve_value (nve_t pke); /* Lookup and iteration. */ /* Get the first non-comment entry. */ -pke_t pkc_first (pkc_t pk); +nve_t nvc_first (nvc_t pk); /* Get the first entry with the given name. */ -pke_t pkc_lookup (pkc_t pk, const char *name); +nve_t nvc_lookup (nvc_t pk, const char *name); /* Get the next non-comment entry. */ -pke_t pke_next (pke_t entry); +nve_t nve_next (nve_t entry); /* Get the next entry with the given name. */ -pke_t pke_next_value (pke_t entry, const char *name); +nve_t nve_next_value (nve_t entry, const char *name); @@ -74,25 +74,25 @@ pke_t pke_next_value (pke_t entry, const char *name); /* Add (NAME, VALUE) to PK. If an entry with NAME already exists, it is not updated but the new entry is appended. */ -gpg_error_t pkc_add (pkc_t pk, const char *name, const char *value); +gpg_error_t nvc_add (nvc_t pk, const char *name, const char *value); /* Add (NAME, VALUE) to PK. If an entry with NAME already exists, it is updated with VALUE. If multiple entries with NAME exist, the first entry is updated. */ -gpg_error_t pkc_set (pkc_t pk, const char *name, const char *value); +gpg_error_t nvc_set (nvc_t pk, const char *name, const char *value); /* Delete the given entry from PK. */ -void pkc_delete (pkc_t pk, pke_t pke); +void nvc_delete (nvc_t pk, nve_t pke); /* Private key handling. */ /* Get the private key. */ -gpg_error_t pkc_get_private_key (pkc_t pk, gcry_sexp_t *retsexp); +gpg_error_t nvc_get_private_key (nvc_t pk, gcry_sexp_t *retsexp); /* Set the private key. */ -gpg_error_t pkc_set_private_key (pkc_t pk, gcry_sexp_t sexp); +gpg_error_t nvc_set_private_key (nvc_t pk, gcry_sexp_t sexp); @@ -101,9 +101,9 @@ gpg_error_t pkc_set_private_key (pkc_t pk, gcry_sexp_t sexp); /* Parse STREAM and return a newly allocated private key container structure in RESULT. If ERRLINEP is given, the line number the parser was last considering is stored there. */ -gpg_error_t pkc_parse (pkc_t *result, int *errlinep, estream_t stream); +gpg_error_t nvc_parse (nvc_t *result, int *errlinep, estream_t stream); /* Write a representation of PK to STREAM. */ -gpg_error_t pkc_write (pkc_t pk, estream_t stream); +gpg_error_t nvc_write (nvc_t pk, estream_t stream); #endif /* GNUPG_COMMON_NAME_VALUE_H */ diff --git a/common/t-name-value.c b/common/t-name-value.c index d6cef35..810c85c 100644 --- a/common/t-name-value.c +++ b/common/t-name-value.c @@ -31,31 +31,31 @@ static int verbose; void -test_getting_values (pkc_t pk) +test_getting_values (nvc_t pk) { - pke_t e; + nve_t e; - e = pkc_lookup (pk, "Comment:"); + e = nvc_lookup (pk, "Comment:"); assert (e); /* Names are case-insensitive. */ - e = pkc_lookup (pk, "comment:"); + e = nvc_lookup (pk, "comment:"); assert (e); - e = pkc_lookup (pk, "COMMENT:"); + e = nvc_lookup (pk, "COMMENT:"); assert (e); - e = pkc_lookup (pk, "SomeOtherName:"); + e = nvc_lookup (pk, "SomeOtherName:"); assert (e); } void -test_key_extraction (pkc_t pk) +test_key_extraction (nvc_t pk) { gpg_error_t err; gcry_sexp_t key; - err = pkc_get_private_key (pk, &key); + err = nvc_get_private_key (pk, &key); assert (err == 0); assert (key); @@ -67,41 +67,41 @@ test_key_extraction (pkc_t pk) void -test_iteration (pkc_t pk) +test_iteration (nvc_t pk) { int i; - pke_t e; + nve_t e; i = 0; - for (e = pkc_first (pk); e; e = pke_next (e)) + for (e = nvc_first (pk); e; e = nve_next (e)) i++; assert (i == 4); i = 0; - for (e = pkc_lookup (pk, "Comment:"); + for (e = nvc_lookup (pk, "Comment:"); e; - e = pke_next_value (e, "Comment:")) + e = nve_next_value (e, "Comment:")) i++; assert (i == 3); } void -test_whitespace (pkc_t pk) +test_whitespace (nvc_t pk) { - pke_t e; + nve_t e; - e = pkc_lookup (pk, "One:"); + e = nvc_lookup (pk, "One:"); assert (e); - assert (strcmp (pke_value (e), "WithoutWhitespace") == 0); + assert (strcmp (nve_value (e), "WithoutWhitespace") == 0); - e = pkc_lookup (pk, "Two:"); + e = nvc_lookup (pk, "Two:"); assert (e); - assert (strcmp (pke_value (e), "With Whitespace") == 0); + assert (strcmp (nve_value (e), "With Whitespace") == 0); - e = pkc_lookup (pk, "Three:"); + e = nvc_lookup (pk, "Three:"); assert (e); - assert (strcmp (pke_value (e), + assert (strcmp (nve_value (e), "Blank lines in continuations encode newlines.\n" "Next paragraph.") == 0); } @@ -110,7 +110,7 @@ test_whitespace (pkc_t pk) struct { char *value; - void (*test_func) (pkc_t); + void (*test_func) (nvc_t); } tests[] = { { @@ -193,7 +193,7 @@ struct static char * -pkc_to_string (pkc_t pk) +nvc_to_string (nvc_t pk) { gpg_error_t err; char *buf; @@ -203,7 +203,7 @@ pkc_to_string (pkc_t pk) sink = es_fopenmem (0, "rw"); assert (sink); - err = pkc_write (pk, sink); + err = nvc_write (pk, sink); assert (err == 0); len = es_ftell (sink); @@ -226,7 +226,7 @@ void run_tests (void) { gpg_error_t err; - pkc_t pk; + nvc_t pk; int i; for (i = 0; i < DIM (tests); i++) @@ -240,17 +240,17 @@ run_tests (void) 0, dummy_realloc, dummy_free, "r"); assert (source); - err = pkc_parse (&pk, NULL, source); + err = nvc_parse (&pk, NULL, source); assert (err == 0); assert (pk); if (verbose) { - err = pkc_write (pk, es_stderr); + err = nvc_write (pk, es_stderr); assert (err == 0); } - buf = pkc_to_string (pk); + buf = nvc_to_string (pk); assert (memcmp (tests[i].value, buf, len) == 0); es_fclose (source); @@ -259,7 +259,7 @@ run_tests (void) if (tests[i].test_func) tests[i].test_func (pk); - pkc_release (pk); + nvc_release (pk); } } @@ -268,106 +268,106 @@ void run_modification_tests (void) { gpg_error_t err; - pkc_t pk; + nvc_t pk; gcry_sexp_t key; char *buf; - pk = pkc_new (); + pk = nvc_new (); assert (pk); - pkc_set (pk, "Foo:", "Bar"); - buf = pkc_to_string (pk); + nvc_set (pk, "Foo:", "Bar"); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: Bar\n") == 0); xfree (buf); - pkc_set (pk, "Foo:", "Baz"); - buf = pkc_to_string (pk); + nvc_set (pk, "Foo:", "Baz"); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: Baz\n") == 0); xfree (buf); - pkc_set (pk, "Bar:", "Bazzel"); - buf = pkc_to_string (pk); + nvc_set (pk, "Bar:", "Bazzel"); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: Baz\nBar: Bazzel\n") == 0); xfree (buf); - pkc_add (pk, "Foo:", "Bar"); - buf = pkc_to_string (pk); + nvc_add (pk, "Foo:", "Bar"); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: Baz\nFoo: Bar\nBar: Bazzel\n") == 0); xfree (buf); - pkc_add (pk, "DontExistYet:", "Bar"); - buf = pkc_to_string (pk); + nvc_add (pk, "DontExistYet:", "Bar"); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: Baz\nFoo: Bar\nBar: Bazzel\nDontExistYet: Bar\n") == 0); xfree (buf); - pkc_delete (pk, pkc_lookup (pk, "DontExistYet:")); - buf = pkc_to_string (pk); + nvc_delete (pk, nvc_lookup (pk, "DontExistYet:")); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: Baz\nFoo: Bar\nBar: Bazzel\n") == 0); xfree (buf); - pkc_delete (pk, pke_next_value (pkc_lookup (pk, "Foo:"), "Foo:")); - buf = pkc_to_string (pk); + nvc_delete (pk, nve_next_value (nvc_lookup (pk, "Foo:"), "Foo:")); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: Baz\nBar: Bazzel\n") == 0); xfree (buf); - pkc_delete (pk, pkc_lookup (pk, "Foo:")); - buf = pkc_to_string (pk); + nvc_delete (pk, nvc_lookup (pk, "Foo:")); + buf = nvc_to_string (pk); assert (strcmp (buf, "Bar: Bazzel\n") == 0); xfree (buf); - pkc_delete (pk, pkc_first (pk)); - buf = pkc_to_string (pk); + nvc_delete (pk, nvc_first (pk)); + buf = nvc_to_string (pk); assert (strcmp (buf, "") == 0); xfree (buf); - pkc_set (pk, "Foo:", "A really long value spanning across multiple lines" + nvc_set (pk, "Foo:", "A really long value spanning across multiple lines" " that has to be wrapped at a convenient space."); - buf = pkc_to_string (pk); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: A really long value spanning across multiple" " lines that has to be\n wrapped at a convenient space.\n") == 0); xfree (buf); - pkc_set (pk, "Foo:", "XA really long value spanning across multiple lines" + nvc_set (pk, "Foo:", "XA really long value spanning across multiple lines" " that has to be wrapped at a convenient space."); - buf = pkc_to_string (pk); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: XA really long value spanning across multiple" " lines that has to\n be wrapped at a convenient space.\n") == 0); xfree (buf); - pkc_set (pk, "Foo:", "XXXXA really long value spanning across multiple lines" + nvc_set (pk, "Foo:", "XXXXA really long value spanning across multiple lines" " that has to be wrapped at a convenient space."); - buf = pkc_to_string (pk); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: XXXXA really long value spanning across multiple" " lines that has\n to be wrapped at a convenient space.\n") == 0); xfree (buf); - pkc_set (pk, "Foo:", "Areallylongvaluespanningacrossmultiplelines" + nvc_set (pk, "Foo:", "Areallylongvaluespanningacrossmultiplelines" "thathastobewrappedataconvenientspacethatisnotthere."); - buf = pkc_to_string (pk); + buf = nvc_to_string (pk); assert (strcmp (buf, "Foo: Areallylongvaluespanningacrossmultiplelinesthat" "hastobewrappedataco\n nvenientspacethatisnotthere.\n") == 0); xfree (buf); - pkc_release (pk); + nvc_release (pk); - pk = pkc_new (); + pk = nvc_new (); assert (pk); err = gcry_sexp_build (&key, NULL, "(hello world)"); assert (err == 0); assert (key); - err = pkc_set_private_key (pk, key); + err = nvc_set_private_key (pk, key); gcry_sexp_release (key); assert (err == 0); - buf = pkc_to_string (pk); + buf = nvc_to_string (pk); assert (strcmp (buf, "Key: (hello world)\n") == 0); xfree (buf); - pkc_release (pk); + nvc_release (pk); } @@ -380,7 +380,7 @@ convert (const char *fname) char *buf; size_t buflen; struct stat st; - pkc_t pk; + nvc_t pk; source = es_fopen (fname, "rb"); if (source == NULL) @@ -403,13 +403,13 @@ convert (const char *fname) exit (1); } - pk = pkc_new (); + pk = nvc_new (); assert (pk); - err = pkc_set_private_key (pk, key); + err = nvc_set_private_key (pk, key); assert (err == 0); - err = pkc_write (pk, es_stdout); + err = nvc_write (pk, es_stdout); assert (err == 0); return; @@ -426,8 +426,8 @@ parse (const char *fname) gpg_error_t err; estream_t source; char *buf; - pkc_t pk_a, pk_b; - pke_t e; + nvc_t pk_a, pk_b; + nve_t e; int line; source = es_fopen (fname, "rb"); @@ -437,7 +437,7 @@ parse (const char *fname) exit (1); } - err = pkc_parse (&pk_a, &line, source); + err = nvc_parse (&pk_a, &line, source); if (err) { fprintf (stderr, "failed to parse %s line %d: %s\n", @@ -445,36 +445,36 @@ parse (const char *fname) exit (1); } - buf = pkc_to_string (pk_a); + buf = nvc_to_string (pk_a); xfree (buf); - pk_b = pkc_new (); + pk_b = nvc_new (); assert (pk_b); - for (e = pkc_first (pk_a); e; e = pke_next (e)) + for (e = nvc_first (pk_a); e; e = nve_next (e)) { gcry_sexp_t key = NULL; - if (strcasecmp (pke_name (e), "Key:") == 0) + if (strcasecmp (nve_name (e), "Key:") == 0) { - err = pkc_get_private_key (pk_a, &key); + err = nvc_get_private_key (pk_a, &key); if (err) key = NULL; } if (key) { - err = pkc_set_private_key (pk_b, key); + err = nvc_set_private_key (pk_b, key); assert (err == 0); } else { - err = pkc_add (pk_b, pke_name (e), pke_value (e)); + err = nvc_add (pk_b, nve_name (e), nve_value (e)); assert (err == 0); } } - buf = pkc_to_string (pk_b); + buf = nvc_to_string (pk_b); if (verbose) fprintf (stdout, "%s", buf); xfree (buf); commit b841a883a2a66807aa427e65d49067584bedfbe2 Author: Werner Koch Date: Thu Jun 23 11:55:46 2016 +0200 common: Rename private-keys.c to name-value.c * common/private-keys.c: Rename to name-value.c. * common/private-keys.h: Rename to name-value.h. Chage all users. * common/t-private-keys.c: Rename to t-name-value.c. * common/Makefile.am: Adjust accordingly. -- The module is cool enough to be used for other purposes as well. Thus we better change the name. Signed-off-by: Werner Koch diff --git a/agent/findkey.c b/agent/findkey.c index d3780b9..b221510 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -35,7 +35,7 @@ #include "agent.h" #include "i18n.h" #include "../common/ssh-utils.h" -#include "../common/private-keys.h" +#include "../common/name-value.h" #ifndef O_BINARY #define O_BINARY 0 diff --git a/common/Makefile.am b/common/Makefile.am index 884c966..2451689 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -91,7 +91,7 @@ common_sources = \ call-gpg.c call-gpg.h \ exectool.c exectool.h \ server-help.c server-help.h \ - private-keys.c private-keys.h + name-value.c name-value.h if HAVE_W32_SYSTEM common_sources += w32-reg.c w32-afunix.c w32-afunix.h @@ -157,7 +157,7 @@ module_tests = t-stringhelp t-timestuff \ t-convert t-percent t-gettime t-sysutils t-sexputil \ t-session-env t-openpgp-oid t-ssh-utils \ t-mapstrings t-zb32 t-mbox-util t-iobuf t-strlist \ - t-private-keys t-ccparray + t-name-value t-ccparray if !HAVE_W32CE_SYSTEM module_tests += t-exechelp endif @@ -206,7 +206,7 @@ t_zb32_LDADD = $(t_common_ldadd) t_mbox_util_LDADD = $(t_common_ldadd) t_iobuf_LDADD = $(t_common_ldadd) t_strlist_LDADD = $(t_common_ldadd) -t_private_keys_LDADD = $(t_common_ldadd) +t_name_value_LDADD = $(t_common_ldadd) t_ccparray_LDADD = $(t_common_ldadd) # System specific test diff --git a/common/private-keys.c b/common/name-value.c similarity index 98% rename from common/private-keys.c rename to common/name-value.c index 4cf7d22..601ddd4 100644 --- a/common/private-keys.c +++ b/common/name-value.c @@ -1,4 +1,4 @@ -/* private-keys.c - Parser and writer for the extended private key format. +/* name-value.c - Parser and writer for a name-value format. * Copyright (C) 2016 g10 Code GmbH * * This file is part of GnuPG. @@ -27,16 +27,21 @@ * along with this program; if not, see . */ +/* + * This module aso provides features for the extended private key + * format of gpg-agent. + */ + #include #include #include #include #include -#include "private-keys.h" #include "mischelp.h" #include "strlist.h" #include "util.h" +#include "name-value.h" struct private_key_container { diff --git a/common/private-keys.h b/common/name-value.h similarity index 94% rename from common/private-keys.h rename to common/name-value.h index d21e94f..0a8694a 100644 --- a/common/private-keys.h +++ b/common/name-value.h @@ -1,4 +1,4 @@ -/* private-keys.h - Parser and writer for the extended private key format. +/* name-value.h - Parser and writer for a name-value format. * Copyright (C) 2016 g10 Code GmbH * * This file is part of GnuPG. @@ -27,8 +27,8 @@ * along with this program; if not, see . */ -#ifndef GNUPG_COMMON_PRIVATE_KEYS_H -#define GNUPG_COMMON_PRIVATE_KEYS_H +#ifndef GNUPG_COMMON_NAME_VALUE_H +#define GNUPG_COMMON_NAME_VALUE_H struct private_key_container; typedef struct private_key_container *pkc_t; @@ -106,4 +106,4 @@ gpg_error_t pkc_parse (pkc_t *result, int *errlinep, estream_t stream); /* Write a representation of PK to STREAM. */ gpg_error_t pkc_write (pkc_t pk, estream_t stream); -#endif /* GNUPG_COMMON_PRIVATE_KEYS_H */ +#endif /* GNUPG_COMMON_NAME_VALUE_H */ diff --git a/common/t-private-keys.c b/common/t-name-value.c similarity index 99% rename from common/t-private-keys.c rename to common/t-name-value.c index 1027e70..d6cef35 100644 --- a/common/t-private-keys.c +++ b/common/t-name-value.c @@ -1,4 +1,4 @@ -/* t-private-keys.c - Module test for private-keys.c +/* t-name-value.c - Module test for name-value.c * Copyright (C) 2016 g10 Code GmbH * * This file is part of GnuPG. @@ -26,7 +26,7 @@ #include #include "util.h" -#include "private-keys.h" +#include "name-value.h" static int verbose; ----------------------------------------------------------------------- Summary of changes: agent/findkey.c | 20 +-- common/Makefile.am | 6 +- common/{private-keys.c => name-value.c} | 183 ++++++++++++++-------- common/{private-keys.h => name-value.h} | 61 +++++--- common/{t-private-keys.c => t-name-value.c} | 232 +++++++++++++++++----------- 5 files changed, 308 insertions(+), 194 deletions(-) rename common/{private-keys.c => name-value.c} (79%) rename common/{private-keys.h => name-value.h} (56%) rename common/{t-private-keys.c => t-name-value.c} (68%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 23 14:23:53 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 23 Jun 2016 14:23:53 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-43-ge6e56ad Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e6e56adf208f194ecafda29bb1c1c06655348432 (commit) via a4ff2d99d036fcd2c2ff196b82f0b81c60b97ed9 (commit) from 3ead21da80da4570e77036cc05303914c9b1f364 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e6e56adf208f194ecafda29bb1c1c06655348432 Author: Justus Winter Date: Thu Jun 23 14:10:00 2016 +0200 gpgscm: Fix Scheme initialization. This potentially causes a crash if the garbage collector marks an eof object. * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize 'EOF_OBJ'. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 3c7910c..3ed5d9b 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -4778,6 +4778,9 @@ int scheme_init_custom_alloc(scheme *sc, func_alloc malloc, func_dealloc free) { /* init F */ typeflag(sc->F) = (T_ATOM | MARK); car(sc->F) = cdr(sc->F) = sc->F; + /* init EOF_OBJ */ + typeflag(sc->EOF_OBJ) = (T_ATOM | MARK); + car(sc->EOF_OBJ) = cdr(sc->EOF_OBJ) = sc->EOF_OBJ; /* init sink */ typeflag(sc->sink) = (T_PAIR | MARK); car(sc->sink) = sc->NIL; commit a4ff2d99d036fcd2c2ff196b82f0b81c60b97ed9 Author: Justus Winter Date: Thu Jun 23 13:18:25 2016 +0200 gpgscm: Fix manual. -- Signed-off-by: Justus Winter diff --git a/tests/gpgscm/Manual.txt b/tests/gpgscm/Manual.txt index ffda956..9fd294f 100644 --- a/tests/gpgscm/Manual.txt +++ b/tests/gpgscm/Manual.txt @@ -88,7 +88,7 @@ Please read accompanying file COPYING. (gc) Performs garbage collection immediatelly. - (gcverbose) (gcverbose ) + (gc-verbose) (gc-verbose ) The argument (defaulting to #t) controls whether GC produces visible outcome. ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/Manual.txt | 2 +- tests/gpgscm/scheme.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 23 17:51:08 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 23 Jun 2016 17:51:08 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-47-ge584d64 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e584d6468a2e72cd01e55f46104f9f96b56c0b66 (commit) via 145910afc077e7a5df6cc8b10e180dfa6ce38cc3 (commit) via 1e822654c1dcfc23a9ef689f4e18c0ebba18baca (commit) via 332fa86982dc811640ac8643332d8375816e5b81 (commit) from e6e56adf208f194ecafda29bb1c1c06655348432 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e584d6468a2e72cd01e55f46104f9f96b56c0b66 Author: Justus Winter Date: Thu Jun 23 17:24:23 2016 +0200 tests/openpgp: Fake the system time for the tofu test. The keys in the tofu test are set to expire on 2016-09-17. Fake the system time for this test. This commit includes changes to the old test as well, for those who need to backport it. * tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines. * tests/openpgp/tofu.scm: Fake system time. * tests/openpgp/tofu.test: Likewise. GnuPG-bug-id: 2393 Signed-off-by: Justus Winter diff --git a/tests/openpgp/gpg-agent.conf.tmpl b/tests/openpgp/gpg-agent.conf.tmpl index b3cb54f..70e1633 100644 --- a/tests/openpgp/gpg-agent.conf.tmpl +++ b/tests/openpgp/gpg-agent.conf.tmpl @@ -1,4 +1,2 @@ allow-preset-passphrase no-grab - - diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index 24fa9df..38b6a0f 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -19,7 +19,9 @@ (load (with-path "defs.scm")) -(define GPG `(,(tool 'gpg) --no-permission-warning)) ;; w/o --always-trust + ;; Redefine GPG without --always-trust and a fixed time. +(define GPG `(,(tool 'gpg) --no-permission-warning + --faked-system-time=1466684990)) (define GNUPGHOME (getenv "GNUPGHOME")) (if (string=? "" GNUPGHOME) (error "GNUPGHOME not set")) diff --git a/tests/openpgp/tofu.test b/tests/openpgp/tofu.test index 18c1756..0d34af4 100755 --- a/tests/openpgp/tofu.test +++ b/tests/openpgp/tofu.test @@ -4,6 +4,9 @@ # set -x +# Redefine GPG with a fixed time. +GPG="$GPG --faked-system-time=1466684990" + KEYS="2183839A BC15C85A EE37CF96" # Make sure $srcdir is set. commit 145910afc077e7a5df6cc8b10e180dfa6ce38cc3 Author: Justus Winter Date: Thu Jun 23 17:18:13 2016 +0200 gpgscm: Handle exceptions in the transformation monad. * tests/gpgscm/tests.scm (pipe:do): Raise errors. (tr:spawn): Catch and return errors. (tr:call-with-content): Likewise. (tr:{open,write-to,pipe-do,assert-identity,assert-weak-identity}): Adapt. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 6c3eb79..ebe1be5 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -364,12 +364,19 @@ (let loop ((tmpfiles '()) (source #f) (cmds commands)) (if (null? cmds) (for-each remove-temporary-file tmpfiles) - (let ((v ((car cmds) tmpfiles source))) - (loop (car v) (cadr v) (cdr cmds)))))) + (let* ((v ((car cmds) tmpfiles source)) + (tmpfiles' (car v)) + (sink (cadr v)) + (error (caddr v))) + (if error + (begin + (for-each remove-temporary-file tmpfiles') + (throw error))) + (loop tmpfiles' sink (cdr cmds)))))) (define (tr:open pathname) (lambda (tmpfiles source) - (list tmpfiles pathname))) + (list tmpfiles pathname #f))) (define (tr:spawn input command) (lambda (tmpfiles source) @@ -381,15 +388,17 @@ ((equal? '**in** x) source) ((equal? '**out** x) t) (else x))) command))) - (call-popen cmd input) - (if (and (member '**out** command) (not (file-exists? t))) - (error (string-append (stringify cmd) " did not produce '" t "'."))) - (list (cons t tmpfiles) t)))) + (catch (list (cons t tmpfiles) t *error*) + (call-popen cmd input) + (if (and (member '**out** command) (not (file-exists? t))) + (error (string-append (stringify cmd) + " did not produce '" t "'."))) + (list (cons t tmpfiles) t #f))))) (define (tr:write-to pathname) (lambda (tmpfiles source) (rename source pathname) - (list tmpfiles pathname))) + (list tmpfiles pathname #f))) (define (tr:pipe-do . commands) (lambda (tmpfiles source) @@ -398,21 +407,22 @@ `(,@(if source `(,(pipe:open source (logior O_RDONLY O_BINARY))) '()) , at commands ,(pipe:write-to t (logior O_WRONLY O_BINARY O_CREAT) #o600))) - (list (cons t tmpfiles) t)))) + (list (cons t tmpfiles) t #f)))) (define (tr:assert-identity reference) (lambda (tmpfiles source) (if (not (file=? source reference)) (error "mismatch")) - (list tmpfiles source))) + (list tmpfiles source #f))) (define (tr:assert-weak-identity reference) (lambda (tmpfiles source) (if (not (text-file=? source reference)) (error "mismatch")) - (list tmpfiles source))) + (list tmpfiles source #f))) (define (tr:call-with-content function . args) (lambda (tmpfiles source) - (apply function `(,(call-with-input-file source read-all) , at args)) - (list tmpfiles source))) + (catch (list tmpfiles source *error*) + (apply function `(,(call-with-input-file source read-all) , at args))) + (list tmpfiles source #f))) commit 1e822654c1dcfc23a9ef689f4e18c0ebba18baca Author: Justus Winter Date: Thu Jun 23 17:14:07 2016 +0200 tests/openpgp: Improve tests. * tests/openpgp/multisig.scm: Simplify test. * tests/openpgp/setup.scm (dearmor): Use pipe. Signed-off-by: Justus Winter diff --git a/tests/openpgp/multisig.scm b/tests/openpgp/multisig.scm index 3788f67..53c905f 100755 --- a/tests/openpgp/multisig.scm +++ b/tests/openpgp/multisig.scm @@ -156,17 +156,13 @@ cnksIEkgY2FuJ3QgZG8gdGhhdAo= (for-each-p "Checking that an invalid signature is verified as such" (lambda (armored-file) - (tr:do - (tr:pipe-do - (pipe:echo (eval armored-file (current-environment))) - (pipe:spawn `(, at GPG --dearmor))) - ;; XXX: this is ugly - (lambda args - (if (catch #f ;; verifikation failed, this is what we want - (apply (tr:spawn "" `(, at GPG --verify **in**)) args) - ;; verification succeded, this is an error. - #t) - (error "invalid signature is valid") - args)))) + (lettmp (file) + (pipe:do + (pipe:echo (eval armored-file (current-environment))) + (pipe:spawn `(, at GPG --dearmor)) + (pipe:write-to file (logior O_WRONLY O_CREAT O_BINARY) #o600)) + + (if (= 0 (call `(, at GPG --verify ,file))) + (error "Bad signature verified ok"))) '(sig-1ls1ls-valid sig-ls-valid sig-1lsls-invalid sig-lsls-invalid sig-lss-invalid sig-slsl-invalid)) diff --git a/tests/openpgp/setup.scm b/tests/openpgp/setup.scm index 6518dae..ce2e42c 100755 --- a/tests/openpgp/setup.scm +++ b/tests/openpgp/setup.scm @@ -56,9 +56,12 @@ '(500 9000 32000 80000)) (define (dearmor source-name sink-name) - (letfd ((source (open source-name (logior O_RDONLY O_BINARY))) - (sink (open sink-name (logior O_WRONLY O_CREAT O_BINARY) #o600))) - (call-with-fds `(, at GPG --dearmor) source sink STDERR_FILENO))) + (pipe:do + (pipe:open source-name (logior O_RDONLY O_BINARY)) + (pipe:spawn `(, at GPG --dearmor)) + (pipe:write-to sink-name + (logior O_WRONLY O_CREAT O_BINARY) + #o600))) (for-each-p "Unpacking samples" (lambda (name) commit 332fa86982dc811640ac8643332d8375816e5b81 Author: Justus Winter Date: Thu Jun 23 16:14:10 2016 +0200 gpgscm: Add types for special objects. * tests/gpgscm/scheme.c (enum scheme_types): Add types for boolean, nil, eof, and the sink object. (type_to_string): Handle new types. (scheme_init_custom_alloc): Give special objects a type. