From cvs at cvs.gnupg.org Tue Mar 1 02:27:49 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 01 Mar 2016 02:27:49 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.21-11-g34b0714 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 34b07146bbb0863436fc9381a84314b18bdfb807 (commit) from 49655fb6ef39b307787e1b6e00c996f9c7db64f7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 34b07146bbb0863436fc9381a84314b18bdfb807 Author: NIIBE Yutaka Date: Tue Mar 1 10:25:18 2016 +0900 Fix for Solaris. * src/gen-posix-lock-obj.c (USE_DOUBLE_FOR_ALIGNMENT): Check LP64. -- Signed-off-by: NIIBE Yutaka This fixes commit 5168b97. diff --git a/src/gen-posix-lock-obj.c b/src/gen-posix-lock-obj.c index 83356ad..5efc930 100644 --- a/src/gen-posix-lock-obj.c +++ b/src/gen-posix-lock-obj.c @@ -43,7 +43,7 @@ #endif /* Special requirements for certain platforms. */ -#if defined(__solaris__) && (defined (__ILP32__) || defined(_ILP32)) +#if defined(__solaris__) && !defined (__LP64__) && !defined(_LP64) # define USE_DOUBLE_FOR_ALIGNMENT 1 #else # define USE_DOUBLE_FOR_ALIGNMENT 0 ----------------------------------------------------------------------- Summary of changes: src/gen-posix-lock-obj.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 1 16:11:21 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 01 Mar 2016 16:11:21 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-75-g9a1778a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9a1778abcae0a7afe33be8e02b6d9a909463cd54 (commit) via 3a1d142f9b71721a631cf2037665e9def60aa384 (commit) from 2de0d41219a522e01f050d475b3ddecb9173fc7d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9a1778abcae0a7afe33be8e02b6d9a909463cd54 Author: Justus Winter Date: Tue Mar 1 15:07:29 2016 +0100 dirmngr: Add missing CFLAGS. * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add 'GPG_ERROR_CFLAGS'. (t_dns_stuff_CFLAGS): Likewise. Signed-off-by: Justus Winter diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 1c74d10..1e32990 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -140,10 +140,12 @@ t_ldap_parse_uri_SOURCES = \ t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \ http.c dns-stuff.c \ $(ldap_url) $(t_common_src) -t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 +t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 \ + $(GPG_ERROR_CFLAGS) t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS) -t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1 +t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1 \ + $(GPG_ERROR_CFLAGS) t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c t_dns_stuff_LDADD = $(t_common_ldadd) $(DNSLIBS) commit 3a1d142f9b71721a631cf2037665e9def60aa384 Author: Justus Winter Date: Tue Mar 1 14:51:35 2016 +0100 tools: Drop superfluous include. * tools/gpgtar.c: Do not include unused 'npth.h'. Signed-off-by: Justus Winter diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 46d06bd..416f514 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -29,7 +29,6 @@ #include #include #include -#include #include #include #include ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 6 ++++-- tools/gpgtar.c | 1 - 2 files changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 2 17:03:25 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 02 Mar 2016 17:03:25 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.29-22-g3e1b451 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 3e1b451c5d330b81561436a600bdaa9fbacc1ba1 (commit) from eb7806d63df63663170ba86f0673caa34b944c28 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3e1b451c5d330b81561436a600bdaa9fbacc1ba1 Author: Justus Winter Date: Wed Mar 2 16:41:04 2016 +0100 agent: Do not remove the ssh socket. * agent/gpg-agent.c (create_server_socket): Also inhibit the removal of the ssh socket if another agent process is already running. GnuPG modern is not affected. GnuPG-bug-id: 2258 Signed-off-by: Justus Winter diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 479f918..3b4a181 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1586,6 +1586,8 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) log_error (_("a gpg-agent is already running - " "not starting a new one\n")); *name = 0; /* Inhibit removal of the socket by cleanup(). */ + if (opt.ssh_support) + *socket_name_ssh = 0; /* Likewise for the ssh socket. */ assuan_sock_close (fd); agent_exit (2); } ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 2 17:39:39 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 02 Mar 2016 17:39:39 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-77-g50995d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 50995d26083576ebee064136c13a4ee74cbadca7 (commit) via e77c85577d1bdd77ad3b81907145fd68f2653c01 (commit) from 9a1778abcae0a7afe33be8e02b6d9a909463cd54 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 50995d26083576ebee064136c13a4ee74cbadca7 Author: Justus Winter Date: Wed Mar 2 14:27:30 2016 +0100 common: Update README. -- Signed-off-by: Justus Winter diff --git a/common/README b/common/README index a90224b..73799a8 100644 --- a/common/README +++ b/common/README @@ -1,11 +1 @@ -Stuff used by several modules of GnuPG. - -These directories use it: - -gpg -sm -agent - -These directories don't use it: - -kbx \ No newline at end of file +Common functionality used by all modules of GnuPG. commit e77c85577d1bdd77ad3b81907145fd68f2653c01 Author: Justus Winter Date: Wed Mar 2 14:14:33 2016 +0100 common: Consolidate Assuan server argument handling. * common/Makefile.am (common_sources): Add new files. * common/server-help.c: New file. * common/server-help.h: Likewise. * agent/command.c: Drop argument handling primitives in favor of using the consolidated ones. * dirmngr/server.c: Likewise. * g10/server.c: Likewise. * g13/server.c: Likewise. * scd/command.c: Likewise. * sm/server.c: Likewise. Signed-off-by: Justus Winter diff --git a/agent/command.c b/agent/command.c index 421df00..dfe292d 100644 --- a/agent/command.c +++ b/agent/command.c @@ -41,6 +41,7 @@ #include "cvt-openpgp.h" #include "../common/ssh-utils.h" #include "../common/asshelp.h" +#include "../common/server-help.h" /* Maximum allowed size of the inquired ciphertext. */ @@ -229,86 +230,6 @@ reset_notify (assuan_context_t ctx, char *line) } -/* Skip over options in LINE. - - Blanks after the options are also removed. Options are indicated - by two leading dashes followed by a string consisting of non-space - characters. The special option "--" indicates an explicit end of - options; all what follows will not be considered an option. The - first no-option string also indicates the end of option parsing. */ -static char * -skip_options (const char *line) -{ - while (spacep (line)) - line++; - while ( *line == '-' && line[1] == '-' ) - { - while (*line && !spacep (line)) - line++; - while (spacep (line)) - line++; - } - return (char*)line; -} - - -/* Check whether the option NAME appears in LINE. An example for a - line with options is: - --algo=42 --data foo bar - This function would then only return true if NAME is "data". */ -static int -has_option (const char *line, const char *name) -{ - const char *s; - int n = strlen (name); - - s = strstr (line, name); - if (s && s >= skip_options (line)) - return 0; - return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); -} - - -/* Same as has_option but does only test for the name of the option - and ignores an argument, i.e. with NAME being "--hash" it would - return true for "--hash" as well as for "--hash=foo". */ -static int -has_option_name (const char *line, const char *name) -{ - const char *s; - int n = strlen (name); - - s = strstr (line, name); - if (s && s >= skip_options (line)) - return 0; - return (s && (s == line || spacep (s-1)) - && (!s[n] || spacep (s+n) || s[n] == '=')); -} - - -/* Return a pointer to the argument of the option with NAME. If such - an option is not given, NULL is retruned. */ -static char * -option_value (const char *line, const char *name) -{ - char *s; - int n = strlen (name); - - s = strstr (line, name); - if (s && s >= skip_options (line)) - return NULL; - if (s && (s == line || spacep (s-1)) - && s[n] && (spacep (s+n) || s[n] == '=')) - { - s += n + 1; - s += strspn (s, " "); - if (*s && !spacep(s)) - return s; - } - return NULL; -} - - /* Replace all '+' by a blank in the string S. */ static void plus_to_blank (char *s) diff --git a/common/Makefile.am b/common/Makefile.am index d09f0df..de6a4a8 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -88,7 +88,8 @@ common_sources = \ mkdir_p.c mkdir_p.h \ strlist.c strlist.h \ call-gpg.c call-gpg.h \ - exectool.c exectool.h + exectool.c exectool.h \ + server-help.c server-help.h if HAVE_W32_SYSTEM common_sources += w32-reg.c w32-afunix.c w32-afunix.h diff --git a/common/server-help.c b/common/server-help.c new file mode 100644 index 0000000..2a59dc6 --- /dev/null +++ b/common/server-help.c @@ -0,0 +1,137 @@ +/* server-help.h - Helper functions for writing Assuan servers. + * Copyright (C) 2003, 2009, 2010 g10 Code GmbH + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include + +#include "server-help.h" +#include "util.h" + +/* Skip over options in LINE. + + Blanks after the options are also removed. Options are indicated + by two leading dashes followed by a string consisting of non-space + characters. The special option "--" indicates an explicit end of + options; all what follows will not be considered an option. The + first no-option string also indicates the end of option parsing. */ +char * +skip_options (const char *line) +{ + while (spacep (line)) + line++; + while (*line == '-' && line[1] == '-') + { + while (*line && !spacep (line)) + line++; + while (spacep (line)) + line++; + } + return (char*) line; +} + + +/* Check whether the option NAME appears in LINE. */ +int +has_option (const char *line, const char *name) +{ + const char *s; + int n = strlen (name); + + s = strstr (line, name); + if (s && s >= skip_options (line)) + return 0; + return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); +} + + +/* Same as has_option but only considers options at the begin of the + line. This is useful for commands which allow arbitrary strings on + the line. */ +int +has_leading_option (const char *line, const char *name) +{ + const char *s; + int n; + + if (name[0] != '-' || name[1] != '-' || !name[2] || spacep (name+2)) + return 0; + n = strlen (name); + while ( *line == '-' && line[1] == '-' ) + { + s = line; + while (*line && !spacep (line)) + line++; + if (n == (line - s) && !strncmp (s, name, n)) + return 1; + while (spacep (line)) + line++; + } + return 0; +} + + +/* Same as has_option but does only test for the name of the option + and ignores an argument, i.e. with NAME being "--hash" it would + return a pointer for "--hash" as well as for "--hash=foo". If + there is no such option NULL is returned. The pointer returned + points right behind the option name, this may be an equal sign, Nul + or a space. */ +const char * +has_option_name (const char *line, const char *name) +{ + const char *s; + int n = strlen (name); + + s = strstr (line, name); + return (s && (s == line || spacep (s-1)) + && (!s[n] || spacep (s+n) || s[n] == '=')) ? (s+n) : NULL; +} + + +/* Return a pointer to the argument of the option with NAME. If such + an option is not given, NULL is returned. */ +char * +option_value (const char *line, const char *name) +{ + char *s; + int n = strlen (name); + + s = strstr (line, name); + if (s && s >= skip_options (line)) + return NULL; + if (s && (s == line || spacep (s-1)) + && s[n] && (spacep (s+n) || s[n] == '=')) + { + s += n + 1; + s += strspn (s, " "); + if (*s && !spacep(s)) + return s; + } + return NULL; +} diff --git a/common/server-help.h b/common/server-help.h new file mode 100644 index 0000000..6df9e2c --- /dev/null +++ b/common/server-help.h @@ -0,0 +1,62 @@ +/* server-help.h - Helper functions for writing Assuan servers. + * Copyright (C) 2003, 2009, 2010 g10 Code GmbH + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GNUPG_COMMON_SERVER_HELP_H +#define GNUPG_COMMON_SERVER_HELP_H + +/* Skip over options in LINE. + + Blanks after the options are also removed. Options are indicated + by two leading dashes followed by a string consisting of non-space + characters. The special option "--" indicates an explicit end of + options; all what follows will not be considered an option. The + first no-option string also indicates the end of option parsing. */ +char *skip_options (const char *line); + +/* Check whether the option NAME appears in LINE. */ +int has_option (const char *line, const char *name); + +/* Same as has_option but only considers options at the begin of the + line. This is useful for commands which allow arbitrary strings on + the line. */ +int has_leading_option (const char *line, const char *name); + +/* Same as has_option but does only test for the name of the option + and ignores an argument, i.e. with NAME being "--hash" it would + return a pointer for "--hash" as well as for "--hash=foo". If + there is no such option NULL is returned. The pointer returned + points right behind the option name, this may be an equal sign, Nul + or a space. */ +const char *has_option_name (const char *line, const char *name); + +/* Return a pointer to the argument of the option with NAME. If such + an option is not given, NULL is returned. */ +char *option_value (const char *line, const char *name); + +#endif /* GNUPG_COMMON_SERVER_HELP_H */ diff --git a/dirmngr/server.c b/dirmngr/server.c index 0794509..b976468 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -53,6 +53,7 @@ #include "dns-stuff.h" #include "mbox-util.h" #include "zb32.h" +#include "server-help.h" /* To avoid DoS attacks we limit the size of a certificate to something reasonable. The DoS was actually only an issue back when @@ -273,78 +274,6 @@ strcpy_escaped_plus (char *d, const unsigned char *s) } -/* Check whether the option NAME appears in LINE */ -static int -has_option (const char *line, const char *name) -{ - const char *s; - int n = strlen (name); - - s = strstr (line, name); - return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); -} - -/* Same as has_option but only considers options at the begin of the - line. This is useful for commands which allow arbitrary strings on - the line. */ -static int -has_leading_option (const char *line, const char *name) -{ - const char *s; - int n; - - if (name[0] != '-' || name[1] != '-' || !name[2] || spacep (name+2)) - return 0; - n = strlen (name); - while ( *line == '-' && line[1] == '-' ) - { - s = line; - while (*line && !spacep (line)) - line++; - if (n == (line - s) && !strncmp (s, name, n)) - return 1; - while (spacep (line)) - line++; - } - return 0; -} - - -/* Same as has_option but does only test for the name of the option - and ignores an argument, i.e. with NAME being "--hash" it would - return a pointer for "--hash" as well as for "--hash=foo". If - thhere is no such option NULL is returned. The pointer returned - points right behind the option name, this may be an equal sign, Nul - or a space. */ -/* static const char * */ -/* has_option_name (const char *line, const char *name) */ -/* { */ -/* const char *s; */ -/* int n = strlen (name); */ - -/* s = strstr (line, name); */ -/* return (s && (s == line || spacep (s-1)) */ -/* && (!s[n] || spacep (s+n) || s[n] == '=')) ? (s+n) : NULL; */ -/* } */ - - -/* Skip over options. It is assumed that leading spaces have been - removed (this is the case for lines passed to a handler from - assuan). Blanks after the options are also removed. */ -static char * -skip_options (char *line) -{ - while ( *line == '-' && line[1] == '-' ) - { - while (*line && !spacep (line)) - line++; - while (spacep (line)) - line++; - } - return line; -} - - /* This fucntion returns true if a Tor server is running. The sattus is cached for the current conenction. */ static int diff --git a/g10/server.c b/g10/server.c index 31e35a9..9ec263f 100644 --- a/g10/server.c +++ b/g10/server.c @@ -32,6 +32,7 @@ #include "util.h" #include "i18n.h" #include "options.h" +#include "../common/server-help.h" #include "../common/sysutils.h" #include "status.h" @@ -68,40 +69,6 @@ close_message_fd (ctrl_t ctrl) } } - -/* Skip over options. Blanks after the options are also removed. */ -static char * -skip_options (const char *line) -{ - while (spacep (line)) - line++; - while ( *line == '-' && line[1] == '-' ) - { - while (*line && !spacep (line)) - line++; - while (spacep (line)) - line++; - } - return (char*)line; -} - - -/* Check whether the option NAME appears in LINE. */ -static int -has_option (const char *line, const char *name) -{ - const char *s; - int n = strlen (name); - - s = strstr (line, name); - if (s && s >= skip_options (line)) - return 0; - return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); -} - - - - /* Called by libassuan for Assuan options. See the Assuan manual for details. */ diff --git a/g13/server.c b/g13/server.c index 60a69bc..33885d6 100644 --- a/g13/server.c +++ b/g13/server.c @@ -33,7 +33,7 @@ #include "create.h" #include "mount.h" #include "suspend.h" - +#include "../common/server-help.h" /* The filepointer for status message used in non-server mode */ static FILE *statusfp; @@ -65,37 +65,6 @@ static int command_has_option (const char *cmd, const char *cmdopt); #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) -/* Skip over options. Blanks after the options are also removed. */ -static char * -skip_options (const char *line) -{ - while (spacep (line)) - line++; - while ( *line == '-' && line[1] == '-' ) - { - while (*line && !spacep (line)) - line++; - while (spacep (line)) - line++; - } - return (char*)line; -} - - -/* Check whether the option NAME appears in LINE. */ -/* static int */ -/* has_option (const char *line, const char *name) */ -/* { */ -/* const char *s; */ -/* int n = strlen (name); */ - -/* s = strstr (line, name); */ -/* if (s && s >= skip_options (line)) */ -/* return 0; */ -/* return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); */ -/* } */ - - /* Helper to print a message while leaving a command. */ static gpg_error_t leave_cmd (assuan_context_t ctx, gpg_error_t err) diff --git a/scd/command.c b/scd/command.c index ba830de..4e80d76 100644 --- a/scd/command.c +++ b/scd/command.c @@ -42,6 +42,7 @@ #include "ccid-driver.h" #endif #include "asshelp.h" +#include "server-help.h" /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */ #define MAXLEN_PIN 100 @@ -219,53 +220,6 @@ update_card_removed (int vrdr, int value) } -/* Check whether the option NAME appears in LINE. Returns 1 or 0. */ -static int -has_option (const char *line, const char *name) -{ - const char *s; - int n = strlen (name); - - s = strstr (line, name); - return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); -} - -/* Same as has_option but does only test for the name of the option - and ignores an argument, i.e. with NAME being "--hash" it would - return a pointer for "--hash" as well as for "--hash=foo". If - there is no such option NULL is returned. The pointer returned - points right behind the option name, this may be an equal sign, Nul - or a space. */ -static const char * -has_option_name (const char *line, const char *name) -{ - const char *s; - int n = strlen (name); - - s = strstr (line, name); - return (s && (s == line || spacep (s-1)) - && (!s[n] || spacep (s+n) || s[n] == '=')) ? (s+n) : NULL; -} - - -/* Skip over options. It is assumed that leading spaces have been - removed (this is the case for lines passed to a handler from - assuan). Blanks after the options are also removed. */ -static char * -skip_options (char *line) -{ - while ( *line == '-' && line[1] == '-' ) - { - while (*line && !spacep (line)) - line++; - while (spacep (line)) - line++; - } - return line; -} - - - /* Convert the STRING into a newly allocated buffer while translating the hex numbers. Stops at the first invalid character. Blanks and colons are allowed to separate the hex digits. Returns NULL on diff --git a/sm/server.c b/sm/server.c index e21c6a4..a43ff34 100644 --- a/sm/server.c +++ b/sm/server.c @@ -30,6 +30,7 @@ #include "gpgsm.h" #include #include "sysutils.h" +#include "server-help.h" #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) @@ -95,38 +96,6 @@ strcpy_escaped_plus (char *d, const char *s) } -/* Skip over options. - Blanks after the options are also removed. */ -static char * -skip_options (const char *line) -{ - while (spacep (line)) - line++; - while ( *line == '-' && line[1] == '-' ) - { - while (*line && !spacep (line)) - line++; - while (spacep (line)) - line++; - } - return (char*)line; -} - - -/* Check whether the option NAME appears in LINE */ -static int -has_option (const char *line, const char *name) -{ - const char *s; - int n = strlen (name); - - s = strstr (line, name); - if (s && s >= skip_options (line)) - return 0; - return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); -} - - /* A write handler used by es_fopencookie to write assuan data lines. */ static gpgrt_ssize_t ----------------------------------------------------------------------- Summary of changes: agent/command.c | 81 +----------------------------- common/Makefile.am | 3 +- common/README | 12 +---- common/server-help.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++ common/server-help.h | 62 +++++++++++++++++++++++ dirmngr/server.c | 73 +-------------------------- g10/server.c | 35 +------------ g13/server.c | 33 +------------ scd/command.c | 48 +----------------- sm/server.c | 33 +------------ 10 files changed, 208 insertions(+), 309 deletions(-) create mode 100644 common/server-help.c create mode 100644 common/server-help.h hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 2 18:01:59 2016 From: cvs at cvs.gnupg.org (by Uldis Anšmits) Date: Wed, 02 Mar 2016 18:01:59 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-78-g1cdb744 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1cdb744d91ab33563fc0b3156fb05694caa55278 (commit) from 50995d26083576ebee064136c13a4ee74cbadca7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1cdb744d91ab33563fc0b3156fb05694caa55278 Author: Uldis An?mits Date: Wed Mar 2 17:55:56 2016 +0100 tests/openpgp: Make tests more portable. * tests/openpgp/default-key.test: Avoid 'grep -q'. * tests/openpgp/gpgtar.test: Avoid 'grep -qe' and 'diff -q'. * tests/openpgp/use-exact-key.test: Avoid 'grep -q'. GnuPG-bug-id: 2262 Signed-off-by: Justus Winter diff --git a/tests/openpgp/default-key.test b/tests/openpgp/default-key.test index bfb84ac..567f38d 100755 --- a/tests/openpgp/default-key.test +++ b/tests/openpgp/default-key.test @@ -35,7 +35,7 @@ do info "Trying --default-key $x" if ! echo | $GPG --default-key "$x" -s | $GPG --verify --status-fd=1 \ - | grep -q 'VALIDSIG 5FBA84ACE02DCB17DA3DFF6BBCA43C441EA97479' + | grep 'VALIDSIG 5FBA84ACE02DCB17DA3DFF6BBCA43C441EA97479' >/dev/null then echo | $GPG --default-key "$x" -s | $GPG --verify --status-fd=2 error "Unexpected key used for signing (not the signing subkey, specified \"$x\")." @@ -59,7 +59,7 @@ do --default-key "$x" --encrypt-to-default-key \ -r 439F02CA -e \ | $GPG --list-packets \ - | grep -q "keyid[ ][A-F0-9]*45117079" + | grep "keyid[ ][A-F0-9]*45117079" >/dev/null then echo | $GPG --trust-model=always \ --default-key "$x" --encrypt-to-default-key \ diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test index e6290b0..d92eeb1 100755 --- a/tests/openpgp/gpgtar.test +++ b/tests/openpgp/gpgtar.test @@ -59,7 +59,7 @@ do_test() >"$FILELIST" for F in $TESTFILES do - grep -qe "\\b${F}\\b" "$FILELIST" + awk '{print $NF}' "$FILELIST" | grep "^${F}$" >/dev/null done $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $EXTRACT_FLAGS \ @@ -67,7 +67,7 @@ do_test() "${TESTDIR}/test.tar.pgp" for F in $TESTFILES do - diff -q "$F" "${TESTDIR}/$F" + cmp "$F" "${TESTDIR}/$F" done ) } diff --git a/tests/openpgp/use-exact-key.test b/tests/openpgp/use-exact-key.test index cbbd009..3745a2d 100755 --- a/tests/openpgp/use-exact-key.test +++ b/tests/openpgp/use-exact-key.test @@ -32,7 +32,7 @@ fi for x in 8BC90111 3E880CFF F5F77B83 45117079 1EA97479 do if ! echo | $GPG -s -u "$x" | $GPG --verify --status-fd=1 \ - | grep -q 'VALIDSIG 5FBA84ACE02DCB17DA3DFF6BBCA43C441EA97479' + | grep 'VALIDSIG 5FBA84ACE02DCB17DA3DFF6BBCA43C441EA97479' >/dev/null then echo | $GPG -s -u "$x" | $GPG --verify --status-fd=2 error "Unexpected key used for signing (not the signing subkey, specified \"$x\")." @@ -44,7 +44,7 @@ done for x in 8BC90111 F5F77B83 1EA97479 do if ! echo | $GPG -s -u "$x!" | $GPG --verify --status-fd=1 \ - | grep -q "VALIDSIG [0-9A-F]*$x " + | grep "VALIDSIG [0-9A-F]*$x " >/dev/null then echo | $GPG -s -u "$x!" | $GPG --verify --status-fd=2 error "Unexpected key used for signing (specified: \"$x!\")." ----------------------------------------------------------------------- Summary of changes: tests/openpgp/default-key.test | 4 ++-- tests/openpgp/gpgtar.test | 4 ++-- tests/openpgp/use-exact-key.test | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 2 18:56:55 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 02 Mar 2016 18:56:55 +0100 Subject: [git] GPGME - branch, gpgmepp, updated. gpgme-1.6.0-22-ga06603d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, gpgmepp has been updated via a06603d75e80aba58df58f9a41770c56b6a1f0b8 (commit) via 77c3fb450c7adf36804a55d76ff49a06a71d22a0 (commit) via 98e5b672422ca1e38ca38ff0357cee6cc936aee0 (commit) via c5291a88913ace8f2115021b69c7aeb59b4f79d4 (commit) via a313b3e28cc42785365822519b25d6a87dfdf0c9 (commit) from 7286fc7f3d51d475f82c7c9821d031290f5b0066 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a06603d75e80aba58df58f9a41770c56b6a1f0b8 Author: Andre Heinecke Date: Wed Mar 2 18:56:12 2016 +0100 Add version info for gpgmepp * lang/cpp/src/Makefile.am (libgpgmepp_la_LDFLAGS): Add version info. diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index a06684e..a9b7ef4 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -59,6 +59,8 @@ libgpgmepp_la_SOURCES = $(main_sources) $(gpgmepp_headers) context_vanilla.cpp \ AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ @LIBASSUAN_CFLAGS@ -DBUILDING_GPGMEPP libgpgmepp_la_LIBADD = ../../../src/libgpgme.la @LIBASSUAN_LIBS@ +libgpgmepp_la_LDFLAGS = -version-info \ + @LIBGPGMEPP_LT_CURRENT@:@LIBGPGMEPP_LT_REVISION@:@LIBGPGMEPP_LT_AGE@ GpgmeppConfig.cmake: GpgmeppConfig.cmake.in sed -e 's|[@]resolved_libdir@|$(libdir)|g' < "$<" > "$@" commit 77c3fb450c7adf36804a55d76ff49a06a71d22a0 Author: Andre Heinecke Date: Wed Mar 2 18:41:42 2016 +0100 Add cmake configuration files * configure.ac: Add libgpgmepp version. Configure cmake files. * lang/cpp/src/Makefile.am: Add targets for cmake files. (EXTRA_DIST): Add cmake files. -- This should smooth the transition for downstream users that have worked with KF5::Gpgmepp previously. diff --git a/configure.ac b/configure.ac index fc5f99e..5aad9f4 100644 --- a/configure.ac +++ b/configure.ac @@ -61,6 +61,10 @@ LIBGPGME_LT_CURRENT=25 LIBGPGME_LT_AGE=14 LIBGPGME_LT_REVISION=0 +LIBGPGMEPP_LT_CURRENT=3 +LIBGPGMEPP_LT_AGE=0 +LIBGPGMEPP_LT_REVISION=0 + # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 ############################################## @@ -104,6 +108,9 @@ AC_CHECK_PROGS(GITLOG_TO_CHANGELOG, gitlog-to-changelog, [gitlog-to-changelog]) AC_SUBST(LIBGPGME_LT_CURRENT) AC_SUBST(LIBGPGME_LT_AGE) AC_SUBST(LIBGPGME_LT_REVISION) +AC_SUBST(LIBGPGMEPP_LT_CURRENT) +AC_SUBST(LIBGPGMEPP_LT_AGE) +AC_SUBST(LIBGPGMEPP_LT_REVISION) AC_SUBST(PACKAGE) AC_SUBST(VERSION) @@ -653,6 +660,8 @@ AC_CONFIG_FILES(Makefile src/Makefile src/gpgme.h) AC_CONFIG_FILES(src/gpgme-config, chmod +x src/gpgme-config) AC_CONFIG_FILES(lang/cpp/Makefile lang/cpp/src/Makefile) +AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfig.cmake.in) +AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfigVersion.cmake) AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd]) AC_OUTPUT diff --git a/lang/cpp/src/GpgmeppConfig.cmake.in.in b/lang/cpp/src/GpgmeppConfig.cmake.in.in new file mode 100644 index 0000000..4b5b905 --- /dev/null +++ b/lang/cpp/src/GpgmeppConfig.cmake.in.in @@ -0,0 +1,115 @@ +# CMake Config file for GPGMEPP. +# Copyright (C) 2016 Intevation GmbH +# +# This file is part of GPGMEPP. +# +# GPGME-CL is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME-CL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA + +# based on a generated file from cmake. +# Generated by CMake 3.0.2 + +if("${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION}" LESS 2.5) + message(FATAL_ERROR "CMake >= 2.6.0 required") +endif() +cmake_policy(PUSH) +cmake_policy(VERSION 2.6) +#---------------------------------------------------------------- +# Generated CMake target import file. +#---------------------------------------------------------------- + +# Commands may need to know the format version. +set(CMAKE_IMPORT_FILE_VERSION 1) + +# Protect against multiple inclusion, which would fail when already imported targets are added once more. +set(_targetsDefined) +set(_targetsNotDefined) +set(_expectedTargets) +foreach(_expectedTarget KF5::Gpgmepp KF5::QGpgme) + list(APPEND _expectedTargets ${_expectedTarget}) + if(NOT TARGET ${_expectedTarget}) + list(APPEND _targetsNotDefined ${_expectedTarget}) + endif() + if(TARGET ${_expectedTarget}) + list(APPEND _targetsDefined ${_expectedTarget}) + endif() +endforeach() +if("${_targetsDefined}" STREQUAL "${_expectedTargets}") + set(CMAKE_IMPORT_FILE_VERSION) + cmake_policy(POP) + return() +endif() +if(NOT "${_targetsDefined}" STREQUAL "") + message(FATAL_ERROR "Some (but not all) targets in this export set were already defined.\nTargets Defined: ${_targetsDefined}\nTargets not yet defined: ${_targetsNotDefined}\n") +endif() +unset(_targetsDefined) +unset(_targetsNotDefined) +unset(_expectedTargets) + +# Compute the installation prefix relative to this file. +get_filename_component(_IMPORT_PREFIX "${CMAKE_CURRENT_LIST_FILE}" PATH) +get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) +get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) +get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) + +# Create imported target Gpgmepp +add_library(Gpgmepp SHARED IMPORTED) + +set_target_properties(Gpgmepp PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/gpgme++" + INTERFACE_LINK_LIBRARIES "@libdir@/libgpgme.dll.a;@LIBASSUAN_LIBS@;@GPG_ERROR_LIBS@" +) + +# Create imported target QGpgme +#add_library(QGpgme SHARED IMPORTED) + +#set_target_properties(KF5::QGpgme PROPERTIES +# INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/qgpgme" + # INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX} TODO" +# INTERFACE_LINK_LIBRARIES "Qt5::Core" +#) + +if(CMAKE_VERSION VERSION_LESS 2.8.12) + message(FATAL_ERROR "This file relies on consumers using CMake 2.8.12 or greater.") +endif() + +# Cleanup temporary variables. +set(_IMPORT_PREFIX) + +# Loop over all imported files and verify that they actually exist +foreach(target ${_IMPORT_CHECK_TARGETS} ) + foreach(file ${_IMPORT_CHECK_FILES_FOR_${target}} ) + if(NOT EXISTS "${file}" ) + message(FATAL_ERROR "The imported target \"${target}\" references the file + \"${file}\" +but this file does not exist. Possible reasons include: +* The file was deleted, renamed, or moved to another location. +* An install or uninstall procedure did not complete successfully. +* The installation package was faulty and contained + \"${CMAKE_CURRENT_LIST_FILE}\" +but not all the files it references. +") + endif() + endforeach() + unset(_IMPORT_CHECK_FILES_FOR_${target}) +endforeach() +unset(_IMPORT_CHECK_TARGETS) + +# This file does not depend on other imported targets which have +# been exported from the same project but in a separate export set. + +# Commands beyond this point should not need to know the version. +set(CMAKE_IMPORT_FILE_VERSION) +cmake_policy(POP) diff --git a/lang/cpp/src/GpgmeppConfigVersion.cmake.in b/lang/cpp/src/GpgmeppConfigVersion.cmake.in new file mode 100644 index 0000000..43d6512 --- /dev/null +++ b/lang/cpp/src/GpgmeppConfigVersion.cmake.in @@ -0,0 +1,31 @@ +# CMake Version file for GPGMEPP. +# Copyright (C) 2016 Intevation GmbH +# +# This file is part of GPGMEPP. +# +# GPGME-CL is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME-CL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA + +# based on a generated file from cmake. +set(PACKAGE_VERSION "@LIBGPGMEPP_LT_CURRENT at .@LIBGPGMEPP_LT_AGE at .@LIBGPGMEPP_LT_REVISION at .@BUILD_REVISION@") + +if("${PACKAGE_VERSION}" VERSION_LESS "${PACKAGE_FIND_VERSION}" ) + set(PACKAGE_VERSION_COMPATIBLE FALSE) +else() + set(PACKAGE_VERSION_COMPATIBLE TRUE) + if( "${PACKAGE_FIND_VERSION}" STREQUAL "${PACKAGE_VERSION}") + set(PACKAGE_VERSION_EXACT TRUE) + endif() +endif() diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index 0d6e4c1..a06684e 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -18,6 +18,8 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA +EXTRA_DIST = GpgmeppConfig.cmake.in.in GpgmeConfigVersion.cmake.in + lib_LTLIBRARIES = libgpgmepp.la main_sources = \ @@ -57,3 +59,22 @@ libgpgmepp_la_SOURCES = $(main_sources) $(gpgmepp_headers) context_vanilla.cpp \ AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ @LIBASSUAN_CFLAGS@ -DBUILDING_GPGMEPP libgpgmepp_la_LIBADD = ../../../src/libgpgme.la @LIBASSUAN_LIBS@ + +GpgmeppConfig.cmake: GpgmeppConfig.cmake.in + sed -e 's|[@]resolved_libdir@|$(libdir)|g' < "$<" > "$@" + +install-cmake-files: GpgmeppConfig.cmake GpgmeppConfigVersion.cmake + -$(INSTALL) -d $(DESTDIR)$(libdir)/cmake/Gpgmepp + $(INSTALL) GpgmeppConfig.cmake \ + $(DESTDIR)$(libdir)/cmake/Gpgmepp/GpgmeppConfig.cmake + $(INSTALL) GpgmeppConfigVersion.cmake \ + $(DESTDIR)$(libdir)/cmake/Gpgmepp/GpgmeppConfigVersion.cmake + +uninstall-cmake-files: + -rm $(DESTDIR)$(libdir)/cmake/Gpgmepp/GpgmeppConfigVersion.cmake + -rm $(DESTDIR)$(libdir)/cmake/Gpgmepp/GpgmeppConfig.cmake + -rmdir $(DESTDIR)$(libdir)/cmake/Gpgmepp/ + +install-data-local: install-cmake-files + +uninstall-local: uninstall-cmake-files commit 98e5b672422ca1e38ca38ff0357cee6cc936aee0 Author: Andre Heinecke Date: Wed Mar 2 16:24:09 2016 +0100 Fix export header and windows export macros * lang/cpp/src/gpgme_export.h: Fix variable name. Add Windows ifdefs. diff --git a/lang/cpp/src/gpgmepp_export.h b/lang/cpp/src/gpgmepp_export.h index 50a288d..c24bda0 100644 --- a/lang/cpp/src/gpgmepp_export.h +++ b/lang/cpp/src/gpgmepp_export.h @@ -7,17 +7,29 @@ # define GPGMEPP_NO_EXPORT #else # ifndef GPGMEPP_EXPORT -# ifdef KF5Gpgmepp_EXPORTS +# ifdef BUILDING_GPGMEPP /* We are building this library */ -# define GPGMEPP_EXPORT __attribute__((visibility("default"))) +# ifdef WIN32 +# define GPGMEPP_EXPORT __declspec(dllexport) +# else +# define GPGMEPP_EXPORT __attribute__((visibility("default"))) +# endif # else /* We are using this library */ -# define GPGMEPP_EXPORT __attribute__((visibility("default"))) +# ifdef WIN32 +# define GPGMEPP_EXPORT __declspec(dllimport) +# else +# define GPGMEPP_EXPORT __attribute__((visibility("default"))) +# endif # endif # endif # ifndef GPGMEPP_NO_EXPORT -# define GPGMEPP_NO_EXPORT __attribute__((visibility("hidden"))) +# ifdef WIN32 +# define GPGMEPP_NO_EXPORT +# else +# define GPGMEPP_NO_EXPORT __attribute__((visibility("hidden"))) +# endif # endif #endif commit c5291a88913ace8f2115021b69c7aeb59b4f79d4 Author: Andre Heinecke Date: Wed Mar 2 16:22:20 2016 +0100 Add header installation * lang/cpp/src/Makefile.am: Add headers as deps and install them. (AM_CPPFLAGS): Add BUILDING_GPGMEPP to be used in export macros. diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index 3b7a514..0d6e4c1 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -32,8 +32,28 @@ main_sources = \ scdgetinfoassuantransaction.cpp gpgagentgetinfoassuantransaction.cpp \ vfsmountresult.cpp configuration.cpp -libgpgmepp_la_SOURCES = $(main_sources) context_vanilla.cpp +gpgmepp_headers = \ + assuanresult.h configuration.h context.h data.h decryptionresult.h \ + defaultassuantransaction.h editinteractor.h encryptionresult.h \ + engineinfo.h error.h eventloopinteractor.h exception.h global.h \ + gpgadduserideditinteractor.h gpgagentgetinfoassuantransaction.h \ + gpgmefw.h gpgsetexpirytimeeditinteractor.h \ + gpgsetownertrusteditinteractor.h gpgsignkeyeditinteractor.h \ + importresult.h keygenerationresult.h key.h keylistresult.h \ + notation.h result.h scdgetinfoassuantransaction.h signingresult.h \ + trustitem.h verificationresult.h vfsmountresult.h gpgmepp_export.h -AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ @LIBASSUAN_CFLAGS@ +interface_headers= \ + interfaces/assuantransaction.h interfaces/dataprovider.h \ + interfaces/passphraseprovider.h interfaces/progressprovider.h + +gpgmeppincludedir = $(includedir)/gpgme++ +gpgmeppinclude_HEADERS = $(gpgmepp_headers) +nobase_gpgmeppinclude_HEADERS = $(interface_headers) + +libgpgmepp_la_SOURCES = $(main_sources) $(gpgmepp_headers) context_vanilla.cpp \ + $(interface_headers) + +AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ @LIBASSUAN_CFLAGS@ -DBUILDING_GPGMEPP libgpgmepp_la_LIBADD = ../../../src/libgpgme.la @LIBASSUAN_LIBS@ commit a313b3e28cc42785365822519b25d6a87dfdf0c9 Author: Andre Heinecke Date: Wed Mar 2 14:00:48 2016 +0100 Add enable-languages build option * acinclude.m4 (LIST_MEMBER): New macro. * configure.ac (enable-languages): New option. Add info output. * lang/Makefile.am: Only add enabled language subdirs. diff --git a/acinclude.m4 b/acinclude.m4 index cdfe6e4..575e526 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -58,3 +58,19 @@ AC_DEFUN([GNUPG_CHECK_VA_COPY], AC_MSG_RESULT($gnupg_cv_must_copy_va_byval) fi ]) + +dnl LIST_MEMBER() +dnl Check wether an element ist contained in a list. Set `found' to +dnl `1' if the element is found in the list, to `0' otherwise. +AC_DEFUN([LIST_MEMBER], +[ +name=$1 +list=$2 +found=0 + +for n in $list; do + if test "x$name" = "x$n"; then + found=1 + fi +done +]) diff --git a/configure.ac b/configure.ac index fb6fa73..fc5f99e 100644 --- a/configure.ac +++ b/configure.ac @@ -146,6 +146,8 @@ have_w32_system=no have_w64_system=no build_w32_glib=no build_w32_qt=no +available_languages="cpp cl" +default_languages="cpp cl" case "${host}" in x86_64-*mingw32*) have_w64_system=yes @@ -245,6 +247,24 @@ if test x$fixed_search_path != x ; then [Locate binaries only via this PATH]) fi +AC_ARG_ENABLE([languages], + AC_HELP_STRING([--enable-languages=languages], + [enable only specific language bindings]), + [enabled_languages=`echo $enableval | \ + tr ',:' ' ' | tr '[A-Z]' '[a-z]' | \ + sed 's/c++/cpp/'`], + [enabled_languages="$default_languages"]) +if test "x$enabled_languages" = "x" \ + -o "$enabled_languages" = "no"; then + enabled_languages= +fi +for language in $enabled_languages; do + LIST_MEMBER($language, $available_languages) + if test "$found" = "0"; then + AC_MSG_ERROR([unsupported language binding specified]) + fi +done +AC_SUBST(ENABLED_LANGUAGES, $enabled_languages) # # Provide information about the build. @@ -639,12 +659,14 @@ AC_OUTPUT echo " GPGME v${VERSION} has been configured as follows: - Revision: mym4_revision (mym4_revision_dec) - Platform: $host + Revision: mym4_revision (mym4_revision_dec) + Platform: $host + + UI Server: $uiserver + FD Passing: $use_descriptor_passing + GPGME Pthread: $have_pthread - UI Server: $uiserver - FD Passing: $use_descriptor_passing - GPGME Pthread: $have_pthread + Language bindings: $enabled_languages " if test "x${gpg_config_script_warn}" != x; then cat < src/GpgmeppConfigVersion.cmake.in} (63%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 2 21:11:28 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 02 Mar 2016 21:11:28 +0100 Subject: [git] gnupg-doc - branch, master, updated. a0b26faac64fb703100b3743e5bf53b00e1052a0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via a0b26faac64fb703100b3743e5bf53b00e1052a0 (commit) from 2c5e9e9e73098be7974ffee59a7ea5676dd35cb9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a0b26faac64fb703100b3743e5bf53b00e1052a0 Author: Neal H. Walfield Date: Wed Mar 2 21:11:24 2016 +0100 web: Fix some typos. * web/faq/whats-new-in-2.1.org: A few typo fixes. Reported-by: Bernhard Reiter diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index 410c88b..179b075 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -473,7 +473,7 @@ gpg-agent= to explicitly start it if not yet done. :END: A deficit of the OpenPGP protocol is that signatures carry only a -limited indication on which public has been used to create a +limited indication on which public key has been used to create a signature. Thus a verification engine may only use this ?long key id? to look up the the key in its own store or from a public keyserver. Unfortunately it has now become possible to create a key with a long @@ -526,8 +526,8 @@ table of all hosts from the pool along with the encountered aliveness state. Thus after a failure (timeout) of a request, /dirmngr/ flags a host as dead and randomly selects another one from the pool. After a few hours the flag is removed so that the host will be tried again. -It is also possible to mark a specif host from a pool explicitly as -dead so that it won?t be used in future. To interact with the +It is also possible to mark a specific host from a pool explicitly as +dead so that it won?t be used in the future. To interact with the /dirmngr/ the =gpg-connect-agent= tool is used: #+begin_example @@ -555,7 +555,7 @@ From its very beginning /gpgsm/ has used a different format to store public keys (certificates) which we call a /keybox/. That file format carries meta information about the stored keys and thus allows searching without actually parsing the key and computing fingerprints -and such. The /keybox/ format has been designed protocol independent +and such. The /keybox/ format has been designed to be protocol independent and with 2.1 support for OpenPGP keys has been added. Random access to the keys is now really fast and keyrings with 30000 keys and more are now easily possible. That change also enables us to easily ----------------------------------------------------------------------- Summary of changes: web/faq/whats-new-in-2.1.org | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 3 12:27:00 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 03 Mar 2016 12:27:00 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-87-ga883d4c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a883d4c0f8125e809c144ec69e76c9f522102d8f (commit) from d040628ddf2c09ddc9581ff365680a568ad24278 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a883d4c0f8125e809c144ec69e76c9f522102d8f Author: Justus Winter Date: Thu Mar 3 12:22:30 2016 +0100 tests/openpgp: Skip gpgtar test if it has not been built. * tests/openpgp/gpgtar.test: Check if executable exists. GnuPG-bug-id: 2261 Signed-off-by: Justus Winter diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test index d92eeb1..daba514 100755 --- a/tests/openpgp/gpgtar.test +++ b/tests/openpgp/gpgtar.test @@ -33,6 +33,12 @@ GPGARGS="$opt_always --no-permission-warning" GPGTAR="../../tools/gpgtar" GPGZIP="sh ../../tools/gpg-zip" +# Skip test if gpgtar has not been built. +if ! test -x "$GPGTAR" +then + exit 77 +fi + # Create, inspect, and extract an archive with the given options. # # $1 the tool to test ----------------------------------------------------------------------- Summary of changes: tests/openpgp/gpgtar.test | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 3 13:53:09 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 03 Mar 2016 13:53:09 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-88-g9f0ba50 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9f0ba5089e664447c36cee3d9249f95e4ea39957 (commit) from a883d4c0f8125e809c144ec69e76c9f522102d8f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9f0ba5089e664447c36cee3d9249f95e4ea39957 Author: Justus Winter Date: Thu Mar 3 13:47:42 2016 +0100 dirmngr: Add more missing CFLAGS. * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add 'GCRYPT_CFLAGS'. (t_dns_stuff_CFLAGS): Likewise. GnuPG-bug-id: 2235 Signed-off-by: Justus Winter diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 1e32990..cbc0090 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -141,11 +141,11 @@ t_ldap_parse_uri_SOURCES = \ http.c dns-stuff.c \ $(ldap_url) $(t_common_src) t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 \ - $(GPG_ERROR_CFLAGS) + $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS) t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1 \ - $(GPG_ERROR_CFLAGS) + $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c t_dns_stuff_LDADD = $(t_common_ldadd) $(DNSLIBS) ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 3 16:13:07 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 03 Mar 2016 16:13:07 +0100 Subject: [git] gnupg-doc - branch, master, updated. c7cb4008b36339bae3c357628c2b904a593bb11b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c7cb4008b36339bae3c357628c2b904a593bb11b (commit) from a0b26faac64fb703100b3743e5bf53b00e1052a0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c7cb4008b36339bae3c357628c2b904a593bb11b Author: Justus Winter Date: Thu Mar 3 16:10:57 2016 +0100 web/documentation: Avoid converting -- to ndash in manpage. * web/documentation/manpage.org: Avoid special-string-conversion. GnuPG-bug-id: 2272 Signed-off-by: Justus Winter diff --git a/web/documentation/manpage.org b/web/documentation/manpage.org index 1d29a42..a172b39 100644 --- a/web/documentation/manpage.org +++ b/web/documentation/manpage.org @@ -1,6 +1,7 @@ #+TITLE: GnuPG - gpg man page #+STARTUP: showall #+SETUPFILE: "../share/setup.inc" +#+OPTIONS: -:nil * gpg ----------------------------------------------------------------------- Summary of changes: web/documentation/manpage.org | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 4 00:53:24 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 04 Mar 2016 00:53:24 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.21-13-gf7a77c5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via f7a77c5c236ecec846de9be46703026f9b01008f (commit) via f9fc565129293f47cbfe4da48fcd6099e9ce5508 (commit) from 34b07146bbb0863436fc9381a84314b18bdfb807 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f7a77c5c236ecec846de9be46703026f9b01008f Author: NIIBE Yutaka Date: Fri Mar 4 08:23:27 2016 +0900 Fix detecting Solaris operating system. * src/gen-posix-lock-obj.c (USE_DOUBLE_FOR_ALIGNMENT): Check for the macro __sun. -- Signed-off-by: NIIBE Yutaka This fixes commit 5168b97 and 34b0714. Thanks to Ibraheem Saleh and Thomas Klausner for testing. Thanks to Tom G. Christensen for suggesting the fix with the useful link: https://sourceforge.net/p/predef/wiki/Home/ Thanks to Nelson H. F. Beebe to inform the tool: http://www.math.utah.edu/~beebe/cc-defs GnuPG-bug-id: 2144 diff --git a/src/gen-posix-lock-obj.c b/src/gen-posix-lock-obj.c index 5efc930..79b56de 100644 --- a/src/gen-posix-lock-obj.c +++ b/src/gen-posix-lock-obj.c @@ -43,7 +43,8 @@ #endif /* Special requirements for certain platforms. */ -#if defined(__solaris__) && !defined (__LP64__) && !defined(_LP64) +#if defined(__sun) && !defined (__LP64__) && !defined(_LP64) +/* Solaris on 32-bit architecture. */ # define USE_DOUBLE_FOR_ALIGNMENT 1 #else # define USE_DOUBLE_FOR_ALIGNMENT 0 commit f9fc565129293f47cbfe4da48fcd6099e9ce5508 Author: NIIBE Yutaka Date: Fri Mar 4 08:12:36 2016 +0900 For Solaris, add -lrt correctly. * configure.ac (LIB_SCHED_YIELD): Not avoiding defining LIB. -- This fixes commit 5168b97 for Solaris linking issue. It tried to add -lrt for build on Solaris for gpg-error, but it wrongly avoids adding it also to LIB, which actually is needed. Reported-by: Tom G. Christensen Thanks also to J?rn Clausen, who submitted a report to our BTS. GnuPG-bug-id: 1671 Signed-off-by: NIIBE Yutaka diff --git a/configure.ac b/configure.ac index 9882d02..6d25b51 100644 --- a/configure.ac +++ b/configure.ac @@ -408,18 +408,13 @@ config_libs="-lgpg-error" # # Check for other libraries (now only for -lrt). # -# Save and restore LIBS so e.g., -lrt, isn't added to it. Otherwise, *all* -# programs in the package would end up linked with that potentially-shared -# library, inducing unnecessary run-time overhead. LIB_SCHED_YIELD= AC_SUBST([LIB_SCHED_YIELD]) -gl_saved_libs=$LIBS AC_SEARCH_LIBS([sched_yield], [rt posix4], [if test "$ac_cv_search_sched_yield" != "none required"; then LIB_SCHED_YIELD=$ac_cv_search_sched_yield config_libs="$config_libs $LIB_SCHED_YIELD" fi]) -LIBS=$gl_saved_libs # # Prepare building of estream ----------------------------------------------------------------------- Summary of changes: configure.ac | 5 ----- src/gen-posix-lock-obj.c | 3 ++- 2 files changed, 2 insertions(+), 6 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 4 11:36:50 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 04 Mar 2016 11:36:50 +0100 Subject: [git] gnupg-doc - branch, master, updated. dd18760a714b2b75ddbd7e4ebdcfce8cc3822424 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via dd18760a714b2b75ddbd7e4ebdcfce8cc3822424 (commit) via 45a7f8b76d96a1e7a7c439b46ddb91795c8a024f (commit) from c7cb4008b36339bae3c357628c2b904a593bb11b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd18760a714b2b75ddbd7e4ebdcfce8cc3822424 Author: Justus Winter Date: Fri Mar 4 11:35:03 2016 +0100 web: Move yesteryears news from the index to the news page. Signed-off-by: Justus Winter diff --git a/web/index.org b/web/index.org index 6a34c8a..d82c540 100644 --- a/web/index.org +++ b/web/index.org @@ -76,69 +76,6 @@ Libgcrypt version 1.6.5 and an updated Windows installer for GnuPG A new version of the /modern/ branch of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000383.html][announcement mail]] for details. -** GnuPG 1.4.20 released (2015-12-20) - -18 years after the first GnuPG release version 1.4.20 has been -released today. This release from the /classic/ branch of GnuPG now -also rejects the insecure MD5 signatures created by PGP-2 (unless the -=--pgp2= option is used). [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000382.html][{more}]] - -** GnuPG 2.1.10 released (2015-12-04) - -A new version of the /modern/ branch of GnuPG has been released. The -main features of this release are support for [[https://en.wikipedia.org/wiki/Trust_on_first_use][TOFU]] and anonymous key -retrieval via [[https://www.torproject.org][Tor]]. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000381.html][announcement mail]] for details. - -** GnuPG 2.1.9 released (2015-10-09) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000380.html][announcement mail]] for details. - -** GnuPG 2.1.8 released (2015-09-10) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000379.html][announcement mail]] for details. - -** GPA 0.9.9 released (2015-09-09) - -A new version of [[file:related_software/gpa/index.org][GPA]], the graphical frontend for GnuPG, is now -available. This release fixes a couple of bugs and has been changed -to show the clipboard view on startup. [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000378.html][{more}]] - -** GnuPG 2.0.29 released (2015-09-08) - -GnuPG 2.0.29 is now available. This release fixes a couple of bugs; -users of GnuPG 2.0.x may want to update to this version. [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000376.html][{more}]] - -** Libgcrypt 1.6.4 released (2015-09-08) - -Libgcrypt version 1.6.4 has been released to fix a few minor bugs and -a crash on newer Windows versions. [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000375.html][{more}]] - -** Libassuan 2.3.0 released (2015-08-28) - -[[file:related_software/libassuan/index.org][Libassuan]] is a generic [[https://en.wikipedia.org/wiki/Inter-process_communication][IPC]] library used by GnuPG, GPGME, and a few -other packages. This release fixes two bugs and introduces new -support functions for the socket wrappers. See [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000374.html][here]] for details. - -** GPGME 1.6.0 and Libgpg-error 1.20 released (2015-08-26) - -GPGME 1.6.0 is now available. This release introduce a mode to export -sceret keys, improves the error return codes, and is prepared to make -use of the GnuPG 2.1 Windows installer. See this full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000372.html][announcement]]. -An update of Libgpg-error to fix a problem in Windows has also been -released; see this [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000373.html][announcement]]. - -** GnuPG 2.1.7 released (2015-08-11) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000371.html][announcement mail]] for details. - -** GnuPG 2.1.6 released (2015-07-01) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000370.html][announcement mail]] for details. - * A big Thanks to all supporters diff --git a/web/news.org b/web/news.org index b1229c5..0ece157 100644 --- a/web/news.org +++ b/web/news.org @@ -8,6 +8,69 @@ chronological order. News for the current year are found at the [[index][main page]]. +** GnuPG 1.4.20 released (2015-12-20) + +18 years after the first GnuPG release version 1.4.20 has been +released today. This release from the /classic/ branch of GnuPG now +also rejects the insecure MD5 signatures created by PGP-2 (unless the +=--pgp2= option is used). [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000382.html][{more}]] + +** GnuPG 2.1.10 released (2015-12-04) + +A new version of the /modern/ branch of GnuPG has been released. The +main features of this release are support for [[https://en.wikipedia.org/wiki/Trust_on_first_use][TOFU]] and anonymous key +retrieval via [[https://www.torproject.org][Tor]]. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000381.html][announcement mail]] for details. + +** GnuPG 2.1.9 released (2015-10-09) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000380.html][announcement mail]] for details. + +** GnuPG 2.1.8 released (2015-09-10) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000379.html][announcement mail]] for details. + +** GPA 0.9.9 released (2015-09-09) + +A new version of [[file:related_software/gpa/index.org][GPA]], the graphical frontend for GnuPG, is now +available. This release fixes a couple of bugs and has been changed +to show the clipboard view on startup. [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000378.html][{more}]] + +** GnuPG 2.0.29 released (2015-09-08) + +GnuPG 2.0.29 is now available. This release fixes a couple of bugs; +users of GnuPG 2.0.x may want to update to this version. [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000376.html][{more}]] + +** Libgcrypt 1.6.4 released (2015-09-08) + +Libgcrypt version 1.6.4 has been released to fix a few minor bugs and +a crash on newer Windows versions. [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000375.html][{more}]] + +** Libassuan 2.3.0 released (2015-08-28) + +[[file:related_software/libassuan/index.org][Libassuan]] is a generic [[https://en.wikipedia.org/wiki/Inter-process_communication][IPC]] library used by GnuPG, GPGME, and a few +other packages. This release fixes two bugs and introduces new +support functions for the socket wrappers. See [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000374.html][here]] for details. + +** GPGME 1.6.0 and Libgpg-error 1.20 released (2015-08-26) + +GPGME 1.6.0 is now available. This release introduce a mode to export +sceret keys, improves the error return codes, and is prepared to make +use of the GnuPG 2.1 Windows installer. See this full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000372.html][announcement]]. +An update of Libgpg-error to fix a problem in Windows has also been +released; see this [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000373.html][announcement]]. + +** GnuPG 2.1.7 released (2015-08-11) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000371.html][announcement mail]] for details. + +** GnuPG 2.1.6 released (2015-07-01) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000370.html][announcement mail]] for details. + ** GnuPG 2.1.5 released (2015-06-11) A new version of the /modern/ branch of GnuPG has been released. commit 45a7f8b76d96a1e7a7c439b46ddb91795c8a024f Author: Justus Winter Date: Fri Mar 4 11:31:29 2016 +0100 web: Fix release date on the index page. Signed-off-by: Justus Winter diff --git a/web/index.org b/web/index.org index 58fb660..6a34c8a 100644 --- a/web/index.org +++ b/web/index.org @@ -65,7 +65,7 @@ The latest release news:\\ # point or paste the [[news.en.rss][RSS file]] into your aggregator. -** Libgcrypt 1.6.5 released (2015-02-27) :important: +** Libgcrypt 1.6.5 released (2016-02-09) :important: Libgcrypt version 1.6.5 and an updated Windows installer for GnuPG 2.1.11 has been released to mitigate a new side-channel attack. ----------------------------------------------------------------------- Summary of changes: web/index.org | 65 +---------------------------------------------------------- web/news.org | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 64 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 4 12:33:42 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 04 Mar 2016 12:33:42 +0100 Subject: [git] gnupg-doc - branch, master, updated. bc82196b76af5148fd8ddc5c90ce0fdbf9080020 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via bc82196b76af5148fd8ddc5c90ce0fdbf9080020 (commit) from dd18760a714b2b75ddbd7e4ebdcfce8cc3822424 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bc82196b76af5148fd8ddc5c90ce0fdbf9080020 Author: Werner Koch Date: Fri Mar 4 12:25:07 2016 +0100 tools: Make append-to-donors IDN aware diff --git a/tools/append-to-donors.sh b/tools/append-to-donors.sh index 60ca80c..6ce4e6b 100755 --- a/tools/append-to-donors.sh +++ b/tools/append-to-donors.sh @@ -6,6 +6,10 @@ pgm="append-to-donors.sh" set -e +# We temporary need the next line due to an libgpg-error update +LD_LIBRARY_PATH=/usr/local/lib +export LD_LIBRARY_PATH + PATH=/usr/local/bin:$PATH SENDMAIL="/usr/sbin/sendmail" LC_ALL=C @@ -26,6 +30,17 @@ if [ ! -f "$donors" ]; then exit 1 fi +if [ x"$(idn --quiet wk at gnupg.org)" != x"wk at gnupg.org" ]; then + echo "$pgm: idn(1) tool not installed or not working" + exit 1 +fi +if [ x"$(mu-tool 2047 -c utf-8 '')" \ + != x"=?utf-8?Q??=" ]; then + echo "$pgm: mu-tool(1) tool not installed or not working" + exit 1 +fi + + if ! lockfile -l 7200 -r 2 $LOCKFILE; then echo "$pgm: another instance is still running" exit 0 @@ -59,9 +74,15 @@ send_thanks () { ineuro=" (about $(echo $euro| awk '{print int($0 + 0.5)}') EUR)" fi xamount="$(echo $amount| awk '{print int($0 + 0.5)}')" + if [ -n "$xmail" ]; then + xidnmail=$(CHARSET=UTF-8 idn --no-tld --quiet "$xmail") + else + xidnmail="" + fi + xqpmail=$(mu-tool 2047 -c utf-8 "$xmail") ( cat < This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 97e39cd0399d041e04abb88dcfa5b27348ec85c8 (commit) from bc82196b76af5148fd8ddc5c90ce0fdbf9080020 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 97e39cd0399d041e04abb88dcfa5b27348ec85c8 Author: Justus Winter Date: Fri Mar 4 12:43:55 2016 +0100 web/documentation: Fix markup in manpage.org. [=foo=] was incorrectly rendered. Signed-off-by: Justus Winter diff --git a/web/documentation/manpage.org b/web/documentation/manpage.org index a172b39..f50db6b 100644 --- a/web/documentation/manpage.org +++ b/web/documentation/manpage.org @@ -49,14 +49,14 @@ documents at https://www.gnupg.org/docs.html . - --store :: Store only (make a simple RFC1991 packet). -- --decrypt [=file=] :: Decrypt =file= (or stdin if no file is +- --decrypt [ =file= ] :: Decrypt =file= (or stdin if no file is specified) and write it to stdout (or the file specified with --output). If the decrypted file is signed, the signature is also verified. This command differs from the default operation, as it never writes to the filename which is included in the file and it rejects files which don't begin with an encrypted message. -- --verify [[=sigfile=] [=signed-files=]] :: Assume that =sigfile= is a +- --verify [[ =sigfile= ] [ =signed-files= ]] :: Assume that =sigfile= is a signature and verify it without generating any output. With no arguments, the signature packet is read from stdin (it may be a detached signature when not used in batch mode). If only a sigfile is @@ -67,25 +67,25 @@ documents at https://www.gnupg.org/docs.html . stdin). With more than 1 argument, the first should be a detached signature and the remaining files are the signed stuff. -- --verify-files [=files=] :: This is a special version of the --verify +- --verify-files [ =files= ] :: This is a special version of the --verify command which does not work with detached signatures. The command expects the files to bee verified either on the commandline or reads the filenames from stdin; each anem muts be on separate line. The command is intended for quick checking of many files. -- --list-keys [=names=], --list-public-keys [=names=] :: List all keys +- --list-keys [ =names= ], --list-public-keys [ =names= ] :: List all keys from the public keyrings, or just the ones given on the command line. -- --list-secret-keys [=names=] :: List all keys from the secret +- --list-secret-keys [ =names= ] :: List all keys from the secret keyrings, or just the ones given on the command line. -- --list-sigs [=names=] :: Same as --list-keys, but the signatures are +- --list-sigs [ =names= ] :: Same as --list-keys, but the signatures are listed too. -- --check-sigs [=names=] :: Same as --list-sigs, but the signatures are +- --check-sigs [ =names= ] :: Same as --list-sigs, but the signatures are verified. -- --fingerprint [=names=] :: List all keys with their fingerprints. +- --fingerprint [ =names= ] :: List all keys with their fingerprints. This is the same output as --list-keys but with the additional output of a line with the fingerprint. May also be combined with --list-sigs or --check-sigs. If this command is given twice, the fingerprints of @@ -197,28 +197,28 @@ documents at https://www.gnupg.org/docs.html . - --gen-revoke :: Generate a revocation certificate for the complete key. To revoke a subkey or a signature, use the --edit command. -- --export [=names=] :: Either export all keys from all keyrings +- --export [ =names= ] :: Either export all keys from all keyrings (default keyrings and those registered via option --keyring), or if at least one name is given, those of the given name. The new keyring is written to stdout or to the file given with option "output". Use together with --armor to mail those keys. -- --send-keys [=names=] :: Same as --export but sends the keys to a +- --send-keys [ =names= ] :: Same as --export but sends the keys to a keyserver. Option --keyserver must be used to give the name of this keyserver. Don't send your complete keyring to a keyserver - select only those keys which are new or changed by you. -- --export-all [=names=] :: Same as --export, but does also export keys +- --export-all [ =names= ] :: Same as --export, but does also export keys which are not compatible to OpenPGP. -- --export-secret-keys [=names=], --export-secret-subkeys - [=names=] :: Same as --export, but does export the secret keys. This +- --export-secret-keys [ =names= ], --export-secret-subkeys + [ =names= ] :: Same as --export, but does export the secret keys. This is normally not very useful and a security risk. the second form of the command has the special property to render the secret part of the primary key useless; this is a GNU extension to OpenPGP and other implementations can not be expected to successful import such a key. -- --import [=files=], --fast-import [=files=] :: Import/merge keys. +- --import [ =files= ], --fast-import [ =files= ] :: Import/merge keys. This adds the given keys to the keyring. The fast version does not build the trustdb; this can be done at any time with the command --update-trustdb. @@ -235,21 +235,21 @@ documents at https://www.gnupg.org/docs.html . - --export-ownertrust :: List the assigned ownertrust values in ASCII format for backup purposes -- --import-ownertrust [=files=] :: Update the trustdb with the +- --import-ownertrust [ =files= ] :: Update the trustdb with the ownertrust values stored in =files= (or stdin if not given); existing values will be overwritten. -- --print-md =algo= [=files=] :: Print message digest of algorithm ALGO +- --print-md =algo= [ =files= ] :: Print message digest of algorithm ALGO for all given files of stdin. If "*" is used for the algorithm, digests for all available algorithms are printed. -- --gen-random =0|1|2= [=count=] :: Emit COUNT random bytes of the +- --gen-random =0|1|2= [ =count= ] :: Emit COUNT random bytes of the given quality level. If count is not given or zero, an endless sequence of random bytes will be emitted. PLEASE, don't use this command unless you know what you are doing, it may remove precious entropy from the system! -- --gen-prime =mode= =bits= [=qbits=] :: Use the source, Luke :-). The +- --gen-prime =mode= =bits= [ =qbits= ] :: Use the source, Luke :-). The output format is still subject to change. - --version :: Print version information along with a list of supported @@ -729,10 +729,10 @@ was bad, and other error codes for fatal errors. - gpg --fingerprint =user_ID= :: show fingerprint -- gpg --verify =pgpfile=, gpg --verify =sigfile= [=files=] :: Verify +- gpg --verify =pgpfile=, gpg --verify =sigfile= [ =files= ] :: Verify the signature of the file but do not output the data. The second form is used for detached signatures, where =sigfile= is the detached - signature (either ASCII armored of binary) and [=files=] are the + signature (either ASCII armored of binary) and [ =files= ] are the signed data; if this is not given the name of the file holding the signed data is constructed by cutting off the extension (".asc" or ".sig") of =sigfile= or by asking the user for the filename. ----------------------------------------------------------------------- Summary of changes: web/documentation/manpage.org | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 4 14:33:38 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 04 Mar 2016 14:33:38 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-55-g6acc9b8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 6acc9b8274d2c0d39f23326040532aad518b2ad6 (commit) from e8460f3fb3450913462fe565b96b04585b94e7f3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6acc9b8274d2c0d39f23326040532aad518b2ad6 Author: Andre Heinecke Date: Fri Mar 4 14:33:12 2016 +0100 Unfuzz two strings in german translation * po/de.po: Unfuzz two strings. diff --git a/po/de.po b/po/de.po index de12f96..8b2078e 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: GpgOL 1.0.0\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" "POT-Creation-Date: 2016-03-04 14:31+0100\n" -"PO-Revision-Date: 2016-03-04 14:27+0100\n" +"PO-Revision-Date: 2016-03-04 14:33+0100\n" "Last-Translator: Andre Heinecke \n" "Language-Team: American English \n" "Language: en_US\n" @@ -448,14 +448,12 @@ msgid "Sign the message." msgstr "Die Nachricht signieren." #: src/gpgoladdin.cpp:658 -#, fuzzy msgid "Sign the message and all attachments before sending." -msgstr "Verschl?sselt die Nachricht und alle Anh?nge beim Mailversand." +msgstr "Verschl?sselt die Nachricht und alle Anh?nge beim Mailversand. " #: src/gpgoladdin.cpp:660 src/gpgoladdin.cpp:876 -#, fuzzy msgid "Open the settings dialog for GpgOL." -msgstr "Die Einstellungen von GpgOL ?ffnen." +msgstr "Die Einstellungen von GpgOL ?ffnen. " #: src/gpgoladdin.cpp:712 src/gpgoladdin.cpp:812 src/gpgoladdin.cpp:972 #: src/gpgoladdin.cpp:979 ----------------------------------------------------------------------- Summary of changes: po/de.po | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 4 15:47:42 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 04 Mar 2016 15:47:42 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-4-g30aa104 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 30aa1046afe9a745c918fc1311c1f598c91bf913 (commit) from 2f5bfa071ab5eaf86f64404bff448ca29cd0bdb6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 30aa1046afe9a745c918fc1311c1f598c91bf913 Author: Andre Heinecke Date: Fri Mar 4 15:44:26 2016 +0100 Qt: Fix Windows foreground window hacks for Qt5 * qt/pinentrydialog.cpp: Use Q_OS_WIN instead of Q_WS_WIN (SetForegroundWindowEx): Handle new Wid type with casts. -- Q_WS_WIN is no longer defined by Qt5 diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp index 81205ee..1b0d276 100644 --- a/qt/pinentrydialog.cpp +++ b/qt/pinentrydialog.cpp @@ -35,7 +35,7 @@ #include #include -#ifdef Q_WS_WIN +#ifdef Q_OS_WIN #include #endif @@ -51,7 +51,7 @@ does not always work (e.g. when the ForegroundWindow timeout has not expired. */ -#ifdef Q_WS_WIN +#ifdef Q_OS_WIN WINBOOL SetForegroundWindowEx( HWND hWnd ) { //Attach foreground window thread to our thread @@ -75,14 +75,14 @@ void raiseWindow( QWidget* w ) /* Maybe Qt will become agressive enough one day that * this is enough on windows too*/ w->raise(); -#ifdef Q_WS_WIN +#ifdef Q_OS_WIN /* In the meantime we do our own attention grabbing */ - if (!SetForegroundWindow (w->winId()) && - !SetForegroundWindowEx (w->winId())) { + if (!SetForegroundWindow ((HWND)w->winId()) && + !SetForegroundWindowEx ((HWND)w->winId())) { OutputDebugString("SetForegroundWindow (ex) failed"); /* Yet another fallback which will not work on some * versions and is not recommended by msdn */ - if (!ShowWindow (w->winId(), SW_SHOWNORMAL)) { + if (!ShowWindow ((HWND)w->winId(), SW_SHOWNORMAL)) { OutputDebugString ("ShowWindow failed."); } } ----------------------------------------------------------------------- Summary of changes: qt/pinentrydialog.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 4 16:16:25 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 04 Mar 2016 16:16:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-92-ge997552 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e997552161b2dd8aabf350adee14e208e1545aef (commit) via 1e4b7823008daea1a22a6f0f9b379fdec37a4cd4 (commit) via 40f6529ceeea806fc011135a9fa3a3590a9534ac (commit) via 8daf9a027f5b9ef31f9bf8a39a9a91739246e493 (commit) from 9f0ba5089e664447c36cee3d9249f95e4ea39957 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e997552161b2dd8aabf350adee14e208e1545aef Author: Justus Winter Date: Fri Mar 4 15:03:26 2016 +0100 build: Make libusb a hard requirement if the ccid driver is requested. * configure.ac: Print an error message and die if the internal ccid driver is requested but no suitable libusb is found. Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 7770894..003e509 100644 --- a/configure.ac +++ b/configure.ac @@ -111,7 +111,7 @@ use_exec=yes use_trust_models=yes use_tofu=yes card_support=yes -use_ccid_driver=yes +use_ccid_driver=auto dirmngr_auto_start=yes use_tls_library=no large_secmem=no @@ -782,7 +782,7 @@ AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no) # libusb allows us to use the integrated CCID smartcard reader driver. # # FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs. -if test "$use_ccid_driver" = yes ; then +if test "$use_ccid_driver" = auto || test "$use_ccid_driver" = yes; then case "${host}" in *-mingw32*) LIBUSB_LIBS= @@ -824,7 +824,9 @@ if test x"$LIBUSB_LIBS" != x ; then AC_MSG_RESULT([not found]) usb_incdir="" have_libusb=no - use_ccid_driver=no + if test "$use_ccid_driver" != yes; then + use_ccid_driver=no + fi LIBUSB_LIBS="" fi @@ -1857,6 +1859,17 @@ if test "$require_iconv" = yes; then fi fi +if test "$use_ccid_driver" = yes; then + if test "$have_libusb" != yes; then + die=yes + AC_MSG_NOTICE([[ +*** +*** You need libusb to build the internal ccid driver. Please +*** install a libusb suitable for your system. +***]]) + fi +fi + if test "$die" = "yes"; then AC_MSG_ERROR([[ *** commit 1e4b7823008daea1a22a6f0f9b379fdec37a4cd4 Author: Justus Winter Date: Fri Mar 4 13:33:04 2016 +0100 g10: Drop superfluous declaration. * g10/main.h (disable_core_dumps): Drop declaration. Signed-off-by: Justus Winter diff --git a/g10/main.h b/g10/main.h index 3687977..5b5947e 100644 --- a/g10/main.h +++ b/g10/main.h @@ -98,7 +98,6 @@ char *make_radix64_string( const byte *data, size_t len ); /*-- misc.c --*/ void trap_unaligned(void); -int disable_core_dumps(void); void register_secured_file (const char *fname); void unregister_secured_file (const char *fname); int is_secured_file (int fd); commit 40f6529ceeea806fc011135a9fa3a3590a9534ac Author: Justus Winter Date: Fri Mar 4 13:29:45 2016 +0100 g10: Guard code against errors. * g10/keygen.c (do_generate_keypair): Check for errors, in which case 'pri_psk' is NULL. Fixes-commit: bf9d1248 Signed-off-by: Justus Winter diff --git a/g10/keygen.c b/g10/keygen.c index 8f25fe9..1cf8648 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4077,14 +4077,15 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, { pri_psk = pub_root->next->pkt->pkt.public_key; assert (pri_psk); - } - /* Make sure a few fields are correctly set up before going further. */ - pri_psk->flags.primary = 1; - keyid_from_pk (pri_psk, NULL); - /* We don't use pk_keyid to get keyid, because it also asserts that - main_keyid is set! */ - keyid_copy (pri_psk->main_keyid, pri_psk->keyid); + /* Make sure a few fields are correctly set up before going + further. */ + pri_psk->flags.primary = 1; + keyid_from_pk (pri_psk, NULL); + /* We don't use pk_keyid to get keyid, because it also asserts + that main_keyid is set! */ + keyid_copy (pri_psk->main_keyid, pri_psk->keyid); + } if (!err && (revkey = get_parameter_revkey (para, pREVOKER))) err = write_direct_sig (pub_root, pri_psk, revkey, timestamp, cache_nonce); commit 8daf9a027f5b9ef31f9bf8a39a9a91739246e493 Author: Justus Winter Date: Fri Mar 4 13:09:11 2016 +0100 doc: Drop superfluous 'is'. -- Signed-off-by: Justus Winter diff --git a/doc/gpg.texi b/doc/gpg.texi index e1835cf..810f39d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -40,7 +40,7 @@ OpenPGP standard. @command{@gpgname} features complete key management and all bells and whistles you can expect from a decent OpenPGP implementation. -In contrast to the standalone command gpg from GnuPG 1.x, which is +In contrast to the standalone command gpg from GnuPG 1.x, which might be better suited for server and embedded platforms, the 2.x version is commonly installed under the name @command{gpg2} and targeted to the desktop as it requires several other modules to be ----------------------------------------------------------------------- Summary of changes: configure.ac | 19 ++++++++++++++++--- doc/gpg.texi | 2 +- g10/keygen.c | 15 ++++++++------- g10/main.h | 1 - 4 files changed, 25 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 7 12:20:33 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 07 Mar 2016 12:20:33 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-93-g7a32f87 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7a32f87cccddb40521bfdd4eb2d0dc9c88fb3fe5 (commit) from e997552161b2dd8aabf350adee14e208e1545aef (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7a32f87cccddb40521bfdd4eb2d0dc9c88fb3fe5 Author: NIIBE Yutaka Date: Mon Mar 7 20:12:38 2016 +0900 scd: Bug fix for a device with multiple interfaces. * scd/ccid-driver.c (scan_or_find_usb_device): Use IFC_NO when accessing interface information. -- Signed-off-by: NIIBE Yutaka diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 87cec32..e968b83 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1155,9 +1155,10 @@ scan_or_find_usb_device (int scan_mode, for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++) { - for (set_no=0; set_no < config->interface->num_altsetting; set_no++) + for (set_no=0; set_no < config->interface[ifc_no].num_altsetting; + set_no++) { - ifcdesc = (config->interface->altsetting + set_no); + ifcdesc = (config->interface[ifc_no].altsetting + set_no); /* The second condition is for older SCM SPR 532 who did not know about the assigned CCID class. The third condition does the same for a Cherry SmartTerminal ----------------------------------------------------------------------- Summary of changes: scd/ccid-driver.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 7 14:38:20 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 07 Mar 2016 14:38:20 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-94-ga68ca5a9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a68ca5a90457ac97eee4efd7fdea596d27c54697 (commit) from 7a32f87cccddb40521bfdd4eb2d0dc9c88fb3fe5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a68ca5a90457ac97eee4efd7fdea596d27c54697 Author: Justus Winter Date: Mon Mar 7 14:25:38 2016 +0100 kbx: Avoid undefined behavior. * kbx/keybox-file.c (_keybox_read_blob2): Cast to unsigned int before shifting. Signed-off-by: Justus Winter diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c index eaf7565..59dfe0c 100644 --- a/kbx/keybox-file.c +++ b/kbx/keybox-file.c @@ -77,7 +77,7 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted) return gpg_error_from_syserror (); } - imagelen = (c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4; + imagelen = ((unsigned int) c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4; if (imagelen < 5) return gpg_error (GPG_ERR_TOO_SHORT); ----------------------------------------------------------------------- Summary of changes: kbx/keybox-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 7 18:20:28 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 07 Mar 2016 18:20:28 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-96-geea139c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via eea139c56ef55081d8cd8df2a35ce507386e0f17 (commit) via 53ed98eda77ff2dcf390cebd0cec9f2665661863 (commit) from a68ca5a90457ac97eee4efd7fdea596d27c54697 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eea139c56ef55081d8cd8df2a35ce507386e0f17 Author: Justus Winter Date: Mon Mar 7 18:09:41 2016 +0100 sm: Implement pinentry loopback and reading passphrases from fd. * doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'. * sm/Makefile.am (gpgsm_SOURCES): Add new files * sm/call-agent.c (struct default_inq_parm_s): New definition. (start_agent): Pass in the pinentry mode. (default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries. Adapt all call sites to the new callback cookie. * sm/gpgsm.c (cmd_and_opt_values): Add new values. (opts): Add new options. (main): Handle new options. * sm/gpgsm.h (struct opt): Add field 'pinentry_mode'. * sm/passphrase.c: New file. * sm/passphrase.h: Likewise. GnuPG-bug-id: 1970 Signed-off-by: Justus Winter diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index dc57e4b..b585975 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -737,6 +737,34 @@ This is actually not a debugging option but only useful as such. It lets @command{gpgsm} ignore all notAfter dates, this is used by the regression tests. + at item --passphrase-fd @code{n} + at opindex passphrase-fd +Read the passphrase from file descriptor @code{n}. Only the first line +will be read from file descriptor @code{n}. If you use 0 for @code{n}, +the passphrase will be read from STDIN. This can only be used if only +one passphrase is supplied. + +Note that this passphrase is only used if the option @option{--batch} +has also been given. + + at item --pinentry-mode @code{mode} + at opindex pinentry-mode +Set the pinentry mode to @code{mode}. Allowed values for @code{mode} +are: + at table @asis + @item default + Use the default of the agent, which is @code{ask}. + @item ask + Force the use of the Pinentry. + @item cancel + Emulate use of Pinentry's cancel button. + @item error + Return a Pinentry error (``No Pinentry''). + @item loopback + Redirect Pinentry queries to the caller. Note that in contrast to + Pinentry the user is not prompted again if he enters a bad password. + at end table + @item --no-common-certs-import @opindex no-common-certs-import Suppress the import of common certificates on keybox creation. diff --git a/sm/Makefile.am b/sm/Makefile.am index 43e3598..11f86e9 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -54,7 +54,8 @@ gpgsm_SOURCES = \ certreqgen.c \ certreqgen-ui.c \ minip12.c minip12.h \ - qualified.c + qualified.c \ + passphrase.c passphrase.h common_libs = ../kbx/libkeybox509.a $(libcommon) diff --git a/sm/call-agent.c b/sm/call-agent.c index c7d4c5a..8c1c727 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -37,6 +37,8 @@ #include "asshelp.h" #include "keydb.h" /* fixme: Move this to import.c */ #include "membuf.h" +#include "shareddefs.h" +#include "passphrase.h" static assuan_context_t agent_ctx = NULL; @@ -74,6 +76,11 @@ struct import_key_parm_s size_t keylen; }; +struct default_inq_parm_s +{ + ctrl_t ctrl; + assuan_context_t ctx; +}; /* Print a warning if the server's version number is less than our @@ -151,6 +158,20 @@ start_agent (ctrl_t ctrl) agents. */ assuan_transact (agent_ctx, "OPTION allow-pinentry-notify", NULL, NULL, NULL, NULL, NULL, NULL); + + /* Pass on the pinentry mode. */ + if (opt.pinentry_mode) + { + char *tmp = xasprintf ("OPTION pinentry-mode=%s", + str_pinentry_mode (opt.pinentry_mode)); + rc = assuan_transact (agent_ctx, tmp, + NULL, NULL, NULL, NULL, NULL, NULL); + xfree (tmp); + if (rc) + log_error ("setting pinentry mode '%s' failed: %s\n", + str_pinentry_mode (opt.pinentry_mode), + gpg_strerror (rc)); + } } } @@ -163,14 +184,14 @@ start_agent (ctrl_t ctrl) return rc; } - /* This is the default inquiry callback. It mainly handles the Pinentry notifications. */ static gpg_error_t default_inq_cb (void *opaque, const char *line) { - gpg_error_t err; - ctrl_t ctrl = opaque; + gpg_error_t err = 0; + struct default_inq_parm_s *parm = opaque; + ctrl_t ctrl = parm->ctrl; if (has_leading_keyword (line, "PINENTRY_LAUNCHED")) { @@ -180,10 +201,18 @@ default_inq_cb (void *opaque, const char *line) "PINENTRY_LAUNCHED"); /* We do not pass errors to avoid breaking other code. */ } + else if ((has_leading_keyword (line, "PASSPHRASE") + || has_leading_keyword (line, "NEW_PASSPHRASE")) + && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK + && have_static_passphrase ()) + { + const char *s = get_static_passphrase (); + err = assuan_send_data (parm->ctx, s, strlen (s)); + } else log_error ("ignoring gpg-agent inquiry '%s'\n", line); - return 0; + return err; } @@ -200,6 +229,7 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc, char *p, line[ASSUAN_LINELENGTH]; membuf_t data; size_t len; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; *r_buf = NULL; rc = start_agent (ctrl); @@ -239,7 +269,7 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc, init_membuf (&data, 1024); rc = assuan_transact (agent_ctx, "PKSIGN", - put_membuf_cb, &data, default_inq_cb, ctrl, + put_membuf_cb, &data, default_inq_cb, &inq_parm, NULL, NULL); if (rc) { @@ -272,6 +302,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc, const char *hashopt; unsigned char *sigbuf; size_t sigbuflen; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; (void)desc; @@ -306,7 +337,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc, snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hashopt, keyid); line[DIM(line)-1] = 0; rc = assuan_transact (agent_ctx, line, - put_membuf_cb, &data, default_inq_cb, ctrl, + put_membuf_cb, &data, default_inq_cb, &inq_parm, NULL, NULL); if (rc) { @@ -356,7 +387,10 @@ inq_ciphertext_cb (void *opaque, const char *line) assuan_end_confidential (parm->ctx); } else - rc = default_inq_cb (parm->ctrl, line); + { + struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx }; + rc = default_inq_cb (&inq_parm, line); + } return rc; } @@ -476,7 +510,10 @@ inq_genkey_parms (void *opaque, const char *line) rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen); } else - rc = default_inq_cb (parm->ctrl, line); + { + struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx }; + rc = default_inq_cb (&inq_parm, line); + } return rc; } @@ -544,6 +581,7 @@ gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip, size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; *r_pubkey = NULL; rc = start_agent (ctrl); @@ -561,7 +599,7 @@ gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip, init_membuf (&data, 1024); rc = assuan_transact (agent_ctx, line, put_membuf_cb, &data, - default_inq_cb, ctrl, NULL, NULL); + default_inq_cb, &inq_parm, NULL, NULL); if (rc) { xfree (get_membuf (&data, &len)); @@ -631,6 +669,7 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno) { int rc; char *serialno = NULL; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; *r_serialno = NULL; rc = start_agent (ctrl); @@ -639,7 +678,7 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno) rc = assuan_transact (agent_ctx, "SCD SERIALNO", NULL, NULL, - default_inq_cb, ctrl, + default_inq_cb, &inq_parm, scd_serialno_status_cb, &serialno); if (!rc && !serialno) rc = gpg_error (GPG_ERR_INTERNAL); @@ -700,6 +739,7 @@ gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list) { int rc; strlist_t list = NULL; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; *r_list = NULL; rc = start_agent (ctrl); @@ -708,7 +748,7 @@ gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list) rc = assuan_transact (agent_ctx, "SCD LEARN --force", NULL, NULL, - default_inq_cb, ctrl, + default_inq_cb, &inq_parm, scd_keypairinfo_status_cb, &list); if (!rc && !list) rc = gpg_error (GPG_ERR_NO_DATA); @@ -797,6 +837,7 @@ gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert) int rc; char *fpr, *dn, *dnfmt; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; rc = start_agent (ctrl); if (rc) @@ -825,7 +866,7 @@ gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert) xfree (fpr); rc = assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, ctrl, NULL, NULL); + default_inq_cb, &inq_parm, NULL, NULL); return rc; } @@ -983,6 +1024,7 @@ gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc) { int rc; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; rc = start_agent (ctrl); if (rc) @@ -1005,7 +1047,7 @@ gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc) line[DIM(line)-1] = 0; rc = assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, ctrl, NULL, NULL); + default_inq_cb, &inq_parm, NULL, NULL); return rc; } @@ -1018,6 +1060,7 @@ gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc) { int rc; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; rc = start_agent (ctrl); if (rc) @@ -1027,7 +1070,7 @@ gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc) line[DIM(line)-1] = 0; rc = assuan_transact (agent_ctx, line, NULL, NULL, - default_inq_cb, ctrl, NULL, NULL); + default_inq_cb, &inq_parm, NULL, NULL); return rc; } @@ -1128,6 +1171,7 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat, char line[ASSUAN_LINELENGTH]; char *arg4 = NULL; membuf_t data; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; *r_passphrase = NULL; @@ -1146,7 +1190,7 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat, init_membuf_secure (&data, 64); err = assuan_transact (agent_ctx, line, put_membuf_cb, &data, - default_inq_cb, NULL, NULL, NULL); + default_inq_cb, &inq_parm, NULL, NULL); if (err) xfree (get_membuf (&data, NULL)); @@ -1174,6 +1218,7 @@ gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport, size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; *r_kek = NULL; err = start_agent (ctrl); @@ -1186,7 +1231,7 @@ gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport, init_membuf_secure (&data, 64); err = assuan_transact (agent_ctx, line, put_membuf_cb, &data, - default_inq_cb, ctrl, NULL, NULL); + default_inq_cb, &inq_parm, NULL, NULL); if (err) { xfree (get_membuf (&data, &len)); @@ -1217,7 +1262,10 @@ inq_import_key_parms (void *opaque, const char *line) assuan_end_confidential (parm->ctx); } else - err = default_inq_cb (parm->ctrl, line); + { + struct default_inq_parm_s inq_parm = { parm->ctrl, parm->ctx }; + err = default_inq_cb (&inq_parm, line); + } return err; } @@ -1259,6 +1307,7 @@ gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc, size_t len; unsigned char *buf; char line[ASSUAN_LINELENGTH]; + struct default_inq_parm_s inq_parm = { ctrl, agent_ctx }; *r_result = NULL; @@ -1280,7 +1329,7 @@ gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc, init_membuf_secure (&data, 1024); err = assuan_transact (agent_ctx, line, put_membuf_cb, &data, - default_inq_cb, ctrl, NULL, NULL); + default_inq_cb, &inq_parm, NULL, NULL); if (err) { xfree (get_membuf (&data, &len)); diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 364dd43..fc6d1c7 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -32,6 +32,8 @@ #include #include /* malloc hooks */ +#include "passphrase.h" +#include "../common/shareddefs.h" #include "../kbx/keybox.h" /* malloc hooks */ #include "i18n.h" #include "keydb.h" @@ -120,6 +122,8 @@ enum cmd_and_opt_values { oProtectToolProgram, oFakedSystemTime, + oPassphraseFD, + oPinentryMode, oAssumeArmor, oAssumeBase64, @@ -243,6 +247,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oP12Charset, "p12-charset", "@"), + ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"), + ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"), + ARGPARSE_s_n (oAssumeArmor, "assume-armor", N_("assume input is in PEM format")), ARGPARSE_s_n (oAssumeBase64, "assume-base64", @@ -910,7 +917,7 @@ main ( int argc, char **argv) estream_t auditfp = NULL; estream_t htmlauditfp = NULL; struct assuan_malloc_hooks malloc_hooks; - + int pwfd = -1; /*mtrace();*/ early_system_init (); @@ -1150,6 +1157,16 @@ main ( int argc, char **argv) opt.p12_charset = pargs.r.ret_str; break; + case oPassphraseFD: + pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0); + break; + + case oPinentryMode: + opt.pinentry_mode = parse_pinentry_mode (pargs.r.ret_str); + if (opt.pinentry_mode == -1) + log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str); + break; + /* Input encoding selection. */ case oAssumeArmor: ctrl.autodetect_encoding = 0; @@ -1458,6 +1475,9 @@ main ( int argc, char **argv) if (log_get_errorcount(0)) gpgsm_exit(2); + if (pwfd != -1) /* Read the passphrase now. */ + read_passphrase_from_fd (pwfd); + /* Now that we have the options parsed we need to update the default control structure. */ gpgsm_init_default_ctrl (&ctrl); diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 44b4798..5aad4b1 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -84,6 +84,8 @@ struct int with_keygrip; /* Option --with-keygrip active. */ + int pinentry_mode; + int armor; /* force base64 armoring (see also ctrl.with_base64) */ int no_armor; /* don't try to figure out whether data is base64 armored*/ diff --git a/sm/passphrase.c b/sm/passphrase.c new file mode 100644 index 0000000..6ad2b0a --- /dev/null +++ b/sm/passphrase.c @@ -0,0 +1,90 @@ +/* passphrase.c - Get a passphrase + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, + * 2005, 2006, 2007, 2009, 2011 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include + +#include "passphrase.h" +#include "gpgsm.h" +#include "../common/shareddefs.h" +#include "../common/ttyio.h" + +static char *fd_passwd = NULL; + +int +have_static_passphrase () +{ + return (!!fd_passwd + && (opt.batch || opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)); +} + +/* Return a static passphrase. The returned value is only valid as + long as no other passphrase related function is called. NULL may + be returned if no passphrase has been set; better use + have_static_passphrase first. */ +const char * +get_static_passphrase (void) +{ + return fd_passwd; +} + +void +read_passphrase_from_fd (int fd) +{ + int i, len; + char *pw; + + if (!opt.batch && opt.pinentry_mode != PINENTRY_MODE_LOOPBACK) + { /* Not used but we have to do a dummy read, so that it won't end + up at the begin of the message if the quite usual trick to + prepend the passphtrase to the message is used. */ + char buf[1]; + + while (!(read (fd, buf, 1) != 1 || *buf == '\n')) + ; + *buf = 0; + return; + } + + for (pw = NULL, i = len = 100; ; i++) + { + if (i >= len-1) + { + char *pw2 = pw; + len += 100; + pw = xmalloc_secure (len); + if (pw2) + { + memcpy (pw, pw2, i); + xfree (pw2); + } + else + i = 0; + } + if (read (fd, pw+i, 1) != 1 || pw[i] == '\n') + break; + } + pw[i] = 0; + if (!opt.batch && opt.pinentry_mode != PINENTRY_MODE_LOOPBACK) + tty_printf("\b\b\b \n" ); + + xfree (fd_passwd); + fd_passwd = pw; +} diff --git a/sm/passphrase.h b/sm/passphrase.h new file mode 100644 index 0000000..3401a0b --- /dev/null +++ b/sm/passphrase.h @@ -0,0 +1,27 @@ +/* passphrase.h - Get a passphrase + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GPGSM_PASSPHRASE_H +#define GPGSM_PASSPHRASE_H + +int have_static_passphrase (void); +const char *get_static_passphrase (void); +void read_passphrase_from_fd (int fd); + +#endif /* GPGSM_PASSPHRASE_H */ commit 53ed98eda77ff2dcf390cebd0cec9f2665661863 Author: Justus Winter Date: Mon Mar 7 13:32:35 2016 +0100 sm: Remove unused argument '--fixed-passphrase'. * doc/gpgsm.texi: Drop description. * sm/gpgsm.c (cmd_and_opt_values): Drop enum value. (opts): Drop argument. (main): Drop argument handling. * sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'. Signed-off-by: Justus Winter diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 2bcbec5..dc57e4b 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -737,12 +737,6 @@ This is actually not a debugging option but only useful as such. It lets @command{gpgsm} ignore all notAfter dates, this is used by the regression tests. - at item --fixed-passphrase @var{string} - at opindex fixed-passphrase -Supply the passphrase @var{string} to the gpg-protect-tool. This -option is only useful for the regression tests included with this -package and may be revised or removed at any time without notice. - @item --no-common-certs-import @opindex no-common-certs-import Suppress the import of common certificates on keybox creation. diff --git a/sm/gpgsm.c b/sm/gpgsm.c index a0b7038..364dd43 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -99,7 +99,6 @@ enum cmd_and_opt_values { oDebugAllowCoreDump, oDebugNoChainValidation, oDebugIgnoreExpiration, - oFixedPassphrase, oLogFile, oNoLogFile, oAuditLog, @@ -332,7 +331,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"), ARGPARSE_s_n (oDebugNoChainValidation, "debug-no-chain-validation", "@"), ARGPARSE_s_n (oDebugIgnoreExpiration, "debug-ignore-expiration", "@"), - ARGPARSE_s_s (oFixedPassphrase, "fixed-passphrase", "@"), ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")), @@ -1264,7 +1262,6 @@ main ( int argc, char **argv) break; case oDebugNoChainValidation: opt.no_chain_validation = 1; break; case oDebugIgnoreExpiration: opt.ignore_expiration = 1; break; - case oFixedPassphrase: opt.fixed_passphrase = pargs.r.ret_str; break; case oStatusFD: ctrl.status_fd = pargs.r.ret_int; break; case oLoggerFD: log_set_fd (pargs.r.ret_int ); break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 30e4fb3..44b4798 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -125,7 +125,6 @@ struct int no_policy_check; /* ignore certificate policies */ int no_chain_validation; /* Bypass all cert chain validity tests */ int ignore_expiration; /* Ignore the notAfter validity checks. */ - char *fixed_passphrase; /* Passphrase used by regression tests. */ int auto_issuer_key_retrieve; /* try to retrieve a missing issuer key. */ ----------------------------------------------------------------------- Summary of changes: doc/gpgsm.texi | 32 +++++++++++++--- sm/Makefile.am | 3 +- sm/call-agent.c | 85 ++++++++++++++++++++++++++++++++--------- sm/gpgsm.c | 25 ++++++++++-- sm/gpgsm.h | 3 +- sm/passphrase.c | 90 ++++++++++++++++++++++++++++++++++++++++++++ scd/atr.h => sm/passphrase.h | 16 ++++---- 7 files changed, 217 insertions(+), 37 deletions(-) create mode 100644 sm/passphrase.c copy scd/atr.h => sm/passphrase.h (71%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 8 14:14:32 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 08 Mar 2016 14:14:32 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-97-gb17577e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b17577eac6b7599a4bab6fd3ecb04715aa01367c (commit) from eea139c56ef55081d8cd8df2a35ce507386e0f17 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b17577eac6b7599a4bab6fd3ecb04715aa01367c Author: Neal H. Walfield Date: Tue Mar 8 14:08:15 2016 +0100 gpg: Add a new test. * g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc. (module_tests): Add t-stutter. (t_stutter_SOURCES): New variable. (t_stutter_LDADD): New variable. -- Signed-off-by: Neal H. Walfield Add a test to check that the Mister and Zuccerato attack described in "An Attack on CFB Mode Encryption As Used by OpenPGP" works. diff --git a/g10/Makefile.am b/g10/Makefile.am index 27333de..473a3ac 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -21,7 +21,7 @@ EXTRA_DIST = options.skel dirmngr-conf.skel distsigkey.gpg \ ChangeLog-2011 gpg-w32info.rc \ gpg.w32-manifest.in test.c t-keydb-keyring.kbx \ - t-keydb-get-keyblock.gpg + t-keydb-get-keyblock.gpg t-stutter-data.asc AM_CPPFLAGS = -I$(top_srcdir)/common @@ -166,7 +166,7 @@ gpgcompose_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ gpgcompose_LDFLAGS = $(extra_bin_ldflags) t_common_ldadd = -module_tests = t-rmd160 t-keydb t-keydb-get-keyblock +module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter t_rmd160_SOURCES = t-rmd160.c rmd160.c t_rmd160_LDADD = $(t_common_ldadd) t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source) @@ -176,6 +176,10 @@ t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \ $(common_source) t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(t_common_ldadd) +t_stutter_SOURCES = t-stutter.c test-stubs.c \ + $(common_source) +t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ + $(LIBICONV) $(t_common_ldadd) $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a diff --git a/g10/t-stutter-data.asc b/g10/t-stutter-data.asc new file mode 100644 index 0000000..ad8bfae --- /dev/null +++ b/g10/t-stutter-data.asc @@ -0,0 +1 @@ +????q`H?h?????V??xDI2??3??O??*G???y?Ia??l?{?e?w?{B?c1?B?? \ No newline at end of file diff --git a/g10/t-stutter.c b/g10/t-stutter.c new file mode 100644 index 0000000..8bdfb07 --- /dev/null +++ b/g10/t-stutter.c @@ -0,0 +1,609 @@ +/* t-stutter.c - Test the stutter exploit. + * Copyright (C) 2016 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* This test is based on the paper: "An Attack on CFB Mode Encryption + * as Used by OpenPGP." This attack uses a padding oracle to decrypt + * the first two bytes of each block (which are normally 16 bytes + * large). Concretely, if an attacker can use this attack if it can + * sense whether the quick integrity check failed. See RFC 4880, + * Section 5.7 for an explanation of this quick check. + * + * The concrete attack, as described in the paper, only works for + * PKT_ENCRYPTED packets; it does not work for PKT_ENCRYPTED_MDC + * packets, which use a slightly different CFB mode (they don't + * include a sync after the IV). But, small modifications should + * allow the attack to work for PKT_ENCRYPTED_MDC packets. + * + * The cost of this attack is 2^15 + i * 2^15 oracle queries, where i + * is the number of blocks the attack wants to decrypt. This attack + * is completely unfeasible when gpg is used interactively, but it + * could work when used as a service. + * + * How to generate a test message: + * + * $ echo 0123456789abcdefghijklmnopqrstuvwxyz | gpg2 --disable-mdc -z 0 -c > msg.asc + * $ gpg2 --list-packets msg.asc + * # Make sure the encryption packet contains a literal packet (without + * # any nesting). + * $ gpgsplit msg.asc + * $ gpg2 --show-session-key -d msg.asc + * $ ./t-stutter --debug SESSION_KEY 000002-009.encrypted + */ + +#include +#include +#include + +#include "gpg.h" +#include "main.h" +#include "../common/types.h" +#include "util.h" +#include "dek.h" +#include "../common/logging.h" + +static void +log_hexdump (byte *buffer, int length) +{ + int written = 0; + + fprintf (stderr, "%d bytes:\n", length); + while (length > 0) + { + int have = length > 16 ? 16 : length; + int i; + char formatted[2 * have + 1]; + char text[have + 1]; + + fprintf (stderr, "%-8d ", written); + bin2hex (buffer, have, formatted); + for (i = 0; i < 16; i ++) + { + if (i % 2 == 0) + fputc (' ', stderr); + if (i % 8 == 0) + fputc (' ', stderr); + + if (i < have) + fwrite (&formatted[2 * i], 2, 1, stderr); + else + fwrite (" ", 2, 1, stderr); + } + + for (i = 0; i < have; i ++) + if (isprint (buffer[i])) + text[i] = buffer[i]; + else + text[i] = '.'; + text[i] = 0; + + fprintf (stderr, " "); + if (strlen (text) > 8) + { + fwrite (text, 8, 1, stderr); + fputc (' ', stderr); + fwrite (&text[8], strlen (text) - 8, 1, stderr); + } + else + fwrite (text, strlen (text), 1, stderr); + fputc ('\n', stderr); + + buffer += have; + length -= have; + written += have; + } + + return; +} + +static char * +hexstr (const byte *bytes) +{ + static int i; + static char bufs[100][7]; + + i ++; + if (i == 100) + i = 0; + + sprintf (bufs[i], "0x%02X%02X", bytes[0], bytes[1]); + return bufs[i]; +} + +/* xor the two bytes starting at A with the two bytes starting at B + and return the result. */ +static byte * +bufxor2 (const byte *a, const byte *b) +{ + static int i; + static char bufs[100][2]; + + i ++; + if (i == 100) + i = 0; + + bufs[i][0] = a[0] ^ b[0]; + bufs[i][1] = a[1] ^ b[1]; + return bufs[i]; +} + +/* The session key stays constant. */ +static DEK dek; +int blocksize; + +/* Decode the session key, which is in the format output by gpg + --show-session-key. */ +static void +parse_session_key (char *session_key) +{ + char *tail; + char *p = session_key; + + errno = 0; + dek.algo = strtol (p, &tail, 10); + if (errno || (tail && *tail != ':')) + log_fatal ("Invalid session key specification. " + "Expected: cipher-id:HEXADECIMAL-CHRACTERS\n"); + + /* Skip the ':'. */ + p = tail + 1; + + if (strlen (p) % 2 != 0) + log_fatal ("Session key must consist of an even number of hexadecimal characters.\n"); + + dek.keylen = strlen (p) / 2; + log_assert (dek.keylen <= sizeof (dek.key)); + + if (hex2bin (p, dek.key, dek.keylen) == -1) + log_fatal ("Session key must only contain hexadecimal characters\n"); + + blocksize = openpgp_cipher_get_algo_blklen (dek.algo); + if ( !blocksize || blocksize > 16 ) + log_fatal ("unsupported blocksize %u\n", blocksize ); + + return; +} + +/* The ciphertext, the plaintext as decrypted by the good session key, + and the cfb stream (derived from the ciphertext and the + plaintext). */ +static int msg_len; +static byte *msg; +static byte *msg_plaintext; +static byte *msg_cfb; + +/* Whether we need to resynchronize the CFB after writing the random + data (this is the case for encrypted packets, but not encrypted and + integrity protected packets). */ +static int sync; + +static int +block_offset (int i) +{ + int extra = 0; + + log_assert (i >= 1); + /* Make sure blocksize has been initialized. */ + log_assert (blocksize); + + if (i > 2) + { + i -= 2; + extra = blocksize + 2; + } + return (i - 1) * blocksize + extra; +} + +/* Return the ith block from TEXT. The first block is labeled 1. + Note: consistent with the OpenPGP message format, the second block + (i=2) is just 2 bytes. */ +static byte * +block (byte *text, int len, int i) +{ + int offset = block_offset (i); + + log_assert (offset < len); + return &text[offset]; +} + +/* Return true if the quick integrity check passes. Also, if + PLAINTEXTP is not NULL, return the decrypted plaintext in + *PLAINTEXTP. If CFBP is not NULL, return the CFB byte stream in + *CFBP. */ +static int +oracle (int debug, byte *ciphertext, int len, byte **plaintextp, byte **cfbp) +{ + int rc = 0; + unsigned nprefix; + gcry_cipher_hd_t cipher_hd = NULL; + byte *plaintext = NULL; + byte *cfb = NULL; + + /* Make sure DEK was initialized. */ + log_assert (dek.algo); + log_assert (dek.keylen); + log_assert (blocksize); + + nprefix = blocksize; + if (len < nprefix + 2) + { + /* An invalid message. We can't check that during parsing + because we may not know the used cipher then. */ + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } + + rc = openpgp_cipher_open (&cipher_hd, dek.algo, + GCRY_CIPHER_MODE_CFB, + (! sync /* ed->mdc_method || dek.algo >= 100 */ ? + 0 : GCRY_CIPHER_ENABLE_SYNC)); + if (rc) + log_fatal ("Failed to open cipher: %s\n", gpg_strerror (rc)); + + rc = gcry_cipher_setkey (cipher_hd, dek.key, dek.keylen); + if (gpg_err_code (rc) == GPG_ERR_WEAK_KEY) + { + log_info ("WARNING: message was encrypted with" + " a weak key in the symmetric cipher.\n"); + rc=0; + } + else if( rc ) + log_fatal ("key setup failed: %s\n", gpg_strerror (rc)); + + gcry_cipher_setiv (cipher_hd, NULL, 0); + + if (debug) + { + log_debug ("Encrypted data:\n"); + log_hexdump(ciphertext, len); + } + plaintext = xmalloc_clear (len); + gcry_cipher_decrypt (cipher_hd, plaintext, blocksize + 2, + ciphertext, blocksize + 2); + gcry_cipher_sync (cipher_hd); + if (len > blocksize+2) + gcry_cipher_decrypt (cipher_hd, + &plaintext[blocksize+2], len-(blocksize+2), + &ciphertext[blocksize+2], len-(blocksize+2)); + + if (debug) + { + log_debug ("Decrypted data:\n"); + log_hexdump (plaintext, len); + log_debug ("R_{b-1,b} = %s\n", hexstr (&plaintext[blocksize - 2])); + log_debug ("R_{b+1,b+2} = %s\n", hexstr (&plaintext[blocksize])); + } + + if (cfbp || debug) + { + int i; + cfb = xmalloc (len); + for (i = 0; i < len; i ++) + cfb[i] = plaintext[i] ^ ciphertext[i]; + + log_assert (len >= blocksize + 2); + + if (debug) + { + log_debug ("cfb:\n"); + log_hexdump (cfb, len); + + log_debug ("E_k([C_1]_{1,2}) = C_2 xor R (%s xor %s) = %s\n", + hexstr (&ciphertext[blocksize]), + hexstr (&plaintext[blocksize]), + hexstr (bufxor2 (&ciphertext[blocksize], + &plaintext[blocksize]))); + if (len >= blocksize + 4) + log_debug ("D = Ek([C1]_{3-b} || C_2)_{1-2} (%s) xor C2 (%s) xor E_k(0)_{b-1,b} (%s) = %s\n", + hexstr (&cfb[blocksize + 2]), + hexstr (&ciphertext[blocksize]), + hexstr (&cfb[blocksize - 2]), + hexstr (bufxor2 (bufxor2 (&cfb[blocksize + 2], + &ciphertext[blocksize]), + &cfb[blocksize - 2]))); + } + } + + if (plaintext[nprefix-2] != plaintext[nprefix] + || plaintext[nprefix-1] != plaintext[nprefix+1]) + { + rc = gpg_error (GPG_ERR_BAD_KEY); + goto leave; + } + + leave: + if (! rc && plaintextp) + *plaintextp = plaintext; + else + xfree (plaintext); + + if (! rc && cfbp) + *cfbp = cfb; + else + xfree (cfb); + + if (cipher_hd) + gcry_cipher_close (cipher_hd); + return rc; +} + +/* Query the oracle with D=D for block B. */ +static int +oracle_test (unsigned int d, int b, int debug) +{ + byte probe[blocksize + 2]; + + log_assert (d < 256 * 256); + + if (b == 1) + memcpy (probe, &msg[2], blocksize); + else + memcpy (probe, block (msg, msg_len, b), blocksize); + + probe[blocksize] = d >> 8; + probe[blocksize + 1] = d & 0xff; + + if (debug) + log_debug ("oracle (0x%04X):\n", d); + + return oracle (debug, probe, blocksize + 2, NULL, NULL) == 0; +} + +int +main (int argc, char *argv[]) +{ + int i; + int debug = 0; + char *filename = NULL; + int help = 0; + + byte *raw_data; + int raw_data_len; + + int failed = 0; + + for (i = 1; i < argc; i ++) + { + if (strcmp (argv[i], "--debug") == 0) + debug = 1; + else if (! blocksize) + parse_session_key (argv[i]); + else if (! filename) + filename = argv[i]; + else + { + help = 1; + break; + } + } + + if (! blocksize && ! filename && (filename = getenv ("srcdir"))) + /* Try defaults. */ + { + parse_session_key ("9:9274A8EC128E850C6DDDF9EAC68BFA84FC7BC05F340DA41D78C93D0640C7C503"); + filename = xasprintf ("%s/t-stutter-data.asc", filename); + } + + if (help || ! blocksize || ! filename) + log_fatal ("Usage: %s [--debug] SESSION_KEY ENCRYPTED_PKT\n", argv[0]); + + /* Don't read more than a KB. */ + raw_data_len = 1024; + raw_data = xmalloc (raw_data_len); + + { + FILE *fp; + int r; + + fp = fopen (filename, "r"); + if (! fp) + log_fatal ("Opening %s: %s\n", filename, strerror (errno)); + r = fread (raw_data, 1, raw_data_len, fp); + fclose (fp); + + /* We need at least the random data, the encrypted and literal + packets' headers and some body. */ + if (r < (blocksize + 2 /* Random data. */ + + 2 * blocksize /* Header + some plaintext. */)) + log_fatal ("Not enough data (need at least %d bytes of plain text): %s.\n", + blocksize + 2, strerror (errno)); + raw_data_len = r; + + if (debug) + { + log_debug ("First few bytes of the raw data:\n"); + log_hexdump (raw_data, raw_data_len > 8 ? 8 : raw_data_len); + } + } + + /* Parse the packet's header. */ + { + int ctb = raw_data[0]; + int new_format = ctb & (1 << 7); + int pkttype = (ctb & ((1 << 5) - 1)) >> (new_format ? 0 : 2); + int hdrlen; + + if (new_format) + { + if (debug) + log_debug ("len encoded: 0x%x (%d)\n", raw_data[1], raw_data[1]); + if (raw_data[1] < 192) + hdrlen = 2; + else if (raw_data[1] < 224) + hdrlen = 3; + else if (raw_data[1] == 255) + hdrlen = 5; + else + hdrlen = 2; + } + else + { + int lentype = ctb & 0x3; + if (lentype == 0) + hdrlen = 2; + else if (lentype == 1) + hdrlen = 3; + else if (lentype == 2) + hdrlen = 5; + else + /* Indeterminate. */ + hdrlen = 1; + } + + if (debug) + log_debug ("ctb = %x; %s format, hdrlen: %d, packet: %s\n", + ctb, new_format ? "new" : "old", + hdrlen, + pkttype_str (pkttype)); + + if (! (pkttype == PKT_ENCRYPTED || pkttype == PKT_ENCRYPTED_MDC)) + log_fatal ("%s does not contain an encrypted packet, but a %s.\n", + filename, pkttype_str (pkttype)); + + if (pkttype == PKT_ENCRYPTED_MDC) + { + /* The first byte following the header is the version, which + is 1. */ + log_assert (raw_data[hdrlen] == 1); + hdrlen ++; + sync = 0; + } + else + sync = 1; + + msg = &raw_data[hdrlen]; + msg_len = raw_data_len - hdrlen; + } + + log_assert (msg_len >= blocksize + 2); + + { + /* This can at least partially be guessed. So we just assume that + it is known. */ + int d; + int found; + const byte *m1; + byte e_k_zero[2]; + + if (oracle (debug, msg, msg_len, &msg_plaintext, &msg_cfb) == 0) + { + if (debug) + log_debug ("Session key appears to be good.\n"); + } + else + log_fatal ("Session key is bad!\n"); + + m1 = &msg_plaintext[blocksize + 2]; + if (debug) + log_debug ("First two bytes of plaintext are: %02X (%c) %02X (%c)\n", + m1[0], isprint (m1[0]) ? m1[0] : '?', + m1[1], isprint (m1[1]) ? m1[1] : '?'); + + for (d = 0; d < 256 * 256; d ++) + if ((found = oracle_test (d, 1, 0))) + break; + + if (! found) + log_fatal ("Failed to find d!\n"); + + if (debug) + oracle_test (d, 1, 1); + + if (debug) + log_debug ("D = %d (%x) looks good.\n", d, d); + + { + byte *c2 = block (msg, msg_len, 2); + byte D[2] = { d >> 8, d & 0xFF }; + byte *c3 = block (msg, msg_len, 3); + + memcpy (e_k_zero, + bufxor2 (bufxor2 (c2, D), + bufxor2 (c3, m1)), + sizeof (e_k_zero)); + + if (debug) + { + log_debug ("C2 = %s\n", hexstr (c2)); + log_debug ("D = %s\n", hexstr (D)); + log_debug ("C3 = %s\n", hexstr (c3)); + log_debug ("M = %s\n", hexstr (m1)); + log_debug ("E_k([C1]_{3-b} || C_2) = C3 xor M1 = %s\n", + hexstr (bufxor2 (c3, m1))); + log_debug ("E_k(0)_{b-1,b} = %s\n", hexstr (e_k_zero)); + } + } + + /* Figure out the first 2 bytes of M2... (offset 16 & 17 of the + plain text assuming the blocksize == 16 or bytes 34 & 35 of the + decrypted cipher text, i.e., C4). */ + for (i = 1; block_offset (i + 3) + 2 <= msg_len; i ++) + { + byte e_k_prime[2]; + byte m[2]; + byte *ct = block (msg, msg_len, i + 2); + byte *pt = block (msg_plaintext, msg_len, 2 + i + 1); + + for (d = 0; d < 256 * 256; d ++) + if (oracle_test (d, i + 2, 0)) + { + found = 1; + break; + } + + if (! found) + log_fatal ("Failed to find a valid d for block %d\n", i); + + if (debug) + log_debug ("Block %d: oracle: D = %04X passes integrity check\n", + i, d); + + { + byte D[2] = { d >> 8, d & 0xFF }; + memcpy (e_k_prime, + bufxor2 (bufxor2 (&ct[blocksize - 2], D), e_k_zero), + sizeof (e_k_prime)); + + memcpy (m, bufxor2 (e_k_prime, block (msg, msg_len, i + 3)), + sizeof (m)); + } + + if (debug) + log_debug ("=> block %d starting at %zd starts with: " + "%s (%c%c)\n", + i, (size_t) pt - (size_t) msg_plaintext, + hexstr (m), + isprint (m[0]) ? m[0] : '?', isprint (m[1]) ? m[1] : '?'); + + if (m[0] != pt[0] || m[1] != pt[1]) + { + log_debug ("oracle attack failed! Expected %s (%c%c), got %s\n", + hexstr (pt), + isprint (pt[0]) ? pt[0] : '?', + isprint (pt[1]) ? pt[1] : '?', + hexstr (m)); + failed = 1; + } + } + + if (i == 1) + log_fatal ("Message is too short, nothing to test.\n"); + } + + return failed; +} ----------------------------------------------------------------------- Summary of changes: g10/Makefile.am | 8 +- g10/t-stutter-data.asc | 1 + g10/t-stutter.c | 609 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 616 insertions(+), 2 deletions(-) create mode 100644 g10/t-stutter-data.asc create mode 100644 g10/t-stutter.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 8 15:38:08 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 08 Mar 2016 15:38:08 +0100 Subject: [git] GPGME - branch, gpgmepp, updated. gpgme-1.6.0-24-g8347f3d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, gpgmepp has been updated via 8347f3d5fc3e476aa767fbbaf09a1310a6154280 (commit) via 58ed9c17f00f420035ecc6973a6c6ed948757a9a (commit) from a06603d75e80aba58df58f9a41770c56b6a1f0b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8347f3d5fc3e476aa767fbbaf09a1310a6154280 Author: Andre Heinecke Date: Tue Mar 8 14:33:15 2016 +0100 Add qgpgme as qt language binding * configure.ac: Add version defines. Check for qt if neccessary. * lang/README: Mention qt * lang/cpp/src/GpgmeppConfig.cmake.in.in: Remove comment. Find qgpgme. * lang/qt/src/Makefile.am: New. Build qgpgme. * lang/qt/README, lang/qt/src/Makefile.am, lang/qt/src/QGpgmeConfig.cmake.in.in, lang/qt/src/QGpgmeConfigVersion.cmake.in, lang/qt/src/dataprovider.cpp, lang/qt/src/dataprovider.h, lang/qt/src/qgpgme_export.h, m4/qt.m4: New. * lang/cpp/src/GpgmeppConfig.cmake.in.in, lang/cpp/src/Makefile.am: Fix generated config file. -- For now this is just the dataprovider which was part of the KF5 Gpgmepp QGpgme variant. This is very thin but a useful class which is used downstream. diff --git a/configure.ac b/configure.ac index c3a46ae..9dd02e6 100644 --- a/configure.ac +++ b/configure.ac @@ -65,6 +65,10 @@ LIBGPGMEPP_LT_CURRENT=3 LIBGPGMEPP_LT_AGE=0 LIBGPGMEPP_LT_REVISION=0 +LIBQGPGME_LT_CURRENT=1 +LIBQGPGME_LT_AGE=0 +LIBQGPGME_LT_REVISION=0 + # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 ############################################## @@ -111,6 +115,9 @@ AC_SUBST(LIBGPGME_LT_REVISION) AC_SUBST(LIBGPGMEPP_LT_CURRENT) AC_SUBST(LIBGPGMEPP_LT_AGE) AC_SUBST(LIBGPGMEPP_LT_REVISION) +AC_SUBST(LIBQGPGME_LT_CURRENT) +AC_SUBST(LIBQGPGME_LT_AGE) +AC_SUBST(LIBQGPGME_LT_REVISION) AC_SUBST(PACKAGE) AC_SUBST(VERSION) @@ -153,8 +160,8 @@ have_w32_system=no have_w64_system=no build_w32_glib=no build_w32_qt=no -available_languages="cpp cl" -default_languages="cpp cl" +available_languages="cpp cl qt" +default_languages="cpp cl qt" case "${host}" in x86_64-*mingw32*) have_w64_system=yes @@ -259,6 +266,24 @@ for language in $enabled_languages; do AC_MSG_ERROR([unsupported language binding specified]) fi done +# Check that if qt is enabled cpp also is enabled +LIST_MEMBER("qt", $enabled_languages) +if test "$found" = "1"; then + LIST_MEMBER("cpp", $enabled_languages) + if test "$found" = "0"; then + AC_MSG_ERROR([qt binding depends on cpp language binding]) + fi + FIND_QT + if test "$have_qt5_libs" != "yes"; then + AC_MSG_ERROR([[ + *** + *** Qt5 (Qt5Core) is required for qt binding. + ***]]) + fi + # Make sure that qt comes after cpp + enabled_languages=`echo $enabled_languages | sed 's/qt//'` + enabled_languages=`echo $enabled_languages qt` +fi AC_SUBST(ENABLED_LANGUAGES, $enabled_languages) # @@ -650,6 +675,9 @@ AC_CONFIG_FILES(src/gpgme-config, chmod +x src/gpgme-config) AC_CONFIG_FILES(lang/cpp/Makefile lang/cpp/src/Makefile) AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfig.cmake.in) AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfigVersion.cmake) +AC_CONFIG_FILES(lang/qt/Makefile lang/qt/src/Makefile) +AC_CONFIG_FILES(lang/qt/src/QGpgmeConfig.cmake.in) +AC_CONFIG_FILES(lang/qt/src/QGpgmeConfigVersion.cmake) AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd]) AC_OUTPUT diff --git a/lang/README b/lang/README index 5745029..e1c04f2 100644 --- a/lang/README +++ b/lang/README @@ -11,3 +11,4 @@ Directory Language cl Common Lisp cpp C++ +qt Qt-Framework API diff --git a/lang/cpp/src/GpgmeppConfig.cmake.in.in b/lang/cpp/src/GpgmeppConfig.cmake.in.in index 4b5b905..51218c6 100644 --- a/lang/cpp/src/GpgmeppConfig.cmake.in.in +++ b/lang/cpp/src/GpgmeppConfig.cmake.in.in @@ -37,7 +37,7 @@ set(CMAKE_IMPORT_FILE_VERSION 1) set(_targetsDefined) set(_targetsNotDefined) set(_expectedTargets) -foreach(_expectedTarget KF5::Gpgmepp KF5::QGpgme) +foreach(_expectedTarget KF5::Gpgmepp Gpgmepp) list(APPEND _expectedTargets ${_expectedTarget}) if(NOT TARGET ${_expectedTarget}) list(APPEND _targetsNotDefined ${_expectedTarget}) @@ -69,18 +69,10 @@ add_library(Gpgmepp SHARED IMPORTED) set_target_properties(Gpgmepp PROPERTIES INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/gpgme++" - INTERFACE_LINK_LIBRARIES "@libdir@/libgpgme.dll.a;@LIBASSUAN_LIBS@;@GPG_ERROR_LIBS@" + INTERFACE_LINK_LIBRARIES "@resolved_libdir@/libgpgme at libsuffix@;@LIBASSUAN_LIBS@;@GPG_ERROR_LIBS@" + IMPORTED_LOCATION "@resolved_libdir@/libgpgmepp at libsuffix@" ) -# Create imported target QGpgme -#add_library(QGpgme SHARED IMPORTED) - -#set_target_properties(KF5::QGpgme PROPERTIES -# INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/qgpgme" - # INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX} TODO" -# INTERFACE_LINK_LIBRARIES "Qt5::Core" -#) - if(CMAKE_VERSION VERSION_LESS 2.8.12) message(FATAL_ERROR "This file relies on consumers using CMake 2.8.12 or greater.") endif() @@ -107,9 +99,10 @@ but not all the files it references. endforeach() unset(_IMPORT_CHECK_TARGETS) -# This file does not depend on other imported targets which have -# been exported from the same project but in a separate export set. - # Commands beyond this point should not need to know the version. set(CMAKE_IMPORT_FILE_VERSION) cmake_policy(POP) + +get_filename_component(QGpgme_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH) +# Pull in QGpgme for compatibility with KF5 variant. +find_package(QGpgme CONFIG) diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index a9b7ef4..e56b818 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -62,8 +62,16 @@ libgpgmepp_la_LIBADD = ../../../src/libgpgme.la @LIBASSUAN_LIBS@ libgpgmepp_la_LDFLAGS = -version-info \ @LIBGPGMEPP_LT_CURRENT@:@LIBGPGMEPP_LT_REVISION@:@LIBGPGMEPP_LT_AGE@ +if HAVE_W32_SYSTEM +libsuffix=.dll.a +else +libsuffix=.so +endif + GpgmeppConfig.cmake: GpgmeppConfig.cmake.in sed -e 's|[@]resolved_libdir@|$(libdir)|g' < "$<" > "$@" + sed -e 's|[@]libsuffix@|$(libsuffix)|g' < "$@" > "$@".2 + mv "$@".2 "$@" install-cmake-files: GpgmeppConfig.cmake GpgmeppConfigVersion.cmake -$(INSTALL) -d $(DESTDIR)$(libdir)/cmake/Gpgmepp diff --git a/lang/qt/Makefile.am b/lang/qt/Makefile.am new file mode 100644 index 0000000..7fbaca8 --- /dev/null +++ b/lang/qt/Makefile.am @@ -0,0 +1,23 @@ +# Makefile.am for GPGMEPP. +# Copyright (C) 2016 Intevation GmbH +# +# This file is part of GPGMEPP. +# +# GPGME-CL is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME-CL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA + +SUBDIRS = src + +EXTRA_DIST = README diff --git a/lang/qt/README b/lang/qt/README new file mode 100644 index 0000000..6aeb876 --- /dev/null +++ b/lang/qt/README @@ -0,0 +1,27 @@ +Qt API bindings/wrapper for gpgme +---------------------------------------- +Based on KF5gpgmepp QGpgme + +QGpgme is free software; you can redistribute it and/or +modify it under the terms of the GNU Library General Public +License as published by the Free Software Foundation; either +version 2 of the License, or (at your option) any later version. + +QGpgme is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Library General Public License for more details. + +You should have received a copy of the GNU Library General Public License +along with GPGME++; see the file COPYING.LIB. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +Boston, MA 02110-1301, USA. + +Overview +-------- +QGpgme provides Qt API bindings around Gpgmepp. It depends on Gpgmepp. + +Currently this is a very thin library that only provides a QByteArray +and QIODevice dataprovider. But might be extended in the future with +code that is currently part of KDE's libkleopatra. To provide an easy +to use API for Qt Applications. diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am new file mode 100644 index 0000000..54d0530 --- /dev/null +++ b/lang/qt/src/Makefile.am @@ -0,0 +1,67 @@ +# Makefile.am for GPGMEPP. +# Copyright (C) 2016 Intevation GmbH +# +# This file is part of GPGMEPP. +# +# GPGME-CL is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME-CL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA +lib_LTLIBRARIES = libqgpgme.la +EXTRA_DIST = QGpgmeConfig.cmake.in.in QGpgmeConfigVersion.cmake.in + +qgpgme_sources = \ + dataprovider.cpp + +qgpgme_headers = \ + dataprovider.h qgpgme_export.h + +qgpgmeincludedir = $(includedir)/qgpgme +qgpgmeinclude_HEADERS = $(qgpgme_headers) + +libqgpgme_la_SOURCES = $(qgpgme_sources) $(qgpgme_headers) + +AM_CPPFLAGS = @GPGME_QT_CFLAGS@ @GPG_ERROR_CFLAGS@ @LIBASSUAN_CFLAGS@ \ + -DBUILDING_QGPGME -I$(top_srcdir)/lang/cpp/src + +libqgpgme_la_LIBADD = ../../cpp/src/libgpgmepp.la ../../../src/libgpgme.la \ + @LIBASSUAN_LIBS@ @GPGME_QT_LIBS@ +libqgpgme_la_LDFLAGS = -version-info \ + @LIBQGPGME_LT_CURRENT@:@LIBQGPGME_LT_REVISION@:@LIBQGPGME_LT_AGE@ + +if HAVE_W32_SYSTEM +libsuffix=.dll.a +else +libsuffix=.so +endif + +QGpgmeConfig.cmake: QGpgmeConfig.cmake.in + sed -e 's|[@]resolved_libdir@|$(libdir)|g' < "$<" > "$@" + sed -e 's|[@]libsuffix@|$(libsuffix)|g' < "$@" > "$@".2 + mv "$@".2 "$@" + +install-cmake-files: QGpgmeConfig.cmake QGpgmeConfigVersion.cmake + -$(INSTALL) -d $(DESTDIR)$(libdir)/cmake/Gpgmepp + $(INSTALL) QGpgmeConfig.cmake \ + $(DESTDIR)$(libdir)/cmake/Gpgmepp/QGpgmeConfig.cmake + $(INSTALL) QGpgmeConfigVersion.cmake \ + $(DESTDIR)$(libdir)/cmake/Gpgmepp/QGpgmeConfigVersion.cmake + +uninstall-cmake-files: + -rm $(DESTDIR)$(libdir)/cmake/Gpgmepp/QGpgmeConfigVersion.cmake + -rm $(DESTDIR)$(libdir)/cmake/Gpgmepp/QGpgmeConfig.cmake + -rmdir $(DESTDIR)$(libdir)/cmake/Gpgmepp/ + +install-data-local: install-cmake-files + +uninstall-local: uninstall-cmake-files diff --git a/lang/cpp/src/GpgmeppConfig.cmake.in.in b/lang/qt/src/QGpgmeConfig.cmake.in.in similarity index 84% copy from lang/cpp/src/GpgmeppConfig.cmake.in.in copy to lang/qt/src/QGpgmeConfig.cmake.in.in index 4b5b905..36ee920 100644 --- a/lang/cpp/src/GpgmeppConfig.cmake.in.in +++ b/lang/qt/src/QGpgmeConfig.cmake.in.in @@ -1,7 +1,7 @@ -# CMake Config file for GPGMEPP. +# CMake Config file for QGPGME. # Copyright (C) 2016 Intevation GmbH # -# This file is part of GPGMEPP. +# This file is part of GPGME. # # GPGME-CL is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -37,7 +37,7 @@ set(CMAKE_IMPORT_FILE_VERSION 1) set(_targetsDefined) set(_targetsNotDefined) set(_expectedTargets) -foreach(_expectedTarget KF5::Gpgmepp KF5::QGpgme) +foreach(_expectedTarget QGpgme KF5::QGpgme) list(APPEND _expectedTargets ${_expectedTarget}) if(NOT TARGET ${_expectedTarget}) list(APPEND _targetsNotDefined ${_expectedTarget}) @@ -64,22 +64,14 @@ get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH) -# Create imported target Gpgmepp -add_library(Gpgmepp SHARED IMPORTED) - -set_target_properties(Gpgmepp PROPERTIES - INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/gpgme++" - INTERFACE_LINK_LIBRARIES "@libdir@/libgpgme.dll.a;@LIBASSUAN_LIBS@;@GPG_ERROR_LIBS@" -) - # Create imported target QGpgme -#add_library(QGpgme SHARED IMPORTED) +add_library(QGpgme SHARED IMPORTED) -#set_target_properties(KF5::QGpgme PROPERTIES -# INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/qgpgme" - # INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX} TODO" -# INTERFACE_LINK_LIBRARIES "Qt5::Core" -#) +set_target_properties(QGpgme PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/qgpgme" + INTERFACE_LINK_LIBRARIES "Gpgmepp;Qt5::Core" + IMPORTED_LOCATION "@resolved_libdir@/libqgpgme at libsuffix@" +) if(CMAKE_VERSION VERSION_LESS 2.8.12) message(FATAL_ERROR "This file relies on consumers using CMake 2.8.12 or greater.") diff --git a/lang/qt/src/QGpgmeConfigVersion.cmake.in b/lang/qt/src/QGpgmeConfigVersion.cmake.in new file mode 100644 index 0000000..04a12cb --- /dev/null +++ b/lang/qt/src/QGpgmeConfigVersion.cmake.in @@ -0,0 +1,31 @@ +# CMake Version file for QGPGME. +# Copyright (C) 2016 Intevation GmbH +# +# This file is part of GPGME. +# +# GPGME-CL is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME-CL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA + +# based on a generated file from cmake. +set(PACKAGE_VERSION "@LIBQGPGME_LT_CURRENT at .@LIBQGPGME_LT_AGE at .@LIBQGPGME_LT_REVISION at .@BUILD_REVISION@") + +if("${PACKAGE_VERSION}" VERSION_LESS "${PACKAGE_FIND_VERSION}" ) + set(PACKAGE_VERSION_COMPATIBLE FALSE) +else() + set(PACKAGE_VERSION_COMPATIBLE TRUE) + if( "${PACKAGE_FIND_VERSION}" STREQUAL "${PACKAGE_VERSION}") + set(PACKAGE_VERSION_EXACT TRUE) + endif() +endif() diff --git a/lang/qt/src/dataprovider.cpp b/lang/qt/src/dataprovider.cpp new file mode 100644 index 0000000..8893877 --- /dev/null +++ b/lang/qt/src/dataprovider.cpp @@ -0,0 +1,281 @@ +/* dataprovider.cpp + Copyright (C) 2004 Klar???vdalens Datakonsult AB + + This file is part of QGPGME. + + QGPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Library General Public License as published + by the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + QGPGME is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with QGPGME; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ + +// -*- c++ -*- + +#include + +#include + +#include +#include + +#include +#include +#include + +using namespace QGpgME; +using namespace GpgME; + +// +// +// QByteArrayDataProvider +// +// + +static bool resizeAndInit(QByteArray &ba, size_t newSize) +{ + const size_t oldSize = ba.size(); + ba.resize(newSize); + const bool ok = (newSize == static_cast(ba.size())); + if (ok) { + memset(ba.data() + oldSize, 0, newSize - oldSize); + } + return ok; +} + +QByteArrayDataProvider::QByteArrayDataProvider() + : GpgME::DataProvider(), mOff(0) {} + +QByteArrayDataProvider::QByteArrayDataProvider(const QByteArray &initialData) + : GpgME::DataProvider(), mArray(initialData), mOff(0) {} + +QByteArrayDataProvider::~QByteArrayDataProvider() {} + +ssize_t QByteArrayDataProvider::read(void *buffer, size_t bufSize) +{ +#ifndef NDEBUG + //qDebug( "QByteArrayDataProvider::read( %p, %d )", buffer, bufSize ); +#endif + if (bufSize == 0) { + return 0; + } + if (!buffer) { + Error::setSystemError(GPG_ERR_EINVAL); + return -1; + } + if (mOff >= mArray.size()) { + return 0; // EOF + } + size_t amount = qMin(bufSize, static_cast(mArray.size() - mOff)); + assert(amount > 0); + memcpy(buffer, mArray.data() + mOff, amount); + mOff += amount; + return amount; +} + +ssize_t QByteArrayDataProvider::write(const void *buffer, size_t bufSize) +{ +#ifndef NDEBUG + //qDebug( "QByteArrayDataProvider::write( %p, %lu )", buffer, static_cast( bufSize ) ); +#endif + if (bufSize == 0) { + return 0; + } + if (!buffer) { + Error::setSystemError(GPG_ERR_EINVAL); + return -1; + } + if (mOff >= mArray.size()) { + resizeAndInit(mArray, mOff + bufSize); + } + if (mOff >= mArray.size()) { + Error::setSystemError(GPG_ERR_EIO); + return -1; + } + assert(bufSize <= static_cast(mArray.size()) - mOff); + memcpy(mArray.data() + mOff, buffer, bufSize); + mOff += bufSize; + return bufSize; +} + +off_t QByteArrayDataProvider::seek(off_t offset, int whence) +{ +#ifndef NDEBUG + //qDebug( "QByteArrayDataProvider::seek( %d, %d )", int(offset), whence ); +#endif + int newOffset = mOff; + switch (whence) { + case SEEK_SET: + newOffset = offset; + break; + case SEEK_CUR: + newOffset += offset; + break; + case SEEK_END: + newOffset = mArray.size() + offset; + break; + default: + Error::setSystemError(GPG_ERR_EINVAL); + return (off_t) - 1; + } + return mOff = newOffset; +} + +void QByteArrayDataProvider::release() +{ +#ifndef NDEBUG + //qDebug( "QByteArrayDataProvider::release()" ); +#endif + mArray = QByteArray(); +} + +// +// +// QIODeviceDataProvider +// +// + +QIODeviceDataProvider::QIODeviceDataProvider(const boost::shared_ptr &io) + : GpgME::DataProvider(), + mIO(io), + mErrorOccurred(false), + mHaveQProcess(qobject_cast(io.get())) +{ + assert(mIO); +} + +QIODeviceDataProvider::~QIODeviceDataProvider() {} + +bool QIODeviceDataProvider::isSupported(Operation op) const +{ + const QProcess *const proc = qobject_cast(mIO.get()); + bool canRead = true; + if (proc) { + canRead = proc->readChannel() == QProcess::StandardOutput; + } + + switch (op) { + case Read: return mIO->isReadable() && canRead; + case Write: return mIO->isWritable(); + case Seek: return !mIO->isSequential(); + case Release: return true; + default: return false; + } +} + +static qint64 blocking_read(const boost::shared_ptr &io, char *buffer, qint64 maxSize) +{ + while (!io->bytesAvailable()) { + if (!io->waitForReadyRead(-1)) { + if (const QProcess *const p = qobject_cast(io.get())) { + if (p->error() == QProcess::UnknownError && + p->exitStatus() == QProcess::NormalExit && + p->exitCode() == 0) { + return 0; + } else { + Error::setSystemError(GPG_ERR_EIO); + return -1; + } + } else { + return 0; // assume EOF (loses error cases :/ ) + } + } + } + return io->read(buffer, maxSize); +} + +ssize_t QIODeviceDataProvider::read(void *buffer, size_t bufSize) +{ +#ifndef NDEBUG + //qDebug( "QIODeviceDataProvider::read( %p, %lu )", buffer, bufSize ); +#endif + if (bufSize == 0) { + return 0; + } + if (!buffer) { + Error::setSystemError(GPG_ERR_EINVAL); + return -1; + } + const qint64 numRead = mHaveQProcess + ? blocking_read(mIO, static_cast(buffer), bufSize) + : mIO->read(static_cast(buffer), bufSize); + + //workaround: some QIODevices (known example: QProcess) might not return 0 (EOF), but immediately -1 when finished. If no + //errno is set, gpgme doesn't detect the error and loops forever. So return 0 on the very first -1 in case errno is 0 + + ssize_t rc = numRead; + if (numRead < 0 && !Error::hasSystemError()) { + if (mErrorOccurred) { + Error::setSystemError(GPG_ERR_EIO); + } else { + rc = 0; + } + } + if (numRead < 0) { + mErrorOccurred = true; + } + return rc; +} + +ssize_t QIODeviceDataProvider::write(const void *buffer, size_t bufSize) +{ +#ifndef NDEBUG + //qDebug( "QIODeviceDataProvider::write( %p, %lu )", buffer, static_cast( bufSize ) ); +#endif + if (bufSize == 0) { + return 0; + } + if (!buffer) { + Error::setSystemError(GPG_ERR_EINVAL); + return -1; + } + + return mIO->write(static_cast(buffer), bufSize); +} + +off_t QIODeviceDataProvider::seek(off_t offset, int whence) +{ +#ifndef NDEBUG + //qDebug( "QIODeviceDataProvider::seek( %d, %d )", int(offset), whence ); +#endif + if (mIO->isSequential()) { + Error::setSystemError(GPG_ERR_ESPIPE); + return (off_t) - 1; + } + qint64 newOffset = mIO->pos(); + switch (whence) { + case SEEK_SET: + newOffset = offset; + break; + case SEEK_CUR: + newOffset += offset; + break; + case SEEK_END: + newOffset = mIO->size() + offset; + break; + default: + Error::setSystemError(GPG_ERR_EINVAL); + return (off_t) - 1; + } + if (!mIO->seek(newOffset)) { + Error::setSystemError(GPG_ERR_EINVAL); + return (off_t) - 1; + } + return newOffset; +} + +void QIODeviceDataProvider::release() +{ +#ifndef NDEBUG + //qDebug( "QIODeviceDataProvider::release()" ); +#endif + mIO->close(); +} diff --git a/lang/qt/src/dataprovider.h b/lang/qt/src/dataprovider.h new file mode 100644 index 0000000..8bc0c85 --- /dev/null +++ b/lang/qt/src/dataprovider.h @@ -0,0 +1,104 @@ +/* dataprovider.h + Copyright (C) 2004 Klar??lvdalens Datakonsult AB + + This file is part of QGPGME. + + QGPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Library General Public License as published + by the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + QGPGME is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with QGPGME; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ + +// -*- c++ -*- +#ifndef __QGPGME_DATAPROVIDER_H__ +#define __QGPGME_DATAPROVIDER_H__ + +#include "qgpgme_export.h" +#include + +#include + +#include + +class QIODevice; + +namespace QGpgME +{ + +class QGPGME_EXPORT QByteArrayDataProvider : public GpgME::DataProvider +{ +public: + QByteArrayDataProvider(); + explicit QByteArrayDataProvider(const QByteArray &initialData); + ~QByteArrayDataProvider(); + + const QByteArray &data() const + { + return mArray; + } + +private: + // these shall only be accessed through the dataprovider + // interface, where they're public: + /*! \reimp */ + bool isSupported(Operation) const + { + return true; + } + /*! \reimp */ + ssize_t read(void *buffer, size_t bufSize); + /*! \reimp */ + ssize_t write(const void *buffer, size_t bufSize); + /*! \reimp */ + off_t seek(off_t offset, int whence); + /*! \reimp */ + void release(); + +private: + QByteArray mArray; + off_t mOff; +}; + +class QGPGME_EXPORT QIODeviceDataProvider : public GpgME::DataProvider +{ +public: + explicit QIODeviceDataProvider(const boost::shared_ptr &initialData); + ~QIODeviceDataProvider(); + + const boost::shared_ptr &ioDevice() const + { + return mIO; + } + +private: + // these shall only be accessed through the dataprovider + // interface, where they're public: + /*! \reimp */ + bool isSupported(Operation) const; + /*! \reimp */ + ssize_t read(void *buffer, size_t bufSize); + /*! \reimp */ + ssize_t write(const void *buffer, size_t bufSize); + /*! \reimp */ + off_t seek(off_t offset, int whence); + /*! \reimp */ + void release(); + +private: + const boost::shared_ptr mIO; + bool mErrorOccurred : 1; + bool mHaveQProcess : 1; +}; + +} // namespace QGpgME + +#endif diff --git a/lang/qt/src/qgpgme_export.h b/lang/qt/src/qgpgme_export.h new file mode 100644 index 0000000..40630d5 --- /dev/null +++ b/lang/qt/src/qgpgme_export.h @@ -0,0 +1,53 @@ + +#ifndef QGPGME_EXPORT_H +#define QGPGME_EXPORT_H + +#ifdef QGPGME_STATIC_DEFINE +# define QGPGME_EXPORT +# define QGPGME_NO_EXPORT +#else +# ifndef QGPGME_EXPORT +# ifdef BUILDING_QGPGME + /* We are building this library */ +# ifdef WIN32 +# define QGPGME_EXPORT __declspec(dllexport) +# else +# define QGPGME_EXPORT __attribute__((visibility("default"))) +# endif +# else + /* We are using this library */ +# ifdef WIN32 +# define QGPGME_EXPORT __declspec(dllimport) +# else +# define QGPGME_EXPORT __attribute__((visibility("default"))) +# endif +# endif +# endif + +# ifndef QGPGME_NO_EXPORT +# ifdef WIN32 +# define QGPGME_NO_EXPORT +# else +# define QGPGME_NO_EXPORT __attribute__((visibility("hidden"))) +# endif +# endif +#endif + +#ifndef QGPGME_DEPRECATED +# define QGPGME_DEPRECATED __attribute__ ((__deprecated__)) +#endif + +#ifndef QGPGME_DEPRECATED_EXPORT +# define QGPGME_DEPRECATED_EXPORT QGPGME_EXPORT QGPGME_DEPRECATED +#endif + +#ifndef QGPGME_DEPRECATED_NO_EXPORT +# define QGPGME_DEPRECATED_NO_EXPORT QGPGME_NO_EXPORT QGPGME_DEPRECATED +#endif + +#define DEFINE_NO_DEPRECATED 0 +#if DEFINE_NO_DEPRECATED +# define QGPGME_NO_DEPRECATED +#endif + +#endif diff --git a/m4/qt.m4 b/m4/qt.m4 new file mode 100644 index 0000000..80e2245 --- /dev/null +++ b/m4/qt.m4 @@ -0,0 +1,51 @@ +dnl qt.m4 +dnl Copyright (C) 2016 Intevation GmbH +dnl +dnl This file is part of gpgme and is provided under the same license as gpgme + +dnl Autoconf macro to find either Qt4 or Qt5 +dnl +dnl sets GPGME_QT_LIBS and GPGME_QT_CFLAGS +dnl +dnl if QT5 was found have_qt5_libs is set to yes + +AC_DEFUN([FIND_QT], +[ + have_qt5_libs="no"; + + PKG_CHECK_MODULES(GPGME_QT, + Qt5Core >= 5.0.0, + [have_qt5_libs="yes"], + [have_qt5_libs="no"]) + + if "$PKG_CONFIG" --variable qt_config Qt5Core | grep -q "reduce_relocations"; then + GPGME_QT_CFLAGS="$GPGME_QT_CFLAGS -fpic" + fi + if test "$have_qt5_libs" = "yes"; then + AC_CHECK_TOOL(MOC, moc) + AC_MSG_CHECKING([moc version]) + mocversion=`$MOC -v 2>&1` + mocversiongrep=`echo $mocversion | grep "Qt 5\|moc 5"` + if test x"$mocversiongrep" != x"$mocversion"; then + AC_MSG_RESULT([no]) + # moc was not the qt5 one, try with moc-qt5 + AC_CHECK_TOOL(MOC2, moc-qt5) + mocversion=`$MOC2 -v 2>&1` + mocversiongrep=`echo $mocversion | grep "Qt 5\|moc-qt5 5\|moc 5"` + if test x"$mocversiongrep" != x"$mocversion"; then + AC_CHECK_TOOL(QTCHOOSER, qtchooser) + qt5tooldir=`QT_SELECT=qt5 qtchooser -print-env | grep QTTOOLDIR | cut -d '=' -f 2 | cut -d \" -f 2` + mocversion=`$qt5tooldir/moc -v 2>&1` + mocversiongrep=`echo $mocversion | grep "Qt 5\|moc 5"` + if test x"$mocversiongrep" != x"$mocversion"; then + # no valid moc found + have_qt5_libs="no"; + else + MOC=$qt5tooldir/moc + fi + else + MOC=$MOC2 + fi + fi + fi +]) commit 58ed9c17f00f420035ecc6973a6c6ed948757a9a Author: Andre Heinecke Date: Thu Mar 3 12:46:53 2016 +0100 Remove obsolete w32-qt code * configure.ac (w32-qt): Remove option and Qt checks. * src/Makefile.am: Remove BUILD_W32_QT handling. * src/kdpipeiodevice.cpp, src/kdpipeiodevice.h, src/kdpipeiodevice.moc, src/w32-qt-io.cpp: Removed. -- This code was intended for Kleopatra but Kleopatra is not using it anymore. QGpgme/dataprovider is a better replacement for this. diff --git a/configure.ac b/configure.ac index 5aad9f4..c3a46ae 100644 --- a/configure.ac +++ b/configure.ac @@ -180,20 +180,9 @@ case "${host}" in AC_ARG_ENABLE(w32-glib, AC_HELP_STRING([--enable-w32-glib], [build GPGME Glib for W32]), build_w32_glib=$enableval) - - # Check disabled, because the qt-dev packages in gpg4win do - # not provide any support for cross compilation. - # PKG_CHECK_MODULES(QT4_CORE, QtCore) - - # Use it like this: - # ./configure --enable-w32-qt QT4_CORE_CFLAGS="..." QT4_CORE_LIBS="..." - AC_SUBST(QT4_CORE_CFLAGS) - AC_SUBST(QT4_CORE_LIBS) - AC_ARG_ENABLE(w32-qt, - AC_HELP_STRING([--enable-w32-qt], [build GPGME Qt for W32]), - build_w32_qt=$enableval) - ;; + ;; *) + AC_CHECK_LIB(pthread,pthread_create,have_pthread=yes) if test "$have_pthread" = yes; then AC_DEFINE(HAVE_PTHREAD, ,[Define if we have pthread.]) @@ -239,7 +228,6 @@ fi AM_CONDITIONAL(HAVE_ANDROID_SYSTEM, test "$have_android_system" = yes) AM_CONDITIONAL(BUILD_W32_GLIB, test "$build_w32_glib" = yes) -AM_CONDITIONAL(BUILD_W32_QT, test "$build_w32_qt" = yes) AM_CONDITIONAL(HAVE_PTHREAD, test "$have_pthread" = "yes") diff --git a/src/Makefile.am b/src/Makefile.am index 698c632..951fc00 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -41,12 +41,6 @@ else ltlib_gpgme_glib = endif -if BUILD_W32_QT -ltlib_gpgme_qt = libgpgme-qt.la -else -ltlib_gpgme_qt = -endif - lib_LTLIBRARIES = libgpgme.la $(ltlib_gpgme_glib) $(ltlib_gpgme_qt) \ $(ltlib_gpgme_pthread) @@ -110,23 +104,9 @@ if BUILD_W32_GLIB libgpgme_glib_la_SOURCES = $(main_sources) ath.h ath.c w32-glib-io.c endif -if BUILD_W32_QT -libgpgme_qt_la_SOURCES = $(main_sources) ath.h ath.c w32-qt-io.cpp \ - kdpipeiodevice.h kdpipeiodevice.cpp kdpipeiodevice.moc -# FIXME: Add extra depedency: moc_kdpipeiodevice.cpp - -# These are built sources (normally). -# moc_kdpipeiodevice.cpp: kdpipeiodevice.h -# $(MOC4) -o $@ $< -# -# kdpipeiodevice.moc: kdpipeiodevice.cpp -# $(MOC4) -o $@ $< -endif - -# We use a global CFLAGS and CPPFLAGS setting for all library +# We use a global CFLAGS setting for all library # versions, because then every object file is only compiled once. -AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ @QT4_CORE_CFLAGS@ -AM_CFLAGS = @LIBASSUAN_CFLAGS@ @GLIB_CFLAGS@ @QT4_CORE_CFLAGS@ +AM_CFLAGS = @LIBASSUAN_CFLAGS@ @GLIB_CFLAGS@ gpgme_tool_SOURCES = gpgme-tool.c argparse.c argparse.h gpgme_tool_LDADD = libgpgme.la @LIBASSUAN_LIBS@ @@ -202,15 +182,6 @@ libgpgme_glib_la_LIBADD = $(gpgme_res) @LIBASSUAN_LIBS@ @LTLIBOBJS@ \ @GPG_ERROR_LIBS@ @GLIB_LIBS@ endif -if BUILD_W32_QT -libgpgme_qt_la_LDFLAGS = $(no_undefined) \ - $(export_symbols) $(libgpgme_version_script_cmd) -version-info \ - @LIBGPGME_LT_CURRENT@:@LIBGPGME_LT_REVISION@:@LIBGPGME_LT_AGE@ -libgpgme_qt_la_DEPENDENCIES = @LTLIBOBJS@ $(srcdir)/libgpgme.vers $(gpgme_deps) -libgpgme_qt_la_LIBADD = $(gpgme_res) @LIBASSUAN_LIBS@ @LTLIBOBJS@ \ - @GPG_ERROR_LIBS@ @QT4_CORE_LIBS@ -endif - install-data-local: install-def-file uninstall-local: uninstall-def-file diff --git a/src/kdpipeiodevice.cpp b/src/kdpipeiodevice.cpp deleted file mode 100644 index 5661790..0000000 --- a/src/kdpipeiodevice.cpp +++ /dev/null @@ -1,951 +0,0 @@ -/* - Copyright (C) 2007 Klar?lvdalens Datakonsult AB - - KDPipeIODevice is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - KDPipeIODevice is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Library General Public License for more details. - - You should have received a copy of the GNU Library General Public License - along with KDPipeIODevice; see the file COPYING.LIB. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. -*/ - -#include "kdpipeiodevice.h" - -#include - -#include -#include -#include - -#ifdef Q_OS_WIN32 -# ifndef NOMINMAX -# define NOMINMAX -# endif -# include -# include -#else -# include -# include -#endif - -using namespace _gpgme_; - -#ifndef KDAB_CHECK_THIS -# define KDAB_CHECK_CTOR (void)1 -# define KDAB_CHECK_DTOR KDAB_CHECK_CTOR -# define KDAB_CHECK_THIS KDAB_CHECK_CTOR -#endif - -#define LOCKED( d ) const QMutexLocker locker( &d->mutex ) -#define synchronized( d ) if ( int i = 0 ) {} else for ( const QMutexLocker locker( &d->mutex ) ; !i ; ++i ) - -const unsigned int BUFFER_SIZE = 4096; -const bool ALLOW_QIODEVICE_BUFFERING = true; - -// comment to get trace output: -//#define qDebug if(1){}else qDebug - -namespace { -class Reader : public QThread { - Q_OBJECT -public: - Reader( int fd, Qt::HANDLE handle ); - ~Reader(); - - qint64 readData( char * data, qint64 maxSize ); - - unsigned int bytesInBuffer() const { - return ( wptr + sizeof buffer - rptr ) % sizeof buffer ; - } - - bool bufferFull() const { - return bytesInBuffer() == sizeof buffer - 1; - } - - bool bufferEmpty() const { - return bytesInBuffer() == 0; - } - - bool bufferContains( char ch ) { - const unsigned int bib = bytesInBuffer(); - for ( unsigned int i = rptr ; i < rptr + bib ; ++i ) - if ( buffer[i%sizeof buffer] == ch ) - return true; - return false; - } - - void notifyReadyRead(); - -Q_SIGNALS: - void readyRead(); - -protected: - /* reimp */ void run(); - -private: - int fd; - Qt::HANDLE handle; -public: - QMutex mutex; - QWaitCondition waitForCancelCondition; - QWaitCondition bufferNotFullCondition; - QWaitCondition bufferNotEmptyCondition; - QWaitCondition hasStarted; - QWaitCondition readyReadSentCondition; - QWaitCondition blockedConsumerIsDoneCondition; - bool cancel; - bool eof; - bool error; - bool eofShortCut; - int errorCode; - bool isReading; - bool consumerBlocksOnUs; - -private: - unsigned int rptr, wptr; - char buffer[BUFFER_SIZE+1]; // need to keep one byte free to detect empty state -}; - - -Reader::Reader( int fd_, Qt::HANDLE handle_ ) - : QThread(), - fd( fd_ ), - handle( handle_ ), - mutex(), - bufferNotFullCondition(), - bufferNotEmptyCondition(), - hasStarted(), - cancel( false ), - eof( false ), - error( false ), - eofShortCut( false ), - errorCode( 0 ), - isReading( false ), - consumerBlocksOnUs( false ), - rptr( 0 ), wptr( 0 ) -{ - -} - -Reader::~Reader() {} - - -class Writer : public QThread { - Q_OBJECT -public: - Writer( int fd, Qt::HANDLE handle ); - ~Writer(); - - qint64 writeData( const char * data, qint64 size ); - - unsigned int bytesInBuffer() const { return numBytesInBuffer; } - - bool bufferFull() const { - return numBytesInBuffer == sizeof buffer; - } - - bool bufferEmpty() const { - return numBytesInBuffer == 0; - } - -Q_SIGNALS: - void bytesWritten( qint64 ); - -protected: - /* reimp */ void run(); - -private: - int fd; - Qt::HANDLE handle; -public: - QMutex mutex; - QWaitCondition bufferEmptyCondition; - QWaitCondition bufferNotEmptyCondition; - QWaitCondition hasStarted; - bool cancel; - bool error; - int errorCode; -private: - unsigned int numBytesInBuffer; - char buffer[BUFFER_SIZE]; -}; -} - -Writer::Writer( int fd_, Qt::HANDLE handle_ ) - : QThread(), - fd( fd_ ), - handle( handle_ ), - mutex(), - bufferEmptyCondition(), - bufferNotEmptyCondition(), - hasStarted(), - cancel( false ), - error( false ), - errorCode( 0 ), - numBytesInBuffer( 0 ) -{ - -} - -Writer::~Writer() {} - - -class KDPipeIODevice::Private : public QObject { -Q_OBJECT - friend class ::KDPipeIODevice; - KDPipeIODevice * const q; -public: - explicit Private( KDPipeIODevice * qq ); - ~Private(); - - bool doOpen( int, Qt::HANDLE, OpenMode ); - bool startReaderThread(); - bool startWriterThread(); - void stopThreads(); - -public Q_SLOTS: - void emitReadyRead(); - -private: - int fd; - Qt::HANDLE handle; - Reader * reader; - Writer * writer; - bool triedToStartReader; - bool triedToStartWriter; -}; - -KDPipeIODevice::Private::Private( KDPipeIODevice * qq ) - : QObject( qq ), q( qq ), - fd( -1 ), - handle( 0 ), - reader( 0 ), - writer( 0 ), - triedToStartReader( false ), triedToStartWriter( false ) -{ - -} - -KDPipeIODevice::Private::~Private() { - qDebug( "KDPipeIODevice::~Private(): Destroying %p", q ); -} - -KDPipeIODevice::KDPipeIODevice( QObject * p ) - : QIODevice( p ), d( new Private( this ) ) -{ - KDAB_CHECK_CTOR; -} - -KDPipeIODevice::KDPipeIODevice( int fd, OpenMode mode, QObject * p ) - : QIODevice( p ), d( new Private( this ) ) -{ - KDAB_CHECK_CTOR; - open( fd, mode ); -} - -KDPipeIODevice::KDPipeIODevice( Qt::HANDLE handle, OpenMode mode, QObject * p ) - : QIODevice( p ), d( new Private( this ) ) -{ - KDAB_CHECK_CTOR; - open( handle, mode ); -} - -KDPipeIODevice::~KDPipeIODevice() { KDAB_CHECK_DTOR; - if ( isOpen() ) - close(); - delete d; d = 0; -} - - -bool KDPipeIODevice::open( int fd, OpenMode mode ) { KDAB_CHECK_THIS; - -#ifdef Q_OS_WIN32 - return d->doOpen( fd, (HANDLE)_get_osfhandle( fd ), mode ); -#else - return d->doOpen( fd, 0, mode ); -#endif - -} - -bool KDPipeIODevice::open( Qt::HANDLE h, OpenMode mode ) { KDAB_CHECK_THIS; - -#ifdef Q_OS_WIN32 - return d->doOpen( -1, h, mode ); -#else - Q_UNUSED( h ); - Q_UNUSED( mode ); - assert( !"KDPipeIODevice::open( Qt::HANDLE, OpenMode ) should never be called except on Windows." ); -#endif - -} - -bool KDPipeIODevice::Private::startReaderThread() -{ - if ( triedToStartReader ) - return true; - triedToStartReader = true; - if ( reader && !reader->isRunning() && !reader->isFinished() ) { - qDebug("KDPipeIODevice::Private::startReaderThread(): locking reader (CONSUMER THREAD)" ); - LOCKED( reader ); - qDebug("KDPipeIODevice::Private::startReaderThread(): locked reader (CONSUMER THREAD)" ); - reader->start( QThread::HighestPriority ); - qDebug("KDPipeIODevice::Private::startReaderThread(): waiting for hasStarted (CONSUMER THREAD)" ); - const bool hasStarted = reader->hasStarted.wait( &reader->mutex, 1000 ); - qDebug("KDPipeIODevice::Private::startReaderThread(): returned from hasStarted (CONSUMER THREAD)" ); - - return hasStarted; - } - return true; -} - -bool KDPipeIODevice::Private::startWriterThread() -{ - if ( triedToStartWriter ) - return true; - triedToStartWriter = true; - if ( writer && !writer->isRunning() && !writer->isFinished() ) { - LOCKED( writer ); - - writer->start( QThread::HighestPriority ); - if ( !writer->hasStarted.wait( &writer->mutex, 1000 ) ) - return false; - } - return true; -} - -void KDPipeIODevice::Private::emitReadyRead() -{ - QPointer thisPointer( this ); - qDebug( "KDPipeIODevice::Private::emitReadyRead %p", this ); - - emit q->readyRead(); - - if ( !thisPointer ) - return; - - bool mustNotify = false; - - if ( reader ) { - qDebug( "KDPipeIODevice::Private::emitReadyRead %p: locking reader (CONSUMER THREAD)", this ); - synchronized( reader ) { - qDebug( "KDPipeIODevice::Private::emitReadyRead %p: locked reader (CONSUMER THREAD)", this ); - reader->readyReadSentCondition.wakeAll(); - mustNotify = !reader->bufferEmpty() && reader->isReading; - qDebug( "KDPipeIODevice::emitReadyRead %p: bufferEmpty: %d reader in ReadFile: %d", this, reader->bufferEmpty(), reader->isReading ); - } - } - if ( mustNotify ) - QTimer::singleShot( 100, this, SLOT( emitReadyRead() ) ); - qDebug( "KDPipeIODevice::Private::emitReadyRead %p leaving", this ); - -} - -bool KDPipeIODevice::Private::doOpen( int fd_, Qt::HANDLE handle_, OpenMode mode_ ) { - - if ( q->isOpen() ) - return false; - -#ifdef Q_OS_WIN32 - if ( !handle_ ) - return false; -#else - if ( fd_ < 0 ) - return false; -#endif - - if ( !(mode_ & ReadWrite) ) - return false; // need to have at least read -or- write - - - std::auto_ptr reader_; - std::auto_ptr writer_; - - if ( mode_ & ReadOnly ) { - reader_.reset( new Reader( fd_, handle_ ) ); - qDebug( "KDPipeIODevice::doOpen (%p): created reader (%p) for fd %d", this, reader_.get(), fd_ ); - connect( reader_.get(), SIGNAL(readyRead()), this, SLOT(emitReadyRead()), -Qt::QueuedConnection ); - } - if ( mode_ & WriteOnly ) { - writer_.reset( new Writer( fd_, handle_ ) ); - qDebug( "KDPipeIODevice::doOpen (%p): created writer (%p) for fd %d", this, writer_.get(), fd_ ); - connect( writer_.get(), SIGNAL(bytesWritten(qint64)), q, SIGNAL(bytesWritten(qint64)), -Qt::QueuedConnection ); - } - - // commit to *this: - fd = fd_; - handle = handle_; - reader = reader_.release(); - writer = writer_.release(); - - q->setOpenMode( mode_|Unbuffered ); - return true; -} - -int KDPipeIODevice::descriptor() const { KDAB_CHECK_THIS; - return d->fd; -} - - -Qt::HANDLE KDPipeIODevice::handle() const { KDAB_CHECK_THIS; - return d->handle; -} - -qint64 KDPipeIODevice::bytesAvailable() const { KDAB_CHECK_THIS; - const qint64 base = QIODevice::bytesAvailable(); - if ( !d->triedToStartReader ) { - d->startReaderThread(); - return base; - } - if ( d->reader ) - synchronized( d->reader ) { - const qint64 inBuffer = d->reader->bytesInBuffer(); - return base + inBuffer; - } - return base; -} - -qint64 KDPipeIODevice::bytesToWrite() const { KDAB_CHECK_THIS; - d->startWriterThread(); - const qint64 base = QIODevice::bytesToWrite(); - if ( d->writer ) - synchronized( d->writer ) return base + d->writer->bytesInBuffer(); - return base; -} - -bool KDPipeIODevice::canReadLine() const { KDAB_CHECK_THIS; - d->startReaderThread(); - if ( QIODevice::canReadLine() ) - return true; - if ( d->reader ) - synchronized( d->reader ) return d->reader->bufferContains( '\n' ); - return true; -} - -bool KDPipeIODevice::isSequential() const { - return true; -} - -bool KDPipeIODevice::atEnd() const { KDAB_CHECK_THIS; - d->startReaderThread(); - if ( !QIODevice::atEnd() ) { - qDebug( "%p: KDPipeIODevice::atEnd returns false since QIODevice::atEnd does (with bytesAvailable=%ld)", this, static_cast(bytesAvailable()) ); - return false; - } - if ( !isOpen() ) - return true; - if ( d->reader->eofShortCut ) - return true; - LOCKED( d->reader ); - const bool eof = ( d->reader->error || d->reader->eof ) && d->reader->bufferEmpty(); - if ( !eof ) { - if ( !d->reader->error && !d->reader->eof ) - qDebug( "%p: KDPipeIODevice::atEnd returns false since !reader->error && !reader->eof", this ); - if ( !d->reader->bufferEmpty() ) - qDebug( "%p: KDPipeIODevice::atEnd returns false since !reader->bufferEmpty()", this ); - } - return eof; -} - -bool KDPipeIODevice::waitForBytesWritten( int msecs ) { KDAB_CHECK_THIS; - d->startWriterThread(); - Writer * const w = d->writer; - if ( !w ) - return true; - LOCKED( w ); - qDebug( "KDPipeIODevice::waitForBytesWritten (%p,w=%p): entered locked area", this, w -); - return w->bufferEmpty() || w->error || w->bufferEmptyCondition.wait( &w->mutex, msecs ) ; -} - -bool KDPipeIODevice::waitForReadyRead( int msecs ) { KDAB_CHECK_THIS; - qDebug( "KDPipeIODEvice::waitForReadyRead()(%p)", this); - d->startReaderThread(); - if ( ALLOW_QIODEVICE_BUFFERING ) { - if ( bytesAvailable() > 0 ) - return true; - } - Reader * const r = d->reader; - if ( !r || r->eofShortCut ) - return true; - LOCKED( r ); - if ( r->bytesInBuffer() != 0 || r->eof || r->error ) - return true; - - return msecs >= 0 ? r->bufferNotEmptyCondition.wait( &r->mutex, msecs ) : r->bufferNotEmptyCondition.wait( &r->mutex ); -} - -template -class TemporaryValue { -public: - TemporaryValue( T& var_, const T& tv ) : var( var_ ), oldValue( var_ ) { var = tv; } - ~TemporaryValue() { var = oldValue; } -private: - T& var; - const T oldValue; -}; - - -bool KDPipeIODevice::readWouldBlock() const -{ - d->startReaderThread(); - LOCKED( d->reader ); - return d->reader->bufferEmpty() && !d->reader->eof && !d->reader->error; -} - -bool KDPipeIODevice::writeWouldBlock() const -{ - d->startWriterThread(); - LOCKED( d->writer ); - return !d->writer->bufferEmpty() && !d->writer->error; -} - - -qint64 KDPipeIODevice::readData( char * data, qint64 maxSize ) { KDAB_CHECK_THIS; - qDebug( "%p: KDPipeIODevice::readData: data=%p, maxSize=%lld", this, data, maxSize ); - d->startReaderThread(); - Reader * const r = d->reader; - - assert( r ); - - - //assert( r->isRunning() ); // wrong (might be eof, error) - assert( data || maxSize == 0 ); - assert( maxSize >= 0 ); - - if ( r->eofShortCut ) { - qDebug( "%p: KDPipeIODevice::readData: hit eofShortCut, returning 0", this ); - return 0; - } - - if ( maxSize < 0 ) - maxSize = 0; - - if ( ALLOW_QIODEVICE_BUFFERING ) { - if ( bytesAvailable() > 0 ) - maxSize = std::min( maxSize, bytesAvailable() ); // don't block - } - qDebug( "%p: KDPipeIODevice::readData: try to lock reader (CONSUMER THREAD)", this ); - LOCKED( r ); - qDebug( "%p: KDPipeIODevice::readData: locked reader (CONSUMER THREAD)", this ); - - r->readyReadSentCondition.wakeAll(); - if ( /* maxSize > 0 && */ r->bufferEmpty() && !r->error && !r->eof ) { // ### block on maxSize == 0? - qDebug( "%p: KDPipeIODevice::readData: waiting for bufferNotEmptyCondition (CONSUMER THREAD)", this ); - const TemporaryValue tmp( d->reader->consumerBlocksOnUs, true ); - r->bufferNotEmptyCondition.wait( &r->mutex ); - r->blockedConsumerIsDoneCondition.wakeAll(); - qDebug( "%p: KDPipeIODevice::readData: woke up from bufferNotEmptyCondition (CONSUMER THREAD)", this ); - } - - if ( r->bufferEmpty() ) { - qDebug( "%p: KDPipeIODevice::readData: got empty buffer, signal eof", this ); - // woken with an empty buffer must mean either EOF or error: - assert( r->eof || r->error ); - r->eofShortCut = true; - return r->eof ? 0 : -1 ; - } - - qDebug( "%p: KDPipeIODevice::readData: got bufferNotEmptyCondition, trying to read %lld bytes", this, maxSize ); - const qint64 bytesRead = r->readData( data, maxSize ); - qDebug( "%p: KDPipeIODevice::readData: read %lld bytes", this, bytesRead ); - qDebug( "%p (fd=%d): KDPipeIODevice::readData: %s", this, d->fd, data ); - - return bytesRead; -} - -qint64 Reader::readData( char * data, qint64 maxSize ) { - qint64 numRead = rptr < wptr ? wptr - rptr : sizeof buffer - rptr ; - if ( numRead > maxSize ) - numRead = maxSize; - - qDebug( "%p: KDPipeIODevice::readData: data=%p, maxSize=%lld; rptr=%u, wptr=%u (bytesInBuffer=%u); -> numRead=%lld", this, - data, maxSize, rptr, wptr, bytesInBuffer(), numRead ); - - std::memcpy( data, buffer + rptr, numRead ); - - rptr = ( rptr + numRead ) % sizeof buffer ; - - if ( !bufferFull() ) { - qDebug( "%p: KDPipeIODevice::readData: signal bufferNotFullCondition", this ); - bufferNotFullCondition.wakeAll(); - } - - return numRead; -} - -qint64 KDPipeIODevice::writeData( const char * data, qint64 size ) { KDAB_CHECK_THIS; - d->startWriterThread(); - Writer * const w = d->writer; - - assert( w ); - assert( w->error || w->isRunning() ); - assert( data || size == 0 ); - assert( size >= 0 ); - - LOCKED( w ); - - while ( !w->error && !w->bufferEmpty() ) { - qDebug( "%p: KDPipeIODevice::writeData: wait for empty buffer", this ); - w->bufferEmptyCondition.wait( &w->mutex ); - qDebug( "%p: KDPipeIODevice::writeData: empty buffer signaled", this ); - - } - if ( w->error ) - return -1; - - assert( w->bufferEmpty() ); - - return w->writeData( data, size ); -} - -qint64 Writer::writeData( const char * data, qint64 size ) { - assert( bufferEmpty() ); - - if ( size > static_cast( sizeof buffer ) ) - size = sizeof buffer; - - std::memcpy( buffer, data, size ); - - numBytesInBuffer = size; - - if ( !bufferEmpty() ) { - bufferNotEmptyCondition.wakeAll(); - } - return size; -} - -void KDPipeIODevice::Private::stopThreads() -{ - if ( triedToStartWriter ) - { - if ( writer && q->bytesToWrite() > 0 ) - q->waitForBytesWritten( -1 ); - - assert( q->bytesToWrite() == 0 ); - } - if ( Reader * & r = reader ) { - disconnect( r, SIGNAL( readyRead() ), this, SLOT( emitReadyRead() ) ); - synchronized( r ) { - // tell thread to cancel: - r->cancel = true; - // and wake it, so it can terminate: - r->waitForCancelCondition.wakeAll(); - r->bufferNotFullCondition.wakeAll(); - r->readyReadSentCondition.wakeAll(); - } - } - if ( Writer * & w = writer ) { - synchronized( w ) { - // tell thread to cancel: - w->cancel = true; - // and wake it, so it can terminate: - w->bufferNotEmptyCondition.wakeAll(); - } - } -} - -void KDPipeIODevice::close() { KDAB_CHECK_THIS; - qDebug( "KDPipeIODevice::close(%p)", this ); - if ( !isOpen() ) - return; - - // tell clients we're about to close: - emit aboutToClose(); - d->stopThreads(); - -#define waitAndDelete( t ) if ( t ) { t->wait(); QThread* const t2 = t; t = 0; delete t2; } - qDebug( "KPipeIODevice::close(%p): wait and closing writer %p", this, d->writer ); - waitAndDelete( d->writer ); - qDebug( "KPipeIODevice::close(%p): wait and closing reader %p", this, d->reader ); - if ( d->reader ) { - LOCKED( d->reader ); - d->reader->readyReadSentCondition.wakeAll(); - } - waitAndDelete( d->reader ); -#undef waitAndDelete -#ifdef Q_OS_WIN32 - if ( d->fd != -1 ) - _close( d->fd ); - else - CloseHandle( d->handle ); -#else - ::close( d->fd ); -#endif - - setOpenMode( NotOpen ); - d->fd = -1; - d->handle = 0; -} - -void Reader::run() { - - LOCKED( this ); - - // too bad QThread doesn't have that itself; a signal isn't enough - hasStarted.wakeAll(); - - qDebug( "%p: Reader::run: started", this ); - - while ( true ) { - if ( !cancel && ( eof || error ) ) { - //notify the client until the buffer is empty and then once - //again so he receives eof/error. After that, wait for him - //to cancel - const bool wasEmpty = bufferEmpty(); - qDebug( "%p: Reader::run: received eof(%d) or error(%d), waking everyone", this, eof, error ); - notifyReadyRead(); - if ( !cancel && wasEmpty ) - waitForCancelCondition.wait( &mutex ); - } else if ( !cancel && !bufferFull() && !bufferEmpty() ) { - qDebug( "%p: Reader::run: buffer no longer empty, waking everyone", this ); - notifyReadyRead(); - } - - while ( !cancel && !error && bufferFull() ) { - notifyReadyRead(); - if ( !cancel && bufferFull() ) { - qDebug( "%p: Reader::run: buffer is full, going to sleep", this ); - bufferNotFullCondition.wait( &mutex ); - } - } - - if ( cancel ) { - qDebug( "%p: Reader::run: detected cancel", this ); - goto leave; - } - - if ( !eof && !error ) { - if ( rptr == wptr ) // optimize for larger chunks in case the buffer is empty - rptr = wptr = 0; - - unsigned int numBytes = ( rptr + sizeof buffer - wptr - 1 ) % sizeof buffer; - if ( numBytes > sizeof buffer - wptr ) - numBytes = sizeof buffer - wptr; - - qDebug( "%p: Reader::run: rptr=%d, wptr=%d -> numBytes=%d", this, rptr, wptr, numBytes ); - - assert( numBytes > 0 ); - - qDebug( "%p: Reader::run: trying to read %d bytes", this, numBytes ); -#ifdef Q_OS_WIN32 - isReading = true; - mutex.unlock(); - DWORD numRead; - const bool ok = ReadFile( handle, buffer + wptr, numBytes, &numRead, 0 ); - mutex.lock(); - isReading = false; - if ( ok ) { - if ( numRead == 0 ) { - qDebug( "%p: Reader::run: got eof (numRead==0)", this ); - eof = true; - } - } else { // !ok - errorCode = static_cast( GetLastError() ); - if ( errorCode == ERROR_BROKEN_PIPE ) { - assert( numRead == 0 ); - qDebug( "%p: Reader::run: got eof (broken pipe)", this ); - eof = true; - } else { - assert( numRead == 0 ); - qDebug( "%p: Reader::run: got error: %s (%d)", this, strerror( errorCode ), errorCode ); - error = true; - } - } -#else - qint64 numRead; - mutex.unlock(); - do { - numRead = ::read( fd, buffer + wptr, numBytes ); - } while ( numRead == -1 && errno == EINTR ); - mutex.lock(); - - if ( numRead < 0 ) { - errorCode = errno; - error = true; - qDebug( "%p: Reader::run: got error: %d", this, errorCode ); - } else if ( numRead == 0 ) { - qDebug( "%p: Reader::run: eof detected", this ); - eof = true; - } -#endif - qDebug( "%p: Reader::run: read %ld bytes", this, static_cast(numRead) ); - qDebug( "%p: Reader::run(fd=%d): %s", this, fd, buffer ); - - if ( numRead > 0 ) { - qDebug( "%p: Reader::run: buffer before: rptr=%4d, wptr=%4d", this, rptr, wptr ); - wptr = ( wptr + numRead ) % sizeof buffer; - qDebug( "%p: Reader::run: buffer after: rptr=%4d, wptr=%4d", this, rptr, wptr ); - } - } - } - leave: - qDebug( "%p: Reader::run: terminated", this ); -} - -void Reader::notifyReadyRead() -{ - qDebug( "notifyReadyRead: %d bytes available", bytesInBuffer() ); - assert( !cancel ); - - if ( consumerBlocksOnUs ) { - bufferNotEmptyCondition.wakeAll(); - blockedConsumerIsDoneCondition.wait( &mutex ); - return; - } - qDebug( "notifyReadyRead: emit signal" ); - emit readyRead(); - readyReadSentCondition.wait( &mutex ); - qDebug( "notifyReadyRead: returning from waiting, leave" ); -} - -void Writer::run() { - - LOCKED( this ); - - // too bad QThread doesn't have that itself; a signal isn't enough - hasStarted.wakeAll(); - - qDebug( "%p: Writer::run: started", this ); - - while ( true ) { - - while ( !cancel && bufferEmpty() ) { - qDebug( "%p: Writer::run: buffer is empty, wake bufferEmptyCond listeners", this ); - bufferEmptyCondition.wakeAll(); - emit bytesWritten( 0 ); - qDebug( "%p: Writer::run: buffer is empty, going to sleep", this ); - bufferNotEmptyCondition.wait( &mutex ); - qDebug( "%p: Writer::run: woke up", this ); - } - - if ( cancel ) { - qDebug( "%p: Writer::run: detected cancel", this ); - goto leave; - } - - assert( numBytesInBuffer > 0 ); - - qDebug( "%p: Writer::run: Trying to write %u bytes", this, numBytesInBuffer ); - qint64 totalWritten = 0; - do { - mutex.unlock(); -#ifdef Q_OS_WIN32 - DWORD numWritten; - qDebug( "%p (fd=%d): Writer::run: buffer before WriteFile (numBytes=%lld): %s:", this, fd, numBytesInBuffer, buffer ); - qDebug( "%p (fd=%d): Writer::run: Going into WriteFile", this, fd ); - if ( !WriteFile( handle, buffer + totalWritten, numBytesInBuffer - totalWritten, &numWritten, 0 ) ) { - mutex.lock(); - errorCode = static_cast( GetLastError() ); - qDebug( "%p: Writer::run: got error code: %d", this, errorCode ); - error = true; - goto leave; - } -#else - qint64 numWritten; - do { - numWritten = ::write( fd, buffer + totalWritten, numBytesInBuffer - totalWritten ); - } while ( numWritten == -1 && errno == EINTR ); - - if ( numWritten < 0 ) { - mutex.lock(); - errorCode = errno; - qDebug( "%p: Writer::run: got error code: %d", this, errorCode ); - error = true; - goto leave; - } -#endif - qDebug( "%p (fd=%d): Writer::run: buffer after WriteFile (numBytes=%u): %s:", this, fd, numBytesInBuffer, buffer ); - totalWritten += numWritten; - mutex.lock(); - } while ( totalWritten < numBytesInBuffer ); - - qDebug( "%p: Writer::run: wrote %lld bytes", this, totalWritten ); - - numBytesInBuffer = 0; - - qDebug( "%p: Writer::run: buffer is empty, wake bufferEmptyCond listeners", this ); - bufferEmptyCondition.wakeAll(); - emit bytesWritten( totalWritten ); - } - leave: - qDebug( "%p: Writer::run: terminating", this ); - numBytesInBuffer = 0; - qDebug( "%p: Writer::run: buffer is empty, wake bufferEmptyCond listeners", this ); - bufferEmptyCondition.wakeAll(); - emit bytesWritten( 0 ); -} - -// static -std::pair KDPipeIODevice::makePairOfConnectedPipes() { - KDPipeIODevice * read = 0; - KDPipeIODevice * write = 0; -#ifdef Q_OS_WIN32 - HANDLE rh; - HANDLE wh; - SECURITY_ATTRIBUTES sa; - memset( &sa, 0, sizeof(sa) ); - sa.nLength = sizeof(sa); - sa.bInheritHandle = TRUE; - if ( CreatePipe( &rh, &wh, &sa, BUFFER_SIZE ) ) { - read = new KDPipeIODevice; - read->open( rh, ReadOnly ); - write = new KDPipeIODevice; - write->open( wh, WriteOnly ); - } -#else - int fds[2]; - if ( pipe( fds ) == 0 ) { - read = new KDPipeIODevice; - read->open( fds[0], ReadOnly ); - write = new KDPipeIODevice; - write->open( fds[1], WriteOnly ); - } -#endif - return std::make_pair( read, write ); -} - -#ifdef KDAB_DEFINE_CHECKS -KDAB_DEFINE_CHECKS( KDPipeIODevice ) { - if ( !isOpen() ) { - assert( openMode() == NotOpen ); - assert( !d->reader ); - assert( !d->writer ); -#ifdef Q_OS_WIN32 - assert( !d->handle ); -#else - assert( d->fd < 0 ); -#endif - } else { - assert( openMode() != NotOpen ); - assert( openMode() & ReadWrite ); - if ( openMode() & ReadOnly ) { - assert( d->reader ); - synchronized( d->reader ) - assert( d->reader->eof || d->reader->error || d->reader->isRunning() ); - } - if ( openMode() & WriteOnly ) { - assert( d->writer ); - synchronized( d->writer ) - assert( d->writer->error || d->writer->isRunning() ); - } -#ifdef Q_OS_WIN32 - assert( d->handle ); -#else - assert( d->fd >= 0 ); -#endif - } -} -#endif // KDAB_DEFINE_CHECKS - -#include "moc_kdpipeiodevice.cpp" -#include "kdpipeiodevice.moc" diff --git a/src/kdpipeiodevice.h b/src/kdpipeiodevice.h deleted file mode 100644 index 8da6af6..0000000 --- a/src/kdpipeiodevice.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - Copyright (C) 2007 Klar?lvdalens Datakonsult AB - - KDPipeIODevice is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - KDPipeIODevice is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Library General Public License for more details. - - You should have received a copy of the GNU Library General Public License - along with KDPipeIODevice; see the file COPYING.LIB. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. -*/ - -#ifndef __KDTOOLSCORE_KDPIPEIODEVICE_H__ -#define __KDTOOLSCORE_KDPIPEIODEVICE_H__ - -#include - -#include - -//#include "checker.h" - -namespace _gpgme_ { - -class KDPipeIODevice : public QIODevice { - Q_OBJECT - //KDAB_MAKE_CHECKABLE( KDPipeIODevice ) -public: - explicit KDPipeIODevice( QObject * parent=0 ); - explicit KDPipeIODevice( int fd, OpenMode=ReadOnly, QObject * parent=0 ); - explicit KDPipeIODevice( Qt::HANDLE handle, OpenMode=ReadOnly, QObject * parent=0 ); - ~KDPipeIODevice(); - - static std::pair makePairOfConnectedPipes(); - - bool open( int fd, OpenMode mode=ReadOnly ); - bool open( Qt::HANDLE handle, OpenMode mode=ReadOnly ); - - Qt::HANDLE handle() const; - int descriptor() const; - - bool readWouldBlock() const; - bool writeWouldBlock() const; - - /* reimp */ qint64 bytesAvailable() const; - /* reimp */ qint64 bytesToWrite() const; - /* reimp */ bool canReadLine() const; - /* reimp */ void close(); - /* reimp */ bool isSequential() const; - /* reimp */ bool atEnd() const; - - /* reimp */ bool waitForBytesWritten( int msecs ); - /* reimp */ bool waitForReadyRead( int msecs ); - -protected: - /* reimp */ qint64 readData( char * data, qint64 maxSize ); - /* reimp */ qint64 writeData( const char * data, qint64 maxSize ); - -private: - class Private; - Private * d; -}; - -} /* namespace _gpgme_ */ - -#endif /* __KDTOOLSCORE_KDPIPEIODEVICE_H__ */ - diff --git a/src/kdpipeiodevice.moc b/src/kdpipeiodevice.moc deleted file mode 100644 index 457f371..0000000 --- a/src/kdpipeiodevice.moc +++ /dev/null @@ -1,183 +0,0 @@ -/**************************************************************************** -** Meta object code from reading C++ file 'kdpipeiodevice.cpp' -** -** Created: Tue Oct 2 19:30:13 2007 -** by: The Qt Meta Object Compiler version 59 (Qt 4.3.1) -** -** WARNING! All changes made in this file will be lost! -*****************************************************************************/ - -#if !defined(Q_MOC_OUTPUT_REVISION) -#error "The header file 'kdpipeiodevice.cpp' doesn't include ." -#elif Q_MOC_OUTPUT_REVISION != 59 -#error "This file was generated using the moc from 4.3.1. It" -#error "cannot be used with the include files from this version of Qt." -#error "(The moc has changed too much.)" -#endif - -static const uint qt_meta_data_Reader[] = { - - // content: - 1, // revision - 0, // classname - 0, 0, // classinfo - 1, 10, // methods - 0, 0, // properties - 0, 0, // enums/sets - - // signals: signature, parameters, type, tag, flags - 8, 7, 7, 7, 0x05, - - 0 // eod -}; - -static const char qt_meta_stringdata_Reader[] = { - "Reader\0\0readyRead()\0" -}; - -const QMetaObject Reader::staticMetaObject = { - { &QThread::staticMetaObject, qt_meta_stringdata_Reader, - qt_meta_data_Reader, 0 } -}; - -const QMetaObject *Reader::metaObject() const -{ - return &staticMetaObject; -} - -void *Reader::qt_metacast(const char *_clname) -{ - if (!_clname) return 0; - if (!strcmp(_clname, qt_meta_stringdata_Reader)) - return static_cast(const_cast< Reader*>(this)); - return QThread::qt_metacast(_clname); -} - -int Reader::qt_metacall(QMetaObject::Call _c, int _id, void **_a) -{ - _id = QThread::qt_metacall(_c, _id, _a); - if (_id < 0) - return _id; - if (_c == QMetaObject::InvokeMetaMethod) { - switch (_id) { - case 0: readyRead(); break; - } - _id -= 1; - } - return _id; -} - -// SIGNAL 0 -void Reader::readyRead() -{ - QMetaObject::activate(this, &staticMetaObject, 0, 0); -} -static const uint qt_meta_data_Writer[] = { - - // content: - 1, // revision - 0, // classname - 0, 0, // classinfo - 1, 10, // methods - 0, 0, // properties - 0, 0, // enums/sets - - // signals: signature, parameters, type, tag, flags - 8, 7, 7, 7, 0x05, - - 0 // eod -}; - -static const char qt_meta_stringdata_Writer[] = { - "Writer\0\0bytesWritten(qint64)\0" -}; - -const QMetaObject Writer::staticMetaObject = { - { &QThread::staticMetaObject, qt_meta_stringdata_Writer, - qt_meta_data_Writer, 0 } -}; - -const QMetaObject *Writer::metaObject() const -{ - return &staticMetaObject; -} - -void *Writer::qt_metacast(const char *_clname) -{ - if (!_clname) return 0; - if (!strcmp(_clname, qt_meta_stringdata_Writer)) - return static_cast(const_cast< Writer*>(this)); - return QThread::qt_metacast(_clname); -} - -int Writer::qt_metacall(QMetaObject::Call _c, int _id, void **_a) -{ - _id = QThread::qt_metacall(_c, _id, _a); - if (_id < 0) - return _id; - if (_c == QMetaObject::InvokeMetaMethod) { - switch (_id) { - case 0: bytesWritten((*reinterpret_cast< qint64(*)>(_a[1]))); break; - } - _id -= 1; - } - return _id; -} - -// SIGNAL 0 -void Writer::bytesWritten(qint64 _t1) -{ - void *_a[] = { 0, const_cast(reinterpret_cast(&_t1)) }; - QMetaObject::activate(this, &staticMetaObject, 0, _a); -} -static const uint qt_meta_data_KDPipeIODevice__Private[] = { - - // content: - 1, // revision - 0, // classname - 0, 0, // classinfo - 1, 10, // methods - 0, 0, // properties - 0, 0, // enums/sets - - // slots: signature, parameters, type, tag, flags - 25, 24, 24, 24, 0x0a, - - 0 // eod -}; - -static const char qt_meta_stringdata_KDPipeIODevice__Private[] = { - "KDPipeIODevice::Private\0\0emitReadyRead()\0" -}; - -const QMetaObject KDPipeIODevice::Private::staticMetaObject = { - { &QObject::staticMetaObject, qt_meta_stringdata_KDPipeIODevice__Private, - qt_meta_data_KDPipeIODevice__Private, 0 } -}; - -const QMetaObject *KDPipeIODevice::Private::metaObject() const -{ - return &staticMetaObject; -} - -void *KDPipeIODevice::Private::qt_metacast(const char *_clname) -{ - if (!_clname) return 0; - if (!strcmp(_clname, qt_meta_stringdata_KDPipeIODevice__Private)) - return static_cast(const_cast< Private*>(this)); - return QObject::qt_metacast(_clname); -} - -int KDPipeIODevice::Private::qt_metacall(QMetaObject::Call _c, int _id, void **_a) -{ - _id = QObject::qt_metacall(_c, _id, _a); - if (_id < 0) - return _id; - if (_c == QMetaObject::InvokeMetaMethod) { - switch (_id) { - case 0: emitReadyRead(); break; - } - _id -= 1; - } - return _id; -} diff --git a/src/w32-qt-io.cpp b/src/w32-qt-io.cpp deleted file mode 100644 index 44655ec..0000000 --- a/src/w32-qt-io.cpp +++ /dev/null @@ -1,700 +0,0 @@ -/* w32-qt-io.c - W32 Glib I/O functions - Copyright (C) 2000 Werner Koch (dd9jn) - Copyright (C) 2001, 2002, 2004, 2005, 2007 g10 Code GmbH - - This file is part of GPGME. - - GPGME is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - GPGME is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA - 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "kdpipeiodevice.h" - -extern "C" -{ -#include "util.h" -#include "priv-io.h" -#include "sema.h" -#include "debug.h" -} - -#ifndef O_BINARY -#ifdef _O_BINARY -#define O_BINARY _O_BINARY -#else -#define O_BINARY 0 -#endif -#endif - -using _gpgme_::KDPipeIODevice; - - -/* This file is an ugly hack to get GPGME working with Qt on Windows - targets. On Windows, you can not select() on file descriptors. - - The only way to check if there is something to read is to read - something. This means that GPGME can not let Qt check for data - without letting Qt also handle the data on Windows targets. - - The ugly consequence is that we need to work on QIODevices in - GPGME, creating a Qt dependency. Also, we need to export an - interface for the application to get at GPGME's QIODevices. There - is no good way to abstract all this with callbacks, because the - whole thing is also interconnected with the creation of pipes and - child processes. - - The following rule applies only to this I/O backend: - - * ALL operations must use the user defined event loop. GPGME can - not anymore provide its own event loop. This is mostly a sanity - requirement: Although we have in theory all information we need to - make the GPGME W32 code for select still work, it would be a big - complication and require changes throughout GPGME. - - Eventually, we probably have to bite the bullet and make some - really nice callback interfaces to let the user control all this at - a per-context level. */ - -#define MAX_SLAFD 1024 - -struct DeviceEntry { - DeviceEntry() : iodev( 0 ), refCount( 1 ), blocking( true ) {} - KDPipeIODevice* iodev; - bool blocking; - mutable int refCount; - void ref() const { ++refCount; } - int unref() const { assert( refCount > 0 ); return --refCount; } -}; - -DeviceEntry* iodevice_table[MAX_SLAFD]; - - -static KDPipeIODevice * -find_channel (int fd, int create) -{ - assert( fd < MAX_SLAFD ); - if (fd < 0 || fd >= MAX_SLAFD) - return NULL; - - if (create && !iodevice_table[fd]) - { - DeviceEntry* entry = new DeviceEntry; - entry->iodev = new KDPipeIODevice - (fd, QIODevice::ReadWrite|QIODevice::Unbuffered); - iodevice_table[fd] = entry; - } - return iodevice_table[fd] ? iodevice_table[fd]->iodev : 0; -} - -/* Write the printable version of FD to the buffer BUF of length - BUFLEN. The printable version is the representation on the command - line that the child process expects. */ -int -_gpgme_io_fd2str (char *buf, int buflen, int fd) -{ - return snprintf (buf, buflen, "%d", (long)_get_osfhandle( fd ) ); -} - - -void -_gpgme_io_subsystem_init (void) -{ -} - - -static struct -{ - _gpgme_close_notify_handler_t handler; - void *value; -} notify_table[MAX_SLAFD]; - - -int -_gpgme_io_read (int fd, void *buffer, size_t count) -{ - int saved_errno = 0; - qint64 nread; - KDPipeIODevice *chan; - TRACE_BEG2 (DEBUG_SYSIO, "_gpgme_io_read", fd, - "buffer=%p, count=%u", buffer, count); - - chan = find_channel (fd, 0); - if (!chan) - { - TRACE_LOG ("no channel registered"); - errno = EINVAL; - return TRACE_SYSRES (-1); - } - TRACE_LOG1 ("channel %p", chan); - if ( iodevice_table[fd] && !iodevice_table[fd]->blocking && chan->readWouldBlock() ) { - errno = EAGAIN; - return TRACE_SYSRES( -1 ); - } - - nread = chan->read ((char *) buffer, count); - if (nread < 0) - { - TRACE_LOG1 ("err %s", qPrintable (chan->errorString ())); - saved_errno = EIO; - nread = -1; - } - - TRACE_LOGBUF ((char *) buffer, nread); - - errno = saved_errno; - return TRACE_SYSRES (nread); -} - - -int -_gpgme_io_write (int fd, const void *buffer, size_t count) -{ - qint64 nwritten; - KDPipeIODevice *chan; - TRACE_BEG2 (DEBUG_SYSIO, "_gpgme_io_write", fd, - "buffer=%p, count=%u", buffer, count); - TRACE_LOGBUF ((char *) buffer, count); - - chan = find_channel (fd, 0); - if (!chan) - { - TRACE_LOG ("fd %d: no channel registered"); - errno = EINVAL; - return -1; - } - - if ( iodevice_table[fd] && !iodevice_table[fd]->blocking && chan->writeWouldBlock() ) - { - errno = EAGAIN; - return TRACE_SYSRES( -1 ); - } - nwritten = chan->write ((char *) buffer, count); - - if (nwritten < 0) - { - nwritten = -1; - errno = EIO; - return TRACE_SYSRES(-1); - } - errno = 0; - return TRACE_SYSRES (nwritten); -} - - -int -_gpgme_io_pipe (int filedes[2], int inherit_idx) -{ - KDPipeIODevice *chan; - TRACE_BEG2 (DEBUG_SYSIO, "_gpgme_io_pipe", filedes, - "inherit_idx=%i (GPGME uses it for %s)", - inherit_idx, inherit_idx ? "reading" : "writing"); - -#define PIPEBUF_SIZE 4096 - if (_pipe (filedes, PIPEBUF_SIZE, O_NOINHERIT | O_BINARY) == -1) - return TRACE_SYSRES (-1); - - /* Make one end inheritable. */ - if (inherit_idx == 0) - { - int new_read; - - new_read = _dup (filedes[0]); - _close (filedes[0]); - filedes[0] = new_read; - - if (new_read < 0) - { - _close (filedes[1]); - return TRACE_SYSRES (-1); - } - } - else if (inherit_idx == 1) - { - int new_write; - - new_write = _dup (filedes[1]); - _close (filedes[1]); - filedes[1] = new_write; - - if (new_write < 0) - { - _close (filedes[0]); - return TRACE_SYSRES (-1); - } - } - - /* Now we have a pipe with the right end inheritable. The other end - should have a giochannel. */ - - chan = find_channel (filedes[1 - inherit_idx], 1); - - if (!chan) - { - int saved_errno = errno; - _close (filedes[0]); - _close (filedes[1]); - errno = saved_errno; - return TRACE_SYSRES (-1); - } - - return TRACE_SUC5 ("read=0x%x/%p, write=0x%x/%p, channel=%p", - filedes[0], (HANDLE) _get_osfhandle (filedes[0]), - filedes[1], (HANDLE) _get_osfhandle (filedes[1]), - chan); -} - -int -_gpgme_io_close (int fd) -{ - KDPipeIODevice *chan; - TRACE_BEG (DEBUG_SYSIO, "_gpgme_io_close", fd); - - if (fd < 0 || fd >= MAX_SLAFD) - { - errno = EBADF; - return TRACE_SYSRES (-1); - } - - /* First call the notify handler. */ - if (notify_table[fd].handler) - { - notify_table[fd].handler (fd, notify_table[fd].value); - notify_table[fd].handler = NULL; - notify_table[fd].value = NULL; - } - - /* Then do the close. */ - - DeviceEntry* const entry = iodevice_table[fd]; - if ( entry ) { - if ( entry->unref() == 0 ) { - entry->iodev->close(); - delete entry->iodev; - delete entry; - iodevice_table[fd] = 0; - } - } else { - _close( fd ); - } - - - - return 0; -} - - -int -_gpgme_io_set_close_notify (int fd, _gpgme_close_notify_handler_t handler, - void *value) -{ - TRACE_BEG2 (DEBUG_SYSIO, "_gpgme_io_set_close_notify", fd, - "close_handler=%p/%p", handler, value); - - assert (fd != -1); - - if (fd < 0 || fd >= (int) DIM (notify_table)) - { - errno = EINVAL; - return TRACE_SYSRES (-1); - } - notify_table[fd].handler = handler; - notify_table[fd].value = value; - return TRACE_SYSRES (0); -} - - -int -_gpgme_io_set_nonblocking (int fd) -{ - DeviceEntry* const entry = iodevice_table[fd]; - assert( entry ); - entry->blocking = false; - TRACE_BEG (DEBUG_SYSIO, "_gpgme_io_set_nonblocking", fd); - return TRACE_SYSRES (0); -} - - -static char * -build_commandline (char **argv) -{ - int i; - int n = 0; - char *buf; - char *p; - - /* We have to quote some things because under Windows the program - parses the commandline and does some unquoting. We enclose the - whole argument in double-quotes, and escape literal double-quotes - as well as backslashes with a backslash. We end up with a - trailing space at the end of the line, but that is harmless. */ - for (i = 0; argv[i]; i++) - { - p = argv[i]; - /* The leading double-quote. */ - n++; - while (*p) - { - /* An extra one for each literal that must be escaped. */ - if (*p == '\\' || *p == '"') - n++; - n++; - p++; - } - /* The trailing double-quote and the delimiter. */ - n += 2; - } - /* And a trailing zero. */ - n++; - - buf = p = (char *) malloc (n); - if (!buf) - return NULL; - for (i = 0; argv[i]; i++) - { - char *argvp = argv[i]; - - *(p++) = '"'; - while (*argvp) - { - if (*argvp == '\\' || *argvp == '"') - *(p++) = '\\'; - *(p++) = *(argvp++); - } - *(p++) = '"'; - *(p++) = ' '; - } - *(p++) = 0; - - return buf; -} - - -int -_gpgme_io_spawn (const char *path, char * const argv[], unsigned int flags, - struct spawn_fd_item_s *fd_list, - void (*atfork) (void *opaque, int reserved), - void *atforkvalue, pid_t *r_pid) -{ - SECURITY_ATTRIBUTES sec_attr; - PROCESS_INFORMATION pi = - { - NULL, /* returns process handle */ - 0, /* returns primary thread handle */ - 0, /* returns pid */ - 0 /* returns tid */ - }; - STARTUPINFO si; - int cr_flags = CREATE_DEFAULT_ERROR_MODE - | GetPriorityClass (GetCurrentProcess ()); - int i; - char **args; - char *arg_string; - /* FIXME. */ - int debug_me = 0; - int tmp_fd; - char *tmp_name; - - TRACE_BEG1 (DEBUG_SYSIO, "_gpgme_io_spawn", path, - "path=%s", path); - i = 0; - while (argv[i]) - { - TRACE_LOG2 ("argv[%2i] = %s", i, argv[i]); - i++; - } - - /* We do not inherit any handles by default, and just insert those - handles we want the child to have afterwards. But some handle - values occur on the command line, and we need to move - stdin/out/err to the right location. So we use a wrapper program - which gets the information from a temporary file. */ - if (_gpgme_mkstemp (&tmp_fd, &tmp_name) < 0) - { - TRACE_LOG1 ("_gpgme_mkstemp failed: %s", strerror (errno)); - return TRACE_SYSRES (-1); - } - TRACE_LOG1 ("tmp_name = %s", tmp_name); - - args = (char **) calloc (2 + i + 1, sizeof (*args)); - args[0] = (char *) _gpgme_get_w32spawn_path (); - args[1] = tmp_name; - args[2] = const_cast(path); - memcpy (&args[3], &argv[1], i * sizeof (*args)); - - memset (&sec_attr, 0, sizeof sec_attr); - sec_attr.nLength = sizeof sec_attr; - sec_attr.bInheritHandle = FALSE; - - arg_string = build_commandline (args); - free (args); - if (!arg_string) - { - close (tmp_fd); - DeleteFile (tmp_name); - return TRACE_SYSRES (-1); - } - - memset (&si, 0, sizeof si); - si.cb = sizeof (si); - si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; - si.wShowWindow = debug_me ? SW_SHOW : SW_HIDE; - si.hStdInput = INVALID_HANDLE_VALUE; - si.hStdOutput = INVALID_HANDLE_VALUE; - si.hStdError = INVALID_HANDLE_VALUE; - - cr_flags |= CREATE_SUSPENDED; - if ((flags & IOSPAWN_FLAG_DETACHED)) - cr_flags |= DETACHED_PROCESS; - if (!CreateProcessA (_gpgme_get_w32spawn_path (), - arg_string, - &sec_attr, /* process security attributes */ - &sec_attr, /* thread security attributes */ - FALSE, /* inherit handles */ - cr_flags, /* creation flags */ - NULL, /* environment */ - NULL, /* use current drive/directory */ - &si, /* startup information */ - &pi)) /* returns process information */ - { - TRACE_LOG1 ("CreateProcess failed: ec=%d", (int) GetLastError ()); - free (arg_string); - close (tmp_fd); - DeleteFile (tmp_name); - - /* FIXME: Should translate the error code. */ - errno = EIO; - return TRACE_SYSRES (-1); - } - - free (arg_string); - - if (flags & IOSPAWN_FLAG_ALLOW_SET_FG) - _gpgme_allow_set_foreground_window ((pid_t)pi.dwProcessId); - - /* Insert the inherited handles. */ - for (i = 0; fd_list[i].fd != -1; i++) - { - HANDLE hd; - - if (!DuplicateHandle (GetCurrentProcess(), - (HANDLE) _get_osfhandle (fd_list[i].fd), - pi.hProcess, &hd, 0, TRUE, DUPLICATE_SAME_ACCESS)) - { - TRACE_LOG1 ("DuplicateHandle failed: ec=%d", (int) GetLastError ()); - TerminateProcess (pi.hProcess, 0); - /* Just in case TerminateProcess didn't work, let the - process fail on its own. */ - ResumeThread (pi.hThread); - CloseHandle (pi.hThread); - CloseHandle (pi.hProcess); - - close (tmp_fd); - DeleteFile (tmp_name); - - /* FIXME: Should translate the error code. */ - errno = EIO; - return TRACE_SYSRES (-1); - } - /* Return the child name of this handle. */ - fd_list[i].peer_name = (int) hd; - } - - /* Write the handle translation information to the temporary - file. */ - { - /* Hold roughly MAX_TRANS quadruplets of 64 bit numbers in hex - notation: "0xFEDCBA9876543210" with an extra white space after - every quadruplet. 10*(19*4 + 1) - 1 = 769. This plans ahead - for a time when a HANDLE is 64 bit. */ -#define BUFFER_MAX 800 - char line[BUFFER_MAX + 1]; - int res; - int written; - size_t len; - - if ((flags & IOSPAWN_FLAG_ALLOW_SET_FG)) - strcpy (line, "~1 \n"); - else - strcpy (line, "\n"); - for (i = 0; fd_list[i].fd != -1; i++) - { - /* Strip the newline. */ - len = strlen (line) - 1; - - /* Format is: Local name, stdin/stdout/stderr, peer name, argv idx. */ - snprintf (&line[len], BUFFER_MAX - len, "0x%x %d 0x%x %d \n", - fd_list[i].fd, fd_list[i].dup_to, - fd_list[i].peer_name, fd_list[i].arg_loc); - /* Rather safe than sorry. */ - line[BUFFER_MAX - 1] = '\n'; - line[BUFFER_MAX] = '\0'; - } - len = strlen (line); - written = 0; - do - { - res = write (tmp_fd, &line[written], len - written); - if (res > 0) - written += res; - } - while (res > 0 || (res < 0 && errno == EAGAIN)); - } - close (tmp_fd); - /* The temporary file is deleted by the gpgme-w32spawn process - (hopefully). */ - - TRACE_LOG4 ("CreateProcess ready: hProcess=%p, hThread=%p, " - "dwProcessID=%d, dwThreadId=%d", - pi.hProcess, pi.hThread, - (int) pi.dwProcessId, (int) pi.dwThreadId); - - if (r_pid) - *r_pid = (pid_t)pi.dwProcessId; - - if (ResumeThread (pi.hThread) < 0) - TRACE_LOG1 ("ResumeThread failed: ec=%d", (int) GetLastError ()); - - if (!CloseHandle (pi.hThread)) - TRACE_LOG1 ("CloseHandle of thread failed: ec=%d", - (int) GetLastError ()); - - TRACE_LOG1 ("process=%p", pi.hProcess); - - /* We don't need to wait for the process. */ - if (!CloseHandle (pi.hProcess)) - TRACE_LOG1 ("CloseHandle of process failed: ec=%d", - (int) GetLastError ()); - - for (i = 0; fd_list[i].fd != -1; i++) - _gpgme_io_close (fd_list[i].fd); - - for (i = 0; fd_list[i].fd != -1; i++) - if (fd_list[i].dup_to == -1) - TRACE_LOG3 ("fd[%i] = 0x%x -> 0x%x", i, fd_list[i].fd, - fd_list[i].peer_name); - else - TRACE_LOG4 ("fd[%i] = 0x%x -> 0x%x (std%s)", i, fd_list[i].fd, - fd_list[i].peer_name, (fd_list[i].dup_to == 0) ? "in" : - ((fd_list[i].dup_to == 1) ? "out" : "err")); - - return TRACE_SYSRES (0); -} - - -/* Select on the list of fds. Returns: -1 = error, 0 = timeout or - nothing to select, > 0 = number of signaled fds. */ -int -_gpgme_io_select (struct io_select_fd_s *fds, size_t nfds, int nonblock) -{ - /* Use a 1s timeout. */ - - void *dbg_help = NULL; - TRACE_BEG2 (DEBUG_SYSIO, "_gpgme_io_select", fds, - "nfds=%u, nonblock=%u", nfds, nonblock); - - int count = 0; - - TRACE_SEQ (dbg_help, "select on [ "); - for (int i = 0; i < nfds; i++) - { - if (fds[i].fd == -1) - { - fds[i].signaled = 0; - } - else if (fds[i].for_read ) - { - KDPipeIODevice * const chan = find_channel (fds[i].fd, 0); - assert (chan); - if ( nonblock ) - fds[i].signaled = chan->readWouldBlock() ? 0 : 1; - else - fds[i].signaled = chan->waitForReadyRead( 1000 ) ? 1 : 0; - TRACE_ADD1 (dbg_help, "w0x%x ", fds[i].fd); - if ( fds[i].signaled ) - count++; - } - else if (fds[i].for_write) - { - const KDPipeIODevice * const chan = find_channel (fds[i].fd, 0); - assert (chan); - fds[i].signaled = nonblock ? ( chan->writeWouldBlock() ? 0 : 1 ) : 1; - TRACE_ADD1 (dbg_help, "w0x%x ", fds[i].fd); - if ( fds[i].signaled ) - count++; - } - } - TRACE_END (dbg_help, "]"); - - return TRACE_SYSRES (count); -} - - -/* Look up the qiodevice for file descriptor FD. */ -extern "C" -void * -gpgme_get_fdptr (int fd) -{ - return find_channel (fd, 0); -} - - -/* Obsolete compatibility interface. */ -extern "C" -void * -gpgme_get_giochannel (int fd) -{ - return NULL; -} - - -int -_gpgme_io_dup (int fd) -{ - assert( iodevice_table[fd] ); - iodevice_table[fd]->ref(); - return fd; -} - - -extern "C" -int -_gpgme_io_socket (int domain, int type, int proto) -{ - errno = EIO; - return -1; -} - - -extern "C" -int -_gpgme_io_connect (int fd, struct sockaddr *addr, int addrlen) -{ - errno = EIO; - return -1; -} ----------------------------------------------------------------------- Summary of changes: configure.ac | 48 +- lang/README | 1 + lang/cpp/src/GpgmeppConfig.cmake.in.in | 21 +- lang/cpp/src/Makefile.am | 8 + lang/{cpp => qt}/Makefile.am | 0 lang/qt/README | 27 + lang/qt/src/Makefile.am | 67 ++ .../src/QGpgmeConfig.cmake.in.in} | 26 +- .../src/QGpgmeConfigVersion.cmake.in} | 6 +- lang/qt/src/dataprovider.cpp | 281 ++++++ lang/qt/src/dataprovider.h | 104 +++ lang/qt/src/qgpgme_export.h | 53 ++ m4/qt.m4 | 51 ++ src/Makefile.am | 33 +- src/kdpipeiodevice.cpp | 951 --------------------- src/kdpipeiodevice.h | 73 -- src/kdpipeiodevice.moc | 183 ---- src/w32-qt-io.cpp | 700 --------------- 18 files changed, 645 insertions(+), 1988 deletions(-) copy lang/{cpp => qt}/Makefile.am (100%) create mode 100644 lang/qt/README create mode 100644 lang/qt/src/Makefile.am copy lang/{cpp/src/GpgmeppConfig.cmake.in.in => qt/src/QGpgmeConfig.cmake.in.in} (84%) copy lang/{cpp/src/GpgmeppConfigVersion.cmake.in => qt/src/QGpgmeConfigVersion.cmake.in} (85%) create mode 100644 lang/qt/src/dataprovider.cpp create mode 100644 lang/qt/src/dataprovider.h create mode 100644 lang/qt/src/qgpgme_export.h create mode 100644 m4/qt.m4 delete mode 100644 src/kdpipeiodevice.cpp delete mode 100644 src/kdpipeiodevice.h delete mode 100644 src/kdpipeiodevice.moc delete mode 100644 src/w32-qt-io.cpp hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 10 12:43:00 2016 From: cvs at cvs.gnupg.org (by Kevin J. McCarthy) Date: Thu, 10 Mar 2016 12:43:00 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-98-g4f578cb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4f578cb2fc192f44070bb0d18dffaa3863ed0d92 (commit) from b17577eac6b7599a4bab6fd3ecb04715aa01367c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4f578cb2fc192f44070bb0d18dffaa3863ed0d92 Author: Kevin J. McCarthy Date: Thu Mar 10 12:41:06 2016 +0100 g10: Silence message if --quiet is given. * g10/getkey.c (parse_def_secret_key): Silence message if --quiet is given. Signed-off-by: Justus Winter diff --git a/g10/getkey.c b/g10/getkey.c index 74fa753..481e8dd 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1678,7 +1678,7 @@ parse_def_secret_key (ctrl_t ctrl) } else { - if (! warned) + if (! warned && ! opt.quiet) log_info (_("using \"%s\" as default secret key for signing\n"), t->d); break; ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 11 10:31:30 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 11 Mar 2016 10:31:30 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-56-g1ae53b7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 1ae53b7fe54b863bf1d6a0891fbf37ae63abc074 (commit) from 6acc9b8274d2c0d39f23326040532aad518b2ad6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ae53b7fe54b863bf1d6a0891fbf37ae63abc074 Author: Andre Heinecke Date: Fri Mar 11 10:29:56 2016 +0100 Add build instructions and update README * INSTALL: Replace with project specific information. * README: Note UIServer requirement. -- The old INSTALL was pretty generic and not really helpful for someone asking how to build gpgol. diff --git a/INSTALL b/INSTALL index 095b1eb..e09dc59 100644 --- a/INSTALL +++ b/INSTALL @@ -1,231 +1,55 @@ -Installation Instructions -************************* +Installation Instructions for GpgOL +*********************************** -Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004 Free -Software Foundation, Inc. +GpgOL is to be cross compile for Windows on a GNU/Linux system. +And then deployed on Windows. -This file is free documentation; the Free Software Foundation gives -unlimited permission to copy, distribute and modify it. +The tested development platform is debian stable. -Basic Installation -================== +Dependencies +============ -These are generic installation instructions. +GpgOL depends on the GnuPG libraries libassuan, libgpgme and libgpg-error +it further needs a recent mingw-w64 gcc. - The `configure' shell script attempts to guess correct values for -various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that -you can run in the future to recreate the current configuration, and a -file `config.log' containing compiler output (useful mainly for -debugging `configure'). +For debian this would be the packages: - It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. (Caching is -disabled by default to prevent problems with accidental use of stale -cache files.) +gcc-mingw-w64-x86-64 +gcc-mingw-w64-i686 - If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can -be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you -may remove or edit it. +A convenience build setting is provided by gpgol and the dependency libraries +to configure a cross compile for windows with ./autogen.sh --build-w32 or +./autogen.sh --build-w64 - The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You only need -`configure.ac' if you want to change it or regenerate `configure' using -a newer version of `autoconf'. +The installation prefix will be ~/w32root or ~/w64root you can +override this by setting the environment variables w32root or w64root. -The simplest way to compile this package is: +Example build from git: - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. If you're - using `csh' on an old version of System V, you might need to type - `sh ./configure' instead to prevent `csh' from trying to execute - `configure' itself. +PROJECTS="libgpg-error libassuan gpgme" +root=$(mktemp -d) +for proj in $PROJECTS; do + cd $root + git clone --depth 1 --branch master git://git.gnupg.org/${proj}.git + cd $proj + ./autogen.sh + mkdir build-w32 + cd build-w32 + ../autogen.sh --build-w32 + make -j`nproc` + make install +done - Running `configure' takes awhile. While running, it prints some - messages telling which features it is checking for. +GpgOL Build +=========== - 2. Type `make' to compile the package. +Similarly you can use the --build-w32 option in gpgol - 3. Optionally, type `make check' to run any self-tests that come with - the package. - - 4. Type `make install' to install the programs and any data files and - documentation. - - 5. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly - for the package's developers. If you use it, you may have to get - all sorts of other programs in order to regenerate files that came - with the distribution. - -Compilers and Options -===================== - -Some systems require unusual options for compilation or linking that the -`configure' script does not know about. Run `./configure --help' for -details on some of the pertinent environment variables. - - You can give `configure' initial values for configuration parameters -by setting variables in the command line or in the environment. Here -is an example: - - ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix - - *Note Defining Variables::, for more details. - -Compiling For Multiple Architectures -==================================== - -You can compile the package for more than one kind of computer at the -same time, by placing the object files for each architecture in their -own directory. To do this, you must use a version of `make' that -supports the `VPATH' variable, such as GNU `make'. `cd' to the -directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. - - If you have to use a `make' that does not support the `VPATH' -variable, you have to compile the package for one architecture at a -time in the source code directory. After you have installed the -package for one architecture, use `make distclean' before reconfiguring -for another architecture. - -Installation Names -================== - -By default, `make install' will install the package's files in -`/usr/local/bin', `/usr/local/man', etc. You can specify an -installation prefix other than `/usr/local' by giving `configure' the -option `--prefix=PREFIX'. - - You can specify separate installation prefixes for -architecture-specific files and architecture-independent files. If you -give `configure' the option `--exec-prefix=PREFIX', the package will -use PREFIX as the prefix for installing programs and libraries. -Documentation and other data files will still use the regular prefix. - - In addition, if you use an unusual directory layout you can give -options like `--bindir=DIR' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. - - If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. - -Optional Features -================= - -Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the -package recognizes. - - For packages that use the X Window System, `configure' can usually -find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. - -Specifying the System Type -========================== - -There may be some features `configure' cannot figure out automatically, -but needs to determine by the type of machine the package will run on. -Usually, assuming the package is built to be run on the _same_ -architectures, `configure' can figure that out, but if it prints a -message saying it cannot guess the machine type, give it the -`--build=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name which has the form: - - CPU-COMPANY-SYSTEM - -where SYSTEM can have one of these forms: - - OS KERNEL-OS - - See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't -need to know the machine type. - - If you are _building_ compiler tools for cross-compiling, you should -use the `--target=TYPE' option to select the type of system they will -produce code for. - - If you want to _use_ a cross compiler, that generates code for a -platform different from the build platform, you should specify the -"host" platform (i.e., that on which the generated programs will -eventually be run) with `--host=TYPE'. - -Sharing Defaults -================ - -If you want to set default values for `configure' scripts to share, you -can create a site shell script called `config.site' that gives default -values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. - -Defining Variables -================== - -Variables not defined in a site shell script can be set in the -environment passed to `configure'. However, some packages may run -configure again during the build, and the customized values of these -variables may be lost. In order to avoid this problem, you should set -them in the `configure' command line, using `VAR=value'. For example: - - ./configure CC=/usr/local2/bin/gcc - -will cause the specified gcc to be used as the C compiler (unless it is -overridden in the site shell script). - -`configure' Invocation -====================== - -`configure' recognizes the following options to control how it operates. - -`--help' -`-h' - Print a summary of the options to `configure', and exit. - -`--version' -`-V' - Print the version of Autoconf used to generate the `configure' - script, and exit. - -`--cache-file=FILE' - Enable the cache: use and save the results of the tests in FILE, - traditionally `config.cache'. FILE defaults to `/dev/null' to - disable caching. - -`--config-cache' -`-C' - Alias for `--cache-file=config.cache'. - -`--quiet' -`--silent' -`-q' - Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error - messages will still be shown). - -`--srcdir=DIR' - Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. - -`configure' also accepts some other, not widely useful, options. Run -`configure --help' for more details. +./autogen.sh +mkdir build-w32 +cd build-w32 +../autogen.sh --build-w32 +make -j`nproc` +Under src/gpgol.dll you then have the binary that you +can deploy on Windows. See README for instructions on that. diff --git a/README b/README index 569e40f..8114264 100644 --- a/README +++ b/README @@ -22,6 +22,11 @@ available in a directory where Windows searches for DLLs gpgol.dll" and start Outlook. You should then find a new tab named "GnuPG" in Outlook's option menu. +You will need an UiServer (either GPA or Kleopatra) in a location +pointed to by the standard gpg4win registry keys. It is suggested +you install gpg4win and then replace the gpgol.dll with your +compiled binary. + If you are missing icons in the toolbar, checkout the toolbar's customize button - you will find the new icons there. ----------------------------------------------------------------------- Summary of changes: INSTALL | 258 +++++++++++----------------------------------------------------- README | 5 ++ 2 files changed, 46 insertions(+), 217 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 14 04:58:29 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 14 Mar 2016 04:58:29 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, updated. libgcrypt-1.6.5-5-gc03cc00 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been updated via c03cc004133ab261e514ddd37ca40da17df7e6d8 (commit) from 53695204acb315deb10705ad35f133815418aa8b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c03cc004133ab261e514ddd37ca40da17df7e6d8 Author: NIIBE Yutaka Date: Thu Feb 25 12:01:10 2016 +0900 mpi: Normalize EXPO for mpi_powm. * mpi/mpi-pow.c (gcry_mpi_powm): Normalize EP. -- (backport from master commit fdfa5bfefdde316688a3c8021bd3528c5273b0f4) Thanks to Dan Fandrich for the report with a reproducible test case. GnuPG-bug-id: 2256 Signed-off-by: NIIBE Yutaka diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 70bf9e8..2dcd654 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -83,6 +83,7 @@ _gcry_mpi_powm (gcry_mpi_t res, rp = res->d; ep = expo->d; + MPN_NORMALIZE(ep, esize); if (!msize) _gcry_divide_by_zero(); @@ -429,6 +430,9 @@ _gcry_mpi_powm (gcry_mpi_t res, size = 2 * msize; msign = mod->sign; + ep = expo->d; + MPN_NORMALIZE(ep, esize); + if (esize * BITS_PER_MPI_LIMB > 512) W = 5; else if (esize * BITS_PER_MPI_LIMB > 256) @@ -445,7 +449,6 @@ _gcry_mpi_powm (gcry_mpi_t res, bsec = mpi_is_secure(base); rp = res->d; - ep = expo->d; if (!msize) _gcry_divide_by_zero(); ----------------------------------------------------------------------- Summary of changes: mpi/mpi-pow.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 14 14:12:28 2016 From: cvs at cvs.gnupg.org (by Kylie McClain) Date: Mon, 14 Mar 2016 14:12:28 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.21-14-g140cfd5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 140cfd51cee738a55caf9d347981f6f81e1990a4 (commit) from f7a77c5c236ecec846de9be46703026f9b01008f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 140cfd51cee738a55caf9d347981f6f81e1990a4 Author: Kylie McClain Date: Tue Mar 8 21:40:33 2016 -0500 syscfg: Add lock-obj-pub files for {armv5, armv6, x86_64}-musl targets * src/syscfg/lock-obj-pub.armv5-unknown-linux-musleabi.h: New. * src/syscfg/lock-obj-pub.armv6-unknown-linux-musleabihf.h New. * src/syscfg/lock-obj-pub.x86_64-pc-linux-musl.h: New. * src/Makefile.am (lock_obj_pub): Add files. -- This patch adds three new precompiled lock-obj-pub files: - armv5-unknown-linux-musleabi - armv6-unknown-linux-musleabihf - x86_64-pc-linux-musl ChangeLog lines and Makefile patch by -wk diff --git a/src/Makefile.am b/src/Makefile.am index b7cb023..2458431 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -48,6 +48,8 @@ lock_obj_pub = \ syscfg/lock-obj-pub.arm-unknown-linux-gnueabi.h \ syscfg/lock-obj-pub.arm-unknown-linux-gnueabihf.h \ syscfg/lock-obj-pub.arm-apple-darwin.h \ + syscfg/lock-obj-pub.armv5-unknown-linux-musleabi.h \ + syscfg/lock-obj-pub.armv6-unknown-linux-musleabihf.h \ syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h \ syscfg/lock-obj-pub.i686-pc-gnu.h \ syscfg/lock-obj-pub.i686-pc-kfreebsd-gnu.h \ @@ -68,6 +70,7 @@ lock_obj_pub = \ syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h \ syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h \ syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h \ + syscfg/lock-obj-pub.x86_64-pc-linux-musl.h \ syscfg/lock-obj-pub.mingw32.h diff --git a/src/syscfg/lock-obj-pub.armv5-unknown-linux-musleabi.h b/src/syscfg/lock-obj-pub.armv5-unknown-linux-musleabi.h new file mode 100644 index 0000000..c7b6165 --- /dev/null +++ b/src/syscfg/lock-obj-pub.armv5-unknown-linux-musleabi.h @@ -0,0 +1,23 @@ +## lock-obj-pub.armv5-unknown-linux-musleabi.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[24]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## diff --git a/src/syscfg/lock-obj-pub.armv6-unknown-linux-musleabihf.h b/src/syscfg/lock-obj-pub.armv6-unknown-linux-musleabihf.h new file mode 100644 index 0000000..6535a9b --- /dev/null +++ b/src/syscfg/lock-obj-pub.armv6-unknown-linux-musleabihf.h @@ -0,0 +1,23 @@ +## lock-obj-pub.armv6-unknown-linux-musleabihf.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[24]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## diff --git a/src/syscfg/lock-obj-pub.x86_64-pc-linux-musl.h b/src/syscfg/lock-obj-pub.x86_64-pc-linux-musl.h new file mode 100644 index 0000000..1b059f4 --- /dev/null +++ b/src/syscfg/lock-obj-pub.x86_64-pc-linux-musl.h @@ -0,0 +1,25 @@ +## lock-obj-pub.x86_64-pc-linux-musl.