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 3ed5d9b..486194c 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -126,7 +126,11 @@ enum scheme_types { T_PROMISE=13, T_ENVIRONMENT=14, T_FOREIGN_OBJECT=15, - T_LAST_SYSTEM_TYPE=15 + T_BOOLEAN=16, + T_NIL=17, + T_EOF_OBJ=18, + T_SINK=19, + T_LAST_SYSTEM_TYPE=19 }; static const char * @@ -149,6 +153,10 @@ type_to_string (enum scheme_types typ) case T_PROMISE: return "promise"; case T_ENVIRONMENT: return "environment"; case T_FOREIGN_OBJECT: return "foreign object"; + case T_BOOLEAN: return "boolean"; + case T_NIL: return "nil"; + case T_EOF_OBJ: return "eof object"; + case T_SINK: return "sink"; } assert (! "not reached"); } @@ -4770,19 +4778,19 @@ int scheme_init_custom_alloc(scheme *sc, func_alloc malloc, func_dealloc free) { sc->tracing=0; /* init sc->NIL */ - typeflag(sc->NIL) = (T_ATOM | MARK); + typeflag(sc->NIL) = (T_NIL | T_ATOM | MARK); car(sc->NIL) = cdr(sc->NIL) = sc->NIL; /* init T */ - typeflag(sc->T) = (T_ATOM | MARK); + typeflag(sc->T) = (T_BOOLEAN | T_ATOM | MARK); car(sc->T) = cdr(sc->T) = sc->T; /* init F */ - typeflag(sc->F) = (T_ATOM | MARK); + typeflag(sc->F) = (T_BOOLEAN | T_ATOM | MARK); car(sc->F) = cdr(sc->F) = sc->F; /* init EOF_OBJ */ - typeflag(sc->EOF_OBJ) = (T_ATOM | MARK); + typeflag(sc->EOF_OBJ) = (T_EOF_OBJ | T_ATOM | MARK); car(sc->EOF_OBJ) = cdr(sc->EOF_OBJ) = sc->EOF_OBJ; /* init sink */ - typeflag(sc->sink) = (T_PAIR | MARK); + typeflag(sc->sink) = (T_SINK | T_PAIR | MARK); car(sc->sink) = sc->NIL; /* init c_nest */ sc->c_nest = sc->NIL; ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/scheme.c | 20 ++++++++++++++------ tests/gpgscm/tests.scm | 36 +++++++++++++++++++++++------------- tests/openpgp/gpg-agent.conf.tmpl | 2 -- tests/openpgp/multisig.scm | 20 ++++++++------------ tests/openpgp/setup.scm | 9 ++++++--- tests/openpgp/tofu.scm | 4 +++- tests/openpgp/tofu.test | 3 +++ 7 files changed, 57 insertions(+), 37 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 23 20:06:34 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Jun 2016 20:06:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-50-g1e5959e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1e5959ec059ba41f4de1e2f953300bc040efc16f (commit) via 09c6f7135150efbbeb459d4ae0189a81e9d180f8 (commit) via c229ba4d8b9b16052ee0b9573bed7905be602cdf (commit) from e584d6468a2e72cd01e55f46104f9f96b56c0b66 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1e5959ec059ba41f4de1e2f953300bc040efc16f Author: Werner Koch Date: Thu Jun 23 19:25:53 2016 +0200 gpg: New import option "import-show". * g10/options.h (IMPORT_SHOW): New. * g10/import.c (parse_import_options): Add "import-show". (import_one): Implement that. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 3ea298e..15f58f4 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -233,7 +233,7 @@ read from STDIN. If only a one argument is given, it is expected to be a complete signature. With more than 1 argument, the first should be a detached signature -and the remaining files ake up the the signed data. To read the signed +and the remaining files make up the the signed data. To read the signed data from STDIN, use @samp{-} as the second filename. For security reasons a detached signature cannot read the signed material from STDIN without denoting it in the above way. @@ -2180,6 +2180,11 @@ opposite meaning. The options are: subkey. Defaults to no for regular @option{--import} and to yes for keyserver @option{--recv-keys}. + @item import-show + Show a listing of the key as imported right before it is stored. + This can be combined with the option @option{--dry-run} to only look + at keys. + @item merge-only During import, allow key updates to existing keys, but do not allow any new keys to be imported. Defaults to no. diff --git a/g10/import.c b/g10/import.c index 7c0d1e2..c4992be 100644 --- a/g10/import.c +++ b/g10/import.c @@ -112,6 +112,9 @@ parse_import_options(char *str,unsigned int *options,int noisy) {"fast-import",IMPORT_FAST,NULL, N_("do not update the trustdb after import")}, + {"import-show",IMPORT_SHOW,NULL, + N_("show key during import")}, + {"merge-only",IMPORT_MERGE_ONLY,NULL, N_("only accept updates to existing keys")}, @@ -936,7 +939,7 @@ import_one (ctrl_t ctrl, import_screener_t screener, void *screener_arg) { PKT_public_key *pk; - PKT_public_key *pk_orig; + PKT_public_key *pk_orig = NULL; kbnode_t node, uidnode; kbnode_t keyblock_orig = NULL; byte fpr2[MAX_FINGERPRINT_LEN]; @@ -1050,6 +1053,22 @@ import_one (ctrl_t ctrl, return 0; } + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); + + /* Show the key in the form it is merged or inserted. */ + if ((options & IMPORT_SHOW)) + { + merge_keys_and_selfsig (keyblock); + /* Note that we do not want to show the validity because the key + * has not yet imported. */ + list_keyblock_direct (ctrl, keyblock, 0, 0, 1, 1); + es_fflush (es_stdout); + } + + if (opt.dry_run) + goto leave; + /* Do we have this key already in one of our pubrings ? */ pk_orig = xmalloc_clear( sizeof *pk_orig ); rc = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len); @@ -1258,7 +1277,7 @@ import_one (ctrl_t ctrl, keydb_release (hd); hd = NULL; } - leave: + leave: if (mod_key || new_key || same_key) { /* A little explanation for this: we fill in the fingerprint diff --git a/g10/options.h b/g10/options.h index e14bc07..58cf1f9 100644 --- a/g10/options.h +++ b/g10/options.h @@ -334,6 +334,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define IMPORT_LOCAL_SIGS (1<<0) #define IMPORT_REPAIR_PKS_SUBKEY_BUG (1<<1) #define IMPORT_FAST (1<<2) +#define IMPORT_SHOW (1<<3) #define IMPORT_MERGE_ONLY (1<<4) #define IMPORT_MINIMAL (1<<5) #define IMPORT_CLEAN (1<<6) commit 09c6f7135150efbbeb459d4ae0189a81e9d180f8 Author: Werner Koch Date: Thu Jun 23 19:22:13 2016 +0200 gpg: Do not print the validity after key generation. * g10/keylist.c (struct keylist_context): Add field NO_VALIDITY. (list_keyblock_print): Take care of it. (list_keyblock_direct): Add arg NO_VALIDITY. * g10/keygen.c (do_generate_keypair): Merge keyblock and print w/o validity. -- It will always be ultimate and by not printing it we avoid a lot of garbage output due to the trustdb re-calculation. Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index 74fd370..b7c8e83 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4340,11 +4340,15 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, gen_standard_revoke (pk, cache_nonce); + /* Get rid of the first empty packet. */ + commit_kbnode (&pub_root); + if (!opt.batch) { tty_printf (_("public and secret key created and signed.\n") ); tty_printf ("\n"); - list_keyblock_direct (ctrl, pub_root, 0, 1, 1); + merge_keys_and_selfsig (pub_root); + list_keyblock_direct (ctrl, pub_root, 0, 1, 1, 1); } diff --git a/g10/keylist.c b/g10/keylist.c index 0ac763d..e595fe3 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -59,6 +59,7 @@ struct keylist_context int inv_sigs; /* Counter used if CHECK_SIGS is set. */ int no_key; /* Counter used if CHECK_SIGS is set. */ int oth_err; /* Counter used if CHECK_SIGS is set. */ + int no_validity; /* Do not show validity. */ }; @@ -1052,7 +1053,8 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, secret = 2; /* Key not found. */ } - check_trustdb_stale (ctrl); + if (!listctx->no_validity) + check_trustdb_stale (ctrl); /* Print the "pub" line and in KF_NONE mode the fingerprint. */ print_key_line (es_stdout, pk, secret); @@ -1090,7 +1092,8 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, dump_attribs (uid, pk); if ((uid->is_revoked || uid->is_expired) - || (opt.list_options & LIST_SHOW_UID_VALIDITY)) + || ((opt.list_options & LIST_SHOW_UID_VALIDITY) + && !listctx->no_validity)) { const char *validity; @@ -1755,14 +1758,17 @@ list_keyblock (ctrl_t ctrl, } -/* Public function used by keygen to list a keyblock. */ +/* Public function used by keygen to list a keyblock. If NO_VALIDITY + * is set the validity of a key is never shown. */ void list_keyblock_direct (ctrl_t ctrl, - kbnode_t keyblock, int secret, int has_secret, int fpr) + kbnode_t keyblock, int secret, int has_secret, int fpr, + int no_validity) { struct keylist_context listctx; memset (&listctx, 0, sizeof (listctx)); + listctx.no_validity = !!no_validity; list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx); keylist_context_release (&listctx); } diff --git a/g10/main.h b/g10/main.h index 7b716ff..e6f2070 100644 --- a/g10/main.h +++ b/g10/main.h @@ -415,7 +415,7 @@ void secret_key_list (ctrl_t ctrl, strlist_t list ); void print_subpackets_colon(PKT_signature *sig); void reorder_keyblock (KBNODE keyblock); void list_keyblock_direct (ctrl_t ctrl, kbnode_t keyblock, int secret, - int has_secret, int fpr); + int has_secret, int fpr, int no_validity); void print_fingerprint (estream_t fp, PKT_public_key *pk, int mode); void print_revokers (estream_t fp, PKT_public_key *pk); void show_policy_url(PKT_signature *sig,int indent,int mode); commit c229ba4d8b9b16052ee0b9573bed7905be602cdf Author: Werner Koch Date: Thu Jun 23 17:44:55 2016 +0200 common: Fix possible small memory leak in b64dec.c. * common/b64dec.c (b64dec_finish): Always release TITLE. Signed-off-by: Werner Koch diff --git a/common/b64dec.c b/common/b64dec.c index 9e8fb78..c84c35a 100644 --- a/common/b64dec.c +++ b/common/b64dec.c @@ -243,10 +243,11 @@ b64dec_proc (struct b64state *state, void *buffer, size_t length, gpg_error_t b64dec_finish (struct b64state *state) { + xfree (state->title); + state->title = NULL; + if (state->lasterr) return state->lasterr; - xfree (state->title); - state->title = NULL; return state->invalid_encoding? gpg_error(GPG_ERR_BAD_DATA): 0; } ----------------------------------------------------------------------- Summary of changes: common/b64dec.c | 5 +++-- doc/gpg.texi | 7 ++++++- g10/import.c | 23 +++++++++++++++++++++-- g10/keygen.c | 6 +++++- g10/keylist.c | 14 ++++++++++---- g10/main.h | 2 +- g10/options.h | 1 + 7 files changed, 47 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 24 11:04:50 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 24 Jun 2016 11:04:50 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-6-gfb0e18b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via fb0e18b38434cbe97dee4c26047a994baf02fe76 (commit) from c68d39f7114623075c0b407b05927b61b190a377 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb0e18b38434cbe97dee4c26047a994baf02fe76 Author: NIIBE Yutaka Date: Thu Jun 23 12:12:43 2016 +0900 g10: Fix card-edit/fetch to use keyserver_fetch. * g10/card-util.c (fetch_url): Call keyserver_fetch instead of keyserver_import_fprint. -- Signed-off-by: NIIBE Yutaka GnuPG-bug-id: 1828 (backport of master commit 6f5ff1cfe449cf1f4cb7287bc57570eb794216b2) diff --git a/g10/card-util.c b/g10/card-util.c index 2198cb2..745ba1d 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -729,28 +729,18 @@ fetch_url(void) log_error("error retrieving URL from card: %s\n",gpg_strerror(rc)); else { - struct keyserver_spec *spec=NULL; - rc=agent_scd_getattr("KEY-FPR",&info); if(rc) log_error("error retrieving key fingerprint from card: %s\n", gpg_strerror(rc)); else if (info.pubkey_url && *info.pubkey_url) - { - spec=parse_keyserver_uri(info.pubkey_url,1,NULL,0); - if(spec && info.fpr1valid) - { - /* This is not perfectly right. Currently, all card - fingerprints are 20 digits, but what about - fingerprints for a future v5 key? We should get the - length from somewhere lower in the code. In any - event, the fpr/keyid is not meaningful for straight - HTTP fetches, but using it allows the card to point - to HKP and LDAP servers as well. */ - rc=keyserver_import_fprint(info.fpr1,20,spec); - free_keyserver_spec(spec); - } - } + { + strlist_t sl = NULL; + + add_to_strlist (&sl, info.pubkey_url); + rc = keyserver_fetch (sl); + free_strlist (sl); + } else if (info.fpr1valid) { rc = keyserver_import_fprint (info.fpr1, 20, opt.keyserver); ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 24 11:33:22 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 24 Jun 2016 11:33:22 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-184-g3364549 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 3364549c19682f56d4d9c52ab7f76862c5a456cf (commit) from cf37a57d28c43ec36277e84ca44458b7287b940b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3364549c19682f56d4d9c52ab7f76862c5a456cf Author: Andre Heinecke Date: Fri Jun 24 11:30:55 2016 +0200 tests: Add new test tool run-decrypt * tests/run-decrypt.c: New. * tests/Makefile.am (noinst_PROGRAMS): Add run-decrypt. diff --git a/tests/Makefile.am b/tests/Makefile.am index bfd8e36..a450f2a 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -32,7 +32,7 @@ LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@ noinst_HEADERS = run-support.h noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import run-sign \ - run-verify run-encrypt run-identify + run-verify run-encrypt run-identify run-decrypt if RUN_GPG_TESTS diff --git a/tests/run-decrypt.c b/tests/run-decrypt.c new file mode 100644 index 0000000..6d38aee --- /dev/null +++ b/tests/run-decrypt.c @@ -0,0 +1,189 @@ +/* run-decrypt.c - Helper to perform a verify operation + Copyright (C) 2009 g10 Code GmbH + 2016 Intevation GmbH + + This file is part of GPGME. + + GPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + GPGME is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . +*/ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include + +#define PGM "run-decrypt" + +#include "run-support.h" + + +static int verbose; + +static gpg_error_t +status_cb (void *opaque, const char *keyword, const char *value) +{ + (void)opaque; + fprintf (stderr, "status_cb: %s %s\n", keyword, value); + return 0; +} + + +static void +print_result (gpgme_decrypt_result_t result) +{ + gpgme_recipient_t recp; + int count = 0; + printf ("Original file name: %s\n", nonnull(result->file_name)); + printf ("Wrong key usage: %i\n", result->wrong_key_usage); + printf ("Unsupported algorithm: %s\n ", nonnull(result->unsupported_algorithm)); + + for (recp = result->recipients; recp->next; recp = recp->next) + { + printf ("recipient %d\n", count++); + printf (" status ....: %s\n", gpgme_strerror (recp->status)); + printf (" keyid: %s\n", nonnull (recp->keyid)); + printf (" algo ...: %s\n", gpgme_pubkey_algo_name (recp->pubkey_algo)); + } +} + + +static int +show_usage (int ex) +{ + fputs ("usage: " PGM " [options] FILE\n\n" + "Options:\n" + " --verbose run in verbose mode\n" + " --status print status lines from the backend\n" + " --openpgp use the OpenPGP protocol (default)\n" + " --cms use the CMS protocol\n" + , stderr); + exit (ex); +} + + +int +main (int argc, char **argv) +{ + int last_argc = -1; + gpgme_error_t err; + gpgme_ctx_t ctx; + gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; + FILE *fp_in = NULL; + gpgme_data_t in = NULL; + gpgme_data_t out = NULL; + gpgme_decrypt_result_t result; + int print_status = 0; + + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + show_usage (0); + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--status")) + { + print_status = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--openpgp")) + { + protocol = GPGME_PROTOCOL_OpenPGP; + argc--; argv++; + } + else if (!strcmp (*argv, "--cms")) + { + protocol = GPGME_PROTOCOL_CMS; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + show_usage (1); + + } + + if (argc < 1 || argc > 2) + show_usage (1); + + fp_in = fopen (argv[0], "rb"); + if (!fp_in) + { + err = gpgme_error_from_syserror (); + fprintf (stderr, PGM ": can't open `%s': %s\n", + argv[0], gpgme_strerror (err)); + exit (1); + } + + init_gpgme (protocol); + + err = gpgme_new (&ctx); + fail_if_err (err); + gpgme_set_protocol (ctx, protocol); + if (print_status) + { + gpgme_set_status_cb (ctx, status_cb, NULL); + gpgme_set_ctx_flag (ctx, "full-status", "1"); + } + + err = gpgme_data_new_from_stream (&in, fp_in); + if (err) + { + fprintf (stderr, PGM ": error allocating data object: %s\n", + gpgme_strerror (err)); + exit (1); + } + + err = gpgme_data_new (&out); + if (err) + { + fprintf (stderr, PGM ": error allocating data object: %s\n", + gpgme_strerror (err)); + exit (1); + } + + err = gpgme_op_decrypt (ctx, in, out); + result = gpgme_op_decrypt_result (ctx); + if (err) + { + fprintf (stderr, PGM ": decrypt failed: %s\n", gpgme_strerror (err)); + exit (1); + } + if (result) { + print_result (result); + print_data (out); + } + + gpgme_data_release (out); + gpgme_data_release (in); + + gpgme_release (ctx); + return 0; +} ----------------------------------------------------------------------- Summary of changes: tests/Makefile.am | 2 +- tests/{run-sign.c => run-decrypt.c} | 122 +++++++++++++----------------------- 2 files changed, 45 insertions(+), 79 deletions(-) copy tests/{run-sign.c => run-decrypt.c} (52%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 24 13:19:34 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 24 Jun 2016 13:19:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-51-g7bca3be Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7bca3be65e510eda40572327b87922834ebe07eb (commit) from 1e5959ec059ba41f4de1e2f953300bc040efc16f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7bca3be65e510eda40572327b87922834ebe07eb Author: Werner Koch Date: Fri Jun 24 13:11:37 2016 +0200 gpg: New import option "import-export". * g10/import.c (parse_import_options): Add option "import-export". (write_keyblock_to_output): New. (import_one): Implement option. -- We are now in the import export business. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 15f58f4..b8fda96 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2185,6 +2185,11 @@ opposite meaning. The options are: This can be combined with the option @option{--dry-run} to only look at keys. + @item import-export + Run the entire import code but instead of storing the key to the + local keyring write it to the output. This option can be used to + remove all invalid parts from a key without the need to store it. + @item merge-only During import, allow key updates to existing keys, but do not allow any new keys to be imported. Defaults to no. diff --git a/g10/import.c b/g10/import.c index c4992be..b6bc0f2 100644 --- a/g10/import.c +++ b/g10/import.c @@ -124,6 +124,9 @@ parse_import_options(char *str,unsigned int *options,int noisy) {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, N_("remove as much as possible from key after import")}, + {"import-export", IMPORT_EXPORT, NULL, + N_("run import filters and export key immediately")}, + /* Aliases for backward compatibility */ {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL}, @@ -764,6 +767,62 @@ fix_bad_direct_key_sigs (kbnode_t keyblock, u32 *keyid) } +/* Write the keyblock either to stdin or to the file set with + * the --output option. */ +static gpg_error_t +write_keyblock_to_output (kbnode_t keyblock) +{ + gpg_error_t err; + const char *fname; + iobuf_t out; + kbnode_t node; + armor_filter_context_t *afx = NULL; + + fname = opt.outfile? opt.outfile : "-"; + if (is_secured_filename (fname) ) + return gpg_error (GPG_ERR_EPERM); + + out = iobuf_create (fname, 0); + if (!out) + { + err = gpg_error_from_syserror (); + log_error(_("can't create '%s': %s\n"), fname, gpg_strerror (err)); + return err; + } + if (opt.verbose) + log_info (_("writing to '%s'\n"), iobuf_get_fname_nonnull (out)); + + if (opt.armor) + { + afx = new_armor_context (); + afx->what = 1; + push_armor_filter (afx, out); + } + + for (node = keyblock; node; node = node->next) + { + if (!is_deleted_kbnode (node)) + { + err = build_packet (out, node->pkt); + if (err) + { + log_error ("build_packet(%d) failed: %s\n", + node->pkt->pkttype, gpg_strerror (err) ); + goto leave; + } + } + } + + leave: + if (err) + iobuf_cancel (out); + else + iobuf_close (out); + release_armor_context (afx); + return err; +} + + static void print_import_ok (PKT_public_key *pk, unsigned int reason) { @@ -952,6 +1011,7 @@ import_one (ctrl_t ctrl, int non_self = 0; size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; /* Get the key and print some info about it. */ node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); @@ -1056,16 +1116,32 @@ import_one (ctrl_t ctrl, /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); - /* Show the key in the form it is merged or inserted. */ - if ((options & IMPORT_SHOW)) + /* Show the key in the form it is merged or inserted. We skip this + * if "import-export" is also active without --armor or the output + * file has explicily been given. */ + if ((options & IMPORT_SHOW) + && !((options & IMPORT_EXPORT) && !opt.armor && !opt.outfile)) { merge_keys_and_selfsig (keyblock); + merge_keys_done = 1; /* Note that we do not want to show the validity because the key * has not yet imported. */ list_keyblock_direct (ctrl, keyblock, 0, 0, 1, 1); es_fflush (es_stdout); } + /* Write the keyblock to the output and do not actually import. */ + if ((options & IMPORT_EXPORT)) + { + if (!merge_keys_done) + { + merge_keys_and_selfsig (keyblock); + merge_keys_done = 1; + } + rc = write_keyblock_to_output (keyblock); + goto leave; + } + if (opt.dry_run) goto leave; diff --git a/g10/options.h b/g10/options.h index 58cf1f9..4279bd6 100644 --- a/g10/options.h +++ b/g10/options.h @@ -340,6 +340,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define IMPORT_CLEAN (1<<6) #define IMPORT_NO_SECKEY (1<<7) #define IMPORT_KEEP_OWNERTTRUST (1<<8) +#define IMPORT_EXPORT (1<<9) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1) ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 5 ++++ g10/import.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- g10/options.h | 1 + 3 files changed, 84 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 24 20:51:13 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 24 Jun 2016 20:51:13 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.23-2-g0982a72 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 0982a72ecc8e7738ec968b3a6710bdacb0f2da4e (commit) from 32d671c87db54e397e75309fc9215d84d1107c0d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0982a72ecc8e7738ec968b3a6710bdacb0f2da4e Author: Werner Koch Date: Fri Jun 24 20:49:23 2016 +0200 estream: Remove two compiler warning. * src/estream.c (func_file_create): Remove dead assignment. (doreadline): Do not decrement SPACE_LEFT before breaking the loop. Add an extra block to limit the scope of that variable. -- Signed-off-by: Werner Koch diff --git a/src/estream.c b/src/estream.c index e382a29..b4d1c74 100644 --- a/src/estream.c +++ b/src/estream.c @@ -1611,7 +1611,6 @@ func_file_create (void **cookie, int *filedes, int fd; err = 0; - fd = -1; file_cookie = mem_alloc (sizeof (*file_cookie)); if (! file_cookie) @@ -2769,7 +2768,6 @@ doreadline (estream_t _GPGRT__RESTRICT stream, size_t max_length, char *_GPGRT__RESTRICT *_GPGRT__RESTRICT line, size_t *_GPGRT__RESTRICT line_length) { - size_t space_left; size_t line_size; estream_t line_stream; char *line_new; @@ -2798,46 +2796,49 @@ doreadline (estream_t _GPGRT__RESTRICT stream, size_t max_length, if (err) goto out; - space_left = max_length; - line_size = 0; - while (1) - { - if (max_length && (space_left == 1)) - break; + { + size_t space_left = max_length; - err = es_peek (stream, &data, &data_len); - if (err || (! data_len)) - break; + line_size = 0; + for (;;) + { + if (max_length && (space_left == 1)) + break; - if (data_len > (space_left - 1)) - data_len = space_left - 1; + err = es_peek (stream, &data, &data_len); + if (err || (! data_len)) + break; - newline = memchr (data, '\n', data_len); - if (newline) - { - data_len = (newline - (char *) data) + 1; - err = _gpgrt_write (line_stream, data, data_len, NULL); - if (! err) - { - space_left -= data_len; - line_size += data_len; - es_skip (stream, data_len); - break; - } - } - else - { - err = _gpgrt_write (line_stream, data, data_len, NULL); - if (! err) - { - space_left -= data_len; - line_size += data_len; - es_skip (stream, data_len); - } - } - if (err) - break; - } + if (data_len > (space_left - 1)) + data_len = space_left - 1; + + newline = memchr (data, '\n', data_len); + if (newline) + { + data_len = (newline - (char *) data) + 1; + err = _gpgrt_write (line_stream, data, data_len, NULL); + if (! err) + { + /* Not needed: space_left -= data_len */ + line_size += data_len; + es_skip (stream, data_len); + break; /* endless loop */ + } + } + else + { + err = _gpgrt_write (line_stream, data, data_len, NULL); + if (! err) + { + space_left -= data_len; + line_size += data_len; + es_skip (stream, data_len); + } + } + if (err) + break; + } + } if (err) goto out; @@ -4240,7 +4241,7 @@ _gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, Returns the length of the line. EOF is indicated by a line of length zero. A truncated line is indicated my setting the value at MAX_LENGTH to 0. If the returned value is less then 0 not enough - memory was enable or another error occurred; ERRNO is then set + memory was available or another error occurred; ERRNO is then set accordingly. If a line has been truncated, the file pointer is moved forward to ----------------------------------------------------------------------- Summary of changes: src/estream.c | 81 ++++++++++++++++++++++++++++++----------------------------- 1 file changed, 41 insertions(+), 40 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 10:43:26 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 10:43:26 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-52-g22b9bea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 22b9bea1c3d0e944aa539a87d79e47d92ca5309f (commit) from 7bca3be65e510eda40572327b87922834ebe07eb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 22b9bea1c3d0e944aa539a87d79e47d92ca5309f Author: Werner Koch Date: Sat Jun 25 10:41:21 2016 +0200 yat2m: Silence lint warnings and fix a printf format bug. * doc/yat2m.c (ATTR_PRINTF, ATTR_NR_PRINTF, ATTR_MALLOC): New. (die, err, inf, xmalloc, xcalloc): New prototypes with attributes. (get_section_buffer): Take care of !N_SECTIONS. (proc_texi_cmd): Cast precision format arg. (proc_texi_buffer): Do not set IN_CMD when not used afterwards. -- Signed-off-by: Werner Koch diff --git a/doc/yat2m.c b/doc/yat2m.c index 3de908c..7599081 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013, 2015 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -13,7 +13,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, see . + * along with this program; if not, see . */ /* @@ -104,6 +104,29 @@ #include +#if __GNUC__ +# define MY_GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) +#else +# define MY_GCC_VERSION 0 +#endif + +#if MY_GCC_VERSION >= 20500 +# define ATTR_PRINTF(f, a) __attribute__ ((format(printf,f,a))) +# define ATTR_NR_PRINTF(f, a) __attribute__ ((noreturn, format(printf,f,a))) +#else +# define ATTR_PRINTF(f, a) +# define ATTR_NR_PRINTF(f, a) +#endif +#if MY_GCC_VERSION >= 30200 +# define ATTR_MALLOC __attribute__ ((__malloc__)) +#else +# define ATTR_MALLOC +#endif + + + #define PGM "yat2m" #define VERSION "1.0" @@ -214,7 +237,15 @@ static const char * const standard_sections[] = static void proc_texi_buffer (FILE *fp, const char *line, size_t len, int *table_level, int *eol_action); +static void die (const char *format, ...) ATTR_NR_PRINTF(1,2); +static void err (const char *format, ...) ATTR_PRINTF(1,2); +static void inf (const char *format, ...) ATTR_PRINTF(1,2); +static void *xmalloc (size_t n) ATTR_MALLOC; +static void *xcalloc (size_t n, size_t m) ATTR_MALLOC; + + +/*-- Functions --*/ /* Print diagnostic message and exit with failure. */ static void @@ -558,7 +589,7 @@ get_section_buffer (const char *name) for (i=0; i < thepage.n_sections; i++) if (!thepage.sections[i].name) break; - if (i < thepage.n_sections) + if (thepage.n_sections && i < thepage.n_sections) sect = thepage.sections + i; else { @@ -853,7 +884,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } else inf ("texinfo command '%s' not supported (%.*s)", command, - ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); + (int)((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); } if (*rest == '{') @@ -965,7 +996,7 @@ proc_texi_buffer (FILE *fp, const char *line, size_t len, assert (n <= len); s += n; len -= n; s--; len++; - in_cmd = 0; + /* in_cmd = 0; -- doc only */ } } ----------------------------------------------------------------------- Summary of changes: doc/yat2m.c | 41 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 11:12:57 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 11:12:57 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.23-3-g9b5e3d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 9b5e3d1608922f4aaf9958e022431849d5a58501 (commit) from 0982a72ecc8e7738ec968b3a6710bdacb0f2da4e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9b5e3d1608922f4aaf9958e022431849d5a58501 Author: Werner Koch Date: Sat Jun 25 11:10:28 2016 +0200 doc: Update yat2m.c * doc/yat2m.c: Update from gnupg. -- yat2m.c has been taken from gnupg commit 22b9bea1c3d0e944aa539a87d79e47d92ca5309f and the copy here shall now be considered as the canonical version. Signed-off-by: Werner Koch diff --git a/doc/Makefile.am b/doc/Makefile.am index ddb7e48..3d7b143 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -65,4 +65,4 @@ $(myman_pages) : yat2m-stamp # been modified. This is required so that the version.texi magic # updates the release date. gpgrt.texi : $(gpgrt_TEXINFOS) - touch $(srcdir)/gcrypt.texi + touch $(srcdir)/gpgrt.texi diff --git a/doc/yat2m.c b/doc/yat2m.c index 5039cc2..7599081 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -104,6 +104,29 @@ #include +#if __GNUC__ +# define MY_GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) +#else +# define MY_GCC_VERSION 0 +#endif + +#if MY_GCC_VERSION >= 20500 +# define ATTR_PRINTF(f, a) __attribute__ ((format(printf,f,a))) +# define ATTR_NR_PRINTF(f, a) __attribute__ ((noreturn, format(printf,f,a))) +#else +# define ATTR_PRINTF(f, a) +# define ATTR_NR_PRINTF(f, a) +#endif +#if MY_GCC_VERSION >= 30200 +# define ATTR_MALLOC __attribute__ ((__malloc__)) +#else +# define ATTR_MALLOC +#endif + + + #define PGM "yat2m" #define VERSION "1.0" @@ -120,6 +143,7 @@ static int quiet; static int debug; static const char *opt_source; static const char *opt_release; +static const char *opt_date; static const char *opt_select; static const char *opt_include; static int opt_store; @@ -213,8 +237,16 @@ static const char * const standard_sections[] = static void proc_texi_buffer (FILE *fp, const char *line, size_t len, int *table_level, int *eol_action); +static void die (const char *format, ...) ATTR_NR_PRINTF(1,2); +static void err (const char *format, ...) ATTR_PRINTF(1,2); +static void inf (const char *format, ...) ATTR_PRINTF(1,2); +static void *xmalloc (size_t n) ATTR_MALLOC; +static void *xcalloc (size_t n, size_t m) ATTR_MALLOC; + +/*-- Functions --*/ + /* Print diagnostic message and exit with failure. */ static void die (const char *format, ...) @@ -323,8 +355,12 @@ isodatestring (void) { static char buffer[11+5]; struct tm *tp; - time_t atime = time (NULL); + time_t atime; + if (opt_date && *opt_date) + atime = strtoul (opt_date, NULL, 10); + else + atime = time (NULL); if (atime < 0) strcpy (buffer, "????" "-??" "-??"); else @@ -553,7 +589,7 @@ get_section_buffer (const char *name) for (i=0; i < thepage.n_sections; i++) if (!thepage.sections[i].name) break; - if (i < thepage.n_sections) + if (thepage.n_sections && i < thepage.n_sections) sect = thepage.sections + i; else { @@ -656,6 +692,7 @@ write_th (FILE *fp) *p++ = 0; fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n", name, p, isodatestring (), opt_release, opt_source); + free (name); return 0; } @@ -678,6 +715,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } cmdtbl[] = { { "command", 0, "\\fB", "\\fR" }, { "code", 0, "\\fB", "\\fR" }, + { "url", 0, "\\fB", "\\fR" }, { "sc", 0, "\\fB", "\\fR" }, { "var", 0, "\\fI", "\\fR" }, { "samp", 0, "\\(aq", "\\(aq" }, @@ -698,6 +736,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "emph", 0, "\\fI", "\\fR" }, { "w", 1 }, { "c", 5 }, + { "efindex", 1 }, { "opindex", 1 }, { "cpindex", 1 }, { "cindex", 1 }, @@ -845,7 +884,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } else inf ("texinfo command '%s' not supported (%.*s)", command, - ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); + (int)((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); } if (*rest == '{') @@ -957,7 +996,7 @@ proc_texi_buffer (FILE *fp, const char *line, size_t len, assert (n <= len); s += n; len -= n; s--; len++; - in_cmd = 0; + /* in_cmd = 0; -- doc only */ } } @@ -1366,7 +1405,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) } if (!incfp) - err ("can't open include file '%s':%s", + err ("can't open include file '%s': %s", incname, strerror (errno)); else { @@ -1465,13 +1504,14 @@ main (int argc, char **argv) "Extract man pages from a Texinfo source.\n\n" " --source NAME use NAME as source field\n" " --release STRING use STRING as the release field\n" + " --date EPOCH use EPOCH as publication date\n" " --store write output using @manpage name\n" " --select NAME only output pages with @manpage NAME\n" " --verbose enable extra informational output\n" " --debug enable additional debug output\n" " --help display this help and exit\n" " -I DIR also search in include DIR\n" - " -D gpgone the only useable define\n\n" + " -D gpgone the only usable define\n\n" "With no FILE, or when FILE is -, read standard input.\n\n" "Report bugs to ."); exit (0); @@ -1518,6 +1558,15 @@ main (int argc, char **argv) argc--; argv++; } } + else if (!strcmp (*argv, "--date")) + { + argc--; argv++; + if (argc) + { + opt_date = *argv; + argc--; argv++; + } + } else if (!strcmp (*argv, "--store")) { opt_store = 1; ----------------------------------------------------------------------- Summary of changes: doc/Makefile.am | 2 +- doc/yat2m.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 57 insertions(+), 8 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 11:58:27 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 11:58:27 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.23-4-g7213299 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 7213299fdb2293b974fc436686626ae0a29290b8 (commit) from 9b5e3d1608922f4aaf9958e022431849d5a58501 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7213299fdb2293b974fc436686626ae0a29290b8 Author: Werner Koch Date: Sat Jun 25 11:56:42 2016 +0200 w32: Silence compiler warnings about redefined macros. * src/estream.c (S_IRGRP) [W32]: Protect against redefinition. Signed-off-by: Werner Koch diff --git a/src/estream.c b/src/estream.c index b4d1c74..2a44ac3 100644 --- a/src/estream.c +++ b/src/estream.c @@ -108,12 +108,25 @@ #ifdef HAVE_W32_SYSTEM -# define S_IRGRP S_IRUSR -# define S_IROTH S_IRUSR -# define S_IWGRP S_IWUSR -# define S_IWOTH S_IWUSR -# define S_IXGRP S_IXUSR -# define S_IXOTH S_IXUSR +# ifndef S_IRGRP +# define S_IRGRP S_IRUSR +# endif +# ifndef S_IROTH +# define S_IROTH S_IRUSR +# endif +# ifndef S_IWGRP +# define S_IWGRP S_IWUSR +# endif +# ifndef S_IWOTH +# define S_IWOTH S_IWUSR +# endif +# ifndef S_IXGRP +# define S_IXGRP S_IXUSR +# endif +# ifndef S_IXOTH +# define S_IXOTH S_IXUSR +# endif +# undef O_NONBLOCK # define O_NONBLOCK 0 /* FIXME: Not yet supported. */ #endif ----------------------------------------------------------------------- Summary of changes: src/estream.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 15:40:41 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 15:40:41 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-4-g5a5b055 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5a5b055b81ee60a22a846bdf2031516b1c24df98 (commit) via 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac (commit) from 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5a5b055b81ee60a22a846bdf2031516b1c24df98 Author: Werner Koch Date: Sat Jun 25 15:38:06 2016 +0200 Improve robustness and help lint. * cipher/rsa.c (rsa_encrypt): Check for !DATA. * cipher/md.c (search_oid): Check early for !OID. (md_copy): Use gpg_err_code_from_syserror. Replace chains of if(!err) tests. * cipher/cipher.c (search_oid): Check early for !OID. * src/misc.c (do_printhex): Allow for BUFFER==NULL even with LENGTH>0. * mpi/mpicoder.c (onecompl): Allow for A==NULL to help static analyzers. -- The change for md_copy is to help static analyzers which have no idea that gpg_err_code_from_syserror will never return 0. A gcc attribute returns_nonzero would be a nice to have. Some changes are due to the fact the macros like mpi_is_immutable gracefully handle a NULL arg but a static analyzer the considers that the function allows for a NULL arg. Signed-off-by: Werner Koch diff --git a/cipher/cipher.c b/cipher/cipher.c index bdcbfbd..2b7bf21 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -175,8 +175,10 @@ search_oid (const char *oid, gcry_cipher_oid_spec_t *oid_spec) gcry_cipher_spec_t *spec; int i; - if (oid && ((! strncmp (oid, "oid.", 4)) - || (! strncmp (oid, "OID.", 4)))) + if (!oid) + return NULL; + + if (!strncmp (oid, "oid.", 4) || !strncmp (oid, "OID.", 4)) oid += 4; spec = spec_from_oid (oid); diff --git a/cipher/md.c b/cipher/md.c index 344c1f2..a39e18a 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -198,8 +198,10 @@ search_oid (const char *oid, gcry_md_oid_spec_t *oid_spec) gcry_md_spec_t *spec; int i; - if (oid && ((! strncmp (oid, "oid.", 4)) - || (! strncmp (oid, "OID.", 4)))) + if (!oid) + return NULL; + + if (!strncmp (oid, "oid.", 4) || !strncmp (oid, "OID.", 4)) oid += 4; spec = spec_from_oid (oid); @@ -471,51 +473,48 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd) else bhd = xtrymalloc (n + sizeof (struct gcry_md_context)); - if (! bhd) - err = gpg_err_code_from_errno (errno); - - if (! err) + if (!bhd) { - bhd->ctx = b = (void *) ((char *) bhd + n); - /* No need to copy the buffer due to the write above. */ - gcry_assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1)); - bhd->bufsize = ahd->bufsize; - bhd->bufpos = 0; - gcry_assert (! ahd->bufpos); - memcpy (b, a, sizeof *a); - b->list = NULL; - b->debug = NULL; + err = gpg_err_code_from_syserror (); + goto leave; } + bhd->ctx = b = (void *) ((char *) bhd + n); + /* No need to copy the buffer due to the write above. */ + gcry_assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1)); + bhd->bufsize = ahd->bufsize; + bhd->bufpos = 0; + gcry_assert (! ahd->bufpos); + memcpy (b, a, sizeof *a); + b->list = NULL; + b->debug = NULL; + /* Copy the complete list of algorithms. The copied list is reversed, but that doesn't matter. */ - if (!err) + for (ar = a->list; ar; ar = ar->next) { - for (ar = a->list; ar; ar = ar->next) + if (a->flags.secure) + br = xtrymalloc_secure (ar->actual_struct_size); + else + br = xtrymalloc (ar->actual_struct_size); + if (!br) { - if (a->flags.secure) - br = xtrymalloc_secure (ar->actual_struct_size); - else - br = xtrymalloc (ar->actual_struct_size); - if (!br) - { - err = gpg_err_code_from_errno (errno); - md_close (bhd); - break; - } - - memcpy (br, ar, ar->actual_struct_size); - br->next = b->list; - b->list = br; + err = gpg_err_code_from_syserror (); + md_close (bhd); + goto leave; } + + memcpy (br, ar, ar->actual_struct_size); + br->next = b->list; + b->list = br; } - if (a->debug && !err) + if (a->debug) md_start_debug (bhd, "unknown"); - if (!err) - *b_hd = bhd; + *b_hd = bhd; + leave: return err; } diff --git a/cipher/rsa.c b/cipher/rsa.c index ce8e215..b6c7374 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1247,7 +1247,7 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; if (DBG_CIPHER) log_mpidump ("rsa_encrypt data", data); - if (mpi_is_opaque (data)) + if (!data || mpi_is_opaque (data)) { rc = GPG_ERR_INV_DATA; goto leave; diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c index e315576..4c63a14 100644 --- a/mpi/mpicoder.c +++ b/mpi/mpicoder.c @@ -403,14 +403,16 @@ onecompl (gcry_mpi_t a) mpi_ptr_t ap; mpi_size_t n; unsigned int i; - unsigned int nbits = mpi_get_nbits (a); + unsigned int nbits; - if (mpi_is_immutable (a)) + if (!a || mpi_is_immutable (a)) { mpi_immutable_failed (); return; } + nbits = mpi_get_nbits (a); + mpi_normalize (a); ap = a->d; n = a->nlimbs; diff --git a/src/misc.c b/src/misc.c index ac64d70..413d7d8 100644 --- a/src/misc.c +++ b/src/misc.c @@ -291,7 +291,7 @@ do_printhex (const char *text, const char *text2, log_debug ("%*s ", (int)strlen(text), ""); } } - if (length) + if (length && buffer) { const unsigned char *p = buffer; for (; length--; p++) commit 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac Author: Werner Koch Date: Thu Jun 23 10:29:08 2016 +0200 cipher: Improve fatal error message for bad use of gcry_md_read. * cipher/md.c (md_read): Use _gcry_fatal_error instead of BUG. -- Signed-off-by: Werner Koch diff --git a/cipher/md.c b/cipher/md.c index d0ef00f..344c1f2 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -847,7 +847,7 @@ md_read( gcry_md_hd_t a, int algo ) return r->spec->read (&r->context.c); } } - BUG(); + _gcry_fatal_error (GPG_ERR_DIGEST_ALGO, "request algo not in md context"); return NULL; } ----------------------------------------------------------------------- Summary of changes: cipher/cipher.c | 6 +++-- cipher/md.c | 69 ++++++++++++++++++++++++++++----------------------------- cipher/rsa.c | 2 +- mpi/mpicoder.c | 6 +++-- src/misc.c | 2 +- 5 files changed, 44 insertions(+), 41 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 16:12:15 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 16:12:15 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-6-g1feb019 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 1feb01940062a74c27230434fc3babdddca8caf4 (commit) via c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9 (commit) from 5a5b055b81ee60a22a846bdf2031516b1c24df98 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1feb01940062a74c27230434fc3babdddca8caf4 Author: Werner Koch Date: Sat Jun 25 16:07:16 2016 +0200 doc: Update yat2m. * doc/yat2m.c: Update from Libgpg-error -- Taken from Libgpg-error commit 9b5e3d1608922f4aaf9958e022431849d5a58501 Signed-off-by: Werner Koch diff --git a/doc/yat2m.c b/doc/yat2m.c index 86c3c70..7599081 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -13,7 +13,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, see . + * along with this program; if not, see . */ /* @@ -104,6 +104,29 @@ #include +#if __GNUC__ +# define MY_GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) +#else +# define MY_GCC_VERSION 0 +#endif + +#if MY_GCC_VERSION >= 20500 +# define ATTR_PRINTF(f, a) __attribute__ ((format(printf,f,a))) +# define ATTR_NR_PRINTF(f, a) __attribute__ ((noreturn, format(printf,f,a))) +#else +# define ATTR_PRINTF(f, a) +# define ATTR_NR_PRINTF(f, a) +#endif +#if MY_GCC_VERSION >= 30200 +# define ATTR_MALLOC __attribute__ ((__malloc__)) +#else +# define ATTR_MALLOC +#endif + + + #define PGM "yat2m" #define VERSION "1.0" @@ -120,6 +143,7 @@ static int quiet; static int debug; static const char *opt_source; static const char *opt_release; +static const char *opt_date; static const char *opt_select; static const char *opt_include; static int opt_store; @@ -213,8 +237,16 @@ static const char * const standard_sections[] = static void proc_texi_buffer (FILE *fp, const char *line, size_t len, int *table_level, int *eol_action); +static void die (const char *format, ...) ATTR_NR_PRINTF(1,2); +static void err (const char *format, ...) ATTR_PRINTF(1,2); +static void inf (const char *format, ...) ATTR_PRINTF(1,2); +static void *xmalloc (size_t n) ATTR_MALLOC; +static void *xcalloc (size_t n, size_t m) ATTR_MALLOC; + +/*-- Functions --*/ + /* Print diagnostic message and exit with failure. */ static void die (const char *format, ...) @@ -323,8 +355,12 @@ isodatestring (void) { static char buffer[11+5]; struct tm *tp; - time_t atime = time (NULL); + time_t atime; + if (opt_date && *opt_date) + atime = strtoul (opt_date, NULL, 10); + else + atime = time (NULL); if (atime < 0) strcpy (buffer, "????" "-??" "-??"); else @@ -553,7 +589,7 @@ get_section_buffer (const char *name) for (i=0; i < thepage.n_sections; i++) if (!thepage.sections[i].name) break; - if (i < thepage.n_sections) + if (thepage.n_sections && i < thepage.n_sections) sect = thepage.sections + i; else { @@ -679,6 +715,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } cmdtbl[] = { { "command", 0, "\\fB", "\\fR" }, { "code", 0, "\\fB", "\\fR" }, + { "url", 0, "\\fB", "\\fR" }, { "sc", 0, "\\fB", "\\fR" }, { "var", 0, "\\fI", "\\fR" }, { "samp", 0, "\\(aq", "\\(aq" }, @@ -699,6 +736,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "emph", 0, "\\fI", "\\fR" }, { "w", 1 }, { "c", 5 }, + { "efindex", 1 }, { "opindex", 1 }, { "cpindex", 1 }, { "cindex", 1 }, @@ -846,7 +884,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } else inf ("texinfo command '%s' not supported (%.*s)", command, - ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); + (int)((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest); } if (*rest == '{') @@ -958,7 +996,7 @@ proc_texi_buffer (FILE *fp, const char *line, size_t len, assert (n <= len); s += n; len -= n; s--; len++; - in_cmd = 0; + /* in_cmd = 0; -- doc only */ } } @@ -1367,7 +1405,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) } if (!incfp) - err ("can't open include file '%s':%s", + err ("can't open include file '%s': %s", incname, strerror (errno)); else { @@ -1466,13 +1504,14 @@ main (int argc, char **argv) "Extract man pages from a Texinfo source.\n\n" " --source NAME use NAME as source field\n" " --release STRING use STRING as the release field\n" + " --date EPOCH use EPOCH as publication date\n" " --store write output using @manpage name\n" " --select NAME only output pages with @manpage NAME\n" " --verbose enable extra informational output\n" " --debug enable additional debug output\n" " --help display this help and exit\n" " -I DIR also search in include DIR\n" - " -D gpgone the only useable define\n\n" + " -D gpgone the only usable define\n\n" "With no FILE, or when FILE is -, read standard input.