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[40]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 3 +++ ...n-linux-gnueabihf.h => lock-obj-pub.armv5-unknown-linux-musleabi.h} | 2 +- ...linux-gnueabihf.h => lock-obj-pub.armv6-unknown-linux-musleabihf.h} | 2 +- ...j-pub.s390x-ibm-linux-gnu.h => lock-obj-pub.x86_64-pc-linux-musl.h} | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) copy src/syscfg/{lock-obj-pub.arm-unknown-linux-gnueabihf.h => lock-obj-pub.armv5-unknown-linux-musleabi.h} (90%) copy src/syscfg/{lock-obj-pub.arm-unknown-linux-gnueabihf.h => lock-obj-pub.armv6-unknown-linux-musleabihf.h} (90%) copy src/syscfg/{lock-obj-pub.s390x-ibm-linux-gnu.h => lock-obj-pub.x86_64-pc-linux-musl.h} (93%) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 14 17:51:48 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 14 Mar 2016 17:51:48 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-99-g834b84c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 834b84c0ee4990393daa5e44afbab5b0aaed0758 (commit) from 4f578cb2fc192f44070bb0d18dffaa3863ed0d92 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 834b84c0ee4990393daa5e44afbab5b0aaed0758 Author: Werner Koch Date: Mon Mar 14 17:49:36 2016 +0100 scd: Add manufacturer id 0x000a * g10/card-util.c (get_manufacturer): Add it. Signed-off-by: Werner Koch diff --git a/g10/card-util.c b/g10/card-util.c index b48705b..d9c12c6 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -210,6 +210,7 @@ get_manufacturer (unsigned int no) case 0x0007: return "OpenKMS"; case 0x0008: return "LogoEmail"; case 0x0009: return "Fidesmo"; + case 0x000A: return "Dangerous Things"; case 0x002A: return "Magrathea"; ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 14 19:14:39 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Mon, 14 Mar 2016 19:14:39 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-337-g5d601dd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5d601dd57fcb41aa2015ab655fd6fc51537da667 (commit) via a8b803d9e4bea2b779385ec9e9a579acc64431e9 (commit) from fdfa5bfefdde316688a3c8021bd3528c5273b0f4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5d601dd57fcb41aa2015ab655fd6fc51537da667 Author: Jussi Kivilinna Date: Sat Mar 12 17:07:21 2016 +0200 Add Intel PCLMUL implementations of CRC algorithms * cipher/Makefile.am: Add 'crc-intel-pclmul.c'. * cipher/crc-intel-pclmul.c: New. * cipher/crc.c (USE_INTEL_PCLMUL): New macro. (CRC_CONTEXT) [USE_INTEL_PCLMUL]: Add 'use_pclmul'. [USE_INTEL_PCLMUL] (_gcry_crc32_intel_pclmul) (gcry_crc24rfc2440_intel_pclmul): New. (crc32_init, crc32rfc1510_init, crc24rfc2440_init) [USE_INTEL_PCLMUL]: Select PCLMUL implementation if SSE4.1 and PCLMUL HW features detected. (crc32_write, crc24rfc2440_write) [USE_INTEL_PCLMUL]: Use PCLMUL implementation if enabled. (crc24_init): Document storage format of 24-bit CRC. (crc24_next4): Use only 'data' for last table look-up. * configure.ac: Add 'crc-intel-pclmul.lo'. * src/g10lib.h (HWF_*, HWF_INTEL_SSE4_1): Update HWF flags to include Intel SSE4.1. * src/hwf-x86.c (detect_x86_gnuc): Add SSE4.1 detection. * src/hwfeatures.c (hwflist): Add 'intel-sse4.1'. * tests/basic.c (fillbuf_count): New. (check_one_md): Add "?" check (million byte data-set with byte pattern 0x00,0x01,0x02,...); Test all buffer sizes 1 to 1000, for "!" and "?" checks. (check_one_md_multi): Skip "?". (check_digests): Add "?" test-vectors for MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512, RIPEMD160, CRC32, CRC32_RFC1510, CRC24_RFC2440, TIGER1 and WHIRLPOOL; Add "!" test-vectors for CRC32_RFC1510 and CRC24_RFC2440. -- Add Intel PCLMUL accelerated implmentations of CRC algorithms. CRC performance is improved ~11x on x86_64 and i386 on Intel Haswell, and ~2.7x on Intel Sandy-bridge. Benchmark on Intel Core i5-4570 (x86_64, 3.2 Ghz): Before: | nanosecs/byte mebibytes/sec cycles/byte CRC32 | 0.865 ns/B 1103.0 MiB/s 2.77 c/B CRC32RFC1510 | 0.865 ns/B 1102.7 MiB/s 2.77 c/B CRC24RFC2440 | 0.865 ns/B 1103.0 MiB/s 2.77 c/B After: | nanosecs/byte mebibytes/sec cycles/byte CRC32 | 0.079 ns/B 12051.7 MiB/s 0.253 c/B CRC32RFC1510 | 0.079 ns/B 12050.6 MiB/s 0.253 c/B CRC24RFC2440 | 0.079 ns/B 12100.0 MiB/s 0.252 c/B Benchmark on Intel Core i5-4570 (i386, 3.2 Ghz): Before: | nanosecs/byte mebibytes/sec cycles/byte CRC32 | 0.860 ns/B 1109.0 MiB/s 2.75 c/B CRC32RFC1510 | 0.861 ns/B 1108.3 MiB/s 2.75 c/B CRC24RFC2440 | 0.860 ns/B 1108.6 MiB/s 2.75 c/B After: | nanosecs/byte mebibytes/sec cycles/byte CRC32 | 0.078 ns/B 12207.0 MiB/s 0.250 c/B CRC32RFC1510 | 0.078 ns/B 12207.0 MiB/s 0.250 c/B CRC24RFC2440 | 0.080 ns/B 11925.6 MiB/s 0.256 c/B Benchmark on Intel Core i5-2450M (x86_64, 2.5 Ghz): Before: | nanosecs/byte mebibytes/sec cycles/byte CRC32 | 1.25 ns/B 762.3 MiB/s 3.13 c/B CRC32RFC1510 | 1.26 ns/B 759.1 MiB/s 3.14 c/B CRC24RFC2440 | 1.25 ns/B 764.9 MiB/s 3.12 c/B After: | nanosecs/byte mebibytes/sec cycles/byte CRC32 | 0.451 ns/B 2114.3 MiB/s 1.13 c/B CRC32RFC1510 | 0.451 ns/B 2114.6 MiB/s 1.13 c/B CRC24RFC2440 | 0.457 ns/B 2085.0 MiB/s 1.14 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 65d7afb..ab71fa7 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -66,6 +66,7 @@ cast5.c cast5-amd64.S cast5-arm.S \ chacha20.c chacha20-sse2-amd64.S chacha20-ssse3-amd64.S chacha20-avx2-amd64.S \ chacha20-armv7-neon.S \ crc.c \ + crc-intel-pclmul.c \ des.c des-amd64.S \ dsa.c \ elgamal.c \ diff --git a/cipher/crc-intel-pclmul.c b/cipher/crc-intel-pclmul.c new file mode 100644 index 0000000..5002f80 --- /dev/null +++ b/cipher/crc-intel-pclmul.c @@ -0,0 +1,912 @@ +/* crc-intel-pclmul.c - Intel PCLMUL accelerated CRC implementation + * Copyright (C) 2016 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + */ + +#include +#include +#include +#include + +#include "g10lib.h" + +#include "bithelp.h" +#include "bufhelp.h" + + +#if defined(ENABLE_PCLMUL_SUPPORT) && __GNUC__ >= 4 && \ + ((defined(__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)) + + +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + +#define ALIGNED_16 __attribute__ ((aligned (16))) + + +/* Constants structure for generic reflected/non-reflected CRC32 CLMUL + * functions. */ +struct crc32_consts_s +{ + /* k: { x^(32*17), x^(32*15), x^(32*5), x^(32*3), x^(32*2), 0 } mod P(x) */ + u64 k[6]; + /* my_p: { floor(x^64 / P(x)), P(x) } */ + u64 my_p[2]; +}; + + +/* CLMUL constants for CRC32 and CRC32RFC1510. */ +static const struct crc32_consts_s crc32_consts ALIGNED_16 = +{ + { /* k[6] = reverse_33bits( x^(32*y) mod P(x) ) */ + U64_C(0x154442bd4), U64_C(0x1c6e41596), /* y = { 17, 15 } */ + U64_C(0x1751997d0), U64_C(0x0ccaa009e), /* y = { 5, 3 } */ + U64_C(0x163cd6124), 0 /* y = 2 */ + }, + { /* my_p[2] = reverse_33bits ( { floor(x^64 / P(x)), P(x) } ) */ + U64_C(0x1f7011641), U64_C(0x1db710641) + } +}; + +/* CLMUL constants for CRC24RFC2440 (polynomial multiplied with x?). */ +static const struct crc32_consts_s crc24rfc2440_consts ALIGNED_16 = +{ + { /* k[6] = x^(32*y) mod P(x) << 32*/ + U64_C(0x08289a00) << 32, U64_C(0x74b44a00) << 32, /* y = { 17, 15 } */ + U64_C(0xc4b14d00) << 32, U64_C(0xfd7e0c00) << 32, /* y = { 5, 3 } */ + U64_C(0xd9fe8c00) << 32, 0 /* y = 2 */ + }, + { /* my_p[2] = { floor(x^64 / P(x)), P(x) } */ + U64_C(0x1f845fe24), U64_C(0x1864cfb00) + } +}; + +/* Common constants for CRC32 algorithms. */ +static const byte crc32_refl_shuf_shift[3 * 16] ALIGNED_16 = + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }; +static const byte crc32_shuf_shift[3 * 16] ALIGNED_16 = + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }; +static const byte *crc32_bswap_shuf = &crc32_shuf_shift[16]; +static const byte crc32_partial_fold_input_mask[16 + 16] ALIGNED_16 = + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }; +static const u64 crc32_merge9to15_shuf[15 - 9 + 1][2] ALIGNED_16 = + { + { U64_C(0x0706050403020100), U64_C(0xffffffffffffff0f) }, /* 9 */ + { U64_C(0x0706050403020100), U64_C(0xffffffffffff0f0e) }, + { U64_C(0x0706050403020100), U64_C(0xffffffffff0f0e0d) }, + { U64_C(0x0706050403020100), U64_C(0xffffffff0f0e0d0c) }, + { U64_C(0x0706050403020100), U64_C(0xffffff0f0e0d0c0b) }, + { U64_C(0x0706050403020100), U64_C(0xffff0f0e0d0c0b0a) }, + { U64_C(0x0706050403020100), U64_C(0xff0f0e0d0c0b0a09) }, /* 15 */ + }; +static const u64 crc32_merge5to7_shuf[7 - 5 + 1][2] ALIGNED_16 = + { + { U64_C(0xffffff0703020100), U64_C(0xffffffffffffffff) }, /* 5 */ + { U64_C(0xffff070603020100), U64_C(0xffffffffffffffff) }, + { U64_C(0xff07060503020100), U64_C(0xffffffffffffffff) }, /* 7 */ + }; + +/* PCLMUL functions for reflected CRC32. */ +static inline void +crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen, + const struct crc32_consts_s *consts) +{ + if (inlen >= 8 * 16) + { + asm volatile ("movd %[crc], %%xmm4\n\t" + "movdqu %[inbuf_0], %%xmm0\n\t" + "movdqu %[inbuf_1], %%xmm1\n\t" + "movdqu %[inbuf_2], %%xmm2\n\t" + "movdqu %[inbuf_3], %%xmm3\n\t" + "pxor %%xmm4, %%xmm0\n\t" + : + : [inbuf_0] "m" (inbuf[0 * 16]), + [inbuf_1] "m" (inbuf[1 * 16]), + [inbuf_2] "m" (inbuf[2 * 16]), + [inbuf_3] "m" (inbuf[3 * 16]), + [crc] "m" (*pcrc) + : ); + + inbuf += 4 * 16; + inlen -= 4 * 16; + + asm volatile ("movdqa %[k1k2], %%xmm4\n\t" + : + : [k1k2] "m" (consts->k[1 - 1]) + : ); + + /* Fold by 4. */ + while (inlen >= 4 * 16) + { + asm volatile ("movdqu %[inbuf_0], %%xmm5\n\t" + "movdqa %%xmm0, %%xmm6\n\t" + "pclmulqdq $0x00, %%xmm4, %%xmm0\n\t" + "pclmulqdq $0x11, %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm0\n\t" + "pxor %%xmm6, %%xmm0\n\t" + + "movdqu %[inbuf_1], %%xmm5\n\t" + "movdqa %%xmm1, %%xmm6\n\t" + "pclmulqdq $0x00, %%xmm4, %%xmm1\n\t" + "pclmulqdq $0x11, %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "pxor %%xmm6, %%xmm1\n\t" + + "movdqu %[inbuf_2], %%xmm5\n\t" + "movdqa %%xmm2, %%xmm6\n\t" + "pclmulqdq $0x00, %%xmm4, %%xmm2\n\t" + "pclmulqdq $0x11, %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "pxor %%xmm6, %%xmm2\n\t" + + "movdqu %[inbuf_3], %%xmm5\n\t" + "movdqa %%xmm3, %%xmm6\n\t" + "pclmulqdq $0x00, %%xmm4, %%xmm3\n\t" + "pclmulqdq $0x11, %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "pxor %%xmm6, %%xmm3\n\t" + : + : [inbuf_0] "m" (inbuf[0 * 16]), + [inbuf_1] "m" (inbuf[1 * 16]), + [inbuf_2] "m" (inbuf[2 * 16]), + [inbuf_3] "m" (inbuf[3 * 16]) + : ); + + inbuf += 4 * 16; + inlen -= 4 * 16; + } + + asm volatile ("movdqa %[k3k4], %%xmm6\n\t" + "movdqa %[my_p], %%xmm5\n\t" + : + : [k3k4] "m" (consts->k[3 - 1]), + [my_p] "m" (consts->my_p[0]) + : ); + + /* Fold 4 to 1. */ + + asm volatile ("movdqa %%xmm0, %%xmm4\n\t" + "pclmulqdq $0x00, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x11, %%xmm6, %%xmm4\n\t" + "pxor %%xmm1, %%xmm0\n\t" + "pxor %%xmm4, %%xmm0\n\t" + + "movdqa %%xmm0, %%xmm4\n\t" + "pclmulqdq $0x00, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x11, %%xmm6, %%xmm4\n\t" + "pxor %%xmm2, %%xmm0\n\t" + "pxor %%xmm4, %%xmm0\n\t" + + "movdqa %%xmm0, %%xmm4\n\t" + "pclmulqdq $0x00, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x11, %%xmm6, %%xmm4\n\t" + "pxor %%xmm3, %%xmm0\n\t" + "pxor %%xmm4, %%xmm0\n\t" + : + : + : ); + } + else + { + asm volatile ("movd %[crc], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "movdqa %[k3k4], %%xmm6\n\t" + "pxor %%xmm1, %%xmm0\n\t" + "movdqa %[my_p], %%xmm5\n\t" + : + : [inbuf] "m" (*inbuf), + [crc] "m" (*pcrc), + [k3k4] "m" (consts->k[3 - 1]), + [my_p] "m" (consts->my_p[0]) + : ); + + inbuf += 16; + inlen -= 16; + } + + /* Fold by 1. */ + if (inlen >= 16) + { + while (inlen >= 16) + { + /* Load next block to XMM2. Fold XMM0 to XMM0:XMM1. */ + asm volatile ("movdqu %[inbuf], %%xmm2\n\t" + "movdqa %%xmm0, %%xmm1\n\t" + "pclmulqdq $0x00, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x11, %%xmm6, %%xmm1\n\t" + "pxor %%xmm2, %%xmm0\n\t" + "pxor %%xmm1, %%xmm0\n\t" + : + : [inbuf] "m" (*inbuf) + : ); + + inbuf += 16; + inlen -= 16; + } + } + + /* Partial fold. */ + if (inlen) + { + /* Load last input and add padding zeros. */ + asm volatile ("movdqu %[shr_shuf], %%xmm3\n\t" + "movdqu %[shl_shuf], %%xmm4\n\t" + "movdqu %[mask], %%xmm2\n\t" + + "movdqa %%xmm0, %%xmm1\n\t" + "pshufb %%xmm4, %%xmm0\n\t" + "movdqu %[inbuf], %%xmm4\n\t" + "pshufb %%xmm3, %%xmm1\n\t" + "pand %%xmm4, %%xmm2\n\t" + "por %%xmm1, %%xmm2\n\t" + + "movdqa %%xmm0, %%xmm1\n\t" + "pclmulqdq $0x00, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x11, %%xmm6, %%xmm1\n\t" + "pxor %%xmm2, %%xmm0\n\t" + "pxor %%xmm1, %%xmm0\n\t" + : + : [inbuf] "m" (*(inbuf - 16 + inlen)), + [mask] "m" (crc32_partial_fold_input_mask[inlen]), + [shl_shuf] "m" (crc32_refl_shuf_shift[inlen]), + [shr_shuf] "m" (crc32_refl_shuf_shift[inlen + 16]) + : ); + + inbuf += inlen; + inlen -= inlen; + } + + /* Final fold. */ + asm volatile (/* reduce 128-bits to 96-bits */ + "movdqa %%xmm0, %%xmm1\n\t" + "pclmulqdq $0x10, %%xmm6, %%xmm0\n\t" + "psrldq $8, %%xmm1\n\t" + "pxor %%xmm1, %%xmm0\n\t" + + /* reduce 96-bits to 64-bits */ + "pshufd $0xfc, %%xmm0, %%xmm1\n\t" /* [00][00][00][x] */ + "pshufd $0xf9, %%xmm0, %%xmm0\n\t" /* [00][00][x>>64][x>>32] */ + "pclmulqdq $0x00, %[k5], %%xmm1\n\t" /* [00][00][xx][xx] */ + "pxor %%xmm1, %%xmm0\n\t" /* top 64-bit are zero */ + + /* barrett reduction */ + "pshufd $0xf3, %%xmm0, %%xmm1\n\t" /* [00][00][x>>32][00] */ + "pslldq $4, %%xmm0\n\t" /* [??][x>>32][??][??] */ + "pclmulqdq $0x00, %%xmm5, %%xmm1\n\t" /* [00][xx][xx][00] */ + "pclmulqdq $0x10, %%xmm5, %%xmm1\n\t" /* [00][xx][xx][00] */ + "pxor %%xmm1, %%xmm0\n\t" + + /* store CRC */ + "pextrd $2, %%xmm0, %[out]\n\t" + : [out] "=m" (*pcrc) + : [k5] "m" (consts->k[5 - 1]) + : ); +} + +static inline void +crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen, + const struct crc32_consts_s *consts) +{ + if (inlen < 4) + { + u32 crc = *pcrc; + u32 data; + + asm volatile ("movdqa %[my_p], %%xmm5\n\t" + : + : [my_p] "m" (consts->my_p[0]) + : ); + + if (inlen == 1) + { + data = inbuf[0]; + data ^= crc; + data <<= 24; + crc >>= 8; + } + else if (inlen == 2) + { + data = *((const u16 *)inbuf); + data ^= crc; + data <<= 16; + crc >>= 16; + } + else + { + data = *((const u16 *)inbuf); + data |= inbuf[2] << 16; + data ^= crc; + data <<= 8; + crc >>= 24; + } + + /* Barrett reduction */ + asm volatile ("movd %[in], %%xmm0\n\t" + "movd %[crc], %%xmm1\n\t" + + "pclmulqdq $0x00, %%xmm5, %%xmm0\n\t" /* [00][00][xx][xx] */ + "psllq $32, %%xmm1\n\t" + "pshufd $0xfc, %%xmm0, %%xmm0\n\t" /* [00][00][00][x] */ + "pclmulqdq $0x10, %%xmm5, %%xmm0\n\t" /* [00][00][xx][xx] */ + "pxor %%xmm1, %%xmm0\n\t" + + "pextrd $1, %%xmm0, %[out]\n\t" + : [out] "=m" (*pcrc) + : [in] "rm" (data), + [crc] "rm" (crc) + : ); + } + else if (inlen == 4) + { + /* Barrett reduction */ + asm volatile ("movd %[crc], %%xmm1\n\t" + "movd %[in], %%xmm0\n\t" + "movdqa %[my_p], %%xmm5\n\t" + "pxor %%xmm1, %%xmm0\n\t" + + "pclmulqdq $0x00, %%xmm5, %%xmm0\n\t" /* [00][00][xx][xx] */ + "pshufd $0xfc, %%xmm0, %%xmm0\n\t" /* [00][00][00][x] */ + "pclmulqdq $0x10, %%xmm5, %%xmm0\n\t" /* [00][00][xx][xx] */ + + "pextrd $1, %%xmm0, %[out]\n\t" + : [out] "=m" (*pcrc) + : [in] "m" (*inbuf), + [crc] "m" (*pcrc), + [my_p] "m" (consts->my_p[0]) + : ); + } + else + { + asm volatile ("movdqu %[shuf], %%xmm4\n\t" + "movd %[crc], %%xmm1\n\t" + "movdqa %[my_p], %%xmm5\n\t" + "movdqa %[k3k4], %%xmm6\n\t" + : + : [shuf] "m" (crc32_refl_shuf_shift[inlen]), + [crc] "m" (*pcrc), + [my_p] "m" (consts->my_p[0]), + [k3k4] "m" (consts->k[3 - 1]) + : ); + + if (inlen >= 8) + { + asm volatile ("movq %[inbuf], %%xmm0\n\t" + : + : [inbuf] "m" (*inbuf) + : ); + if (inlen > 8) + { + asm volatile (/*"pinsrq $1, %[inbuf_tail], %%xmm0\n\t"*/ + "movq %[inbuf_tail], %%xmm2\n\t" + "punpcklqdq %%xmm2, %%xmm0\n\t" + "pshufb %[merge_shuf], %%xmm0\n\t" + : + : [inbuf_tail] "m" (inbuf[inlen - 8]), + [merge_shuf] "m" + (*crc32_merge9to15_shuf[inlen - 9]) + : ); + } + } + else + { + asm volatile ("movd %[inbuf], %%xmm0\n\t" + "pinsrd $1, %[inbuf_tail], %%xmm0\n\t" + "pshufb %[merge_shuf], %%xmm0\n\t" + : + : [inbuf] "m" (*inbuf), + [inbuf_tail] "m" (inbuf[inlen - 4]), + [merge_shuf] "m" + (*crc32_merge5to7_shuf[inlen - 5]) + : ); + } + + /* Final fold. */ + asm volatile ("pxor %%xmm1, %%xmm0\n\t" + "pshufb %%xmm4, %%xmm0\n\t" + + /* reduce 128-bits to 96-bits */ + "movdqa %%xmm0, %%xmm1\n\t" + "pclmulqdq $0x10, %%xmm6, %%xmm0\n\t" + "psrldq $8, %%xmm1\n\t" + "pxor %%xmm1, %%xmm0\n\t" /* top 32-bit are zero */ + + /* reduce 96-bits to 64-bits */ + "pshufd $0xfc, %%xmm0, %%xmm1\n\t" /* [00][00][00][x] */ + "pshufd $0xf9, %%xmm0, %%xmm0\n\t" /* [00][00][x>>64][x>>32] */ + "pclmulqdq $0x00, %[k5], %%xmm1\n\t" /* [00][00][xx][xx] */ + "pxor %%xmm1, %%xmm0\n\t" /* top 64-bit are zero */ + + /* barrett reduction */ + "pshufd $0xf3, %%xmm0, %%xmm1\n\t" /* [00][00][x>>32][00] */ + "pslldq $4, %%xmm0\n\t" /* [??][x>>32][??][??] */ + "pclmulqdq $0x00, %%xmm5, %%xmm1\n\t" /* [00][xx][xx][00] */ + "pclmulqdq $0x10, %%xmm5, %%xmm1\n\t" /* [00][xx][xx][00] */ + "pxor %%xmm1, %%xmm0\n\t" + + /* store CRC */ + "pextrd $2, %%xmm0, %[out]\n\t" + : [out] "=m" (*pcrc) + : [k5] "m" (consts->k[5 - 1]) + : ); + } +} + +/* PCLMUL functions for non-reflected CRC32. */ +static inline void +crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen, + const struct crc32_consts_s *consts) +{ + asm volatile ("movdqa %[bswap], %%xmm7\n\t" + : + : [bswap] "m" (*crc32_bswap_shuf) + : ); + + if (inlen >= 8 * 16) + { + asm volatile ("movd %[crc], %%xmm4\n\t" + "movdqu %[inbuf_0], %%xmm0\n\t" + "movdqu %[inbuf_1], %%xmm1\n\t" + "movdqu %[inbuf_2], %%xmm2\n\t" + "pxor %%xmm4, %%xmm0\n\t" + "movdqu %[inbuf_3], %%xmm3\n\t" + "pshufb %%xmm7, %%xmm0\n\t" + "pshufb %%xmm7, %%xmm1\n\t" + "pshufb %%xmm7, %%xmm2\n\t" + "pshufb %%xmm7, %%xmm3\n\t" + : + : [inbuf_0] "m" (inbuf[0 * 16]), + [inbuf_1] "m" (inbuf[1 * 16]), + [inbuf_2] "m" (inbuf[2 * 16]), + [inbuf_3] "m" (inbuf[3 * 16]), + [crc] "m" (*pcrc) + : ); + + inbuf += 4 * 16; + inlen -= 4 * 16; + + asm volatile ("movdqa %[k1k2], %%xmm4\n\t" + : + : [k1k2] "m" (consts->k[1 - 1]) + : ); + + /* Fold by 4. */ + while (inlen >= 4 * 16) + { + asm volatile ("movdqu %[inbuf_0], %%xmm5\n\t" + "movdqa %%xmm0, %%xmm6\n\t" + "pshufb %%xmm7, %%xmm5\n\t" + "pclmulqdq $0x01, %%xmm4, %%xmm0\n\t" + "pclmulqdq $0x10, %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm0\n\t" + "pxor %%xmm6, %%xmm0\n\t" + + "movdqu %[inbuf_1], %%xmm5\n\t" + "movdqa %%xmm1, %%xmm6\n\t" + "pshufb %%xmm7, %%xmm5\n\t" + "pclmulqdq $0x01, %%xmm4, %%xmm1\n\t" + "pclmulqdq $0x10, %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "pxor %%xmm6, %%xmm1\n\t" + + "movdqu %[inbuf_2], %%xmm5\n\t" + "movdqa %%xmm2, %%xmm6\n\t" + "pshufb %%xmm7, %%xmm5\n\t" + "pclmulqdq $0x01, %%xmm4, %%xmm2\n\t" + "pclmulqdq $0x10, %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "pxor %%xmm6, %%xmm2\n\t" + + "movdqu %[inbuf_3], %%xmm5\n\t" + "movdqa %%xmm3, %%xmm6\n\t" + "pshufb %%xmm7, %%xmm5\n\t" + "pclmulqdq $0x01, %%xmm4, %%xmm3\n\t" + "pclmulqdq $0x10, %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "pxor %%xmm6, %%xmm3\n\t" + : + : [inbuf_0] "m" (inbuf[0 * 16]), + [inbuf_1] "m" (inbuf[1 * 16]), + [inbuf_2] "m" (inbuf[2 * 16]), + [inbuf_3] "m" (inbuf[3 * 16]) + : ); + + inbuf += 4 * 16; + inlen -= 4 * 16; + } + + asm volatile ("movdqa %[k3k4], %%xmm6\n\t" + "movdqa %[my_p], %%xmm5\n\t" + : + : [k3k4] "m" (consts->k[3 - 1]), + [my_p] "m" (consts->my_p[0]) + : ); + + /* Fold 4 to 1. */ + + asm volatile ("movdqa %%xmm0, %%xmm4\n\t" + "pclmulqdq $0x01, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x10, %%xmm6, %%xmm4\n\t" + "pxor %%xmm1, %%xmm0\n\t" + "pxor %%xmm4, %%xmm0\n\t" + + "movdqa %%xmm0, %%xmm4\n\t" + "pclmulqdq $0x01, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x10, %%xmm6, %%xmm4\n\t" + "pxor %%xmm2, %%xmm0\n\t" + "pxor %%xmm4, %%xmm0\n\t" + + "movdqa %%xmm0, %%xmm4\n\t" + "pclmulqdq $0x01, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x10, %%xmm6, %%xmm4\n\t" + "pxor %%xmm3, %%xmm0\n\t" + "pxor %%xmm4, %%xmm0\n\t" + : + : + : ); + } + else + { + asm volatile ("movd %[crc], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "movdqa %[k3k4], %%xmm6\n\t" + "pxor %%xmm1, %%xmm0\n\t" + "movdqa %[my_p], %%xmm5\n\t" + "pshufb %%xmm7, %%xmm0\n\t" + : + : [inbuf] "m" (*inbuf), + [crc] "m" (*pcrc), + [k3k4] "m" (consts->k[3 - 1]), + [my_p] "m" (consts->my_p[0]) + : ); + + inbuf += 16; + inlen -= 16; + } + + /* Fold by 1. */ + if (inlen >= 16) + { + while (inlen >= 16) + { + /* Load next block to XMM2. Fold XMM0 to XMM0:XMM1. */ + asm volatile ("movdqu %[inbuf], %%xmm2\n\t" + "movdqa %%xmm0, %%xmm1\n\t" + "pclmulqdq $0x01, %%xmm6, %%xmm0\n\t" + "pshufb %%xmm7, %%xmm2\n\t" + "pclmulqdq $0x10, %%xmm6, %%xmm1\n\t" + "pxor %%xmm2, %%xmm0\n\t" + "pxor %%xmm1, %%xmm0\n\t" + : + : [inbuf] "m" (*inbuf) + : ); + + inbuf += 16; + inlen -= 16; + } + } + + /* Partial fold. */ + if (inlen) + { + /* Load last input and add padding zeros. */ + asm volatile ("movdqu %[shl_shuf], %%xmm4\n\t" + "movdqu %[shr_shuf], %%xmm3\n\t" + "movdqu %[mask], %%xmm2\n\t" + + "movdqa %%xmm0, %%xmm1\n\t" + "pshufb %%xmm4, %%xmm0\n\t" + "movdqu %[inbuf], %%xmm4\n\t" + "pshufb %%xmm3, %%xmm1\n\t" + "pand %%xmm4, %%xmm2\n\t" + "por %%xmm1, %%xmm2\n\t" + + "pshufb %%xmm7, %%xmm2\n\t" + + "movdqa %%xmm0, %%xmm1\n\t" + "pclmulqdq $0x01, %%xmm6, %%xmm0\n\t" + "pclmulqdq $0x10, %%xmm6, %%xmm1\n\t" + "pxor %%xmm2, %%xmm0\n\t" + "pxor %%xmm1, %%xmm0\n\t" + : + : [inbuf] "m" (*(inbuf - 16 + inlen)), + [mask] "m" (crc32_partial_fold_input_mask[inlen]), + [shl_shuf] "m" (crc32_refl_shuf_shift[32 - inlen]), + [shr_shuf] "m" (crc32_shuf_shift[inlen + 16]) + : ); + + inbuf += inlen; + inlen -= inlen; + } + + /* Final fold. */ + asm volatile (/* reduce 128-bits to 96-bits */ + "movdqa %%xmm0, %%xmm1\n\t" + "pclmulqdq $0x11, %%xmm6, %%xmm0\n\t" + "pslldq $8, %%xmm1\n\t" + "pxor %%xmm1, %%xmm0\n\t" /* bottom 32-bit are zero */ + + /* reduce 96-bits to 64-bits */ + "pshufd $0x30, %%xmm0, %%xmm1\n\t" /* [00][x>>96][00][00] */ + "pshufd $0x24, %%xmm0, %%xmm0\n\t" /* [00][xx][xx][00] */ + "pclmulqdq $0x01, %[k5], %%xmm1\n\t" /* [00][xx][xx][00] */ + "pxor %%xmm1, %%xmm0\n\t" /* top and bottom 32-bit are zero */ + + /* barrett reduction */ + "pshufd $0x01, %%xmm0, %%xmm1\n\t" /* [00][00][00][x>>32] */ + "pclmulqdq $0x01, %%xmm5, %%xmm0\n\t" /* [00][xx][xx][xx] */ + "psrldq $4, %%xmm0\n\t" /* [00][00][xx][xx] */ + "pclmulqdq $0x10, %%xmm5, %%xmm0\n\t" + "pxor %%xmm1, %%xmm0\n\t" + + /* store CRC in input endian */ + "movd %%xmm0, %%eax\n\t" + "bswapl %%eax\n\t" + "movl %%eax, %[out]\n\t" + : [out] "=m" (*pcrc) + : [k5] "m" (consts->k[5 - 1]) + : "eax" ); +} + +static inline void +crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen, + const struct crc32_consts_s *consts) +{ + if (inlen < 4) + { + u32 crc = *pcrc; + u32 data; + + asm volatile ("movdqa %[my_p], %%xmm5\n\t" + : + : [my_p] "m" (consts->my_p[0]) + : ); + + if (inlen == 1) + { + data = inbuf[0]; + data ^= crc; + data = _gcry_bswap32(data << 24); + crc = _gcry_bswap32(crc >> 8); + } + else if (inlen == 2) + { + data = *((const u16 *)inbuf); + data ^= crc; + data = _gcry_bswap32(data << 16); + crc = _gcry_bswap32(crc >> 16); + } + else + { + data = *((const u16 *)inbuf); + data |= inbuf[2] << 16; + data ^= crc; + data = _gcry_bswap32(data << 8); + crc = _gcry_bswap32(crc >> 24); + } + + /* Barrett reduction */ + asm volatile ("movd %[in], %%xmm0\n\t" + "psllq $32, %%xmm0\n\t" /* [00][00][xx][00] */ + "movd %[crc], %%xmm1\n\t" + + "pclmulqdq $0x00, %%xmm5, %%xmm0\n\t" /* [00][xx][xx][00] */ + "pclmulqdq $0x11, %%xmm5, %%xmm0\n\t" /* [00][00][xx][xx] */ + "pxor %%xmm1, %%xmm0\n\t" + + /* store CRC in input endian */ + "movd %%xmm0, %%eax\n\t" + "bswapl %%eax\n\t" + "movl %%eax, %[out]\n\t" + : [out] "=m" (*pcrc) + : [in] "r" (data), + [crc] "r" (crc) + : "eax" ); + } + else if (inlen == 4) + { + /* Barrett reduction */ + asm volatile ("movd %[crc], %%xmm0\n\t" + "movd %[in], %%xmm1\n\t" + "movdqa %[my_p], %%xmm5\n\t" + "pxor %%xmm1, %%xmm0\n\t" + "pshufb %[bswap], %%xmm0\n\t" /* [xx][00][00][00] */ + + "pclmulqdq $0x01, %%xmm5, %%xmm0\n\t" /* [00][xx][xx][00] */ + "pclmulqdq $0x11, %%xmm5, %%xmm0\n\t" /* [00][00][xx][xx] */ + + /* store CRC in input endian */ + "movd %%xmm0, %%eax\n\t" + "bswapl %%eax\n\t" + "movl %%eax, %[out]\n\t" + : [out] "=m" (*pcrc) + : [in] "m" (*inbuf), + [crc] "m" (*pcrc), + [my_p] "m" (consts->my_p[0]), + [bswap] "m" (*crc32_bswap_shuf) + : "eax" ); + } + else + { + asm volatile ("movdqu %[shuf], %%xmm7\n\t" + "movd %[crc], %%xmm1\n\t" + "movdqa %[my_p], %%xmm5\n\t" + "movdqa %[k3k4], %%xmm6\n\t" + : + : [shuf] "m" (crc32_shuf_shift[32 - inlen]), + [crc] "m" (*pcrc), + [my_p] "m" (consts->my_p[0]), + [k3k4] "m" (consts->k[3 - 1]) + : ); + + if (inlen >= 8) + { + asm volatile ("movq %[inbuf], %%xmm0\n\t" + : + : [inbuf] "m" (*inbuf) + : ); + if (inlen > 8) + { + asm volatile (/*"pinsrq $1, %[inbuf_tail], %%xmm0\n\t"*/ + "movq %[inbuf_tail], %%xmm2\n\t" + "punpcklqdq %%xmm2, %%xmm0\n\t" + "pshufb %[merge_shuf], %%xmm0\n\t" + : + : [inbuf_tail] "m" (inbuf[inlen - 8]), + [merge_shuf] "m" + (*crc32_merge9to15_shuf[inlen - 9]) + : ); + } + } + else + { + asm volatile ("movd %[inbuf], %%xmm0\n\t" + "pinsrd $1, %[inbuf_tail], %%xmm0\n\t" + "pshufb %[merge_shuf], %%xmm0\n\t" + : + : [inbuf] "m" (*inbuf), + [inbuf_tail] "m" (inbuf[inlen - 4]), + [merge_shuf] "m" + (*crc32_merge5to7_shuf[inlen - 5]) + : ); + } + + /* Final fold. */ + asm volatile ("pxor %%xmm1, %%xmm0\n\t" + "pshufb %%xmm7, %%xmm0\n\t" + + /* reduce 128-bits to 96-bits */ + "movdqa %%xmm0, %%xmm1\n\t" + "pclmulqdq $0x11, %%xmm6, %%xmm0\n\t" + "pslldq $8, %%xmm1\n\t" + "pxor %%xmm1, %%xmm0\n\t" /* bottom 32-bit are zero */ + + /* reduce 96-bits to 64-bits */ + "pshufd $0x30, %%xmm0, %%xmm1\n\t" /* [00][x>>96][00][00] */ + "pshufd $0x24, %%xmm0, %%xmm0\n\t" /* [00][xx][xx][00] */ + "pclmulqdq $0x01, %[k5], %%xmm1\n\t" /* [00][xx][xx][00] */ + "pxor %%xmm1, %%xmm0\n\t" /* top and bottom 32-bit are zero */ + + /* barrett reduction */ + "pshufd $0x01, %%xmm0, %%xmm1\n\t" /* [00][00][00][x>>32] */ + "pclmulqdq $0x01, %%xmm5, %%xmm0\n\t" /* [00][xx][xx][xx] */ + "psrldq $4, %%xmm0\n\t" /* [00][00][xx][xx] */ + "pclmulqdq $0x10, %%xmm5, %%xmm0\n\t" + "pxor %%xmm1, %%xmm0\n\t" + + /* store CRC in input endian */ + "movd %%xmm0, %%eax\n\t" + "bswapl %%eax\n\t" + "movl %%eax, %[out]\n\t" + : [out] "=m" (*pcrc) + : [k5] "m" (consts->k[5 - 1]) + : "eax" ); + } +} + +void +_gcry_crc32_intel_pclmul (u32 *pcrc, const byte *inbuf, size_t inlen) +{ + const struct crc32_consts_s *consts = &crc32_consts; +#if defined(__x86_64__) && defined(__WIN64__) + char win64tmp[2 * 16]; + + /* XMM6-XMM7 need to be restored after use. */ + asm volatile ("movdqu %%xmm6, 0*16(%0)\n\t" + "movdqu %%xmm7, 1*16(%0)\n\t" + : + : "r" (win64tmp) + : "memory"); +#endif + + if (!inlen) + return; + + if (inlen >= 16) + crc32_reflected_bulk(pcrc, inbuf, inlen, consts); + else + crc32_reflected_less_than_16(pcrc, inbuf, inlen, consts); + +#if defined(__x86_64__) && defined(__WIN64__) + /* Restore used registers. */ + asm volatile("movdqu 0*16(%0), %%xmm6\n\t" + "movdqu 1*16(%0), %%xmm7\n\t" + : + : "r" (win64tmp) + : "memory"); +#endif +} + +void +_gcry_crc24rfc2440_intel_pclmul (u32 *pcrc, const byte *inbuf, size_t inlen) +{ + const struct crc32_consts_s *consts = &crc24rfc2440_consts; +#if defined(__x86_64__) && defined(__WIN64__) + char win64tmp[2 * 16]; + + /* XMM6-XMM7 need to be restored after use. */ + asm volatile ("movdqu %%xmm6, 0*16(%0)\n\t" + "movdqu %%xmm7, 1*16(%0)\n\t" + : + : "r" (win64tmp) + : "memory"); +#endif + + if (!inlen) + return; + + /* Note: *pcrc in input endian. */ + + if (inlen >= 16) + crc32_bulk(pcrc, inbuf, inlen, consts); + else + crc32_less_than_16(pcrc, inbuf, inlen, consts); + +#if defined(__x86_64__) && defined(__WIN64__) + /* Restore used registers. */ + asm volatile("movdqu 0*16(%0), %%xmm6\n\t" + "movdqu 1*16(%0), %%xmm7\n\t" + : + : "r" (win64tmp) + : "memory"); +#endif +} + +#endif /* USE_INTEL_PCLMUL */ diff --git a/cipher/crc.c b/cipher/crc.c index 46a185a..ee0e4e2 100644 --- a/cipher/crc.c +++ b/cipher/crc.c @@ -31,14 +31,37 @@ #include "bufhelp.h" +/* USE_INTEL_PCLMUL indicates whether to compile CRC with Intel PCLMUL + * code. */ +#undef USE_INTEL_PCLMUL +#ifdef ENABLE_PCLMUL_SUPPORT +# if ((defined(__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)) +# if __GNUC__ >= 4 +# define USE_INTEL_PCLMUL 1 +# endif +# endif +#endif /* USE_INTEL_PCLMUL */ + + typedef struct { u32 CRC; +#ifdef USE_INTEL_PCLMUL + unsigned int use_pclmul:1; /* Intel PCLMUL shall be used. */ +#endif byte buf[4]; } CRC_CONTEXT; +#ifdef USE_INTEL_PCLMUL +/*-- crc-intel-pclmul.c --*/ +void _gcry_crc32_intel_pclmul (u32 *pcrc, const byte *inbuf, size_t inlen); +void _gcry_crc24rfc2440_intel_pclmul (u32 *pcrc, const byte *inbuf, + size_t inlen); +#endif + + /* * Code generated by universal_crc by Danjel McGougan * @@ -338,6 +361,11 @@ static void crc32_init (void *context, unsigned int flags) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; +#ifdef USE_INTEL_PCLMUL + u32 hwf = _gcry_get_hw_features (); + + ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL); +#endif (void)flags; @@ -351,6 +379,14 @@ crc32_write (void *context, const void *inbuf_arg, size_t inlen) const byte *inbuf = inbuf_arg; u32 crc; +#ifdef USE_INTEL_PCLMUL + if (ctx->use_pclmul) + { + _gcry_crc32_intel_pclmul(&ctx->CRC, inbuf, inlen); + return; + } +#endif + if (!inbuf || !inlen) return; @@ -403,6 +439,11 @@ static void crc32rfc1510_init (void *context, unsigned int flags) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; +#ifdef USE_INTEL_PCLMUL + u32 hwf = _gcry_get_hw_features (); + + ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL); +#endif (void)flags; @@ -694,7 +735,8 @@ static const u32 crc24_table[1024] = static inline u32 crc24_init (void) { - return 0xce04b7; + /* Transformed to 32-bit CRC by multiplied by x? and then byte swapped. */ + return 0xce04b7; /* _gcry_bswap(0xb704ce << 8) */ } static inline @@ -713,7 +755,7 @@ u32 crc24_next4 (u32 crc, u32 data) crc = crc24_table[(crc & 0xff) + 0x300] ^ crc24_table[((crc >> 8) & 0xff) + 0x200] ^ crc24_table[((crc >> 16) & 0xff) + 0x100] ^ - crc24_table[(crc >> 24) & 0xff]; + crc24_table[(data >> 24) & 0xff]; return crc; } @@ -727,6 +769,11 @@ static void crc24rfc2440_init (void *context, unsigned int flags) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; +#ifdef USE_INTEL_PCLMUL + u32 hwf = _gcry_get_hw_features (); + + ctx->use_pclmul = (hwf & HWF_INTEL_SSE4_1) && (hwf & HWF_INTEL_PCLMUL); +#endif (void)flags; @@ -740,6 +787,14 @@ crc24rfc2440_write (void *context, const void *inbuf_arg, size_t inlen) CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; u32 crc; +#ifdef USE_INTEL_PCLMUL + if (ctx->use_pclmul) + { + _gcry_crc24rfc2440_intel_pclmul(&ctx->CRC, inbuf, inlen); + return; + } +#endif + if (!inbuf || !inlen) return; diff --git a/configure.ac b/configure.ac index 8b50360..ff72e3f 100644 --- a/configure.ac +++ b/configure.ac @@ -2023,6 +2023,13 @@ LIST_MEMBER(crc, $enabled_digests) if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc.lo" AC_DEFINE(USE_CRC, 1, [Defined if this module should be included]) + + case "${host}" in + i?86-*-* | x86_64-*-*) + # Build with the assembly implementation + GCRYPT_DIGESTS="$GCRYPT_DIGESTS crc-intel-pclmul.lo" + ;; + esac fi LIST_MEMBER(gostr3411-94, $enabled_digests) diff --git a/src/g10lib.h b/src/g10lib.h index 9d2ece9..7352556 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -194,23 +194,23 @@ char **_gcry_strtokenize (const char *string, const char *delim); /*-- src/hwfeatures.c --*/ -/* (Do not change these values unless synced with the asm code.) */ -#define HWF_PADLOCK_RNG 1 -#define HWF_PADLOCK_AES 2 -#define HWF_PADLOCK_SHA 4 -#define HWF_PADLOCK_MMUL 8 - -#define HWF_INTEL_CPU 16 -#define HWF_INTEL_FAST_SHLD 32 -#define HWF_INTEL_BMI2 64 -#define HWF_INTEL_SSSE3 128 -#define HWF_INTEL_PCLMUL 256 -#define HWF_INTEL_AESNI 512 -#define HWF_INTEL_RDRAND 1024 -#define HWF_INTEL_AVX 2048 -#define HWF_INTEL_AVX2 4096 - -#define HWF_ARM_NEON 8192 +#define HWF_PADLOCK_RNG (1 << 0) +#define HWF_PADLOCK_AES (1 << 1) +#define HWF_PADLOCK_SHA (1 << 2) +#define HWF_PADLOCK_MMUL (1 << 3) + +#define HWF_INTEL_CPU (1 << 4) +#define HWF_INTEL_FAST_SHLD (1 << 5) +#define HWF_INTEL_BMI2 (1 << 6) +#define HWF_INTEL_SSSE3 (1 << 7) +#define HWF_INTEL_SSE4_1 (1 << 8) +#define HWF_INTEL_PCLMUL (1 << 9) +#define HWF_INTEL_AESNI (1 << 10) +#define HWF_INTEL_RDRAND (1 << 11) +#define HWF_INTEL_AVX (1 << 12) +#define HWF_INTEL_AVX2 (1 << 13) + +#define HWF_ARM_NEON (1 << 14) gpg_err_code_t _gcry_disable_hw_feature (const char *name); diff --git a/src/hwf-x86.c b/src/hwf-x86.c index fbd6331..eeacccb 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -277,6 +277,9 @@ detect_x86_gnuc (void) /* Test bit 9 for SSSE3. */ if (features & 0x00000200) result |= HWF_INTEL_SSSE3; + /* Test bit 19 for SSE4.1. */ + if (features & 0x00080000) + result |= HWF_INTEL_SSE4_1; #ifdef ENABLE_AESNI_SUPPORT /* Test bit 25 for AES-NI. */ if (features & 0x02000000) diff --git a/src/hwfeatures.c b/src/hwfeatures.c index e7c55cc..4cafae1 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -50,6 +50,7 @@ static struct { HWF_INTEL_FAST_SHLD, "intel-fast-shld" }, { HWF_INTEL_BMI2, "intel-bmi2" }, { HWF_INTEL_SSSE3, "intel-ssse3" }, + { HWF_INTEL_SSE4_1, "intel-sse4.1" }, { HWF_INTEL_PCLMUL, "intel-pclmul" }, { HWF_INTEL_AESNI, "intel-aesni" }, { HWF_INTEL_RDRAND, "intel-rdrand" }, diff --git a/tests/basic.c b/tests/basic.c index 7d5de00..5e7ee44 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -5267,6 +5267,14 @@ check_cipher_modes(void) static void +fillbuf_count (char *buf, size_t buflen, unsigned char pos) +{ + while (buflen--) + *((unsigned char *)(buf++)) = pos++; +} + + +static void check_one_md (int algo, const char *data, int len, const char *expect, int elen) { gcry_md_hd_t hd, hd2; @@ -5297,14 +5305,33 @@ check_one_md (int algo, const char *data, int len, const char *expect, int elen) } } - if (*data == '!' && !data[1]) - { /* hash one million times a "a" */ + if ((*data == '!' && !data[1]) || /* hash one million times a "a" */ + (*data == '?' && !data[1])) /* hash million byte data-set with byte pattern 0x00,0x01,0x02,... */ + { char aaa[1000]; size_t left = 1000 * 1000; size_t startlen = 1; size_t piecelen = startlen; - memset (aaa, 'a', 1000); + if (*data == '!') + memset (aaa, 'a', 1000); + + /* Write in chuck with all sizes 1 to 1000 (500500 bytes) */ + for (i = 1; i <= 1000 && left > 0; i++) + { + piecelen = i; + if (piecelen > sizeof(aaa)) + piecelen = sizeof(aaa); + if (piecelen > left) + piecelen = left; + + if (*data == '?') + fillbuf_count(aaa, piecelen, 1000 * 1000 - left); + + gcry_md_write (hd, aaa, piecelen); + + left -= piecelen; + } /* Write in odd size chunks so that we test the buffering. */ while (left > 0) @@ -5314,6 +5341,9 @@ check_one_md (int algo, const char *data, int len, const char *expect, int elen) if (piecelen > left) piecelen = left; + if (*data == '?') + fillbuf_count(aaa, piecelen, 1000 * 1000 - left); + gcry_md_write (hd, aaa, piecelen); left -= piecelen; @@ -5526,6 +5556,8 @@ check_one_md_multi (int algo, const char *data, int len, const char *expect) if (*data == '!' && !data[1]) return; /* We can't do that here. */ + if (*data == '?' && !data[1]) + return; /* We can't do that here. */ memset (iov, 0, sizeof iov); @@ -5616,6 +5648,8 @@ check_digests (void) "\xc4\x1a\x5c\x0b\x44\x5f\xba\x1a\xda\xbc\xc0\x38\x0e\x0c\x9e\x33" }, { GCRY_MD_MD5, "!", "\x77\x07\xd6\xae\x4e\x02\x7c\x70\xee\xa2\xa9\x35\xc2\x29\x6f\x21" }, + { GCRY_MD_MD5, "?", + "\x5c\x72\x5c\xbc\x2d\xbb\xe1\x14\x81\x59\xe9\xd9\xcf\x90\x64\x8f" }, { GCRY_MD_SHA1, "abc", "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E" "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" }, @@ -5626,6 +5660,9 @@ check_digests (void) { GCRY_MD_SHA1, "!" /* kludge for "a"*1000000 */ , "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E" "\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" }, + { GCRY_MD_SHA1, "?" /* kludge for "\x00\x01\x02"..."\xfe\xff\x00\x01"... (length 1000000) */ , + "\x5f\x8d\x3c\x4f\x12\xf0\x49\x9e\x28\x73" + "\x79\xec\x97\x3b\x98\x4c\x94\x75\xaa\x8f" }, { GCRY_MD_SHA1, "Libgcrypt is free software; you can redistribute it and/or modif" "y it under the terms of the GNU Lesser general Public License as" @@ -5648,6 +5685,9 @@ check_digests (void) { GCRY_MD_SHA224, "!", "\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b" "\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67" }, + { GCRY_MD_SHA224, "?", + "\xfa\xb9\xf0\xdf\x12\xfe\xa1\x1a\x34\x78\x96\x31\xe6\x53\x48\xbf" + "\x3b\xca\x70\x78\xf2\x44\xdf\x62\xab\x27\xb8\xda" }, { GCRY_MD_SHA224, "Libgcrypt is free software; you can redistribute it and/or modif" "y it under the terms of the GNU Lesser general Public License as" @@ -5669,6 +5709,9 @@ check_digests (void) { GCRY_MD_SHA256, "!", "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67" "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0" }, + { GCRY_MD_SHA256, "?", + "\x67\x87\x0d\xfc\x9c\x64\xe7\xaa\x27\x0a\x3f\x7e\x80\x51\xae\x65" + "\xd2\x07\xf9\x3f\xc3\xdf\x04\xd7\x57\x2e\x63\x65\xaf\x69\xcd\x0d" }, { GCRY_MD_SHA256, "Libgcrypt is free software; you can redistribute it and/or modif" "y it under the terms of the GNU Lesser general Public License as" @@ -5700,6 +5743,10 @@ check_digests (void) "\x9d\x0e\x18\x09\x71\x64\x74\xcb\x08\x6e\x83\x4e\x31\x0a\x4a\x1c" "\xed\x14\x9e\x9c\x00\xf2\x48\x52\x79\x72\xce\xc5\x70\x4c\x2a\x5b" "\x07\xb8\xb3\xdc\x38\xec\xc4\xeb\xae\x97\xdd\xd8\x7f\x3d\x89\x85" }, + { GCRY_MD_SHA384, "?", + "\xfa\x77\xbb\x86\x3a\xd5\xae\x88\xa9\x9c\x5e\xda\xb5\xc7\xcb\x40" + "\xcd\xf4\x30\xef\xa8\x1b\x23\x7b\xa9\xde\xfd\x81\x12\xf6\x7e\xed" + "\xa7\xd2\x27\x91\xd1\xbc\x76\x44\x57\x59\x71\x11\xe6\x8a\x2c\xde" }, { GCRY_MD_SHA512, "abc", "\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31" "\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A" @@ -5723,6 +5770,11 @@ check_digests (void) "\x8e\x1f\x98\xb1\x3b\x20\x44\x28\x56\x32\xa8\x03\xaf\xa9\x73\xeb" "\xde\x0f\xf2\x44\x87\x7e\xa6\x0a\x4c\xb0\x43\x2c\xe5\x77\xc3\x1b" "\xeb\x00\x9c\x5c\x2c\x49\xaa\x2e\x4e\xad\xb2\x17\xad\x8c\xc0\x9b" }, + { GCRY_MD_SHA512, "?", + "\x91\xe9\x42\x4e\xa9\xdc\x44\x01\x40\x64\xa4\x5a\x69\xcc\xac\xa3" + "\x74\xee\x78\xeb\x79\x1f\x94\x38\x5b\x73\xef\xf8\xfd\x5d\x74\xd8" + "\x51\x36\xfe\x63\x52\xde\x07\x70\x95\xd6\x78\x2b\x7b\x46\x8a\x2c" + "\x30\x0f\x48\x0c\x74\x43\x06\xdb\xa3\x8d\x64\x3d\xe9\xa1\xa7\x72" }, { GCRY_MD_SHA3_224, "abc", "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76\x6f" "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf" }, @@ -5806,6 +5858,21 @@ check_digests (void) "\x12\x0a\x2a\x53\x70\x21\x2d\xff\xb3\x38\x5a\x18\xd4\xf3\x88\x59" "\xed\x31\x1d\x0a\x9d\x51\x41\xce\x9c\xc5\xc6\x6e\xe6\x89\xb2\x66" "\xa8\xaa\x18\xac\xe8\x28\x2a\x0e\x0d\xb5\x96\xc9\x0b\x0a\x7b\x87" }, + { GCRY_MD_SHA3_224, "?", + "\x1b\xd1\xc6\x12\x02\x35\x52\x8b\x44\x7e\x16\x39\x20\x05\xec\x67" + "\x2d\x57\x20\xe0\x90\xc9\x78\x08\x86\x4f\x1b\xd0" }, + { GCRY_MD_SHA3_256, "?", + "\xfe\xb7\xf4\x76\x78\x97\x48\x2f\xe2\x29\x1b\x66\x85\xc1\x7b\x45" + "\xc5\x08\xed\x82\x50\xcc\x5d\x99\x96\xd2\xc3\x82\x1a\xa8\xd4\xa7" }, + { GCRY_MD_SHA3_384, "?", + "\x45\x1f\x0b\x93\x4b\xca\x3e\x65\x93\xd4\xaa\x8c\x18\xc1\x04\x84" + "\x12\xd5\x1e\x35\xe1\x05\xd9\x77\x3f\xc1\x08\x8b\x77\x36\xad\x4a" + "\x33\x70\xaf\x49\x8b\xea\x4c\x5c\x52\xe7\x5b\xed\x31\x74\x57\x12" }, + { GCRY_MD_SHA3_512, "?", + "\xa2\xee\xb5\x6f\x2a\x87\xa5\xb3\x9b\xd9\x1c\xf0\xaa\xdf\xb1\xd5" + "\xad\x0a\x1a\xaa\xd3\x63\x81\xcf\xb8\x7c\x36\xa7\x80\x3b\x03\xd6" + "\x31\x5c\x5d\x33\x8e\x52\xb1\x42\x4d\x27\x1c\xa2\xa5\xf2\xc5\x97" + "\x10\x12\xe5\xee\x86\xa3\xcc\xaf\x91\x7a\x94\x28\x65\xea\x66\xe3" }, { GCRY_MD_RMD160, "", "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28" "\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31" }, @@ -5832,6 +5899,9 @@ check_digests (void) { GCRY_MD_RMD160, "!", "\x52\x78\x32\x43\xc1\x69\x7b\xdb\xe1\x6d\x37\xf9\x7f\x68\xf0\x83" "\x25\xdc\x15\x28" }, + { GCRY_MD_RMD160, "?", + "\x68\x14\x86\x70\x3d\x51\x4e\x36\x68\x50\xf8\xb3\x00\x75\xda\x49" + "\x0a\xaa\x2c\xf6" }, { GCRY_MD_CRC32, "", "\x00\x00\x00\x00" }, { GCRY_MD_CRC32, "foo", "\x8c\x73\x65\x21" }, { GCRY_MD_CRC32, @@ -5846,6 +5916,7 @@ check_digests (void) "\x4A\x53\x7D\x67" }, { GCRY_MD_CRC32, "123456789", "\xcb\xf4\x39\x26" }, { GCRY_MD_CRC32, "!", "\xdc\x25\xbf\xbc" }, + { GCRY_MD_CRC32, "?", "\x61\x82\x29\x1B" }, { GCRY_MD_CRC32_RFC1510, "", "\x00\x00\x00\x00" }, { GCRY_MD_CRC32_RFC1510, "foo", "\x73\x32\xbc\x33" }, { GCRY_MD_CRC32_RFC1510, "test0123456789", "\xb8\x3e\x88\xd6" }, @@ -5858,9 +5929,13 @@ check_digests (void) { GCRY_MD_CRC32_RFC1510, "\x80\x00\x00\x00", "\xed\x59\xb6\x3b", 4 }, { GCRY_MD_CRC32_RFC1510, "\x00\x00\x00\x01", "\x77\x07\x30\x96", 4 }, { GCRY_MD_CRC32_RFC1510, "123456789", "\x2d\xfd\x2d\x88" }, + { GCRY_MD_CRC32_RFC1510, "!", "\xce\x5c\x74\x22" }, + { GCRY_MD_CRC32_RFC1510, "?", "\x73\xfb\xe2\x85" }, { GCRY_MD_CRC24_RFC2440, "", "\xb7\x04\xce" }, { GCRY_MD_CRC24_RFC2440, "foo", "\x4f\xc2\x55" }, { GCRY_MD_CRC24_RFC2440, "123456789", "\x21\xcf\x02" }, + { GCRY_MD_CRC24_RFC2440, "!", "\xa5\xcb\x6b" }, + { GCRY_MD_CRC24_RFC2440, "?", "\x7f\x67\x03" }, { GCRY_MD_TIGER, "", "\x24\xF0\x13\x0C\x63\xAC\x93\x32\x16\x16\x6E\x76" @@ -5942,6 +6017,9 @@ check_digests (void) "ral Public License for more details.", "\x60\xee\xdf\x95\x39\xc8\x44\x94\x64\xdc\xdf\x3d\x2e\x1c\xe5\x79" "\x6a\x95\xbd\x30\x68\x8c\x7e\xb8" }, + { GCRY_MD_TIGER1, "?", + "\x4b\xe2\x3f\x23\xf5\x34\xbe\xbf\x97\x42\x95\x80" + "\x54\xe4\x6c\x12\x64\x85\x44\x0a\xa9\x49\x9b\x65" }, { GCRY_MD_TIGER2, "", "\x44\x41\xBE\x75\xF6\x01\x87\x73\xC2\x06\xC2\x27" @@ -5986,11 +6064,11 @@ check_digests (void) "\xF0\xDF\xF5\x94\x13\x14\x5E\x69\x73\xC4\x50\x01\xD0\x08\x7B\x42" "\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6\x3A\x42\x39\x1A\x39\x14\x5A\x59" "\x1A\x92\x20\x0D\x56\x01\x95\xE5\x3B\x47\x85\x84\xFD\xAE\x23\x1A" }, - { GCRY_MD_WHIRLPOOL, "a", - "\x8A\xCA\x26\x02\x79\x2A\xEC\x6F\x11\xA6\x72\x06\x53\x1F\xB7\xD7" - "\xF0\xDF\xF5\x94\x13\x14\x5E\x69\x73\xC4\x50\x01\xD0\x08\x7B\x42" - "\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6\x3A\x42\x39\x1A\x39\x14\x5A\x59" - "\x1A\x92\x20\x0D\x56\x01\x95\xE5\x3B\x47\x85\x84\xFD\xAE\x23\x1A" }, + { GCRY_MD_WHIRLPOOL, "?", + "\x88\xf0\x78\x6d\x0d\x47\xe5\x32\x1f\x88\xb1\x48\x05\x53\x58\x7d" + "\x19\x4b\x32\x9b\xf1\xfb\x17\xc5\x98\x3a\x87\xa2\x48\x61\x3d\x2b" + "\xb2\xbc\x9f\x0d\xd2\x14\x37\x30\x55\x30\x91\xa7\xb8\x0c\x0f\x80" + "\x7c\x7b\x94\xf6\x55\xf6\x0b\x12\x85\x0c\x8e\x6d\x17\x5b\x1e\x71" }, { GCRY_MD_WHIRLPOOL, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xDC\x37\xE0\x08\xCF\x9E\xE6\x9B\xF1\x1F\x00\xED\x9A\xBA\x26\x90" commit a8b803d9e4bea2b779385ec9e9a579acc64431e9 Author: Jussi Kivilinna Date: Sat Mar 12 17:10:30 2016 +0200 Update .gitignore -- Signed-off-by: Jussi Kivilinna diff --git a/.gitignore b/.gitignore index b961614..3cd83a2 100644 --- a/.gitignore +++ b/.gitignore @@ -37,9 +37,12 @@ doc/Makefile doc/fips-fsm.eps doc/fips-fsm.pdf doc/fips-fsm.png +doc/hmac256.1 doc/libgcrypt-modules.eps doc/libgcrypt-modules.pdf doc/libgcrypt-modules.png +doc/yat2m +doc/yat2m-stamp mpi/Makefile mpi/asm-syntax.h mpi/libmpi.la @@ -61,27 +64,43 @@ src/gcrypt.h src/hmac256 src/libgcrypt-config src/libgcrypt.la +src/mpicalc src/versioninfo.rc +src/*.exe tests/Makefile tests/ac tests/ac-data tests/ac-schemes tests/aeswrap tests/basic +tests/bench-slope tests/benchmark +tests/curves +tests/dsa-rfc6979 tests/fips186-dsa tests/fipsdrv tests/gchash +tests/genhashdata +tests/hashtest tests/hashtest-256g tests/hmac tests/keygen tests/keygrip tests/mpitests +tests/pkcs1v2 tests/prime tests/pubkey tests/random tests/register tests/rsacvt +tests/t-convert +tests/t-cv25519 +tests/t-ed25519 +tests/t-kdf +tests/t-lock tests/t-mpi-bit +tests/t-mpi-point +tests/t-sexp tests/tsexp tests/version +tests/*.exe ----------------------------------------------------------------------- Summary of changes: .gitignore | 19 + cipher/Makefile.am | 1 + cipher/crc-intel-pclmul.c | 912 ++++++++++++++++++++++++++++++++++++++++++++++ cipher/crc.c | 59 ++- configure.ac | 7 + src/g10lib.h | 34 +- src/hwf-x86.c | 3 + src/hwfeatures.c | 1 + tests/basic.c | 94 ++++- 9 files changed, 1103 insertions(+), 27 deletions(-) create mode 100644 cipher/crc-intel-pclmul.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 15 17:32:42 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 15 Mar 2016 17:32:42 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-100-g60b34f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 60b34f96f4f390670462d719c0d797e622cee4d4 (commit) from 834b84c0ee4990393daa5e44afbab5b0aaed0758 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 60b34f96f4f390670462d719c0d797e622cee4d4 Author: Werner Koch Date: Tue Mar 15 09:22:24 2016 +0100 gpg: Do not rely on a certain evaluation order. * g10/keyedit.c (print_and_check_one_sig): Call check_key_signature before derefing IS_SELFSIG. -- Fixes-commit: 5fbd80579aea0f75ca1d2700515c5b8747a75c7d Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index d7c2a4b..e138efa 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -310,12 +310,16 @@ print_one_sig (int rc, KBNODE keyblock, KBNODE node, return (sigrc == '!'); } + static int print_and_check_one_sig (KBNODE keyblock, KBNODE node, int *inv_sigs, int *no_key, int *oth_err, int *is_selfsig, int print_without_key, int extended) { - return print_one_sig (check_key_signature (keyblock, node, is_selfsig), + int rc; + + rc = check_key_signature (keyblock, node, is_selfsig); + return print_one_sig (rc, keyblock, node, inv_sigs, no_key, oth_err, *is_selfsig, print_without_key, extended); } ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 16 03:55:16 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 16 Mar 2016 03:55:16 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-101-gb752d2c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b752d2c93778e6a1c1de3eddf8fc725b0ddd354e (commit) from 60b34f96f4f390670462d719c0d797e622cee4d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b752d2c93778e6a1c1de3eddf8fc725b0ddd354e Author: NIIBE Yutaka Date: Wed Mar 16 11:52:41 2016 +0900 g10: Add const qualifier. * g10/gpgcompose.c (show_help): Those are strings not to be modified. -- Signed-off-by: NIIBE Yutaka diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c index ada986e..55d3ae2 100644 --- a/g10/gpgcompose.c +++ b/g10/gpgcompose.c @@ -259,8 +259,8 @@ show_help (struct option options[]) for (i = 0; ; i ++) { - char *option = options[i].option; - char *help = options[i].help; + const char *option = options[i].option; + const char *help = options[i].help; int l; int j; ----------------------------------------------------------------------- Summary of changes: g10/gpgcompose.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 16 13:59:09 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 16 Mar 2016 13:59:09 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-339-g4051fe7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4051fe7fec6ffdc7a2f5c3856665478866991ee7 (commit) via fcf4358a7a7ba8d32bf385ea99ced5f47cbd3ae2 (commit) from 5d601dd57fcb41aa2015ab655fd6fc51537da667 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4051fe7fec6ffdc7a2f5c3856665478866991ee7 Author: Justus Winter Date: Wed Mar 16 13:35:37 2016 +0100 Update documentation for 'gcry_sexp_extract_param'. * doc/gcrypt.texi (gcry_sexp_extract_param): Mention that all MIPs must be set to NULL first, and document how the function behaves in case of errors. * src/sexp.c (_gcry_sexp_extract_param): Likewise. * src/gcrypt.h.in (gcry_sexp_extract_param): Copy the comment from '_gcry_sexp_extract_param'. Signed-off-by: Justus Winter diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 23b1f79..3265a70 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4336,8 +4336,10 @@ In general parameter names are single letters. To use a string for a parameter name, enclose the name in single quotes. Unless in buffer descriptor mode for each parameter name a pointer to -an @code{gcry_mpi_t} variable is expected finally followed by a @code{NULL}. -For example +an @code{gcry_mpi_t} variable is expected that must be set to + at code{NULL} prior to invoking this function, and finally a @code{NULL} +is expected. For example + @example _gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'", &mpi_n, &mpi_x, &mpi_e, &mpi_foo, NULL) @@ -4366,8 +4368,11 @@ number of bytes copied to that buffer; in case the buffer is too small, the function immediately returns with an error code (and @var{len} is set to 0). -The function returns NULL on success. On error an error code is -returned and the passed MPIs are either unchanged or set to NULL. +The function returns 0 on success. On error an error code is +returned, all passed MPIs that might have been allocated up to this +point are deallocated and set to @code{NULL}, and all passed buffers +are either truncated if the caller supplied the buffer, or deallocated +if the function allocated the buffer. @end deftypefun diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index f48f04f..797da2e 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -473,8 +473,51 @@ char *gcry_sexp_nth_string (gcry_sexp_t list, int number); value can't be converted to an MPI, `NULL' is returned. */ gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt); -/* Convenience function to extract parameters from an S-expression - * using a list of single letter parameters. */ +/* Extract MPIs from an s-expression using a list of parameters. The + * names of these parameters are given by the string LIST. Some + * special characters may be given to control the conversion: + * + * + :: Switch to unsigned integer format (default). + * - :: Switch to standard signed format. + * / :: Switch to opaque format. + * & :: Switch to buffer descriptor mode - see below. + * ? :: The previous parameter is optional. + * + * In general parameter names are single letters. To use a string for + * a parameter name, enclose the name in single quotes. + * + * Unless in gcry_buffer_t mode for each parameter name a pointer to + * an MPI variable is expected that must be set to NULL prior to + * invoking this function, and finally a NULL is expected. Example: + * + * _gcry_sexp_extract_param (key, NULL, "n/x+ed", + * &mpi_n, &mpi_x, &mpi_e, NULL) + * + * This stores the parameter "N" from KEY as an unsigned MPI into + * MPI_N, the parameter "X" as an opaque MPI into MPI_X, and the + * parameter "E" again as an unsigned MPI into MPI_E. + * + * If in buffer descriptor mode a pointer to gcry_buffer_t descriptor + * is expected instead of a pointer to an MPI. The caller may use two + * different operation modes: If the DATA field of the provided buffer + * descriptor is NULL, the function allocates a new buffer and stores + * it at DATA; the other fields are set accordingly with OFF being 0. + * If DATA is not NULL, the function assumes that DATA, SIZE, and OFF + * describe a buffer where to but the data; on return the LEN field + * receives the number of bytes copied to that buffer; if the buffer + * is too small, the function immediately returns with an error code + * (and LEN set to 0). + * + * PATH is an optional string used to locate a token. The exclamation + * mark separated tokens are used to via gcry_sexp_find_token to find + * a start point inside SEXP. + * + * The function returns 0 on success. On error an error code is + * returned, all passed MPIs that might have been allocated up to this + * point are deallocated and set to NULL, and all passed buffers are + * either truncated if the caller supplied the buffer, or deallocated + * if the function allocated the buffer. + */ gpg_error_t gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path, const char *list, diff --git a/src/sexp.c b/src/sexp.c index d063962..636f922 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -2183,8 +2183,8 @@ _gcry_sexp_canon_len (const unsigned char *buffer, size_t length, * a parameter name, enclose the name in single quotes. * * Unless in gcry_buffer_t mode for each parameter name a pointer to - * an MPI variable is expected and finally a NULL is expected. - * Example: + * an MPI variable is expected that must be set to NULL prior to + * invoking this function, and finally a NULL is expected. Example: * * _gcry_sexp_extract_param (key, NULL, "n/x+ed", * &mpi_n, &mpi_x, &mpi_e, NULL) @@ -2208,8 +2208,11 @@ _gcry_sexp_canon_len (const unsigned char *buffer, size_t length, * mark separated tokens are used to via gcry_sexp_find_token to find * a start point inside SEXP. * - * The function returns NULL on success. On error an error code is - * returned and the passed MPIs are either unchanged or set to NULL. + * The function returns 0 on success. On error an error code is + * returned, all passed MPIs that might have been allocated up to this + * point are deallocated and set to NULL, and all passed buffers are + * either truncated if the caller supplied the buffer, or deallocated + * if the function allocated the buffer. */ gpg_err_code_t _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path, commit fcf4358a7a7ba8d32bf385ea99ced5f47cbd3ae2 Author: Justus Winter Date: Wed Mar 16 12:49:26 2016 +0100 cipher: Update comment. * cipher/ecc.c (ecc_get_nbits): Update comment to reflect the fact that a curve parameter can be given. Signed-off-by: Justus Winter diff --git a/cipher/ecc.c b/cipher/ecc.c index 4cdbb14..f65203f 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1657,6 +1657,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) * for example: * * (ecc + * (curve ) * (p ) * (a ) * (b ) @@ -1664,8 +1665,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) * (n ) * (q )) * - * More parameters may be given currently P is needed. FIXME: We - * need allow for a "curve" parameter. + * More parameters may be given. Either P or CURVE is needed. */ static unsigned int ecc_get_nbits (gcry_sexp_t parms) ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 4 ++-- doc/gcrypt.texi | 13 +++++++++---- src/gcrypt.h.in | 47 +++++++++++++++++++++++++++++++++++++++++++++-- src/sexp.c | 11 +++++++---- 4 files changed, 63 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 17 00:39:51 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 17 Mar 2016 00:39:51 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-102-g8588c2d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8588c2dbc4c4d1b53796f3dbe8489b932dca7a60 (commit) from b752d2c93778e6a1c1de3eddf8fc725b0ddd354e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8588c2dbc4c4d1b53796f3dbe8489b932dca7a60 Author: NIIBE Yutaka Date: Thu Mar 17 08:37:58 2016 +0900 agent: allow removal of the shadowed key. * agent/findkey.c (agent_delete_key): Remove the key when asked. -- Signed-off-by: NIIBE Yutaka diff --git a/agent/findkey.c b/agent/findkey.c index c5e7ae7..3cf8d0c 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1311,7 +1311,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text, break; case PRIVATE_KEY_SHADOWED: - err = gpg_error (GPG_ERR_KEY_ON_CARD); + err = remove_key_file (grip); break; default: ----------------------------------------------------------------------- Summary of changes: agent/findkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 17 11:14:58 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 17 Mar 2016 11:14:58 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-103-g1dc7f55 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1dc7f55a4095ee42ce2d8c3eb41b7162edf2ca2e (commit) from 8588c2dbc4c4d1b53796f3dbe8489b932dca7a60 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1dc7f55a4095ee42ce2d8c3eb41b7162edf2ca2e Author: Neal H. Walfield Date: Thu Mar 17 11:13:57 2016 +0100 doc: Improve documentation of --enable-large-rsa. * doc/gpg.texi (--enable-large-rsa): Improve text. -- Signed-off-by: Neal H. Walfield Suggested-by: Bernhard Reiter diff --git a/doc/gpg.texi b/doc/gpg.texi index 810f39d..89e098d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1227,10 +1227,12 @@ the opposite meaning. The options are: @itemx --disable-large-rsa @opindex enable-large-rsa @opindex disable-large-rsa -With --gen-key and --batch, enable the creation of larger RSA secret -keys than is generally recommended (up to 8192 bits). These large -keys are more expensive to use, and their signatures and -certifications are also larger. +With --gen-key and --batch, enable the creation of RSA secret keys as +large as 8192 bit. Note: 8192 bit is more than is generally +recommended. These large keys don't significantly improve security, +but they are more expensive to use, and their signatures and +certifications are larger. This option is only available if the +binary was build with large-secmem support. @item --enable-dsa2 @itemx --disable-dsa2 ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 17 15:16:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 17 Mar 2016 15:16:08 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-104-g1aad5c6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1aad5c6277ea3852ff57bbf680f61c9136ce4d5c (commit) from 1dc7f55a4095ee42ce2d8c3eb41b7162edf2ca2e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1aad5c6277ea3852ff57bbf680f61c9136ce4d5c Author: Werner Koch Date: Thu Mar 17 15:15:48 2016 +0100 sm: Always create a keybox header when creating a new keybox. * sm/keydb.c (maybe_create_keybox): Create the header blob. -- This is required so that g10/keydb.c can properly detect that a keybox file is actually there. Just writing a 0 zero length keybox file is not sufficient because a file with that name may also be an old-style OpenPGP keyring. GnuPG-bug-id: 2275 Signed-off-by: Werner Koch diff --git a/sm/keydb.c b/sm/keydb.c index f5705cb..495eb49 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -213,6 +213,18 @@ maybe_create_keybox (char *filename, int force, int *r_created) } umask (oldmask); + /* Make sure that at least one record is in a new keybox file, so + that the detection magic for OpenPGP keyboxes works the next time + it is used. */ + rc = _keybox_write_header_blob (fp, 0); + if (rc) + { + fclose (fp); + log_error (_("error creating keybox '%s': %s\n"), + filename, gpg_strerror (rc)); + goto leave; + } + if (!opt.quiet) log_info (_("keybox '%s' created\n"), filename); if (r_created) ----------------------------------------------------------------------- Summary of changes: sm/keydb.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 18 16:54:53 2016 From: cvs at cvs.gnupg.org (by Vitezslav Cizek) Date: Fri, 18 Mar 2016 16:54:53 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-350-g0bd8137 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0bd8137e68c201b6c2290710e348aaf57efa2b2e (commit) via 2e139456369a834cf87d983da4f61241fda76efe (commit) via c690230af5a66b809f8f6fbab1a6262a5ba078cb (commit) via 78cec8b4754fdf774edb2d575000cb3e972e244c (commit) via ce1cbe16992a7340edcf8e6576973e3508267640 (commit) via c478cf175887c84dc071c4f73a7667603b354789 (commit) via 0f741b0704bac5c0e2d2a0c2b34b44b35baa76d6 (commit) via a242e3d9185e6e2dc13902ea9331131755bbba01 (commit) via e40939b2141306238cc30a340b867b60fa4dc2a3 (commit) via 80e9f95e6f419daa765e4876c858e3e36e808897 (commit) via 443bed836a4fd60217325789134f5a2dc2ec41ce (commit) from 4051fe7fec6ffdc7a2f5c3856665478866991ee7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0bd8137e68c201b6c2290710e348aaf57efa2b2e Author: Vitezslav Cizek Date: Fri Oct 30 17:34:04 2015 +0100 cipher: Add option to specify salt length for PSS verification. * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Check for salt-length token. -- Add possibility to use a different salt length for RSASSA-PSS verification instead of the default 20. Signed-off-by: Vitezslav Cizek Additional changes by wk: - Detect overlong salt-length - Release LIST on error. Signed-off-by: Werner Koch diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 76d3923..c40ef97 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -665,7 +665,7 @@ _gcry_pk_util_free_encoding_ctx (struct pk_encoding_ctx *ctx) LABEL is specific to OAEP. - SALT-LENGTH is for PSS. + SALT-LENGTH is for PSS it is limited to 16384 bytes. RANDOM-OVERRIDE is used to replace random nonces for regression testing. */ @@ -1068,6 +1068,31 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, rc = GPG_ERR_DIGEST_ALGO; else { + gcry_sexp_t list; + /* Get SALT-LENGTH. */ + list = sexp_find_token (ldata, "salt-length", 0); + if (list) + { + unsigned long ul; + + s = sexp_nth_data (list, 1, &n); + if (!s) + { + rc = GPG_ERR_NO_OBJ; + sexp_release (list); + goto leave; + } + ul = strtoul (s, NULL, 10); + if (ul > 16384) + { + rc = GPG_ERR_TOO_LARGE; + sexp_release (list); + goto leave; + } + ctx->saltlen = ul; + sexp_release (list); + } + *ret_mpi = sexp_nth_mpi (lhash, 2, GCRYMPI_FMT_USG); if (!*ret_mpi) rc = GPG_ERR_INV_OBJ; commit 2e139456369a834cf87d983da4f61241fda76efe Author: Vitezslav Cizek Date: Fri Oct 30 15:41:09 2015 +0100 tests: Add support for RSA keygen tests to fipsdrv. * tests/fipsdrv.c (run_rsa_keygen): New. (main): Support RSA keygen and RSA keygen KAT tests. -- In fipsdrv implement support for KeyGen_RandomProbablyPrime and Known Answer Test for probably primes RSA2VS tests. Signed-off-by: Vitezslav Cizek diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c index b5962cf..bcc56d1 100644 --- a/tests/fipsdrv.c +++ b/tests/fipsdrv.c @@ -1340,6 +1340,69 @@ run_rsa_derive (const void *data, size_t datalen) } +/* Generate RSA key using the S-expression in (DATA,DATALEN). This + S-expression is used directly as input to gcry_pk_genkey. The + result is printed to stdout with one parameter per line in hex + format and in this order: e, p, q, n, d. */ +static void +run_rsa_keygen (const void *data, size_t datalen, int test) +{ + gpg_error_t err; + gcry_sexp_t s_keyspec, s_key, s_top, l1; + gcry_mpi_t mpi; + const char *parmlist; + int idx; + + if (!datalen) + err = gpg_error (GPG_ERR_NO_DATA); + else + err = gcry_sexp_new (&s_keyspec, data, datalen, 1); + if (err) + die ("gcry_sexp_new failed for RSA key generation: %s\n", + gpg_strerror (err)); + + err = gcry_pk_genkey (&s_key, s_keyspec); + + gcry_sexp_release (s_keyspec); + + if (test) { + if (err) + printf("F\n"); + else { + gcry_sexp_release (s_key); + printf("P\n"); + } + return; + } + + if (err) + die ("gcry_pk_genkey failed for RSA: %s\n", gpg_strerror (err)); + + parmlist = "epqnd"; + + /* Parse and print the parameters. */ + l1 = gcry_sexp_find_token (s_key, "private-key", 0); + s_top = gcry_sexp_find_token (l1, "rsa", 0); + gcry_sexp_release (l1); + if (!s_top) + die ("private-key part not found in result\n"); + + for (idx=0; parmlist[idx]; idx++) + { + l1 = gcry_sexp_find_token (s_top, parmlist+idx, 1); + mpi = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l1); + if (!mpi) + die ("parameter %c missing in private-key\n", parmlist[idx]); + print_mpi_line (mpi, 1); + gcry_mpi_release (mpi); + } + + gcry_sexp_release (s_top); + gcry_sexp_release (s_key); +} + + static size_t compute_tag_length (size_t n) @@ -2421,6 +2484,8 @@ main (int argc, char **argv) && !mct_server && strcmp (mode_string, "random") && strcmp (mode_string, "rsa-gen") + && strcmp (mode_string, "rsa-keygen") + && strcmp (mode_string, "rsa-keygen-kat") && strcmp (mode_string, "dsa-gen") && strcmp (mode_string, "ecdsa-gen-key") ) { @@ -2611,6 +2676,20 @@ main (int argc, char **argv) die ("no data available (do not use --chunk)\n"); run_rsa_derive (data, datalen); } + else if (!strcmp (mode_string, "rsa-keygen")) + { + data = read_file (input, 0, &datalen); + if (!data) + die ("no data available (do not use --chunk)\n"); + run_rsa_keygen (data, datalen, 0); + } + else if (!strcmp (mode_string, "rsa-keygen-kat")) + { + data = read_file (input, 0, &datalen); + if (!data) + die ("no data available (do not use --chunk)\n"); + run_rsa_keygen (data, datalen, 1); + } else if (!strcmp (mode_string, "rsa-gen")) { int keysize; commit c690230af5a66b809f8f6fbab1a6262a5ba078cb Author: Vitezslav Cizek Date: Fri Oct 30 15:38:13 2015 +0100 tests: Fixes for RSA testsuite in FIPS mode * tests/basic.c (get_keys_new): Generate 2048 bit key. * tests/benchmark.c (rsa_bench): Skip keys of lengths different than 2048 and 3072 in FIPS mode. * tests/keygen.c (check_rsa_keys): Failure if short keys can be generated in FIPS mode. (check_dsa_keys): Ditto for DSA keys. * tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS. -- Thanks to Ludwig Nussel. Signed-off-by: Vitezslav Cizek Additional changes by wk: - Remove printing of "FAIL" in fail() because this is reserved for use by the test driver of the Makefile. - Move setting of IN_FIPS_MODE after gcry_check_version in keygen.c Signed-off-by: Werner Koch diff --git a/tests/basic.c b/tests/basic.c index 876ee2e..63fbcf6 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -8442,7 +8442,7 @@ get_keys_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) if (verbose) fprintf (stderr, " generating RSA key:"); rc = gcry_sexp_new (&key_spec, - in_fips_mode ? "(genkey (rsa (nbits 4:1024)))" + in_fips_mode ? "(genkey (rsa (nbits 4:2048)))" : "(genkey (rsa (nbits 4:1024)(transient-key)))", 0, 1); if (rc) diff --git a/tests/benchmark.c b/tests/benchmark.c index b6cd7a8..c748dac 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -1085,15 +1085,22 @@ rsa_bench (int iterations, int print_header, int no_blinding) gcry_sexp_t data; gcry_sexp_t sig = NULL; int count; + unsigned nbits = p_sizes[testno]; - printf ("RSA %3d bit ", p_sizes[testno]); + printf ("RSA %3d bit ", nbits); fflush (stdout); + if (in_fips_mode && !(nbits == 2048 || nbits == 3072)) + { + puts ("[skipped in fips mode]"); + continue; + } + err = gcry_sexp_build (&key_spec, NULL, gcry_fips_mode_active () ? "(genkey (RSA (nbits %d)))" : "(genkey (RSA (nbits %d)(transient-key)))", - p_sizes[testno]); + nbits); if (err) die ("creating S-expression failed: %s\n", gcry_strerror (err)); @@ -1101,7 +1108,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) err = gcry_pk_genkey (&key_pair, key_spec); if (err) die ("creating %d bit RSA key failed: %s\n", - p_sizes[testno], gcry_strerror (err)); + nbits, gcry_strerror (err)); pub_key = gcry_sexp_find_token (key_pair, "public-key", 0); if (! pub_key) @@ -1116,8 +1123,8 @@ rsa_bench (int iterations, int print_header, int no_blinding) printf (" %s", elapsed_time (1)); fflush (stdout); - x = gcry_mpi_new (p_sizes[testno]); - gcry_mpi_randomize (x, p_sizes[testno]-8, GCRY_WEAK_RANDOM); + x = gcry_mpi_new (nbits); + gcry_mpi_randomize (x, nbits-8, GCRY_WEAK_RANDOM); err = gcry_sexp_build (&data, NULL, "(data (flags raw) (value %m))", x); gcry_mpi_release (x); @@ -1155,8 +1162,8 @@ rsa_bench (int iterations, int print_header, int no_blinding) if (no_blinding) { fflush (stdout); - x = gcry_mpi_new (p_sizes[testno]); - gcry_mpi_randomize (x, p_sizes[testno]-8, GCRY_WEAK_RANDOM); + x = gcry_mpi_new (nbits); + gcry_mpi_randomize (x, nbits-8, GCRY_WEAK_RANDOM); err = gcry_sexp_build (&data, NULL, "(data (flags no-blinding) (value %m))", x); gcry_mpi_release (x); diff --git a/tests/keygen.c b/tests/keygen.c index 8b9a1d5..7afa76c 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -40,6 +40,7 @@ static int verbose; static int debug; static int error_count; +static int in_fips_mode; static void @@ -196,11 +197,11 @@ check_rsa_keys (void) int rc; if (verbose) - show ("creating 1024 bit RSA key\n"); + show ("creating 2048 bit RSA key\n"); rc = gcry_sexp_new (&keyparm, "(genkey\n" " (rsa\n" - " (nbits 4:1024)\n" + " (nbits 4:2048)\n" " ))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gpg_strerror (rc)); @@ -208,9 +209,29 @@ check_rsa_keys (void) gcry_sexp_release (keyparm); if (rc) die ("error generating RSA key: %s\n", gpg_strerror (rc)); - if (verbose > 1) - show_sexp ("1024 bit RSA key:\n", key); - check_generated_rsa_key (key, 65537); + + if (verbose) + show ("creating 1024 bit RSA key\n"); + rc = gcry_sexp_new (&keyparm, + "(genkey\n" + " (rsa\n" + " (nbits 4:1024)\n" + " ))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc && !in_fips_mode) + fail ("error generating RSA key: %s\n", gpg_strerror (rc)); + else if (!rc && in_fips_mode) + fail ("generating 1024 bit RSA key must not work!"); + + if (!rc) + { + if (verbose > 1) + show_sexp ("1024 bit RSA key:\n", key); + check_generated_rsa_key (key, 65537); + } gcry_sexp_release (key); @@ -226,10 +247,13 @@ check_rsa_keys (void) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc) - die ("error generating RSA key: %s\n", gpg_strerror (rc)); + if (rc && !in_fips_mode) + fail ("error generating RSA key: %s\n", gpg_strerror (rc)); + else if (!rc && in_fips_mode) + fail ("generating 512 bit RSA key must not work!"); - check_generated_rsa_key (key, 257); + if (!rc) + check_generated_rsa_key (key, 257); gcry_sexp_release (key); if (verbose) @@ -244,10 +268,13 @@ check_rsa_keys (void) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc) - die ("error generating RSA key: %s\n", gpg_strerror (rc)); + if (rc && !in_fips_mode) + fail ("error generating RSA key: %s\n", gpg_strerror (rc)); + else if (!rc && in_fips_mode) + fail ("generating 512 bit RSA key must not work!"); - check_generated_rsa_key (key, 0); /* We don't expect a constant exponent. */ + if (!rc) + check_generated_rsa_key (key, 0); /* We don't expect a constant exponent. */ gcry_sexp_release (key); } @@ -299,8 +326,10 @@ check_dsa_keys (void) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc) + if (rc && !in_fips_mode) die ("error generating DSA key: %s\n", gpg_strerror (rc)); + else if (!rc && in_fips_mode) + die ("generating 512 bit DSA key must not work!"); if (!i && verbose > 1) show_sexp ("1024 bit DSA key:\n", key); gcry_sexp_release (key); @@ -318,8 +347,10 @@ check_dsa_keys (void) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc) + if (rc && !in_fips_mode) die ("error generating DSA key: %s\n", gpg_strerror (rc)); + else if (!rc && in_fips_mode) + die ("generating 1536 bit DSA key must not work!"); if (verbose > 1) show_sexp ("1536 bit DSA key:\n", key); gcry_sexp_release (key); @@ -597,6 +628,9 @@ main (int argc, char **argv) if (with_progress) gcry_set_progress_handler (progress_cb, NULL); + if ( gcry_fips_mode_active () ) + in_fips_mode = 1; + if (!argc) { check_rsa_keys (); diff --git a/tests/pubkey.c b/tests/pubkey.c index 62dc0d6..5ed6ca1 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -165,6 +165,33 @@ show_sexp (const char *prefix, gcry_sexp_t a) gcry_free (buf); } +/* from ../cipher/pubkey-util.c */ +gpg_err_code_t +_gcry_pk_util_get_nbits (gcry_sexp_t list, unsigned int *r_nbits) +{ + char buf[50]; + const char *s; + size_t n; + + *r_nbits = 0; + + list = gcry_sexp_find_token (list, "nbits", 0); + if (!list) + return 0; /* No NBITS found. */ + + s = gcry_sexp_nth_data (list, 1, &n); + if (!s || n >= DIM (buf) - 1 ) + { + /* NBITS given without a cdr. */ + gcry_sexp_release (list); + return GPG_ERR_INV_OBJ; + } + memcpy (buf, s, n); + buf[n] = 0; + *r_nbits = (unsigned int)strtoul (buf, NULL, 0); + gcry_sexp_release (list); + return 0; +} /* Convert STRING consisting of hex characters into its binary representation and return it as an allocated buffer. The valid @@ -906,8 +933,8 @@ check_x931_derived_key (int what) } }; gpg_error_t err; - gcry_sexp_t key_spec, key, pub_key, sec_key; - gcry_mpi_t d_expected, d_have; + gcry_sexp_t key_spec = NULL, key = NULL, pub_key = NULL, sec_key = NULL; + gcry_mpi_t d_expected = NULL, d_have = NULL; if (what < 0 && what >= sizeof testtable) die ("invalid WHAT value\n"); @@ -916,10 +943,25 @@ check_x931_derived_key (int what) if (err) die ("error creating S-expression [%d]: %s\n", what, gpg_strerror (err)); + { + unsigned nbits; + err = _gcry_pk_util_get_nbits(key_spec, &nbits); + if (err) + die ("nbits not found\n"); + if (gcry_fips_mode_active() && nbits < 2048) + { + info("RSA key test with %d bits skipped in fips mode\n", nbits); + goto leave; + } + } + err = gcry_pk_genkey (&key, key_spec); gcry_sexp_release (key_spec); if (err) - die ("error generating RSA key [%d]: %s\n", what, gpg_strerror (err)); + { + fail ("error generating RSA key [%d]: %s\n", what, gpg_strerror (err)); + goto leave; + } pub_key = gcry_sexp_find_token (key, "public-key", 0); if (!pub_key) @@ -945,6 +987,7 @@ check_x931_derived_key (int what) show_sexp (NULL, sec_key); die ("parameter d does match expected value [%d]\n", what); } +leave: gcry_mpi_release (d_expected); gcry_mpi_release (d_have); commit 78cec8b4754fdf774edb2d575000cb3e972e244c Author: Vitezslav Cizek Date: Fri Oct 30 13:41:41 2015 +0100 rsa: Use 2048 bit RSA keys for selftest. * cipher/rsa.c (selftests_rsa): Use 2048 bit keys. (selftest_encr_1024): Replaced by selftest_encr_2048. (selftest_sign_1024): Replaced by selftest_sign_2048. (selftest_encr_2048): Add check against known ciphertext. (selftest_sign_2048): Add check against known signature. (selftest_sign_2048): Free SIG_MPI. * tests/pubkey.c (get_keys_new): Generate 2048 bit keys. -- Use a 2048 bit keys for RSA selftest. Check against the known signature/ciphertext after signing/encryption in the selftests. Also generate 2k keys in tests/pubkey. Thanks to Ludwig Nussel. Signed-off-by: Vitezslav Cizek Additional changes by wk: - Reformat some strings and comments. - Replace a free by xfree. - Free SIG_MPI. - Make two strings static. Signed-off-by: Werner Koch diff --git a/cipher/rsa.c b/cipher/rsa.c index 45a481b..787b14a 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -62,36 +62,53 @@ static const char *rsa_names[] = }; -/* A sample 1024 bit RSA key used for the selftests. */ +/* A sample 2048 bit RSA key used for the selftests. */ static const char sample_secret_key[] = -"(private-key" -" (rsa" -" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" -" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" -" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" -" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)" -" (e #010001#)" -" (d #046129f2489d71579be0a75fe029bd6cdb574ebf57ea8a5b0fda942cab943b11" -" 7d7bb95e5d28875e0f9fc5fcc06a72f6d502464dabded78ef6b716177b83d5bd" -" c543dc5d3fed932e59f5897e92e6f58a0f33424106a3b6fa2cbf877510e4ac21" -" c3ee47851e97d12996222ac3566d4ccb0b83d164074abf7de655fc2446da1781#)" -" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213" -" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)" -" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9" -" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)" -" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e" -" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))"; -/* A sample 1024 bit RSA key used for the selftests (public only). */ +" (private-key" +" (rsa" +" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" +" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" +" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" +" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" +" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" +" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" +" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" +" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6CB#)" +" (e #010001#)" +" (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19" +" 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93" +" 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12" +" 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F" +" 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48" +" EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD" +" 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84" +" 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401#)" +" (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0" +" 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B" +" 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF" +" 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F1783#)" +" (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46" +" 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77" +" 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E" +" 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B919#)" +" (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04" +" 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4" +" A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9" +" AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7#)))"; + +/* A sample 2048 bit RSA key used for the selftests (public only). */ static const char sample_public_key[] = -"(public-key" -" (rsa" -" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" -" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" -" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" -" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)" -" (e #010001#)))"; - - +" (public-key" +" (rsa" +" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" +" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" +" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" +" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" +" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" +" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" +" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" +" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6CB#)" +" (e #010001#)))"; static int test_keys (RSA_secret_key *sk, unsigned nbits); @@ -1349,20 +1366,34 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam) */ static const char * -selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) +selftest_sign_2048 (gcry_sexp_t pkey, gcry_sexp_t skey) { static const char sample_data[] = "(data (flags pkcs1)" - " (hash sha1 #11223344556677889900aabbccddeeff10203040#))"; + " (hash sha256 #11223344556677889900aabbccddeeff" + /**/ "102030405060708090a0b0c0d0f01121#))"; static const char sample_data_bad[] = "(data (flags pkcs1)" - " (hash sha1 #11223344556677889900aabbccddeeff80203040#))"; + " (hash sha256 #11223344556677889900aabbccddeeff" + /**/ "802030405060708090a0b0c0d0f01121#))"; const char *errtxt = NULL; gcry_error_t err; gcry_sexp_t data = NULL; gcry_sexp_t data_bad = NULL; gcry_sexp_t sig = NULL; + /* raw signature data reference */ + const char ref_data[] = + "6252a19a11e1d5155ed9376036277193d644fa239397fff03e9b92d6f86415d6" + "d30da9273775f290e580d038295ff8ff89522becccfa6ae870bf76b76df402a8" + "54f69347e3db3de8e1e7d4dada281ec556810c7a8ecd0b5f51f9b1c0e7aa7557" + "61aa2b8ba5f811304acc6af0eca41fe49baf33bf34eddaf44e21e036ac7f0b68" + "03cdef1c60021fb7b5b97ebacdd88ab755ce29af568dbc5728cc6e6eff42618d" + "62a0386ca8beed46402bdeeef29b6a3feded906bace411a06a39192bf516ae10" + "67e4320fa8ea113968525f4574d022a3ceeaafdc41079efe1f22cc94bf59d8d3" + "328085da9674857db56de5978a62394aab48aa3b72e23a1b16260cfd9daafe65"; + gcry_mpi_t ref_mpi = NULL; + gcry_mpi_t sig_mpi = NULL; err = sexp_sscan (&data, NULL, sample_data, strlen (sample_data)); if (!err) @@ -1380,6 +1411,27 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) errtxt = "signing failed"; goto leave; } + + err = _gcry_mpi_scan(&ref_mpi, GCRYMPI_FMT_HEX, ref_data, 0, NULL); + if (err) + { + errtxt = "converting ref_data to mpi failed"; + goto leave; + } + + err = _gcry_sexp_extract_param(sig, "sig-val!rsa", "s", &sig_mpi, NULL); + if (err) + { + errtxt = "extracting signature data failed"; + goto leave; + } + + if (mpi_cmp (sig_mpi, ref_mpi)) + { + errtxt = "signature does not match reference data"; + goto leave; + } + err = _gcry_pk_verify (sig, data, pkey); if (err) { @@ -1398,6 +1450,8 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) sexp_release (sig); sexp_release (data_bad); sexp_release (data); + _gcry_mpi_release (ref_mpi); + _gcry_mpi_release (sig_mpi); return errtxt; } @@ -1436,25 +1490,33 @@ extract_a_from_sexp (gcry_sexp_t encr_data) static const char * -selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) +selftest_encr_2048 (gcry_sexp_t pkey, gcry_sexp_t skey) { const char *errtxt = NULL; gcry_error_t err; - const unsigned int nbits = 1000; /* Encrypt 1000 random bits. */ - gcry_mpi_t plaintext = NULL; + static const char plaintext[] = + "Jim quickly realized that the beautiful gowns are expensive."; gcry_sexp_t plain = NULL; gcry_sexp_t encr = NULL; gcry_mpi_t ciphertext = NULL; gcry_sexp_t decr = NULL; - gcry_mpi_t decr_plaintext = NULL; + char *decr_plaintext = NULL; gcry_sexp_t tmplist = NULL; - - /* Create plaintext. The plaintext is actually a big integer number. */ - plaintext = mpi_new (nbits); - _gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); + /* expected result of encrypting the plaintext with sample_secret_key */ + static const char ref_data[] = + "18022e2593a402a737caaa93b4c7e750e20ca265452980e1d6b7710fbd3e" + "7dce72be5c2110fb47691cb38f42170ee3b4a37f2498d4a51567d762585e" + "4cb81d04fbc7df4144f8e5eac2d4b8688521b64011f11d7ad53f4c874004" + "819856f2e2a6f83d1c9c4e73ac26089789c14482b0b8d44139133c88c4a5" + "2dba9dd6d6ffc622666b7d129168333d999706af30a2d7d272db7734e5ed" + "fb8c64ea3018af3ad20f4a013a5060cb0f5e72753967bebe294280a6ed0d" + "dbd3c4f11d0a8696e9d32a0dc03deb0b5e49b2cbd1503392642d4e1211f3" + "e8e2ee38abaa3671ccd57fcde8ca76e85fd2cb77c35706a970a213a27352" + "cec92a9604d543ddb5fc478ff50e0622"; + gcry_mpi_t ref_mpi = NULL; /* Put the plaintext into an S-expression. */ - err = sexp_build (&plain, NULL, "(data (flags raw) (value %m))", plaintext); + err = sexp_build (&plain, NULL, "(data (flags raw) (value %s))", plaintext); if (err) { errtxt = "converting data failed"; @@ -1469,6 +1531,13 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) goto leave; } + err = _gcry_mpi_scan(&ref_mpi, GCRYMPI_FMT_HEX, ref_data, 0, NULL); + if (err) + { + errtxt = "converting encrydata to mpi failed"; + goto leave; + } + /* Extraxt the ciphertext from the returned S-expression. */ /*sexp_dump (encr);*/ ciphertext = extract_a_from_sexp (encr); @@ -1481,9 +1550,9 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) /* Check that the ciphertext does no match the plaintext. */ /* _gcry_log_printmpi ("plaintext", plaintext); */ /* _gcry_log_printmpi ("ciphertxt", ciphertext); */ - if (!mpi_cmp (plaintext, ciphertext)) + if (mpi_cmp (ref_mpi, ciphertext)) { - errtxt = "ciphertext matches plaintext"; + errtxt = "ciphertext doesn't match reference data"; goto leave; } @@ -1503,9 +1572,9 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) take care of it anyway. */ tmplist = sexp_find_token (decr, "value", 0); if (tmplist) - decr_plaintext = sexp_nth_mpi (tmplist, 1, GCRYMPI_FMT_USG); + decr_plaintext = sexp_nth_string (tmplist, 1); else - decr_plaintext = sexp_nth_mpi (decr, 0, GCRYMPI_FMT_USG); + decr_plaintext = sexp_nth_string (decr, 0); if (!decr_plaintext) { errtxt = "decrypt returned no plaintext"; @@ -1513,7 +1582,7 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) } /* Check that the decrypted plaintext matches the original plaintext. */ - if (mpi_cmp (plaintext, decr_plaintext)) + if (strcmp (plaintext, decr_plaintext)) { errtxt = "mismatch"; goto leave; @@ -1521,12 +1590,12 @@ selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) leave: sexp_release (tmplist); - _gcry_mpi_release (decr_plaintext); + xfree (decr_plaintext); sexp_release (decr); _gcry_mpi_release (ciphertext); + _gcry_mpi_release (ref_mpi); sexp_release (encr); sexp_release (plain); - _gcry_mpi_release (plaintext); return errtxt; } @@ -1561,12 +1630,12 @@ selftests_rsa (selftest_report_func_t report) } what = "sign"; - errtxt = selftest_sign_1024 (pkey, skey); + errtxt = selftest_sign_2048 (pkey, skey); if (errtxt) goto failed; what = "encrypt"; - errtxt = selftest_encr_1024 (pkey, skey); + errtxt = selftest_encr_2048 (pkey, skey); if (errtxt) goto failed; diff --git a/tests/pubkey.c b/tests/pubkey.c index 26bd9e3..62dc0d6 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -354,7 +354,7 @@ get_keys_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) int rc; rc = gcry_sexp_new (&key_spec, - "(genkey (rsa (nbits 4:1024)))", 0, 1); + "(genkey (rsa (nbits 4:2048)))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gcry_strerror (rc)); rc = gcry_pk_genkey (&key, key_spec); @@ -386,7 +386,7 @@ get_keys_x931_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) int rc; rc = gcry_sexp_new (&key_spec, - "(genkey (rsa (nbits 4:1024)(use-x931)))", 0, 1); + "(genkey (rsa (nbits 4:2048)(use-x931)))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gcry_strerror (rc)); rc = gcry_pk_genkey (&key, key_spec); commit ce1cbe16992a7340edcf8e6576973e3508267640 Author: Vitezslav Cizek Date: Thu Oct 29 17:13:16 2015 +0100 Disable non-allowed algorithms in FIPS mode * cipher/cipher.c (_gcry_cipher_init), * cipher/mac.c (_gcry_mac_init), * cipher/md.c (_gcry_md_init), * cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the non-allowed ciphers. * cipher/md5.c: Mark MD5 as not allowed in FIPS. * src/g10lib.h (_gcry_mac_init): New. * src/global.c (global_init): Call the new _gcry_mac_init. * tests/basic.c (check_ciphers): Fix a typo. -- When running in the FIPS mode, disable all the ciphers that don't have the fips flag set. Skip the non-allowed algos during testing in the FIPS mode. Thanks to Ludwig Nussel. Signed-off-by: Vitezslav Cizek Signed-off-by: Vitezslav Cizek diff --git a/cipher/cipher.c b/cipher/cipher.c index 802ffad..a013846 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -1514,6 +1514,17 @@ _gcry_cipher_get_algo_blklen (int algo) gcry_err_code_t _gcry_cipher_init (void) { + if (fips_mode()) + { + /* disable algorithms that are disallowed in fips */ + int idx; + gcry_cipher_spec_t *spec; + + for (idx = 0; (spec = cipher_list[idx]); idx++) + if (!spec->flags.fips) + spec->flags.disabled = 1; + } + return 0; } diff --git a/cipher/mac.c b/cipher/mac.c index b8a5534..46be7b7 100644 --- a/cipher/mac.c +++ b/cipher/mac.c @@ -116,6 +116,23 @@ static gcry_mac_spec_t *mac_list[] = { NULL, }; +/* Explicitly initialize this module. */ +gcry_err_code_t +_gcry_mac_init (void) +{ + if (fips_mode()) + { + /* disable algorithms that are disallowed in fips */ + int idx; + gcry_mac_spec_t *spec; + + for (idx = 0; (spec = mac_list[idx]); idx++) + if (!spec->flags.fips) + spec->flags.disabled = 1; + } + + return 0; +} /* Return the spec structure for the MAC algorithm ALGO. For an diff --git a/cipher/md.c b/cipher/md.c index 15d944d..281db12 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -1296,6 +1296,17 @@ _gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes) gcry_err_code_t _gcry_md_init (void) { + if (fips_mode()) + { + /* disable algorithms that are disallowed in fips */ + int idx; + gcry_md_spec_t *spec; + + for (idx = 0; (spec = digest_list[idx]); idx++) + if (!spec->flags.fips) + spec->flags.disabled = 1; + } + return 0; } diff --git a/cipher/md5.c b/cipher/md5.c index 66cc5f6..ed942cf 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -310,7 +310,7 @@ static gcry_md_oid_spec_t oid_spec_md5[] = gcry_md_spec_t _gcry_digest_spec_md5 = { - GCRY_MD_MD5, {0, 1}, + GCRY_MD_MD5, {0, 0}, "MD5", asn, DIM (asn), oid_spec_md5, 16, md5_init, _gcry_md_block_write, md5_final, md5_read, NULL, sizeof (MD5_CONTEXT) diff --git a/cipher/pubkey.c b/cipher/pubkey.c index b321a89..8ec15fd 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -926,6 +926,17 @@ _gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx) gcry_err_code_t _gcry_pk_init (void) { + if (fips_mode()) + { + /* disable algorithms that are disallowed in fips */ + int idx; + gcry_pk_spec_t *spec; + + for (idx = 0; (spec = pubkey_list[idx]); idx++) + if (!spec->flags.fips) + spec->flags.disabled = 1; + } + return 0; } diff --git a/src/g10lib.h b/src/g10lib.h index 7352556..af68870 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -381,6 +381,7 @@ typedef struct fast_wipememory_s gcry_err_code_t _gcry_cipher_init (void); gcry_err_code_t _gcry_md_init (void); +gcry_err_code_t _gcry_mac_init (void); gcry_err_code_t _gcry_pk_init (void); gcry_err_code_t _gcry_secmem_module_init (void); gcry_err_code_t _gcry_mpi_init (void); diff --git a/src/global.c b/src/global.c index 4d69b27..8669a46 100644 --- a/src/global.c +++ b/src/global.c @@ -105,6 +105,9 @@ global_init (void) err = _gcry_md_init (); if (err) goto fail; + err = _gcry_mac_init (); + if (err) + goto fail; err = _gcry_pk_init (); if (err) goto fail; diff --git a/tests/basic.c b/tests/basic.c index 5e7ee44..876ee2e 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -698,6 +698,14 @@ check_ctr_cipher (void) if (!tv[i].algo) continue; + if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) + { + if (verbose) + fprintf (stderr, " algorithm %d not available in fips mode\n", + tv[i].algo); + continue; + } + err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0); if (!err) err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0); @@ -929,6 +937,14 @@ check_cfb_cipher (void) for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) { + if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) + { + if (verbose) + fprintf (stderr, " algorithm %d not available in fips mode\n", + tv[i].algo); + continue; + } + if (verbose) fprintf (stderr, " checking CFB mode for %s [%i]\n", gcry_cipher_algo_name (tv[i].algo), @@ -1100,6 +1116,14 @@ check_ofb_cipher (void) for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) { + if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) + { + if (verbose) + fprintf (stderr, " algorithm %d not available in fips mode\n", + tv[i].algo); + continue; + } + if (verbose) fprintf (stderr, " checking OFB mode for %s [%i]\n", gcry_cipher_algo_name (tv[i].algo), @@ -1402,6 +1426,14 @@ _check_gcm_cipher (unsigned int step) for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) { + if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) + { + if (verbose) + fprintf (stderr, " algorithm %d not available in fips mode\n", + tv[i].algo); + continue; + } + if (verbose) fprintf (stderr, " checking GCM mode for %s [%i]\n", gcry_cipher_algo_name (tv[i].algo), @@ -2423,6 +2455,14 @@ check_ccm_cipher (void) for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) { + if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) + { + if (verbose) + fprintf (stderr, " algorithm %d not available in fips mode\n", + tv[i].algo); + continue; + } + if (verbose) fprintf (stderr, " checking CCM mode for %s [%i]\n", gcry_cipher_algo_name (tv[i].algo), @@ -3924,6 +3964,13 @@ check_stream_cipher (void) for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) { + if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) + { + if (verbose) + fprintf (stderr, " algorithm %d not available in fips mode\n", + tv[i].algo); + continue; + } if (verbose) fprintf (stderr, " checking stream mode for %s [%i] (%s)\n", gcry_cipher_algo_name (tv[i].algo), tv[i].algo, tv[i].name); @@ -4368,6 +4415,14 @@ check_stream_cipher_large_block (void) for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) { + if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) + { + if (verbose) + fprintf (stderr, " algorithm %d not available in fips mode\n", + tv[i].algo); + continue; + } + if (verbose) fprintf (stderr, " checking large block stream for %s [%i] (%s)\n", gcry_cipher_algo_name (tv[i].algo), tv[i].algo, tv[i].name); @@ -5219,11 +5274,11 @@ check_ciphers (void) for (i = 0; algos2[i]; i++) { - if (gcry_cipher_test_algo (algos[i]) && in_fips_mode) + if (gcry_cipher_test_algo (algos2[i]) && in_fips_mode) { if (verbose) fprintf (stderr, " algorithm %d not available in fips mode\n", - algos[i]); + algos2[i]); continue; } if (verbose) @@ -6399,8 +6454,7 @@ check_digests (void) show_md_not_available (algos[i].md); continue; } - if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5) - && in_fips_mode) + if (gcry_md_test_algo (algos[i].md) && in_fips_mode) { if (verbose) fprintf (stderr, " algorithm %d not available in fips mode\n", @@ -6832,8 +6886,7 @@ check_hmac (void) show_old_hmac_not_available (algos[i].md); continue; } - if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5) - && in_fips_mode) + if (gcry_md_test_algo (algos[i].md) && in_fips_mode) { if (verbose) fprintf (stderr, " algorithm %d not available in fips mode\n", @@ -7809,8 +7862,7 @@ check_mac (void) show_mac_not_available (algos[i].algo); continue; } - if ((gcry_mac_test_algo (algos[i].algo) - || algos[i].algo == GCRY_MAC_HMAC_MD5) && in_fips_mode) + if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode) { if (verbose) fprintf (stderr, " algorithm %d not available in fips mode\n", commit c478cf175887c84dc071c4f73a7667603b354789 Author: Werner Koch Date: Fri Mar 18 15:38:26 2016 +0100 kdf: Make PBKDF2 check work on all platforms. * cipher/kdf.c (_gcry_kdf_pkdf2): Chnage DKLEN to unsigned long. -- The previous pacth has no effect because on almost all platformans an unsigned int is 32 bit and thus the 0xffffffff is anyway the largest value. This patch changes the variable to an unsigned long so that at least on common 64 bit Unix systems (but not on 64 bit Windows) there is an actual check. Signed-off-by: Werner Koch diff --git a/cipher/kdf.c b/cipher/kdf.c index 831edd2..27f5789 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -125,7 +125,7 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, gpg_err_code_t ec; gcry_md_hd_t md; int secmode; - unsigned int dklen = keysize; + unsigned long dklen = keysize; char *dk = keybuffer; unsigned int hlen; /* Output length of the digest function. */ unsigned int l; /* Rounded up number of blocks. */ @@ -151,11 +151,14 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer); /* Step 1 */ - /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. - We use a stronger inequality. */ + /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and + * stop. We use a stronger inequality but only if our type can hold + * a larger value. */ - if (dklen > 4294967295U) +#if SIZEOF_UNSIGNED_LONG > 4 + if (dklen > 0xffffffffU) return GPG_ERR_INV_VALUE; +#endif /* Step 2 */ commit 0f741b0704bac5c0e2d2a0c2b34b44b35baa76d6 Author: Vitezslav Cizek Date: Thu Oct 29 14:00:26 2015 +0100 kdf: Add upper bound for derived key length in PBKDF2. * cipher/kdf.c (_gcry_kdf_pkdf2): limit dkLen. -- Add a missing step 1 from PBKDF specification. Signed-off-by: Vitezslav Cizek diff --git a/cipher/kdf.c b/cipher/kdf.c index ad5c46e..831edd2 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -138,7 +138,7 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, unsigned long iter; /* Current iteration number. */ unsigned int i; - /* NWe allow for a saltlen of 0 here to support scrypt. It is not + /* We allow for a saltlen of 0 here to support scrypt. It is not clear whether rfc2898 allows for this this, thus we do a test on saltlen > 0 only in gcry_kdf_derive. */ if (!salt || !iterations || !dklen) @@ -150,8 +150,13 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer); - /* We ignore step 1 from pksc5v2.1 which demands a check that dklen - is not larger that 0xffffffff * hlen. */ + /* Step 1 */ + /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. + We use a stronger inequality. */ + + if (dklen > 4294967295U) + return GPG_ERR_INV_VALUE; + /* Step 2 */ l = ((dklen - 1)/ hlen) + 1; commit a242e3d9185e6e2dc13902ea9331131755bbba01 Author: Vitezslav Cizek Date: Tue Oct 27 14:29:11 2015 +0100 ecc: ECDSA adjustments for FIPS 186-4 * cipher/ecc-curves.c: Unmark curve P-192 for FIPS. * cipher/ecc.c: Add ECDSA self test. * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2 in FIPS mode. * tests/fipsdrv.c: Add support for ECDSA signatures. -- Enable ECC in FIPS mode. According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed for key pair generation and signature generation after 2013. Thanks to Jan Matejek for the patch. Signed-off-by: Vitezslav Cizek Minor source code re-formatting by -wk. diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index a74501d..91f29cc 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -160,7 +160,7 @@ static const ecc_domain_parms_t domain_parms[] = }, #endif /*0*/ { - "NIST P-192", 192, 1, + "NIST P-192", 192, 0, MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD, "0xfffffffffffffffffffffffffffffffeffffffffffffffff", "0xfffffffffffffffffffffffffffffffefffffffffffffffc", diff --git a/cipher/ecc.c b/cipher/ecc.c index f65203f..5b03530 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -73,6 +73,25 @@ static const char *ecc_names[] = }; +/* Sample NIST P-256 key from RFC 6979 A.2.5 */ +static const char sample_public_key_secp256[] = + "(public-key" + " (ecc" + " (curve secp256r1)" + " (q #04" + /**/ "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6" + /**/ "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299#)))"; + +static const char sample_secret_key_secp256[] = + "(private-key" + " (ecc" + " (curve secp256r1)" + " (d #C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721#)" + " (q #04" + /**/ "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6" + /**/ "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299#)))"; + + /* Registered progress function and its callback value. */ static void (*progress_cb) (void *, const char*, int, int, int); static void *progress_cb_data; @@ -1956,23 +1975,165 @@ _gcry_pk_ecc_get_sexp (gcry_sexp_t *r_sexp, int mode, mpi_ec_t ec) Self-test section. */ +static const char * +selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey) +{ + /* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */ + static const char sample_data[] = + "(data (flags rfc6979)" + " (hash sha256 #af2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915" + /**/ "62113d8a62add1bf#))"; + static const char sample_data_bad[] = + "(data (flags rfc6979)" + " (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915" + /**/ "62113d8a62add1bf#))"; + static const char signature_r[] = + "efd48b2aacb6a8fd1140dd9cd45e81d69d2c877b56aaf991c34d0ea84eaf3716"; + static const char signature_s[] = + "f7cb1c942d657c41d436c7a1b6e29f65f3e900dbb9aff4064dc4ab2f843acda8"; + + const char *errtxt = NULL; + gcry_error_t err; + gcry_sexp_t data = NULL; + gcry_sexp_t data_bad = NULL; + gcry_sexp_t sig = NULL; + gcry_sexp_t l1 = NULL; + gcry_sexp_t l2 = NULL; + gcry_mpi_t r = NULL; + gcry_mpi_t s = NULL; + gcry_mpi_t calculated_r = NULL; + gcry_mpi_t calculated_s = NULL; + int cmp; + + err = sexp_sscan (&data, NULL, sample_data, strlen (sample_data)); + if (!err) + err = sexp_sscan (&data_bad, NULL, + sample_data_bad, strlen (sample_data_bad)); + if (!err) + err = _gcry_mpi_scan (&r, GCRYMPI_FMT_HEX, signature_r, 0, NULL); + if (!err) + err = _gcry_mpi_scan (&s, GCRYMPI_FMT_HEX, signature_s, 0, NULL); + + if (err) + { + errtxt = "converting data failed"; + goto leave; + } + + err = _gcry_pk_sign (&sig, data, skey); + if (err) + { + errtxt = "signing failed"; + goto leave; + } + + /* check against known signature */ + errtxt = "signature validity failed"; + l1 = _gcry_sexp_find_token (sig, "sig-val", 0); + if (!l1) + goto leave; + l2 = _gcry_sexp_find_token (l1, "ecdsa", 0); + if (!l2) + goto leave; + + sexp_release (l1); + l1 = l2; + + l2 = _gcry_sexp_find_token (l1, "r", 0); + if (!l2) + goto leave; + calculated_r = _gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + if (!calculated_r) + goto leave; + + l2 = _gcry_sexp_find_token (l1, "s", 0); + if (!l2) + goto leave; + calculated_s = _gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + if (!calculated_s) + goto leave; + + errtxt = "known sig check failed"; + + cmp = _gcry_mpi_cmp (r, calculated_r); + if (cmp) + goto leave; + cmp = _gcry_mpi_cmp (s, calculated_s); + if (cmp) + goto leave; + + errtxt = NULL; + + /* verify generated signature */ + err = _gcry_pk_verify (sig, data, pkey); + if (err) + { + errtxt = "verify failed"; + goto leave; + } + err = _gcry_pk_verify (sig, data_bad, pkey); + if (gcry_err_code (err) != GPG_ERR_BAD_SIGNATURE) + { + errtxt = "bad signature not detected"; + goto leave; + } + + + leave: + sexp_release (sig); + sexp_release (data_bad); + sexp_release (data); + sexp_release (l1); + sexp_release (l2); + mpi_release (r); + mpi_release (s); + mpi_release (calculated_r); + mpi_release (calculated_s); + return errtxt; +} + static gpg_err_code_t selftests_ecdsa (selftest_report_func_t report) { const char *what; const char *errtxt; + gcry_error_t err; + gcry_sexp_t skey = NULL; + gcry_sexp_t pkey = NULL; + + what = "convert"; + err = sexp_sscan (&skey, NULL, sample_secret_key_secp256, + strlen (sample_secret_key_secp256)); + if (!err) + err = sexp_sscan (&pkey, NULL, sample_public_key_secp256, + strlen (sample_public_key_secp256)); + if (err) + { + errtxt = _gcry_strerror (err); + goto failed; + } + + what = "key consistency"; + err = ecc_check_secret_key(skey); + if (err) + { + errtxt = _gcry_strerror (err); + goto failed; + } - what = "low-level"; - errtxt = NULL; /*selftest ();*/ + what = "sign"; + errtxt = selftest_sign (pkey, skey); if (errtxt) goto failed; - /* FIXME: need more tests. */ - + sexp_release(pkey); + sexp_release(skey); return 0; /* Succeeded. */ failed: + sexp_release(pkey); + sexp_release(skey); if (report) report ("pubkey", GCRY_PK_ECC, what, errtxt); return GPG_ERR_SELFTEST_FAILED; @@ -1996,7 +2157,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report) gcry_pk_spec_t _gcry_pubkey_spec_ecc = { - GCRY_PK_ECC, { 0, 0 }, + GCRY_PK_ECC, { 0, 1 }, (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR), "ECC", ecc_names, "pabgnhq", "pabgnhqd", "sw", "rs", "pabgnhq", diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index d0d6003..76d3923 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -617,7 +617,14 @@ _gcry_pk_util_init_encoding_ctx (struct pk_encoding_ctx *ctx, ctx->nbits = nbits; ctx->encoding = PUBKEY_ENC_UNKNOWN; ctx->flags = 0; - ctx->hash_algo = GCRY_MD_SHA1; + if (fips_mode ()) + { + ctx->hash_algo = GCRY_MD_SHA256; + } + else + { + ctx->hash_algo = GCRY_MD_SHA1; + } ctx->label = NULL; ctx->labellen = 0; ctx->saltlen = 20; diff --git a/src/fips.c b/src/fips.c index edcbeac..3311ba2 100644 --- a/src/fips.c +++ b/src/fips.c @@ -549,7 +549,7 @@ run_pubkey_selftests (int extended) { GCRY_PK_RSA, GCRY_PK_DSA, - /* GCRY_PK_ECC is not enabled in fips mode. */ + GCRY_PK_ECC, 0 }; int idx; diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c index d757420..b5962cf 100644 --- a/tests/fipsdrv.c +++ b/tests/fipsdrv.c @@ -1721,6 +1721,33 @@ dsa_gen_with_seed (int keysize, const void *seed, size_t seedlen) } +/* Generate an ECDSA key on the specified curve and return the complete + S-expression. */ +static gcry_sexp_t +ecdsa_gen_key (const char *curve) +{ + gpg_error_t err; + gcry_sexp_t keyspec, key; + + err = gcry_sexp_build (&keyspec, NULL, + "(genkey" + " (ecc" + " (use-fips186)" + " (curve %s)))", + curve); + if (err) + die ("gcry_sexp_build failed for ECDSA key generation: %s\n", + gpg_strerror (err)); + err = gcry_pk_genkey (&key, keyspec); + if (err) + die ("gcry_pk_genkey failed for ECDSA: %s\n", gpg_strerror (err)); + + gcry_sexp_release (keyspec); + + return key; +} + + /* Print the domain parameter as well as the derive information. KEY is the complete key as returned by dsa_gen. We print to stdout with one parameter per line in hex format using this order: p, q, @@ -1813,6 +1840,46 @@ print_dsa_domain_parameters (gcry_sexp_t key) } +/* Print public key Q (in octet-string format) and private key d. + KEY is the complete key as returned by ecdsa_gen_key. + with one parameter per line in hex format using this order: d, Q. */ +static void +print_ecdsa_dq (gcry_sexp_t key) +{ + gcry_sexp_t l1, l2; + gcry_mpi_t mpi; + int idx; + + l1 = gcry_sexp_find_token (key, "private-key", 0); + if (!l1) + die ("private key not found in genkey result\n"); + + l2 = gcry_sexp_find_token (l1, "ecc", 0); + if (!l2) + die ("returned private key not formed as expected\n"); + gcry_sexp_release (l1); + l1 = l2; + + /* Extract the parameters from the S-expression and print them to stdout. */ + for (idx=0; "dq"[idx]; idx++) + { + l2 = gcry_sexp_find_token (l1, "dq"+idx, 1); + if (!l2) + die ("no %c parameter in returned public key\n", "dq"[idx]); + mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + if (!mpi) + die ("no value for %c parameter in returned private key\n","dq"[idx]); + gcry_sexp_release (l2); + if (standalone_mode) + printf ("%c = ", "dQ"[idx]); + print_mpi_line (mpi, 1); + gcry_mpi_release (mpi); + } + + gcry_sexp_release (l1); +} + + /* Generate DSA domain parameters for a modulus size of KEYSIZE. The result is printed to stdout with one parameter per line in hex format and in this order: p, q, g, seed, counter, h. If SEED is @@ -1992,6 +2059,138 @@ run_dsa_verify (const void *data, size_t datalen, } + +/* Sign DATA of length DATALEN using the key taken from the S-expression + encoded KEYFILE. */ +static void +run_ecdsa_sign (const void *data, size_t datalen, + const char *keyfile, const int algo) + +{ + gpg_error_t err; + gcry_sexp_t s_data, s_key, s_sig, s_tmp; + char hash[128]; + gcry_mpi_t tmpmpi; + + s_key = read_sexp_from_file (keyfile); + + gcry_md_hash_buffer (algo, hash, data, datalen); + err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, + gcry_md_get_algo_dlen(algo), NULL); + if (!err) + { + err = gcry_sexp_build (&s_data, NULL, + "(data (flags raw)(hash %s %M))", + gcry_md_algo_name(algo), tmpmpi); + gcry_mpi_release (tmpmpi); + } + if (err) + die ("gcry_sexp_build failed for ECDSA data input: %s\n", + gpg_strerror (err)); + + err = gcry_pk_sign (&s_sig, s_data, s_key); + if (err) + { + die ("gcry_pk_signed failed: %s\n", gpg_strerror (err)); + } + gcry_sexp_release (s_data); + gcry_sexp_release (s_key); + + /* Now return the actual signature. */ + s_tmp = gcry_sexp_find_token (s_sig, "sig-val", 0); + if (!s_tmp) + die ("no sig-val element in returned S-expression\n"); + + gcry_sexp_release (s_sig); + s_sig = s_tmp; + s_tmp = gcry_sexp_find_token (s_sig, "ecdsa", 0); + if (!s_tmp) + die ("no ecdsa element in returned S-expression\n"); + + gcry_sexp_release (s_sig); + s_sig = s_tmp; + + s_tmp = gcry_sexp_find_token (s_sig, "r", 0); + tmpmpi = gcry_sexp_nth_mpi (s_tmp, 1, GCRYMPI_FMT_USG); + if (!tmpmpi) + die ("no r parameter in returned S-expression\n"); + print_mpi_line (tmpmpi, 1); + gcry_mpi_release (tmpmpi); + gcry_sexp_release (s_tmp); + + s_tmp = gcry_sexp_find_token (s_sig, "s", 0); + tmpmpi = gcry_sexp_nth_mpi (s_tmp, 1, GCRYMPI_FMT_USG); + if (!tmpmpi) + die ("no s parameter in returned S-expression\n"); + print_mpi_line (tmpmpi, 1); + gcry_mpi_release (tmpmpi); + gcry_sexp_release (s_tmp); + + gcry_sexp_release (s_sig); +} + + + +/* Verify DATA of length DATALEN using the public key taken from the + S-expression in KEYFILE against the S-expression formatted + signature in SIGFILE. */ +static void +run_ecdsa_verify (const void *data, size_t datalen, + const char *keyfile, const int algo, const char *sigfile) + +{ + gpg_error_t err; + gcry_sexp_t s_data, s_key, s_sig; + char hash[128]; + gcry_mpi_t tmpmpi; + + s_key = read_sexp_from_file (keyfile); + + gcry_md_hash_buffer (algo, hash, data, datalen); + /* Note that we can't simply use %b with HASH to build the + S-expression, because that might yield a negative value. */ + err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, + gcry_md_get_algo_dlen(algo), NULL); + if (!err) + { + err = gcry_sexp_build (&s_data, NULL, + "(data (flags raw)(hash %s %M))", + gcry_md_algo_name(algo), tmpmpi); + gcry_mpi_release (tmpmpi); + } + if (err) + die ("gcry_sexp_build failed for DSA data input: %s\n", + gpg_strerror (err)); + + s_sig = read_sexp_from_file (sigfile); + + err = gcry_pk_verify (s_sig, s_data, s_key); + if (!err) + puts ("GOOD signature"); + else if (gpg_err_code (err) == GPG_ERR_BAD_SIGNATURE) + puts ("BAD signature"); + else + printf ("ERROR (%s)\n", gpg_strerror (err)); + + gcry_sexp_release (s_sig); + gcry_sexp_release (s_key); + gcry_sexp_release (s_data); +} + + +/* Generate an ECDSA key with specified domain parameters + and print the d and Q values, in the standard octet-string format. */ +static void +run_ecdsa_gen_key (const char *curve) +{ + gcry_sexp_t key; + + key = ecdsa_gen_key (curve); + print_ecdsa_dq (key); + + gcry_sexp_release (key); +} + static void @@ -2008,7 +2207,8 @@ usage (int show_help) "Run a crypto operation using hex encoded input and output.\n" "MODE:\n" " encrypt, decrypt, digest, random, hmac-sha,\n" - " rsa-{derive,gen,sign,verify}, dsa-{pqg-gen,gen,sign,verify}\n" + " rsa-{derive,gen,sign,verify},\n" + " dsa-{pqg-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n" "OPTIONS:\n" " --verbose Print additional information\n" " --binary Input and output is in binary form\n" @@ -2017,6 +2217,7 @@ usage (int show_help) " --iv IV Use the hex encoded IV\n" " --dt DT Use the hex encoded DT for the RNG\n" " --algo NAME Use algorithm NAME\n" + " --curve NAME Select ECC curve spec NAME\n" " --keysize N Use a keysize of N bits\n" " --signature NAME Take signature from file NAME\n" " --chunk N Read in chunks of N bytes (implies --binary)\n" @@ -2039,6 +2240,7 @@ main (int argc, char **argv) int progress = 0; int use_pkcs1 = 0; const char *mode_string; + const char *curve_string = NULL; const char *key_string = NULL; const char *iv_string = NULL; const char *dt_string = NULL; @@ -2154,6 +2356,14 @@ main (int argc, char **argv) binary_input = binary_output = 1; argc--; argv++; } + else if (!strcmp (*argv, "--curve")) + { + argc--; argv++; + if (!argc) + usage (0); + curve_string = *argv; + argc--; argv++; + } else if (!strcmp (*argv, "--pkcs1")) { use_pkcs1 = 1; @@ -2211,7 +2421,8 @@ main (int argc, char **argv) && !mct_server && strcmp (mode_string, "random") && strcmp (mode_string, "rsa-gen") - && strcmp (mode_string, "dsa-gen") ) + && strcmp (mode_string, "dsa-gen") + && strcmp (mode_string, "ecdsa-gen-key") ) { data = read_file (input, !binary_input, &datalen); if (!data) @@ -2501,6 +2712,53 @@ main (int argc, char **argv) run_dsa_verify (data, datalen, key_string, signature_string); } + else if (!strcmp (mode_string, "ecdsa-gen-key")) + { + if (!curve_string) + die ("option --curve containing name of the specified curve is required in this mode\n"); + run_ecdsa_gen_key (curve_string); + } + else if (!strcmp (mode_string, "ecdsa-sign")) + { + int algo; + + if (!key_string) + die ("option --key is required in this mode\n"); + if (access (key_string, R_OK)) + die ("option --key needs to specify an existing keyfile\n"); + if (!algo_string) + die ("use --algo to specify the digest algorithm\n"); + algo = gcry_md_map_name (algo_string); + if (!algo) + die ("digest algorithm `%s' is not supported\n", algo_string); + + if (!data) + die ("no data available (do not use --chunk)\n"); + + run_ecdsa_sign (data, datalen, key_string, algo); + } + else if (!strcmp (mode_string, "ecdsa-verify")) + { + int algo; + + if (!key_string) + die ("option --key is required in this mode\n"); + if (access (key_string, R_OK)) + die ("option --key needs to specify an existing keyfile\n"); + if (!algo_string) + die ("use --algo to specify the digest algorithm\n"); + algo = gcry_md_map_name (algo_string); + if (!algo) + die ("digest algorithm `%s' is not supported\n", algo_string); + if (!data) + die ("no data available (do not use --chunk)\n"); + if (!signature_string) + die ("option --signature is required in this mode\n"); + if (access (signature_string, R_OK)) + die ("option --signature needs to specify an existing file\n"); + + run_ecdsa_verify (data, datalen, key_string, algo, signature_string); + } else usage (0); commit e40939b2141306238cc30a340b867b60fa4dc2a3 Author: Werner Koch Date: Fri Mar 18 15:11:31 2016 +0100 dsa: Make regression tests work. * cipher/dsa.c (sample_secret_key_1024): Comment out unused constant. (ogenerate_fips186): Make it work with use-fips183-2 flag. * cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs standard comment out format. * tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion. (main): Call it. (main): Compare against current version. * tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key. (get_dsa_key_fips186_with_seed_new): Ditto. (get_dsa_key_fips186_with_domain_new): Comment out. (check_run): Do not call that function. -- Signed-off-by: Werner Koch diff --git a/cipher/dsa.c b/cipher/dsa.c index 37c1b18..909a8ca 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -66,7 +66,9 @@ static const char *dsa_names[] = }; -/* A sample 1024 bit DSA key used for the selftests. */ +/* A sample 1024 bit DSA key used for the selftests. Not anymore + * used, kept only for reference. */ +#if 0 static const char sample_secret_key_1024[] = "(private-key" " (dsa" @@ -101,6 +103,7 @@ static const char sample_public_key_1024[] = " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))"; +#endif /*0*/ /* 2048 DSA key from RFC 6979 A.2.2 */ static const char sample_public_key_2048[] = @@ -412,7 +415,9 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, /* Check that QBITS and NBITS match the standard. Note that FIPS 186-3 uses N for QBITS and L for NBITS. */ - if (nbits == 2048 && qbits == 224) + if (nbits == 1024 && qbits == 160 && use_fips186_2) + ; /* Allowed in FIPS 186-2 mode. */ + else if (nbits == 2048 && qbits == 224) ; else if (nbits == 2048 && qbits == 256) ; @@ -442,27 +447,28 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, initial_seed.sexp = sexp_find_token (deriveparms, "seed", 0); if (initial_seed.sexp) initial_seed.seed = sexp_nth_data (initial_seed.sexp, 1, - &initial_seed.seedlen); + &initial_seed.seedlen); } if (use_fips186_2) ec = _gcry_generate_fips186_2_prime (nbits, qbits, - initial_seed.seed, - initial_seed.seedlen, - &prime_q, &prime_p, - r_counter, - r_seed, r_seedlen); + initial_seed.seed, + initial_seed.seedlen, + &prime_q, &prime_p, + r_counter, + r_seed, r_seedlen); else ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, - &prime_q, &prime_p, - r_counter, - r_seed, r_seedlen, NULL); + &prime_q, &prime_p, + r_counter, + r_seed, r_seedlen, NULL); sexp_release (initial_seed.sexp); if (ec) goto leave; /* Find a generator g (h and e are helpers). - e = (p-1)/q */ + * e = (p-1)/q + */ value_e = mpi_alloc_like (prime_p); mpi_sub_ui (value_e, prime_p, 1); mpi_fdiv_q (value_e, value_e, prime_q ); diff --git a/cipher/primegen.c b/cipher/primegen.c index 9fd58d2..3ed432b 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -1612,23 +1612,21 @@ _gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits, -/* WARNING: The code below has not yet been tested! However, it is - not yet used. We need to wait for FIPS 186-3 final and for test - vectors. - - Generate the two prime used for DSA using the algorithm specified - in FIPS 186-3, A.1.1.2. PBITS is the desired length of the prime P - and a QBITS the length of the prime Q. If SEED is not supplied and - SEEDLEN is 0 the function generates an appropriate SEED. On - success the generated primes are stored at R_Q and R_P, the counter - value is stored at R_COUNTER and the seed actually used for - generation is stored at R_SEED and R_SEEDVALUE. The hash algorithm - used is stored at R_HASHALGO. - - Note that this function is very similar to the fips186_2 code. Due - to the minor differences, other buffer sizes and for documentarion, - we use a separate function. -*/ +/* WARNING: The code below has not yet been tested! + * + * Generate the two prime used for DSA using the algorithm specified + * in FIPS 186-3, A.1.1.2. PBITS is the desired length of the prime P + * and a QBITS the length of the prime Q. If SEED is not supplied and + * SEEDLEN is 0 the function generates an appropriate SEED. On + * success the generated primes are stored at R_Q and R_P, the counter + * value is stored at R_COUNTER and the seed actually used for + * generation is stored at R_SEED and R_SEEDVALUE. The hash algorithm + * used is stored at R_HASHALGO. + * + * Note that this function is very similar to the fips186_2 code. Due + * to the minor differences, other buffer sizes and for documentarion, + * we use a separate function. + */ gpg_err_code_t _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, const void *seed, size_t seedlen, @@ -1813,13 +1811,12 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, } /* Step 12: Save p, q, counter and seed. */ -/* - log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n", - mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); - log_printhex ("fips186-3 seed", seed, seedlen); - log_printmpi ("fips186-3 p", prime_p); - log_printmpi ("fips186-3 q", prime_q); -*/ + /* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n", */ + /* mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); */ + /* log_printhex ("fips186-3 seed", seed, seedlen); */ + /* log_printmpi ("fips186-3 p", prime_p); */ + /* log_printmpi ("fips186-3 q", prime_q); */ + if (r_q) { *r_q = prime_q; diff --git a/tests/fips186-dsa.c b/tests/fips186-dsa.c index 10b18ab..5ee829e 100644 --- a/tests/fips186-dsa.c +++ b/tests/fips186-dsa.c @@ -434,6 +434,14 @@ check_dsa_gen_186_2 (void) } +static void +check_dsa_gen_186_3 (void) +{ + /* FIXME: Needs to be implemented. */ + if (verbose) + info ("generating FIPS 186-3 test keys - skipped\n"); +} + int main (int argc, char **argv) @@ -449,7 +457,7 @@ main (int argc, char **argv) } gcry_control (GCRYCTL_DISABLE_SECMEM, 0); - if (!gcry_check_version ("1.4.4")) + if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); if (debug) @@ -459,6 +467,7 @@ main (int argc, char **argv) check_dsa_gen_186_2 (); + check_dsa_gen_186_3 (); return error_count ? 1 : 0; diff --git a/tests/pubkey.c b/tests/pubkey.c index ae5eea2..26bd9e3 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -490,7 +490,7 @@ get_dsa_key_fips186_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) int rc; rc = gcry_sexp_new - (&key_spec, "(genkey (dsa (nbits 4:1024)(use-fips186)))", 0, 1); + (&key_spec, "(genkey (dsa (nbits 4:2048)(use-fips186)))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gcry_strerror (rc)); rc = gcry_pk_genkey (&key, key_spec); @@ -557,6 +557,7 @@ get_dsa_key_with_domain_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) *skey = sec_key; } +#if 0 static void get_dsa_key_fips186_with_domain_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) { @@ -598,7 +599,7 @@ get_dsa_key_fips186_with_domain_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) *pkey = pub_key; *skey = sec_key; } - +#endif /*0*/ static void get_dsa_key_fips186_with_seed_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) @@ -610,7 +611,7 @@ get_dsa_key_fips186_with_seed_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) (&key_spec, "(genkey" " (dsa" - " (nbits 4:1024)" + " (nbits 4:2048)" " (use-fips186)" " (transient-key)" " (derive-parms" @@ -722,12 +723,14 @@ check_run (void) gcry_sexp_release (pkey); gcry_sexp_release (skey); + /* We need new test vectors for get_dsa_key_fips186_with_domain_new. */ if (verbose) - fprintf (stderr, "Generating DSA key with given domain (FIPS 186).\n"); - get_dsa_key_fips186_with_domain_new (&pkey, &skey); - /* Fixme: Add a check function for DSA keys. */ - gcry_sexp_release (pkey); - gcry_sexp_release (skey); + fprintf (stderr, "Generating DSA key with given domain (FIPS 186)" + " - skipped.\n"); + /* get_dsa_key_fips186_with_domain_new (&pkey, &skey); */ + /* /\* Fixme: Add a check function for DSA keys. *\/ */ + /* gcry_sexp_release (pkey); */ + /* gcry_sexp_release (skey); */ if (verbose) fprintf (stderr, "Generating DSA key with given seed (FIPS 186).\n"); commit 80e9f95e6f419daa765e4876c858e3e36e808897 Author: Vitezslav Cizek Date: Tue Oct 27 12:46:30 2015 +0100 dsa: Adjustments to conform with FIPS 186-4. * cipher/dsa.c (generate_fips186): FIPS 186-4 adjustments. * cipher/primegen.c (_gcry_generate_fips186_3_prime): Fix incorrect buflen passed to _gcry_mpi_scan. -- Generate the DSA keypair by testing candidates. (FIPS 186-4 B.1.2) Use 2048 bit key for the selftest. Allow only 2048 and 3072 as pbits size. Signed-off-by: Vitezslav Cizek diff --git a/cipher/dsa.c b/cipher/dsa.c index 01d153f..37c1b18 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -67,7 +67,7 @@ static const char *dsa_names[] = /* A sample 1024 bit DSA key used for the selftests. */ -static const char sample_secret_key[] = +static const char sample_secret_key_1024[] = "(private-key" " (dsa" " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" @@ -85,7 +85,7 @@ static const char sample_secret_key[] = " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)" " (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))"; /* A sample 1024 bit DSA key used for the selftests (public only). */ -static const char sample_public_key[] = +static const char sample_public_key_1024[] = "(public-key" " (dsa" " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" @@ -102,6 +102,23 @@ static const char sample_public_key[] = " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))"; +/* 2048 DSA key from RFC 6979 A.2.2 */ +static const char sample_public_key_2048[] = +"(public-key" +" (dsa" +" (p #9DB6FB5951B66BB6FE1E140F1D2CE5502374161FD6538DF1648218642F0B5C48C8F7A41AADFA187324B87674FA1822B00F1ECF8136943D7C55757264E5A1A44FFE012E9936E00C1D3E9310B01C7D179805D3058B2A9F4BB6F9716BFE6117C6B5B3CC4D9BE341104AD4A80AD6C94E005F4B993E14F091EB51743BF33050C38DE235567E1B34C3D6A5C0CEAA1A0F368213C3D19843D0B4B09DCB9FC72D39C8DE41F1BF14D4BB4563CA28371621CAD3324B6A2D392145BEBFAC748805236F5CA2FE92B871CD8F9C36D3292B5509CA8CAA77A2ADFC7BFD77DDA6F71125A7456FEA153E433256A2261C6A06ED3693797E7995FAD5AABBCFBE3EDA2741E375404AE25B#)" +" (q #F2C3119374CE76C9356990B465374A17F23F9ED35089BD969F61C6DDE9998C1F#)" +" (g #5C7FF6B06F8F143FE8288433493E4769C4D988ACE5BE25A0E24809670716C613D7B0CEE6932F8FAA7C44D2CB24523DA53FBE4F6EC3595892D1AA58C4328A06C46A15662E7EAA703A1DECF8BBB2D05DBE2EB956C142A338661D10461C0D135472085057F3494309FFA73C611F78B32ADBB5740C361C9F35BE90997DB2014E2EF5AA61782F52ABEB8BD6432C4DD097BC5423B285DAFB60DC364E8161F4A2A35ACA3A10B1C4D203CC76A470A33AFDCBDD92959859ABD8B56E1725252D78EAC66E71BA9AE3F1DD2487199874393CD4D832186800654760E1E34C09E4D155179F9EC0DC4473F996BDCE6EED1CABED8B6F116F7AD9CF505DF0F998E34AB27514B0FFE7#)" +" (y #667098C654426C78D7F8201EAC6C203EF030D43605032C2F1FA937E5237DBD949F34A0A2564FE126DC8B715C5141802CE0979C8246463C40E6B6BDAA2513FA611728716C2E4FD53BC95B89E69949D96512E873B9C8F8DFD499CC312882561ADECB31F658E934C0C197F2C4D96B05CBAD67381E7B768891E4DA3843D24D94CDFB5126E9B8BF21E8358EE0E0A30EF13FD6A664C0DCE3731F7FB49A4845A4FD8254687972A2D382599C9BAC4E0ED7998193078913032558134976410B89D2C171D123AC35FD977219597AA7D15C1A9A428E59194F75C721EBCBCFAE44696A499AFA74E04299F132026601638CB87AB79190D4A0986315DA8EEC6561C938996BEADF#)))"; + +static const char sample_secret_key_2048[] = +"(private-key" +" (dsa" +" (p #9DB6FB5951B66BB6FE1E140F1D2CE5502374161FD6538DF1648218642F0B5C48C8F7A41AADFA187324B87674FA1822B00F1ECF8136943D7C55757264E5A1A44FFE012E9936E00C1D3E9310B01C7D179805D3058B2A9F4BB6F9716BFE6117C6B5B3CC4D9BE341104AD4A80AD6C94E005F4B993E14F091EB51743BF33050C38DE235567E1B34C3D6A5C0CEAA1A0F368213C3D19843D0B4B09DCB9FC72D39C8DE41F1BF14D4BB4563CA28371621CAD3324B6A2D392145BEBFAC748805236F5CA2FE92B871CD8F9C36D3292B5509CA8CAA77A2ADFC7BFD77DDA6F71125A7456FEA153E433256A2261C6A06ED3693797E7995FAD5AABBCFBE3EDA2741E375404AE25B#)" +" (q #F2C3119374CE76C9356990B465374A17F23F9ED35089BD969F61C6DDE9998C1F#)" +" (g #5C7FF6B06F8F143FE8288433493E4769C4D988ACE5BE25A0E24809670716C613D7B0CEE6932F8FAA7C44D2CB24523DA53FBE4F6EC3595892D1AA58C4328A06C46A15662E7EAA703A1DECF8BBB2D05DBE2EB956C142A338661D10461C0D135472085057F3494309FFA73C611F78B32ADBB5740C361C9F35BE90997DB2014E2EF5AA61782F52ABEB8BD6432C4DD097BC5423B285DAFB60DC364E8161F4A2A35ACA3A10B1C4D203CC76A470A33AFDCBDD92959859ABD8B56E1725252D78EAC66E71BA9AE3F1DD2487199874393CD4D832186800654760E1E34C09E4D155179F9EC0DC4473F996BDCE6EED1CABED8B6F116F7AD9CF505DF0F998E34AB27514B0FFE7#)" +" (y #667098C654426C78D7F8201EAC6C203EF030D43605032C2F1FA937E5237DBD949F34A0A2564FE126DC8B715C5141802CE0979C8246463C40E6B6BDAA2513FA611728716C2E4FD53BC95B89E69949D96512E873B9C8F8DFD499CC312882561ADECB31F658E934C0C197F2C4D96B05CBAD67381E7B768891E4DA3843D24D94CDFB5126E9B8BF21E8358EE0E0A30EF13FD6A664C0DCE3731F7FB49A4845A4FD8254687972A2D382599C9BAC4E0ED7998193078913032558134976410B89D2C171D123AC35FD977219597AA7D15C1A9A428E59194F75C721EBCBCFAE44696A499AFA74E04299F132026601638CB87AB79190D4A0986315DA8EEC6561C938996BEADF#)" +" (x #69C7548C21D0DFEA6B9A51C9EAD4E27C33D3B3F180316E5BCAB92C933F0E4DBC#)))"; @@ -373,6 +390,8 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, gcry_mpi_t value_x = NULL; /* The secret exponent. */ gcry_mpi_t value_h = NULL; /* Helper. */ gcry_mpi_t value_e = NULL; /* Helper. */ + gcry_mpi_t value_c = NULL; /* helper for x */ + gcry_mpi_t value_qm2 = NULL; /* q - 2 */ /* Preset return values. */ *r_counter = 0; @@ -393,9 +412,7 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, /* Check that QBITS and NBITS match the standard. Note that FIPS 186-3 uses N for QBITS and L for NBITS. */ - if (nbits == 1024 && qbits == 160) - ; - else if (nbits == 2048 && qbits == 224) + if (nbits == 2048 && qbits == 224) ; else if (nbits == 2048 && qbits == 256) ; @@ -428,21 +445,18 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, &initial_seed.seedlen); } - /* Fixme: Enable 186-3 after it has been approved and after fixing - the generation function. */ - /* if (use_fips186_2) */ - (void)use_fips186_2; - ec = _gcry_generate_fips186_2_prime (nbits, qbits, + if (use_fips186_2) + ec = _gcry_generate_fips186_2_prime (nbits, qbits, initial_seed.seed, initial_seed.seedlen, &prime_q, &prime_p, r_counter, r_seed, r_seedlen); - /* else */ - /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */ - /* &prime_q, &prime_p, */ - /* r_counter, */ - /* r_seed, r_seedlen, NULL); */ + else + ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, + &prime_q, &prime_p, + r_counter, + r_seed, r_seedlen, NULL); sexp_release (initial_seed.sexp); if (ec) goto leave; @@ -463,17 +477,24 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */ } - - /* Select a random number x with: 0 < x < q */ + value_c = mpi_snew (qbits); value_x = mpi_snew (qbits); + value_qm2 = mpi_snew (qbits); + mpi_sub_ui (value_qm2, prime_q, 2); + + /* FIPS 186-4 B.1.2 steps 4-6 */ do { if( DBG_CIPHER ) progress('.'); - _gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM); - mpi_clear_highbit (value_x, qbits+1); + _gcry_mpi_randomize (value_c, qbits, GCRY_VERY_STRONG_RANDOM); + mpi_clear_highbit (value_c, qbits+1); } - while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0)); + while (!(mpi_cmp_ui (value_c, 0) > 0 && mpi_cmp (value_c, value_qm2) < 0)); + /* while (mpi_cmp (value_c, value_qm2) > 0); */ + + /* x = c + 1 */ + mpi_add_ui(value_x, value_c, 1); /* y = g^x mod p */ value_y = mpi_alloc_like (prime_p); @@ -506,6 +527,8 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, _gcry_mpi_release (value_x); _gcry_mpi_release (value_h); _gcry_mpi_release (value_e); + _gcry_mpi_release (value_c); + _gcry_mpi_release (value_qm2); /* As a last step test this keys (this should never fail of course). */ if (!ec && test_keys (sk, qbits) ) @@ -1158,25 +1181,42 @@ dsa_get_nbits (gcry_sexp_t parms) */ static const char * -selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) +selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey) { + /* Sample data from RFC 6979 section A.2.2, hash is of message "sample" */ static const char sample_data[] = - "(data (flags raw)" - " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4#))"; + "(data (flags rfc6979)" + " (hash sha256 #af2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e9891562113d8a62add1bf#))"; static const char sample_data_bad[] = - "(data (flags raw)" - " (value #a0b1c2d3e4f510102030405060708090a1b2c3d4#))"; + "(data (flags rfc6979)" + " (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e9891562113d8a62add1bf#))"; + static const char signature_r[] = + "eace8bdbbe353c432a795d9ec556c6d021f7a03f42c36e9bc87e4ac7932cc809"; + static const char signature_s[] = + "7081e175455f9247b812b74583e9e94f9ea79bd640dc962533b0680793a38d53"; const char *errtxt = NULL; gcry_error_t err; gcry_sexp_t data = NULL; gcry_sexp_t data_bad = NULL; gcry_sexp_t sig = NULL; + gcry_sexp_t l1 = NULL; + gcry_sexp_t l2 = NULL; + gcry_mpi_t r = NULL; + gcry_mpi_t s = NULL; + gcry_mpi_t calculated_r = NULL; + gcry_mpi_t calculated_s = NULL; + int cmp; err = sexp_sscan (&data, NULL, sample_data, strlen (sample_data)); if (!err) err = sexp_sscan (&data_bad, NULL, sample_data_bad, strlen (sample_data_bad)); + if (!err) + err = _gcry_mpi_scan (&r, GCRYMPI_FMT_HEX, signature_r, 0, NULL); + if (!err) + err = _gcry_mpi_scan (&s, GCRYMPI_FMT_HEX, signature_s, 0, NULL); + if (err) { errtxt = "converting data failed"; @@ -1189,6 +1229,45 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) errtxt = "signing failed"; goto leave; } + + /* check against known signature */ + errtxt = "signature validity failed"; + l1 = _gcry_sexp_find_token (sig, "sig-val", 0); + if (!l1) + goto leave; + l2 = _gcry_sexp_find_token (l1, "dsa", 0); + if (!l2) + goto leave; + + sexp_release (l1); + l1 = l2; + + l2 = _gcry_sexp_find_token (l1, "r", 0); + if (!l2) + goto leave; + calculated_r = _gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + if (!calculated_r) + goto leave; + + l2 = _gcry_sexp_find_token (l1, "s", 0); + if (!l2) + goto leave; + calculated_s = _gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + if (!calculated_s) + goto leave; + + errtxt = "known sig check failed"; + + cmp = _gcry_mpi_cmp (r, calculated_r); + if (cmp) + goto leave; + cmp = _gcry_mpi_cmp (s, calculated_s); + if (cmp) + goto leave; + + errtxt = NULL; + + err = _gcry_pk_verify (sig, data, pkey); if (err) { @@ -1212,7 +1291,7 @@ selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey) static gpg_err_code_t -selftests_dsa (selftest_report_func_t report) +selftests_dsa_2048 (selftest_report_func_t report) { const char *what; const char *errtxt; @@ -1222,10 +1301,10 @@ selftests_dsa (selftest_report_func_t report) /* Convert the S-expressions into the internal representation. */ what = "convert"; - err = sexp_sscan (&skey, NULL, sample_secret_key, strlen (sample_secret_key)); + err = sexp_sscan (&skey, NULL, sample_secret_key_2048, strlen (sample_secret_key_2048)); if (!err) err = sexp_sscan (&pkey, NULL, - sample_public_key, strlen (sample_public_key)); + sample_public_key_2048, strlen (sample_public_key_2048)); if (err) { errtxt = _gcry_strerror (err); @@ -1241,7 +1320,7 @@ selftests_dsa (selftest_report_func_t report) } what = "sign"; - errtxt = selftest_sign_1024 (pkey, skey); + errtxt = selftest_sign (pkey, skey); if (errtxt) goto failed; @@ -1269,7 +1348,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report) switch (algo) { case GCRY_PK_DSA: - ec = selftests_dsa (report); + ec = selftests_dsa_2048 (report); break; default: ec = GPG_ERR_PUBKEY_ALGO; @@ -1280,7 +1359,6 @@ run_selftests (int algo, int extended, selftest_report_func_t report) } - gcry_pk_spec_t _gcry_pubkey_spec_dsa = { diff --git a/cipher/primegen.c b/cipher/primegen.c index 2a702a7..9fd58d2 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -1640,7 +1640,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, gpg_err_code_t ec; unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */ unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */ - unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */ + unsigned char digest[256/8]; /* Helper buffer for SHA-2 digest. */ gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */ gcry_mpi_t tmpval = NULL; /* Helper variable. */ int hashalgo; /* The id of the Approved Hash Function. */ @@ -1659,9 +1659,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, /* Step 1: Check the requested prime lengths. */ /* Note that due to the size of our buffers QBITS is limited to 256. */ - if (pbits == 1024 && qbits == 160) - hashalgo = GCRY_MD_SHA1; - else if (pbits == 2048 && qbits == 224) + if (pbits == 2048 && qbits == 224) hashalgo = GCRY_MD_SHA224; else if (pbits == 2048 && qbits == 256) hashalgo = GCRY_MD_SHA256; @@ -1730,7 +1728,7 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, } _gcry_mpi_release (prime_q); prime_q = NULL; ec = _gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG, - value_u, sizeof value_u, NULL); + value_u, qbits/8, NULL); if (ec) goto leave; mpi_set_highbit (prime_q, qbits-1 ); @@ -1775,11 +1773,11 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, if (seed_plus[i]) break; } - _gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); + _gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen); _gcry_mpi_release (tmpval); tmpval = NULL; ec = _gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG, - digest, sizeof digest, NULL); + digest, qbits/8, NULL); if (ec) goto leave; if (value_j == value_n) @@ -1815,11 +1813,13 @@ _gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, } /* Step 12: Save p, q, counter and seed. */ +/* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n", mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); log_printhex ("fips186-3 seed", seed, seedlen); log_printmpi ("fips186-3 p", prime_p); log_printmpi ("fips186-3 q", prime_q); +*/ if (r_q) { *r_q = prime_q; commit 443bed836a4fd60217325789134f5a2dc2ec41ce Author: Werner Koch Date: Fri Mar 18 13:05:34 2016 +0100 Register DCO for Vitezslav Cizek. -- Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index 42d5ee6..b19612b 100644 --- a/AUTHORS +++ b/AUTHORS @@ -180,6 +180,9 @@ Stephan Mueller Tom?? Mr?z 2012-04-16:1334571250.5056.52.camel at vespa.frost.loc: +Vitezslav Cizek +2015-11-05:20151105131424.GA32700 at kolac.suse.cz: + Werner Koch (g10 Code GmbH) 2012-12-05:87obi8u4h2.fsf at vigenere.g10code.de: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 + cipher/cipher.c | 11 ++ cipher/dsa.c | 160 ++++++++++++++++++------ cipher/ecc-curves.c | 2 +- cipher/ecc.c | 171 +++++++++++++++++++++++++- cipher/kdf.c | 16 ++- cipher/mac.c | 17 +++ cipher/md.c | 11 ++ cipher/md5.c | 2 +- cipher/primegen.c | 55 ++++----- cipher/pubkey-util.c | 36 +++++- cipher/pubkey.c | 11 ++ cipher/rsa.c | 167 +++++++++++++++++-------- src/fips.c | 2 +- src/g10lib.h | 1 + src/global.c | 3 + tests/basic.c | 70 +++++++++-- tests/benchmark.c | 21 ++-- tests/fips186-dsa.c | 11 +- tests/fipsdrv.c | 341 ++++++++++++++++++++++++++++++++++++++++++++++++++- tests/keygen.c | 60 +++++++-- tests/pubkey.c | 72 +++++++++-- 22 files changed, 1068 insertions(+), 175 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 18 17:56:27 2016 From: cvs at cvs.gnupg.org (by Vitezslav Cizek) Date: Fri, 18 Mar 2016 17:56:27 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-352-g9ecc269 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9ecc2690181ba0bb44f66451a7dce2fc19965793 (commit) via 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97 (commit) from 0bd8137e68c201b6c2290710e348aaf57efa2b2e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9ecc2690181ba0bb44f66451a7dce2fc19965793 Author: Vitezslav Cizek Date: Fri Mar 18 17:54:36 2016 +0100 tests: Fix testsuite after the FIPS adjustments. * tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS. * tests/curves.c (check_get_params): Skip Brainpool curves in FIPS. * tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys. (check_ecc_keys): Skip Ed25519 in FIPS mode. * tests/random.c (main): Don't switch DRBG in FIPS mode. * tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode. * tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS. * tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS. (main): Skip math tests that use P-192 and Ed25519 in FIPS. -- Fix the testsuite to make it pass after the FIPS adjustmens. This consists mostly of disabling the tests that use not approved curves and algorithms as well as increasing the keysizes. Signed-off-by: Vitezslav Cizek Additional changes by wk: - Removed changes already done with commit e40939b. The original patch had these chnages: * tests/fips186-dsa.c (main): Merely suggest a future improvement. * tests/pubkey.c (get_dsa_key_*new): Increase keysizes. (check_run): Skip tests with small domain in FIPS. (main): Skip Ed25519 sample key test in FIPS. Noet that get_dsa_key_fips186_with_seed_new was not changed from 1024 to 3072 but to 2048 bit. - Return with 77 (skip) from t-ed25519.c in FIPS mode. - Some code style changes. Signed-off-by: Werner Koch diff --git a/tests/benchmark.c b/tests/benchmark.c index c748dac..1258b81 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -1434,6 +1434,12 @@ ecc_bench (int iterations, int print_header) is_ed25519 = !strcmp (p_sizes[testno], "Ed25519"); is_gost = !strncmp (p_sizes[testno], "gost", 4); + + /* Only P-{224,256,384,521} are allowed in fips mode */ + if (gcry_fips_mode_active() + && (is_ed25519 || is_gost || !strcmp (p_sizes[testno], "192"))) + continue; + if (is_ed25519) { p_size = 256; diff --git a/tests/curves.c b/tests/curves.c index bec48e9..2732bbd 100644 --- a/tests/curves.c +++ b/tests/curves.c @@ -171,6 +171,9 @@ check_get_params (void) gcry_sexp_release (param); + /* Brainpool curves are not supported in fips mode */ + if (gcry_fips_mode_active()) + return; param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve); if (!param) diff --git a/tests/keygen.c b/tests/keygen.c index 7afa76c..dcb59e4 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -329,7 +329,7 @@ check_dsa_keys (void) if (rc && !in_fips_mode) die ("error generating DSA key: %s\n", gpg_strerror (rc)); else if (!rc && in_fips_mode) - die ("generating 512 bit DSA key must not work!"); + die ("generating 1024 bit DSA key must not work!"); if (!i && verbose > 1) show_sexp ("1024 bit DSA key:\n", key); gcry_sexp_release (key); @@ -354,6 +354,60 @@ check_dsa_keys (void) if (verbose > 1) show_sexp ("1536 bit DSA key:\n", key); gcry_sexp_release (key); + + if (verbose) + show ("creating 3072 bit DSA key\n"); + rc = gcry_sexp_new (&keyparm, + "(genkey\n" + " (dsa\n" + " (nbits 4:3072)\n" + " (qbits 3:256)\n" + " ))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating DSA key: %s\n", gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("3072 bit DSA key:\n", key); + gcry_sexp_release (key); + + if (verbose) + show ("creating 2048/256 bit DSA key\n"); + rc = gcry_sexp_new (&keyparm, + "(genkey\n" + " (dsa\n" + " (nbits 4:2048)\n" + " (qbits 3:256)\n" + " ))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating DSA key: %s\n", gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("2048 bit DSA key:\n", key); + gcry_sexp_release (key); + + if (verbose) + show ("creating 2048/224 bit DSA key\n"); + rc = gcry_sexp_new (&keyparm, + "(genkey\n" + " (dsa\n" + " (nbits 4:2048)\n" + " (qbits 3:224)\n" + " ))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating DSA key: %s\n", gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("2048 bit DSA key:\n", key); + gcry_sexp_release (key); } @@ -406,9 +460,14 @@ check_ecc_keys (void) if (verbose) show ("creating ECC key using curve %s\n", curves[testno]); if (!strcmp (curves[testno], "Ed25519")) - rc = gcry_sexp_build (&keyparm, NULL, - "(genkey(ecc(curve %s)(flags param eddsa)))", - curves[testno]); + { + /* Ed25519 isn't allowed in fips mode */ + if (in_fips_mode) + continue; + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve %s)(flags param eddsa)))", + curves[testno]); + } else rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve %s)(flags param)))", @@ -459,6 +518,40 @@ check_ecc_keys (void) " (nocomp): %s\n", gpg_strerror (rc)); + if (verbose) + show ("creating ECC key using curve NIST P-384 for ECDSA\n"); + + /* Must be specified as nistp384 (one word), because ecc_generate + * uses _gcry_sexp_nth_string which takes the first word of the name + * and thus libgcrypt can't find it later in its curves table. */ + rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve nistp384)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve NIST P-384 for ECDSA: %s\n", + gpg_strerror (rc)); + + if (verbose > 1) + show_sexp ("ECC key:\n", key); + + check_generated_ecc_key (key); + gcry_sexp_release (key); + + if (verbose) + show ("creating ECC key using curve NIST P-384 for ECDSA (nocomp)\n"); + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve nistp384)(flags nocomp)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve NIST P-384 for ECDSA" + " (nocomp): %s\n", + gpg_strerror (rc)); + if (verbose > 1) show_sexp ("ECC key:\n", key); diff --git a/tests/pubkey.c b/tests/pubkey.c index 5ed6ca1..b691913 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -483,8 +483,8 @@ get_dsa_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int transient_key) rc = gcry_sexp_new (&key_spec, transient_key - ? "(genkey (dsa (nbits 4:1024)(transient-key)))" - : "(genkey (dsa (nbits 4:1024)))", + ? "(genkey (dsa (nbits 4:2048)(transient-key)))" + : "(genkey (dsa (nbits 4:2048)))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gcry_strerror (rc)); @@ -1243,7 +1243,8 @@ main (int argc, char **argv) check_x931_derived_key (i); check_ecc_sample_key (); - check_ed25519ecdsa_sample_key (); + if (!gcry_fips_mode_active ()) + check_ed25519ecdsa_sample_key (); return !!error_count; } diff --git a/tests/random.c b/tests/random.c index 2a4b698..3c08726 100644 --- a/tests/random.c +++ b/tests/random.c @@ -647,7 +647,11 @@ main (int argc, char **argv) #endif if (early_rng) - check_early_rng_type_switching (); + { + /* Don't switch RNG in fips mode. */ + if (!gcry_fips_mode_active()) + check_early_rng_type_switching (); + } gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (!gcry_check_version (GCRYPT_VERSION)) @@ -670,7 +674,10 @@ main (int argc, char **argv) to its high requirement for entropy. */ if (!getenv ("GCRYPT_IN_REGRESSION_TEST")) check_drbg_reinit (); - check_rng_type_switching (); + + /* Don't switch RNG in fips mode. */ + if (!gcry_fips_mode_active()) + check_rng_type_switching (); if (!in_recursion) run_all_rng_tests (program); diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c index 38e154d..d63c145 100644 --- a/tests/t-ed25519.c +++ b/tests/t-ed25519.c @@ -548,6 +548,10 @@ main (int argc, char **argv) gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + /* Ed25519 isn't supported in fips mode */ + if (gcry_fips_mode_active()) + return 77; + start_timer (); check_ed25519 (fname); stop_timer (); diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 18c8357..bf31c83 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -888,6 +888,10 @@ check_openpgp (void) { if (tv[tvidx].disabled) continue; + /* MD5 isn't supported in fips mode */ + if (gcry_fips_mode_active() + && tv[tvidx].hashalgo == GCRY_MD_MD5) + continue; if (verbose) fprintf (stderr, "checking S2K test vector %d\n", tvidx); assert (tv[tvidx].dklen <= sizeof outbuf); diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c index d72cd27..55c6b66 100644 --- a/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -540,6 +540,17 @@ context_param (void) show ("checking standard curves\n"); for (idx=0; test_curve[idx].desc; idx++) { + /* P-192 and Ed25519 are not supported in fips mode */ + if (gcry_fips_mode_active()) + { + if (!strcmp(test_curve[idx].desc, "NIST P-192") + || !strcmp(test_curve[idx].desc, "Ed25519")) + { + show("skipping %s in fips mode\n", test_curve[idx].desc ); + continue; + } + } + gcry_ctx_release (ctx); err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc); if (err) @@ -635,6 +646,10 @@ context_param (void) gcry_sexp_release (sexp); } + /* Skipping Ed25519 if in FIPS mode (it isn't supported) */ + if (gcry_fips_mode_active()) + goto cleanup; + show ("checking sample public key (Ed25519)\n"); q = hex2mpi (sample_ed25519_q); gcry_sexp_release (keyparam); @@ -722,6 +737,7 @@ context_param (void) } + cleanup: gcry_ctx_release (ctx); gcry_sexp_release (keyparam); } @@ -1101,8 +1117,14 @@ main (int argc, char **argv) context_alloc (); context_param (); basic_ec_math (); - basic_ec_math_simplified (); - twistededwards_math (); + + /* The tests are for P-192 and ed25519 which are not supported in + FIPS mode. */ + if (!gcry_fips_mode_active()) + { + basic_ec_math_simplified (); + twistededwards_math (); + } show ("All tests completed. Errors: %d\n", error_count); return error_count ? 1 : 0; commit 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97 Author: Vitezslav Cizek Date: Fri Oct 30 17:36:03 2015 +0100 tests: Add new --pss option to fipsdrv * tests/fipsdrv.c (run_rsa_sign, run_rsa_verify): Set salt-length to 0 for PSS. -- Add new --pss option to fipsdrv to specify RSA-PSS signature encoding. Signed-off-by: Vitezslav Cizek Added by wk: - Help string for --pss - Check that only --pss or --pkcs1 is given. Signed-off-by: Werner Koch diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c index bcc56d1..49253cb 100644 --- a/tests/fipsdrv.c +++ b/tests/fipsdrv.c @@ -1583,7 +1583,7 @@ run_rsa_gen (int keysize, int pubexp) encoded KEYFILE and the hash algorithm HASHALGO. */ static void run_rsa_sign (const void *data, size_t datalen, - int hashalgo, int pkcs1, const char *keyfile) + int hashalgo, int pkcs1, int pss, const char *keyfile) { gpg_error_t err; @@ -1607,6 +1607,20 @@ run_rsa_sign (const void *data, size_t datalen, gcry_md_algo_name (hashalgo), (int)hashsize, hash); } + else if (pss) + { + unsigned char hash[64]; + unsigned int hashsize; + + hashsize = gcry_md_get_algo_dlen (hashalgo); + if (!hashsize || hashsize > sizeof hash) + die ("digest too long for buffer or unknown hash algorithm\n"); + gcry_md_hash_buffer (hashalgo, hash, data, datalen); + err = gcry_sexp_build (&s_data, NULL, + "(data (flags pss)(salt-length #00#)(hash %s %b))", + gcry_md_algo_name (hashalgo), + (int)hashsize, hash); + } else { gcry_mpi_t tmp; @@ -1674,7 +1688,7 @@ run_rsa_sign (const void *data, size_t datalen, binary signature in SIGFILE. */ static void run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1, - const char *keyfile, const char *sigfile) + int pss, const char *keyfile, const char *sigfile) { gpg_error_t err; @@ -1694,6 +1708,20 @@ run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1, gcry_md_algo_name (hashalgo), (int)hashsize, hash); } + else if (pss) + { + unsigned char hash[64]; + unsigned int hashsize; + + hashsize = gcry_md_get_algo_dlen (hashalgo); + if (!hashsize || hashsize > sizeof hash) + die ("digest too long for buffer or unknown hash algorithm\n"); + gcry_md_hash_buffer (hashalgo, hash, data, datalen); + err = gcry_sexp_build (&s_data, NULL, + "(data (flags pss)(salt-length #00#)(hash %s %b))", + gcry_md_algo_name (hashalgo), + (int)hashsize, hash); + } else { gcry_mpi_t tmp; @@ -2285,6 +2313,7 @@ usage (int show_help) " --signature NAME Take signature from file NAME\n" " --chunk N Read in chunks of N bytes (implies --binary)\n" " --pkcs1 Use PKCS#1 encoding\n" + " --pss Use PSS encoding with a zero length salt\n" " --mct-server Run a monte carlo test server\n" " --loop Enable random loop mode\n" " --progress Print pogress indicators\n" @@ -2302,6 +2331,7 @@ main (int argc, char **argv) int no_fips = 0; int progress = 0; int use_pkcs1 = 0; + int use_pss = 0; const char *mode_string; const char *curve_string = NULL; const char *key_string = NULL; @@ -2432,6 +2462,11 @@ main (int argc, char **argv) use_pkcs1 = 1; argc--; argv++; } + else if (!strcmp (*argv, "--pss")) + { + use_pss = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--mct-server")) { mct_server = 1; @@ -2446,8 +2481,12 @@ main (int argc, char **argv) if (!argc || argc > 2) usage (0); + mode_string = *argv; + if (use_pkcs1 && use_pss) + die ("Only one of --pkcs or --pss may be given\n"); + if (!strcmp (mode_string, "rsa-derive")) binary_input = 1; @@ -2718,7 +2757,7 @@ main (int argc, char **argv) if (!data) die ("no data available (do not use --chunk)\n"); - run_rsa_sign (data, datalen, algo, use_pkcs1, key_string); + run_rsa_sign (data, datalen, algo, use_pkcs1, use_pss, key_string); } else if (!strcmp (mode_string, "rsa-verify")) @@ -2741,7 +2780,7 @@ main (int argc, char **argv) if (access (signature_string, R_OK)) die ("option --signature needs to specify an existing file\n"); - run_rsa_verify (data, datalen, algo, use_pkcs1, key_string, + run_rsa_verify (data, datalen, algo, use_pkcs1, use_pss, key_string, signature_string); } ----------------------------------------------------------------------- Summary of changes: tests/benchmark.c | 6 ++++ tests/curves.c | 3 ++ tests/fipsdrv.c | 47 +++++++++++++++++++++--- tests/keygen.