\n\n" "Report bugs to ."); exit (0); @@ -1519,6 +1558,15 @@ main (int argc, char **argv) argc--; argv++; } } + else if (!strcmp (*argv, "--date")) + { + argc--; argv++; + if (argc) + { + opt_date = *argv; + argc--; argv++; + } + } else if (!strcmp (*argv, "--store")) { opt_store = 1; commit c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9 Author: Werner Koch Date: Sat Jun 25 16:09:20 2016 +0200 tests: Add attributes to helper functions. * tests/t-common.h (die, fail, info): Add attributes. * tests/random.c (die, inf): Ditto. * tests/pubkey.c (die, fail, info): Add attributes. * tests/fipsdrv.c (die): Add attribute. (main): Take care of missing --key,--iv,--dt options. Signed-off-by: Werner Koch diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c index 49253cb..63c5176 100644 --- a/tests/fipsdrv.c +++ b/tests/fipsdrv.c @@ -134,6 +134,11 @@ struct tag_info }; +/* If we have a decent libgpg-error we can use some gcc attributes. */ +#ifdef GPGRT_ATTR_NORETURN +static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2); +#endif /*GPGRT_ATTR_NORETURN*/ + /* Print a error message and exit the process with an error code. */ static void @@ -1150,7 +1155,7 @@ run_cipher_mct_loop (int encrypt_mode, int cipher_algo, int cipher_mode, blocklen = gcry_cipher_get_algo_blklen (cipher_algo); if (!blocklen || blocklen > sizeof output) - die ("invalid block length %d\n", blocklen); + die ("invalid block length %d\n", (int)blocklen); gcry_cipher_ctl (hd, PRIV_CIPHERCTL_DISABLE_WEAK_KEY, NULL, 0); @@ -2570,7 +2575,8 @@ main (int argc, char **argv) die ("no version info in input\n"); } if (atoi (key_buffer) != 1) - die ("unsupported input version %s\n", key_buffer); + die ("unsupported input version %s\n", + (const char*)key_buffer); gcry_free (key_buffer); if (!(key_buffer = read_textline (input))) die ("no iteration count in input\n"); @@ -2644,11 +2650,11 @@ main (int argc, char **argv) unsigned char buffer[16]; size_t count = 0; - if (hex2bin (key_string, key, 16) < 0 ) + if (!key_string || hex2bin (key_string, key, 16) < 0 ) die ("value for --key are not 32 hex digits\n"); - if (hex2bin (iv_string, seed, 16) < 0 ) + if (!iv_string || hex2bin (iv_string, seed, 16) < 0 ) die ("value for --iv are not 32 hex digits\n"); - if (hex2bin (dt_string, dt, 16) < 0 ) + if (!dt_string || hex2bin (dt_string, dt, 16) < 0 ) die ("value for --dt are not 32 hex digits\n"); /* The flag value 1 disables the dup check, so that the RNG diff --git a/tests/pubkey.c b/tests/pubkey.c index b691913..3eb5b4f 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -115,6 +115,15 @@ static const char sample_public_key_1[] = static int verbose; static int error_count; + +/* If we have a decent libgpg-error we can use some gcc attributes. */ +#ifdef GPGRT_ATTR_NORETURN +static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2); +static void fail (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +static void info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +#endif /*GPGRT_ATTR_NORETURN*/ + + static void die (const char *format, ...) { diff --git a/tests/random.c b/tests/random.c index 3c08726..65e5670 100644 --- a/tests/random.c +++ b/tests/random.c @@ -43,6 +43,13 @@ static int verbose; static int debug; static int with_progress; +/* If we have a decent libgpg-error we can use some gcc attributes. */ +#ifdef GPGRT_ATTR_NORETURN +static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2); +static void inf (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +#endif /*GPGRT_ATTR_NORETURN*/ + + static void die (const char *format, ...) { diff --git a/tests/t-common.h b/tests/t-common.h index 3546986..68a7804 100644 --- a/tests/t-common.h +++ b/tests/t-common.h @@ -52,6 +52,13 @@ static int verbose; static int debug; static int errorcount; +/* If we have a decent libgpg-error we can use some gcc attributes. */ +#ifdef GPGRT_ATTR_NORETURN +static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2); +static void fail (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +static void info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); +#endif /*GPGRT_ATTR_NORETURN*/ + /* Reporting functions. */ static void diff --git a/tests/t-sexp.c b/tests/t-sexp.c index 33a58ff..edb37a2 100644 --- a/tests/t-sexp.c +++ b/tests/t-sexp.c @@ -81,7 +81,7 @@ hex2mpiopa (const char *string) die ("hex2mpiopa '%s' failed: parser error\n", string); val = gcry_mpi_set_opaque (NULL, buffer, buflen*8); if (!buffer) - die ("hex2mpiopa '%s' failed: set_opaque error%s\n", string); + die ("hex2mpiopa '%s' failed: set_opaque error\n", string); return val; } @@ -510,7 +510,7 @@ back_and_forth_one (int testno, const char *buffer, size_t length) } if (compare_to_canon (se1, canon, canonlen)) { - fail ("baf %d: converting to advanced failed.\n", + fail ("baf %d: converting to advanced failed: %s\n", testno, gpg_strerror (rc)); return; } ----------------------------------------------------------------------- Summary of changes: doc/yat2m.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++------- tests/fipsdrv.c | 16 +++++++++----- tests/pubkey.c | 9 ++++++++ tests/random.c | 7 +++++++ tests/t-common.h | 7 +++++++ tests/t-sexp.c | 4 ++-- 6 files changed, 92 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 17:01:07 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 17:01:07 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.2-3-gd60ef71 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via d60ef7192ad95ec2ec1aef436742f56e6c750b89 (commit) from 7101fcbb662220326f2fc786219c1853f27a5298 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d60ef7192ad95ec2ec1aef436742f56e6c750b89 Author: Werner Koch Date: Sat Jun 25 16:59:16 2016 +0200 Fix minor memory leaks * src/assuan-pipe-connect.c (socketpair_connect): Always free CHILD_FDS. * src/assuan-uds.c (uds_sendfd): Clear CONTROL_U to silence Valgrind. * tests/fdpassing.c (main): Free FNAME. * src/assuan-handler.c (dispatch_command): Remove dead assignment. Signed-off-by: Werner Koch diff --git a/src/assuan-handler.c b/src/assuan-handler.c index 351446d..dec0f1b 100644 --- a/src/assuan-handler.c +++ b/src/assuan-handler.c @@ -661,7 +661,7 @@ dispatch_command (assuan_context_t ctx, char *line, int linelen) if (!s) return PROCESS_DONE (ctx, set_error (ctx, GPG_ERR_ASS_UNKNOWN_CMD, NULL)); line += shift; - linelen -= shift; + /* linelen -= shift; -- not needed. */ if (ctx->pre_cmd_notify_fnc) { err = ctx->pre_cmd_notify_fnc(ctx, ctx->cmdtbl[i].name); diff --git a/src/assuan-pipe-connect.c b/src/assuan-pipe-connect.c index e5d2a38..a657c94 100644 --- a/src/assuan-pipe-connect.c +++ b/src/assuan-pipe-connect.c @@ -347,10 +347,11 @@ socketpair_connect (assuan_context_t ctx, fd_child_list[idx] = child_fds[idx + 1]; } + _assuan_free (ctx, child_fds); + /* If this is the server child process, exit early. */ if (! name && (*argv)[0] == 's') { - _assuan_free (ctx, child_fds); _assuan_close (ctx, fds[0]); return 0; } diff --git a/src/assuan-uds.c b/src/assuan-uds.c index dd77af4..59f3a6b 100644 --- a/src/assuan-uds.c +++ b/src/assuan-uds.c @@ -34,7 +34,7 @@ #else # ifdef HAVE_WINSOCK2_H # include -# endif +# endif # include #endif #if HAVE_SYS_UIO_H @@ -60,10 +60,10 @@ #define MY_ALIGN(n) ((((n))+ sizeof(size_t)-1) & (size_t)~(sizeof(size_t)-1)) #ifndef CMSG_SPACE #define CMSG_SPACE(n) (MY_ALIGN(sizeof(struct cmsghdr)) + MY_ALIGN((n))) -#endif +#endif #ifndef CMSG_LEN #define CMSG_LEN(n) (MY_ALIGN(sizeof(struct cmsghdr)) + (n)) -#endif +#endif #ifndef CMSG_FIRSTHDR #define CMSG_FIRSTHDR(mhdr) \ ((size_t)(mhdr)->msg_controllen >= sizeof (struct cmsghdr) \ @@ -200,12 +200,14 @@ uds_sendfd (assuan_context_t ctx, assuan_fd_t fd) char buffer[80]; /* We need to send some real data so that a read won't return 0 - which will be taken as an EOF. It also helps with debugging. */ + which will be taken as an EOF. It also helps with debugging. */ snprintf (buffer, sizeof(buffer)-1, "# descriptor %d is in flight\n", fd); buffer[sizeof(buffer)-1] = 0; memset (&msg, 0, sizeof (msg)); + memset (&control_u, 0, sizeof (control_u)); + msg.msg_name = NULL; msg.msg_namelen = 0; msg.msg_iovlen = 1; diff --git a/tests/fdpassing.c b/tests/fdpassing.c index fee5ba0..1156ad7 100644 --- a/tests/fdpassing.c +++ b/tests/fdpassing.c @@ -59,10 +59,10 @@ cmd_echo (assuan_context_t ctx, char *line) nbytes = 0; while ( (c=getc (fp)) != -1) { - putc (c, stdout); + putc (c, stdout); nbytes++; } - fflush (stdout); + fflush (stdout); log_info ("done printing %d bytes to stdout\n", nbytes); fclose (fp); @@ -118,7 +118,7 @@ server (void) assuan_set_log_stream (ctx, stderr); - for (;;) + for (;;) { rc = assuan_accept (ctx); if (rc) @@ -127,7 +127,7 @@ server (void) log_error ("assuan_accept failed: %s\n", gpg_strerror (rc)); break; } - + log_info ("client connected. Client's pid is %ld\n", (long)assuan_get_pid (ctx)); @@ -135,7 +135,7 @@ server (void) if (rc) log_error ("assuan_process failed: %s\n", gpg_strerror (rc)); } - + assuan_release (ctx); } @@ -169,7 +169,7 @@ client (assuan_context_t ctx, const char *fname) strerror (errno)); return -1; } - + rc = assuan_sendfd (ctx, fileno (fp)); if (rc) { @@ -204,12 +204,12 @@ client (assuan_context_t ctx, const char *fname) -/* - +/* + M A I N */ -int +int main (int argc, char **argv) { int last_argc = -1; @@ -294,17 +294,18 @@ main (int argc, char **argv) if (err) { log_error ("assuan_pipe_connect failed: %s\n", gpg_strerror (err)); - return 1; + assuan_release (ctx); + errorcount++; } - - if (!with_exec && loc[0] == 's') + else if (!with_exec && loc[0] == 's') { server (); + assuan_release (ctx); log_info ("server finished\n"); } else { - if (client (ctx, fname)) + if (client (ctx, fname)) { log_info ("waiting for server to terminate...\n"); assuan_release (ctx); @@ -313,6 +314,7 @@ main (int argc, char **argv) } } + xfree (fname); return errorcount ? 1 : 0; } ----------------------------------------------------------------------- Summary of changes: src/assuan-handler.c | 2 +- src/assuan-pipe-connect.c | 3 ++- src/assuan-uds.c | 10 ++++++---- tests/fdpassing.c | 28 +++++++++++++++------------- 4 files changed, 24 insertions(+), 19 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 17:30:28 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 17:30:28 +0200 Subject: [git] ADNS-g10 - branch, master, updated. adns-1.4-g10-6-19-g0b927ad Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "ADNS migrated to autotools/libtool". The branch, master has been updated via 0b927ad536d0338ddc205bc58940a147de1dff92 (commit) from 0d2f64783f35bbae58a5eeabcaf234d04dccfdbc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0b927ad536d0338ddc205bc58940a147de1dff92 Author: Werner Koch Date: Sat Jun 25 17:28:27 2016 +0200 w32: Silence const warning for select. * src/w32support.c (adns__sock_select): Use a copy of the timeout arg. Signed-off-by: Werner Koch diff --git a/src/w32support.c b/src/w32support.c index 4d7bb64..1a2474f 100644 --- a/src/w32support.c +++ b/src/w32support.c @@ -211,9 +211,18 @@ adns__sock_close (int fd) int adns__sock_select (int nfds, fd_set *rset, fd_set *wset, fd_set *xset, - const struct timeval *timeout) + const struct timeval *timeout_arg) { int rc; + struct timeval timeout_buf, *timeout; + + if (timeout_arg) + { + timeout_buf = *timeout_arg; + timeout = &timeout_buf; + } + else + timeout = NULL; rc = select (nfds, rset, wset, xset, timeout); if (rc == -1) ----------------------------------------------------------------------- Summary of changes: src/w32support.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) hooks/post-receive -- ADNS migrated to autotools/libtool http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 17:41:49 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 17:41:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-53-gb687235 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b6872353bae778d11730f5d0afd2192750777647 (commit) from 22b9bea1c3d0e944aa539a87d79e47d92ca5309f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b6872353bae778d11730f5d0afd2192750777647 Author: Werner Koch Date: Sat Jun 25 17:39:38 2016 +0200 build: Add aclocal macro from pkg-config. * m4/pkg.m4: New. Signed-off-by: Werner Koch diff --git a/m4/Makefile.am b/m4/Makefile.am index f1b8df9..3232413 100644 --- a/m4/Makefile.am +++ b/m4/Makefile.am @@ -1,6 +1,6 @@ EXTRA_DIST = intl.m4 intldir.m4 glibc2.m4 lock.m4 visibility.m4 intmax.m4 longdouble.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 -EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4 +EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4 pkg.m4 EXTRA_DIST += gnupg-pth.m4 diff --git a/m4/pkg.m4 b/m4/pkg.m4 new file mode 100644 index 0000000..78953b7 --- /dev/null +++ b/m4/pkg.m4 @@ -0,0 +1,214 @@ +# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 1 (pkg-config-0.24) +# +# Copyright ? 2004 Scott James Remnant . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# PKG_PROG_PKG_CONFIG([MIN-VERSION]) +# ---------------------------------- +AC_DEFUN([PKG_PROG_PKG_CONFIG], +[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) +m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) +m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=m4_default([$1], [0.9.0]) + AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PKG_CONFIG="" + fi +fi[]dnl +])# PKG_PROG_PKG_CONFIG + +# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# +# Check to see whether a particular set of modules exists. Similar +# to PKG_CHECK_MODULES(), but does not set variables or print errors. +# +# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +# only at the first occurence in configure.ac, so if the first place +# it's called might be skipped (such as if it is within an "if", you +# have to call PKG_CHECK_EXISTS manually +# -------------------------------------------------------------- +AC_DEFUN([PKG_CHECK_EXISTS], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +if test -n "$PKG_CONFIG" && \ + AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then + m4_default([$2], [:]) +m4_ifvaln([$3], [else + $3])dnl +fi]) + +# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +# --------------------------------------------- +m4_define([_PKG_CONFIG], +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes ], + [pkg_failed=yes]) + else + pkg_failed=untried +fi[]dnl +])# _PKG_CONFIG + +# _PKG_SHORT_ERRORS_SUPPORTED +# ----------------------------- +AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi[]dnl +])# _PKG_SHORT_ERRORS_SUPPORTED + + +# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +# [ACTION-IF-NOT-FOUND]) +# +# +# Note that if there is a possibility the first call to +# PKG_CHECK_MODULES might not happen, you should be sure to include an +# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac +# +# +# -------------------------------------------------------------- +AC_DEFUN([PKG_CHECK_MODULES], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl +AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl + +pkg_failed=no +AC_MSG_CHECKING([for $1]) + +_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) +_PKG_CONFIG([$1][_LIBS], [libs], [$2]) + +m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS +and $1[]_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details.]) + +if test $pkg_failed = yes; then + AC_MSG_RESULT([no]) + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` + else + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD + + m4_default([$4], [AC_MSG_ERROR( +[Package requirements ($2) were not met: + +$$1_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +_PKG_TEXT])[]dnl + ]) +elif test $pkg_failed = untried; then + AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( +[The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +_PKG_TEXT + +To get pkg-config, see .])[]dnl + ]) +else + $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS + $1[]_LIBS=$pkg_cv_[]$1[]_LIBS + AC_MSG_RESULT([yes]) + $3 +fi[]dnl +])# PKG_CHECK_MODULES + + +# PKG_INSTALLDIR(DIRECTORY) +# ------------------------- +# Substitutes the variable pkgconfigdir as the location where a module +# should install pkg-config .pc files. By default the directory is +# $libdir/pkgconfig, but the default can be changed by passing +# DIRECTORY. The user can override through the --with-pkgconfigdir +# parameter. +AC_DEFUN([PKG_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, + [with_pkgconfigdir=]pkg_default) +AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +]) dnl PKG_INSTALLDIR + + +# PKG_NOARCH_INSTALLDIR(DIRECTORY) +# ------------------------- +# Substitutes the variable noarch_pkgconfigdir as the location where a +# module should install arch-independent pkg-config .pc files. By +# default the directory is $datadir/pkgconfig, but the default can be +# changed by passing DIRECTORY. The user can override through the +# --with-noarch-pkgconfigdir parameter. +AC_DEFUN([PKG_NOARCH_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([noarch-pkgconfigdir], + [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, + [with_noarch_pkgconfigdir=]pkg_default) +AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +]) dnl PKG_NOARCH_INSTALLDIR + + +# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, +# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# ------------------------------------------- +# Retrieves the value of the pkg-config variable for the given module. +AC_DEFUN([PKG_CHECK_VAR], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl + +_PKG_CONFIG([$1], [variable="][$3]["], [$2]) +AS_VAR_COPY([$1], [pkg_cv_][$1]) + +AS_VAR_IF([$1], [""], [$5], [$4])dnl +])# PKG_CHECK_VAR ----------------------------------------------------------------------- Summary of changes: m4/Makefile.am | 2 +- m4/pkg.m4 | 214 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 215 insertions(+), 1 deletion(-) create mode 100644 m4/pkg.m4 hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 25 20:54:34 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Jun 2016 20:54:34 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-7-g7a7f7c1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 7a7f7c147f888367dfee6093d26bfeaf750efc3a (commit) from 1feb01940062a74c27230434fc3babdddca8caf4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7a7f7c147f888367dfee6093d26bfeaf750efc3a Author: Werner Koch Date: Sat Jun 25 20:52:47 2016 +0200 ecc: Fix memory leak. * cipher/ecc.c (ecc_check_secret_key): Do not init point if already set. Signed-off-by: Werner Koch diff --git a/cipher/ecc.c b/cipher/ecc.c index 8af0d14..e25bf09 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -790,7 +790,8 @@ ecc_check_secret_key (gcry_sexp_t keyparms) } if (mpi_g) { - point_init (&sk.E.G); + if (!sk.E.G.x) + point_init (&sk.E.G); rc = _gcry_ecc_os2ec (&sk.E.G, mpi_g); if (rc) goto leave; ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 27 10:59:15 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 27 Jun 2016 10:59:15 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.23-5-g467ccbb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 467ccbb6062439eda9dce7cd991934d1a5491713 (commit) from 7213299fdb2293b974fc436686626ae0a29290b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 467ccbb6062439eda9dce7cd991934d1a5491713 Author: Werner Koch Date: Mon Jun 27 10:57:26 2016 +0200 estream: Fix bug es_fclose_snatch if a seek has been used. * src/estream.c (func_mem_ioctl): Set LEN from DATA_LEN. Signed-off-by: Werner Koch diff --git a/src/estream.c b/src/estream.c index 2a44ac3..4352df5 100644 --- a/src/estream.c +++ b/src/estream.c @@ -890,7 +890,7 @@ func_mem_ioctl (void *cookie, int cmd, void *ptr, size_t *len) /* Return the internal buffer of the stream to the caller and invalidate it for the stream. */ *(void**)ptr = mem_cookie->memory; - *len = mem_cookie->offset; + *len = mem_cookie->data_len; mem_cookie->memory = NULL; mem_cookie->memory_size = 0; mem_cookie->offset = 0; ----------------------------------------------------------------------- Summary of changes: src/estream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 27 15:51:35 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 27 Jun 2016 15:51:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-186-g15fc5c3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 15fc5c34c88ecbb61272705af60f7054b41c57f7 (commit) via 82d484c852d07958ac93efb3d2d7b7726fbb5231 (commit) from 3364549c19682f56d4d9c52ab7f76862c5a456cf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 15fc5c34c88ecbb61272705af60f7054b41c57f7 Author: Andre Heinecke Date: Mon Jun 27 15:50:01 2016 +0200 Cpp: Expose new data_identify values * lang/cpp/src/data.cpp (GpgME::Data::type): Handle PGP Encrypted and Signature. * lang/cpp/src/data.h: Add values accordingly. diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp index bf9a629..af1c479 100644 --- a/lang/cpp/src/data.cpp +++ b/lang/cpp/src/data.cpp @@ -178,6 +178,8 @@ GpgME::Data::Type GpgME::Data::type() const case GPGME_DATA_TYPE_CMS_OTHER: return CMSOther; case GPGME_DATA_TYPE_X509_CERT: return X509Cert; case GPGME_DATA_TYPE_PKCS12: return PKCS12; + case GPGME_DATA_TYPE_PGP_ENCRYPTED: return PGPEncrypted; + case GPGME_DATA_TYPE_PGP_SIGNATURE: return PGPSignature; } return Invalid; } diff --git a/lang/cpp/src/data.h b/lang/cpp/src/data.h index efb1e79..d5e54aa 100644 --- a/lang/cpp/src/data.h +++ b/lang/cpp/src/data.h @@ -92,7 +92,9 @@ public: CMSEncrypted, CMSOther, X509Cert, - PKCS12 + PKCS12, + PGPEncrypted, + PGPSignature, }; Type type() const; commit 82d484c852d07958ac93efb3d2d7b7726fbb5231 Author: Andre Heinecke Date: Mon Jun 27 14:47:44 2016 +0200 Cpp: Do not treat KEYEXPIRED as error * lang/cpp/src/editinteractor.cpp (status_to_error): No error for KEYEXPIRED. -- As keyexpired status is sent even if a subkey is expired we can not treat it as a global error. diff --git a/lang/cpp/src/editinteractor.cpp b/lang/cpp/src/editinteractor.cpp index d2633b5..07dc26d 100644 --- a/lang/cpp/src/editinteractor.cpp +++ b/lang/cpp/src/editinteractor.cpp @@ -222,8 +222,6 @@ Error status_to_error(unsigned int status) return Error::fromCode(GPG_ERR_NO_PASSPHRASE); case GPGME_STATUS_ALREADY_SIGNED: return Error::fromCode(GPG_ERR_ALREADY_SIGNED); - case GPGME_STATUS_KEYEXPIRED: - return Error::fromCode(GPG_ERR_CERT_EXPIRED); case GPGME_STATUS_SIGEXPIRED: return Error::fromCode(GPG_ERR_SIG_EXPIRED); } ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/data.cpp | 2 ++ lang/cpp/src/data.h | 4 +++- lang/cpp/src/editinteractor.cpp | 2 -- 3 files changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 27 16:06:43 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 27 Jun 2016 16:06:43 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.4-5-gb60e514 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via b60e5140f85fc00cd131ab635d4202693759abe1 (commit) via 7243a3c6ed1635eef45b567b37a025e4a5e0dc51 (commit) from 43f890f37b514757db5653608ec59b5a74e8e092 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b60e5140f85fc00cd131ab635d4202693759abe1 Author: Werner Koch Date: Mon Jun 27 16:04:44 2016 +0200 Use modern error macros and fix a missing assignment. * src/ocsp.c: Remove errno.h. Replace gpg_error_from_errno(errno) by gpg_error_from_syserror (). (parse_response): Ditto. Return direct becuase static analyzer may not grasp that gpg_error_from_syserror will never return false. (ksba_ocsp_get_responder_id): Actually return an error for NO_DATA. Signed-off-by: Werner Koch diff --git a/src/ocsp.c b/src/ocsp.c index c053b18..56d2b55 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -33,7 +33,6 @@ #include #include #include -#include #include "util.h" @@ -207,7 +206,7 @@ parse_object_id_into_str (unsigned char const **buf, size_t *len, char **oid) else if (ti.length > *len) err = gpg_error (GPG_ERR_BAD_BER); else if (!(*oid = ksba_oid_to_str (*buf, ti.length))) - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); else { *buf += ti.length; @@ -269,7 +268,7 @@ ksba_ocsp_new (ksba_ocsp_t *r_ocsp) { *r_ocsp = xtrycalloc (1, sizeof **r_ocsp); if (!*r_ocsp) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); return 0; } @@ -340,7 +339,7 @@ ksba_ocsp_set_digest_algo (ksba_ocsp_t ocsp, const char *oid) xfree (ocsp->digest_oid); ocsp->digest_oid = xtrystrdup (oid); if (!ocsp->digest_oid) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); return 0; } @@ -369,7 +368,7 @@ ksba_ocsp_add_target (ksba_ocsp_t ocsp, ri = xtrycalloc (1, sizeof *ri); if (!ri) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); ksba_cert_ref (cert); ri->cert = cert; ksba_cert_ref (issuer_cert); @@ -629,9 +628,10 @@ ksba_ocsp_prepare_request (ksba_ocsp_t ocsp) xfree (ri->serialno); ri->serialno = xtrymalloc (derlen); if (!ri->serialno) - err = gpg_error_from_errno (errno); - if (err) - goto leave; + { + err = gpg_error_from_syserror (); + goto leave; + } memcpy (ri->serialno, der, derlen); ri->serialnolen = derlen; @@ -919,7 +919,7 @@ parse_response_extensions (ksba_ocsp_t ocsp, ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); if (!ex) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto leave; } ex->crit = is_crit; @@ -986,7 +986,7 @@ parse_single_extensions (struct ocsp_reqitem_s *ri, ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length); if (!ex) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_syserror (); goto leave; } ex->crit = is_crit; @@ -1428,7 +1428,7 @@ parse_response_data (ksba_ocsp_t ocsp, return gpg_error (GPG_ERR_INV_OBJ); /* Zero length key id. */ ocsp->responder_id.keyid = xtrymalloc (ti.length); if (!ocsp->responder_id.keyid) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); memcpy (ocsp->responder_id.keyid, *data, ti.length); ocsp->responder_id.keyidlen = ti.length; parse_skip (data, datalen, &ti); @@ -1591,12 +1591,12 @@ parse_response (ksba_ocsp_t ocsp, const unsigned char *msg, size_t msglen) parse_skip (&msg, &msglen, &ti); cl = xtrycalloc (1, sizeof *cl); if (!cl) - err = gpg_error_from_errno (errno); - if (err) { + err = gpg_error_from_syserror (); ksba_cert_release (cert); - return gpg_error (GPG_ERR_ENOMEM); + return err; } + cl->cert = cert; *cl_tail = cl; @@ -1750,7 +1750,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp, { *r_name = xtrystrdup (ocsp->responder_id.name); if (!*r_name) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); } else if (ocsp->responder_id.keyid && r_keyid) { @@ -1761,7 +1761,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp, numbuflen = strlen (numbuf); *r_keyid = xtrymalloc (numbuflen + ocsp->responder_id.keyidlen + 2); if (!*r_keyid) - return gpg_error_from_errno (errno); + return gpg_error_from_syserror (); strcpy (*r_keyid, numbuf); memcpy (*r_keyid+numbuflen, ocsp->responder_id.keyid, ocsp->responder_id.keyidlen); @@ -1769,7 +1769,7 @@ ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp, (*r_keyid)[numbuflen + ocsp->responder_id.keyidlen + 1] = 0; } else - gpg_error (GPG_ERR_NO_DATA); + return gpg_error (GPG_ERR_NO_DATA); return 0; } commit 7243a3c6ed1635eef45b567b37a025e4a5e0dc51 Author: Werner Koch Date: Mon Jun 27 15:54:20 2016 +0200 Detect invalid RDN names and avoid a read from uninitialized variable. * src/dn.c (parse_rdn): Bail out for an invalid name. Signed-off-by: Werner Koch diff --git a/src/dn.c b/src/dn.c index cea18a1..958850b 100644 --- a/src/dn.c +++ b/src/dn.c @@ -1014,6 +1014,9 @@ parse_rdn (const unsigned char *string, const char **endp, oid = oid_name_tbl[i].oid; oidlen = oid_name_tbl[i].oidlen; } + else + return gpg_error (GPG_ERR_INV_NAME); + s++; while (*s == ' ') s++; ----------------------------------------------------------------------- Summary of changes: src/dn.c | 3 +++ src/ocsp.c | 34 +++++++++++++++++----------------- 2 files changed, 20 insertions(+), 17 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 27 16:14:01 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 27 Jun 2016 16:14:01 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.4-6-g995d2e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 995d2e34932143cc9888db779cb3ecd92ae6e32e (commit) from b60e5140f85fc00cd131ab635d4202693759abe1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 995d2e34932143cc9888db779cb3ecd92ae6e32e Author: Werner Koch Date: Mon Jun 27 16:12:09 2016 +0200 tests: Fix a memory leak. * tests/t-oid.c (test_oid_to_str): Free STR. Signed-off-by: Werner Koch diff --git a/tests/t-oid.c b/tests/t-oid.c index be68d52..0fe5944 100644 --- a/tests/t-oid.c +++ b/tests/t-oid.c @@ -143,6 +143,7 @@ test_oid_to_str (void) fprintf (stderr, " want=%s\n", tests[tidx].str); exit (1); } + ksba_free (str); } } ----------------------------------------------------------------------- Summary of changes: tests/t-oid.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 27 17:26:32 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 27 Jun 2016 17:26:32 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-9-g4d634a0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4d634a098742ff425b324e9f2a67b9f62de09744 (commit) via ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c (commit) from 7a7f7c147f888367dfee6093d26bfeaf750efc3a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4d634a098742ff425b324e9f2a67b9f62de09744 Author: Werner Koch Date: Mon Jun 27 17:22:18 2016 +0200 tests: Do not test SHAKE128 et al with gcry_md_hash_buffer. * tests/benchmark.c (md_bench): Do not test variable lengths algos with the gcry_md_hash_buffer. Signed-off-by: Werner Koch diff --git a/tests/benchmark.c b/tests/benchmark.c index 53b83b1..d387c56 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -572,21 +572,24 @@ md_bench ( const char *algoname ) if (gcry_md_get_algo_dlen (algo) > sizeof digest) die ("digest buffer too short\n"); - largebuf_base = malloc (10000+15); - if (!largebuf_base) - die ("out of core\n"); - largebuf = (largebuf_base - + ((16 - ((size_t)largebuf_base & 0x0f)) % buffer_alignment)); - - for (i=0; i < 10000; i++) - largebuf[i] = i; - start_timer (); - for (repcount=0; repcount < hash_repetitions; repcount++) - for (i=0; i < 100; i++) - gcry_md_hash_buffer (algo, digest, largebuf, 10000); - stop_timer (); - printf (" %s", elapsed_time (1)); - free (largebuf_base); + if (gcry_md_get_algo_dlen (algo)) + { + largebuf_base = malloc (10000+15); + if (!largebuf_base) + die ("out of core\n"); + largebuf = (largebuf_base + + ((16 - ((size_t)largebuf_base & 0x0f)) % buffer_alignment)); + + for (i=0; i < 10000; i++) + largebuf[i] = i; + start_timer (); + for (repcount=0; repcount < hash_repetitions; repcount++) + for (i=0; i < 100; i++) + gcry_md_hash_buffer (algo, digest, largebuf, 10000); + stop_timer (); + printf (" %s", elapsed_time (1)); + free (largebuf_base); + } putchar ('\n'); fflush (stdout); commit ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c Author: Werner Koch Date: Mon Jun 27 17:11:23 2016 +0200 md: Improve diagnostic when using SHAKE128 with gcry_md_hash_buffer. * cipher/md.c (md_read): Detect missing read function. (_gcry_md_hash_buffers): Return an error. Signed-off-by: Werner Koch diff --git a/cipher/md.c b/cipher/md.c index a39e18a..27a0efb 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -831,9 +831,8 @@ md_read( gcry_md_hd_t a, int algo ) { if (r->next) log_debug ("more than one algorithm in md_read(0)\n"); - if (r->spec->read == NULL) - return NULL; - return r->spec->read (&r->context.c); + if (r->spec->read) + return r->spec->read (&r->context.c); } } else @@ -841,12 +840,17 @@ md_read( gcry_md_hd_t a, int algo ) for (r = a->ctx->list; r; r = r->next) if (r->spec->algo == algo) { - if (r->spec->read == NULL) - return NULL; - return r->spec->read (&r->context.c); + if (r->spec->read) + return r->spec->read (&r->context.c); + break; } } - _gcry_fatal_error (GPG_ERR_DIGEST_ALGO, "request algo not in md context"); + + if (r && !r->spec->read) + _gcry_fatal_error (GPG_ERR_DIGEST_ALGO, + "requested algo has no fixed digest length"); + else + _gcry_fatal_error (GPG_ERR_DIGEST_ALGO, "requested algo not in md context"); return NULL; } @@ -1010,6 +1014,7 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, normal functions. */ gcry_md_hd_t h; gpg_err_code_t rc; + int dlen; if (algo == GCRY_MD_MD5 && fips_mode ()) { @@ -1022,6 +1027,12 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, } } + /* Detect SHAKE128 like algorithms which we can't use because + * our API does not allow for a variable length digest. */ + dlen = md_digest_length (algo); + if (!dlen) + return GPG_ERR_DIGEST_ALGO; + rc = md_open (&h, algo, (hmac? GCRY_MD_FLAG_HMAC:0)); if (rc) return rc; @@ -1041,7 +1052,7 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, for (;iovcnt; iov++, iovcnt--) md_write (h, (const char*)iov[0].data + iov[0].off, iov[0].len); md_final (h); - memcpy (digest, md_read (h, algo), md_digest_length (algo)); + memcpy (digest, md_read (h, algo), dlen); md_close (h); } ----------------------------------------------------------------------- Summary of changes: cipher/md.c | 27 +++++++++++++++++++-------- tests/benchmark.c | 33 ++++++++++++++++++--------------- 2 files changed, 37 insertions(+), 23 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 27 18:31:24 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 27 Jun 2016 18:31:24 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-187-g62d10c2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 62d10c2a38160ef539a784b96960a6b5e3d8d6b6 (commit) from 15fc5c34c88ecbb61272705af60f7054b41c57f7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 62d10c2a38160ef539a784b96960a6b5e3d8d6b6 Author: Justus Winter Date: Mon Jun 27 17:56:18 2016 +0200 tests: Fix trivial memory leaks. -- Signed-off-by: Justus Winter diff --git a/tests/gpg/t-decrypt-verify.c b/tests/gpg/t-decrypt-verify.c index 0d89669..823655f 100644 --- a/tests/gpg/t-decrypt-verify.c +++ b/tests/gpg/t-decrypt-verify.c @@ -101,7 +101,7 @@ main (int argc, char *argv[]) gpgme_data_t in, out; gpgme_decrypt_result_t decrypt_result; gpgme_verify_result_t verify_result; - const char *cipher_2_asc = make_filename ("cipher-2.asc"); + char *cipher_2_asc = make_filename ("cipher-2.asc"); char *agent_info; init_gpgme (GPGME_PROTOCOL_OpenPGP); @@ -114,6 +114,7 @@ main (int argc, char *argv[]) gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); err = gpgme_data_new_from_file (&in, cipher_2_asc, 1); + free (cipher_2_asc); fail_if_err (err); err = gpgme_data_new (&out); fail_if_err (err); diff --git a/tests/gpg/t-decrypt.c b/tests/gpg/t-decrypt.c index 2a2f4d7..b085e04 100644 --- a/tests/gpg/t-decrypt.c +++ b/tests/gpg/t-decrypt.c @@ -43,7 +43,7 @@ main (int argc, char *argv[]) gpgme_error_t err; gpgme_data_t in, out; gpgme_decrypt_result_t result; - const char *cipher_1_asc = make_filename ("cipher-1.asc"); + char *cipher_1_asc = make_filename ("cipher-1.asc"); char *agent_info; init_gpgme (GPGME_PROTOCOL_OpenPGP); @@ -56,6 +56,7 @@ main (int argc, char *argv[]) gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); err = gpgme_data_new_from_file (&in, cipher_1_asc, 1); + free (cipher_1_asc); fail_if_err (err); err = gpgme_data_new (&out); diff --git a/tests/gpg/t-encrypt-sym.c b/tests/gpg/t-encrypt-sym.c index 51a3fc1..42dc3ca 100644 --- a/tests/gpg/t-encrypt-sym.c +++ b/tests/gpg/t-encrypt-sym.c @@ -92,6 +92,7 @@ main (int argc, char *argv[]) } gpgme_data_release (cipher); + free (text2); gpgme_release (ctx); return 0; diff --git a/tests/gpg/t-import.c b/tests/gpg/t-import.c index d673f87..41cfd23 100644 --- a/tests/gpg/t-import.c +++ b/tests/gpg/t-import.c @@ -214,8 +214,8 @@ main (int argc, char *argv[]) gpgme_error_t err; gpgme_data_t in; gpgme_import_result_t result; - const char *pubkey_1_asc = make_filename ("pubkey-1.asc"); - const char *seckey_1_asc = make_filename ("seckey-1.asc"); + char *pubkey_1_asc = make_filename ("pubkey-1.asc"); + char *seckey_1_asc = make_filename ("seckey-1.asc"); init_gpgme (GPGME_PROTOCOL_OpenPGP); @@ -223,6 +223,7 @@ main (int argc, char *argv[]) fail_if_err (err); err = gpgme_data_new_from_file (&in, pubkey_1_asc, 1); + free (pubkey_1_asc); fail_if_err (err); err = gpgme_op_import (ctx, in); @@ -232,6 +233,7 @@ main (int argc, char *argv[]) gpgme_data_release (in); err = gpgme_data_new_from_file (&in, seckey_1_asc, 1); + free (seckey_1_asc); fail_if_err (err); err = gpgme_op_import (ctx, in); diff --git a/tests/gpg/t-thread1.c b/tests/gpg/t-thread1.c index 86ea51a..0d4b2de 100644 --- a/tests/gpg/t-thread1.c +++ b/tests/gpg/t-thread1.c @@ -94,7 +94,7 @@ void * thread_two (void *name) { int i; - const char *cipher_1_asc = make_filename ("cipher-1.asc"); + char *cipher_1_asc = make_filename ("cipher-1.asc"); char *agent_info; agent_info = getenv("GPG_AGENT_INFO"); @@ -135,6 +135,7 @@ thread_two (void *name) gpgme_data_release (out); gpgme_release (ctx); } + free (cipher_1_asc); return NULL; } diff --git a/tests/gpgsm/t-import.c b/tests/gpgsm/t-import.c index 2d23779..adfebaa 100644 --- a/tests/gpgsm/t-import.c +++ b/tests/gpgsm/t-import.c @@ -142,8 +142,8 @@ main (int argc, char **argv) gpgme_error_t err; gpgme_data_t in; gpgme_import_result_t result; - const char *cert_1 = make_filename ("cert_dfn_pca01.der"); - const char *cert_2 = make_filename ("cert_dfn_pca15.der"); + char *cert_1 = make_filename ("cert_dfn_pca01.der"); + char *cert_2 = make_filename ("cert_dfn_pca15.der"); init_gpgme (GPGME_PROTOCOL_CMS); @@ -153,6 +153,7 @@ main (int argc, char **argv) gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); err = gpgme_data_new_from_file (&in, cert_1, 1); + free (cert_1); fail_if_err (err); err = gpgme_op_import (ctx, in); @@ -162,6 +163,7 @@ main (int argc, char **argv) gpgme_data_release (in); err = gpgme_data_new_from_file (&in, cert_2, 1); + free (cert_2); fail_if_err (err); err = gpgme_op_import (ctx, in); diff --git a/tests/gpgsm/t-keylist.c b/tests/gpgsm/t-keylist.c index bebd9d6..5204ab2 100644 --- a/tests/gpgsm/t-keylist.c +++ b/tests/gpgsm/t-keylist.c @@ -110,6 +110,7 @@ main (int argc, char **argv) { fprintf (stderr, "Warning: Skipping unknown key %s\n", key->subkeys->fpr); + gpgme_key_unref (key); continue; } else diff --git a/tests/t-data.c b/tests/t-data.c index 465f29e..178675c 100644 --- a/tests/t-data.c +++ b/tests/t-data.c @@ -194,8 +194,8 @@ int main (int argc, char **argv) { round_t round = TEST_INITIALIZER; - const char *text_filename = make_filename ("t-data-1.txt"); - const char *longer_text_filename = make_filename ("t-data-2.txt"); + char *text_filename = make_filename ("t-data-1.txt"); + char *longer_text_filename = make_filename ("t-data-2.txt"); const char *missing_filename = "this-file-surely-does-not-exist"; gpgme_error_t err = 0; gpgme_data_t data; @@ -269,7 +269,7 @@ main (int argc, char **argv) } break; case TEST_END: - return 0; + goto out; case TEST_INITIALIZER: /* Shouldn't happen. */ fprintf (stderr, "%s:%d: impossible condition\n", __FILE__, __LINE__); @@ -281,5 +281,8 @@ main (int argc, char **argv) write_test (round, data); gpgme_data_release (data); } + out: + free (text_filename); + free (longer_text_filename); return 0; } ----------------------------------------------------------------------- Summary of changes: tests/gpg/t-decrypt-verify.c | 3 ++- tests/gpg/t-decrypt.c | 3 ++- tests/gpg/t-encrypt-sym.c | 1 + tests/gpg/t-import.c | 6 ++++-- tests/gpg/t-thread1.c | 3 ++- tests/gpgsm/t-import.c | 6 ++++-- tests/gpgsm/t-keylist.c | 1 + tests/t-data.c | 9 ++++++--- 8 files changed, 22 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 28 09:01:54 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 28 Jun 2016 09:01:54 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-54-g52f6528 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 52f65281f9743c42a48bf5a3354c9ab0ecdb681a (commit) from b6872353bae778d11730f5d0afd2192750777647 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a Author: NIIBE Yutaka Date: Tue Jun 28 15:56:48 2016 +0900 g10: Fix --list-packets. * g10/gpg.c (main): Call set_packet_list_mode after assignment of opt.list_packets. * g10/mainproc.c (do_proc_packets): Don't stop processing with --list-packets as the comment says. * g10/options.h (list_packets): Fix the comment. * g10/parse-packet.c: Fix the condition for opt.list_packets. -- Debian-bug-id: 828109 Signed-off-by: NIIBE Yutaka diff --git a/g10/gpg.c b/g10/gpg.c index ef27562..9750c57 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4656,7 +4656,6 @@ main (int argc, char **argv) break; case aListPackets: - opt.list_packets=2; default: if( argc > 1 ) wrong_args(_("[filename]")); @@ -4685,8 +4684,8 @@ main (int argc, char **argv) } } if( cmd == aListPackets ) { - set_packet_list_mode(1); opt.list_packets=1; + set_packet_list_mode(1); } rc = proc_packets (ctrl, NULL, a ); if( rc ) diff --git a/g10/mainproc.c b/g10/mainproc.c index bd738ab..c191fe0 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1328,7 +1328,7 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a) /* Stop processing when an invalid packet has been encountered * but don't do so when we are doing a --list-packets. */ if (gpg_err_code (rc) == GPG_ERR_INV_PACKET - && opt.list_packets != 2 ) + && opt.list_packets == 0) break; continue; } diff --git a/g10/options.h b/g10/options.h index 4279bd6..fc333cd 100644 --- a/g10/options.h +++ b/g10/options.h @@ -80,7 +80,7 @@ struct int print_pka_records; int print_dane_records; int no_armor; - int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ + int list_packets; /* Option --list-packets active. */ int def_cipher_algo; int force_mdc; int disable_mdc; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 1c1b389..ec8a641 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -211,7 +211,7 @@ set_packet_list_mode (int mode) enable the list mode only with a special option. */ if (!listfp) { - if (opt.list_packets == 2) + if (opt.list_packets) { listfp = es_stdout; if (opt.verbose) ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 3 +-- g10/mainproc.c | 2 +- g10/options.h | 2 +- g10/parse-packet.c | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 28 09:06:56 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 28 Jun 2016 09:06:56 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-7-g4f336ed Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b (commit) from fb0e18b38434cbe97dee4c26047a994baf02fe76 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b Author: NIIBE Yutaka Date: Tue Jun 28 15:56:48 2016 +0900 g10: Fix --list-packets. * g10/gpg.c (main): Call set_packet_list_mode after assignment of opt.list_packets. * g10/mainproc.c (do_proc_packets): Don't stop processing with --list-packets as the comment says. * g10/options.h (list_packets): Fix the comment. * g10/parse-packet.c: Fix the condition for opt.list_packets. -- (backport of master commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a) Debian-bug-id: 828109 Signed-off-by: NIIBE Yutaka diff --git a/g10/gpg.c b/g10/gpg.c index 97975fb..3a7dc38 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4130,7 +4130,6 @@ main (int argc, char **argv) break; case aListPackets: - opt.list_packets=2; default: if( argc > 1 ) wrong_args(_("[filename]")); @@ -4157,8 +4156,8 @@ main (int argc, char **argv) } } if( cmd == aListPackets ) { - set_packet_list_mode(1); opt.list_packets=1; + set_packet_list_mode(1); } rc = proc_packets(NULL, a ); if( rc ) diff --git a/g10/mainproc.c b/g10/mainproc.c index 17d40de..8c2d2e1 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1292,7 +1292,7 @@ do_proc_packets( CTX c, IOBUF a ) /* stop processing when an invalid packet has been encountered * but don't do so when we are doing a --list-packets. */ if (gpg_err_code (rc) == GPG_ERR_INV_PACKET - && opt.list_packets != 2 ) + && opt.list_packets == 0 ) break; continue; } diff --git a/g10/options.h b/g10/options.h index cc8718e..b02c0d9 100644 --- a/g10/options.h +++ b/g10/options.h @@ -62,7 +62,7 @@ struct int fingerprint; /* list fingerprints */ int list_sigs; /* list signatures */ int no_armor; - int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ + int list_packets; /* Option --list-packets active. */ int def_cipher_algo; int force_v3_sigs; int force_v4_certs; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index c925e94..1030204 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -207,7 +207,7 @@ set_packet_list_mode( int mode ) whether using log_stream() would be better. Perhaps we should enable the list mdoe only with a special option. */ if (!listfp) - listfp = opt.list_packets == 2 ? stdout : stderr; + listfp = opt.list_packets ? stdout : stderr; return old; } ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 3 +-- g10/mainproc.c | 2 +- g10/options.h | 2 +- g10/parse-packet.c | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 28 09:21:28 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 28 Jun 2016 09:21:28 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.20-12-g39e32d3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 39e32d375ef72874848f138d941d6d17f5aff85c (commit) from db246f8b18b77314938e596b8217bd97223d5aad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 39e32d375ef72874848f138d941d6d17f5aff85c Author: NIIBE Yutaka Date: Tue Jun 28 15:56:48 2016 +0900 g10: Fix --list-packets. * g10/gpg.c (main): Call set_packet_list_mode after assignment of opt.list_packets. * g10/mainproc.c (do_proc_packets): Don't stop processing with --list-packets as the comment says. * g10/options.h (list_packets): Fix the comment. * g10/parse-packet.c: Fix the condition for opt.list_packets. -- (backport from 2.0 commit 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b which is backport of master commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a) Debian-bug-id: 828109 Signed-off-by: NIIBE Yutaka diff --git a/g10/gpg.c b/g10/gpg.c index 0095d34..72d313b 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3953,7 +3953,6 @@ main (int argc, char **argv ) break; case aListPackets: - opt.list_packets=2; default: if( argc > 1 ) wrong_args(_("[filename]")); @@ -3980,8 +3979,8 @@ main (int argc, char **argv ) } } if( cmd == aListPackets ) { - set_packet_list_mode(1); opt.list_packets=1; + set_packet_list_mode(1); } rc = proc_packets(NULL, a ); if( rc ) diff --git a/g10/mainproc.c b/g10/mainproc.c index a773fde..33a654b 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1264,7 +1264,7 @@ do_proc_packets( CTX c, IOBUF a ) free_packet(pkt); /* stop processing when an invalid packet has been encountered * but don't do so when we are doing a --list-packets. */ - if( rc == G10ERR_INVALID_PACKET && opt.list_packets != 2 ) + if( rc == G10ERR_INVALID_PACKET && opt.list_packets == 0 ) break; continue; } diff --git a/g10/options.h b/g10/options.h index 5aa3a04..0ac6e77 100644 --- a/g10/options.h +++ b/g10/options.h @@ -61,7 +61,7 @@ struct int fingerprint; /* list fingerprints */ int list_sigs; /* list signatures */ int no_armor; - int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ + int list_packets; /* Option --list-packets active. */ int def_cipher_algo; int force_v3_sigs; int force_v4_certs; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index beee77e..b5d19b1 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -134,7 +134,7 @@ set_packet_list_mode( int mode ) whether using log_stream() would be better. Perhaps we should enable the list mdoe only with a special option. */ if (!listfp) - listfp = opt.list_packets == 2 ? stdout : stderr; + listfp = opt.list_packets ? stdout : stderr; return old; } ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 3 +-- g10/mainproc.c | 2 +- g10/options.h | 2 +- g10/parse-packet.c | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 28 11:03:09 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 28 Jun 2016 11:03:09 +0200 Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.4-3-g5c19ffe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnupG extension for the Windows Explorer". The branch, master has been updated via 5c19ffe9d71d6e6763d6e47a67f1ca0a1651e39f (commit) from 689b4d294bf2a9c54e445e6775df9f634d84df1f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5c19ffe9d71d6e6763d6e47a67f1ca0a1651e39f Author: Andre Heinecke Date: Tue Jun 28 11:00:53 2016 +0200 Prefer kleowrapped / gpgwrapped binaries * src/client.cc (default_uiserver_cmdline): Prefer non "bin" prefixed paths. -- With Gpg4win-2.x we need to start the "wrapped" binaries if they don't exist we are probably in gpg4win-3.x and can fall back to the binaries in the bin subdirectory. diff --git a/src/client.cc b/src/client.cc index ebf82a8..6f27175 100644 --- a/src/client.cc +++ b/src/client.cc @@ -111,12 +111,12 @@ default_uiserver_cmdline (void) const char *dir, *tmp; char *uiserver, *p; int extra_arglen = 9; - const char * server_names[] = {"bin\\kleopatra.exe", - "kleopatra.exe", - "bin\\launch-gpa.exe", + const char * server_names[] = {"kleopatra.exe", + "bin\\kleopatra.exe", "launch-gpa.exe", - "bin\\gpa.exe", + "bin\\launch-gpa.exe", "gpa.exe", + "bin\\gpa.exe", NULL}; dir = gpgex_server::root_dir; ----------------------------------------------------------------------- Summary of changes: src/client.