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++--- tests/pubkey.c | 7 ++-- tests/random.c | 11 ++++-- tests/t-ed25519.c | 4 +++ tests/t-kdf.c | 4 +++ tests/t-mpi-point.c | 26 ++++++++++++-- 9 files changed, 194 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 18 19:04:46 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 18 Mar 2016 19:04:46 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-353-g897ccd2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 897ccd21b7221982806b5c024518f4e989152f14 (commit) from 9ecc2690181ba0bb44f66451a7dce2fc19965793 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 897ccd21b7221982806b5c024518f4e989152f14 Author: Werner Koch Date: Fri Mar 18 18:57:19 2016 +0100 Always require a 64 bit integer type * configure.ac (available_digests_64): Merge with available_digests. (available_kdfs_64): Merge with available_kdfs. <64 bit datatype test>: Bail out if no such type is available. * src/types.h: Emit #error if no u64 can be defined. (PROPERLY_ALIGNED_TYPE): Always add u64 type. * cipher/bithelp.h: Remove all code paths which handle the case of !HAVE_U64_TYPEDEF. * cipher/bufhelp.h: Ditto. * cipher/cipher-ccm.c: Ditto. * cipher/cipher-gcm.c: Ditto. * cipher/cipher-internal.h: Ditto. * cipher/cipher.c: Ditto. * cipher/hash-common.h: Ditto. * cipher/md.c: Ditto. * cipher/poly1305.c: Ditto. * cipher/scrypt.c: Ditto. * cipher/tiger.c: Ditto. * src/g10lib.h: Ditto. * tests/basic.c: Ditto. * tests/bench-slope.c: Ditto. * tests/benchmark.c: Ditto. -- Given that SHA-2 and some other algorithms require a 64 bit type it does not make anymore sense to conditionally compile some part when the platform does not provide such a type. GnuPG-bug-id: 1815. Signed-off-by: Werner Koch diff --git a/cipher/bithelp.h b/cipher/bithelp.h index 258ab2f..4575380 100644 --- a/cipher/bithelp.h +++ b/cipher/bithelp.h @@ -47,33 +47,27 @@ _gcry_bswap32(u32 x) } #endif -#ifdef HAVE_U64_TYPEDEF -# ifdef HAVE_BUILTIN_BSWAP64 -# define _gcry_bswap64 __builtin_bswap64 -# else +#ifdef HAVE_BUILTIN_BSWAP64 +# define _gcry_bswap64 __builtin_bswap64 +#else static inline u64 _gcry_bswap64(u64 x) { return ((u64)_gcry_bswap32(x) << 32) | (_gcry_bswap32(x >> 32)); } -# endif #endif /* Endian dependent byte swap operations. */ #ifdef WORDS_BIGENDIAN # define le_bswap32(x) _gcry_bswap32(x) # define be_bswap32(x) ((u32)(x)) -# ifdef HAVE_U64_TYPEDEF -# define le_bswap64(x) _gcry_bswap64(x) -# define be_bswap64(x) ((u64)(x)) -# endif +# define le_bswap64(x) _gcry_bswap64(x) +# define be_bswap64(x) ((u64)(x)) #else # define le_bswap32(x) ((u32)(x)) # define be_bswap32(x) _gcry_bswap32(x) -# ifdef HAVE_U64_TYPEDEF -# define le_bswap64(x) ((u64)(x)) -# define be_bswap64(x) _gcry_bswap64(x) -# endif +# define le_bswap64(x) ((u64)(x)) +# define be_bswap64(x) _gcry_bswap64(x) #endif @@ -104,7 +98,6 @@ _gcry_ctz (unsigned int x) /* Count trailing zero bits in an u64. We return an int because that is what gcc's builtin does. Returns the number of bits in X if X is 0. */ -#ifdef HAVE_U64_TYPEDEF static inline int _gcry_ctz64(u64 x) { @@ -118,7 +111,6 @@ _gcry_ctz64(u64 x) return 32 + _gcry_ctz (x >> 32); #endif } -#endif /*HAVE_U64_TYPEDEF*/ #endif /*GCRYPT_BITHELP_H*/ diff --git a/cipher/bufhelp.h b/cipher/bufhelp.h index aec4f1c..df35594 100644 --- a/cipher/bufhelp.h +++ b/cipher/bufhelp.h @@ -318,7 +318,7 @@ static inline void buf_put_le32(void *_buf, u32 val) out[0] = val; } -#ifdef HAVE_U64_TYPEDEF + /* Functions for loading and storing unaligned u64 values of different endianness. */ static inline u64 buf_get_be64(const void *_buf) @@ -364,7 +364,6 @@ static inline void buf_put_le64(void *_buf, u64 val) out[1] = val >> 8; out[0] = val; } -#endif /*HAVE_U64_TYPEDEF*/ #else /*BUFHELP_FAST_UNALIGNED_ACCESS*/ @@ -397,7 +396,6 @@ static inline void buf_put_le32(void *_buf, u32 val) out->a = le_bswap32(val); } -#ifdef HAVE_U64_TYPEDEF typedef struct bufhelp_u64_s { @@ -427,7 +425,7 @@ static inline void buf_put_le64(void *_buf, u64 val) bufhelp_u64_t *out = _buf; out->a = le_bswap64(val); } -#endif /*HAVE_U64_TYPEDEF*/ + #endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/ diff --git a/cipher/cipher-ccm.c b/cipher/cipher-ccm.c index 3d5f220..4d8f816 100644 --- a/cipher/cipher-ccm.c +++ b/cipher/cipher-ccm.c @@ -28,9 +28,6 @@ #include "bufhelp.h" #include "./cipher-internal.h" -/* We need a 64 bit type for this code. */ -#ifdef HAVE_U64_TYPEDEF - #define set_burn(burn, nburn) do { \ unsigned int __nburn = (nburn); \ @@ -364,78 +361,3 @@ _gcry_cipher_ccm_decrypt (gcry_cipher_hd_t c, unsigned char *outbuf, return err; } - -#else - -/* - * Provide dummy functions so that we avoid adding too much #ifdefs in - * cipher.c. - */ - -gcry_err_code_t -_gcry_cipher_ccm_encrypt(gcry_cipher_hd_t c, unsigned char *outbuf, - size_t outbuflen, const unsigned char *inbuf, - size_t inbuflen) -{ - (void)c; - (void)outbuf; - (void)outbuflen; - (void)inbuf; - (void)inbuflen; - return GPG_ERR_NOT_SUPPORTED; -} - -gcry_err_code_t -_gcry_cipher_ccm_decrypt(gcry_cipher_hd_t c, unsigned char *outbuf, - size_t outbuflen, const unsigned char *inbuf, - size_t inbuflen) -{ - (void)c; - (void)outbuf; - (void)outbuflen; - (void)inbuf; - (void)inbuflen; - return GPG_ERR_NOT_SUPPORTED; -} - -gcry_err_code_t -_gcry_cipher_ccm_set_nonce(gcry_cipher_hd_t c, const unsigned char *nonce, - size_t noncelen) -{ - (void)c; - (void)nonce; - (void)noncelen; - return GPG_ERR_NOT_SUPPORTED; -} - -gcry_err_code_t -_gcry_cipher_ccm_authenticate(gcry_cipher_hd_t c, const unsigned char *abuf, - size_t abuflen) -{ - (void)c; - (void)abuf; - (void)abuflen; - return GPG_ERR_NOT_SUPPORTED; -} - -gcry_err_code_t -_gcry_cipher_ccm_get_tag(gcry_cipher_hd_t c, unsigned char *outtag, - size_t taglen) -{ - (void)c; - (void)outtag; - (void)taglen; - return GPG_ERR_NOT_SUPPORTED; -} - -gcry_err_code_t -_gcry_cipher_ccm_check_tag(gcry_cipher_hd_t c, const unsigned char *intag, - size_t taglen) -{ - (void)c; - (void)intag; - (void)taglen; - return GPG_ERR_NOT_SUPPORTED; -} - -#endif /*HAVE_U64_TYPEDEF*/ diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index 3711a1d..d390ef8 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -171,7 +171,7 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u64 *gcmM) sizeof(int)*2 + sizeof(void*)*5); } -#else +#else /*!GCM_TABLES_USE_U64*/ static void bshift (u32 * M, int i) @@ -284,7 +284,7 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM) return (sizeof(V) + sizeof(T) + sizeof(tmp) + sizeof(int)*2 + sizeof(void*)*6); } -#endif /* !HAVE_U64_TYPEDEF || SIZEOF_UNSIGNED_LONG != 8 */ +#endif /*!GCM_TABLES_USE_U64*/ #define fillM(c) \ do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table) diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index 29c6f33..80e7c09 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -168,7 +168,6 @@ struct gcry_cipher_handle int unused; /* Number of unused bytes in LASTIV. */ union { -#ifdef HAVE_U64_TYPEDEF /* Mode specific storage for CCM mode. */ struct { u64 encryptlen; @@ -185,7 +184,6 @@ struct gcry_cipher_handle unsigned int lengths:1; /* Set to 1 if CCM length parameters has been processed. */ } ccm; -#endif /* Mode specific storage for Poly1305 mode. */ struct { @@ -248,8 +246,7 @@ struct gcry_cipher_handle /* Pre-calculated table for GCM. */ #ifdef GCM_USE_TABLES - #if defined(HAVE_U64_TYPEDEF) && (SIZEOF_UNSIGNED_LONG == 8 \ - || defined(__x86_64__)) + #if (SIZEOF_UNSIGNED_LONG == 8 || defined(__x86_64__)) #define GCM_TABLES_USE_U64 1 u64 gcm_table[2 * 16]; #else @@ -362,10 +359,8 @@ gcry_err_code_t _gcry_cipher_ccm_set_nonce size_t noncelen); gcry_err_code_t _gcry_cipher_ccm_authenticate /* */ (gcry_cipher_hd_t c, const unsigned char *abuf, size_t abuflen); -#ifdef HAVE_U64_TYPEDEF gcry_err_code_t _gcry_cipher_ccm_set_lengths /* */ (gcry_cipher_hd_t c, u64 encryptedlen, u64 aadlen, u64 taglen); -#endif gcry_err_code_t _gcry_cipher_ccm_get_tag /* */ (gcry_cipher_hd_t c, unsigned char *outtag, size_t taglen); diff --git a/cipher/cipher.c b/cipher/cipher.c index a013846..3a8597f 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -397,15 +397,11 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, switch (mode) { case GCRY_CIPHER_MODE_CCM: -#ifdef HAVE_U64_TYPEDEF if (spec->blocksize != GCRY_CCM_BLOCK_LEN) err = GPG_ERR_INV_CIPHER_MODE; if (!spec->encrypt || !spec->decrypt) err = GPG_ERR_INV_CIPHER_MODE; break; -#else - err = GPG_ERR_NOT_SUPPORTED; -#endif case GCRY_CIPHER_MODE_ECB: case GCRY_CIPHER_MODE_CBC: @@ -743,11 +739,9 @@ cipher_reset (gcry_cipher_hd_t c) memset (&c->u_mode.poly1305, 0, sizeof c->u_mode.poly1305); break; -#ifdef HAVE_U64_TYPEDEF case GCRY_CIPHER_MODE_CCM: memset (&c->u_mode.ccm, 0, sizeof c->u_mode.ccm); break; -#endif case GCRY_CIPHER_MODE_OCB: memset (&c->u_mode.ocb, 0, sizeof c->u_mode.ocb); @@ -1264,7 +1258,6 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) break; case GCRYCTL_SET_CCM_LENGTHS: -#ifdef HAVE_U64_TYPEDEF { u64 params[3]; size_t encryptedlen; @@ -1286,9 +1279,6 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) rc = _gcry_cipher_ccm_set_lengths (h, encryptedlen, aadlen, authtaglen); } -#else - rc = GPG_ERR_NOT_SUPPORTED; -#endif break; case GCRYCTL_SET_TAGLEN: diff --git a/cipher/hash-common.h b/cipher/hash-common.h index 27d670d..23f81ed 100644 --- a/cipher/hash-common.h +++ b/cipher/hash-common.h @@ -33,7 +33,7 @@ typedef unsigned int (*_gcry_md_block_write_t) (void *c, const unsigned char *blks, size_t nblks); -#if defined(HAVE_U64_TYPEDEF) && (defined(USE_SHA512) || defined(USE_WHIRLPOOL)) +#if (defined(USE_SHA512) || defined(USE_WHIRLPOOL)) /* SHA-512 and Whirlpool needs u64. SHA-512 needs larger buffer. */ # define MD_BLOCK_MAX_BLOCKSIZE 128 # define MD_NBLOCKS_TYPE u64 diff --git a/cipher/md.c b/cipher/md.c index 281db12..5b4f0c1 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -1228,7 +1228,6 @@ md_stop_debug( gcry_md_hd_t md ) md->ctx->debug = NULL; } -#ifdef HAVE_U64_TYPEDEF { /* a kludge to pull in the __muldi3 for Solaris */ volatile u32 a = (u32)(uintptr_t)md; volatile u64 b = 42; @@ -1236,7 +1235,6 @@ md_stop_debug( gcry_md_hd_t md ) c = a * b; (void)c; } -#endif } diff --git a/cipher/poly1305.c b/cipher/poly1305.c index 1adf0e7..7ae3592 100644 --- a/cipher/poly1305.c +++ b/cipher/poly1305.c @@ -98,8 +98,6 @@ static const poly1305_ops_t poly1305_armv7_neon_ops = { #endif -#ifdef HAVE_U64_TYPEDEF - /* Reference unoptimized poly1305 implementation using 32 bit * 32 bit = 64 bit * multiplication and 64 bit addition. */ @@ -358,218 +356,6 @@ static const poly1305_ops_t poly1305_default_ops = { poly1305_finish_ext_ref32 }; -#else /* !HAVE_U64_TYPEDEF */ - -/* Reference unoptimized poly1305 implementation using 8 bit * 8 bit = 16 bit - * multiplication and 16 bit addition, used when we don't have 'u64'. - */ - -typedef struct poly1305_state_ref8_t -{ - byte h[17]; - byte r[17]; - byte pad[17]; - byte final; -} poly1305_state_ref8_t; - - -static OPS_FUNC_ABI void -poly1305_init_ext_ref8 (void *state, const poly1305_key_t * key) -{ - poly1305_state_ref8_t *st = (poly1305_state_ref8_t *) state; - size_t i; - - /* h = 0 */ - for (i = 0; i < 17; i++) - st->h[i] = 0; - - /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ - st->r[0] = key->b[0]; - st->r[1] = key->b[1]; - st->r[2] = key->b[2]; - st->r[3] = key->b[3] & 0x0f; - st->r[4] = key->b[4] & 0xfc; - st->r[5] = key->b[5]; - st->r[6] = key->b[6]; - st->r[7] = key->b[7] & 0x0f; - st->r[8] = key->b[8] & 0xfc; - st->r[9] = key->b[9]; - st->r[10] = key->b[10]; - st->r[11] = key->b[11] & 0x0f; - st->r[12] = key->b[12] & 0xfc; - st->r[13] = key->b[13]; - st->r[14] = key->b[14]; - st->r[15] = key->b[15] & 0x0f; - st->r[16] = 0; - - /* save pad for later */ - for (i = 0; i < 16; i++) - st->pad[i] = key->b[i + 16]; - st->pad[16] = 0; - - st->final = 0; -} - - -static void -poly1305_add_ref8 (byte h[17], const byte c[17]) -{ - u16 u; - unsigned int i; - for (u = 0, i = 0; i < 17; i++) - { - u += (u16) h[i] + (u16) c[i]; - h[i] = (byte) u & 0xff; - u >>= 8; - } -} - - -static void -poly1305_squeeze_ref8 (byte h[17], u32 hr[17]) -{ - u32 u; - unsigned int i; - u = 0; - for (i = 0; i < 16; i++) - { - u += hr[i]; - h[i] = (byte) u & 0xff; - u >>= 8; - } - u += hr[16]; - h[16] = (byte) u & 0x03; - u >>= 2; - u += (u << 2); /* u *= 5; */ - for (i = 0; i < 16; i++) - { - u += h[i]; - h[i] = (byte) u & 0xff; - u >>= 8; - } - h[16] += (byte) u; -} - - -static void -poly1305_freeze_ref8 (byte h[17]) -{ - static const byte minusp[17] = { - 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xfc - }; - byte horig[17], negative; - unsigned int i; - - /* compute h + -p */ - for (i = 0; i < 17; i++) - horig[i] = h[i]; - poly1305_add_ref8 (h, minusp); - - /* select h if h < p, or h + -p if h >= p */ - negative = -(h[16] >> 7); - for (i = 0; i < 17; i++) - h[i] ^= negative & (horig[i] ^ h[i]); -} - - -static OPS_FUNC_ABI unsigned int -poly1305_blocks_ref8 (void *state, const byte * m, size_t bytes) -{ - poly1305_state_ref8_t *st = (poly1305_state_ref8_t *) state; - const byte hibit = st->final ^ 1; /* 1 << 128 */ - - while (bytes >= POLY1305_REF_BLOCKSIZE) - { - u32 hr[17], u; - byte c[17]; - unsigned int i, j; - - /* h += m */ - for (i = 0; i < 16; i++) - c[i] = m[i]; - c[16] = hibit; - poly1305_add_ref8 (st->h, c); - - /* h *= r */ - for (i = 0; i < 17; i++) - { - u = 0; - for (j = 0; j <= i; j++) - { - u += (u16) st->h[j] * st->r[i - j]; - } - for (j = i + 1; j < 17; j++) - { - u32 v = (u16) st->h[j] * st->r[i + 17 - j]; - v = ((v << 8) + (v << 6)); /* v *= (5 << 6); */ - u += v; - } - hr[i] = u; - } - - /* (partial) h %= p */ - poly1305_squeeze_ref8 (st->h, hr); - - m += POLY1305_REF_BLOCKSIZE; - bytes -= POLY1305_REF_BLOCKSIZE; - } - - /* burn_stack */ - return (18 + 2) * sizeof (u32) + 18 + 6 * sizeof (void *) + - 6 * sizeof (void *); -} - - -static OPS_FUNC_ABI unsigned int -poly1305_finish_ext_ref8 (void *state, const byte * m, size_t remaining, - byte mac[POLY1305_TAGLEN]) -{ - poly1305_state_ref8_t *st = (poly1305_state_ref8_t *) state; - size_t i; - unsigned int burn = 0; - - /* process the remaining block */ - if (remaining) - { - byte final[POLY1305_REF_BLOCKSIZE] = { 0 }; - for (i = 0; i < remaining; i++) - final[i] = m[i]; - final[remaining] = 1; - st->final = 1; - burn = poly1305_blocks_ref8 (st, final, POLY1305_REF_BLOCKSIZE); - } - - /* fully reduce h */ - poly1305_freeze_ref8 (st->h); - - /* h = (h + pad) % (1 << 128) */ - poly1305_add_ref8 (st->h, st->pad); - for (i = 0; i < 16; i++) - mac[i] = st->h[i]; - - /* zero out the state */ - for (i = 0; i < 17; i++) - st->h[i] = 0; - for (i = 0; i < 17; i++) - st->r[i] = 0; - for (i = 0; i < 17; i++) - st->pad[i] = 0; - - /* burn_stack */ - return POLY1305_REF_BLOCKSIZE + 18 + 16 * sizeof (void *) + burn; -} - - -static const poly1305_ops_t poly1305_default_ops = { - POLY1305_REF_BLOCKSIZE, - poly1305_init_ext_ref8, - poly1305_blocks_ref8, - poly1305_finish_ext_ref8 -}; - -#endif /* HAVE_U64_TYPEDEF */ diff --git a/cipher/scrypt.c b/cipher/scrypt.c index a05b5bf..13fd1cf 100644 --- a/cipher/scrypt.c +++ b/cipher/scrypt.c @@ -50,8 +50,6 @@ #include "bufhelp.h" /* We really need a 64 bit type for this code. */ -#ifdef HAVE_U64_TYPEDEF - #define SALSA20_INPUT_LENGTH 16 #define ROTL32(n,x) (((x)<<(n)) | ((x)>>(32-(n)))) @@ -322,6 +320,3 @@ _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen, return ec; } - - -#endif /* HAVE_U64_TYPEDEF */ diff --git a/cipher/tiger.c b/cipher/tiger.c index 516bd44..b60ec16 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -31,9 +31,6 @@ #include "bithelp.h" #include "bufhelp.h" -/* We really need a 64 bit type for this code. */ -#ifdef HAVE_U64_TYPEDEF - typedef struct { gcry_md_block_ctx_t bctx; @@ -853,5 +850,3 @@ gcry_md_spec_t _gcry_digest_spec_tiger2 = tiger2_init, _gcry_md_block_write, tiger_final, tiger_read, NULL, sizeof (TIGER_CONTEXT) }; - -#endif /* HAVE_U64_TYPEDEF */ diff --git a/configure.ac b/configure.ac index ff72e3f..8ed8d26 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # Configure.ac script for Libgcrypt # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006, # 2007, 2008, 2009, 2011 Free Software Foundation, Inc. -# Copyright (C) 2012, 2013 g10 Code GmbH +# Copyright (C) 2012, 2013, 2014, 2015 g10 Code GmbH # # This file is part of Libgcrypt. # @@ -198,12 +198,11 @@ enabled_pubkey_ciphers="" # Definitions for message digests. available_digests="crc gostr3411-94 md2 md4 md5 rmd160 sha1 sha256" -available_digests_64="sha512 sha3 tiger whirlpool stribog" +available_digests="$available_digests sha512 sha3 tiger whirlpool stribog" enabled_digests="" # Definitions for kdfs (optional ones) -available_kdfs="s2k pkdf2" -available_kdfs_64="scrypt" +available_kdfs="s2k pkdf2 scrypt" enabled_kdfs="" # Definitions for random modules. @@ -368,13 +367,14 @@ if test "$ac_cv_sizeof_unsigned_int" != "8" \ && test "$ac_cv_sizeof_unsigned_long" != "8" \ && test "$ac_cv_sizeof_unsigned_long_long" != "8" \ && test "$ac_cv_sizeof_uint64_t" != "8"; then - AC_MSG_WARN([No 64-bit types. Disabling TIGER/192, SCRYPT, SHA-384, \ - SHA-512 and GOST R 34.11-12]) -else - available_digests="$available_digests $available_digests_64" - available_kdfs="$available_kdfs $available_kdfs_64" + AC_MSG_ERROR([[ +*** +*** No 64-bit integer type available. +*** It is not possible to build Libgcrypt on this platform. +***]]) fi + # If not specified otherwise, all available algorithms will be # included. default_ciphers="$available_ciphers" diff --git a/src/g10lib.h b/src/g10lib.h index af68870..1070d9e 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -318,13 +318,8 @@ void __gcry_burn_stack (unsigned int bytes); } while(0) #define wipememory(_ptr,_len) wipememory2(_ptr,0,_len) -#ifdef HAVE_U64_TYPEDEF - #define FASTWIPE_T u64 - #define FASTWIPE_MULT (U64_C(0x0101010101010101)) -#else - #define FASTWIPE_T u32 - #define FASTWIPE_MULT (0x01010101U) -#endif +#define FASTWIPE_T u64 +#define FASTWIPE_MULT (U64_C(0x0101010101010101)) /* Following architectures can handle unaligned accesses fast. */ #if defined(HAVE_GCC_ATTRIBUTE_PACKED) && \ diff --git a/src/types.h b/src/types.h index dcdba4f..645ddd6 100644 --- a/src/types.h +++ b/src/types.h @@ -123,6 +123,8 @@ typedef uint64_t u64; # define U64_C(c) (UINT64_C(c)) # define HAVE_U64_TYPEDEF +# else +# error No way to declare a 64 bit integer type # endif #endif @@ -132,9 +134,7 @@ typedef union short b; char c[1]; long d; -#ifdef HAVE_U64_TYPEDEF u64 e; -#endif float f; double g; } PROPERLY_ALIGNED_TYPE; diff --git a/tests/basic.c b/tests/basic.c index 63fbcf6..c633ae9 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -2039,7 +2039,6 @@ check_poly1305_cipher (void) static void check_ccm_cipher (void) { -#ifdef HAVE_U64_TYPEDEF static const struct tv { int algo; @@ -2816,7 +2815,6 @@ check_ccm_cipher (void) if (verbose) fprintf (stderr, " Completed CCM checks.\n"); #endif -#endif /*HAVE_U64_TYPEDEF*/ } diff --git a/tests/bench-slope.c b/tests/bench-slope.c index 3a2aa38..8938f18 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -741,7 +741,6 @@ static struct bench_ops decrypt_ops = { }; -#ifdef HAVE_U64_TYPEDEF static void bench_ccm_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { @@ -904,7 +903,6 @@ static struct bench_ops ccm_authenticate_ops = { &bench_encrypt_free, &bench_ccm_authenticate_do_bench }; -#endif /*HAVE_U64_TYPEDEF*/ static void @@ -1167,11 +1165,9 @@ static struct bench_cipher_mode cipher_modes[] = { {GCRY_CIPHER_MODE_OFB, "OFB dec", &decrypt_ops}, {GCRY_CIPHER_MODE_CTR, "CTR enc", &encrypt_ops}, {GCRY_CIPHER_MODE_CTR, "CTR dec", &decrypt_ops}, -#ifdef HAVE_U64_TYPEDEF {GCRY_CIPHER_MODE_CCM, "CCM enc", &ccm_encrypt_ops}, {GCRY_CIPHER_MODE_CCM, "CCM dec", &ccm_decrypt_ops}, {GCRY_CIPHER_MODE_CCM, "CCM auth", &ccm_authenticate_ops}, -#endif {GCRY_CIPHER_MODE_GCM, "GCM enc", &gcm_encrypt_ops}, {GCRY_CIPHER_MODE_GCM, "GCM dec", &gcm_decrypt_ops}, {GCRY_CIPHER_MODE_GCM, "GCM auth", &gcm_authenticate_ops}, diff --git a/tests/benchmark.c b/tests/benchmark.c index 1258b81..53b83b1 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -724,7 +724,6 @@ mac_bench ( const char *algoname ) } -#ifdef HAVE_U64_TYPEDEF static void ccm_aead_init(gcry_cipher_hd_t hd, size_t buflen, int authlen) { const int _L = 4; @@ -756,7 +755,6 @@ static void ccm_aead_init(gcry_cipher_hd_t hd, size_t buflen, int authlen) exit (1); } } -#endif static void @@ -786,10 +784,8 @@ cipher_bench ( const char *algoname ) { GCRY_CIPHER_MODE_CFB, " CFB", 0 }, { GCRY_CIPHER_MODE_OFB, " OFB", 0 }, { GCRY_CIPHER_MODE_CTR, " CTR", 0 }, -#ifdef HAVE_U64_TYPEDEF { GCRY_CIPHER_MODE_CCM, " CCM", 0, ccm_aead_init, GCRY_CCM_BLOCK_LEN, 8 }, -#endif { GCRY_CIPHER_MODE_GCM, " GCM", 0, NULL, GCRY_GCM_BLOCK_LEN, GCRY_GCM_BLOCK_LEN }, { GCRY_CIPHER_MODE_OCB, " OCB", 1, ----------------------------------------------------------------------- Summary of changes: cipher/bithelp.h | 22 ++--- cipher/bufhelp.h | 6 +- cipher/cipher-ccm.c | 78 ----------------- cipher/cipher-gcm.c | 4 +- cipher/cipher-internal.h | 7 +- cipher/cipher.c | 10 --- cipher/hash-common.h | 2 +- cipher/md.c | 2 - cipher/poly1305.c | 214 ----------------------------------------------- cipher/scrypt.c | 5 -- cipher/tiger.c | 5 -- configure.ac | 18 ++-- src/g10lib.h | 9 +- src/types.h | 4 +- tests/basic.c | 2 - tests/bench-slope.c | 4 - tests/benchmark.c | 4 - 17 files changed, 26 insertions(+), 370 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Mar 19 14:43:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 19 Mar 2016 14:43:58 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-105-gaf9a4af Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via af9a4afbf0b518c8acff98e50135b2beb6c722c3 (commit) from 1aad5c6277ea3852ff57bbf680f61c9136ce4d5c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit af9a4afbf0b518c8acff98e50135b2beb6c722c3 Author: Werner Koch Date: Sat Mar 19 14:43:18 2016 +0100 gpg: Silence trustdb computation with --quiet. * g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet mode. Signed-off-by: Werner Koch diff --git a/g10/trustdb.c b/g10/trustdb.c index 8f2b2cb..1837596 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1962,8 +1962,9 @@ validate_keys (int interactive) klist = utk_list; - log_info ("marginals needed: %d completes needed: %d trust model: %s\n", - opt.marginals_needed, opt.completes_needed, trust_model_string ()); + if (!opt.quiet) + log_info ("marginals needed: %d completes needed: %d trust model: %s\n", + opt.marginals_needed, opt.completes_needed, trust_model_string()); for (depth=0; depth < opt.max_cert_depth; depth++) { @@ -2048,10 +2049,11 @@ validate_keys (int interactive) for (kar=keys; kar->keyblock; kar++) store_validation_status (depth, kar->keyblock, stored); - log_info (_("depth: %d valid: %3d signed: %3d" - " trust: %d-, %dq, %dn, %dm, %df, %du\n"), - depth, valids, key_count, ot_unknown, ot_undefined, - ot_never, ot_marginal, ot_full, ot_ultimate ); + if (!opt.quiet) + log_info (_("depth: %d valid: %3d signed: %3d" + " trust: %d-, %dq, %dn, %dm, %df, %du\n"), + depth, valids, key_count, ot_unknown, ot_undefined, + ot_never, ot_marginal, ot_full, ot_ultimate ); /* Build a new kdlist from all fully valid keys in KEYS */ if (klist != utk_list) @@ -2120,8 +2122,9 @@ validate_keys (int interactive) else { tdbio_write_nextcheck (next_expire); - log_info (_("next trustdb check due at %s\n"), - strtimestamp (next_expire)); + if (!opt.quiet) + log_info (_("next trustdb check due at %s\n"), + strtimestamp (next_expire)); } rc2 = tdbio_update_version_record (); ----------------------------------------------------------------------- Summary of changes: g10/trustdb.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Mar 20 14:29:40 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 20 Mar 2016 14:29:40 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-354-g583919d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 583919d70763671ed9feeaa14e1f66379aff88cc (commit) from 897ccd21b7221982806b5c024518f4e989152f14 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 583919d70763671ed9feeaa14e1f66379aff88cc Author: Jussi Kivilinna Date: Sun Mar 20 15:21:40 2016 +0200 Fix ARM NEON support detection on ARMv6 target * configure.ac (gcry_cv_gcc_inline_asm_neon): Use '.arm' directive instead of '.thumb'. -- Fix allows building ARM NEON assembly implementations when compiler target is ARMv6. This enables NEON implementations on ARMv7+NEON CPUs running on ARMv6 OS (for example, Raspbian on Raspberry Pi 2/3). Signed-off-by: Jussi Kivilinna diff --git a/configure.ac b/configure.ac index 8ed8d26..6a2d61b 100644 --- a/configure.ac +++ b/configure.ac @@ -1487,7 +1487,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports NEON instructions], AC_COMPILE_IFELSE([AC_LANG_SOURCE( [[__asm__( ".syntax unified\n\t" - ".thumb\n\t" + ".arm\n\t" ".fpu neon\n\t" "vld1.64 {%q0-%q1}, [%r0]!;\n\t" "vrev64.8 %q0, %q3;\n\t" ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 22 17:13:51 2016 From: cvs at cvs.gnupg.org (by Tomáš Mráz) Date: Tue, 22 Mar 2016 17:13:51 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-355-g5f9b3c2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5f9b3c2e220ca6d0eaff32324a973ef67933a844 (commit) from 583919d70763671ed9feeaa14e1f66379aff88cc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5f9b3c2e220ca6d0eaff32324a973ef67933a844 Author: Tom?? Mr?z Date: Tue Mar 22 17:12:55 2016 +0100 rsa: Add FIPS 186-4 compliant RSA probable prime key generator. * cipher/primegen.c (_gcry_fips186_4_prime_check): New. * cipher/rsa.c (generate_fips): New. (rsa_generate): Use new function in fips mode or with test-parms. * tests/keygen.c (check_rsa_keys): Add test using e=65539. -- Signed-off-by: Tom?? Mr?z Tom??'s patch war originally for libgcrypt 1.6.3 and has been ported to master (1.7) by wk. Further changes: - ChangeLog entries. - Some re-indentation - Use an extra test case instead of changing an existing one. Signed-off-by: Werner Koch diff --git a/cipher/primegen.c b/cipher/primegen.c index 3ed432b..cccda84 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -1182,6 +1182,27 @@ _gcry_prime_check (gcry_mpi_t x, unsigned int flags) return GPG_ERR_NO_PRIME; } + +/* Check whether the number X is prime according to FIPS 186-4 table C.2. */ +gcry_err_code_t +_gcry_fips186_4_prime_check (gcry_mpi_t x, unsigned int bits) +{ + gcry_err_code_t ec = GPG_ERR_NO_ERROR; + + switch (mpi_cmp_ui (x, 2)) + { + case 0: return ec; /* 2 is a prime */ + case -1: return GPG_ERR_NO_PRIME; /* Only numbers > 1 are primes. */ + } + + /* We use 5 or 4 rounds as specified in table C.2 */ + if (! check_prime (x, mpi_const (MPI_C_TWO), bits > 1024 ? 4 : 5, NULL, NULL)) + ec = GPG_ERR_NO_PRIME; + + return ec; +} + + /* Find a generator for PRIME where the factorization of (prime-1) is in the NULL terminated array FACTORS. Return the generator as a newly allocated MPI in R_G. If START_G is not NULL, use this as s diff --git a/cipher/rsa.c b/cipher/rsa.c index 787b14a..cb3c464 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -356,6 +356,286 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, } +/**************** + * Generate a key pair with a key of size NBITS. + * USE_E = 0 let Libcgrypt decide what exponent to use. + * = 1 request the use of a "secure" exponent; this is required by some + * specification to be 65537. + * > 2 Use this public exponent. If the given exponent + * is not odd one is internally added to it. + * TESTPARMS: If set, do not generate but test whether the p,q is probably prime + * Returns key with zeroes to not break code calling this function. + * TRANSIENT_KEY: If true, generate the primes using the standard RNG. + * Returns: 2 structures filled with all needed values + */ +static gpg_err_code_t +generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, + gcry_sexp_t testparms, int transient_key) +{ + gcry_mpi_t p, q; /* the two primes */ + gcry_mpi_t d; /* the private key */ + gcry_mpi_t u; + gcry_mpi_t p1, q1; + gcry_mpi_t n; /* the public key */ + gcry_mpi_t e; /* the exponent */ + gcry_mpi_t g; + gcry_mpi_t minp; + gcry_mpi_t diff, mindiff; + gcry_random_level_t random_level; + unsigned int pbits = nbits/2; + unsigned int i; + int pqswitch; + gpg_err_code_t ec = GPG_ERR_NO_PRIME; + + if (nbits < 1024 || (nbits & 0x1FF)) + return GPG_ERR_INV_VALUE; + if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072) + return GPG_ERR_INV_VALUE; + + /* The random quality depends on the transient_key flag. */ + random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM; + + if (testparms) + { + /* Parameters to derive the key are given. */ + /* Note that we explicitly need to setup the values of tbl + because some compilers (e.g. OpenWatcom, IRIX) don't allow to + initialize a structure with automatic variables. */ + struct { const char *name; gcry_mpi_t *value; } tbl[] = { + { "e" }, + { "p" }, + { "q" }, + { NULL } + }; + int idx; + gcry_sexp_t oneparm; + + tbl[0].value = &e; + tbl[1].value = &p; + tbl[2].value = &q; + + for (idx=0; tbl[idx].name; idx++) + { + oneparm = sexp_find_token (testparms, tbl[idx].name, 0); + if (oneparm) + { + *tbl[idx].value = sexp_nth_mpi (oneparm, 1, GCRYMPI_FMT_USG); + sexp_release (oneparm); + } + } + for (idx=0; tbl[idx].name; idx++) + if (!*tbl[idx].value) + break; + if (tbl[idx].name) + { + /* At least one parameter is missing. */ + for (idx=0; tbl[idx].name; idx++) + _gcry_mpi_release (*tbl[idx].value); + return GPG_ERR_MISSING_VALUE; + } + } + else + { + if (use_e < 65537) + use_e = 65537; /* This is the smallest value allowed by FIPS */ + + e = mpi_alloc ((32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB); + + use_e |= 1; /* make sure this is odd */ + mpi_set_ui (e, use_e); + + p = mpi_snew (pbits); + q = mpi_snew (pbits); + } + + n = mpi_new (nbits); + d = mpi_snew (nbits); + u = mpi_snew (nbits); + + /* prepare approximate minimum p and q */ + minp = mpi_new (pbits); + mpi_set_ui (minp, 0xB504F334); + mpi_lshift (minp, minp, pbits - 32); + + /* prepare minimum p and q difference */ + diff = mpi_new (pbits); + mindiff = mpi_new (pbits - 99); + mpi_set_ui (mindiff, 1); + mpi_lshift (mindiff, mindiff, pbits - 100); + + p1 = mpi_snew (pbits); + q1 = mpi_snew (pbits); + g = mpi_snew (pbits); + + retry: + /* generate p and q */ + for (i = 0; i < 5 * pbits; i++) + { + ploop: + if (!testparms) + { + _gcry_mpi_randomize (p, pbits, random_level); + } + if (mpi_cmp (p, minp) < 0) + { + if (testparms) + goto err; + goto ploop; + } + + mpi_sub_ui (p1, p, 1); + if (mpi_gcd (g, p1, e)) + { + if (_gcry_fips186_4_prime_check (p, pbits) != GPG_ERR_NO_ERROR) + { + /* not a prime */ + if (testparms) + goto err; + } + else + break; + } + else if (testparms) + goto err; + } + if (i >= 5 * pbits) + goto err; + + for (i = 0; i < 5 * pbits; i++) + { + qloop: + if (!testparms) + { + _gcry_mpi_randomize (q, pbits, random_level); + } + if (mpi_cmp (q, minp) < 0) + { + if (testparms) + goto err; + goto qloop; + } + if (mpi_cmp (p, q) > 0) + { + pqswitch = 1; + mpi_sub (diff, p, q); + } + else + { + pqswitch = 0; + mpi_sub (diff, q, p); + } + if (mpi_cmp (diff, mindiff) < 0) + { + if (testparms) + goto err; + goto qloop; + } + + mpi_sub_ui (q1, q, 1); + if (mpi_gcd (g, q1, e)) + { + if (_gcry_fips186_4_prime_check (q, pbits) != GPG_ERR_NO_ERROR) + { + /* not a prime */ + if (testparms) + goto err; + } + else + break; + } + else if (testparms) + goto err; + } + if (i >= 5 * pbits) + goto err; + + if (testparms) + { + mpi_clear (p); + mpi_clear (q); + } + else + { + gcry_mpi_t f; + + if (pqswitch) + { + gcry_mpi_t tmp; + + tmp = p; + p = q; + q = tmp; + } + + f = mpi_snew (nbits); + + /* calculate the modulus */ + mpi_mul (n, p, q); + + /* calculate the secret key d = e^1 mod phi */ + mpi_gcd (g, p1, q1); + mpi_fdiv_q (f, p1, g); + mpi_mul (f, f, q1); + + mpi_invm (d, e, f); + + _gcry_mpi_release (f); + + if (mpi_get_nbits (d) < pbits) + goto retry; + + /* calculate the inverse of p and q (used for chinese remainder theorem)*/ + mpi_invm (u, p, q ); + } + + ec = 0; + + if (DBG_CIPHER) + { + log_mpidump(" p= ", p ); + log_mpidump(" q= ", q ); + log_mpidump(" n= ", n ); + log_mpidump(" e= ", e ); + log_mpidump(" d= ", d ); + log_mpidump(" u= ", u ); + } + + err: + + _gcry_mpi_release (p1); + _gcry_mpi_release (q1); + _gcry_mpi_release (g); + _gcry_mpi_release (minp); + _gcry_mpi_release (mindiff); + _gcry_mpi_release (diff); + + sk->n = n; + sk->e = e; + sk->p = p; + sk->q = q; + sk->d = d; + sk->u = u; + + /* Now we can test our keys. */ + if (ec || (!testparms && test_keys (sk, nbits - 64))) + { + _gcry_mpi_release (sk->n); sk->n = NULL; + _gcry_mpi_release (sk->e); sk->e = NULL; + _gcry_mpi_release (sk->p); sk->p = NULL; + _gcry_mpi_release (sk->q); sk->q = NULL; + _gcry_mpi_release (sk->d); sk->d = NULL; + _gcry_mpi_release (sk->u); sk->u = NULL; + if (!ec) + { + fips_signal_error ("self-test after key generation failed"); + return GPG_ERR_SELFTEST_FAILED; + } + } + + return ec; +} + + /* Helper for generate_x931. */ static gcry_mpi_t gen_x931_parm_xp (unsigned int nbits) @@ -816,7 +1096,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) } } - if (deriveparms || (flags & PUBKEY_FLAG_USE_X931) || fips_mode ()) + if (deriveparms || (flags & PUBKEY_FLAG_USE_X931)) { int swapped; ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped); @@ -836,9 +1116,21 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) sexp_release (l1); } } + deriveparms = (genparms? sexp_find_token (genparms, "test-parms", 0) + /**/ : NULL); + /* Generate. */ - ec = generate_std (&sk, nbits, evalue, - !!(flags & PUBKEY_FLAG_TRANSIENT_KEY)); + if (deriveparms || fips_mode()) + { + ec = generate_fips (&sk, nbits, evalue, deriveparms, + !!(flags & PUBKEY_FLAG_TRANSIENT_KEY)); + } + else + { + ec = generate_std (&sk, nbits, evalue, + !!(flags & PUBKEY_FLAG_TRANSIENT_KEY)); + } + sexp_release (deriveparms); } if (!ec) diff --git a/src/g10lib.h b/src/g10lib.h index 1070d9e..170ffa1 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -263,6 +263,9 @@ gpg_err_code_t _gcry_generate_fips186_3_prime int *r_counter, void **r_seed, size_t *r_seedlen, int *r_hashalgo); +gpg_err_code_t _gcry_fips186_4_prime_check (const gcry_mpi_t x, + unsigned int bits); + /* Replacements of missing functions (missing-string.c). */ #ifndef HAVE_STPCPY diff --git a/tests/keygen.c b/tests/keygen.c index dcb59e4..4bcea20 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -236,6 +236,28 @@ check_rsa_keys (void) if (verbose) + show ("creating 1024 bit RSA key with e=65539\n"); + rc = gcry_sexp_new (&keyparm, + "(genkey\n" + " (rsa\n" + " (nbits 4:1024)\n" + " (rsa-use-e 5:65539)\n" + " ))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc && !in_fips_mode) + fail ("error generating RSA key: %s\n", gpg_strerror (rc)); + else if (!rc && in_fips_mode) + fail ("generating RSA key must not work!"); + + if (!rc) + check_generated_rsa_key (key, 65539); + gcry_sexp_release (key); + + + if (verbose) show ("creating 512 bit RSA key with e=257\n"); rc = gcry_sexp_new (&keyparm, "(genkey\n" ----------------------------------------------------------------------- Summary of changes: cipher/primegen.c | 21 ++++ cipher/rsa.c | 298 +++++++++++++++++++++++++++++++++++++++++++++++++++++- src/g10lib.h | 3 + tests/keygen.c | 22 ++++ 4 files changed, 341 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 22 17:56:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 22 Mar 2016 17:56:08 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-356-gd328095 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d328095dd4de83b839d9d8c4bdbeec0956971016 (commit) from 5f9b3c2e220ca6d0eaff32324a973ef67933a844 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d328095dd4de83b839d9d8c4bdbeec0956971016 Author: Werner Koch Date: Tue Mar 22 17:49:50 2016 +0100 tests: Add options --fips to keygen for manual tests. (main): Add option --fips. * tests/keygen.c (check_rsa_keys): Create an 2048 bit key with e=65539 because that is valid in FIPS mode. Check that key generation fails for too short keys in FIPS mode. (check_ecc_keys): Check that key generation fails for Ed25519 keys in FIPS mode. -- This option allows to test the FIPS mode manually for key generation. We should eventually expand all tests to allow testing in FIPS mode in non FIPS enabled boxes. Signed-off-by: Werner Koch diff --git a/tests/keygen.c b/tests/keygen.c index 4bcea20..ebb708b 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -234,23 +234,20 @@ check_rsa_keys (void) } gcry_sexp_release (key); - if (verbose) - show ("creating 1024 bit RSA key with e=65539\n"); + show ("creating 2048 bit RSA key with e=65539\n"); rc = gcry_sexp_new (&keyparm, "(genkey\n" " (rsa\n" - " (nbits 4:1024)\n" + " (nbits 4:2048)\n" " (rsa-use-e 5:65539)\n" " ))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc && !in_fips_mode) + if (rc) fail ("error generating RSA key: %s\n", gpg_strerror (rc)); - else if (!rc && in_fips_mode) - fail ("generating RSA key must not work!"); if (!rc) check_generated_rsa_key (key, 65539); @@ -274,6 +271,10 @@ check_rsa_keys (void) else if (!rc && in_fips_mode) fail ("generating 512 bit RSA key must not work!"); + if (verbose && rc && in_fips_mode) + show ("... correctly rejected key creation in FIPS mode (%s)\n", + gpg_strerror (rc)); + if (!rc) check_generated_rsa_key (key, 257); gcry_sexp_release (key); @@ -295,6 +296,11 @@ check_rsa_keys (void) else if (!rc && in_fips_mode) fail ("generating 512 bit RSA key must not work!"); + if (verbose && rc && in_fips_mode) + show ("... correctly rejected key creation in FIPS mode (%s)\n", + gpg_strerror (rc)); + + if (!rc) check_generated_rsa_key (key, 0); /* We don't expect a constant exponent. */ gcry_sexp_release (key); @@ -517,14 +523,23 @@ check_ecc_keys (void) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc) + if (rc && !in_fips_mode) die ("error generating ECC key using curve Ed25519 for ECDSA: %s\n", gpg_strerror (rc)); + else if (!rc && in_fips_mode) + fail ("generating Ed25519 key must not work!"); - if (verbose > 1) - show_sexp ("ECC key:\n", key); + if (verbose && rc && in_fips_mode) + show ("... correctly rejected key creation in FIPS mode (%s)\n", + gpg_strerror (rc)); - check_generated_ecc_key (key); + if (!rc) + { + if (verbose > 1) + show_sexp ("ECC key:\n", key); + + check_generated_ecc_key (key); + } gcry_sexp_release (key); if (verbose) @@ -535,10 +550,16 @@ check_ecc_keys (void) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc) + if (rc && !in_fips_mode) die ("error generating ECC key using curve Ed25519 for ECDSA" " (nocomp): %s\n", gpg_strerror (rc)); + else if (!rc && in_fips_mode) + fail ("generating Ed25519 key must not work in FIPS mode!"); + + if (verbose && rc && in_fips_mode) + show ("... correctly rejected key creation in FIPS mode (%s)\n", + gpg_strerror (rc)); if (verbose) show ("creating ECC key using curve NIST P-384 for ECDSA\n"); @@ -589,13 +610,23 @@ check_ecc_keys (void) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc) + if (rc && !in_fips_mode) die ("error generating ECC key using curve Ed25519 for ECDSA" " (transient-key): %s\n", gpg_strerror (rc)); - if (verbose > 1) - show_sexp ("ECC key:\n", key); - check_generated_ecc_key (key); + else if (!rc && in_fips_mode) + fail ("generating Ed25519 key must not work in FIPS mode!"); + + if (verbose && rc && in_fips_mode) + show ("... correctly rejected key creation in FIPS mode (%s)\n", + gpg_strerror (rc)); + + if (!rc) + { + if (verbose > 1) + show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); + } gcry_sexp_release (key); if (verbose) @@ -608,13 +639,23 @@ check_ecc_keys (void) die ("error creating S-expression: %s\n", gpg_strerror (rc)); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); - if (rc) + if (rc && !in_fips_mode) die ("error generating ECC key using curve Ed25519 for ECDSA" " (transient-key no-keytest): %s\n", gpg_strerror (rc)); - if (verbose > 1) - show_sexp ("ECC key:\n", key); - check_generated_ecc_key (key); + else if (!rc && in_fips_mode) + fail ("generating Ed25519 key must not work in FIPS mode!"); + + if (verbose && rc && in_fips_mode) + show ("... correctly rejected key creation in FIPS mode (%s)\n", + gpg_strerror (rc)); + + if (!rc) + { + if (verbose > 1) + show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); + } gcry_sexp_release (key); } @@ -682,6 +723,7 @@ usage (int mode) "Options:\n" " --verbose be verbose\n" " --debug flyswatter\n" + " --fips run in FIPS mode\n" " --progress print progress indicators\n", mode? stderr : stdout); if (mode) @@ -692,6 +734,7 @@ int main (int argc, char **argv) { int last_argc = -1; + int opt_fips = 0; int with_progress = 0; if (argc) @@ -721,6 +764,11 @@ main (int argc, char **argv) debug++; argc--; argv++; } + else if (!strcmp (*argv, "--fips")) + { + argc--; argv++; + opt_fips = 1; + } else if (!strcmp (*argv, "--progress")) { argc--; argv++; @@ -732,9 +780,16 @@ main (int argc, char **argv) break; } + gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose); + if (opt_fips) + gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); + if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + + if (!opt_fips) + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); if (debug) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); @@ -746,6 +801,9 @@ main (int argc, char **argv) if ( gcry_fips_mode_active () ) in_fips_mode = 1; + if (opt_fips && !in_fips_mode) + die ("failed to switch into FIPS mode\n"); + if (!argc) { check_rsa_keys (); ----------------------------------------------------------------------- Summary of changes: tests/keygen.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 78 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 22 20:25:22 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 22 Mar 2016 20:25:22 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-107-gfc30c07 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fc30c079a348436868968850dabf653b91f82419 (commit) via 7f919063d3e426104fe58ae779a9a066140014c1 (commit) from af9a4afbf0b518c8acff98e50135b2beb6c722c3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fc30c079a348436868968850dabf653b91f82419 Author: Werner Koch Date: Tue Mar 22 20:24:52 2016 +0100 gpg: Improve message when asking for key capabilities. * g10/keygen.c (ask_key_flags): Improve message. -- Because the curve is only selected after the capabilities are queried we do not know whether ECDSA or EdDSA will eventually be used. When printing the possible capabilities we now use print "ECDSA/EdDSA" for the algorithm. Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index 9cfa5f7..a7d7d27 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1658,7 +1658,7 @@ print_key_flags(int flags) } -/* Ask for the key flags and return them. CURRENT gives the curren +/* Ask for the key flags and return them. CURRENT gives the current * usage which should normally be given as 0. */ unsigned int ask_key_flags (int algo, int subkey, unsigned int current) @@ -1673,10 +1673,10 @@ ask_key_flags (int algo, int subkey, unsigned int current) a = Toggle authentication capability q = Finish */ - const char *togglers=_("SsEeAaQq"); - char *answer=NULL; + const char *togglers = _("SsEeAaQq"); + char *answer = NULL; const char *s; - unsigned int possible=openpgp_pk_algo_usage(algo); + unsigned int possible = openpgp_pk_algo_usage(algo); if ( strlen(togglers) != 8 ) { @@ -1701,7 +1701,9 @@ ask_key_flags (int algo, int subkey, unsigned int current) { tty_printf("\n"); tty_printf(_("Possible actions for a %s key: "), - openpgp_pk_algo_name (algo)); + (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA) + ? "ECDSA/EdDSA" : openpgp_pk_algo_name (algo)); print_key_flags(possible); tty_printf("\n"); tty_printf(_("Current allowed actions: ")); commit 7f919063d3e426104fe58ae779a9a066140014c1 Author: Werner Koch Date: Tue Mar 22 19:55:25 2016 +0100 gpg: Remove the extra prompt for Curve25519. * g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve. (ask_curve): Use a fixed table of curve names and reserve a slot for Curve448. Simplify CurveNNNN/EdNNNN switching. (ask_curve): Remove the Curve25519 is non-standard prompt. -- Given that ECC generation is only available in export mode and that gpg will in any case support our current ed2559/cv25519 definition the extra prompt does not make anymore sense. Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index 1cf8648..9cfa5f7 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2143,26 +2143,32 @@ ask_keysize (int algo, unsigned int primary_keysize) static char * ask_curve (int *algo, int *subkey_algo) { + /* NB: We always use a complete algo list so that we have stable + numbers in the menu regardless on how Gpg was configured. */ struct { const char *name; - int available; + int available; /* Available in Libycrypt (runtime checked) */ int expert_only; - int fix_curve; + const char* eddsa_curve; /* Corresponding EdDSA curve. */ const char *pretty_name; + int supported; /* Supported by gpg. */ } curves[] = { -#if GPG_USE_EDDSA - { "Curve25519", 0, 0, 1, "Curve 25519" }, -#endif #if GPG_USE_ECDSA || GPG_USE_ECDH - { "NIST P-256", 0, 1, 0, }, - { "NIST P-384", 0, 0, 0, }, - { "NIST P-521", 0, 1, 0, }, - { "brainpoolP256r1", 0, 1, 0, "Brainpool P-256" }, - { "brainpoolP384r1", 0, 1, 0, "Brainpool P-384" }, - { "brainpoolP512r1", 0, 1, 0, "Brainpool P-512" }, - { "secp256k1", 0, 1, 0 }, +# define MY_USE_ECDSADH 1 +#else +# define MY_USE_ECDSADH 0 #endif + { "Curve25519", 0, 0, "Ed25519", "Curve 25519", GPG_USE_EDDSA }, + { "Curve448", 0, 1, "Ed448", "Curve 448", 0/*reserved*/ }, + { "NIST P-256", 0, 1, NULL, NULL, MY_USE_ECDSADH }, + { "NIST P-384", 0, 0, NULL, NULL, MY_USE_ECDSADH }, + { "NIST P-521", 0, 1, NULL, NULL, MY_USE_ECDSADH }, + { "brainpoolP256r1", 0, 1, NULL, "Brainpool P-256", MY_USE_ECDSADH }, + { "brainpoolP384r1", 0, 1, NULL, "Brainpool P-384", MY_USE_ECDSADH }, + { "brainpoolP512r1", 0, 1, NULL, "Brainpool P-512", MY_USE_ECDSADH }, + { "secp256k1", 0, 1, NULL, NULL, MY_USE_ECDSADH }, }; +#undef MY_USE_ECDSADH int idx; char *answer; char *result = NULL; @@ -2170,32 +2176,32 @@ ask_curve (int *algo, int *subkey_algo) tty_printf (_("Please select which elliptic curve you want:\n")); - again: keyparms = NULL; for (idx=0; idx < DIM(curves); idx++) { int rc; curves[idx].available = 0; + if (!curves[idx].supported) + continue; if (!opt.expert && curves[idx].expert_only) continue; - /* FIXME: The strcmp below is a temporary hack during - development. It shall be removed as soon as we have proper - Curve25519 support in Libgcrypt. */ + /* We need to switch from the ECDH name of the curve to the + EDDSA name of the curve if we want a signing key. */ gcry_sexp_release (keyparms); rc = gcry_sexp_build (&keyparms, NULL, "(public-key(ecc(curve %s)))", - (!strcmp (curves[idx].name, "Curve25519") - ? "Ed25519" : curves[idx].name)); + curves[idx].eddsa_curve? curves[idx].eddsa_curve + /**/ : curves[idx].name); if (rc) continue; if (!gcry_pk_get_curve (keyparms, 0, NULL)) continue; - if (subkey_algo && curves[idx].fix_curve) + if (subkey_algo && curves[idx].eddsa_curve) { - /* Both Curve 25519 keys are to be created. Check that - Libgcrypt also supports the real Curve25519. */ + /* Both Curve 25519 (or 448) keys are to be created. Check that + Libgcrypt also supports the real Curve25519 (or 448). */ gcry_sexp_release (keyparms); rc = gcry_sexp_build (&keyparms, NULL, "(public-key(ecc(curve %s)))", @@ -2242,25 +2248,15 @@ ask_curve (int *algo, int *subkey_algo) tty_printf (_("Invalid selection.\n")); else { - if (curves[idx].fix_curve) - { - log_info ("WARNING: Curve25519 is not yet part of the" - " OpenPGP standard.\n"); - - if (!cpr_get_answer_is_yes("experimental_curve.override", - "Use this curve anyway? (y/N) ") ) - goto again; - } - /* If the user selected a signing algorithm and Curve25519 - we need to update the algo and and the curve name. */ + we need to set the algo to EdDSA and update the curve name. */ if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) - && curves[idx].fix_curve) + && curves[idx].eddsa_curve) { if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) *subkey_algo = PUBKEY_ALGO_EDDSA; *algo = PUBKEY_ALGO_EDDSA; - result = xstrdup ("Ed25519"); + result = xstrdup (curves[idx].eddsa_curve); } else result = xstrdup (curves[idx].name); ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 76 +++++++++++++++++++++++++++++------------------------------- 1 file changed, 37 insertions(+), 39 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 23 11:25:34 2016 From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat) Date: Wed, 23 Mar 2016 11:25:34 +0100 Subject: [git] Scute - branch, master, updated. scute-1.3.0-52-gdd7cf6c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "PKCS#11 token on top of gpg-agent". The branch, master has been updated via dd7cf6c77904395ea32052ae213465d4794cef03 (commit) from 086b72ab07016778fea1ffeb8e5cc340d2116f6a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd7cf6c77904395ea32052ae213465d4794cef03 Author: Damien Goutte-Gattat Date: Wed Mar 23 09:35:46 2016 +0100 scute: Remove prepended nul byte in signature data * src/agent.c (pksign_parse_result): Check for nul byte prepended by the agent to the signature value. -- GPG Agent may prepend a nul byte in the signature value if the first byte of the signature has its most significant bit set, to prevent it from being interpreted as a sign bit (see the function agent_pksign_do, in GnuPG's agent/pksign.c file). The current sexp parser in Scute does not expect this extra nul byte, and will reject any signature containing it with a GPG_ERR_INV_LENGTH error. This patch checks for an initial nul byte in the signature data, and removes it. Signed-off-by: Damien Goutte-Gattat diff --git a/src/agent.c b/src/agent.c index 7e968c0..ac5a30f 100644 --- a/src/agent.c +++ b/src/agent.c @@ -1025,6 +1025,13 @@ pksign_parse_result (const struct signature *sig, if (! n) return gpg_error (GPG_ERR_INV_SEXP); + /* Remove nul byte prepended by gpg-agent. */ + if (*s == 0) + { + n -= 1; + s += 1; + } + if (*len < (unsigned int) n) return gpg_error (GPG_ERR_INV_LENGTH); ----------------------------------------------------------------------- Summary of changes: src/agent.c | 7 +++++++ 1 file changed, 7 insertions(+) hooks/post-receive -- PKCS#11 token on top of gpg-agent http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 23 12:41:02 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Mar 2016 12:41:02 +0100 Subject: [git] Scute - branch, master, updated. scute-1.3.0-55-g2d8d4f0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "PKCS#11 token on top of gpg-agent". The branch, master has been updated via 2d8d4f0f7415f368690ecc4164a62598a125d5d9 (commit) via fd7c84b61f535deef5235f503a51dc523d1d0e23 (commit) via e1b15651be68db1d33f68d5393ce737e02c1e823 (commit) from dd7cf6c77904395ea32052ae213465d4794cef03 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2d8d4f0f7415f368690ecc4164a62598a125d5d9 Author: Werner Koch Date: Wed Mar 23 12:40:21 2016 +0100 Remove unused variable. * src/slots.c (session_sign): Remove uses var "session". Signed-off-by: Werner Koch diff --git a/src/slots.c b/src/slots.c index 70d230c..136d64e 100644 --- a/src/slots.c +++ b/src/slots.c @@ -1007,7 +1007,6 @@ session_sign (slot_iterator_t id, session_iterator_t sid, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) { struct slot *slot = scute_table_data (slots, id); - struct session *session = scute_table_data (slot->sessions, sid); gpg_error_t err; unsigned int sig_len; commit fd7c84b61f535deef5235f503a51dc523d1d0e23 Author: Werner Koch Date: Wed Mar 23 12:36:45 2016 +0100 Strip trailing spaces from two files. -- diff --git a/src/agent.c b/src/agent.c index b49bd2f..b51dc7e 100644 --- a/src/agent.c +++ b/src/agent.c @@ -2,7 +2,7 @@ Copyright (C) 2006, 2007, 2008, 2015 g10 Code GmbH This file is part of Scute. - + Scute is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -66,7 +66,7 @@ static int agent_version_minor; /* Hack required for Windows. */ -void +void gnupg_allow_set_foregound_window (pid_t pid) { if (!pid || pid == (pid_t)(-1)) @@ -112,7 +112,7 @@ build_w32_commandline_copy (char *buffer, const char *string) /* Build a command line for use with W32's CreateProcess. On success CMDLINE gets the address of a newly allocated string. */ static gpg_error_t -build_w32_commandline (const char *pgmname, const char * const *argv, +build_w32_commandline (const char *pgmname, const char * const *argv, char **cmdline) { int i, n; @@ -140,7 +140,7 @@ build_w32_commandline (const char *pgmname, const char * const *argv, return gpg_error_from_syserror (); p = build_w32_commandline_copy (p, pgmname); - for (i=0; argv[i]; i++) + for (i=0; argv[i]; i++) { *p++ = ' '; p = build_w32_commandline_copy (p, argv[i]); @@ -162,7 +162,7 @@ spawn_process_detached (const char *pgmname, const char *argv[]) { gpg_error_t err; SECURITY_ATTRIBUTES sec_attr; - PROCESS_INFORMATION pi = + PROCESS_INFORMATION pi = { NULL, /* Returns process handle. */ 0, /* Returns primary thread handle. */ @@ -180,11 +180,11 @@ spawn_process_detached (const char *pgmname, const char *argv[]) memset (&sec_attr, 0, sizeof sec_attr ); sec_attr.nLength = sizeof sec_attr; sec_attr.bInheritHandle = FALSE; - + /* Build the command line. */ err = build_w32_commandline (pgmname, argv, &cmdline); if (err) - return err; + return err; /* Start the process. */ memset (&si, 0, sizeof si); @@ -195,7 +195,7 @@ spawn_process_detached (const char *pgmname, const char *argv[]) cr_flags = (CREATE_DEFAULT_ERROR_MODE | GetPriorityClass (GetCurrentProcess ()) | CREATE_NEW_PROCESS_GROUP - | DETACHED_PROCESS); + | DETACHED_PROCESS); DEBUG (DBG_INFO, "CreateProcess(detached), path=`%s' cmdline=`%s'\n", pgmname, cmdline); if (!CreateProcess (pgmname, /* Program to start. */ @@ -222,7 +222,7 @@ spawn_process_detached (const char *pgmname, const char *argv[]) " dwProcessID=%d dwThreadId=%d\n", pi.hProcess, pi.hThread, (int) pi.dwProcessId, (int) pi.dwThreadId); - CloseHandle (pi.hThread); + CloseHandle (pi.hThread); return 0; } @@ -281,8 +281,8 @@ agent_connect (assuan_context_t *ctx_r) const char *argv[3]; argv[0] = "--daemon"; - argv[1] = "--use-standard-socket"; - argv[2] = NULL; + argv[1] = "--use-standard-socket"; + argv[2] = NULL; err = spawn_process_detached (agent_program, argv); if (err) @@ -307,15 +307,15 @@ agent_connect (assuan_context_t *ctx_r) pgmname = agent_program; else pgmname++; - + argv[0] = pgmname; argv[1] = "--server"; argv[2] = NULL; - + i=0; no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); no_close_list[i] = -1; - + /* Connect to the agent and perform initial handshaking. */ err = assuan_pipe_connect (ctx, agent_program, argv, no_close_list, NULL, NULL, 0); @@ -354,7 +354,7 @@ agent_connect (assuan_context_t *ctx_r) force_pipe_server = 1; goto restart; } - + err = assuan_socket_connect (ctx, infostr, pid, 0); free (infostr); if (err) @@ -401,7 +401,7 @@ default_inq_cb (void *opaque, const char *line) /* Send a simple command to the agent. */ -static gpg_error_t +static gpg_error_t agent_simple_cmd (assuan_context_t ctx, const char *fmt, ...) { gpg_error_t err; @@ -422,7 +422,7 @@ agent_simple_cmd (assuan_context_t ctx, const char *fmt, ...) DEBUG (DBG_CRIT, "gpg-agent command '%s' failed: %s", optstr, gpg_strerror (err)); free (optstr); - + return err; } @@ -447,7 +447,7 @@ read_version_cb (void *opaque, const void *buffer, size_t length) return 0; } - + /* Configure the GPG agent at connection CTX. */ static gpg_error_t @@ -614,7 +614,7 @@ unescape_status_string (const unsigned char *src) while (*src) { if (*src == '%' && src[1] && src[2]) - { + { src++; *dst = xtoi_2 (src); if (*dst == '\0') @@ -630,7 +630,7 @@ unescape_status_string (const unsigned char *src) else *(dst++) = *(src++); } - *dst = 0; + *dst = 0; return buffer; } @@ -892,7 +892,7 @@ geteventcounter_status_cb (void *opaque, const char *line) last_count = count; } } - + return 0; } diff --git a/src/slots.c b/src/slots.c index b1712aa..70d230c 100644 --- a/src/slots.c +++ b/src/slots.c @@ -2,7 +2,7 @@ Copyright (C) 2006 g10 Code GmbH This file is part of Scute. - + Scute is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -464,7 +464,7 @@ slots_update (void) err = slots_update_slot (id); if (err) - return err; + return err; id = scute_table_next (slots, id); } @@ -1029,6 +1029,6 @@ session_sign (slot_iterator_t id, session_iterator_t sid, /* FIXME: Oh well. */ if (gpg_err_code (err) == GPG_ERR_INV_ARG) return CKR_BUFFER_TOO_SMALL; - + return scute_gpg_err_to_ck (err); } commit e1b15651be68db1d33f68d5393ce737e02c1e823 Author: Werner Koch Date: Wed Mar 23 12:35:38 2016 +0100 Minor cleanup for commit dd7cf6c. * src/agent.c (pksign_parse_result): Remove leading Nul byte only if it is a suffix. -- Signed-off-by: Werner Koch diff --git a/src/agent.c b/src/agent.c index ac5a30f..b49bd2f 100644 --- a/src/agent.c +++ b/src/agent.c @@ -1026,7 +1026,7 @@ pksign_parse_result (const struct signature *sig, return gpg_error (GPG_ERR_INV_SEXP); /* Remove nul byte prepended by gpg-agent. */ - if (*s == 0) + if (!*s && n > 1) { n -= 1; s += 1; ----------------------------------------------------------------------- Summary of changes: src/agent.c | 44 ++++++++++++++++++++++---------------------- src/slots.c | 7 +++---- 2 files changed, 25 insertions(+), 26 deletions(-) hooks/post-receive -- PKCS#11 token on top of gpg-agent http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 23 12:51:59 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Mar 2016 12:51:59 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-360-g7c9c82f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 7c9c82feecf94a455c66d9c38576f36c9c4b484c (commit) via 6821e1bd94969106a70e3de17b86f6e6181f4e59 (commit) via 15785bc9fb1787554bf371945ecb191830c15bfd (commit) via d3d7bdf8215275b3b20690dfde3f43dbe25b6f85 (commit) from d328095dd4de83b839d9d8c4bdbeec0956971016 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7c9c82feecf94a455c66d9c38576f36c9c4b484c Author: Werner Koch Date: Wed Mar 23 12:47:30 2016 +0100 cipher: Check length of supplied tag in _gcry_cipher_poly1305_check_tag. * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_tag): Check that the provided tag length matches the actual tag length. -- Signed-off-by: Werner Koch diff --git a/cipher/cipher-poly1305.c b/cipher/cipher-poly1305.c index fb81774..a2a74e8 100644 --- a/cipher/cipher-poly1305.c +++ b/cipher/cipher-poly1305.c @@ -243,12 +243,20 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c, c->marks.tag = 1; } - if (check) - return buf_eq_const(outbuf, c->u_iv.iv, POLY1305_TAGLEN) ? - GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM; + if (!check) + { + memcpy (outbuf, c->u_iv.iv, POLY1305_TAGLEN); + } + else + { + /* OUTBUFLEN gives the length of the user supplied tag in OUTBUF + * and thus we need to compare its length first. */ + if (outbuflen != POLY1305_TAGLEN + || !buf_eq_const (outbuf, c->u_iv.iv, POLY1305_TAGLEN)) + return GPG_ERR_CHECKSUM; + } - memcpy (outbuf, c->u_iv.iv, POLY1305_TAGLEN); - return GPG_ERR_NO_ERROR; + return 0; } commit 6821e1bd94969106a70e3de17b86f6e6181f4e59 Author: Peter Wu Date: Wed Mar 23 03:45:21 2016 +0100 Fix buffer overrun in gettag for Poly1305 * cipher/cipher-poly1305.c: copy a fixed length instead of the user-supplied number. -- The outbuflen is used to check the minimum size, the real tag is always of fixed length. Signed-off-by: Peter Wu diff --git a/cipher/cipher-poly1305.c b/cipher/cipher-poly1305.c index 965a7b6..fb81774 100644 --- a/cipher/cipher-poly1305.c +++ b/cipher/cipher-poly1305.c @@ -215,7 +215,7 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c, { gcry_err_code_t err; - if (outbuflen < GCRY_GCM_BLOCK_LEN) + if (outbuflen < POLY1305_TAGLEN) return GPG_ERR_BUFFER_TOO_SHORT; if (c->u_mode.poly1305.bytecount_over_limits) return GPG_ERR_INV_LENGTH; @@ -244,10 +244,10 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c, } if (check) - return buf_eq_const(outbuf, c->u_iv.iv, outbuflen) ? + return buf_eq_const(outbuf, c->u_iv.iv, POLY1305_TAGLEN) ? GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM; - memcpy (outbuf, c->u_iv.iv, outbuflen); + memcpy (outbuf, c->u_iv.iv, POLY1305_TAGLEN); return GPG_ERR_NO_ERROR; } commit 15785bc9fb1787554bf371945ecb191830c15bfd Author: Werner Koch Date: Wed Mar 23 11:07:52 2016 +0100 cipher: Check length of supplied tag in _gcry_cipher_gcm_check_tag. * cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided tag length matches the actual tag length. Avoid gratuitous return statements. -- Signed-off-by: Werner Koch diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index cb81ea9..5e9dec4 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -803,13 +803,18 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c, if (!check) { + /* NB: We already checked that OUTBUF is large enough to hold + the result. */ memcpy (outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN); - return GPG_ERR_NO_ERROR; } else { - return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN) ? - GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM; + /* OUTBUFLEN gives the length of the user supplied tag in OUTBUF + * and thus we need to compare its length first. */ + if (outbuflen != GCRY_GCM_BLOCK_LEN + || !buf_eq_const (outbuf, c->u_mode.gcm.u_tag.tag, + GCRY_GCM_BLOCK_LEN)) + return GPG_ERR_CHECKSUM; } return 0; commit d3d7bdf8215275b3b20690dfde3f43dbe25b6f85 Author: Peter Wu Date: Wed Mar 23 03:45:20 2016 +0100 Fix buffer overrun in gettag for GCM * cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied number. -- The outbuflen is used to check the minimum size, the real tag is always of fixed length. Signed-off-by: Peter Wu Actually this is not a buffer overrun because we copy not more than has been allocated for OUTBUF. However a too long OUTBUFLEN accesses data outside of the source buffer. -wk diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index d390ef8..cb81ea9 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -803,12 +803,12 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c, if (!check) { - memcpy (outbuf, c->u_mode.gcm.u_tag.tag, outbuflen); + memcpy (outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN); return GPG_ERR_NO_ERROR; } else { - return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, outbuflen) ? + return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN) ? GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM; } ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm.c | 13 +++++++++---- cipher/cipher-poly1305.c | 20 ++++++++++++++------ 2 files changed, 23 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 23 12:59:28 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Mar 2016 12:59:28 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, updated. libgcrypt-1.6.5-7-ga6855de Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been updated via a6855de9fedc16a05f68e3fdda2f6fdaab2388fb (commit) via 489831a7299b461740f696dabd913eaec03ee16a (commit) from c03cc004133ab261e514ddd37ca40da17df7e6d8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a6855de9fedc16a05f68e3fdda2f6fdaab2388fb Author: Werner Koch Date: Wed Mar 23 11:07:52 2016 +0100 cipher: Check length of supplied tag in _gcry_cipher_gcm_check_tag. * cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided tag length matches the actual tag length. Avoid gratuitous return statements. -- Signed-off-by: Werner Koch diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index f7e840d..93d5214 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -1148,13 +1148,18 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c, if (!check) { + /* NB: We already checked that OUTBUF is large enough to hold + the result. */ memcpy (outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN); - return GPG_ERR_NO_ERROR; } else { - return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN) ? - GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM; + /* OUTBUFLEN gives the length of the user supplied tag in OUTBUF + * and thus we need to compare its length first. */ + if (outbuflen != GCRY_GCM_BLOCK_LEN + || !buf_eq_const (outbuf, c->u_mode.gcm.u_tag.tag, + GCRY_GCM_BLOCK_LEN)) + return GPG_ERR_CHECKSUM; } return 0; commit 489831a7299b461740f696dabd913eaec03ee16a Author: Peter Wu Date: Wed Mar 23 03:45:20 2016 +0100 Fix buffer overrun in gettag for GCM * cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied number. -- The outbuflen is used to check the minimum size, the real tag is always of fixed length. Signed-off-by: Peter Wu Actually this is not a buffer overrun because we copy not more than has been allocated for OUTBUF. However a too long OUTBUFLEN accesses data outside of the source buffer. -wk diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index 457e337..f7e840d 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -1148,12 +1148,12 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c, if (!check) { - memcpy (outbuf, c->u_mode.gcm.u_tag.tag, outbuflen); + memcpy (outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN); return GPG_ERR_NO_ERROR; } else { - return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, outbuflen) ? + return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN) ? GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM; } ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 23 14:16:56 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Mar 2016 14:16:56 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-361-ge709d86 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e709d86fe596a4bcf235799468947c13ae657d78 (commit) from 7c9c82feecf94a455c66d9c38576f36c9c4b484c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e709d86fe596a4bcf235799468947c13ae657d78 Author: Werner Koch Date: Wed Mar 23 14:13:18 2016 +0100 cipher: Avoid NULL-segv in GCM mode if a key has not been set. * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt): Check that GHASH_FN has been initialized. (_gcry_cipher_gcm_decrypt): Ditto. (_gcry_cipher_gcm_authenticate): Ditto. (_gcry_cipher_gcm_initiv): Ditto. (_gcry_cipher_gcm_tag): Ditto. -- Avoid a crash if certain functions are used before setkey. Reported-by: Peter Wu One crash is not fixed, that is the crash when setkey is not invoked before using the GCM ciphers (introduced in the 1.7.0 cycle). Either these functions should check that the key is present, or they should initialize the ghash table earlier. Affected functions: _gcry_cipher_gcm_encrypt _gcry_cipher_gcm_decrypt _gcry_cipher_gcm_authenticate _gcry_cipher_gcm_initiv (via _gcry_cipher_gcm_setiv) _gcry_cipher_gcm_tag (via _gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag) Regression-due-to: 4a0795af021305f9240f23626a3796157db46bd7 Signed-off-by: Werner Koch diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index 5e9dec4..712641e 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -535,7 +535,9 @@ _gcry_cipher_gcm_encrypt (gcry_cipher_hd_t c, return GPG_ERR_BUFFER_TOO_SHORT; if (c->u_mode.gcm.datalen_over_limits) return GPG_ERR_INV_LENGTH; - if (c->marks.tag || c->u_mode.gcm.ghash_data_finalized) + if (c->marks.tag + || c->u_mode.gcm.ghash_data_finalized + || !c->u_mode.gcm.ghash_fn) return GPG_ERR_INV_STATE; if (!c->marks.iv) @@ -581,7 +583,9 @@ _gcry_cipher_gcm_decrypt (gcry_cipher_hd_t c, return GPG_ERR_BUFFER_TOO_SHORT; if (c->u_mode.gcm.datalen_over_limits) return GPG_ERR_INV_LENGTH; - if (c->marks.tag || c->u_mode.gcm.ghash_data_finalized) + if (c->marks.tag + || c->u_mode.gcm.ghash_data_finalized + || !c->u_mode.gcm.ghash_fn) return GPG_ERR_INV_STATE; if (!c->marks.iv) @@ -617,8 +621,10 @@ _gcry_cipher_gcm_authenticate (gcry_cipher_hd_t c, return GPG_ERR_CIPHER_ALGO; if (c->u_mode.gcm.datalen_over_limits) return GPG_ERR_INV_LENGTH; - if (c->marks.tag || c->u_mode.gcm.ghash_aad_finalized || - c->u_mode.gcm.ghash_data_finalized) + if (c->marks.tag + || c->u_mode.gcm.ghash_aad_finalized + || c->u_mode.gcm.ghash_data_finalized + || !c->u_mode.gcm.ghash_fn) return GPG_ERR_INV_STATE; if (!c->marks.iv) @@ -666,6 +672,9 @@ _gcry_cipher_gcm_initiv (gcry_cipher_hd_t c, const byte *iv, size_t ivlen) u32 iv_bytes[2] = {0, 0}; u32 bitlengths[2][2]; + if (!c->u_mode.gcm.ghash_fn) + return GPG_ERR_INV_STATE; + memset(c->u_ctr.ctr, 0, GCRY_GCM_BLOCK_LEN); gcm_bytecounter_add(iv_bytes, ivlen); @@ -773,6 +782,9 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c, { u32 bitlengths[2][2]; + if (!c->u_mode.gcm.ghash_fn) + return GPG_ERR_INV_STATE; + /* aad length */ bitlengths[0][1] = be_bswap32(c->u_mode.gcm.aadlen[0] << 3); bitlengths[0][0] = be_bswap32((c->u_mode.gcm.aadlen[0] >> 29) | ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 23 15:26:52 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Mar 2016 15:26:52 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-362-gfea5971 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via fea5971488e049f902d7912df22a945bc755ad6d (commit) from e709d86fe596a4bcf235799468947c13ae657d78 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fea5971488e049f902d7912df22a945bc755ad6d Author: Werner Koch Date: Wed Mar 23 15:24:40 2016 +0100 Add new control GCRYCTL_GET_TAGLEN for use with gcry_cipher_info. * src/gcrypt.h.in (GCRYCTL_GET_TAGLEN): New. * cipher/cipher.c (_gcry_cipher_info): Add GCRYCTL_GET_TAGLEN feature. * tests/basic.c (_check_gcm_cipher): Check that new feature. (_check_poly1305_cipher): Ditto. (check_ccm_cipher): Ditto. (do_check_ocb_cipher): Ditto. (check_ctr_cipher): Add negative test for new feature. -- Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 0064bbe..9cb5e36 100644 --- a/NEWS +++ b/NEWS @@ -69,6 +69,7 @@ Noteworthy changes in version 1.7.0 (unreleased) GCRY_CIPHER_MODE_POLY1305 NEW. GCRY_CIPHER_MODE_OCB NEW. GCRYCTL_SET_TAGLEN NEW. + GCRYCTL_GET_TAGLEN NEW. gcry_cipher_final NEW macro. GCRY_PK_EDDSA NEW constant. diff --git a/cipher/cipher.c b/cipher/cipher.c index 3a8597f..bdcbfbd 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -1361,24 +1361,55 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) /* Return information about the cipher handle H. CMD is the kind of - information requested. BUFFER and NBYTES are reserved for now. - - There are no values for CMD yet defined. - - The function always returns GPG_ERR_INV_OP. - + * information requested. + * + * CMD may be one of: + * + * GCRYCTL_GET_TAGLEN: + * Return the length of the tag for an AE algorithm mode. An + * error is returned for modes which do not support a tag. + * BUFFER must be given as NULL. On success the result is stored + * at NBYTES. The taglen is returned in bytes. + * + * The function returns 0 on success or an error code. */ gcry_err_code_t _gcry_cipher_info (gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes) { gcry_err_code_t rc = 0; - (void)h; - (void)buffer; - (void)nbytes; - switch (cmd) { + case GCRYCTL_GET_TAGLEN: + if (!h || buffer || !nbytes) + rc = GPG_ERR_INV_ARG; + else + { + switch (h->mode) + { + case GCRY_CIPHER_MODE_OCB: + *nbytes = h->u_mode.ocb.taglen; + break; + + case GCRY_CIPHER_MODE_CCM: + *nbytes = h->u_mode.ccm.authlen; + break; + + case GCRY_CIPHER_MODE_GCM: + *nbytes = GCRY_GCM_BLOCK_LEN; + break; + + case GCRY_CIPHER_MODE_POLY1305: + *nbytes = POLY1305_TAGLEN; + break; + + default: + rc = GPG_ERR_INV_CIPHER_MODE; + break; + } + } + break; + default: rc = GPG_ERR_INV_OP; } diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 3265a70..8451627 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1900,12 +1900,24 @@ handle @var{h}. Please see the comments in the source code (@code{src/global.c}) for details. @end deftypefun - at deftypefun gcry_error_t gcry_cipher_info (gcry_cipher_hd_t @var{h}, int @var{what}, void *@var{buffer}, size_t *@var{nbytes}) + at deftypefun gcry_error_t gcry_cipher_info (gcry_cipher_hd_t @var{h}, @ + int @var{what}, void *@var{buffer}, size_t *@var{nbytes}) @code{gcry_cipher_info} is used to retrieve various information about a cipher context or the cipher module in general. -Currently no information is available. + at c begin constants for gcry_cipher_info + at table @code + + at item GCRYCTL_GET_TAGLEN: +Return the length of the tag for an AE algorithm mode. An error is +returned for modes which do not support a tag. @var{buffer} must be +given as NULL. On success the result is stored @var{nbytes}. The +taglen is returned in bytes. + + at end table + at c end constants for gcry_cipher_info + @end deftypefun @node General cipher functions diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 797da2e..c269621 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -332,7 +332,8 @@ enum gcry_ctl_cmds GCRYCTL_REACTIVATE_FIPS_FLAG = 72, GCRYCTL_SET_SBOX = 73, GCRYCTL_DRBG_REINIT = 74, - GCRYCTL_SET_TAGLEN = 75 + GCRYCTL_SET_TAGLEN = 75, + GCRYCTL_GET_TAGLEN = 76 }; /* Perform various operations defined by CMD. */ @@ -986,7 +987,7 @@ enum gcry_cipher_flags gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle, int algo, int mode, unsigned int flags); -/* Close the cioher handle H and release all resource. */ +/* Close the cipher handle H and release all resource. */ void gcry_cipher_close (gcry_cipher_hd_t h); /* Perform various operations on the cipher object H. */ diff --git a/tests/basic.c b/tests/basic.c index c633ae9..36a83d0 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -690,6 +690,7 @@ check_ctr_cipher (void) unsigned char out[MAX_DATA_LEN]; int i, j, keylen, blklen; gcry_error_t err = 0; + size_t taglen2; if (verbose) fprintf (stderr, " Starting CTR cipher checks.\n"); @@ -753,6 +754,17 @@ check_ctr_cipher (void) return; } + + err = gcry_cipher_info (hde, GCRYCTL_GET_TAGLEN, NULL, &taglen2); + if (gpg_err_code (err) != GPG_ERR_INV_CIPHER_MODE) + { + fail ("aes-ctr, gcryctl_get_taglen failed to fail (tv %d): %s\n", + i, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + if (verbose) fprintf (stderr, " checking CTR mode for %s [%i]\n", gcry_cipher_algo_name (tv[i].algo), @@ -1418,7 +1430,7 @@ _check_gcm_cipher (unsigned int step) unsigned char tag[GCRY_GCM_BLOCK_LEN]; int i, keylen; gcry_error_t err = 0; - size_t pos, poslen; + size_t pos, poslen, taglen2; int byteNum; if (verbose) @@ -1478,6 +1490,25 @@ _check_gcm_cipher (unsigned int step) return; } + err = gcry_cipher_info (hde, GCRYCTL_GET_TAGLEN, NULL, &taglen2); + if (err) + { + fail ("cipher-gcm, gcryctl_get_taglen failed (tv %d): %s\n", + i, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + if (taglen2 != GCRY_GCM_BLOCK_LEN) + { + fail ("cipher-gcm, gcryctl_get_taglen returned bad length" + " (tv %d): got=%zu want=%d\n", + i, taglen2, GCRY_GCM_BLOCK_LEN); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + for (pos = 0; pos < tv[i].aadlen; pos += step) { poslen = (pos + step < tv[i].aadlen) ? step : tv[i].aadlen - pos; @@ -1772,7 +1803,7 @@ _check_poly1305_cipher (unsigned int step) unsigned char tag[16]; int i, keylen; gcry_error_t err = 0; - size_t pos, poslen; + size_t pos, poslen, taglen2; int byteNum; if (verbose) @@ -1824,6 +1855,25 @@ _check_poly1305_cipher (unsigned int step) return; } + err = gcry_cipher_info (hde, GCRYCTL_GET_TAGLEN, NULL, &taglen2); + if (err) + { + fail ("cipher-poly1305, gcryctl_get_taglen failed (tv %d): %s\n", + i, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + if (taglen2 != 16) + { + fail ("cipher-poly1305, gcryctl_get_taglen returned bad length" + " (tv %d): got=%zu want=%d\n", + i, taglen2, 16); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + for (pos = 0; pos < tv[i].aadlen; pos += step) { poslen = (pos + step < tv[i].aadlen) ? step : tv[i].aadlen - pos; @@ -2446,7 +2496,7 @@ check_ccm_cipher (void) unsigned char out[MAX_DATA_LEN]; u64 ctl_params[3]; int split, aadsplit; - size_t j, i, keylen, blklen, authlen; + size_t j, i, keylen, blklen, authlen, taglen2; gcry_error_t err = 0; if (verbose) @@ -2539,6 +2589,25 @@ check_ccm_cipher (void) return; } + err = gcry_cipher_info (hde, GCRYCTL_GET_TAGLEN, NULL, &taglen2); + if (err) + { + fail ("cipher-ccm, gcryctl_get_taglen failed (tv %d): %s\n", + i, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + if (taglen2 != authlen) + { + fail ("cipher-ccm, gcryctl_get_taglen returned bad length" + " (tv %d): got=%zu want=%zu\n", + i, taglen2, authlen); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + aadsplit = split > tv[i].aadlen ? 0 : split; err = gcry_cipher_authenticate (hde, tv[i].aad, @@ -2973,6 +3042,7 @@ do_check_ocb_cipher (int inplace) char *key, *nonce, *aad, *ciph, *plain; size_t keylen, noncelen, aadlen, ciphlen, plainlen; int taglen; + size_t taglen2; if (verbose) fprintf (stderr, " checking OCB mode for %s [%i] (tv %d)\n", @@ -3030,6 +3100,25 @@ do_check_ocb_cipher (int inplace) return; } + err = gcry_cipher_info (hde, GCRYCTL_GET_TAGLEN, NULL, &taglen2); + if (err) + { + fail ("cipher-ocb, gcryctl_get_taglen failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + if (taglen2 != tv[tidx].taglen) + { + fail ("cipher-ocb, gcryctl_get_taglen returned bad length (tv %d): " + "got=%zu want=%d\n", + tidx, taglen2, tv[tidx].taglen); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + err = gcry_cipher_setkey (hde, key, keylen); if (!err) err = gcry_cipher_setkey (hdd, key, keylen); ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + cipher/cipher.c | 51 +++++++++++++++++++++++++------ doc/gcrypt.texi | 16 ++++++++-- src/gcrypt.h.in | 5 +-- tests/basic.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 151 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 24 10:18:01 2016 From: cvs at cvs.gnupg.org (by Peter Wu) Date: Thu, 24 Mar 2016 10:18:01 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.21-15-g52c3606 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 52c3606b2384f33ef30ea5ada3f187829de9dcf7 (commit) from 140cfd51cee738a55caf9d347981f6f81e1990a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 52c3606b2384f33ef30ea5ada3f187829de9dcf7 Author: Peter Wu Date: Wed Mar 23 23:23:06 2016 +0100 Add function gpgrt_annotate_leaked_object. * src/gpg-error.h.in: add gpgrt_annotate_leaked_object to support marking memory as non-leaked for Clang and GCC. -- This annotation can be used to mark objects as explicitly leaked such that it can be ignored in tools like LeakSanitizer. The GPGRT_HAVE_LEAK_SANITIZER macro is explicitly not undefined to support -fsanitize=leak, a user or configure script could then decide to add this macro when just -fsanitize=leak is given. Signed-off-by: Peter Wu Additional changes by -wk: - But __GNUC__ guard around the entire GPGRT_HAVE_LEAK_SANITIZER detection. - Add NEWS entry. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index b8d6be5..d1d21fa 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,7 @@ Noteworthy changes in version 1.22 (unreleased) [C17/A17/R_) * Interface changes relative to the 1.20 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPG_ERR_DB_CORRUPTED NEW. + gpgrt_annotate_leaked_object NEW inline func. Noteworthy changes in version 1.21 (2015-12-12) [C17/A17/R0] diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in index b32b4c4..f0043f3 100644 --- a/src/gpg-error.h.in +++ b/src/gpg-error.h.in @@ -246,10 +246,40 @@ typedef unsigned int gpg_error_t; # define GPGRT_HAVE_PRAGMA_GCC_PUSH 1 #endif +/* Detect LeakSanitizer (LSan) support for GCC and Clang based on + * whether AddressSanitizer (ASAN) is enabled via -fsanitize=address). + * Note that -fsanitize=leak just affect the linker options which + * cannot be detected here. In that case you have to define the + * GPGRT_HAVE_LEAK_SANITIZER macro manually. */ +#ifdef __GNUC__ +# ifdef __SANITIZE_ADDRESS__ +# define GPGRT_HAVE_LEAK_SANITIZER +# elif defined(__has_feature) +# if __has_feature(address_sanitizer) +# define GPGRT_HAVE_LEAK_SANITIZER +# endif +# endif +#endif + /* The new name for the inline macro. */ #define GPGRT_INLINE GPG_ERR_INLINE +#ifdef GPGRT_HAVE_LEAK_SANITIZER +# include +#endif + +/* Mark heap objects as non-leaked memory. */ +static GPGRT_INLINE void +gpgrt_annotate_leaked_object (const void *p) +{ +#ifdef GPGRT_HAVE_LEAK_SANITIZER + __lsan_ignore_object(p); +#else + (void)p; +#endif +} + /* Initialization function. */ ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + src/gpg-error.h.in | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 24 10:22:32 2016 From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat) Date: Thu, 24 Mar 2016 10:22:32 +0100 Subject: [git] Scute - branch, master, updated. scute-1.3.0-56-gdc7dff1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "PKCS#11 token on top of gpg-agent". The branch, master has been updated via dc7dff17066510ed4687a2bfdd16afded77f4d27 (commit) from 2d8d4f0f7415f368690ecc4164a62598a125d5d9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dc7dff17066510ed4687a2bfdd16afded77f4d27 Author: Damien Goutte-Gattat Date: Wed Mar 23 23:09:45 2016 +0100 Update required libgpg-error version. * configure.ac: Set required version of libgpg-error to 1.14. * README: Update documentation accordingly. * doc/manual/scute.texi: Likewise. * doc/website/download.xhtml: Likewise. -- Since commit 097a29f, Scute needs the gpgrt_*printf functions, which were introduced in libgpg-error-1.14. Signed-off-by: Damien Goutte-Gattat diff --git a/README b/README index aab45b7..5483062 100644 --- a/README +++ b/README @@ -34,7 +34,7 @@ Prerequisites ============= For the compilation: -* libgpg-error 1.4 +* libgpg-error 1.14 * libassuan 2.0.0 At runtime: diff --git a/configure.ac b/configure.ac index 598f437..1e4137d 100644 --- a/configure.ac +++ b/configure.ac @@ -73,7 +73,7 @@ LIBSCUTE_LT_REVISION=2 VERSION_MAJOR=1 VERSION_MINOR=0 -NEED_GPG_ERROR_VERSION=1.4 +NEED_GPG_ERROR_VERSION=1.14 NEED_LIBASSUAN_VERSION=2.0.0 NEED_GPGSM_VERSION=1.9.6 # Some status variables to give feedback at the end of a configure run. diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi index 42078a8..35e0af2 100644 --- a/doc/manual/scute.texi +++ b/doc/manual/scute.texi @@ -241,7 +241,7 @@ following packages at build time: @table @code @item libgpg-error Scute uses the GnuPG 2.0 framework for error handling, so it depends on -the GPG error library. The minimum version required is 1.4. +the GPG error library. The minimum version required is 1.14. @item libassuan Scute uses the GnuPG 2.0 framework for communication with the GPG Agent, diff --git a/doc/website/download.xhtml b/doc/website/download.xhtml index 311d41c..457b5b9 100644 --- a/doc/website/download.xhtml +++ b/doc/website/download.xhtml @@ -145,9 +145,9 @@ Compile-time dependencies of Scute PackageMin. Version libgpg-error0.7 + href="http://www.gnupg.org/related_software/libgpg-error/">libgpg-error1.14 libassuan0.6.10 + href="http://www.gnupg.org/related_software/libassuan/">libassuan2.0.0