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- GnupG extension for the Windows Explorer http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 28 11:03:26 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 28 Jun 2016 11:03:26 +0200 Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-2-ga10532b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via a10532b6cf3527391bdb14470fbebf0205b9253a (commit) from e138ceb8fee0b154a0388055d8a0bb1404dc0e06 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a10532b6cf3527391bdb14470fbebf0205b9253a Author: Andre Heinecke Date: Tue Jun 28 10:47:38 2016 +0200 Fix UI Server startup * src/common.c (get_gpg4win_dir): Fix stupid logic error in loop. Fix mem leak on error. * src/engine-assuan.c (get_uiserver_name): Prefer 2.3.x names to prefer the kleowrapped / gpgwrapped exectuables. -- Thanks to rpr who reported this on the gpg4win message board. diff --git a/src/common.c b/src/common.c index b7b48b0..9b554b2 100644 --- a/src/common.c +++ b/src/common.c @@ -1245,10 +1245,10 @@ get_gpg4win_dir() const char *g4win_keys[] = {GPG4WIN_REGKEY_3, GPG4WIN_REGKEY_2, NULL}; - const char *key; - for (key = *g4win_keys; *key; key++) + const char **key; + for (key = g4win_keys; *key; key++) { - char *tmp = read_w32_registry_string (NULL, key, "Install Directory"); + char *tmp = read_w32_registry_string (NULL, *key, "Install Directory"); if (!tmp) { continue; @@ -1257,6 +1257,11 @@ get_gpg4win_dir() { return tmp; } + else + { + log_debug ("Failed to access: %s\n", tmp); + xfree (tmp); + } } return NULL; } diff --git a/src/engine-assuan.c b/src/engine-assuan.c index f2e0b09..32dbae8 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -348,10 +348,10 @@ get_uiserver_name (void) char *dir, *uiserver, *p; int extra_arglen = 9; - const char * server_names[] = {"bin\\kleopatra.exe", - "kleopatra.exe", - "bin\\gpa.exe", + const char * server_names[] = {"kleopatra.exe", + "bin\\kleopatra.exe", "gpa.exe", + "bin\\gpa.exe", NULL}; const char *tmp = NULL; ----------------------------------------------------------------------- Summary of changes: src/common.c | 11 ++++++++--- src/engine-assuan.c | 6 +++--- 2 files changed, 11 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 28 15:14:29 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 28 Jun 2016 15:14:29 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-57-g4819f68 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4819f687c48c7972c39ae29c7af1e891a4d57360 (commit) via d36f664bfdc39c05927cb6e14fe1b3ecb7b64bfa (commit) via 8f79c31b4d465eeaf81c8046c35bb8c34512dd8d (commit) from 52f65281f9743c42a48bf5a3354c9ab0ecdb681a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4819f687c48c7972c39ae29c7af1e891a4d57360 Author: Justus Winter Date: Tue Jun 28 15:03:07 2016 +0200 tools/gpgtar: Fix handling of '-'. * tools/gpgtar-extract.c (gpgtar_extract): Use stdin if file is '-'. * tools/gpgtar-list.c (gpgtar_list): Likewise. Signed-off-by: Justus Winter diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 866215b..cee609c 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -282,7 +282,7 @@ gpgtar_extract (const char *filename, int decrypt) if (filename) { if (!strcmp (filename, "-")) - stream = es_stdout; + stream = es_stdin; else stream = es_fopen (filename, "rb"); if (!stream) diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index 1d59d9c..cb2e700 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -282,7 +282,7 @@ gpgtar_list (const char *filename, int decrypt) if (filename) { if (!strcmp (filename, "-")) - stream = es_stdout; + stream = es_stdin; else stream = es_fopen (filename, "rb"); if (!stream) commit d36f664bfdc39c05927cb6e14fe1b3ecb7b64bfa Author: Justus Winter Date: Tue Jun 28 15:01:57 2016 +0200 common: Close input stream. * common/exechelp-posix.c (gnupg_spawn_process): Also close the input stream in the child. Signed-off-by: Justus Winter diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index aefb653..b1b56f3 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -523,6 +523,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[], { /* This is the child. */ gcry_control (GCRYCTL_TERM_SECMEM); + es_fclose (infp); es_fclose (outfp); es_fclose (errfp); do_exec (pgmname, argv, inpipe[0], outpipe[1], errpipe[1], commit 8f79c31b4d465eeaf81c8046c35bb8c34512dd8d Author: Justus Winter Date: Tue Jun 28 14:38:35 2016 +0200 common: Fix copying data from the spawned child. Fixes intermittent gpgtar failures. * common/exectool.c (copy_buffer_do_copy): Initialize 'nwritten'. (gnupg_exec_tool_stream): Loop until all data is copied. Signed-off-by: Justus Winter diff --git a/common/exectool.c b/common/exectool.c index 897450e..b43e7cb 100644 --- a/common/exectool.c +++ b/common/exectool.c @@ -224,7 +224,7 @@ static gpg_error_t copy_buffer_do_copy (struct copy_buffer *c, estream_t source, estream_t sink) { gpg_error_t err; - size_t nwritten; + size_t nwritten = 0; if (c->nread == 0) { @@ -390,7 +390,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[], /* Now read as long as we have something to poll. We continue reading even after EOF or error on stdout so that we get the other error messages or remaining outut. */ - while (!fds[1].ignore && !fds[2].ignore) + while (! (fds[1].ignore && fds[2].ignore)) { count = es_poll (fds, DIM(fds), -1); if (count == -1) @@ -465,20 +465,25 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[], pgmname, gpg_strerror (err)); goto leave; } + + if (es_feof (fds[1].stream)) + { + err = copy_buffer_flush (&cpbuf_out, output); + if (err) + { + log_error ("error reading data from '%s': %s\n", + pgmname, gpg_strerror (err)); + goto leave; + } + + fds[1].ignore = 1; /* ready. */ + } } if (fds[2].got_read) read_and_log_stderr (&fderrstate, fds + 2); } - err = copy_buffer_flush (&cpbuf_out, output); - if (err) - { - log_error ("error reading data from '%s': %s\n", - pgmname, gpg_strerror (err)); - goto leave; - } - read_and_log_stderr (&fderrstate, NULL); /* Flush. */ es_fclose (infp); infp = NULL; es_fclose (extrafp); extrafp = NULL; ----------------------------------------------------------------------- Summary of changes: common/exechelp-posix.c | 1 + common/exectool.c | 25 +++++++++++++++---------- tools/gpgtar-extract.c | 2 +- tools/gpgtar-list.c | 2 +- 4 files changed, 18 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 28 16:00:32 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Jun 2016 16:00:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-62-gb1e8e0d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b1e8e0d4b945e077966fb98175191aed056bd957 (commit) via 20ca075d9605e27e25a780bcc465c7371400ca61 (commit) via 1ddf5b846fc058171af5f2784dad866b73eb0205 (commit) via 781e614e3b4586da27e54caca39b6a7ed42fc7c7 (commit) via 0fc80208dbf8ad99286f496170012b961e4d6c32 (commit) from 4819f687c48c7972c39ae29c7af1e891a4d57360 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b1e8e0d4b945e077966fb98175191aed056bd957 Author: Werner Koch Date: Tue Jun 28 15:50:38 2016 +0200 dirmngr: add option to retrieve extra WKS info. * dirmngr/server.c (cmd_wkd_get): Add option --submission-address. Signed-off-by: Werner Koch diff --git a/dirmngr/server.c b/dirmngr/server.c index 6eb6f1b..d3e57c0 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -799,9 +799,10 @@ cmd_dns_cert (assuan_context_t ctx, char *line) static const char hlp_wkd_get[] = - "WKD_GET \n" + "WKD_GET [--submission-address] \n" "\n" - "Return the key for from a Web Key Directory.\n"; + "Return the key or the submission address for \n" + "from a Web Key Directory."; static gpg_error_t cmd_wkd_get (assuan_context_t ctx, char *line) { @@ -812,7 +813,9 @@ cmd_wkd_get (assuan_context_t ctx, char *line) char sha1buf[20]; char *uri = NULL; char *encodedhash = NULL; + int opt_submission_addr; + opt_submission_addr = has_option (line, "--submission-address"); line = skip_options (line); mbox = mailbox_from_userid (line); @@ -831,11 +834,21 @@ cmd_wkd_get (assuan_context_t ctx, char *line) goto leave; } - uri = strconcat ("https://", - domain, - "/.well-known/openpgpkey/hu/", - encodedhash, - NULL); + if (opt_submission_addr) + { + uri = strconcat ("https://", + domain, + "/.well-known/openpgpkey/submission-address", + NULL); + } + else + { + uri = strconcat ("https://", + domain, + "/.well-known/openpgpkey/hu/", + encodedhash, + NULL); + } if (!uri) { err = gpg_error_from_syserror (); @@ -848,7 +861,8 @@ cmd_wkd_get (assuan_context_t ctx, char *line) outfp = es_fopencookie (ctx, "w", data_line_cookie_functions); if (!outfp) - err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); + err = set_error (GPG_ERR_ASS_GENERAL, + "error setting up a data stream"); else { err = ks_action_fetch (ctrl, uri, outfp); commit 20ca075d9605e27e25a780bcc465c7371400ca61 Author: Werner Koch Date: Tue Jun 28 15:49:11 2016 +0200 gpg: Add hack to --quick-gen-key to create Curve25519 keys. * g10/keygen.c (quick_generate_keypair): Add special algo string "test-default". -- Well, this is a hack to quickly create keys with the algorithms we will eventually use as defaults. Usage: gpg -v --quick-gen-key --passphrase '' --batch USERID test-default Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index b7c8e83..c561275 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3610,7 +3610,13 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr, } } - if (*algostr || *usagestr || *expirestr) + + if (!strcmp (algostr, "test-default")) + { + para = quickgen_set_para (para, 0, PUBKEY_ALGO_EDDSA, 0, "Ed25519", 0); + para = quickgen_set_para (para, 1, PUBKEY_ALGO_ECDH, 0, "Curve25519", 0); + } + else if (*algostr || *usagestr || *expirestr) { /* Extended unattended mode. Creates only the primary key. */ int algo; commit 1ddf5b846fc058171af5f2784dad866b73eb0205 Author: Werner Koch Date: Tue Jun 28 15:45:53 2016 +0200 common: New function rfctimestamp. * common/gettime.c (rfctimestamp): New. -- It is surprisingly hard to create an RFC-2822 compliant Date value. The problem is that strftime uses the current locale but the RFC requires that the English names are used. This code is pretty simply and avoid the extra problem of figuring out the correct timezone; instead UTC is used. For the planned use case this is anyway better. Signed-off-by: Werner Koch diff --git a/common/gettime.c b/common/gettime.c index 115f725..dd9c196 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -723,6 +723,39 @@ asctimestamp (u32 stamp) } +/* Return the timestamp STAMP in RFC-2822 format. This is always done + * in the C locale. We return the gmtime to avoid computing the + * timezone. The caller must release the returned string. + * + * Example: "Mon, 27 Jun 2016 1:42:00 +0000". + */ +char * +rfctimestamp (u32 stamp) +{ + time_t atime = stamp; + struct tm tmbuf, *tp; + + + if (IS_INVALID_TIME_T (atime)) + { + gpg_err_set_errno (EINVAL); + return NULL; + } + + tp = gnupg_gmtime (&atime, &tmbuf); + if (!tp) + return NULL; + return xtryasprintf ("%.3s, %02d %.3s %04d %02d:%02d:%02d +0000", + ("SunMonTueWedThuFriSat" + (tp->tm_wday%7)*3), + tp->tm_mday, + ("JanFebMarAprMayJunJulAugSepOctNovDec" + + (tp->tm_mon%12)*3), + tp->tm_year + 1900, + tp->tm_hour, + tp->tm_min, + tp->tm_sec); +} + static int days_per_year (int y) diff --git a/common/gettime.h b/common/gettime.h index cbc257a..08cb3b1 100644 --- a/common/gettime.h +++ b/common/gettime.h @@ -59,6 +59,7 @@ const char *strtimevalue (u32 stamp); const char *strtimestamp (u32 stamp); /* GMT */ const char *isotimestamp (u32 stamp); /* GMT */ const char *asctimestamp (u32 stamp); /* localized */ +char *rfctimestamp (u32 stamp); /* RFC format, malloced. */ gpg_error_t add_seconds_to_isotime (gnupg_isotime_t atime, int nseconds); gpg_error_t add_days_to_isotime (gnupg_isotime_t atime, int ndays); gpg_error_t check_isotime (const gnupg_isotime_t atime); commit 781e614e3b4586da27e54caca39b6a7ed42fc7c7 Author: Werner Koch Date: Tue Jun 28 15:42:58 2016 +0200 common: Add missing header file for clarity. * common/zb32.c: Include zb32.h. Signed-off-by: Werner Koch diff --git a/common/zb32.c b/common/zb32.c index 05aa0ea..54bd5d4 100644 --- a/common/zb32.c +++ b/common/zb32.c @@ -35,7 +35,7 @@ #include #include "util.h" - +#include "zb32.h" /* Zooko's base32 variant. See RFC-6189 and http://philzimmermann.com/docs/human-oriented-base-32-encoding.txt commit 0fc80208dbf8ad99286f496170012b961e4d6c32 Author: Werner Koch Date: Tue Jun 28 09:40:35 2016 +0200 Add another collection of sample keys -- diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 005ca0d..4137018 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -124,7 +124,8 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc \ privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc -sample_keys = samplekeys/ecc-sample-1-pub.asc \ +sample_keys = samplekeys/README \ + samplekeys/ecc-sample-1-pub.asc \ samplekeys/ecc-sample-2-pub.asc \ samplekeys/ecc-sample-3-pub.asc \ samplekeys/ecc-sample-1-sec.asc \ @@ -139,7 +140,8 @@ sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/e2e-p256-1-prt.asc \ samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc \ samplekeys/rsa-rsa-sample-1.asc \ - samplekeys/ed25519-cv25519-sample-1.asc + samplekeys/ed25519-cv25519-sample-1.asc \ + samplekeys/silent-running.asc EXTRA_DIST = defs.inc defs.scm pinentry.sh $(TESTS) $(TEST_FILES) \ mkdemodirs signdemokey $(priv_keys) $(sample_keys) \ diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index 27df615..29524d5 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -16,3 +16,4 @@ e2e-p256-1-prt.asc Ditto, but protected with passphrase "a". E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection) rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase) ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase) +silent-running.asc Collection of sample secret keys (no passphrases) diff --git a/tests/openpgp/samplekeys/silent-running.asc b/tests/openpgp/samplekeys/silent-running.asc new file mode 100644 index 0000000..e7c6db3 --- /dev/null +++ b/tests/openpgp/samplekeys/silent-running.asc @@ -0,0 +1,120 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v2 + +lFgEV3IffxYJKwYBBAHaRw8BAQdA0exktohYX2Qglxscg720r5ztQNXO8EP9sOE7 +HDy0V+UAAQCrqLqMY3RkiCZfrUTncLPw1sKwswv4CzXrTz9J1FfcqBF8tBRkZXdl +eUB0ZXN0LmdudXBnLm9yZ4h5BBMWCAAhBQJXch9/AhsDBQsJCAcCBhUICQoLAgQW +AgMBAh4BAheAAAoJENGdIrBu54ZoG3MBAN67BaQAle/6688gLNHd7NAK6Y4wpZjp +XQ/f7IvK0pLfAP9OMpB1F9ZTkKSnUK09xbcTZ4cjpXxeWOV9WByAlAALBpxdBFdy +H38SCisGAQQBl1UBBQEBB0Df5kbxuQhCob7r2HS5o1qlKETsFQ+vuvjnZChSMI66 +bgMBCAcAAP9nJLg2+ywR8nkhq+4jCavrLsg7ZeVdD2XVxBGNORf1gA/fiGEEGBYI +AAkFAldyH38CGwwACgkQ0Z0isG7nhmgUMQEAiqUsUHufGyswOGYbyKXzJRDq5++d +dKTGRdSNaqrEfy4A/jZjfQb6h2QxwYd5TODiTkH7E9cVV606xkAPksgtnVAPlFgE +V3IfjRYJKwYBBAHaRw8BAQdAkeNVby/yL09w6/kK7YCoQfY7eX/p8Vrt7mIC0+iP +5jEAAQDFDD31lYLVNxo2tDeOa2bAlCAt4NwVz/TbkzW/5fK5MhEatBNodWV5QHRl +c3QuZ251cGcub3JniHkEExYIACEFAldyH40CGwMFCwkIBwIGFQgJCgsCBBYCAwEC +HgECF4AACgkQO1PIAKpZJYNglwD/ctHCJHYi1/voImCwHH5X/I6CidNX3NXoOhF8 +qdwKnUEBANAT43oV9dLyWtmeIR5on6pU0AAcrIRQFCF4+nmU7UoOnF0EV3IfjRIK +KwYBBAGXVQEFAQEHQKOiOA8BE49l+sYsTCNXuzqO+KX3z2yoxQvBHESc+X47AwEI +BwAA/34rrv4xMpH7nLMFy0YZ704KJXVF9F8wF2ezOmJLa7OoD0iIYQQYFggACQUC +V3IfjQIbDAAKCRA7U8gAqlklg0UyAQCxOjO3xMym0YykBollbcl0dZVYSxC2uJin +1sHNuDPHJgD9Gtivb16M8Uki1nbvGGtBAL9d7gWkc9Bc3y/hTVyx1QSUWARXch+d +FgkrBgEEAdpHDwEBB0CeoZAXe1DVjhfuO0cmGrwj9N7jKtK0Piri1sLyRFxOYQAB +AI0E37I3sdgBE3TMsXmbTYQthNpAqig4qZCW/QYbRLa+D0e0FGxvdWllQHRlc3Qu +Z251cGcub3JniHkEExYIACEFAldyH50CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgEC +F4AACgkQf9VUPZH3nAdD2gD9EJsV/2gjNtyWaUyh3TPdp3++1Mpr8Y/GsO8idxvM +JdABAKszZ+7aUjU2dGRWJ1tjHXO45PRdAZhBD0/BNFF4eS0MnF0EV3IfnRIKKwYB +BAGXVQEFAQEHQFA82/BnrK3JntjvGKIkXN9LCevdNFx4T2v9JzJUxJwZAwEIBwAA +/1h2uhoBkxjdsU4VNgydEqFTVdcAOuqOFoGa9rlXcnzoDw6IYQQYFggACQUCV3If +nQIbDAAKCRB/1VQ9kfecB0sqAQCDOeZpp4AjSREuQKLqGsxj2by8ZLcrcF8CT2Qr +BoDljAD/WOCVNx8hIpyQ/40dzqUDQ79uwYEEUV1EF74aoQcqJg2VA5gEV3IfuQEI +AO5PDCysh81uBsbKNZZSusUJOluMbgywXXw3XUa8cV8hdA50rEJifG7Lsg0jAQDp +wjoPVPadmYcEA+p8q4j2vVcZaROmlahSjQEFePceH8Ufvl6JT/NgEyzkLMThsq/Q +XMxhzU4942p5PO/IG2vFCcVYo01/utuxv/UAgBQZ9qVkk0VN1JiCk9uckJLaX93M +jLLGifEPDAmQxpHsMvAZxoRSeZlgYqxBvizv0UPovgutdWpQ7hyKKuA3ceYOPVPI +PX7fhBJ3JhSqqaOMoK7+EW3b06fjHD6sbSSi7SMJeMgvyI86A/rtJSvpJV16WfQb +3hBBR2/QR6XzmavlL7+Nr60AEQEAAQAH+gKEKyi9maF9q+ylbfNsZDR4aHlW/kJ8 +CkCphP6eNsQ+Yi9U5Ay/ZXj2BadF21jbHwXl64u/FkPqsu/i6RzFHjKxPf7LH4Fr +fbmpCSHy23sFXsk4wfNb7FfpAOADUhOxK4ms7rIIzUHujcoqXr/AkN3YlcDXvG1d +bx1zJ+cObyBH7l5lLZvvl6jLiV+XOWxX3lU95F3akFOuI9q39uhPxn009mVXCNqJ +Jo8OwoPmScADHLYYfv110ywdVQwxAFwBX1oPZ+on/llHnkgf0ijnc/xvdf+zFFEq +qM4bjVbhRiA8ibWvWH+ac2Itcar6esroHt1kgIUM2ee+PK6ub5on37EEAPC4HVh0 +5poQZORMy0kQc/nc9kz9K9VD6cI+bcQiyr606qre6gUVhfr9L+XibpK/6Fdzbcwc +Aug9M7L+QruFQRxtGXj4R07GnPHP83OIGoGYATxcOwrJ3uCCwIS5vK8m9X7Alzaq +zzCmf1wXW5h8rfcztY/Wmxk88Deswwjysn2PBAD9b8L6/LDXnaRfpgXV2i+hON/r +qNCmZ4Oss77w62Qw4V2YmtuoeeBaC79Wa4nWGSON+uFAWn4lzb3EQshYADMFKejT +xd+/KFTowRAxUq9wzS4JjF4S2FN6l2TVA7V6pK54VmJdPUTN0JNG5eFuFiqoJsS4 +gQY3Ead60BtjQHjZAwP/c4AUjetPX23G4pINGrV0Dfw8xKWMSFjf49s2XnJ0tRCS +gFj+jv9qLwivNzK5mqfz1iynbiqe4M4DIAjuPRcci95xBI0m7t1ECw6xeuunUp9x +IlzjX0vejGklA/qSN6oi91Bs/49rVKt6uhEwCi0a8ECr3y4+CCqJ530+boMT6opH +gbQbdmFsbGV5LWZvcmdlQHRlc3QuZ251cGcub3JniQE3BBMBCAAhBQJXch+5AhsD +BQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEGd0fnraHQ8MWjAIAOMIyXGSfmZh +q6dT4/R/KPRMHiWcZq+1RpHH/it9uLLIkxFn8disnIlYfCHFynj3HwQNWYAmSPQe +jC38O7UVftlWp2zxBw6719YKiopZZNy60/iRgDb3vv1fFxkq6kE+XtXW3n2m/piQ +cI/jY2LRyIkVOEGDvFWcAF4iDHgkQrV4uLH0dmCzg2fIVULBT0ITtybUtOOJmrpp +E+yysTiHfewvhIgiOFzy+CZbdlPfVp3IUGhrNU9XiWraU38dwNXVYnE5uwotqf7G +U03pmw2GCA+txq3NofMM4kFHN+eVE4+lXUEhVJRXa4y2PgKFYmBFoED9SahuxO2o +1Cj+IpFgn2idA5gEV3IfuQEIALsnERBUkAFXZilIJRCpkbT6xhlsT1OZ7a+fHXwZ +1P3uElapJo9ODGX9T93s10GiL+KiXm32wxUP1BdsFkFsnahzo+U7OrB35ASDNpkl +p+CbO+UrUAIPD5NGpWuHKoPzc+SwW69fTeZyLRHqOldOA88/6veA9vbCTYGgpyAR +kwMLKqX6EDnX+mbNhKEEixWp1Elw5OCv7N0NbFLIZ9YTTOGpn/HvHv1CCmlrlc/W +BnJJE0D6345FslQ77V0ImMpNlEl8fy53g4JAYYW/w+CnXHl2vVD8ye9lKuFwB62n +vAnpjOEbAtyOncm2quSkBlcv0jo7EGDMxH31ki+yDuQeoPUAEQEAAQAH+QEwC5ST +pmeAky/lrgKJXCWoLI11wABTHj+6kUVvC1VIzcn9M2okzMEkiePp849bKzwGqFwn +Sdak4PiWR+l5xuH0r4OuMnGmcrmxAXqYU0fo6q9KIC0n9+lvdDywWppqw/+dobKF +UGlX34xZDnsf9ITVexuMY6s7BKKzDv+nmbJWIx9PehNUlh7Ucvy0/Lm0hHr/G1B/ +6ziybm5gCUTKBm4MsepTCCyFf/C/i53l+qdHUnWQdg+lGoU3Y98MiRM7Zr2QKznJ +fn74eVlYi4byjKeFujQyIw8tbH+G/RWw+WQzEjY8VLdLMf6u/T1g6htumQxPDLIQ +WxPz29ney9+WFZMEAM7itO8IEFUqy9MLp2kjRlwCMc+rRzLzh1d2c7gbdtxCOVoc +krq5QPeOyWM7IMxImvcTXJUB2jQikw7NXtCRfDHD2egyJRGN2J5SdE2EHvQRtFwl +6GoQ+mrJnPqetSoSZnC54HrlxIZEWE1Tzg79JoDbzPkwRKY8MIf4U3NniAmnBADn +lRsJLygRb1xZ5aUhRkJc8KYdwrcCSgG5gvm+yzv5aOMXWU1P65GARCUFEOzHJVMs +ML620SKS3RQ50hM1QLYSdox/vuEyk5m7Ty6cSGtagvohckWFh9Jry5FthlMYqVzR +HZmZXlCngc7umuWrzBdtAJAQt9sQ9M41iCjn8k3cAwQAu92QEan/m46qnszif++G +PzrbwKFsQzU45DPCx4QXBcnZT4jz3a2vSq99COBob4oVlETP2S6wy8w5KS4xQXVN +Q88TZZmJwdxsw5cUc3ANapMofwhrddhswFF/lmE1at1J0Uvpq79ZJt7yaSmZibXy +jDc3ygf26B0SKThVA4IUzYQ3u4kBHwQYAQgACQUCV3IfuQIbDAAKCRBndH562h0P +DP/rCACNRLCM6oyCyu+bB+UFdgN1UMsPGmh8xlfHFB3WG24JWDflEgN2Co+5ltzo +CI8AQ+6va86PeE8LgLCvLhrZbCnCxmjPb4SIHgPLC1aaTM9mu86iDLEERHEBLVhS +n57XSLpJqZMXSIJO74BGn+t0sBSZvGtQF56EImc9AyTLW99EPc4rXARL/V850rVa +PzTVbDOfm5lRbmt1+G0mo51SrFZh0Vy0cydk6uGpqxxkxE5y54vBMyZuUMmlkr71 +14TPfuNB0Wkd7coE3xKPOp5b+ntDPAuxgXej8OtrBeZxcOnSP84IcATSkReMIqJy +31+hvjDtkhZq0FMIBmz0RFFmS7+qlFgEV3If3hYJKwYBBAHaRw8BAQdAfyxylIVJ +wo+mAg95LN3U9BHYRtKa0tPmOgDzYKcTElcAAQC/fqSbQ5ghgYJ2/F+Nl2ZA1+co +EE4o48YvknnmcP5OpBCstB1mcmVlbWFuLmxvd2VsbEB0ZXN0LmdudXBnLm9yZ4h5 +BBMWCAAhBQJXch/eAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJED3AlPrw +yKQlrNcBAOsJAoLfXYv+z519rALFI+crxv5z9p2xXSplKliWNJ+ZAQCvpfUIDynR +n/s+IBGjwR30BlZF63NxQ9i9cIxUBzXSAZxdBFdyH94SCisGAQQBl1UBBQEBB0A5 +052JXUgFlcERPDwoQqJIbLIE3hoFp3qL3/YvPuOFawMBCAcAAP93FWcg/I/NAq0j +spa8n8gVgn8FZA9RqGptElNIHnamgA5siGEEGBYIAAkFAldyH94CGwwACgkQPcCU ++vDIpCWaCgEAwkDqEeC+fCKkoNAslozwf+VJQDNpzzpLaDwO5oSZaiwA/3jIErkx +UMuG5sa5hR6CYVY8Iiwy4NRCM/r66oDqwr8OlFgEV3If8BYJKwYBBAHaRw8BAQdA +GwS/1um/1QQXarZFcDgmaYjRBc/m4BV9iQVOrJBIroEAAQD8rIxduReDq/gYofIG +GGfOF1Smb4XCQ30uZlkIMDR6+Q7ZtBpqb2huLmtlZW5hbkB0ZXN0LmdudXBnLm9y +Z4h5BBMWCAAhBQJXch/wAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEDIG +dpEV2WgEG6sA+gN5F+IftoJ3cSONXL5mddA9TTX0VV6Znf0OyvBv0DDnAPwNXZVa +eCr4OfGNkapOViamN6ndRzT1OYbU1gvcKNwUDpxdBFdyH/ASCisGAQQBl1UBBQEB +B0BVSesW6o8soaWsMmvizFt7dwYAt4GdoJUA0aKyTTAFWAMBCAcAAP9vJIIHAR/w ++IvwZq0POVxmevdWXJ78tA/yvY2e12P0mBHbiGEEGBYIAAkFAldyH/ACGwwACgkQ +MgZ2kRXZaARftQD+P4TwgTJdftgvk1H60MoCN9B4RLH2pieeiHTcqvrErE4A/2y1 +ynHx1S3VwE8C++aZ5/WLiv6Dtjd8JKjw8wKEqswBlFgEV3IgBhYJKwYBBAHaRw8B +AQdAbqmt5oTNiHg1qhAylVX2eHdXSDCzovbZ8q7hrZpd95oAAP497J3U+4M4G+Ec +hW30e+Ye7DArAzVj+moq1tVCZVe3pRFAtBtNYXJ0eS5CYXJrZXJAdGVzdC5nbnVw +Zy5vcmeIeQQTFggAIQUCV3IgBgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAK +CRAGGYXu0KJiLW1OAQD9KtP+snTW+rOA4EtquLI6e3mk9geLTICbNo8bk58v/gD/ +QkFaXjRkRwD1S9X1z6rWPR3fH0CHfyymyMKgmoelgAOcXQRXciAGEgorBgEEAZdV +AQUBAQdAycZZHE3yuTQECmpx+X+hgjR38KPxKiQ51OSB6WsFrC0DAQgHAAD/VUz9 +WYTnMkjvH7JZCw7yswLBO/FVJFlqrXsDlNMYBzgOxohhBBgWCAAJBQJXciAGAhsM +AAoJEAYZhe7QomItaZcBAMCzB1ks9GOQL1og/q643obuGoB0xmsUJoQO2xo67z0o +AQC7NeBSnzYXfGwvPwsc9kgkgMt3RmzuYgwdyRtNOL+GAZRYBFdyIBQWCSsGAQQB +2kcPAQEHQDDvfVidNYqiTBgBqDDTa40gxTdrgO1q3ssIaOigtntlAAEAxbKQpqA8 +huHRHAiQXkUaRAKLzP5xPDHnnqN5u6GeMDYPrbQYQW5keS5Xb2xmQHRlc3QuZ251 +cGcub3JniHkEExYIACEFAldyIBQCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AA +CgkQFO3P+6onnuT3IAD9Ek+AmmvN9CU3LdLl0ADX2ba92fY++8u11AZULvys/RkA ++wRix4Rw1xL59EpowGWGuZ9Ky9aG5w7iZICBakgvs+QBnF0EV3IgFBIKKwYBBAGX +VQEFAQEHQCdfyKinwttnpD0M/OIZGMwkLHtPdAgOnvnpdj8/gNxEAwEIBwAA/27g +/G5idxYoUaAsG8cq5ziA9OvRovQKT3E6MLGIBv7QER2IYQQYFggACQUCV3IgFAIb +DAAKCRAU7c/7qiee5KeqAQC96Df0rgZteOKtiMt+wXwQufkjT5XrDWNyvI+NaVhS +2QD/cUSRyh72N4sp8MV8BhN9RE+snFc2OW6ROafIizDtRgE= +=tU5z +-----END PGP PRIVATE KEY BLOCK----- ----------------------------------------------------------------------- Summary of changes: common/gettime.c | 33 ++++++++ common/gettime.h | 1 + common/zb32.c | 2 +- dirmngr/server.c | 30 +++++-- g10/keygen.c | 8 +- tests/openpgp/Makefile.am | 6 +- tests/openpgp/samplekeys/README | 1 + tests/openpgp/samplekeys/silent-running.asc | 120 ++++++++++++++++++++++++++++ 8 files changed, 189 insertions(+), 12 deletions(-) create mode 100644 tests/openpgp/samplekeys/silent-running.asc hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 28 18:23:07 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 28 Jun 2016 18:23:07 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-67-g9c67958 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9c67958c4737b34c60ef2076f57234eec155eb36 (commit) via 6cb2be91a7cc8a9b8ec42f3956adbb19347318e3 (commit) via 56cebdc30c10eaec179a6911e308074264d876ae (commit) via c57501cc5fa84dbaf560c0fc18853c9540e918af (commit) via c14ef10fc347d966a1efcb5c2000cbf3aaafa905 (commit) from b1e8e0d4b945e077966fb98175191aed056bd957 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9c67958c4737b34c60ef2076f57234eec155eb36 Author: Justus Winter Date: Tue Jun 28 18:13:40 2016 +0200 gpgscm: Fix memory leaks. * tests/gpgscm/ffi-private.h (ffi_schemify_name): Fix prototype. (ffi_define_function_name): Free schemified name. (ffi_define_function): Likewise. (ffi_define_constant): Likewise. (ffi_define_variable_pointer): Likewise. * tests/gpgscm/ffi.c (do_wait_processes): Free arrays. (ffi_schemify_name): Fix type. * tests/gpgscm/main.c (main): Free 'sc'. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi-private.h b/tests/gpgscm/ffi-private.h index 849d1b7..87f491f 100644 --- a/tests/gpgscm/ffi-private.h +++ b/tests/gpgscm/ffi-private.h @@ -84,7 +84,7 @@ int ffi_bool_value (scheme *sc, pointer p); #define FFI_RETURN_STRING(SC, X) \ FFI_RETURN_POINTER ((SC), mk_string ((SC), (X))) -const char *ffi_schemify_name (const char *s, int macro); +char *ffi_schemify_name (const char *s, int macro); void ffi_scheme_eval (scheme *sc, const char *format, ...) GPGRT_ATTR_PRINTF (2, 3); @@ -93,32 +93,46 @@ pointer ffi_sprintf (scheme *sc, const char *format, ...) #define ffi_define_function_name(SC, NAME, F) \ do { \ + char *_fname = ffi_schemify_name ("_" #F, 0); \ scheme_define ((SC), \ (SC)->global_env, \ - mk_symbol ((SC), ffi_schemify_name ("_" #F, 0)), \ + mk_symbol ((SC), _fname), \ mk_foreign_func ((SC), (do_##F))); \ ffi_scheme_eval ((SC), \ "(define (%s . a) (ffi-apply \"%s\" %s a))", \ - (NAME), (NAME), ffi_schemify_name ("_" #F, 0)); \ + (NAME), (NAME), _fname); \ + free (_fname); \ } while (0) -#define ffi_define_function(SC, F) \ - ffi_define_function_name ((SC), ffi_schemify_name (#F, 0), F) +#define ffi_define_function(SC, F) \ + do { \ + char *_name = ffi_schemify_name (#F, 0); \ + ffi_define_function_name ((SC), _name, F); \ + free (_name); \ + } while (0) #define ffi_define_constant(SC, C) \ - scheme_define ((SC), \ - (SC)->global_env, \ - mk_symbol ((SC), ffi_schemify_name (#C, 1)), \ - mk_integer ((SC), (C))) + do { \ + char *_name = ffi_schemify_name (#C, 1); \ + scheme_define ((SC), \ + (SC)->global_env, \ + mk_symbol ((SC), _name), \ + mk_integer ((SC), (C))); \ + free (_name); \ + } while (0) #define ffi_define(SC, SYM, EXP) \ scheme_define ((SC), (SC)->global_env, mk_symbol ((SC), (SYM)), EXP) #define ffi_define_variable_pointer(SC, C, P) \ - scheme_define ((SC), \ - (SC)->global_env, \ - mk_symbol ((SC), ffi_schemify_name (#C, 0)), \ - (P)) + do { \ + char *_name = ffi_schemify_name (#C, 0); \ + scheme_define ((SC), \ + (SC)->global_env, \ + mk_symbol ((SC), _name), \ + (P)); \ + free (_name); \ + } while (0) #define ffi_define_variable_integer(SC, C) \ ffi_define_variable_pointer ((SC), C, (SC)->vptr->mk_integer ((SC), C)) diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index dcdadaa..acfe1c7 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -776,6 +776,9 @@ do_wait_processes (scheme *sc, pointer args) (long) retcodes[count-1-i]), retcodes_list); + xfree (names); + xfree (pids); + xfree (retcodes); FFI_RETURN_POINTER (sc, retcodes_list); } @@ -1098,7 +1101,7 @@ ffi_list2intv (scheme *sc, pointer list, int **intv, size_t *len) } -const char * +char * ffi_schemify_name (const char *s, int macro) { char *n = strdup (s), *p; diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c index 3414e3d..adb4e33 100644 --- a/tests/gpgscm/main.c +++ b/tests/gpgscm/main.c @@ -282,5 +282,6 @@ main (int argc, char **argv) } scheme_deinit (sc); + xfree (sc); return EXIT_SUCCESS; } commit 6cb2be91a7cc8a9b8ec42f3956adbb19347318e3 Author: Justus Winter Date: Tue Jun 28 18:10:01 2016 +0200 gpgscm: Free file names. * tests/gpgscm/scheme.c (scheme_load_named_file): Free file name. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index aabf400..4c28230 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -4938,6 +4938,11 @@ void scheme_load_named_file(scheme *sc, FILE *fin, const char *filename) { if(sc->retcode==0) { sc->retcode=sc->nesting!=0; } + +#if SHOW_ERROR_LINE + sc->free(sc->load_stack[0].rep.stdio.filename); + sc->load_stack[0].rep.stdio.filename = NULL; +#endif } void scheme_load_string(scheme *sc, const char *cmd) { commit 56cebdc30c10eaec179a6911e308074264d876ae Author: Justus Winter Date: Tue Jun 28 18:08:01 2016 +0200 gpgscm: Fix buffer overflow. * tests/gpgscm/scheme.c (store_string): Avoid writing past allocated buffer. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 486194c..aabf400 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -1026,7 +1026,8 @@ static char *store_string(scheme *sc, int len_str, const char *str, char fill) { return sc->strbuff; } if(str!=0) { - snprintf(q, len_str+1, "%s", str); + memcpy (q, str, len_str); + q[len_str]=0; } else { memset(q, fill, len_str); q[len_str]=0; commit c57501cc5fa84dbaf560c0fc18853c9540e918af Author: Justus Winter Date: Tue Jun 28 18:02:10 2016 +0200 g10: Fix memory leaks. * g10/keydb.c (keydb_get_keyblock): Free 'sigstatus' and 'iobuf'. * g10/t-keydb-get-keyblock.c: Fix trivial memory leaks. * g10/t-keydb.c: Likewise. Signed-off-by: Justus Winter diff --git a/g10/keydb.c b/g10/keydb.c index 17ddd5d..c483bb1 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1387,11 +1387,8 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) hd->keyblock_cache.pk_no = pk_no; hd->keyblock_cache.uid_no = uid_no; } - else - { - xfree (sigstatus); - iobuf_close (iobuf); - } + xfree (sigstatus); + iobuf_close (iobuf); } } break; diff --git a/g10/t-keydb-get-keyblock.c b/g10/t-keydb-get-keyblock.c index c12bab1..cab1448 100644 --- a/g10/t-keydb-get-keyblock.c +++ b/g10/t-keydb-get-keyblock.c @@ -59,4 +59,6 @@ do_test (int argc, char *argv[]) rc = keydb_get_keyblock (hd1, &kb1); TEST_P ("", ! rc); + + keydb_release (hd1); } diff --git a/g10/t-keydb.c b/g10/t-keydb.c index f0b7778..3606e2e 100644 --- a/g10/t-keydb.c +++ b/g10/t-keydb.c @@ -27,7 +27,7 @@ do_test (int argc, char *argv[]) int rc; KEYDB_HANDLE hd1, hd2; KEYDB_SEARCH_DESC desc1, desc2; - KBNODE kb1, kb2; + KBNODE kb1, kb2, p; char *uid1; char *uid2; char *fname; @@ -75,17 +75,19 @@ do_test (int argc, char *argv[]) if (rc) ABORT ("Failed to get keyblock for DBFC6AD9"); - while (kb1 && kb1->pkt->pkttype != PKT_USER_ID) - kb1 = kb1->next; - if (! kb1) + p = kb1; + while (p && p->pkt->pkttype != PKT_USER_ID) + p = p->next; + if (! p) ABORT ("DBFC6AD9 has no user id packet"); - uid1 = kb1->pkt->pkt.user_id->name; + uid1 = p->pkt->pkt.user_id->name; - while (kb2 && kb2->pkt->pkttype != PKT_USER_ID) - kb2 = kb2->next; - if (! kb2) + p = kb2; + while (p && p->pkt->pkttype != PKT_USER_ID) + p = p->next; + if (! p) ABORT ("1E42B367 has no user id packet"); - uid2 = kb2->pkt->pkt.user_id->name; + uid2 = p->pkt->pkt.user_id->name; if (verbose) { @@ -94,4 +96,9 @@ do_test (int argc, char *argv[]) } TEST_P ("cache consistency", strcmp (uid1, uid2) != 0); + + release_kbnode (kb1); + release_kbnode (kb2); + keydb_release (hd1); + keydb_release (hd2); } commit c14ef10fc347d966a1efcb5c2000cbf3aaafa905 Author: Justus Winter Date: Tue Jun 28 17:59:17 2016 +0200 common: Fix memory leaks. * common/ccparray.c (ccparray_put): Free old array. * common/stringhelp.c (do_make_filename): Free 'home'. * common/t-convert.c: Fix trivial memory leaks. * common/t-iobuf.c: Likewise. * common/t-mbox-util.c: Likewise. * common/t-name-value.c: Likewise. * common/t-stringhelp.c: Likewise. * common/t-strlist.c: Likewise. Signed-off-by: Justus Winter diff --git a/common/ccparray.c b/common/ccparray.c index 490dbf5..d3c2833 100644 --- a/common/ccparray.c +++ b/common/ccparray.c @@ -114,6 +114,7 @@ ccparray_put (ccparray_t *cpa, const char *value) } for (n=0; n < cpa->size; n++) newarray[n] = cpa->array[n]; + xfree (cpa->array); cpa->array = newarray; cpa->size = newsize; diff --git a/common/stringhelp.c b/common/stringhelp.c index 0e96c9e..95912e0 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -538,6 +538,7 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) home_buffer = xtrymalloc (n); if (!home_buffer) { + xfree (home); xfree (name); return NULL; } @@ -556,6 +557,7 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) else strcpy (stpcpy (stpcpy (p, home), "/"), name); + xfree (home); xfree (name); name = home_buffer; /* Let's do a simple compression to catch the most common diff --git a/common/t-convert.c b/common/t-convert.c index ad33dff..68824e0 100644 --- a/common/t-convert.c +++ b/common/t-convert.c @@ -234,6 +234,7 @@ test_bin2hex (void) fail (0); else if (strcmp (p, hexstuff)) fail (0); + xfree (p); p = bin2hex (stuff, (size_t)(-1), NULL); if (p) @@ -266,6 +267,7 @@ test_bin2hexcolon (void) fail (0); else if (strcmp (p, hexstuff)) fail (0); + xfree (p); p = bin2hexcolon (stuff, (size_t)(-1), NULL); if (p) diff --git a/common/t-iobuf.c b/common/t-iobuf.c index 2835df4..0e6f508 100644 --- a/common/t-iobuf.c +++ b/common/t-iobuf.c @@ -190,6 +190,8 @@ main (int argc, char *argv[]) n ++; } assert (n == 10 + (strlen (content) - 10) / 2); + + iobuf_close (iobuf); } @@ -266,6 +268,8 @@ main (int argc, char *argv[]) /* The string should have been truncated (max_len == 0). */ assert (max_len == 0); free (buffer); + + iobuf_close (iobuf); } { @@ -279,10 +283,12 @@ main (int argc, char *argv[]) int c; int n; int lastc = 0; + struct content_filter_state *state; iobuf = iobuf_temp_with_content (content, strlen(content)); rc = iobuf_push_filter (iobuf, - content_filter, content_filter_new (content2)); + content_filter, + state=content_filter_new (content2)); assert (rc == 0); n = 0; @@ -309,6 +315,9 @@ main (int argc, char *argv[]) /* printf ("%d: '%c' (%d)\n", n, c, c); */ } } + + iobuf_close (iobuf); + free (state); } /* Write some data to a temporary filter. Push a new filter. The @@ -346,6 +355,8 @@ main (int argc, char *argv[]) assert (n == strlen (content) + 2 * (strlen (content2) + 1)); assert (strcmp (buffer, "0123456789aabbcc") == 0); + + iobuf_close (iobuf); } { @@ -373,6 +384,8 @@ main (int argc, char *argv[]) assert (n == 2); assert (buffer[0] == '3'); assert (buffer[1] == '7'); + + iobuf_close (iobuf); } return 0; diff --git a/common/t-mbox-util.c b/common/t-mbox-util.c index dfa4ada..ff48f6c 100644 --- a/common/t-mbox-util.c +++ b/common/t-mbox-util.c @@ -87,6 +87,8 @@ run_test (void) fail (idx); else if (strcmp (mbox, testtbl[idx].mbox)) fail (idx); + + xfree (mbox); } } diff --git a/common/t-name-value.c b/common/t-name-value.c index fc9303b..3b01431 100644 --- a/common/t-name-value.c +++ b/common/t-name-value.c @@ -387,19 +387,19 @@ run_modification_tests (void) if (private_key_mode) { err = nvc_set_private_key (pk, key); - gcry_sexp_release (key); assert (err == 0); buf = nvc_to_string (pk); assert (strcmp (buf, "Key: (hello world)\n") == 0); xfree (buf); - nvc_release (pk); } else { err = nvc_set_private_key (pk, key); assert (gpg_err_code (err) == GPG_ERR_MISSING_KEY); } + gcry_sexp_release (key); + nvc_release (pk); } diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c index 4f4555e..ccadf02 100644 --- a/common/t-stringhelp.c +++ b/common/t-stringhelp.c @@ -223,6 +223,7 @@ test_strconcat (void) fail (0); else if (errno != EINVAL) fail (0); + xfree (out); #if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute. */ out = strconcat (NULL); @@ -232,6 +233,8 @@ test_strconcat (void) out = strconcat (NULL, NULL); if (!out || *out) fail (1); + xfree (out); + out = strconcat ("", NULL); if (!out || *out) fail (1); @@ -283,6 +286,7 @@ test_xstrconcat (void) "1", "2", "3", "4", "5", "6", "7", NULL); if (!out) fail (0); + xfree (out); #if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute. */ out = xstrconcat (NULL); @@ -292,6 +296,8 @@ test_xstrconcat (void) out = xstrconcat (NULL, NULL); if (!out) fail (1); + xfree (out); + out = xstrconcat ("", NULL); if (!out || *out) fail (1); @@ -534,6 +540,7 @@ test_strsplit (void) fail (tidx * 1000 + i + 1); } + xfree (fields); xfree (s2); } } diff --git a/common/t-strlist.c b/common/t-strlist.c index b033905..e49d5a7 100644 --- a/common/t-strlist.c +++ b/common/t-strlist.c @@ -67,6 +67,8 @@ test_strlist_rev (void) fail (2); if (s->next->next->next) fail (2); + + free_strlist (s); } ----------------------------------------------------------------------- Summary of changes: common/ccparray.c | 1 + common/stringhelp.c | 2 ++ common/t-convert.c | 2 ++ common/t-iobuf.c | 15 ++++++++++++++- common/t-mbox-util.c | 2 ++ common/t-name-value.c | 4 ++-- common/t-stringhelp.c | 7 +++++++ common/t-strlist.c | 2 ++ g10/keydb.c | 7 ++----- g10/t-keydb-get-keyblock.c | 2 ++ g10/t-keydb.c | 25 ++++++++++++++++--------- tests/gpgscm/ffi-private.h | 40 +++++++++++++++++++++++++++------------- tests/gpgscm/ffi.c | 5 ++++- tests/gpgscm/main.c | 1 + tests/gpgscm/scheme.c | 8 +++++++- 15 files changed, 91 insertions(+), 32 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 29 17:24:09 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 29 Jun 2016 17:24:09 +0200 Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-3-g643575f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 643575f38f545456afc456e1045b914d3d06bbb8 (commit) from a10532b6cf3527391bdb14470fbebf0205b9253a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 643575f38f545456afc456e1045b914d3d06bbb8 Author: Andre Heinecke Date: Wed Jun 29 17:17:48 2016 +0200 Ignore sent S/MIME Mails if S/MIME is disabled * src/mapihelp.cpp (mapi_change_message_class): Add check for S/MIME disabled. -- Outlook sets sent Mails to IPM.Note.SMIME (without suffix). When S/MIME is disabled we need to ignore these messages. Our own messages that are marked as S/MIME messages on send even if they are PGP Messages have the override message class set so they are not affected by this. GnuPG-Bug-Id: 2319 diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index 7d11364..e916209 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -1226,7 +1226,7 @@ mapi_change_message_class (LPMESSAGE message, int sync_override) { newvalue = change_message_class_ipm_note (message); } - else if (!strcmp (s, "IPM.Note.SMIME")) + else if (opt.enable_smime && !strcmp (s, "IPM.Note.SMIME")) { newvalue = change_message_class_ipm_note_smime (message); } ----------------------------------------------------------------------- Summary of changes: src/mapihelp.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 30 11:52:32 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Jun 2016 11:52:32 +0200 Subject: [git] gnupg-doc - branch, feature/shop, created. 26e6d558f3079c1a8b9ac95e5a9868d223894039 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, feature/shop has been created at 26e6d558f3079c1a8b9ac95e5a9868d223894039 (commit) - Log ----------------------------------------------------------------- commit 26e6d558f3079c1a8b9ac95e5a9868d223894039 Author: Werner Koch Date: Thu Jun 30 11:49:34 2016 +0200 faq: Add example for --quick-revuid top whats-new-in-2.1.org This example was prepared by Daniel Kahn Gillmor diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index 4c24b87..2bf6da0 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -430,6 +430,21 @@ The key listing also shows the default key listing format introduced with 2.1.13. There are a lot of other options to the =--quick-addkey= command which are described in the manual. +Since version 2.1.14 it possible to revoke a user id on an existing +key: + +#+begin_example +$ gpg2 -k 8CFDE12197965A9A +pub ed25519/8CFDE12197965A9A 2014-08-19 +uid [ unknown] Sample 2 +uid [ unknown] EdDSA sample key 1 +$ gpg2 --quick-revuid 8CFDE12197965A9A 'EdDSA sample key 1' +$ gpg2 -k 8CFDE12197965A9A +pub ed25519/8CFDE12197965A9A 2014-08-19 +uid [ unknown] Sample 2 +#+end_example + + ** Improved Pinentry support :PROPERTIES: :CUSTOM_ID: pinentry ----------------------------------------------------------------------- hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 30 12:02:00 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Jun 2016 12:02:00 +0200 Subject: [git] gnupg-doc - branch, master, updated. 993149b9b8f1e3b5bbcd928044bd52f124b822d8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 993149b9b8f1e3b5bbcd928044bd52f124b822d8 (commit) via 26e6d558f3079c1a8b9ac95e5a9868d223894039 (commit) from 4067a95404b385f133ac4bdecc190bcf09b56d48 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 993149b9b8f1e3b5bbcd928044bd52f124b822d8 Merge: 4067a95 26e6d55 Author: Werner Koch Date: Thu Jun 30 11:58:51 2016 +0200 Merge branch 'feature/shop' I accidently commited stuff to that feature branch. ----------------------------------------------------------------------- Summary of changes: web/faq/whats-new-in-2.1.org | 15 +++++++++++++++ 1 file changed, 15 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 30 12:02:52 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 30 Jun 2016 12:02:52 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-71-g55d112e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 55d112eeb0743e90be46d15dbae67368ee7d4b50 (commit) from 5d6c83deaa11327366b0038928200b9f9f85b426 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 55d112eeb0743e90be46d15dbae67368ee7d4b50 Author: Daniel Kahn Gillmor Date: Thu Jun 16 18:05:57 2016 -0400 g10: Implement gpg --quick-revuid * g10/revoke.c (get_default_uid_revocation_reason): New. * g10/keyedit.c (menu_revuid): Break out creation of uid revocation into new function core_revuid. * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and uid, invokes core_revuid. * g10/gpg.c (main): Handle --quick-revuid argument. * doc/gpg.texi: Document --quick-revuid. -- This functionality is a counterpart to --quick-adduid, and will be useful for projects that depend programmatically on gpg to revoke user IDs (one such example is "monkeysphere-host revoke-servicename"). Signed-off-by: Daniel Kahn Gillmor - Minor re-indentation work. - Changed a "0 == memcmp" to "!memcmp" - Removed tests/openpgp/quick-key-manipulation.test from the Makefile. This test needs to be converted to gpgscm. - Removed example from whats-new-in-2.1.txt because that is generated. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index b8fda96..6f0249a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1041,6 +1041,15 @@ the interactive sub-command @code{adduid} of @option{--edit-key} the white space removed, it is expected to be UTF-8 encoded, and no checks on its form are applied. + at item --quick-revuid @var{user-id} @var{user-id-to-revoke} + at opindex quick-revuid +This command revokes a User ID on an existing key. It cannot be used +to revoke the last User ID on key (some non-revoked User ID must +remain), with revocation reason ``User ID is no longer valid''. If +you want to specify a different revocation reason, or to supply +supplementary revocation text, you should use the interactive +sub-command @code{revuid} of @option{--edit-key}. + @item --passwd @var{user_id} @opindex passwd Change the passphrase of the secret key belonging to the certificate diff --git a/g10/gpg.c b/g10/gpg.c index 9750c57..b1d6c34 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -118,6 +118,7 @@ enum cmd_and_opt_values aQuickLSignKey, aQuickAddUid, aQuickAddKey, + aQuickRevUid, aListConfig, aListGcryptConfig, aGPGConfList, @@ -431,6 +432,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aQuickAddUid, "quick-adduid", N_("quickly add a new user-id")), ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"), + ARGPARSE_c (aQuickRevUid, "quick-revuid", + N_("quickly revoke a user-id")), ARGPARSE_c (aFullKeygen, "full-gen-key" , N_("full featured key pair generation")), ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")), @@ -2434,6 +2437,7 @@ main (int argc, char **argv) case aQuickKeygen: case aQuickAddUid: case aQuickAddKey: + case aQuickRevUid: case aExportOwnerTrust: case aImportOwnerTrust: case aRebuildKeydbCaches: @@ -3785,6 +3789,7 @@ main (int argc, char **argv) case aQuickKeygen: case aQuickAddUid: case aQuickAddKey: + case aQuickRevUid: case aFullKeygen: case aKeygen: case aImport: @@ -4204,6 +4209,18 @@ main (int argc, char **argv) } break; + case aQuickRevUid: + { + const char *uid, *uidtorev; + + if (argc != 2) + wrong_args ("--quick-revuid USER-ID USER-ID-TO-REVOKE"); + uid = *argv++; argc--; + uidtorev = *argv++; argc--; + keyedit_quick_revuid (ctrl, uid, uidtorev); + } + break; + case aFastImport: opt.import_options |= IMPORT_FAST; case aImport: diff --git a/g10/keyedit.c b/g10/keyedit.c index d05ea5d..65f671e 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -87,6 +87,9 @@ static int real_uids_left (KBNODE keyblock); static int count_selected_keys (KBNODE keyblock); static int menu_revsig (KBNODE keyblock); static int menu_revuid (ctrl_t ctrl, kbnode_t keyblock); +static int core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node, + const struct revocation_reason_info *reason, + int *modified); static int menu_revkey (KBNODE pub_keyblock); static int menu_revsubkey (KBNODE pub_keyblock); #ifndef NO_TRUST_MODELS @@ -2937,6 +2940,110 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) keydb_release (kdbhd); } +/* Unattended revokation of a keyid. USERNAME specifies the + key. UIDTOREV is the user id revoke from the key. */ +void +keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) +{ + gpg_error_t err; + KEYDB_HANDLE kdbhd = NULL; + KEYDB_SEARCH_DESC desc; + kbnode_t keyblock = NULL; + kbnode_t node; + int modified = 0; + size_t revlen; + +#ifdef HAVE_W32_SYSTEM + /* See keyedit_menu for why we need this. */ + check_trustdb_stale (); +#endif + + /* Search the key; we don't want the whole getkey stuff here. */ + kdbhd = keydb_new (); + if (!kdbhd) + { + /* Note that keydb_new has already used log_error. */ + goto leave; + } + + err = classify_user_id (username, &desc, 1); + if (!err) + err = keydb_search (kdbhd, &desc, 1, NULL); + if (!err) + { + err = keydb_get_keyblock (kdbhd, &keyblock); + if (err) + { + log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); + goto leave; + } + /* Now with the keyblock retrieved, search again to detect an + ambiguous specification. We need to save the found state so + that we can do an update later. */ + keydb_push_found_state (kdbhd); + err = keydb_search (kdbhd, &desc, 1, NULL); + if (!err) + err = gpg_error (GPG_ERR_AMBIGUOUS_NAME); + else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + err = 0; + keydb_pop_found_state (kdbhd); + + if (!err) + { + /* We require the secret primary key to revoke a UID. */ + node = find_kbnode (keyblock, PKT_PUBLIC_KEY); + if (!node) + BUG (); + err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key); + } + } + if (err) + { + log_error (_("secret key \"%s\" not found: %s\n"), + username, gpg_strerror (err)); + goto leave; + } + + fix_keyblock (&keyblock); + setup_main_keyids (keyblock); + + revlen = strlen (uidtorev); + /* find the right UID */ + for (node = keyblock; node; node = node->next) + { + if (node->pkt->pkttype == PKT_USER_ID + && revlen == node->pkt->pkt.user_id->len + && !memcmp (node->pkt->pkt.user_id->name, uidtorev, revlen)) + { + struct revocation_reason_info *reason; + + reason = get_default_uid_revocation_reason (); + err = core_revuid (ctrl, keyblock, node, reason, &modified); + release_revocation_reason_info (reason); + if (err) + { + log_error (_("User ID revocation failed: %s\n"), + gpg_strerror (err)); + goto leave; + } + err = keydb_update_keyblock (kdbhd, keyblock); + if (err) + { + log_error (_("update failed: %s\n"), gpg_strerror (err)); + goto leave; + } + + if (update_trust) + revalidation_mark (); + goto leave; + } + } + + leave: + release_kbnode (keyblock); + keydb_release (kdbhd); +} + /* Find a keyblock by fingerprint because only this uniquely * identifies a key and may thus be used to select a key for @@ -6106,6 +6213,95 @@ reloop: /* (must use this, because we are modifing the list) */ } +/* return 0 if revocation of NODE (which must be a User ID) was + successful, non-zero if there was an error. *modified will be set + to 1 if a change was made. */ +static int +core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node, + const struct revocation_reason_info *reason, int *modified) +{ + PKT_public_key *pk = keyblock->pkt->pkt.public_key; + gpg_error_t rc; + + if (node->pkt->pkttype != PKT_USER_ID) + { + rc = gpg_error (GPG_ERR_NO_USER_ID); + write_status_error ("keysig", rc); + log_error (_("tried to revoke a non-user ID: %s\n"), gpg_strerror (rc)); + return 1; + } + else + { + PKT_user_id *uid = node->pkt->pkt.user_id; + + if (uid->is_revoked) + { + char *user = utf8_to_native (uid->name, uid->len, 0); + log_info (_("user ID \"%s\" is already revoked\n"), user); + xfree (user); + } + else + { + PACKET *pkt; + PKT_signature *sig; + struct sign_attrib attrib; + u32 timestamp = make_timestamp (); + + if (uid->created >= timestamp) + { + /* Okay, this is a problem. The user ID selfsig was + created in the future, so we need to warn the user and + set our revocation timestamp one second after that so + everything comes out clean. */ + + log_info (_("WARNING: a user ID signature is dated %d" + " seconds in the future\n"), + uid->created - timestamp); + + timestamp = uid->created + 1; + } + + memset (&attrib, 0, sizeof attrib); + /* should not need to cast away const here; but + revocation_reason_build_cb needs to take a non-const + void* in order to meet the function signtuare for the + mksubpkt argument to make_keysig_packet */ + attrib.reason = (struct revocation_reason_info *)reason; + + rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0, + timestamp, 0, + sign_mk_attrib, &attrib, NULL); + if (rc) + { + write_status_error ("keysig", rc); + log_error (_("signing failed: %s\n"), gpg_strerror (rc)); + return 1; + } + else + { + pkt = xmalloc_clear (sizeof *pkt); + pkt->pkttype = PKT_SIGNATURE; + pkt->pkt.signature = sig; + insert_kbnode (node, new_kbnode (pkt), 0); + +#ifndef NO_TRUST_MODELS + /* If the trustdb has an entry for this key+uid then the + trustdb needs an update. */ + if (!update_trust + && ((get_validity (ctrl, pk, uid, NULL, 0) & TRUST_MASK) + >= TRUST_UNDEFINED)) + update_trust = 1; +#endif /*!NO_TRUST_MODELS*/ + + node->pkt->pkt.user_id->is_revoked = 1; + if (modified) + *modified = 1; + } + } + return 0; + } +} + /* Revoke a user ID (i.e. revoke a user ID selfsig). Return true if keyblock changed. */ static int @@ -6132,75 +6328,20 @@ menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock) goto leave; } - reloop: /* (better this way because we are modifing the keyring) */ + reloop: /* (better this way because we are modifying the keyring) */ for (node = pub_keyblock; node; node = node->next) if (node->pkt->pkttype == PKT_USER_ID && (node->flag & NODFLG_SELUID)) { - PKT_user_id *uid = node->pkt->pkt.user_id; - - if (uid->is_revoked) - { - char *user = utf8_to_native (uid->name, uid->len, 0); - log_info (_("user ID \"%s\" is already revoked\n"), user); - xfree (user); - } - else - { - PACKET *pkt; - PKT_signature *sig; - struct sign_attrib attrib; - u32 timestamp = make_timestamp (); - - if (uid->created >= timestamp) - { - /* Okay, this is a problem. The user ID selfsig was - created in the future, so we need to warn the user and - set our revocation timestamp one second after that so - everything comes out clean. */ - - log_info (_("WARNING: a user ID signature is dated %d" - " seconds in the future\n"), - uid->created - timestamp); - - timestamp = uid->created + 1; - } - - memset (&attrib, 0, sizeof attrib); - attrib.reason = reason; - + int modified = 0; + rc = core_revuid (ctrl, pub_keyblock, node, reason, &modified); + if (rc) + goto leave; + if (modified) + { node->flag &= ~NODFLG_SELUID; - - rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0, - timestamp, 0, - sign_mk_attrib, &attrib, NULL); - if (rc) - { - write_status_error ("keysig", rc); - log_error (_("signing failed: %s\n"), gpg_strerror (rc)); - goto leave; - } - else - { - pkt = xmalloc_clear (sizeof *pkt); - pkt->pkttype = PKT_SIGNATURE; - pkt->pkt.signature = sig; - insert_kbnode (node, new_kbnode (pkt), 0); - -#ifndef NO_TRUST_MODELS - /* If the trustdb has an entry for this key+uid then the - trustdb needs an update. */ - if (!update_trust - && (get_validity (ctrl, pk, uid, NULL, 0) & TRUST_MASK) >= - TRUST_UNDEFINED) - update_trust = 1; -#endif /*!NO_TRUST_MODELS*/ - - changed = 1; - node->pkt->pkt.user_id->is_revoked = 1; - - goto reloop; - } - } + changed = 1; + goto reloop; + } } if (changed) diff --git a/g10/main.h b/g10/main.h index e6f2070..322f43c 100644 --- a/g10/main.h +++ b/g10/main.h @@ -289,6 +289,8 @@ void keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid); void keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr, const char *usagestr, const char *expirestr); +void keyedit_quick_revuid (ctrl_t ctrl, const char *username, + const char *uidtorev); void keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, strlist_t locusr, int local); void show_basic_key_info (KBNODE keyblock); @@ -407,6 +409,7 @@ int gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr); int revocation_reason_build_cb( PKT_signature *sig, void *opaque ); struct revocation_reason_info * ask_revocation_reason( int key_rev, int cert_rev, int hint ); +struct revocation_reason_info * get_default_uid_revocation_reason(void); void release_revocation_reason_info( struct revocation_reason_info *reason ); /*-- keylist.c --*/ diff --git a/g10/revoke.c b/g10/revoke.c index 218ca59..15a91ac 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -862,6 +862,16 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint ) return reason; } +struct revocation_reason_info * +get_default_uid_revocation_reason(void) +{ + struct revocation_reason_info *reason; + reason = xmalloc( sizeof *reason ); + reason->code = 0x20; /* uid is no longer valid */ + reason->desc = strdup(""); /* no text */ + return reason; +} + void release_revocation_reason_info( struct revocation_reason_info *reason ) { diff --git a/tests/openpgp/quick-key-manipulation.test b/tests/openpgp/quick-key-manipulation.test new file mode 100755 index 0000000..4185601 --- /dev/null +++ b/tests/openpgp/quick-key-manipulation.test @@ -0,0 +1,70 @@ +#!/bin/sh +# Copyright 2016 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +. $srcdir/defs.inc || exit 3 + +export PINENTRY_USER_DATA=test + +alpha="Alpha " +bravo="Bravo " + +$GPG --with-colons --with-fingerprint --list-secret-keys ="$alpha" && + error "User ID '$alpha'exists when it should not!" +$GPG --with-colons --with-fingerprint --list-secret-keys ="$bravo" && + error "User ID '$bravo' exists when it should not!" + +#info verify that key creation works +$GPG --quick-gen-key "$alpha" || \ + error "failed to generate key" + +fpr=$($GPG --with-colons --with-fingerprint --list-secret-keys ="$alpha" | \ + grep '^fpr:' | cut -f10 -d: | head -n1) + +$GPG --check-trustdb + +cleanup() { + $GPG --batch --yes --delete-secret-key "0x$fpr" + $GPG --batch --yes --delete-key "0x$fpr" +} + +count_uids_of_secret() { + if ! [ $($GPG --with-colons --list-secret-keys ="$1" | \ + grep -c '^uid:u:') = "$2" ] ; then + cleanup + error "wrong number of user IDs for '$1' after $3" + fi +} + +count_uids_of_secret "$alpha" 1 "key generation" + +#info verify that we can add a user ID +if ! $GPG --quick-adduid ="$alpha" "$bravo" ; then + cleanup + error "failed to add user id" +fi + +$GPG --check-trustdb + +count_uids_of_secret "$alpha" 2 "adding User ID" +count_uids_of_secret "$bravo" 2 "adding User ID" + +#info verify that we can revoke a user ID +if ! $GPG --quick-revuid ="$bravo" "$alpha"; then + cleanup + error "failed to revoke user id" +fi + +$GPG --check-trustdb + +count_uids_of_secret "$bravo" 1 "revoking user ID" + +cleanup + +! $GPG --with-colons --list-secret-keys ="$bravo" || + error "key still exists when it should not!" ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 9 + g10/gpg.c | 17 ++ g10/keyedit.c | 271 +++++++++++++++++++++++------- g10/main.h | 3 + g10/revoke.c | 10 ++ tests/openpgp/quick-key-manipulation.test | 70 ++++++++ 6 files changed, 315 insertions(+), 65 deletions(-) create mode 100755 tests/openpgp/quick-key-manipulation.test hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 30 13:02:41 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Jun 2016 13:02:41 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.1-10-g6965515 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6965515c73632a088fb126a4a55e95121671fa98 (commit) from 4d634a098742ff425b324e9f2a67b9f62de09744 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6965515c73632a088fb126a4a55e95121671fa98 Author: Werner Koch Date: Thu Jun 30 13:00:50 2016 +0200 random: Remove debug message about not supported getrandom syscall. * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove log_debug for getrandom error ENOSYS. Signed-off-by: Werner Koch diff --git a/random/rndlinux.c b/random/rndlinux.c index f08c9f9..2b563bf 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -275,7 +275,6 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, length -= nbytes; continue; /* until LENGTH is zero. */ } - log_debug ("syscall(getrandom) not supported; errno = %d\n", errno); } #endif ----------------------------------------------------------------------- Summary of changes: random/rndlinux.c | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 30 15:31:00 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 30 Jun 2016 15:31:00 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-72-gdbcb342 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via dbcb342eaf1738798a5378d9ecd83c7946140d54 (commit) from 55d112eeb0743e90be46d15dbae67368ee7d4b50 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dbcb342eaf1738798a5378d9ecd83c7946140d54 Author: Justus Winter Date: Thu Jun 30 15:28:42 2016 +0200 w32: Fix build. * g10/keyedit.c (keyedit_quick_revuid): Fix call to 'check_trustdb_stale'. Fixes-commit: 55d112ee Signed-off-by: Justus Winter diff --git a/g10/keyedit.c b/g10/keyedit.c index 65f671e..9ebd643 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2955,7 +2955,7 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) #ifdef HAVE_W32_SYSTEM /* See keyedit_menu for why we need this. */ - check_trustdb_stale (); + check_trustdb_stale (ctrl); #endif /* Search the key; we don't want the whole getkey stuff here. */ ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 30 18:52:59 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 30 Jun 2016 18:52:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.13-86-g8f39185 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8f39185d7bfa0bc749f9ccf4a041d2da4eba24ff (commit) via 401db0eebbcd28dca8f4059706bfbd18d8cc7528 (commit) via eb4cdbefb05795b77a8a72189eff246b84442caf (commit) via 1de362af9094e0a1a0be60f77fbea7c5190a4dcc (commit) via 6b9a89e4c7d6f19de62e0a908a8d80c98bf99819 (commit) via d2d19063d3adf29340aeb39f14e1b1e9aacf41e7 (commit) via 9037c23979866e6e085b3e32f973bcba590a2635 (commit) via 29beea6462cca32d3278b0f7f9364ff4342327b8 (commit) via 5869f518cbd8b41b4c9880fc593216b9efeea430 (commit) via 84f262102be19334534cccc66ed7eceea2714527 (commit) via abae8a9dc8a00cf46291ccb40644b3a7aa477307 (commit) via 5003caa8fdc80afd5748835c06621014f83e6ec4 (commit) via 599ad21104e622acbd1230d90d6a23abf9145499 (commit) via d4ede89981c769b0626ab2b37615da1d12a3b078 (commit) from dbcb342eaf1738798a5378d9ecd83c7946140d54 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8f39185d7bfa0bc749f9ccf4a041d2da4eba24ff Author: Justus Winter Date: Thu Jun 30 13:53:12 2016 +0200 tools: Fix trivial memory leak. * tools/gpg-connect-agent.c (main): Fix trivial memory leak. Signed-off-by: Justus Winter diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index 1cd554f..6b5f507 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -1879,6 +1879,16 @@ main (int argc, char **argv) if (opt.verbose) log_info ("closing connection to agent\n"); + /* XXX: We would like to release the context here, but libassuan + nicely says good bye to the server, which results in a SIGPIPE if + the server died. Unfortunately, libassuan does not ignore + SIGPIPE when used with UNIX sockets, hence we simply leak the + context here. */ + if (0) + assuan_release (ctx); + else + gpgrt_annotate_leaked_object (ctx); + xfree (line); return 0; } commit 401db0eebbcd28dca8f4059706bfbd18d8cc7528 Author: Justus Winter Date: Thu Jun 30 18:49:15 2016 +0200 g10: Fix memory leak. * g10/export.c (do_export_stream): Free secret parameters. Signed-off-by: Justus Winter diff --git a/g10/export.c b/g10/export.c index b067376..4137235 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1557,6 +1557,15 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, xfree (pk->seckey_info); pk->seckey_info = NULL; + { + int i; + for (i = pubkey_get_npkey (pk->pubkey_algo); + i < pubkey_get_nskey (pk->pubkey_algo); i++) + { + gcry_mpi_release (pk->pkey[i]); + pk->pkey[i] = NULL; + } + } xfree (hexgrip); } else commit eb4cdbefb05795b77a8a72189eff246b84442caf Author: Justus Winter Date: Thu Jun 30 18:45:02 2016 +0200 g10: Fix memory leak. * g10/keygen.c (read_parameter_file): Free 'line'. Signed-off-by: Justus Winter diff --git a/g10/keygen.c b/g10/keygen.c index c561275..11eb587 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3481,6 +3481,7 @@ read_parameter_file (ctrl_t ctrl, const char *fname ) xfree( outctrl.pub.newfname ); } + xfree (line); release_parameter_list( para ); iobuf_close (fp); release_armor_context (outctrl.pub.afx); commit 1de362af9094e0a1a0be60f77fbea7c5190a4dcc Author: Justus Winter Date: Thu Jun 30 17:55:06 2016 +0200 g10: Fix memory leak. * g10/sign.c (mk_notation_policy_etc): Free 'mbox'. Signed-off-by: Justus Winter diff --git a/g10/sign.c b/g10/sign.c index 5e46797..0f16e96 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -156,6 +156,7 @@ mk_notation_policy_etc (PKT_signature *sig, if (DBG_LOOKUP) log_debug ("setting Signer's UID to '%s'\n", mbox); build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID, mbox, strlen (mbox)); + xfree (mbox); } } } commit 6b9a89e4c7d6f19de62e0a908a8d80c98bf99819 Author: Justus Winter Date: Thu Jun 30 17:38:48 2016 +0200 common: Fix memory leak. * g10/textfilter.c (copy_clearsig_text): Free buffer. Signed-off-by: Justus Winter diff --git a/g10/textfilter.c b/g10/textfilter.c index 5929c5f..6ca4f88 100644 --- a/g10/textfilter.c +++ b/g10/textfilter.c @@ -240,5 +240,6 @@ copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md, if( truncated ) log_info(_("input line longer than %d characters\n"), MAX_LINELEN ); + xfree (buffer); return 0; /* okay */ } commit d2d19063d3adf29340aeb39f14e1b1e9aacf41e7 Author: Justus Winter Date: Thu Jun 30 17:29:19 2016 +0200 common: Fix memory leak. * common/iobuf.c (iobuf_set_partial_body_length_mode): Only create context if necessary. Signed-off-by: Justus Winter diff --git a/common/iobuf.c b/common/iobuf.c index c8ec00f..f3d67b4 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -2530,9 +2530,6 @@ iobuf_get_fname_nonnull (iobuf_t a) void iobuf_set_partial_body_length_mode (iobuf_t a, size_t len) { - block_filter_ctx_t *ctx = xcalloc (1, sizeof *ctx); - - ctx->use = a->use; if (!len) /* Disable partial body length mode. */ { @@ -2546,6 +2543,8 @@ iobuf_set_partial_body_length_mode (iobuf_t a, size_t len) else /* Enabled partial body length mode. */ { + block_filter_ctx_t *ctx = xcalloc (1, sizeof *ctx); + ctx->use = a->use; ctx->partial = 1; ctx->size = 0; ctx->first_c = len; commit 9037c23979866e6e085b3e32f973bcba590a2635 Author: Justus Winter Date: Thu Jun 30 17:23:48 2016 +0200 common: Fix memory leak. * common/simple-pwquery.c (agent_open): Free socket path. Signed-off-by: Justus Winter diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c index bdad140..708b157 100644 --- a/common/simple-pwquery.c +++ b/common/simple-pwquery.c @@ -340,6 +340,7 @@ agent_open (int *rfd) if ( !(p = strchr ( infostr, PATHSEP_C)) || p == infostr || (p-infostr)+1 >= sizeof client_addr.sun_path ) { + spwq_free (infostr); return SPWQ_NO_AGENT; } *p++ = 0; @@ -357,12 +358,14 @@ agent_open (int *rfd) #ifdef SPWQ_USE_LOGGING log_error ("can't create socket: %s\n", strerror(errno) ); #endif + spwq_free (infostr); return SPWQ_SYS_ERROR; } memset (&client_addr, 0, sizeof client_addr); client_addr.sun_family = AF_UNIX; strcpy (client_addr.sun_path, infostr); + spwq_free (infostr); len = SUN_LEN (&client_addr); #ifdef HAVE_W32_SYSTEM @@ -373,7 +376,8 @@ agent_open (int *rfd) if (rc == -1) { #ifdef SPWQ_USE_LOGGING - log_error ( _("can't connect to '%s': %s\n"), infostr, strerror (errno)); + log_error (_("can't connect to '%s': %s\n"), + client_addr.sun_path, strerror (errno)); #endif close (fd ); return SPWQ_IO_ERROR; commit 29beea6462cca32d3278b0f7f9364ff4342327b8 Author: Justus Winter Date: Thu Jun 30 17:09:59 2016 +0200 g10: Fix keybox-related memory leaks. * g10/keydb.c (keydb_release): Clear keyblock cache. (keydb_get_keyblock): Revert previous change. * kbx/keybox-blob.c (create_blob_finish): Free previous buffer, free fixups after applying them. (_keybox_release_blob): Free buffer. Currently, the buffer has been extracted before the keybox is released, but this is the right thing to do here. Fixes-commit: c57501cc Signed-off-by: Justus Winter diff --git a/g10/keydb.c b/g10/keydb.c index c483bb1..e49e25f 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -937,6 +937,7 @@ keydb_release (KEYDB_HANDLE hd) } } + keyblock_cache_clear (hd); xfree (hd); } @@ -1387,8 +1388,11 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) hd->keyblock_cache.pk_no = pk_no; hd->keyblock_cache.uid_no = uid_no; } - xfree (sigstatus); - iobuf_close (iobuf); + else + { + xfree (sigstatus); + iobuf_close (iobuf); + } } } break; diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c index 556605a..896f137 100644 --- a/kbx/keybox-blob.c +++ b/kbx/keybox-blob.c @@ -661,18 +661,24 @@ create_blob_finish (KEYBOXBLOB blob) /* do the fixups */ if (blob->fixup_out_of_core) - return gpg_error (GPG_ERR_ENOMEM); + { + xfree (p); + return gpg_error (GPG_ERR_ENOMEM); + } { - struct fixup_list *fl; - for (fl = blob->fixups; fl; fl = fl->next) + struct fixup_list *fl, *next; + for (fl = blob->fixups; fl; fl = next) { assert (fl->off+4 <= n); p[fl->off+0] = fl->val >> 24; p[fl->off+1] = fl->val >> 16; p[fl->off+2] = fl->val >> 8; p[fl->off+3] = fl->val; + next = fl->next; + xfree (fl); } + blob->fixups = NULL; } /* Compute and store the SHA-1 checksum. */ @@ -680,8 +686,12 @@ create_blob_finish (KEYBOXBLOB blob) pp = xtrymalloc (n); if ( !pp ) - return gpg_error_from_syserror (); + { + xfree (p); + return gpg_error_from_syserror (); + } memcpy (pp , p, n); + xfree (p); blob->blob = pp; blob->bloblen = n; @@ -1000,7 +1010,11 @@ _keybox_release_blob (KEYBOXBLOB blob) int i; if (!blob) return; - /* hmmm: release membuf here?*/ + if (blob->buf) + { + size_t len; + xfree (get_membuf (blob->buf, &len)); + } xfree (blob->keys ); xfree (blob->serialbuf); for (i=0; i < blob->nuids; i++) commit 5869f518cbd8b41b4c9880fc593216b9efeea430 Author: Justus Winter Date: Thu Jun 30 15:26:06 2016 +0200 g10: Fix memory leak. * g10/compress.c (release_context): Free buffers. Signed-off-by: Justus Winter diff --git a/g10/compress.c b/g10/compress.c index bdddef1..c34beec 100644 --- a/g10/compress.c +++ b/g10/compress.c @@ -295,6 +295,10 @@ compress_filter( void *opaque, int control, static void release_context (compress_filter_context_t *ctx) { + xfree(ctx->inbuf); + ctx->inbuf = NULL; + xfree(ctx->outbuf); + ctx->outbuf = NULL; xfree (ctx); } commit 84f262102be19334534cccc66ed7eceea2714527 Author: Justus Winter Date: Thu Jun 30 14:00:46 2016 +0200 g10: Fix memory leak. * g10/sign.c (write_plaintext_packet): Free packet. Signed-off-by: Justus Winter diff --git a/g10/sign.c b/g10/sign.c index 3a96f0f..5e46797 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -627,6 +627,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode) log_error ("build_packet(PLAINTEXT) failed: %s\n", gpg_strerror (rc) ); pt->buf = NULL; + free_packet (&pkt); } else { byte copy_buffer[4096]; commit abae8a9dc8a00cf46291ccb40644b3a7aa477307 Author: Justus Winter Date: Thu Jun 30 13:41:10 2016 +0200 g10: Fix memory leak. * g10/mainproc.c (release_list): Do not exit early if list is NULL, there are other resources that must be released. Signed-off-by: Justus Winter diff --git a/g10/mainproc.c b/g10/mainproc.c index c191fe0..4217ccd 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -124,8 +124,6 @@ reset_literals_seen(void) static void release_list( CTX c ) { - if (!c->list) - return; proc_tree (c, c->list); release_kbnode (c->list); while (c->pkenc_list) commit 5003caa8fdc80afd5748835c06621014f83e6ec4 Author: Justus Winter Date: Thu Jun 30 12:45:15 2016 +0200 gpgscm: Fix reallocating string ports. * tests/gpgscm/scheme.c (realloc_port_string): Use memcpy because Scheme strings may contain 0s. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 5f2f205..0a76205 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -1620,12 +1620,13 @@ static void backchar(scheme *sc, int c) { static int realloc_port_string(scheme *sc, port *p) { char *start=p->rep.string.start; + size_t old_size = p->rep.string.past_the_end - start; size_t new_size=p->rep.string.past_the_end-start+1+BLOCK_SIZE; char *str=sc->malloc(new_size); if(str) { memset(str,' ',new_size-1); str[new_size-1]='\0'; - strcpy(str,start); + memcpy(str, start, old_size); p->rep.string.start=str; p->rep.string.past_the_end=str+new_size-1; p->rep.string.curr-=start-str; commit 599ad21104e622acbd1230d90d6a23abf9145499 Author: Justus Winter Date: Thu Jun 30 12:35:27 2016 +0200 gpgscm: Free memory backing string ports. * tests/gpgscm/scheme.c (finalize_cell): Free memory backing string ports. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index 4c28230..5f2f205 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -1390,6 +1390,8 @@ static void finalize_cell(scheme *sc, pointer a) { if(a->_object._port->kind&port_file && a->_object._port->rep.stdio.closeit) { port_close(sc,a,port_input|port_output); + } else if (a->_object._port->kind & port_srfi6) { + sc->free(a->_object._port->rep.string.start); } sc->free(a->_object._port); } else if(is_foreign_object(a)) { commit d4ede89981c769b0626ab2b37615da1d12a3b078 Author: Justus Winter Date: Thu Jun 30 11:46:38 2016 +0200 gpgscm: Use the allocator from libgcrypt. * tests/gpgscm/main.c (main): Use the allocator from libgcrypt. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c index adb4e33..5b3792e 100644 --- a/tests/gpgscm/main.c +++ b/tests/gpgscm/main.c @@ -39,6 +39,7 @@ #include "../../common/logging.h" #include "../../common/strlist.h" #include "../../common/sysutils.h" +#include "../../common/util.h" /* The TinyScheme banner. Unfortunately, it isn't in the header file. */ @@ -236,7 +237,7 @@ main (int argc, char **argv) if (log_get_errorcount (0)) exit (2); - sc = scheme_init_new (); + sc = scheme_init_new_custom_alloc (gcry_malloc, gcry_free); if (! sc) { fprintf (stderr, "Could not initialize TinyScheme!\n"); return 2; ----------------------------------------------------------------------- Summary of changes: common/iobuf.c | 5 ++--- common/simple-pwquery.c | 6 +++++- g10/compress.c | 4 ++++ g10/export.c | 9 +++++++++ g10/keydb.c | 8 ++++++-- g10/keygen.c | 1 + g10/mainproc.c | 2 -- g10/sign.c | 2 ++ g10/textfilter.c | 1 + kbx/keybox-blob.c | 24 +++++++++++++++++++----- tests/gpgscm/main.c | 3 ++- tests/gpgscm/scheme.c | 5 ++++- tools/gpg-connect-agent.c | 10 ++++++++++ 13 files changed, 65 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org