Scute also requires the following packages to run: ----------------------------------------------------------------------- Summary of changes: README | 2 +- configure.ac | 2 +- doc/manual/scute.texi | 2 +- doc/website/download.xhtml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- PKCS#11 token on top of gpg-agent http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 24 17:04:08 2016 From: cvs at cvs.gnupg.org (by Peter Wu) Date: Thu, 24 Mar 2016 17:04:08 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-364-g4a064e2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9 (commit) via 470a30db241a2d567739ef2adb2a2ee64992d8b4 (commit) from fea5971488e049f902d7912df22a945bc755ad6d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9 Author: Peter Wu Date: Wed Mar 23 18:21:53 2016 +0100 cipher: Fix memleaks in (self)tests. * cipher/dsa.c: Release memory for MPI and sexp structures. * cipher/ecc.c: Release memory for sexp structure. * tests/keygen.c: Likewise. -- These leaks broke the mpitests, basic and keygen tests when running under AddressSanitizer. Signed-off-by: Peter Wu Minor formatting changes by -wk. diff --git a/cipher/dsa.c b/cipher/dsa.c index 909a8ca..22d8d78 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -1255,6 +1255,7 @@ selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey) if (!calculated_r) goto leave; + sexp_release (l2); l2 = _gcry_sexp_find_token (l1, "s", 0); if (!l2) goto leave; @@ -1289,6 +1290,12 @@ selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey) leave: + _gcry_mpi_release (calculated_s); + _gcry_mpi_release (calculated_r); + _gcry_mpi_release (s); + _gcry_mpi_release (r); + sexp_release (l2); + sexp_release (l1); sexp_release (sig); sexp_release (data_bad); sexp_release (data); diff --git a/cipher/ecc.c b/cipher/ecc.c index 5b03530..8dbf5bd 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -2046,6 +2046,7 @@ selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey) if (!calculated_r) goto leave; + sexp_release (l2); l2 = _gcry_sexp_find_token (l1, "s", 0); if (!l2) goto leave; diff --git a/tests/keygen.c b/tests/keygen.c index ebb708b..c4520e9 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -219,6 +219,8 @@ check_rsa_keys (void) " ))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gpg_strerror (rc)); + + gcry_sexp_release (key); rc = gcry_pk_genkey (&key, keyparm); gcry_sexp_release (keyparm); if (rc && !in_fips_mode) @@ -560,6 +562,7 @@ check_ecc_keys (void) if (verbose && rc && in_fips_mode) show ("... correctly rejected key creation in FIPS mode (%s)\n", gpg_strerror (rc)); + gcry_sexp_release (key); if (verbose) show ("creating ECC key using curve NIST P-384 for ECDSA\n"); commit 470a30db241a2d567739ef2adb2a2ee64992d8b4 Author: Peter Wu Date: Thu Mar 24 11:06:23 2016 +0100 Mark constant MPIs as non-leaked * mpi/mpiutil.c: Mark "constant" MPIs as explicitly leaked. -- Requires libgpg-error 1.22 (unreleased) for the macros, but since it is a minor debugging aid, do not bump the minimum required version. Signed-off-by: Peter Wu diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 99402b8..6dee0b9 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -211,7 +211,12 @@ _gcry_mpi_free( gcry_mpi_t a ) if (!a ) return; if ((a->flags & 32)) + { +#if GPGRT_VERSION_NUMBER >= 0x011600 /* 1.22 */ + gpgrt_annotate_leaked_object(a); +#endif return; /* Never release a constant. */ + } if ((a->flags & 4)) xfree( a->d ); else ----------------------------------------------------------------------- Summary of changes: cipher/dsa.c | 7 +++++++ cipher/ecc.c | 1 + mpi/mpiutil.c | 5 +++++ tests/keygen.c | 3 +++ 4 files changed, 16 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 25 18:13:07 2016 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Fri, 25 Mar 2016 18:13:07 +0100 Subject: [git] GPGME - branch, ben/xml, created. gpgme-1.6.0-15-g37b563a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, ben/xml has been created at 37b563a6aae4865d44e6d1184a95720d5f11a8a3 (commit) - Log ----------------------------------------------------------------- commit 37b563a6aae4865d44e6d1184a95720d5f11a8a3 Author: Ben McGinnes Date: Sat Mar 26 04:10:52 2016 +1100 Schema licensing * All the same as GPG/GPGME, plus added Apache 2.0. diff --git a/lang/xml-schemas/README.txt b/lang/xml-schemas/README.txt new file mode 100644 index 0000000..70975d8 --- /dev/null +++ b/lang/xml-schemas/README.txt @@ -0,0 +1,29 @@ +=========== +XML Schemas +=========== + +The XML schemas in this directory are available under the same terms +as GPGME (i.e. the GPL 2 or later or the LGPL 2.1 or later), or +alternatively the Apache 2.0 license. + +The schemas were generated with oXygenXML Editor 17.1 (mentioning that +isn't necessary, but might be helpful). + + +-------------- +Apache license +-------------- + +Copyright ? Benjamin D. McGinnes, 2016 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. commit b18f6a51249f05de5a96c973b001a5cb95b6df2c Author: Ben McGinnes Date: Sat Mar 26 03:59:14 2016 +1100 XML Schemas * Generated XML schemas in all four schema types (Relax-NG, Relax-NG Compact, W3C XSD and DTD) for the GPGME keylist XML output. diff --git a/lang/README b/lang/README index da54c78..8dfaa54 100644 --- a/lang/README +++ b/lang/README @@ -10,3 +10,4 @@ sub-directory. Directory Language cl Common Lisp +xml-schemas XML (schema files for Relax-NG, RNG compact, W3C XSD and DTD) diff --git a/lang/xml-schemas/gpgmekeys.dtd b/lang/xml-schemas/gpgmekeys.dtd new file mode 100644 index 0000000..08c0402 --- /dev/null +++ b/lang/xml-schemas/gpgmekeys.dtd @@ -0,0 +1,132 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/lang/xml-schemas/gpgmekeys.rnc b/lang/xml-schemas/gpgmekeys.rnc new file mode 100644 index 0000000..ef669a6 --- /dev/null +++ b/lang/xml-schemas/gpgmekeys.rnc @@ -0,0 +1,75 @@ +default namespace = "" + +start = + element gpgme { + element keylist { + element key { + element revoked { + attribute value { xsd:NMTOKEN } + }, + element expired { + attribute value { xsd:NMTOKEN } + }, + element disabled { + attribute value { xsd:NMTOKEN } + }, + element invalid { + attribute value { xsd:NMTOKEN } + }, + element can-encrypt { + attribute value { xsd:NMTOKEN } + }, + element can-sign { + attribute value { xsd:NMTOKEN } + }, + element can-certify { + attribute value { xsd:NMTOKEN } + }, + element can-authenticate { + attribute value { xsd:NMTOKEN } + }, + element is-qualified { + attribute value { xsd:NMTOKEN } + }, + secret, + element protocol { + attribute value { xsd:integer }, + xsd:NCName + }, + element issuer { + element serial { empty }, + name + }, + element chain-id { empty }, + element owner-trust { + attribute value { xsd:integer }, + xsd:NCName + }, + element subkeys { + element subkey { + element keyid { xsd:NMTOKEN }, + element fpr { text }, + secret, + element is_cardkey { + attribute value { xsd:NMTOKEN } + }, + element curve { xsd:NCName }? + }+ + }, + element uids { uid+ } + }+ + } + } +secret = + element secret { + attribute value { xsd:NMTOKEN } + } +name = element name { text } +uid = + element uid { + (text + | name + | uid + | element comment { text } + | element email { xsd:anyURI })+ + } diff --git a/lang/xml-schemas/gpgmekeys.rng b/lang/xml-schemas/gpgmekeys.rng new file mode 100644 index 0000000..f8fad91 --- /dev/null +++ b/lang/xml-schemas/gpgmekeys.rng @@ -0,0 +1,137 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/lang/xml-schemas/gpgmekeys.xsd b/lang/xml-schemas/gpgmekeys.xsd new file mode 100644 index 0000000..9efd94e --- /dev/null +++ b/lang/xml-schemas/gpgmekeys.xsd @@ -0,0 +1,167 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sun Mar 27 10:18:30 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 27 Mar 2016 10:18:30 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-365-gf2260e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via f2260e3a2e962ac80124ef938e54041bbea08561 (commit) from 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f2260e3a2e962ac80124ef938e54041bbea08561 Author: Jussi Kivilinna Date: Sun Mar 27 11:17:39 2016 +0300 cipher: GCM: check that length of supplied tag is one of valid lengths * cipher/cipher-gcm.c (is_tag_length_valid): New. (_gcry_cipher_gcm_tag): Check that 'outbuflen' has valid tag length. * tests/basic.c (_check_gcm_cipher): Add test-vectors with different valid tag lengths and negative test vectors with invalid lengths. -- NIST SP 800-38D allows following tag lengths: 128, 120, 112, 104, 96, 64 and 32 bits. [v2: allow larger buffer when outputting tag. 128-bit tag is written to target buffer in this case] Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index 712641e..6e0959a 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -769,12 +769,32 @@ _gcry_cipher_gcm_geniv (gcry_cipher_hd_t c, #endif +static int +is_tag_length_valid(size_t taglen) +{ + switch (taglen) + { + /* Allowed tag lengths from NIST SP 800-38D. */ + case 128 / 8: /* GCRY_GCM_BLOCK_LEN */ + case 120 / 8: + case 112 / 8: + case 104 / 8: + case 96 / 8: + case 64 / 8: + case 32 / 8: + return 1; + + default: + return 0; + } +} + static gcry_err_code_t _gcry_cipher_gcm_tag (gcry_cipher_hd_t c, byte * outbuf, size_t outbuflen, int check) { - if (outbuflen < GCRY_GCM_BLOCK_LEN) - return GPG_ERR_BUFFER_TOO_SHORT; + if (!(is_tag_length_valid (outbuflen) || outbuflen >= GCRY_GCM_BLOCK_LEN)) + return GPG_ERR_INV_LENGTH; if (c->u_mode.gcm.datalen_over_limits) return GPG_ERR_INV_LENGTH; @@ -815,17 +835,19 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c, if (!check) { + if (outbuflen > GCRY_GCM_BLOCK_LEN) + outbuflen = GCRY_GCM_BLOCK_LEN; + /* NB: We already checked that OUTBUF is large enough to hold - the result. */ - memcpy (outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN); + * the result or has valid truncated length. */ + memcpy (outbuf, c->u_mode.gcm.u_tag.tag, outbuflen); } else { /* OUTBUFLEN gives the length of the user supplied tag in OUTBUF * and thus we need to compare its length first. */ - if (outbuflen != GCRY_GCM_BLOCK_LEN - || !buf_eq_const (outbuf, c->u_mode.gcm.u_tag.tag, - GCRY_GCM_BLOCK_LEN)) + if (!is_tag_length_valid (outbuflen) + || !buf_eq_const (outbuf, c->u_mode.gcm.u_tag.tag, outbuflen)) return GPG_ERR_CHECKSUM; } diff --git a/tests/basic.c b/tests/basic.c index 36a83d0..25d31ee 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -1304,6 +1304,8 @@ _check_gcm_cipher (unsigned int step) int inlen; char out[MAX_DATA_LEN]; char tag[MAX_DATA_LEN]; + int taglen; + int should_fail; } tv[] = { /* http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf */ @@ -1319,6 +1321,78 @@ _check_gcm_cipher (unsigned int step) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, "", 0, + "", + 0, + "", + "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45", + 15 }, + { GCRY_CIPHER_AES, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, + "", 0, + "", + 0, + "", + "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7", + 14 }, + { GCRY_CIPHER_AES, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, + "", 0, + "", + 0, + "", + "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4", + 13 }, + { GCRY_CIPHER_AES, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, + "", 0, + "", + 0, + "", + "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57", + 12 }, + { GCRY_CIPHER_AES, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, + "", 0, + "", + 0, + "", + "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d", + 11, 1 }, + { GCRY_CIPHER_AES, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, + "", 0, + "", + 0, + "", + "\x58\xe2\xfc\xce\xfa\x7e\x30\x61", + 8 }, + { GCRY_CIPHER_AES, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, + "", 0, + "", + 0, + "", + "\x58\xe2\xfc\xce", + 4 }, + { GCRY_CIPHER_AES, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, + "", 0, + "", + 0, + "", + "\x58", + 1, 1 }, + { GCRY_CIPHER_AES, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12, + "", 0, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16, "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78", @@ -1570,9 +1644,14 @@ _check_gcm_cipher (unsigned int step) if (memcmp (tv[i].plaintext, out, tv[i].inlen)) fail ("aes-gcm, decrypt mismatch entry %d (step %d)\n", i, step); - err = gcry_cipher_gettag (hde, out, GCRY_GCM_BLOCK_LEN); + taglen2 = tv[i].taglen ? tv[i].taglen : GCRY_GCM_BLOCK_LEN; + + err = gcry_cipher_gettag (hde, out, taglen2); if (err) { + if (tv[i].should_fail) + goto next_tv; + fail ("aes-gcm, gcry_cipher_gettag(%d) failed: %s\n", i, gpg_strerror (err)); gcry_cipher_close (hde); @@ -1580,11 +1659,10 @@ _check_gcm_cipher (unsigned int step) return; } - if (memcmp (tv[i].tag, out, GCRY_GCM_BLOCK_LEN)) + if (memcmp (tv[i].tag, out, taglen2)) fail ("aes-gcm, encrypt tag mismatch entry %d\n", i); - - err = gcry_cipher_checktag (hdd, out, GCRY_GCM_BLOCK_LEN); + err = gcry_cipher_checktag (hdd, out, taglen2); if (err) { fail ("aes-gcm, gcry_cipher_checktag(%d) failed: %s\n", @@ -1660,17 +1738,25 @@ _check_gcm_cipher (unsigned int step) if (memcmp (tv[i].out, out, tv[i].inlen)) fail ("aes-gcm, encrypt mismatch entry %d, (byte-buf)\n", i); - err = gcry_cipher_gettag (hde, tag, GCRY_GCM_BLOCK_LEN); + /* Test output to larger than 16-byte buffer. */ + taglen2 = tv[i].taglen ? tv[i].taglen : GCRY_GCM_BLOCK_LEN + 1; + + err = gcry_cipher_gettag (hde, tag, taglen2); if (err) { - fail ("aes-gcm, gcry_cipher_gettag(%d) (byte-buf) failed: %s\n", - i, gpg_strerror (err)); + if (tv[i].should_fail) + goto next_tv; + + fail ("aes-gcm, gcry_cipher_gettag(%d, %d) (byte-buf) failed: %s\n", + i, taglen2, gpg_strerror (err)); gcry_cipher_close (hde); gcry_cipher_close (hdd); return; } - if (memcmp (tv[i].tag, tag, GCRY_GCM_BLOCK_LEN)) + taglen2 = tv[i].taglen ? tv[i].taglen : GCRY_GCM_BLOCK_LEN; + + if (memcmp (tv[i].tag, tag, taglen2)) fail ("aes-gcm, encrypt tag mismatch entry %d, (byte-buf)\n", i); for (byteNum = 0; byteNum < tv[i].inlen; ++byteNum) @@ -1689,7 +1775,7 @@ _check_gcm_cipher (unsigned int step) if (memcmp (tv[i].plaintext, out, tv[i].inlen)) fail ("aes-gcm, decrypt mismatch entry %d\n", i); - err = gcry_cipher_checktag (hdd, tag, GCRY_GCM_BLOCK_LEN); + err = gcry_cipher_checktag (hdd, tag, taglen2); if (err) { fail ("aes-gcm, gcry_cipher_checktag(%d) (byte-buf) failed: %s\n", @@ -1699,6 +1785,34 @@ _check_gcm_cipher (unsigned int step) return; } + err = gcry_cipher_checktag (hdd, tag, 1); + if (!err) + { + fail ("aes-gcm, gcry_cipher_checktag(%d) did not fail for invalid " + " tag length of '%d'\n", i, 1); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + err = gcry_cipher_checktag (hdd, tag, 17); + if (!err) + { + fail ("aes-gcm, gcry_cipher_checktag(%d) did not fail for invalid " + " tag length of '%d'\n", i, 17); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + + if (tv[i].should_fail) + { + fail ("aes-gcm, negative test succeeded %d\n", i); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + +next_tv: gcry_cipher_close (hde); gcry_cipher_close (hdd); } ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm.c | 36 +++++++++++--- tests/basic.c | 132 ++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 152 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 29 10:30:16 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 29 Mar 2016 10:30:16 +0200 Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.3-3-g4230924 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnupG extension for the Windows Explorer". The branch, master has been updated via 423092437aade400521b7bb8d3d28085a93f4228 (commit) via 7dde1455bd1871a8f402d8c71c09d11b2b53f0ac (commit) from 76e044f8b2627c409efd574f42a507f35361134f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 423092437aade400521b7bb8d3d28085a93f4228 Author: Andre Heinecke Date: Thu Mar 10 11:38:11 2016 +0100 Place assuan calls in a different thread * src/client.cc (client_t::call_assuan): Use call_assuan_async. Void. (call_assuan_async): New. To be used in CreateThread. -- Using a different thread makes sense here as starting the uiserver can take a while and the return value was ignored anyway. This also fixes interaction with Kleopatra from Qt5 as the wId handling code Kleopatra uses to make the explorer the parent Window utilizes SendMessage calls which resulted in a deadlock. diff --git a/src/client.cc b/src/client.cc index 58be03b..ebf82a8 100644 --- a/src/client.cc +++ b/src/client.cc @@ -410,20 +410,29 @@ uiserver_connect (assuan_context_t *ctx, HWND hwnd) return TRACE_GPGERR (rc); } +typedef struct async_arg +{ + const char *cmd; + vector filenames; + HWND wid; +} async_arg_t; -bool -client_t::call_assuan (const char *cmd, vector &filenames) +static DWORD WINAPI +call_assuan_async (LPVOID arg) { + async_arg_t *async_args = (async_arg_t *)arg; int rc = 0; int connect_failed = 0; + const char *cmd = async_args->cmd; + const vector filenames = async_args->filenames; assuan_context_t ctx = NULL; string msg; - TRACE_BEG2 (DEBUG_ASSUAN, "client_t::call_assuan", this, - "%s on %u files", cmd, filenames.size ()); + TRACE_BEG2 (DEBUG_ASSUAN, "client_t::call_assuan_async", 0, + "%s on %u files", cmd, filenames.size ()); - rc = uiserver_connect (&ctx, this->window); + rc = uiserver_connect (&ctx, async_args->wid); if (rc) { connect_failed = 1; @@ -434,23 +443,23 @@ client_t::call_assuan (const char *cmd, vector &filenames) { /* Set the input files. We don't specify the output files. */ for (unsigned int i = 0; i < filenames.size (); i++) - { - msg = "FILE " + escape (filenames[i]); + { + msg = "FILE " + escape (filenames[i]); - (void) TRACE_LOG1 ("sending cmd: %s", msg.c_str ()); + (void) TRACE_LOG1 ("sending cmd: %s", msg.c_str ()); - rc = assuan_transact (ctx, msg.c_str (), - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - goto leave; - } + rc = assuan_transact (ctx, msg.c_str (), + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc) + goto leave; + } /* Set the --nohup option, so that the operation continues and - completes in the background. */ + completes in the background. */ msg = ((string) cmd) + " --nohup"; (void) TRACE_LOG1 ("sending cmd: %s", msg.c_str ()); rc = assuan_transact (ctx, msg.c_str (), - NULL, NULL, NULL, NULL, NULL, NULL); + NULL, NULL, NULL, NULL, NULL, NULL); } catch (std::bad_alloc) { @@ -484,10 +493,31 @@ client_t::call_assuan (const char *cmd, vector &filenames) gpgex_server::ui_server? gpgex_server::ui_server:"", gpgex_server::ui_server? ")":"", gpg_strerror (rc)); - MessageBox (this->window, buf, "GpgEX", MB_ICONINFORMATION); + MessageBox (async_args->wid, buf, "GpgEX", MB_ICONINFORMATION); } + delete async_args; + return 0; +} - return rc ? false : true; +void +client_t::call_assuan (const char *cmd, vector &filenames) +{ + TRACE_BEG (DEBUG_ASSUAN, "client_t::call_assuan", cmd); + async_arg_t * args = new async_arg_t; + args->cmd = cmd; + args->filenames = filenames; + args->wid = this->window; + + /* We move the call in a different thread as the Windows explorer + is blocked until our call finishes. We don't want that. + Additionally Kleopatra / Qt5 SendsMessages to the parent + window provided in wid. Qt does this with blocking calls + so Kleopatra blocks until the explorer processes more + Window Messages and we block the explorer. This is + a deadlock. */ + CreateThread (NULL, 0, call_assuan_async, (LPVOID) args, 0, + NULL); + return; } diff --git a/src/client.h b/src/client.h index 81fdfd6..8d08cd9 100644 --- a/src/client.h +++ b/src/client.h @@ -34,7 +34,7 @@ class client_t private: HWND window; - bool call_assuan (const char *cmd, vector &filenames); + void call_assuan (const char *cmd, vector &filenames); public: client_t (HWND window_handle) commit 7dde1455bd1871a8f402d8c71c09d11b2b53f0ac Author: Andre Heinecke Date: Thu Mar 10 11:34:51 2016 +0100 Support gpg4win registry keys and install location * src/client.cc (default_uiserver_cmdline): Rewrite based on GpgOL. * src/main.cc (get_debug_file): Use new keys. * src/registry.h (REGKEY): Replace by GPG4WIN_REGKEY_2/3 add x64 key. -- This tries harder to find kleopatra or GPA and looks in both the old GNU GnuPG registry key as in the new Gpg4win registry key. Also it looks both under /bin and not in /bin subfolder. diff --git a/src/client.cc b/src/client.cc index 6aaa0f6..58be03b 100644 --- a/src/client.cc +++ b/src/client.cc @@ -108,67 +108,91 @@ default_uiserver_cmdline (void) } #else /*!ENABLE_GPA_ONLY*/ { - const char *dir; + const char *dir, *tmp; char *uiserver, *p; - int extra_arglen = 0; + int extra_arglen = 9; + const char * server_names[] = {"bin\\kleopatra.exe", + "kleopatra.exe", + "bin\\launch-gpa.exe", + "launch-gpa.exe", + "bin\\gpa.exe", + "gpa.exe", + NULL}; dir = gpgex_server::root_dir; if (!dir) return NULL; - uiserver = read_w32_registry_string (NULL, REGKEY, "UI Server"); + uiserver = read_w32_registry_string (NULL, GPG4WIN_REGKEY_2, + "UI Server"); + if (!uiserver) + { + uiserver = read_w32_registry_string (NULL, GPG4WIN_REGKEY_3, + "UI Server"); + } if (!uiserver) { uiserver = strdup ("kleopatra.exe"); if (!uiserver) return NULL; - extra_arglen = 9; /* Space required for " --daemon". */ } - - name = (char*)malloc (strlen (dir) + strlen (uiserver) + extra_arglen +2); - if (!name) + if (uiserver) { + name = (char*) malloc (strlen (dir) + strlen (uiserver) + + extra_arglen + 2); + if (!name) + return NULL; + strcpy (stpcpy (stpcpy (name, dir), "\\"), uiserver); + for (p = name; *p; p++) + if (*p == '/') + *p = '\\'; free (uiserver); - return NULL; } - strcpy (stpcpy (stpcpy (name, dir), "\\"), uiserver); - for (p = name; *p; p++) - if (*p == '/') - *p = '\\'; - free (uiserver); - gpgex_server::ui_server = "Kleopatra"; - if (extra_arglen && access (name, F_OK)) + if (name && !access (name, F_OK)) + { + /* Set through registry or default kleo */ + if (strstr (name, "kleopatra.exe")) + { + gpgex_server::ui_server = "Kleopatra"; + strcat (name, " --daemon"); + } + else + { + gpgex_server::ui_server = "GPA"; + } + return name; + } + /* Fallbacks */ + for (tmp = *server_names; *tmp; tmp++) { - /* Kleopatra is not installed: Try GPA instead but if it is - also not available return the Kleopatra filename. */ - const char gpaserver[] = "launch-gpa.exe"; - char *name2; - - name2 = (char*)malloc (strlen (dir) + strlen (gpaserver) - + extra_arglen+2); - if (name2) + if (name) + { + free (name); + } + name = (char*) malloc (strlen (dir) + strlen (tmp) + extra_arglen + 2); + if (!name) + return NULL; + strcpy (stpcpy (stpcpy (name, dir), "\\"), tmp); + for (p = name; *p; p++) + if (*p == '/') + *p = '\\'; + if (!access (name, F_OK)) { - strcpy (stpcpy (stpcpy (name2, dir), "\\"), gpaserver); - for (p = name2; *p; p++) - if (*p == '/') - *p = '\\'; - if (access (name2, F_OK )) - free (name2); + /* Found a viable candidate */ + /* Set through registry and is accessible */ + if (strstr (name, "kleopatra.exe")) + { + gpgex_server::ui_server = "Kleopatra"; + strcat (name, " --daemon"); + } else { - free (name); - name = name2; gpgex_server::ui_server = "GPA"; } + return name; } } - - /* Append the --daemon arg unless the server name has been taken - from the Registry. */ - if (name && extra_arglen) - strcat (name, " --daemon"); - else - gpgex_server::ui_server = NULL; + gpgex_server::ui_server = NULL; } #endif /*!ENABLE_GPA_ONLY*/ diff --git a/src/main.cc b/src/main.cc index dcade3b..8cc0ed9 100644 --- a/src/main.cc +++ b/src/main.cc @@ -167,8 +167,16 @@ FILE *debug_file; static char * get_debug_file (void) { - return read_w32_registry_string ("HKEY_LOCAL_MACHINE", REGKEY, - "GpgEX Debug File"); + char *name = read_w32_registry_string (NULL, + GPG4WIN_REGKEY_3, + "GpgEX Debug File"); + if (!name) + { + name = read_w32_registry_string (NULL, + GPG4WIN_REGKEY_2, + "GpgEX Debug File"); + } + return name; } diff --git a/src/registry.h b/src/registry.h index 51113ab..d0e38ef 100644 --- a/src/registry.h +++ b/src/registry.h @@ -43,8 +43,17 @@ char *read_w32_registry_string (const char *root, const char *dir, /* Retrieve the default home directory. */ const char *default_homedir (void); -/* Registry key for this software. */ -#define REGKEY "Software\\GNU\\GnuPG" +/* The Registry key used by Gpg4win. */ +#ifdef WIN64 +# define GPG4WIN_REGKEY_2 "Software\\Wow6432Node\\GNU\\GnuPG" +#else +# define GPG4WIN_REGKEY_2 "Software\\GNU\\GnuPG" +#endif +#ifdef WIN64 +# define GPG4WIN_REGKEY_3 "Software\\Wow6432Node\\Gpg4win" +#else +# define GPG4WIN_REGKEY_3 "Software\\Gpg4win" +#endif #ifdef __cplusplus #if 0 ----------------------------------------------------------------------- Summary of changes: src/client.cc | 164 ++++++++++++++++++++++++++++++++++++++------------------- src/client.h | 2 +- src/main.cc | 12 ++++- src/registry.h | 13 ++++- 4 files changed, 131 insertions(+), 60 deletions(-) hooks/post-receive -- GnupG extension for the Windows Explorer http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 29 11:32:20 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 29 Mar 2016 11:32:20 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-366-ge2cbd22 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e2cbd22e03a68fbecc930052330df0c2096d2788 (commit) from f2260e3a2e962ac80124ef938e54041bbea08561 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e2cbd22e03a68fbecc930052330df0c2096d2788 Author: Werner Koch Date: Tue Mar 29 11:31:55 2016 +0200 doc: Update for gcry_cipher_gettag and gcry_cipher_checktag. -- Also re-indent one label. Signed-off-by: Werner Koch diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 8451627..5433ae8 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1794,15 +1794,23 @@ authenticated data (AAD) for AEAD cipher modes. @end deftypefun - at deftypefun gcry_error_t gcry_cipher_gettag (gcry_cipher_hd_t @var{h}, void *@var{tag}, size_t @var{taglen}) + at deftypefun {gcry_error_t} gcry_cipher_gettag @ + (@w{gcry_cipher_hd_t @var{h}}, @ + @w{void *@var{tag}}, @w{size_t @var{taglen}}) This function is used to read the authentication tag after encryption. The function finalizes and outputs the authentication tag to the buffer @var{tag} of length @var{taglen} bytes. +Depending on the used mode certain restrictions for @var{taglen} are +enforced: For GCM @var{taglen} must be at least 16 or one of the +allowed truncated lengths (4, 8, 12, 13, 14, or 15). + @end deftypefun - at deftypefun gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t @var{h}, const void *@var{tag}, size_t @var{taglen}) + at deftypefun {gcry_error_t} gcry_cipher_checktag @ + (@w{gcry_cipher_hd_t @var{h}}, @ + @w{const void *@var{tag}}, @w{size_t @var{taglen}}) Check the authentication tag after decryption. The authentication tag is passed as the buffer @var{tag} of length @var{taglen} bytes @@ -1811,6 +1819,10 @@ decryption. Error code @code{GPG_ERR_CHECKSUM} is returned if the authentication tag in the buffer @var{tag} does not match the authentication tag calculated during decryption. +Depending on the used mode certain restrictions for @var{taglen} are +enforced: For GCM @var{taglen} must either be 16 or one of the allowed +truncated lengths (4, 8, 12, 13, 14, or 15). + @end deftypefun The actual encryption and decryption is done by using one of the diff --git a/tests/basic.c b/tests/basic.c index 25d31ee..1a7d3cb 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -1812,7 +1812,7 @@ _check_gcm_cipher (unsigned int step) return; } -next_tv: + next_tv: gcry_cipher_close (hde); gcry_cipher_close (hdd); } ----------------------------------------------------------------------- Summary of changes: doc/gcrypt.texi | 16 ++++++++++++++-- tests/basic.c | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 29 12:07:04 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 29 Mar 2016 12:07:04 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-367-g48ee918 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 48ee918400762281bec5b6fc218a9f0d119aac7c (commit) from e2cbd22e03a68fbecc930052330df0c2096d2788 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 48ee918400762281bec5b6fc218a9f0d119aac7c Author: Werner Koch Date: Tue Mar 29 12:06:25 2016 +0200 tests: Fix buffer overflow in bench-slope. * tests/bench-slope.c (bench_print_result_std): Remove wrong use of strncat. -- Reported-by: Andreas Metzler Signed-off-by: Werner Koch diff --git a/tests/bench-slope.c b/tests/bench-slope.c index 8938f18..d97494c 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -520,8 +520,6 @@ bench_print_result_std (double nsecs_per_byte) char mbpsec_buf[16]; char cpbyte_buf[16]; - strcpy (cpbyte_buf, "-"); - double_to_str (nsecpbyte_buf, sizeof (nsecpbyte_buf), nsecs_per_byte); /* If user didn't provide CPU speed, we cannot show cycles/byte results. */ @@ -530,16 +528,15 @@ bench_print_result_std (double nsecs_per_byte) cycles_per_byte = nsecs_per_byte * cpu_ghz; double_to_str (cpbyte_buf, sizeof (cpbyte_buf), cycles_per_byte); } + else + strcpy (cpbyte_buf, "-"); mbytes_per_sec = (1000.0 * 1000.0 * 1000.0) / (nsecs_per_byte * 1024 * 1024); double_to_str (mbpsec_buf, sizeof (mbpsec_buf), mbytes_per_sec); - strncat (nsecpbyte_buf, " ns/B", sizeof (nsecpbyte_buf) - 1); - strncat (mbpsec_buf, " MiB/s", sizeof (mbpsec_buf) - 1); - strncat (cpbyte_buf, " c/B", sizeof (cpbyte_buf) - 1); - - printf ("%14s %15s %13s\n", nsecpbyte_buf, mbpsec_buf, cpbyte_buf); + printf ("%9s ns/B %9s MiB/s %9s c/B\n", + nsecpbyte_buf, mbpsec_buf, cpbyte_buf); } static void ----------------------------------------------------------------------- Summary of changes: tests/bench-slope.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 29 13:30:53 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 29 Mar 2016 13:30:53 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-108-ge2c5781 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e2c5781788f765815532410a77077ddbb72513e9 (commit) from fc30c079a348436868968850dabf653b91f82419 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e2c5781788f765815532410a77077ddbb72513e9 Author: Werner Koch Date: Tue Mar 29 13:30:19 2016 +0200 gpg: Fix NULL-segv for missing tofu DB. * g10/tofu.c (opendb): Guard call to timeout function. -- GnuPG-bug-id: 2294 Fix not tested but is pretty obvious. Signed-off-by: Werner Koch diff --git a/g10/tofu.c b/g10/tofu.c index 6a88172..baa2ac2 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -706,7 +706,8 @@ opendb (char *filename, enum db_type type) /* If a DB is locked wait up to 5 seconds for the lock to be cleared before failing. */ - sqlite3_busy_timeout (db, 5 * 1000); + if (db) + sqlite3_busy_timeout (db, 5 * 1000); if (filename_free) xfree (filename); ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 29 17:14:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 29 Mar 2016 17:14:08 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.21-17-gb7a06ad Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via b7a06ad63371316bad5da6b981894ef07cd8b7da (commit) via 217a451d54186283f09af5b3c03933f214ddf1c0 (commit) from 52c3606b2384f33ef30ea5ada3f187829de9dcf7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b7a06ad63371316bad5da6b981894ef07cd8b7da Author: Werner Koch Date: Tue Mar 29 17:12:58 2016 +0200 doc: Re-format comments in estream.c -- Signed-off-by: Werner Koch diff --git a/src/estream.c b/src/estream.c index 4564b27..737f9a5 100644 --- a/src/estream.c +++ b/src/estream.c @@ -1,6 +1,6 @@ /* estream.c - Extended Stream I/O Library * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010, 2011, - * 2014, 2015 g10 Code GmbH + * 2014, 2015, 2016 g10 Code GmbH * * This file is part of Libestream. * @@ -137,6 +137,14 @@ int _setmode (int handle, int mode); # define IS_INVALID_FD(a) ((a) == -1) #endif +/* Calculate array dimension. */ +#ifndef DIM +#define DIM(array) (sizeof (array) / sizeof (*array)) +#endif + +/* A helper macro used to convert to a hex string. */ +#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A')) + /* Generally used types. */ @@ -146,13 +154,17 @@ typedef void (*func_free_t) (void *mem); -/* Buffer management layer. */ +/* + * Buffer management layer. + */ #define BUFFER_BLOCK_SIZE BUFSIZ #define BUFFER_UNREAD_SIZE 16 -/* A linked list to hold notification functions. */ +/* + * A type to hold notification functions. + */ struct notify_list_s { struct notify_list_s *next; @@ -162,22 +174,25 @@ struct notify_list_s typedef struct notify_list_s *notify_list_t; -/* A private cookie function to implement an internal IOCTL - service. */ +/* + * A private cookie function to implement an internal IOCTL service. + * and ist IOCTL numbers. + */ typedef int (*cookie_ioctl_function_t) (void *cookie, int cmd, void *ptr, size_t *len); -/* IOCTL commands for the private cookie function. */ #define COOKIE_IOCTL_SNATCH_BUFFER 1 #define COOKIE_IOCTL_NONBLOCK 2 -/* The internal stream object. */ +/* + * The private object describing a stream. + */ struct _gpgrt_stream_internal { unsigned char buffer[BUFFER_BLOCK_SIZE]; unsigned char unread_buffer[BUFFER_UNREAD_SIZE]; - gpgrt_lock_t lock; /* Lock. */ + gpgrt_lock_t lock; /* Lock. Used by *_stream_lock(). */ void *cookie; /* Cookie. */ void *opaque; /* Opaque data. */ @@ -207,7 +222,11 @@ struct _gpgrt_stream_internal }; typedef struct _gpgrt_stream_internal *estream_internal_t; -/* A linked list to hold active stream objects. */ + +/* + * A linked list to hold active stream objects. + * Protected by ESTREAM_LIST_LOCK. + */ struct estream_list_s { struct estream_list_s *next; @@ -215,18 +234,32 @@ struct estream_list_s }; typedef struct estream_list_s *estream_list_t; static estream_list_t estream_list; -/* A lock object for the estream list and the custom_std_fds array. */ -GPGRT_LOCK_DEFINE (estream_list_lock); -/* File descriptors registered to be used as the standard file handles. */ +/* + * File descriptors registered for use as the standard file handles. + * Protected by ESTREAM_LIST_LOCK. + */ static int custom_std_fds[3]; static unsigned char custom_std_fds_valid[3]; -/* Functions called before and after blocking syscalls. */ +/* + * A lock object to protect ESTREAM LIST, CUSTOM_STD_FDS and + * CUSTOM_STD_FDS_VALID. Used by lock_list() and unlock_list(). + */ +GPGRT_LOCK_DEFINE (estream_list_lock); + + +/* + * Functions called before and after blocking syscalls. + * gpgrt_set_syscall_clamp is used to set them. + */ static void (*pre_syscall_func)(void); static void (*post_syscall_func)(void); -/* Error code replacements. */ + +/* + * Error code replacements. + */ #ifndef EOPNOTSUPP # define EOPNOTSUPP ENOSYS #endif @@ -238,17 +271,9 @@ static void fname_set_internal (estream_t stream, const char *fname, int quote); -/* Macros. */ - -/* Calculate array dimension. */ -#ifndef DIM -#define DIM(array) (sizeof (array) / sizeof (*array)) -#endif - -#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A')) - - - +/* + * Memory allocation wrappers used in this file. + */ static void * mem_alloc (size_t n) { @@ -268,6 +293,11 @@ mem_free (void *p) _gpgrt_free (p); } + +/* + * A Windows helper function to map a W32 API error code to a standard + * system error code. + */ #ifdef HAVE_W32_SYSTEM static int map_w32_to_errno (DWORD w32_err) @@ -302,8 +332,9 @@ map_w32_to_errno (DWORD w32_err) } #endif /*HAVE_W32_SYSTEM*/ -/* Replacement fucntions. */ - +/* + * Replacement for a missing memrchr. + */ #ifndef HAVE_MEMRCHR static void * memrchr (const void *buffer, int c, size_t n) @@ -317,9 +348,10 @@ memrchr (const void *buffer, int c, size_t n) } #endif /*HAVE_MEMRCHR*/ + /* - * Lock wrappers + * Wrappers to lock a stream or the list of streams. */ #if 0 # define dbg_lock_0(f) fprintf (stderr, "estream: " f); @@ -427,19 +459,21 @@ unlock_list (void) /* - * List manipulation. + * Manipulation of the list of stream. */ -/* Add STREAM to the list of registered stream objects. If - WITH_LOCKED_LIST is true it is assumed that the list of streams is - already locked. The implementation is straightforward: We first - look for an unused entry in the list and use that; if none is - available we put a new item at the head. We drawback of the - strategy never to shorten the list is that a one time allocation of - many streams will lead to scanning unused entries later. If that - turns out to be a problem, we may either free some items from the - list or append new entries at the end; or use a table. Returns 0 - on success; on error or non-zero is returned and ERRNO set. */ +/* + * Add STREAM to the list of registered stream objects. If + * WITH_LOCKED_LIST is true it is assumed that the list of streams is + * already locked. The implementation is straightforward: We first + * look for an unused entry in the list and use that; if none is + * available we put a new item at the head. We drawback of the + * strategy never to shorten the list is that a one time allocation of + * many streams will lead to scanning unused entries later. If that + * turns out to be a problem, we may either free some items from the + * list or append new entries at the end; or use a table. Returns 0 + * on success; on error or non-zero is returned and ERRNO set. + */ static int do_list_add (estream_t stream, int with_locked_list) { @@ -468,7 +502,9 @@ do_list_add (estream_t stream, int with_locked_list) return item? 0 : -1; } -/* Remove STREAM from the list of registered stream objects. */ +/* + * Remove STREAM from the list of registered stream objects. + */ static void do_list_remove (estream_t stream, int with_locked_list) { @@ -490,6 +526,9 @@ do_list_remove (estream_t stream, int with_locked_list) +/* + * The atexit handler for this estream module. + */ static void do_deinit (void) { @@ -511,9 +550,8 @@ do_deinit (void) /* - * Initialization. + * Initialization of the estream module. */ - int _gpgrt_es_init (void) { @@ -527,15 +565,16 @@ _gpgrt_es_init (void) return 0; } -/* Register the syscall clamp. These two functions are called - immediately before and after a possible blocking system call. This - should be used before any I/O happens. The function is commonly - used with the nPth library: - - gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); - - These functions may not modify ERRNO. -*/ +/* + * Register the syscall clamp. These two functions are called + * immediately before and after a possible blocking system call. This + * should be used before any I/O happens. The function is commonly + * used with the nPth library: + * + * gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); + * + * These functions may not modify ERRNO. + */ void _gpgrt_set_syscall_clamp (void (*pre)(void), void (*post)(void)) { @@ -545,13 +584,10 @@ _gpgrt_set_syscall_clamp (void (*pre)(void), void (*post)(void)) - /* - * I/O methods. + * Implementation of memory based I/O. */ -/* Implementation of Memory I/O. */ - /* Cookie for memory objects. */ typedef struct estream_cookie_mem { @@ -571,13 +607,15 @@ typedef struct estream_cookie_mem } *estream_cookie_mem_t; -/* Create function for memory objects. DATA is either NULL or a user - supplied buffer with the initial conetnt of the memory buffer. If - DATA is NULL, DATA_N and DATA_LEN need to be 0 as well. If DATA is - not NULL, DATA_N gives the allocated size of DATA and DATA_LEN the - used length in DATA. If this function succeeds DATA is now owned - by this function. If GROW is false FUNC_REALLOC is not - required. */ +/* + * Create function for memory objects. DATA is either NULL or a user + * supplied buffer with the initial conetnt of the memory buffer. If + * DATA is NULL, DATA_N and DATA_LEN need to be 0 as well. If DATA is + * not NULL, DATA_N gives the allocated size of DATA and DATA_LEN the + * used length in DATA. If this function succeeds DATA is now owned + * by this function. If GROW is false FUNC_REALLOC is not + * required. + */ static int func_mem_create (void *_GPGRT__RESTRICT *_GPGRT__RESTRICT cookie, unsigned char *_GPGRT__RESTRICT data, size_t data_n, @@ -625,7 +663,9 @@ func_mem_create (void *_GPGRT__RESTRICT *_GPGRT__RESTRICT cookie, } -/* Read function for memory objects. */ +/* + * Read function for memory objects. + */ static gpgrt_ssize_t es_func_mem_read (void *cookie, void *buffer, size_t size) { @@ -649,7 +689,9 @@ es_func_mem_read (void *cookie, void *buffer, size_t size) } -/* Write function for memory objects. */ +/* + * Write function for memory objects. + */ static gpgrt_ssize_t es_func_mem_write (void *cookie, const void *buffer, size_t size) { @@ -735,7 +777,9 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size) } -/* Seek function for memory objects. */ +/* + * Seek function for memory objects. + */ static int es_func_mem_seek (void *cookie, gpgrt_off_t *offset, int whence) { @@ -810,7 +854,10 @@ es_func_mem_seek (void *cookie, gpgrt_off_t *offset, int whence) return 0; } -/* An IOCTL function for memory objects. */ + +/* + * The IOCTL function for memory objects. + */ static int es_func_mem_ioctl (void *cookie, int cmd, void *ptr, size_t *len) { @@ -838,7 +885,9 @@ es_func_mem_ioctl (void *cookie, int cmd, void *ptr, size_t *len) } -/* Destroy function for memory objects. */ +/* + * The destroy function for memory objects. + */ static int es_func_mem_destroy (void *cookie) { @@ -852,7 +901,9 @@ es_func_mem_destroy (void *cookie) return 0; } - +/* + * Access object for the memory functions. + */ static gpgrt_cookie_io_functions_t estream_functions_mem = { es_func_mem_read, @@ -863,7 +914,9 @@ static gpgrt_cookie_io_functions_t estream_functions_mem = -/* Implementation of file descriptor based I/O. */ +/* + * Implementation of file descriptor based I/O. + */ /* Cookie for fd objects. */ typedef struct estream_cookie_fd @@ -873,7 +926,10 @@ typedef struct estream_cookie_fd int nonblock; /* Non-blocking mode is enabled. */ } *estream_cookie_fd_t; -/* Create function for objects indentified by a libc file descriptor. */ + +/* + * Create function for objects indentified by a libc file descriptor. + */ static int func_fd_create (void **cookie, int fd, unsigned int modeflags, int no_close) { @@ -900,7 +956,10 @@ func_fd_create (void **cookie, int fd, unsigned int modeflags, int no_close) return err; } -/* Read function for fd objects. */ + +/* + * Read function for fd objects. + */ static gpgrt_ssize_t es_func_fd_read (void *cookie, void *buffer, size_t size) @@ -931,7 +990,10 @@ es_func_fd_read (void *cookie, void *buffer, size_t size) return bytes_read; } -/* Write function for fd objects. */ + +/* + * Write function for fd objects. + */ static gpgrt_ssize_t es_func_fd_write (void *cookie, const void *buffer, size_t size) { @@ -961,7 +1023,10 @@ es_func_fd_write (void *cookie, const void *buffer, size_t size) return bytes_written; } -/* Seek function for fd objects. */ + +/* + * Seek function for fd objects. + */ static int es_func_fd_seek (void *cookie, gpgrt_off_t *offset, int whence) { @@ -993,7 +1058,10 @@ es_func_fd_seek (void *cookie, gpgrt_off_t *offset, int whence) return err; } -/* An IOCTL function for fd objects. */ + +/* + * The IOCTL function for fd objects. + */ static int es_func_fd_ioctl (void *cookie, int cmd, void *ptr, size_t *len) { @@ -1034,7 +1102,9 @@ es_func_fd_ioctl (void *cookie, int cmd, void *ptr, size_t *len) return ret; } -/* Destroy function for fd objects. */ +/* + * The destroy function for fd objects. + */ static int es_func_fd_destroy (void *cookie) { @@ -1056,6 +1126,9 @@ es_func_fd_destroy (void *cookie) } +/* + * Access object for the fd functions. + */ static gpgrt_cookie_io_functions_t estream_functions_fd = { es_func_fd_read, @@ -1067,8 +1140,10 @@ static gpgrt_cookie_io_functions_t estream_functions_fd = +/* + * Implementation of W32 handle based I/O. + */ #ifdef HAVE_W32_SYSTEM -/* Implementation of W32 handle based I/O. */ /* Cookie for fd objects. */ typedef struct estream_cookie_w32 @@ -1078,7 +1153,9 @@ typedef struct estream_cookie_w32 } *estream_cookie_w32_t; -/* Create function for w32 handle objects. */ +/* + * Create function for w32 handle objects. + */ static int es_func_w32_create (void **cookie, HANDLE hd, unsigned int modeflags, int no_close) @@ -1105,7 +1182,9 @@ es_func_w32_create (void **cookie, HANDLE hd, return err; } -/* Read function for W32 handle objects. */ +/* + * Read function for W32 handle objects. + */ static gpgrt_ssize_t es_func_w32_read (void *cookie, void *buffer, size_t size) { @@ -1149,7 +1228,10 @@ es_func_w32_read (void *cookie, void *buffer, size_t size) return bytes_read; } -/* Write function for W32 handle objects. */ + +/* + * Write function for W32 handle objects. + */ static gpgrt_ssize_t es_func_w32_write (void *cookie, const void *buffer, size_t size) { @@ -1187,7 +1269,10 @@ es_func_w32_write (void *cookie, const void *buffer, size_t size) return bytes_written; } -/* Seek function for W32 handle objects. */ + +/* + * Seek function for W32 handle objects. + */ static int es_func_w32_seek (void *cookie, gpgrt_off_t *offset, int whence) { @@ -1241,7 +1326,10 @@ es_func_w32_seek (void *cookie, gpgrt_off_t *offset, int whence) return 0; } -/* Destroy function for W32 handle objects. */ + +/* + * Destroy function for W32 handle objects. + */ static int es_func_w32_destroy (void *cookie) { @@ -1273,6 +1361,9 @@ es_func_w32_destroy (void *cookie) } +/* + * Access object for the W32 handle based objects. + */ static gpgrt_cookie_io_functions_t estream_functions_w32 = { es_func_w32_read, @@ -1285,7 +1376,9 @@ static gpgrt_cookie_io_functions_t estream_functions_w32 = -/* Implementation of FILE* I/O. */ +/* + * Implementation of stdio based I/O. + */ /* Cookie for fp objects. */ typedef struct estream_cookie_fp @@ -1295,7 +1388,9 @@ typedef struct estream_cookie_fp } *estream_cookie_fp_t; -/* Create function for FILE objects. */ +/* + * Create function for stdio based objects. + */ static int func_fp_create (void **cookie, FILE *fp, unsigned int modeflags, int no_close) @@ -1324,7 +1419,10 @@ func_fp_create (void **cookie, FILE *fp, return err; } -/* Read function for FILE* objects. */ + +/* + * Read function for stdio based objects. + */ static gpgrt_ssize_t es_func_fp_read (void *cookie, void *buffer, size_t size) @@ -1350,7 +1448,10 @@ es_func_fp_read (void *cookie, void *buffer, size_t size) return bytes_read; } -/* Write function for FILE* objects. */ + +/* + * Write function for stdio bases objects. + */ static gpgrt_ssize_t es_func_fp_write (void *cookie, const void *buffer, size_t size) { @@ -1399,7 +1500,10 @@ es_func_fp_write (void *cookie, const void *buffer, size_t size) return bytes_written; } -/* Seek function for FILE* objects. */ + +/* + * Seek function for stdio based objects. + */ static int es_func_fp_seek (void *cookie, gpgrt_off_t *offset, int whence) { @@ -1436,7 +1540,10 @@ es_func_fp_seek (void *cookie, gpgrt_off_t *offset, int whence) return 0; } -/* Destroy function for FILE* objects. */ + +/* + * Destroy function for stdio based objects. + */ static int es_func_fp_destroy (void *cookie) { @@ -1465,6 +1572,9 @@ es_func_fp_destroy (void *cookie) } +/* + * Access object for stdio based objects. + */ static gpgrt_cookie_io_functions_t estream_functions_fp = { es_func_fp_read, @@ -1476,7 +1586,12 @@ static gpgrt_cookie_io_functions_t estream_functions_fp = -/* Implementation of file I/O. */ +/* + * Implementation of file name based I/O. + * + * Note that only a create function is required because the other + * operationsares handled by file descriptor based I/O. + */ /* Create function for objects identified by a file name. */ static int @@ -1525,37 +1640,38 @@ func_file_create (void **cookie, int *filedes, /* Parse the mode flags of fopen et al. In addition to the POSIX - defined mode flags keyword parameters are supported. These are - key/value pairs delimited by comma and optional white spaces. - Keywords and values may not contain a comma or white space; unknown - keywords are skipped. Supported keywords are: - - mode= - - Creates a file and gives the new file read and write permissions - for the user and read permission for the group. The format of - the string is the same as shown by the -l option of the ls(1) - command. However the first letter must be a dash and it is - allowed to leave out trailing dashes. If this keyword parameter - is not given the default mode for creating files is "-rw-rw-r--" - (664). Note that the system still applies the current umask to - the mode when crating a file. Example: - - "wb,mode=-rw-r--" - - samethread - - Assumes that the object is only used by the creating thread and - disables any internal locking. This keyword is also found on - IBM systems. - - nonblock - - The object is opened in non-blocking mode. This is the same as - calling gpgrt_set_nonblock on the file. - - Note: R_CMODE is optional because is only required by functions - which are able to creat a file. */ + * defined mode flags keyword parameters are supported. These are + * key/value pairs delimited by comma and optional white spaces. + * Keywords and values may not contain a comma or white space; unknown + * keywords are skipped. Supported keywords are: + * + * mode= + * + * Creates a file and gives the new file read and write permissions + * for the user and read permission for the group. The format of + * the string is the same as shown by the -l option of the ls(1) + * command. However the first letter must be a dash and it is + * allowed to leave out trailing dashes. If this keyword parameter + * is not given the default mode for creating files is "-rw-rw-r--" + * (664). Note that the system still applies the current umask to + * the mode when crating a file. Example: + * + * "wb,mode=-rw-r--" + * + * samethread + * + * Assumes that the object is only used by the creating thread and + * disables any internal locking. This keyword is also found on + * IBM systems. + * + * nonblock + * + * The object is opened in non-blocking mode. This is the same as + * calling gpgrt_set_nonblock on the file. + * + * Note: R_CMODE is optional because is only required by functions + * which are able to creat a file. + */ static int parse_mode (const char *modestr, unsigned int *modeflags, int *samethread, @@ -1668,8 +1784,8 @@ parse_mode (const char *modestr, return 0; } - + /* * Low level stream functionality. */ @@ -1807,7 +1923,10 @@ es_flush (estream_t stream) return err; } -/* Discard buffered data for STREAM. */ + +/* + * Discard buffered data for STREAM. + */ static void es_empty (estream_t stream) { @@ -1817,7 +1936,10 @@ es_empty (estream_t stream) stream->unread_data_len = 0; } -/* Initialize STREAM. */ + +/* + * Initialize STREAM. + */ static void init_stream_obj (estream_t stream, void *cookie, es_syshd_t *syshd, @@ -1861,7 +1983,10 @@ init_stream_obj (estream_t stream, stream->flags.writing = 0; } -/* Deinitialize STREAM. */ + +/* + * Deinitialize STREAM. + */ static int es_deinitialize (estream_t stream) { @@ -1897,7 +2022,10 @@ es_deinitialize (estream_t stream) return err; } -/* Create a new stream object, initialize it. */ + +/* + * Create a new stream object and initialize it. + */ static int es_create (estream_t *stream, void *cookie, es_syshd_t *syshd, gpgrt_cookie_io_functions_t functions, unsigned int modeflags, @@ -1955,7 +2083,10 @@ es_create (estream_t *stream, void *cookie, es_syshd_t *syshd, return err; } -/* Deinitialize a stream object and destroy it. */ + +/* + * Deinitialize a stream object and destroy it. + */ static int do_close (estream_t stream, int with_locked_list) { @@ -1986,7 +2117,10 @@ do_close (estream_t stream, int with_locked_list) } -/* This worker function is called with a locked stream. */ +/* + * The onclose worker function which is called with a locked + * stream. + */ static int do_onclose (estream_t stream, int mode, void (*fnc) (estream_t, void*), void *fnc_value) @@ -2013,9 +2147,10 @@ do_onclose (estream_t stream, int mode, } -/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in - unbuffered-mode, storing the amount of bytes read in - *BYTES_READ. */ +/* + * Try to read BYTES_TO_READ bytes from STREAM into BUFFER in + * unbuffered-mode, storing the amount of bytes read at BYTES_READ. + */ static int es_read_nbf (estream_t _GPGRT__RESTRICT stream, unsigned char *_GPGRT__RESTRICT buffer, @@ -2054,6 +2189,10 @@ es_read_nbf (estream_t _GPGRT__RESTRICT stream, return err; } + +/* + * Helper for check_pending. + */ static int check_pending_nbf (estream_t _GPGRT__RESTRICT stream) { @@ -2066,9 +2205,11 @@ check_pending_nbf (estream_t _GPGRT__RESTRICT stream) } -/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in - fully-buffered-mode, storing the amount of bytes read in - *BYTES_READ. */ +/* + * Try to read BYTES_TO_READ bytes from STREAM into BUFFER in + * fully-buffered-mode, storing the amount of bytes read at + * BYTES_READ. + */ static int es_read_fbf (estream_t _GPGRT__RESTRICT stream, unsigned char *_GPGRT__RESTRICT buffer, @@ -2117,6 +2258,9 @@ es_read_fbf (estream_t _GPGRT__RESTRICT stream, } +/* + * Helper for check_pending. + */ static int check_pending_fbf (estream_t _GPGRT__RESTRICT stream) { @@ -2136,9 +2280,10 @@ check_pending_fbf (estream_t _GPGRT__RESTRICT stream) } -/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in - line-buffered-mode, storing the amount of bytes read in - *BYTES_READ. */ +/* + * Try to read BYTES_TO_READ bytes from STREAM into BUFFER in + * line-buffered-mode, storing the amount of bytes read at BYTES_READ. + */ static int es_read_lbf (estream_t _GPGRT__RESTRICT stream, unsigned char *_GPGRT__RESTRICT buffer, @@ -2151,8 +2296,11 @@ es_read_lbf (estream_t _GPGRT__RESTRICT stream, return err; } -/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER, storing - the amount of bytes read in BYTES_READ. */ + +/* + * Try to read BYTES_TO_READ bytes from STREAM into BUFFER, storing + * the amount of bytes read at BYTES_READ. + */ static int es_readn (estream_t _GPGRT__RESTRICT stream, void *_GPGRT__RESTRICT buffer_arg, @@ -2212,10 +2360,12 @@ es_readn (estream_t _GPGRT__RESTRICT stream, } -/* Return true if at least one byte is pending for read. This is a - best effort check and it it possible that bytes are still pending - even if false is returned. If the stream is in writing mode it is - switched to read mode. */ +/* + * Return true if at least one byte is pending for read. This is a + * best effort check and it it possible that bytes are still pending + * even if false is returned. If the stream is in writing mode it is + * switched to read mode. + */ static int check_pending (estream_t _GPGRT__RESTRICT stream) { @@ -2244,8 +2394,10 @@ check_pending (estream_t _GPGRT__RESTRICT stream) } -/* Try to unread DATA_N bytes from DATA into STREAM, storing the - amount of bytes successfully unread in *BYTES_UNREAD. */ +/* + * Try to unread DATA_N bytes from DATA into STREAM, storing the + * amount of bytes successfully unread at BYTES_UNREAD. + */ static void es_unreadn (estream_t _GPGRT__RESTRICT stream, const unsigned char *_GPGRT__RESTRICT data, size_t data_n, @@ -2271,7 +2423,10 @@ es_unreadn (estream_t _GPGRT__RESTRICT stream, *bytes_unread = data_n; } -/* Seek in STREAM. */ + +/* + * Seek in STREAM. + */ static int es_seek (estream_t _GPGRT__RESTRICT stream, gpgrt_off_t offset, int whence, gpgrt_off_t *_GPGRT__RESTRICT offset_new) @@ -2336,9 +2491,12 @@ es_seek (estream_t _GPGRT__RESTRICT stream, gpgrt_off_t offset, int whence, return err; } -/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in - unbuffered-mode, storing the amount of bytes written in - *BYTES_WRITTEN. */ + +/* + * Write BYTES_TO_WRITE bytes from BUFFER into STREAM in + * unbuffered-mode, storing the amount of bytes written at + * BYTES_WRITTEN. + */ static int es_write_nbf (estream_t _GPGRT__RESTRICT stream, const unsigned char *_GPGRT__RESTRICT buffer, @@ -2384,9 +2542,12 @@ es_write_nbf (estream_t _GPGRT__RESTRICT stream, return err; } -/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in - fully-buffered-mode, storing the amount of bytes written in - *BYTES_WRITTEN. */ + +/* + * Write BYTES_TO_WRITE bytes from BUFFER into STREAM in + * fully-buffered-mode, storing the amount of bytes written at + * BYTES_WRITTEN. + */ static int es_write_fbf (estream_t _GPGRT__RESTRICT stream, const unsigned char *_GPGRT__RESTRICT buffer, commit 217a451d54186283f09af5b3c03933f214ddf1c0 Author: Werner Koch Date: Tue Mar 29 16:36:44 2016 +0200 estream: Remove strange macro for better readability. * src/estream.c (SET_UNLESS_NONZERO): Remove macro. (es_deinitialize): Replace that macro by direct code. Signed-off-by: Werner Koch diff --git a/src/estream.c b/src/estream.c index abce0bf..4564b27 100644 --- a/src/estream.c +++ b/src/estream.c @@ -248,18 +248,6 @@ static void fname_set_internal (estream_t stream, const char *fname, int quote); #define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A')) -/* Evaluate EXPRESSION, setting VARIABLE to the return code, if - VARIABLE is zero. */ -#define SET_UNLESS_NONZERO(variable, tmp_variable, expression) \ - do \ - { \ - tmp_variable = expression; \ - if ((! variable) && tmp_variable) \ - variable = tmp_variable; \ - } \ - while (0) - - static void * mem_alloc (size_t n) @@ -1884,9 +1872,17 @@ es_deinitialize (estream_t stream) err = 0; if (stream->flags.writing) - SET_UNLESS_NONZERO (err, tmp_err, es_flush (stream)); + { + tmp_err = es_flush (stream); + if (!err) + err = tmp_err; + } if (func_close) - SET_UNLESS_NONZERO (err, tmp_err, (*func_close) (stream->intern->cookie)); + { + tmp_err = func_close (stream->intern->cookie); + if (!err) + err = tmp_err; + } mem_free (stream->intern->printable_fname); stream->intern->printable_fname = NULL; @@ -4483,7 +4479,7 @@ _gpgrt_get_nonblock (estream_t stream) /* A version of poll(2) working on estream handles. Note that not all estream types work with this function. In contrast to the standard - poll function the gpgrt_poll_t object uses a set of names bit flags + poll function the gpgrt_poll_t object uses a set of bit flags instead of the EVENTS and REVENTS members. An item with the IGNORE flag set is entirely ignored. The TIMEOUT values is given in milliseconds, a value of -1 waits indefinitely, and a value of 0 ----------------------------------------------------------------------- Summary of changes: src/estream.c | 487 ++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 322 insertions(+), 165 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 30 10:41:55 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 30 Mar 2016 10:41:55 +0200 Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.3-5-gcfe000c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnupG extension for the Windows Explorer". The branch, master has been updated via cfe000c4da6e965ddb602c695d63928e432f8a19 (commit) via b00cf0913243ad5432e4cb859146d88b6691f9a3 (commit) from 423092437aade400521b7bb8d3d28085a93f4228 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cfe000c4da6e965ddb602c695d63928e432f8a19 Author: Andre Heinecke Date: Wed Mar 30 10:41:25 2016 +0200 Update NEWS -- Mention pt translation and async changes to startup. diff --git a/NEWS b/NEWS index 58b7609..5e384a7 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ Noteworthy changes for version 1.0.4 (unreleased) ------------------------------------------------- +* Updated Portuguese translation. + +* Improved UI Server startup. + Noteworthy changes for version 1.0.3 (2015-11-23) ------------------------------------------------- commit b00cf0913243ad5432e4cb859146d88b6691f9a3 Author: Andre Heinecke Date: Wed Mar 30 10:36:13 2016 +0200 Update Portuguese translation * po/pt.po: Update and use UTF-8 -- Updated translation provided by Marco A.G. Pinto. Thanks. diff --git a/po/pt.po b/po/pt.po index 90dfb04..9e25777 100644 --- a/po/pt.po +++ b/po/pt.po @@ -1,4 +1,4 @@ -# translation of GPGex. +# Translation of GPGex. # Copyright (C) 2013 g10 Code GmbH # This file is distributed under the same license as the FIXME:GPGex package. # Diego Escalante Urrelo , 2008. @@ -8,22 +8,22 @@ msgid "" msgstr "" "Project-Id-Version: GpgEX\n" "Report-Msgid-Bugs-To: http://bugs.gnupg.org\n" -"PO-Revision-Date: 2013-07-11 21:07-0000\n" +"PO-Revision-Date: 2016-02-02 17:33+0000\n" "Last-Translator: Marco A.G.Pinto \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Poedit-SourceCharset: iso-8859-1\n" -"X-Generator: Poedit 1.5.7\n" +"X-Poedit-SourceCharset: UTF-8\n" +"X-Generator: Poedit 1.8.6\n" #, c-format msgid "" "Can not connect to the GnuPG user interface%s%s%s:\r\n" "%s" msgstr "" -"N?o ? poss?vel aceder ? interface de utilizador do GnuPG%s%s%s:\\r\n" +"N??o ?? poss??vel aceder ?? interface de utilizador do GnuPG%s%s%s:\r\n" "%s" #, c-format @@ -68,13 +68,13 @@ msgid "Verify checksums" msgstr "Verificar checksums" msgid "More GpgEX options" -msgstr "Mais op??es do GpgEX" +msgstr "Mais op????es do GpgEX" msgid "Invoke the GpgEX documentation." -msgstr "Invocar a documenta??o do GpgEX." +msgstr "Invocar a documenta????o do GpgEX." msgid "Show the version of GpgEX." -msgstr "Mostrar a vers?o do GpgEX." +msgstr "Mostrar a vers??o do GpgEX." msgid "Decrypt and verify the marked files." msgstr "Desencriptar e verificar os ficheiros marcados." @@ -104,12 +104,27 @@ msgid "Verify checksums." msgstr "Verificar checksums." msgid "Show more GpgEX options." -msgstr "Mostrar mais op??es do GpgEX." +msgstr "Mostrar mais op????es do GpgEX." #. TRANSLATORS: See the source for the full english text. msgid "-#GpgEXFullHelpText#-" -msgstr "-#GpgEXFullHelpText#-" +msgstr "" +"O GpgEX ?? um plugin Explorer para encripta????o e assinar dados.\n" +"Ele usa o software GnuPG (http://www.gnupg.org).\n" +"\n" +"O GpgEX ?? software livre; podes redistribu??-lo e/ou\n" +"modific??-lo nos termos da GNU Lesser General Public\n" +"License, como est?? publicado pela Free Software Foundation; quer\n" +"a vers??o 2.1 da Licen??a, ou (?? tua escolha) qualquer vers??o posterior.\n" +"\n" +"O GpgEX ?? distribu??do na esperan??a que possa ser ??til,\n" +"mas SEM QUALQUER GARANTIA; nem mesmo a garantia impl??cita de\n" +"MERCANTIBILIDADE ou APTID??O PARA UMA FINALIDADE PARTICULAR. V?? a\n" +"GNU Lesser General Public License para mais detalhes.\n" +"\n" +"Deves ter recebido uma c??pia da GNU Lesser General Public License\n" +"juntamente com este programa; se n??o, v?? ." #, c-format msgid "This is GpgEX version %s (%s)" -msgstr "Este ? o GpgEX vers?o %s (%s)" +msgstr "Este ?? o GpgEX vers??o %s (%s)" ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ po/pt.po | 39 +++++++++++++++++++++++++++------------ 2 files changed, 31 insertions(+), 12 deletions(-) hooks/post-receive -- GnupG extension for the Windows Explorer http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 30 14:27:54 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 30 Mar 2016 14:27:54 +0200 Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.3-8-g7c7b69f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnupG extension for the Windows Explorer". The branch, master has been updated via 7c7b69f19935e6b6927069f9f78515311071a0ec (commit) via 623c1ad03dfe4e59d97009ff67ddbedcff8565d1 (commit) via 4a13eb1976bb27c8f398b2926ef11c30af4ada83 (commit) from cfe000c4da6e965ddb602c695d63928e432f8a19 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7c7b69f19935e6b6927069f9f78515311071a0ec Author: Werner Koch Date: Wed Mar 30 14:27:25 2016 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 9c4f81d..9120a12 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes for version 1.0.5 (unreleased) +------------------------------------------------- + + Noteworthy changes for version 1.0.4 (2016-03-30) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index aae95e4..de2f494 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ min_automake_version="1.10" # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.0.4]) +m4_define([mym4_version], [1.0.5]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 623c1ad03dfe4e59d97009ff67ddbedcff8565d1 Author: Werner Koch Date: Wed Mar 30 14:19:58 2016 +0200 Release 1.0.4 diff --git a/NEWS b/NEWS index 5e384a7..9c4f81d 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes for version 1.0.4 (unreleased) +Noteworthy changes for version 1.0.4 (2016-03-30) ------------------------------------------------- * Updated Portuguese translation. commit 4a13eb1976bb27c8f398b2926ef11c30af4ada83 Author: Werner Koch Date: Wed Mar 30 14:19:13 2016 +0200 Print swdb info during make distcheck * Makefile.am (distcheck-hook): New. diff --git a/Makefile.am b/Makefile.am index e84bf4c..ae57e9f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -26,3 +26,17 @@ SUBDIRS = doc src po m4 dist-hook: echo "$(VERSION)" > $(distdir)/VERSION + +distcheck-hook: + set -e; ( \ + pref="#+macro: gpgex_" ;\ + reldate="$$(date -u +%Y-%m-%d)" ;\ + echo "$${pref}ver $(PACKAGE_VERSION)" ;\ + echo "$${pref}date $${reldate}" ;\ + list='$(DIST_ARCHIVES)'; for i in $$list; do \ + case "$$i" in *.tar.bz2) \ + echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\ + echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\ + echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\ + esac;\ + done ) | tee $(distdir).swdb ----------------------------------------------------------------------- Summary of changes: Makefile.am | 14 ++++++++++++++ NEWS | 6 +++++- configure.ac | 2 +- 3 files changed, 20 insertions(+), 2 deletions(-) hooks/post-receive -- GnupG extension for the Windows Explorer http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 30 14:46:14 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 30 Mar 2016 14:46:14 +0200 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-59-ge138ceb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via e138ceb8fee0b154a0388055d8a0bb1404dc0e06 (commit) via 27150d3bbf19510252c9cf8ea9560f1e38862d71 (commit) via 1fb8a9d651c15ba51fe4f7d26d3ec532941efc72 (commit) from 1ae53b7fe54b863bf1d6a0891fbf37ae63abc074 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e138ceb8fee0b154a0388055d8a0bb1404dc0e06 Author: Werner Koch Date: Wed Mar 30 14:45:42 2016 +0200 Post release updates diff --git a/NEWS b/NEWS index 539700c..35e9a97 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes for version 1.4.1 (unreleased) +================================================= + + Noteworthy changes for version 1.4.0 (2016-03-30) ================================================= diff --git a/configure.ac b/configure.ac index 960fff7..9b5cbad 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ min_automake_version="1.14" # (git tag -s gpgol-k.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.4.0]) +m4_define([mym4_version], [1.4.1]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 27150d3bbf19510252c9cf8ea9560f1e38862d71 Author: Werner Koch Date: Wed Mar 30 14:38:33 2016 +0200 Release 1.4.0 diff --git a/NEWS b/NEWS index c07a71e..539700c 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes for version 1.4.0 (unreleased) +Noteworthy changes for version 1.4.0 (2016-03-30) ================================================= * (OL > 2007) An option dialog has been added to enable / disable commit 1fb8a9d651c15ba51fe4f7d26d3ec532941efc72 Author: Werner Koch Date: Wed Mar 30 14:38:18 2016 +0200 Print swdb info during make distcheck * Makefile.am (distcheck-hook): New. diff --git a/Makefile.am b/Makefile.am index 5098644..e5074fe 100644 --- a/Makefile.am +++ b/Makefile.am @@ -43,6 +43,16 @@ gen-ChangeLog: mv $(distdir)/cl-t $(distdir)/ChangeLog; \ fi - - - +distcheck-hook: + set -e; ( \ + pref="#+macro: gpgol_" ;\ + reldate="$$(date -u +%Y-%m-%d)" ;\ + echo "$${pref}ver $(PACKAGE_VERSION)" ;\ + echo "$${pref}date $${reldate}" ;\ + list='$(DIST_ARCHIVES)'; for i in $$list; do \ + case "$$i" in *.tar.bz2) \ + echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\ + echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\ + echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\ + esac;\ + done ) | tee $(distdir).swdb ----------------------------------------------------------------------- Summary of changes: Makefile.am | 16 +++++++++++++--- NEWS | 6 +++++- configure.ac | 2 +- 3 files changed, 19 insertions(+), 5 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 30 14:48:13 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 30 Mar 2016 14:48:13 +0200 Subject: [git] gnupg-doc - branch, master, updated. 2977d19436763e7ab6df0edb55cf77e64807df52 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 2977d19436763e7ab6df0edb55cf77e64807df52 (commit) from 97e39cd0399d041e04abb88dcfa5b27348ec85c8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2977d19436763e7ab6df0edb55cf77e64807df52 Author: Werner Koch Date: Wed Mar 30 14:48:08 2016 +0200 swdb: new releases of gpgol and gpgex. diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index f9ef2d4..8527a94 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -73,7 +73,7 @@ ** Comparing Checksums If you are not able to use an old version of GnuPG, you can still - verify the file's SHA1 checksum. This is less secure, because if + verify the file's SHA-1 checksum. This is less secure, because if someone modified the files as they were transferred to you, it would not be much more effort to modify the checksums that you see on this webpage. As such, if you use this method, you should diff --git a/web/swdb.mac b/web/swdb.mac index 4295c1c..dfa44a6 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -133,9 +133,20 @@ # # GpgEX # -#+macro: gpgex_ver 1.0.3 -#+macro: gpgex_date 2015-11-23 -#+macro: gpgex_sha1 52c803434b3d861ae68e93bf68852bed81c70166 +#+macro: gpgex_ver 1.0.4 +#+macro: gpgex_date 2016-03-30 +#+macro: gpgex_size 286k +#+macro: gpgex_sha1 a1521fd86b6a1c5d5865d864e5700e98f4e99dcb +#+macro: gpgex_sha2 aea2232d026219072491f1bf5b2f189a15552f66377ff4dd3b11c0f069379206 + +# +# GpgOL +# +#+macro: gpgol_ver 1.4.0 +#+macro: gpgol_date 2016-03-30 +#+macro: gpgol_size 648k +#+macro: gpgol_sha1 3cbe4a1dc0b9897353d8352a4b5afa3ecf3094f4 +#+macro: gpgol_sha2 abebb06bcf64c11854b110830b148eada7e7d9046e565c407d7957594f09800f # ----------------------------------------------------------------------- Summary of changes: web/download/integrity_check.org | 2 +- web/swdb.mac | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 31 12:59:47 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 31 Mar 2016 12:59:47 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.29-28-g55dabfe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 55dabfeae2f37137f233a59676f523884a800553 (commit) via 83cae8c0374c1cfccabced789eaa7dddc5183cdd (commit) via c066dabe152af23fad7e353bbd6db5247875756a (commit) via e2c3ddf46294ccf0ca46ba838285f2d26adcda93 (commit) via 2b8c9181a7668010da7e7ec3031b141a9bdedc6c (commit) via 458c2f2d32e4e784d3ef719a3439acc631c1fc69 (commit) from 3e1b451c5d330b81561436a600bdaa9fbacc1ba1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 55dabfeae2f37137f233a59676f523884a800553 Author: Werner Koch Date: Thu Mar 31 12:58:31 2016 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 75ed1b3..1b646f5 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Noteworthy changes in version 2.0.31 (unreleased) +------------------------------------------------- + Noteworthy changes in version 2.0.30 (2016-03-31) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index e5b8baf..0041bec 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.14" # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [2.0.30]) +m4_define([mym4_version], [2.0.31]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a diff --git a/po/be.po b/po/be.po index 606b297..d79654f 100644 --- a/po/be.po +++ b/po/be.po @@ -4899,14 +4899,14 @@ msgstr "" msgid "trustdb transaction too large\n" msgstr "" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "?????????????????? ?????????????? %s: %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "?????????????????? ?????????????? %s: %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "" diff --git a/po/ca.po b/po/ca.po index 86eb364..23ad588 100644 --- a/po/ca.po +++ b/po/ca.po @@ -5378,16 +5378,16 @@ msgstr "" msgid "trustdb transaction too large\n" msgstr "la transacci?? de la base de dades de confian??a ??s massa gran\n" +#, c-format +msgid "%s: directory does not exist!\n" +msgstr "%s: el directori no existeix!\n" + # No em passe! ;) ivb #, fuzzy, c-format msgid "can't access `%s': %s\n" msgstr "no s'ha pogut tancar ??%s??: %s\n" #, c-format -msgid "%s: directory does not exist!\n" -msgstr "%s: el directori no existeix!\n" - -#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: no s'ha pogut crear un registre de versi??: %s" diff --git a/po/cs.po b/po/cs.po index 0aaabcb..e2bba98 100644 --- a/po/cs.po +++ b/po/cs.po @@ -5040,14 +5040,14 @@ msgid "trustdb transaction too large\n" msgstr "transakce s datab??z?? d??v??ry je p????li?? dlouh??\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "nemohu otev????t ???%s???: %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: adres???? neexistuje!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "nemohu otev????t ???%s???: %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: nepoda??ilo se vytvo??it z??znam verze: %s" diff --git a/po/da.po b/po/da.po index 06d9ab0..f5a934b 100644 --- a/po/da.po +++ b/po/da.po @@ -5024,14 +5024,14 @@ msgid "trustdb transaction too large\n" msgstr "transaktion for trustdb er for stor\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "kan ikke tilg?? ??%s??: %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: mappe findes ikke!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "kan ikke tilg?? ??%s??: %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: kunne ikke oprette versionspost: %s" diff --git a/po/de.po b/po/de.po index 839868b..3d330a8 100644 --- a/po/de.po +++ b/po/de.po @@ -5125,14 +5125,14 @@ msgid "trustdb transaction too large\n" msgstr "trustdb Transaktion zu gro??\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "kann aus `%s' nicht zugreifen: %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: Verzeichnis existiert nicht!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "kann aus `%s' nicht zugreifen: %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: Fehler beim Erzeugen des Versionsatzes: %s" diff --git a/po/el.po b/po/el.po index b55f03a..92ee086 100644 --- a/po/el.po +++ b/po/el.po @@ -5254,14 +5254,14 @@ msgstr "trustdb rec %lu: msgid "trustdb transaction too large\n" msgstr "???? ?????? ????????? trustdb\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "???????? ??????????? ??? `%s': %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: ? ??????? ??? ???????!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "???????? ??????????? ??? `%s': %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: ???????? ??????????? ???? ???????? ???????: %s" diff --git a/po/eo.po b/po/eo.po index 8fc95a9..911274d 100644 --- a/po/eo.po +++ b/po/eo.po @@ -5209,14 +5209,14 @@ msgstr "fido-datenaro loko %lu: skribo malsukcesis (n=%d): %s\n" msgid "trustdb transaction too large\n" msgstr "fido-datenaro-transakcio tro granda\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "ne povas fermi '%s': %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: dosierujo ne ekzistas!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "ne povas fermi '%s': %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: malsukcesis krei versiregistron: %s" diff --git a/po/es.po b/po/es.po index 33330d2..a5278bd 100644 --- a/po/es.po +++ b/po/es.po @@ -5045,14 +5045,14 @@ msgid "trustdb transaction too large\n" msgstr "transacci??n en la base de datos de confianza demasiado grande\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "no se puede acceder a `%s': %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: ??el directorio no existe!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "no se puede acceder a `%s': %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: fallo en la creaci??n del registro de versi??n: %s" diff --git a/po/et.po b/po/et.po index d18984e..1aaeebe 100644 --- a/po/et.po +++ b/po/et.po @@ -5176,14 +5176,14 @@ msgstr "trustdb rec %lu: write failed (n=%d): %s\n" msgid "trustdb transaction too large\n" msgstr "trustdb transaktsioon on liiga suur\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "`%s' ei ?nnestu sulgeda: %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: kataloogi ei ole!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "`%s' ei ?nnestu sulgeda: %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: versioonikirje loomine ei ?nnestu: %s" diff --git a/po/fi.po b/po/fi.po index 85e042e..d3f5d42 100644 --- a/po/fi.po +++ b/po/fi.po @@ -5240,14 +5240,14 @@ msgstr "trustdb rec %lu: kirjoittaminen ep??onnistuin (n=%d): %s\n" msgid "trustdb transaction too large\n" msgstr "trustdb-tapahtuma on liian suuri\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "tiedostoa \"%s\" ei voi sulkea: %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: hakemistoa ei ole olemassa!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "tiedostoa \"%s\" ei voi sulkea: %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: versiotietueen luonti ep??onnistui: %s" diff --git a/po/fr.po b/po/fr.po index b0775c9..88ac4ac 100644 --- a/po/fr.po +++ b/po/fr.po @@ -5162,14 +5162,14 @@ msgid "trustdb transaction too large\n" msgstr "transaction de base de confiance trop grande\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "impossible d'acc??der ?? ????%s??????: %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s??: le r??pertoire n'existe pas.\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "impossible d'acc??der ?? ????%s??????: %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s??: impossible de cr??er un enregistrement de version??: %s" diff --git a/po/gl.po b/po/gl.po index f675ea7..40ac351 100644 --- a/po/gl.po +++ b/po/gl.po @@ -5243,14 +5243,14 @@ msgstr "" msgid "trustdb transaction too large\n" msgstr "transacci?n da base de datos de confianza demasiado grande\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "non se pode pechar `%s': %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: ?o directorio non existe!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "non se pode pechar `%s': %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: non se puido crea-lo rexistro de versi?n: %s" diff --git a/po/hu.po b/po/hu.po index a43f640..6469bf3 100644 --- a/po/hu.po +++ b/po/hu.po @@ -5207,14 +5207,14 @@ msgstr "Bizalmi adatb msgid "trustdb transaction too large\n" msgstr "Bizalmi adatb?zis tranzakci?ja t?l nagy.\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "Nem tudom bez?rni a(z) \"%s\" ?llom?nyt: %s.\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: K?nyvt?r nem l?tezik!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "Nem tudom bez?rni a(z) \"%s\" ?llom?nyt: %s.\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: Nem siker?lt verzi?rekordot l?trehoznom: %s" diff --git a/po/id.po b/po/id.po index 5238a4b..f3ba6b5 100644 --- a/po/id.po +++ b/po/id.po @@ -5205,14 +5205,14 @@ msgstr "trustdb rec %lu: write failed (n=%d): %s\n" msgid "trustdb transaction too large\n" msgstr "transaksi trustdb terlalu besar\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "tidak dapat menutup `%s': %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: direktori tidak ada!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "tidak dapat menutup `%s': %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: gagal membuat catatan versi: %s" diff --git a/po/it.po b/po/it.po index 0612633..a1728a4 100644 --- a/po/it.po +++ b/po/it.po @@ -5245,14 +5245,14 @@ msgstr "trustdb rec %lu: scrittura fallita (n=%d): %s\n" msgid "trustdb transaction too large\n" msgstr "transazione del trustdb troppo grande\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "impossibile chiudere `%s': %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: la directory non esiste!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "impossibile chiudere `%s': %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: creazione del record della versione fallita: %s" diff --git a/po/ja.po b/po/ja.po index 4dc35ec..2f9ede8 100644 --- a/po/ja.po +++ b/po/ja.po @@ -4911,14 +4911,14 @@ msgid "trustdb transaction too large\n" msgstr "????????????????????????????????????????????????????????????????????????\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "???%s?????????????????????????????????: %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: ????????????????????????????????????!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "???%s?????????????????????????????????: %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: ????????????????????????????????????????????????????????????: %s" diff --git a/po/nb.po b/po/nb.po index f7a3a1b..a25f25e 100644 --- a/po/nb.po +++ b/po/nb.po @@ -4979,14 +4979,14 @@ msgid "trustdb transaction too large\n" msgstr "" #, c-format -msgid "can't access `%s': %s\n" -msgstr "kan ikke aksere ?%s?: %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "" #, c-format +msgid "can't access `%s': %s\n" +msgstr "kan ikke aksere ?%s?: %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "" diff --git a/po/nl.po b/po/nl.po index 56fcd2a..e54e8c2 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5201,14 +5201,14 @@ msgid "trustdb transaction too large\n" msgstr "betrouwbaarheidsdatabank (trustdb): transactie is te groot\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "krijg geen toegang tot `%s': %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: map bestaat niet!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "krijg geen toegang tot `%s': %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: het registreren van de versie is mislukt: %s" diff --git a/po/pl.po b/po/pl.po index 331510c..5198a7c 100644 --- a/po/pl.po +++ b/po/pl.po @@ -5062,14 +5062,14 @@ msgid "trustdb transaction too large\n" msgstr "zbyt du??e zlecenie dla bazy zaufania\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "nie mo??na dosta?? si?? do ,,%s'': %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: katalog nie istnieje!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "nie mo??na dosta?? si?? do ,,%s'': %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: stworzenie zapisu o wersji nie powiod??o si??: %s" diff --git a/po/pt.po b/po/pt.po index d51a531..851d056 100644 --- a/po/pt.po +++ b/po/pt.po @@ -5207,14 +5207,14 @@ msgstr "base de dados de confian msgid "trustdb transaction too large\n" msgstr "transa??o de base de dados de confian?a muito grande\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "imposs?vel fechar `%s': %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: diretoria inexistente!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "imposs?vel fechar `%s': %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: falha ao criar registo de vers?o: %s" diff --git a/po/pt_BR.po b/po/pt_BR.po index f74ef0f..98d43df 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -5217,14 +5217,14 @@ msgstr "banco de dados de confiabilidade rec %lu: escrita falhou (n=%d): %s\n" msgid "trustdb transaction too large\n" msgstr "transa??o de banco de dados de confiabilidade muito grande\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "imposs?vel abrir `%s': %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: diret?rio inexistente!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "imposs?vel abrir `%s': %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: falha ao criar registro de vers?o: %s" diff --git a/po/ro.po b/po/ro.po index be90de5..77c663c 100644 --- a/po/ro.po +++ b/po/ro.po @@ -5119,14 +5119,14 @@ msgid "trustdb transaction too large\n" msgstr "tranzac?ia trustdb prea mare\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "nu pot accesa `%s': %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: directorul nu exist?!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "nu pot accesa `%s': %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: am e?uat s? creez ?nregistrare versiune: %s" diff --git a/po/ru.po b/po/ru.po index a5156be..5f23ded 100644 --- a/po/ru.po +++ b/po/ru.po @@ -4998,14 +4998,14 @@ msgid "trustdb transaction too large\n" msgstr "?????????????? ?????????????? ???????????????????? ?????????????? ??????????????\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "?????? ?????????????? ?? `%s': %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: ?????????????? ???? ????????????????????!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "?????? ?????????????? ?? `%s': %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: ???????? ???????????????? ???????????? ?? ????????????: %s" diff --git a/po/sk.po b/po/sk.po index 9d5feb9..ecd03b9 100644 --- a/po/sk.po +++ b/po/sk.po @@ -5223,14 +5223,14 @@ msgstr "z msgid "trustdb transaction too large\n" msgstr "transakcia s datab?zou d?very je pr?li? dlh?\n" -#, fuzzy, c-format -msgid "can't access `%s': %s\n" -msgstr "nem??em zavrie? `%s': %s\n" - #, c-format msgid "%s: directory does not exist!\n" msgstr "%s: adres?r neexistuje!\n" +#, fuzzy, c-format +msgid "can't access `%s': %s\n" +msgstr "nem??em zavrie? `%s': %s\n" + #, c-format msgid "%s: failed to create version record: %s" msgstr "%s: nepodarilo sa vytvori? z?znam verzie: %s" diff --git a/po/sv.po b/po/sv.po index 0817012..130d9ce 100644 --- a/po/sv.po +++ b/po/sv.po @@ -5154,14 +5154,14 @@ msgid "trustdb transaction too large\n" msgstr "tillitsdatabastransaktion f??r stor\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "kan inte komma ??t \"%s\": %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: katalogen finns inte!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "kan inte komma ??t \"%s\": %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: misslyckades med att skapa versionspost: %s" diff --git a/po/tr.po b/po/tr.po index eb8af01..61124d6 100644 --- a/po/tr.po +++ b/po/tr.po @@ -5089,14 +5089,14 @@ msgid "trustdb transaction too large\n" msgstr "g??vence veritaban?? i??lemi ??ok uzun\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "'%s' eri??ilemiyor: %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: dizin yok!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "'%s' eri??ilemiyor: %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: s??r??m kayd?? olu??turmada ba??ar??s??z: %s" diff --git a/po/uk.po b/po/uk.po index 1ad8d81..798146b 100644 --- a/po/uk.po +++ b/po/uk.po @@ -5100,14 +5100,14 @@ msgid "trustdb transaction too large\n" msgstr "?????????????? ???????????? ???????????????? trustdb\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "?????????? ?????????????? ???? ??%s??: %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: ???????????????? ???? ??????????!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "?????????? ?????????????? ???? ??%s??: %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: ???? ?????????????? ???????????????? ?????????? ???????? ????????????: %s" diff --git a/po/zh_CN.po b/po/zh_CN.po index 20f44b9..ff9f770 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -4958,14 +4958,14 @@ msgid "trustdb transaction too large\n" msgstr "?????????????????????????????????\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "???????????????%s??????%s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s?????????????????????\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "???????????????%s??????%s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s??????????????????????????????%s" diff --git a/po/zh_TW.po b/po/zh_TW.po index c1319a0..4dcea6c 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -4885,14 +4885,14 @@ msgid "trustdb transaction too large\n" msgstr "??????????????????????????????\n" #, c-format -msgid "can't access `%s': %s\n" -msgstr "???????????? `%s': %s\n" - -#, c-format msgid "%s: directory does not exist!\n" msgstr "%s: ???????????????!\n" #, c-format +msgid "can't access `%s': %s\n" +msgstr "???????????? `%s': %s\n" + +#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: ????????????????????????: %s" commit 83cae8c0374c1cfccabced789eaa7dddc5183cdd Author: Werner Koch Date: Thu Mar 31 12:47:24 2016 +0200 Release 2.0.30 diff --git a/NEWS b/NEWS index ef93593..75ed1b3 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,25 @@ -Noteworthy changes in version 2.0.30 (unreleased) +Noteworthy changes in version 2.0.30 (2016-03-31) ------------------------------------------------- + * gpg: Avoid too early timeout during key generation with 2.1 cards. + + * agent: Fixed printing of ssh fingerprints for 384 bit ECDSA keys. + + * agent: Fixed an alignment bug related to the passphrase + confirmation. + + * scdaemon: Fixed a "conflicting usage" bug. + + * scdaemon: Fixed usb card reader removal problem on Windows 8 and + later. + + * Fixed a problem on AIX due to peculiarity with RLIMIT_NOFILE. + + * Updated the Japanese and Dutch translations. + + * Fixed a few other bugs. + + Noteworthy changes in version 2.0.29 (2015-09-08) ------------------------------------------------- commit c066dabe152af23fad7e353bbd6db5247875756a Author: Werner Koch Date: Thu Mar 31 11:48:35 2016 +0200 po: Auto update -- diff --git a/po/ja.po b/po/ja.po index ecb0a0a..4dc35ec 100644 --- a/po/ja.po +++ b/po/ja.po @@ -1396,7 +1396,8 @@ msgstr "??????????????????????????????????????????????????????????????????\n" msgid "" "external program calls are disabled due to unsafe options file permissions\n" msgstr "" -"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????\n" +"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????" +"????????????????????????\n" msgid "this platform requires temporary files when calling external programs\n" msgstr "" @@ -1737,8 +1738,8 @@ msgstr "*??????*: homedir ???%s???????????????????????????????????????????????? msgid "" "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n" msgstr "" -"*??????*: ????????????????????????????????????????????????%s???????????????????????????????????????????????????" -"\n" +"*??????*: ????????????????????????????????????????????????%s????????????????????????????????????????????????" +"???\n" #, c-format msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n" @@ -3632,8 +3633,8 @@ msgid "" "Please enter a passphrase to protect the off-card backup of the new " "encryption key." msgstr "" -"?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????" -"???????????????????????????????????????" +"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????" +"??????????????????????????????????????????" #, c-format msgid "%s.\n" diff --git a/po/nl.po b/po/nl.po index 2e519ac..56fcd2a 100644 --- a/po/nl.po +++ b/po/nl.po @@ -55,29 +55,24 @@ msgstr "|pinentry-label|_OK" msgid "|pinentry-label|_Cancel" msgstr "|pinentry-label|_Annuleren" -#| msgid "|pinentry-label|_OK" msgid "|pinentry-label|_Yes" msgstr "|pinentry-label|_Ja" -#| msgid "|pinentry-label|_OK" msgid "|pinentry-label|_No" msgstr "|pinentry-label|_Nee" msgid "|pinentry-label|PIN:" msgstr "|pinentry-label|Pincode:" -#| msgid "|pinentry-label|_Cancel" msgid "|pinentry-label|_Save in password manager" msgstr "|pinentry-label|_Bewaren in de wachtwoordmanager" -#| msgid "Do you really want to revoke the selected subkeys? (y/N) " msgid "Do you really want to make your passphrase visible on the screen?" msgstr "Wilt U uw wachtwoordzin echt zichtbaar maken op het scherm?" msgid "|pinentry-tt|Make passphrase visible" msgstr "|pinentry-tt|Wachtwoordzin zichtbaar maken" -#| msgid "invalid passphrase" msgid "|pinentry-tt|Hide passphrase" msgstr "|pinentry-tt|Wachtwoordzin verbergen" @@ -410,7 +405,6 @@ msgstr "ssh-ondersteuning mogelijk maken" msgid "enable putty support" msgstr "putty-ondersteuning mogelijk maken" -#| msgid "do not allow the reuse of old passphrases" msgid "disallow the use of an external password cache" msgstr "het gebruik van een externe wachtwoordcache niet toestaan" @@ -3281,7 +3275,6 @@ msgstr "" msgid "WARNING: Your encryption subkey expires soon.\n" msgstr "Waarschuwing: Uw subsleutel voor versleutelen vervalt weldra.\n" -#| msgid "You can't change the expiration date of a v3 key\n" msgid "You may want to change its expiration date too.\n" msgstr "Misschien wilt u ook zijn vervaldatum wijzigen.\n" @@ -3981,6 +3974,11 @@ msgstr " Vingerafdruk van de subsleutel:" msgid " Key fingerprint =" msgstr " Vingerafdruk van de sleutel =" +#, fuzzy, c-format +#| msgid "WARNING: using experimental digest algorithm %s\n" +msgid "WARNING: a PGP-2 fingerprint is not safe\n" +msgstr "WAARSCHUWING: er wordt een experimenteel hashalgoritme %s gebruikt\n" + msgid " Card serial no. =" msgstr " Serienummer van de kaart =" @@ -5181,6 +5179,14 @@ msgid "trustdb: sync failed: %s\n" msgstr "betrouwbaarheidsdatabank (trustdb): synchronisatie mislukt: %s\n" #, c-format +msgid "can't create lock for `%s'\n" +msgstr "kan geen grendel maken voor `%s'\n" + +#, c-format +msgid "can't lock `%s'\n" +msgstr "kan `%s' niet vergrendelen\n" + +#, c-format msgid "trustdb rec %lu: lseek failed: %s\n" msgstr "" "betrouwbaarheidsdatabank (trustdb): element %lu: lseek is mislukt: %s\n" @@ -5203,14 +5209,6 @@ msgid "%s: directory does not exist!\n" msgstr "%s: map bestaat niet!\n" #, c-format -msgid "can't create lock for `%s'\n" -msgstr "kan geen grendel maken voor `%s'\n" - -#, c-format -msgid "can't lock `%s'\n" -msgstr "kan `%s' niet vergrendelen\n" - -#, c-format msgid "%s: failed to create version record: %s" msgstr "%s: het registreren van de versie is mislukt: %s" @@ -5476,7 +5474,6 @@ msgstr "sleutelwoord is te lang" msgid "missing argument" msgstr "ontbrekend argument" -#| msgid "invalid armor" msgid "invalid argument" msgstr "ongeldig argument" @@ -5497,7 +5494,6 @@ msgid "missing argument for option \"%.50s\"\n" msgstr "ontbrekend argument voor optie \"%.50s\"\n" #, c-format -#| msgid "missing argument for option \"%.50s\"\n" msgid "invalid argument for option \"%.50s\"\n" msgstr "ontbrekend argument voor optie \"%.50s\"\n" commit e2c3ddf46294ccf0ca46ba838285f2d26adcda93 Author: Ineiev Date: Thu Mar 31 10:51:39 2016 +0200 doc: Update help.ru.text diff --git a/doc/help.ru.txt b/doc/help.ru.txt index bd4ae14..5a98cb3 100644 --- a/doc/help.ru.txt +++ b/doc/help.ru.txt @@ -1,5 +1,6 @@ -# help.ru.txt - ru GnuPG online help +# help.ru.txt - Russian GnuPG online help # Copyright (C) 2007 Free Software Foundation, Inc. +# Copyright (C) 2016 Ineiev (translation) # # This file is part of GnuPG. # @@ -7,244 +8,362 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . +# The translated revision was taken from HEAD b8bb16c6c08d3c2947f1ff67 +# which is the same as the revision from STABLE-BRANCH-2-0 776bee6d370 + +.#pinentry.qualitybar.tooltip +# [remove the hash mark from the key to enable this text] +# This entry is just an example on how to customize the tooltip shown +# when hovering over the quality bar of the pinentry. We don't +# install this text so that the hardcoded translation takes +# precedence. An administrator should write up a short help to tell +# the users about the configured passphrase constraints and save that +# to /etc/gnupg/help.txt. The help text should not be longer than +# about 800 characters. +???????? ?????????????????? ???????????????????? ???????????????? ?????????????????? ???????? ??????????-????????????. + +???????? ?????????????????? ??????????????, GnuPG ?????????????? ??????????-???????????? ?????????????????????? ????????????. +???????????????? ?? ???????????? ???????????????????????????? ???????????????? ???????????????????? ?? ??????????-????????????. +. + + +.gnupg.agent-problem +# There was a problem accessing or starting the agent. +?? ?????????????????????? Gpg-Agent ???????? ???????????????????? ????????????????????????, ???????? ???????????????? +???????????????? ???????????????????? ?? ??????. + +?????????????? ???????????????????? ?????????????? ?????????????? ?????? ?????????????????? Gpg-Agent +?????? ?????????????????? ?????????????????? ???????????? ?? ?????????????? ????????-??????????????. ???????????? ?????????????? +?????????????????????? ?????? ?????????? ???????????????????????? ?? ?????????????? ?? ????????????????, ???????? +???????????????????????? ???? ????????????. ???????? ?????????????? ????????????????????, ?????????????? ???????????????? +?????????????????? ?????? ???? ????????, ???? ?????????????? ???????? ???????????? ?????????????????? ????????????????????, +?????? ?????????? ???????????????? ?? ?????????????????? ??????????????????. + +????????????????, ?????? ?????????????? ???????????????? ?????????? ???????????????????? ?? ????????????????????????????. +?? ???????????????? ?????????????????? ???????? ?????????? ?????????? ?? ?????????? ?????????? ?? ??????????????; +?????????? ????????, ?????? ??????????????. ?? ?????????? ???????????? ???????????????? ???? ???????? +????????????????????????????, ???????????? ?????? ?????? ?????????????????? ???? ?????????????? ?? ??????????????????. +. + + +.gnupg.dirmngr-problem +# There was a problen accessing the dirmngr. +?? ?????????????????????? Dirmngr ???????? ???????????????????? ????????????????????????, ???????? ???????????????? +???????????????? ???????????????????? ?? ??????. + +?????? ?????????????????? ?????????????? ???????????? ???????????????????????? ???? ?????????? ???????????????? +???????????????????????? ?? ?????? ???????????? ???????????? ???? ?????????????????? ???????????????? ?????????????? +???????????????????? ?????????????? ?????????????????? ???????????????????? Dirmngr. ???????????? ?????? ???????????????? +?????? ?????????????????? ???????????? (??????????) ?? ???? ?????????????????? ?? ??????????-???????? ?????????????????? +???? ?????????????? ????????????????????????. ?? ???????????? ?????????????? ?????????????? ?????????? ?????????????????? +?????????? ?????????? Dirmngr ???? ?????????????? ??????????????; ?????? ???????????????? ?????????????? +?? ?????????????????????? ????????????????????????????????. + +???????? ???? ?????????????????????? ?? ???????? ??????????????????, ???????????????????? ?? ???????????????????? +????????????????????????????. ?? ???????????????? ???????????????????? ?????????????? ?????????? ?????????????????????? +?????????????????? ???????????????? ?????????????? ???????????? ???????????????????????? ?? ???????????????????? gpgsm. +. + .gpg.edit_ownertrust.value -???? ???????????? ???????????? ?????????? ????????????????; ?????? ?????????????? ???? ?????????? ???????????????????????????? -?????????????? ??????????????. ?????? ???????????????????? ?????? ???????????????????? ???????? ??????????????; -?? ???? ?????????? ???????????? ???????????? ?? (???????????? ??????????????????) ?????????? ????????????????????????. +# The help identies prefixed with "gpg." used to be hard coded in gpg +# but may now be overridden by help texts from this file. +???????? ????????????, ?????????????????? ?????????? ????????????????; ?????? ?????????????? ???? ?????????? ???????????????????? +?????? ?????????????? ????????????. ?????? ?????? ?????????? ?????? ???????????????????? ???????? ??????????????; ?????? +?????????? ???? ?????????????? ?? (???????????? ??????????????????????) ?????????? ????????????????????????. . .gpg.edit_ownertrust.set_ultimate.okay -?????? ???????????????????? ???????? ??????????????, GnuPG ???????????? ??????????, ?? ?????????? ???????????? -?????????????? ???????????????????? ?????????????? - ???????????? ?????? ?????????? ?????? ?????????????? ?? ?????? ???????? -?????????????????? ????????. ???????????????? "yes" ?????? ???????????????????? ?????????????????????? ?????????????? -?????????????? ?????????? +?????? ???????????????????? ???????? ?????????????? GnuPG ?????????? ??????????, ?????????? ???????????? ???????????????? +?????????????????? - ???????????? ?????? ??????????, ?????????????????? ?????????? ?????????????? ?? ?????? ????????. +?????????? "????" ?????????????????? ???????????? ?????????????? ?????????? ??????????. -. .gpg.untrusted_key.override -???????? ???????????? ???????????????????????? ???????????? ???????????????????????? ???????? - ???????????????? "yes". +???????? ???? ???????????? ?????? ?????????? ???????????????????????? ???????? ???????????????????????? ????????????, +???????????????? "????". . .gpg.pklist.user_id.enter -?????????????? User ID ????????????????, ???????????????? ???????????? ?????????????????? ??????????????????. +?????????????? ID ???????????????????????? - ???????????????????? ???????????? ??????????????????. . .gpg.keygen.algo ???????????????? ????????????????. -DSA (aka DSS) - Digital Signature Algorithm ?????????? ???????????????????????????? -???????????? ?????? ????????????????. +DSA (???? ???? DSS) ?????????? ?????????????????? ???????????? ?????? ????????????????. -Elgamal - ???????????????? ???????????????????????? ???????????? ?????? ????????????????????. +Elgamal - ???????????????? ???????????? ?????? ????????????????????. -RSA ?????????? ???????????????????????????? ?? ?????? ??????????????, ?? ?????? ????????????????????. +RSA ?????????? ?????????????????? ?????? ???????????????????? ?????? ????????????????. -???????????? (???? ???? ??????????????) ???????? ???????????? ???????????? ???????? ??????????????????????????. +???????????? (??????????????????) ???????? ???????????? ???????????? ???????? ???????????????? ?????? ????????????????. . + .gpg.keygen.algo.rsa_se -???????????? ???? ?????????????????????????? ???????????????????????? ???????? ???????? ?? ?????? ??????????????, ?? ?????? ????????????????????. -???????????? ???????????????? ?????????????? ???????????????????????? ???????????? ?? ?????????????????? ??????????????. -?????????????????????????????????????? ?? ?????????? ?????????????????? ???? ???????????????????????? ?????????? ??????, -?????? ???????????????????????? ???????????? ????????. +?? ?????????? ?????????????????? ???????????????????????? ?????????? ?? ?????? ???? ???????????? ?? ?????? ??????????????, +?? ?????? ????????????????????. ?????? ?????????? ???????? ?????????????? ???????????? ?? ???????????????????????? +??????????????. ?????????????????????????????????????? ???? ?????????? ?????????????????? ???? ????????????????????????. +. + + +.gpg.keygen.flags +???????????????? ?????????????? ??????????. + +?????????????????????? ?????????? ???????????? ??????????????, ?????????????????? ?????? ???????????????????? +??????????????????. + +?????? ?????????????? ?????????????????? ?????????? ???????? ???????????????????????? ?????????????? ?????????????? '=', +?? ???? ?????? ???????????? ????????, ???????????????? ?????????? ??????????????: '1' - ??????????????, '2' - +????????????????????, '3' - ????????????????????????????. ???????????????????????? ?????????? ?? ?????????????? +???? ??????????????????????. ?????????? ?????????? ???????????????? ?????????? ?????? ?????????????? ??????????????????????. . + .gpg.keygen.size -?????????????? ???????????? ?????????? +?????????????? ???????????? ??????????. + +???????????????????????? ???????????????? ???????????? ???????????? ????????????????. + +???????? ?????? ?????????? ???????? ???????????????? ??????????????, ????????????????, 4096 ??????, ??????????????????, +?????????????????????????? ???? ?????? ?????? ?????? ?????????? ??????????. ????. ???????????? ???? ???????????????? +http://www.xkcd.com/538/ . . .gpg.keygen.size.huge.okay -???????????????? "yes" ?????? "no" +?????????????????? "????" ?????? "??????". . + .gpg.keygen.size.large.okay -???????????????? "yes" ?????? "no" +?????????????????? "????" ?????? "??????". . + .gpg.keygen.valid -?????????????? ?????????????????? ????????????????, ?????? ???????????????? ?? ??????????????????. -?????????? ???????????? ???????? ?? ISO ?????????????? (YYYY-MM-DD), ???? ???? ???? ???????????????? -?????????????????????? ?????? ???????????? ?? ?????????????? - ???????????? ?????????? ?????????????? ?????????????????? -???????????????????????????????? ?????????????????? ???????????????? ?????? ????????????????. +?????????????? ???????????? ????????????????, ?????? ???????????????? ?? ??????????????????????. +?????????? ???????????? ???????? ?????? (????????-????-????), ???? ?????????????????? ???? ?????????????? ?????????? +????????????????????????????????: ?????????????? ???????????????? ???????????????????????????????? ???????????? ???????????????? +?????? ????????????????. . .gpg.keygen.valid.okay -???????????????? "yes" ?????? "no" +?????????????????? "????" ?????? "??????". . + .gpg.keygen.name -?????????????? ?????? ?????????????????? ?????????? +?????????????? ?????? ?????????????????? ??????????. +?????????????? "<" ?? ">" ??????????????????????. +????????????: ???????? ???????????? . + .gpg.keygen.email -?????????????? ????????????????????????????, ???? ?????????? ?????????????????????????? email ?????????? +??????????????, ????????????????????, ?????????? ?????????????????????? ?????????? (??????????????????????????, +???? ?????????? ??????????????????????????). +????????????: vp at test.ru . .gpg.keygen.comment -?????????????? ???????????????????????????? ?????????????????????? +??????????????, ????????????????????, ???????????????????????????? ????????????????????. +?????????????? "(" ?? ")" ??????????????????????. +?? ?????????? ?? ?????????? ?????? ???? ??????????. . + .gpg.keygen.userid.cmd -N ???????????????? ??????. -C ???????????????? ??????????????????????. -E ???????????????? email ??????????. +# (Keep a leading empty line) + +N ?????????????? ??????. +C ?????????????? ????????????????????. +E ?????????????? ??????????. O ???????????????????? ???????????????? ??????????. -Q ?????????? ?? ???????????????? ???????????????? ??????????. +Q ???????????????????? ???????????????? ??????????. . .gpg.keygen.sub.okay -???????????????? "yes" (?????? ???????????? "y"), ???????? ???????????? ?????????????????? ??????????????. +?????????????? "????" (?????? "y"), ?????????? ?????????????????? ???????????????? ??????????. . .gpg.sign_uid.okay -???????????????? "yes" ?????? "no" +?????????????????? "????" ?????? "??????". . .gpg.sign_uid.class -?????????? ?????????????????????????? User ID ??????????, ?????????????? ???????????? ????????????????????????????, ?????? -???????? ?????????????????????????? ?????????????????????? ???????????????? ???????????????????? ?? User ID. ?????? ?????????? ?????????? -?????? ??????, ?????? ?????????????????? ?????? ???????????? ???? ???????????????????? ?????????????????????????? User ID. +?????????? ???? ???????????????????????? ?????????????????????????? ???????????????????????? ?? ??????????, ?????????? ?????????????? +????????????????????????????, ?????? ???????? ?????????????????????? ???????????????????? ?? ???????????????????????????? ????????. +???????????? ?????????????? ??????????, ?????????????????? ?????????????????? ???? ?????? ??????????????????. -"0" ????????????????, ?????? ???? ???? ???????????? ??????????????, ?????? ???????????? ???? ?????????????????? ????????. -"1" ????????????????, ?????? ???? ??????????????????, ?????? ???????? ?????????????????????? ????????????????, ?????????????? - ???????????? ?? ??????, ???? ???? ???? ?????????? ?????? ???? ?????????????????? ???????????????? ?????????? ????????????. - ?????? ??????????????, ?????????? ???? ???????????????????????? ???????? ?? ?????????????????????? ????????????????. +"0" ????????????, ?????? ???? ???? ????????????????????, ?????????????????? ?????????????????? ???? ?????????????????? ????????. -"2" ????????????????, ?????? ???? ???????????? ???????????????????????? ???????????????? ??????????. ????????????????, ?????? ?????????? - ????????????????, ?????? ???? ?????????????????? ?????????????????? ?????????? ?? ?????????????????? User ID ???? - ?????????? ???? ?????????????????? ???????? ID. +"1" ????????????, ?????? ???? ????????????????, ?????? ???????? ?????????????????????? ?????????????????????? ????????, ???? ???? + ???? ?????????? ?????????????????? ?????? ???? ?????????????????? ????????. ?????? ?????????????? ?????? ???????????????? + "??????????????????", ?????????? ???? ???????????????????????? ???????? ?? ??????????????????????. -"3" ????????????????, ?????? ???? ?????????????????? ???????????????????????? ???????????????? ??????????. ????????????????, ?????? ?????????? - ????????????????, ?????? ???? ?????????????? ?????????????????? ?????????? ?? ???????????????????? ?????????? ?????????? - ?? ?????? ???? ?????????????? ?????? ?????????????????????? ???????????????????????????????????????? ?????????????????? ?? - ?????????????????????? (?????????? ?????? ??????????????), ?????? ?????? ?????????????????? ?????????? ?????????????????? ?? - ???????????? ?? User ID ?????????? ?? ??????????????, ?????? ???? ?????????????????? (?????????????? ???????????????????????? - ????????????????), ?????? email ?????????? ???? ?????????? ?????????????????????? ?????????????????? ??????????. +"2" ????????????, ?????? ???? ?????????????? ?????????????????? ???????????????? ??????????. ????????????????, ?????????????????? + ?????????????????? ?????????? ?? ?????????????????????????? ???????????????????????? ???? ?????????? + ???? ????????????????????????????????????. -????????????, ?????? ?????????????? ???????????? ?????? ?????????????? 2 ?? 3 - ???????????? ??????????????. -?? ???????????????? ??????????, ?????? ????????????, ?????? ???????????????????????????????? "??????????????????????" ?? "??????????????????????", -?????? ???????????????????????? ?????????? ????????????. +"3" ????????????, ?????? ???? ?????????????? ???????????????????? ???????????????? ??????????. ????????????????, + ???? ?????????????????? ?????????????????? ??????????, ?? ?????????? ?????????????????? ???? ?????????????????????????? + ???????????????? (???????????? ?????? ??????????????), ?????? ?????? ?????????????????? ?????????? ?????????????????? + ?? ???????????? ????????????????, ???????????????????? ?? ???????????????????????????? ???????????????????????? ??????????; + ??????????????, ???? ???????????????????????????? (?????????????????????? ?????????????????????? ????????????), ?????? + ?????????? ?????????????????????? ?????????? ?????????????????????? ?????????????????? ??????????. -???????? ???? ???? ???????????? ???????????????????????? ?? ???????????????????? ??????????????, ???????????????? "0". +???????????? ?? ????????, ?????? ??????????????, ???????????? ?????? ?????????????? 2 ?? 3 - ?????? *????????????* +??????????????. ?? ???????????????? ?????????? ???? ???????? ??????????????, ?????? ???????????? "??????????????????" +?? "????????????????????" ????????????????, ?????????? ???? ???????????????????????? ???????????? ??????????. + +???????? ?????????????????????????? ?? ??????????????, ?????????????????? "0". . .gpg.change_passwd.empty.okay -???????????????? "yes" ?????? "no" +?????????????????? "????" ?????? "??????". . + .gpg.keyedit.save.okay -???????????????? "yes" ?????? "no" +?????????????????? "????" ?????? "??????". . + .gpg.keyedit.cancel.okay -???????????????? "yes" ?????? "no" +?????????????????? "????" ?????? "??????". . .gpg.keyedit.sign_all.okay -???????????????? "yes", ???????? ???????????? ?????????????????? ?????? User ID +???????????????? "????", ???????? ???????????? ?????????????????? ?????? ???????????????????????????? ????????????????????????. . .gpg.keyedit.remove.uid.okay -???????????????? "yes", ???????? ?????????????????????????? ???????????? ?????????????? ???????????? User ID. -?????? ?????????????????????? ?????????? ?????????? ????????????????! +???????????????? "????", ???????? ?????????????????????????? ???????????? ?????????????? ???????? ?????????????????????????? +????????????????????????. +?????? ?????????????????????? ?????????? ?????????? ??????????????! . .gpg.keyedit.remove.subkey.okay -???????????????? "yes", ???????? ???????????? ?????????????? ?????????????? +???????????????? "????", ???????? ?????????????? ?????????? ??????????????. . + .gpg.keyedit.delsig.valid -?????? ???????????????????????????? ?????????????? ???? ??????????; ???????????? ???? ???????????????????? -?????????????? ?????????? ??????????????, ????????????, ?????? ?????? ?????????? ???????? ?????????? ?????? ???????????????????????? -?????????????????????????? ?????????? ?????? ???????????? ???????????? ?????????????????????? ???????????? ????????????. +?????? ???????????? ?????????????? ??????????; ?????? ??????????????, ???? ???? ?????????? ??????????????, +?????????????????? ?????????? ???????? ?????????? ???????????????????? ?????????????????? ?????????????? ?????????? +???????? ???????????? ?? ?????????????? ??????????????. . .gpg.keyedit.delsig.unknown -???????????? ?????????????? ???? ?????????? ???????? ?????????????????? ????????????, ?????? ???? ???? ???????????? -???????????????????????????????? ??????????. ???????????? ???????????????? ???? ????????????????, ???????? ???? -??????????????, ?????????? ???????? ?????? ??????????????????????, ??.??. ?????? ?????????????? ?????????? -?????????????????????????? ?????????????????????????? ?????????? ???????????? ?????? ???????????????????????????? ??????????. +?????? ?????????????? ???????????? ??????????????????, ?????????????????? ?????????????????????? ?????????????????????????????? +????????. ???????????????? ???? ?????????? ???????????????? ???? ?????? ??????, ???????? ???? ???????????? +????????????????, ?????????? ???? ???????????? ?????? ??????????????????????, ?????? ?????? ?????????????? +?????????? ?????????? ?????????? ???? ???????????????????? ?????????????????? ?????????????? ?????????? +????????????, ?????? ?????????????????????????????????? ????????. . .gpg.keyedit.delsig.invalid -?????????????? ??????????????????????????????. ?????? ???????? ?????????????????? ?????????????? ???? ???? -???????????? ????????????. +?????????????? ??????????????????????????????. ?????????? ?????????? ?????????????? ???? ???? ?????????? ?????????????? +????????????. . .gpg.keyedit.delsig.selfsig -???????????? ?????????????? ???????????????? ???????????????????????? ?? ?????????????????????? User ID ?? ??????????. -???????????? ?????? ???????????? ???????? ?????????????? ?????????? ??????????????. ???? ?????????? ???????? -GnuPG ?????????? ???? ?????????????????? ???????????????????????? ?????????? ???????? ??????????. -?????????????? ?????? ???????????? ???????? ???????????? ?????????????????????? ???? ?????????????????????????? ???? -??????????-???????? ???????????????? ?? ???????????????????? ?????????????????? ????????????. +?????? ?????????????? ?????????????????? ?????????????????????????? ???????????????????????? ?? ????????????. ???????????? +?????????????? ?????????? ?????????????? ???? ??????????????. ?????? ?????????? ?????????????? ???????? ?????????????????????? +?????? ?????????????????????? ?? GnuPG. ?????? ?????? ?????????????? ?????? ???????????? ???????? ?????? +?????????????????????? ???? ??????????-???? ?????????????? ?????????????????????????????? ?? ???????? ????????????. . .gpg.keyedit.updpref.okay -?????????????????? ???????????????????????? ?????? ???????? User ID (?????? ???????????? ?????? ??????????????????) -???? ?????????????? ???????????? ????????????????????????. ?????????????? ?????????????? ???? ???????? ???????????????????? -???????????????????????? ?????????? ?????????????????? ???? ???????? ??????????????. - +???????????????? ???????????????????????? ?????? ???????? ?????????????????????????????? ???????????????????????? (?????? +???????????? ?????? ??????????????????) ???? ?????????????? ???????????? ????????????????????????. ???????? ???????? +????????????????????????, ?????????????? ?????? ????????????????, ?????????? ???????????????? ???????????? +???? ???????? ??????????????. . + .gpg.passphrase.enter -?????????????? ??????????-???????????? (?????? ?????????????????? ????????????) +# (keep a leading empty line) +??????????????, ????????????????????, ??????????-???????????? (?????????????????? ??????????????????????). . + .gpg.passphrase.repeat -?????????????????? ??????????-????????????, ?????????? ?????????????????? ?? ??????, ?????? ?????? ?????????????? ??????????????????. +?????????????????? ?????????????????? ??????????-????????????, ?????????? ??????????????????, ?????? ???? ???? ????????????????. . .gpg.detached_signature.filename -?????????????? ?????? ??????????, ?? ???????????????? ?????????????????? ???????????? ?????????????? +?????????????? ?????? ??????????, ?????????????? ??????????????????????????. . .gpg.openfile.overwrite.okay -???????????????? "yes", ???????? ???????????? ???????????????????????? ???????? +# openfile.c (overwrite_filep) +???????????????? "????", ???????? ???????? ?????????? ????????????????????????. . .gpg.openfile.askoutname -?????????????? ?????????? ?????? ??????????. ???????? ?????????????? ???????????? RETURN ?????????? ?????????????????????? -???? ?????????????????? ?????? ????????, ?????????????? ?????????????? ?? ???????????????????? ??????????????. +# openfile.c (ask_outfile_name) +?????????????? ?????????? ?????? ??????????. ???????? ???????????? ???????????? "Enter", ?????????? +?????????????????????? ???????? ???? ?????????????????? (???????????? ?? ??????????????). . .gpg.ask_revocation_reason.code -???????????? ?????????????? ?????????????? ?????????????? ???????????? ??????????. ?????????????????????? ???? -?????????????????? ???????????? - ???????????? ?????????????? ???????? ???? ?????????????????? ??????????????????: - "???????? ?????? ????????????????????????????????" - ????????????????, ???????? ??????????????????????????, ?????? ?????????????????????? ?????????????? - ?????????????? ???????????? ?? ???????????? ???????????????????? ??????????. +# revoke.c (ask_revocation_reason) +?????????? ?????????????? ?????????????? ????????????. ?????????? ?????????????? ???? ????????????: + "???????? ?????? ??????????????" + ???????? ?????????????????? ????????????????, ?????? ??????????-???? ???????? ???????????????? + ?????????????????????????????????????? ???????????? ?? ???????????????????? ??????????. "???????? ?????????????? ????????????" - ????????????????, ???????? ?????????????????? ???????????? ???????? ???? ????????????. + ???? ???????????????? ???????? ???? ??????????. "???????? ???????????? ???? ????????????????????????" - ????????????????, ???????? ?????????????????????????? ???? ?????????????????????????? ?????????????? ??????????. - "User ID ???????????? ???? ????????????????????????" - ????????????????, ???????? ???????????? ???? ?????????????????????? ???????????????????????? ???????????? User ID. - ???????????? ????????????????????????, ?????? ????????????????, ?????? ???????????? e-mail ???????????? - ???? ???????????????????????? - + ???? ???????? ?????????? ????????????????. + "ID ???????????????????????? ???????????? ???? ????????????????????????" + ID ???????????????????????? ???????????? ???? ???????????? ??????????????????????????; ???????????? ?????? ????????????, + ?????? ?????????? ?????????????????????? ?????????? ????????????????????????????. . .gpg.ask_revocation_reason.text -?????? ?????????????????????????? ?????????? ?????????? ?????????????????????????????????? ?????????????? -???????????????? ?????????????????????? ????????????. ???????????? ????????????. -?????? ???????????????????? ?????????????? ???????????? ????????????. - +# revoke.c (ask_revocation_reason) +???????? ????????????, ???????????? ???????????? ??????????, ???????????????????? ??????????????, ???? ?????????????? +?????????????? ???????? ???????????????????? ????????????. ??????????????????????, ????????????????????, ????????. +?????????? ?????????????????????????? ???????????? ??????????????. . + +.gpgsm.root-cert-not-trusted +# This text gets displayed by the audit log if +# a root certificates was not trusted. +?????? ?????????????? ?? ?????????????????? ??????????????????????. ?? ?????????????????????? ???? ???????????????? +?????? ?????????? ???????????????????? ???????????????? ???????? ???????????????? ???????????????????? ?????? ???????????????????? +?????? ?????????????? ?????????????? GnuPG, ?????? ?????????? ?????????????????????? ?????????? ????????????????. +???????????????????? ?????????????????????? ???????????????? ?? ?????????? trustlist.txt ?? ???????????????? +???????????????? GnuPG. ???????? ????????????????????????, ???????????????? ???????????? ???????????????????? +????????????????????????????, ?????????????? ???? ?????? ???????????????? ?????????? ??????????????????????. + + +.gpgsm.crl-problem +# This tex is displayed by the audit log for problems with +# the CRL or OCSP checking. +?? ?????????????????????? ???? ???????????????? ???????????????? ???????????????? ?? ?????????????????? ???????????? +???????????????????? ???????????????????????? ?????? ?? ???????????????????? ???????????????? ???? ?????????????????? +OCSP. ?????? ?????????? ?????????????????? ???? ?????????? ???????????? ????????????????. ???????????????????? +?? ???????????????????????? ???? ???????????????????? ??????????????????. + + # Local variables: -# mode: fundamental +# mode: default-generic # coding: utf-8 # End: commit 2b8c9181a7668010da7e7ec3031b141a9bdedc6c Author: Werner Koch Date: Thu Mar 31 10:36:48 2016 +0200 build: Create *.swdb file during make distcheck. * Makefile.am (distcheck-hook): New. Signed-off-by: Werner Koch diff --git a/Makefile.am b/Makefile.am index 4addcd4..8cf7ff99 100644 --- a/Makefile.am +++ b/Makefile.am @@ -83,6 +83,20 @@ dist_doc_DATA = README dist-hook: gen-ChangeLog echo "$(VERSION)" > $(distdir)/VERSION +distcheck-hook: + set -e; ( \ + pref="#+macro: gnupg_" ;\ + reldate="$$(date -u +%Y-%m-%d)" ;\ + echo "$${pref}ver $(PACKAGE_VERSION)" ;\ + echo "$${pref}date $${reldate}" ;\ + list='$(DIST_ARCHIVES)'; for i in $$list; do \ + case "$$i" in *.tar.bz2) \ + echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\ + echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\ + echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\ + esac;\ + done ) | tee $(distdir).swdb + gen_start_date = 2011-12-01T06:00:00 .PHONY: gen-ChangeLog commit 458c2f2d32e4e784d3ef719a3439acc631c1fc69 Author: Werner Koch Date: Thu Mar 31 10:33:30 2016 +0200 gpg: Silence trustdb messages with --quiet. * g10/trustdb.c (validate_keys): Silence messages Signed-off-by: Werner Koch diff --git a/g10/trustdb.c b/g10/trustdb.c index 9b49b06..c9c8891 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -2451,10 +2451,11 @@ validate_keys (int interactive) for (kar=keys; kar->keyblock; kar++) store_validation_status (depth, kar->keyblock, stored); - log_info (_("depth: %d valid: %3d signed: %3d" - " trust: %d-, %dq, %dn, %dm, %df, %du\n"), - depth, valids, key_count, ot_unknown, ot_undefined, - ot_never, ot_marginal, ot_full, ot_ultimate ); + if (!opt.quiet) + log_info (_("depth: %d valid: %3d signed: %3d" + " trust: %d-, %dq, %dn, %dm, %df, %du\n"), + depth, valids, key_count, ot_unknown, ot_undefined, + ot_never, ot_marginal, ot_full, ot_ultimate ); /* Build a new kdlist from all fully valid keys in KEYS */ if (klist != utk_list) @@ -2520,8 +2521,9 @@ validate_keys (int interactive) else { tdbio_write_nextcheck (next_expire); - log_info (_("next trustdb check due at %s\n"), - strtimestamp (next_expire)); + if (!opt.quiet) + log_info (_("next trustdb check due at %s\n"), + strtimestamp (next_expire)); } if(tdbio_update_version_record()!=0) ----------------------------------------------------------------------- Summary of changes: Makefile.am | 14 +++ NEWS | 24 +++- configure.ac | 2 +- doc/help.ru.txt | 333 ++++++++++++++++++++++++++++++++++++++------------------ g10/trustdb.c | 14 ++- po/be.po | 8 +- po/ca.po | 8 +- po/cs.po | 8 +- po/da.po | 8 +- po/de.po | 8 +- po/el.po | 8 +- po/eo.po | 8 +- po/es.po | 8 +- po/et.po | 8 +- po/fi.po | 8 +- po/fr.po | 8 +- po/gl.po | 8 +- po/hu.po | 8 +- po/id.po | 8 +- po/it.po | 8 +- po/ja.po | 19 ++-- po/nb.po | 8 +- po/nl.po | 34 +++--- po/pl.po | 8 +- po/pt.po | 8 +- po/pt_BR.po | 8 +- po/ro.po | 8 +- po/ru.po | 8 +- po/sk.po | 8 +- po/sv.po | 8 +- po/tr.po | 8 +- po/uk.po | 8 +- po/zh_CN.po | 8 +- po/zh_TW.po | 8 +- 34 files changed, 405 insertions(+), 251 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 31 13:18:21 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 31 Mar 2016 13:18:21 +0200 Subject: [git] gnupg-doc - branch, master, updated. e644e6a19bac81bbc8bfb03a204123ea2bcafd69 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e644e6a19bac81bbc8bfb03a204123ea2bcafd69 (commit) from 2977d19436763e7ab6df0edb55cf77e64807df52 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e644e6a19bac81bbc8bfb03a204123ea2bcafd69 Author: Werner Koch Date: Thu Mar 31 13:18:16 2016 +0200 web: Release of gnupg 2.0.30 diff --git a/web/index.org b/web/index.org index d82c540..3e952f7 100644 --- a/web/index.org +++ b/web/index.org @@ -64,6 +64,10 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.0.30 released (2016-03-31) + +GnuPG 2.0.30 is now available. This release fixes a few minor bugs; +users of GnuPG 2.0.x may want to update to this version. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000385.html][{more}]] ** Libgcrypt 1.6.5 released (2016-02-09) :important: diff --git a/web/swdb.mac b/web/swdb.mac index dfa44a6..0583aa3 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -10,11 +10,13 @@ # # GnuPG # -#+macro: gnupg_ver 2.0.29 -#+macro: gnupg_date 2015-09-08 +#+macro: gnupg_ver 2.0.30 +#+macro: gnupg_date 2016-03-31 +#+macro: gnupg_size 4311k +#+macro: gnupg_sha1 a9f024588c356a55e2fd413574bfb55b2e18794a +#+macro: gnupg_sha2 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 #+macro: gnupg_branch STABLE-BRANCH-2-0 -#+macro: gnupg_size 4313k -#+macro: gnupg_sha1 87eb0df18f9953675f979405a1af10ab6c5322b3 + # # GnuPG-2.1 ----------------------------------------------------------------------- Summary of changes: web/index.org | 4 ++++ web/swdb.mac | 10 ++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 31 20:33:34 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 31 Mar 2016 20:33:34 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-370-gfcce0cb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27 (commit) via a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0 (commit) via 142a479a484cb4e84d0561be9b05b44dac9e6fe2 (commit) from 48ee918400762281bec5b6fc218a9f0d119aac7c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27 Author: Werner Koch Date: Thu Mar 31 20:16:10 2016 +0200 cipher: Remove specialized rmd160 functions. * cipher/rmd160.c: Replace rmd.h by hash-common.h. (RMD160_CONTEXT): Move from rmd.h to here. (_gcry_rmd160_init): Remove. (_gcry_rmd160_mixblock): Remove. (_gcry_rmd160_hash_buffer): Use rmd160_init directly. * cipher/md.c: Remove rmd.h which was not actually used. * cipher/rmd.h: Remove. * cipher/Makefile.am (libcipher_la_SOURCES): Remove rmd.h. * configure.ac (USE_RMD160): Allow to build without RMD160. -- Those functions are not anymore required because random-csprng.c now uses SHA-1. Signed-off-by: Werner Koch diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 85248a2..f60338a 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -57,7 +57,7 @@ bufhelp.h \ primegen.c \ hash-common.c hash-common.h \ dsa-common.c rsa-common.c \ -sha1.h rmd.h +sha1.h EXTRA_libcipher_la_SOURCES = \ arcfour.c arcfour-amd64.S \ diff --git a/cipher/md.c b/cipher/md.c index 5b4f0c1..d0ef00f 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -28,8 +28,6 @@ #include "g10lib.h" #include "cipher.h" -#include "rmd.h" - /* This is the list of the digest implementations included in libgcrypt. */ diff --git a/cipher/rmd.h b/cipher/rmd.h deleted file mode 100644 index a56ee49..0000000 --- a/cipher/rmd.h +++ /dev/null @@ -1,35 +0,0 @@ -/* rmd.h - RIPE-MD hash functions - * Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc. - * - * This file is part of Libgcrypt. - * - * Libgcrypt is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * Libgcrypt is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ -#ifndef G10_RMD_H -#define G10_RMD_H - -#include "hash-common.h" - -/* We need this here because random.c must have direct access. */ -typedef struct -{ - gcry_md_block_ctx_t bctx; - u32 h0,h1,h2,h3,h4; -} RMD160_CONTEXT; - -void _gcry_rmd160_init ( void *context ); -void _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ); - -#endif /*G10_RMD_H*/ diff --git a/cipher/rmd160.c b/cipher/rmd160.c index cf7531e..0a019b9 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -24,7 +24,7 @@ #include #include "g10lib.h" -#include "rmd.h" +#include "hash-common.h" #include "cipher.h" /* Only used for the rmd160_hash_buffer() prototype. */ #include "bithelp.h" @@ -140,6 +140,13 @@ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528 */ +typedef struct +{ + gcry_md_block_ctx_t bctx; + u32 h0,h1,h2,h3,h4; +} RMD160_CONTEXT; + + static unsigned int transform ( void *ctx, const unsigned char *data, size_t nblks ); @@ -164,13 +171,6 @@ rmd160_init (void *context, unsigned int flags) } -void -_gcry_rmd160_init (void *context) -{ - rmd160_init (context, 0); -} - - /**************** * Transform the message X which consists of 16 32-bit-words */ @@ -399,32 +399,9 @@ transform ( void *c, const unsigned char *data, size_t nblks ) } -/**************** - * Apply the rmd160 transform function on the buffer which must have - * a length 64 bytes. Do not use this function together with the - * other functions, use rmd160_init to initialize internal variables. - * Buffer must be 32-bit aligned. - * Returns: 20 bytes in buffer with the mixed contents of buffer. +/* + * The routine terminates the computation */ -void -_gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ) -{ - u32 *p = blockof64byte; - - transform ( hd, blockof64byte, 1 ); -#define X(a) do { p[a] = hd->h##a; } while(0) - X(0); - X(1); - X(2); - X(3); - X(4); -#undef X -} - - -/* The routine terminates the computation - */ - static void rmd160_final( void *context ) { @@ -503,7 +480,7 @@ _gcry_rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length ) { RMD160_CONTEXT hd; - _gcry_rmd160_init ( &hd ); + rmd160_init (&hd, 0); _gcry_md_block_write ( &hd, buffer, length ); rmd160_final ( &hd ); memcpy ( outbuf, hd.bctx.buf, 20 ); diff --git a/configure.ac b/configure.ac index 6a2d61b..716c6ec 100644 --- a/configure.ac +++ b/configure.ac @@ -2066,6 +2066,12 @@ if test "$found" = "1" ; then AC_DEFINE(USE_MD5, 1, [Defined if this module should be included]) fi +LIST_MEMBER(rmd160, $enabled_digests) +if test "$found" = "1" ; then + GCRYPT_DIGESTS="$GCRYPT_DIGESTS rmd160.lo" + AC_DEFINE(USE_RMD160, 1, [Defined if this module should be included]) +fi + LIST_MEMBER(sha256, $enabled_digests) if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256.lo" @@ -2142,9 +2148,9 @@ if test "$found" = "1" ; then esac fi -# rmd160 and sha1 should be included always. -GCRYPT_DIGESTS="$GCRYPT_DIGESTS rmd160.lo sha1.lo" -AC_DEFINE(USE_RMD160, 1, [Defined if this module should be included]) +# SHA-1 needs to be included always for example because it is used by +# random-csprng.c. +GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha1.lo" AC_DEFINE(USE_SHA1, 1, [Defined if this module should be included]) case "${host}" in commit a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0 Author: Werner Koch Date: Thu Mar 31 19:33:43 2016 +0200 random: Replace RMD160 by SHA-1 for mixing the CSPRNG pool. * cipher/sha1.c (_gcry_sha1_mixblock_init): New. (_gcry_sha1_mixblock): New. * random/random-csprng.c: Include sha1.h instead of rmd.h. (mix_pool): Use SHA-1 instead of RIPE-MD-160 for mixing. Signed-off-by: Werner Koch diff --git a/cipher/sha1.c b/cipher/sha1.c index 19e75b2..d15c2a2 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -130,6 +130,17 @@ sha1_init (void *context, unsigned int flags) (void)features; } +/* + * Initialize the context HD. This is used to prepare the use of + * _gcry_sha1_mixblock. WARNING: This is a special purpose function + * for exclusive use by random-csprng.c. + */ +void +_gcry_sha1_mixblock_init (SHA1_CONTEXT *hd) +{ + sha1_init (hd, 0); +} + /* Round function macros. */ #define K1 0x5A827999L @@ -354,6 +365,33 @@ transform (void *ctx, const unsigned char *data, size_t nblks) } +/* + * Apply the SHA-1 transform function on the buffer BLOCKOF64BYTE + * which must have a length 64 bytes. BLOCKOF64BYTE must be 32-bit + * aligned. Updates the 20 bytes in BLOCKOF64BYTE with its mixed + * content. Returns the number of bytes which should be burned on the + * stack. You need to use _gcry_sha1_mixblock_init to initialize the + * context. + * WARNING: This is a special purpose function for exclusive use by + * random-csprng.c. + */ +unsigned int +_gcry_sha1_mixblock (SHA1_CONTEXT *hd, void *blockof64byte) +{ + u32 *p = blockof64byte; + unsigned int nburn; + + nburn = transform (hd, blockof64byte, 1); + p[0] = hd->h0; + p[1] = hd->h1; + p[2] = hd->h2; + p[3] = hd->h3; + p[4] = hd->h4; + + return nburn; +} + + /* The routine final terminates the computation and * returns the digest. * The handle is prepared for a new cycle, but adding bytes to the diff --git a/cipher/sha1.h b/cipher/sha1.h index c023e15..6b87631 100644 --- a/cipher/sha1.h +++ b/cipher/sha1.h @@ -33,4 +33,7 @@ typedef struct } SHA1_CONTEXT; +void _gcry_sha1_mixblock_init (SHA1_CONTEXT *hd); +unsigned int _gcry_sha1_mixblock (SHA1_CONTEXT *hd, void *blockof64byte); + #endif /*GCRY_SHA1_H*/ diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 5433ae8..437dddb 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -5685,7 +5685,7 @@ Practically Strong Random Numbers". at footnote{Also described in chapter 6 of his book "Cryptographic Security Architecture", New York, 2004, ISBN 0-387-95387-6.} -A pool of 600 bytes is used and mixed using the core RIPE-MD160 hash +A pool of 600 bytes is used and mixed using the core SHA-1 hash transform function. Several extra features are used to make the robust against a wide variety of attacks and to protect against failures of subsystems. The state of the generator may be saved to a diff --git a/random/random-csprng.c b/random/random-csprng.c index e7b751a..a0bfc78 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -56,10 +56,10 @@ #include #endif #include "g10lib.h" -#include "../cipher/rmd.h" #include "random.h" #include "rand-internal.h" -#include "cipher.h" /* Required for the rmd160_hash_buffer() prototype. */ +#include "cipher.h" /* _gcry_sha1_hash_buffer */ +#include "../cipher/sha1.h" /* _gcry_sha1_mixblock */ #ifndef RAND_MAX /* For SunOS. */ #define RAND_MAX 32767 @@ -83,7 +83,7 @@ /* Contstants pertaining to the hash pool. */ #define BLOCKLEN 64 /* Hash this amount of bytes... */ -#define DIGESTLEN 20 /* ... into a digest of this length (rmd160). */ +#define DIGESTLEN 20 /* ... into a digest of this length (sha-1). */ /* POOLBLOCKS is the number of digests which make up the pool. */ #define POOLBLOCKS 30 /* POOLSIZE must be a multiple of the digest length to make the AND @@ -593,20 +593,21 @@ mix_pool(unsigned char *pool) unsigned char *hashbuf = pool + POOLSIZE; unsigned char *p, *pend; int i, n; - RMD160_CONTEXT md; + SHA1_CONTEXT md; + unsigned int nburn; #if DIGESTLEN != 20 -#error must have a digest length of 20 for ripe-md-160 +#error must have a digest length of 20 for SHA-1 #endif gcry_assert (pool_is_locked); - _gcry_rmd160_init( &md ); + _gcry_sha1_mixblock_init (&md); /* Loop over the pool. */ pend = pool + POOLSIZE; memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN ); memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); - _gcry_rmd160_mixblock( &md, hashbuf); + nburn = _gcry_sha1_mixblock (&md, hashbuf); memcpy(pool, hashbuf, 20 ); if (failsafe_digest_valid && pool == rndpool) @@ -635,21 +636,21 @@ mix_pool(unsigned char *pool) } } - _gcry_rmd160_mixblock ( &md, hashbuf); + _gcry_sha1_mixblock (&md, hashbuf); memcpy(p, hashbuf, 20 ); } - /* Our hash implementation does only leave small parts (64 bytes) - of the pool on the stack, so it is okay not to require secure - memory here. Before we use this pool, it will be copied to the - help buffer anyway. */ - if ( pool == rndpool) - { - _gcry_rmd160_hash_buffer (failsafe_digest, pool, POOLSIZE); - failsafe_digest_valid = 1; - } - - _gcry_burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */ + /* Our hash implementation does only leave small parts (64 bytes) + of the pool on the stack, so it is okay not to require secure + memory here. Before we use this pool, it will be copied to the + help buffer anyway. */ + if ( pool == rndpool) + { + _gcry_sha1_hash_buffer (failsafe_digest, pool, POOLSIZE); + failsafe_digest_valid = 1; + } + + _gcry_burn_stack (nburn); } commit 142a479a484cb4e84d0561be9b05b44dac9e6fe2 Author: Werner Koch Date: Thu Mar 31 19:16:15 2016 +0200 cipher: Move sha1 context definition to a separate file. * cipher/sha1.c: Replace hash-common.h by sha1.h. (SHA1_CONTEXT): Move to ... * cipher/sha1.h: new. Always include all flags. * cipher/Makefile.am (libcipher_la_SOURCES): Add sha1.h. -- Signed-off-by: Werner Koch diff --git a/cipher/Makefile.am b/cipher/Makefile.am index ab71fa7..85248a2 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -57,7 +57,7 @@ bufhelp.h \ primegen.c \ hash-common.c hash-common.h \ dsa-common.c rsa-common.c \ -rmd.h +sha1.h rmd.h EXTRA_libcipher_la_SOURCES = \ arcfour.c arcfour-amd64.S \ diff --git a/cipher/sha1.c b/cipher/sha1.c index 0de8412..19e75b2 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -40,7 +40,7 @@ #include "bithelp.h" #include "bufhelp.h" #include "cipher.h" -#include "hash-common.h" +#include "sha1.h" /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ @@ -88,23 +88,6 @@ /* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % sizeof (u32))) */ /* #endif */ -typedef struct -{ - gcry_md_block_ctx_t bctx; - u32 h0,h1,h2,h3,h4; -#ifdef USE_SSSE3 - unsigned int use_ssse3:1; -#endif -#ifdef USE_AVX - unsigned int use_avx:1; -#endif -#ifdef USE_BMI2 - unsigned int use_bmi2:1; -#endif -#ifdef USE_NEON - unsigned int use_neon:1; -#endif -} SHA1_CONTEXT; static unsigned int transform (void *c, const unsigned char *data, size_t nblks); diff --git a/cipher/sha1.h b/cipher/sha1.h new file mode 100644 index 0000000..c023e15 --- /dev/null +++ b/cipher/sha1.h @@ -0,0 +1,36 @@ +/* sha1.h - SHA-1 context definition + * Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ +#ifndef GCRY_SHA1_H +#define GCRY_SHA1_H + +#include "hash-common.h" + +/* We need this here for direct use by random-csprng.c. */ +typedef struct +{ + gcry_md_block_ctx_t bctx; + u32 h0,h1,h2,h3,h4; + unsigned int use_ssse3:1; + unsigned int use_avx:1; + unsigned int use_bmi2:1; + unsigned int use_neon:1; +} SHA1_CONTEXT; + + +#endif /*GCRY_SHA1_H*/ ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 2 +- cipher/md.c | 2 -- cipher/rmd160.c | 45 ++++++++++---------------------------- cipher/sha1.c | 57 +++++++++++++++++++++++++++++++++--------------- cipher/{rmd.h => sha1.h} | 28 ++++++++++++++---------- configure.ac | 12 +++++++--- doc/gcrypt.texi | 2 +- random/random-csprng.c | 39 +++++++++++++++++---------------- 8 files changed, 97 insertions(+), 90 deletions(-) rename cipher/{rmd.h => sha1.h} (54%) hooks/post-receive -- The GNU crypto library http://git.gnupg.org