From cvs at cvs.gnupg.org Mon Oct 3 09:01:46 2016 From: cvs at cvs.gnupg.org (by Ineiev) Date: Mon, 03 Oct 2016 09:01:46 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-30-gdb3b2bf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via db3b2bf0c7ae4d3d0fbeecfe6a9a77ea4ed0f84e (commit) via f0ae2986708614bce9070eec77309e838c403db7 (commit) via aa969a09a1225f8fb683ba8d0c3ccc099dd8d1d3 (commit) from 4c5ae72d481ffd24ff93accee0b42e9b264285f2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit db3b2bf0c7ae4d3d0fbeecfe6a9a77ea4ed0f84e Author: Ineiev Date: Fri Apr 8 15:33:05 2016 +0300 tty: Provide default text for "notok". * tty/pinentry-tty.c (confirm): Provide default text for "notok". -- gniibe changed the commit message. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index a36c588..cef6947 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -211,7 +211,7 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) cancel = button (pinentry->default_cancel, "Cancel", ttyfo); if (pinentry->notok) - notok = button (pinentry->notok, NULL, ttyfo); + notok = button (pinentry->notok, "No", ttyfo); } if (cbreak (fileno (ttyfi)) == -1) commit f0ae2986708614bce9070eec77309e838c403db7 Author: Ineiev Date: Fri Apr 8 15:26:33 2016 +0300 tty: Fix underscore processing in accelerators. * tty/pinentry-tty.c (button): Fix underscore processing in accelerators. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index d36a667..a36c588 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -84,10 +84,15 @@ button (char *text, char *default_text, FILE *ttyfo) { highlight = highlight + 1; if (*highlight == '_') - /* Escaped underscore. */ - continue; - else - break; + { + /* Escaped underscore. Skip both characters. */ + highlight++; + continue; + } + if (!isalnum (*highlight)) + /* Unusable accelerator. */ + continue; + break; } if (! highlight) @@ -98,8 +103,8 @@ button (char *text, char *default_text, FILE *ttyfo) highlight ++; } - if (! highlight) - /* Hmm, no alpha-num characters. */ + if (! *highlight) + /* Hmm, no alpha-numeric characters. */ { if (! default_text) return 0; @@ -111,7 +116,11 @@ button (char *text, char *default_text, FILE *ttyfo) { /* Skip accelerator prefix. */ if (*text == '_') - continue; + { + text ++; + if (! *text) + break; + } if (text == highlight) fputs (UNDERLINE_START, ttyfo); commit aa969a09a1225f8fb683ba8d0c3ccc099dd8d1d3 Author: Ineiev Date: Fri Apr 8 15:17:59 2016 +0300 tty: Refactor usage of tolower. * tty/pinentry-tty.c (button): Apply tolower to the result. * tty/pinentry-tty.c (confirm): Compare lowercased character instead of converting them every time. -- gniibe changed the original patch to keep output to TTY. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 4e71edf..d36a667 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -121,7 +121,7 @@ button (char *text, char *default_text, FILE *ttyfo) } fputc ('\n', ttyfo); - return *highlight; + return tolower (*highlight); } static void @@ -223,17 +223,18 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) { fputc ('[', ttyfo); if (ok) - fputc (tolower (ok), ttyfo); + fputc (ok, ttyfo); if (cancel) - fputc (tolower (cancel), ttyfo); + fputc (cancel, ttyfo); if (notok) - fputc (tolower (notok), ttyfo); + fputc (notok, ttyfo); fputs("]? ", ttyfo); } fflush (ttyfo); input = fgetc (ttyfi); fprintf (ttyfo, "%c\n", input); + input = tolower (input); if (input == EOF || input == 0x4) /* End of file or control-d (= end of file). */ @@ -251,18 +252,18 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) break; } - if (cancel && (input == toupper (cancel) || input == tolower (cancel))) + if (cancel && input == cancel) { pinentry->canceled = 1; ret = 0; break; } - else if (notok && (input == toupper (notok) || input == tolower (notok))) + else if (notok && input == notok) { ret = 0; break; } - else if (ok && (input == toupper (ok) || input == tolower (ok))) + else if (ok && input == ok) { ret = 1; break; ----------------------------------------------------------------------- Summary of changes: tty/pinentry-tty.c | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 4 02:23:28 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 04 Oct 2016 02:23:28 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-189-geda1764 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d (commit) from a43739a2456a38c01704d8a52dca441055e29bc6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Author: NIIBE Yutaka Date: Tue Oct 4 09:01:13 2016 +0900 agent, dirmngr, scd: npth_init must be after fork. * agent/gpg-agent.c (thread_init_once, initialize_modules): New. (main): Make sure no daemonizing-fork call after npth_init, and no npth calls before npth_init, with care of npth calls by assuan hooks. * dirmngr/dirmngr.c (thread_init): New. (main): Make sure npth_init must not be called before daemonizing fork. * scd/scdaemon.c (main): Likewise. -- It is simply the best for nPth not to allow the daemonizing fork after npth_init, because semantics and implementations of forked child process in a threaded application is a difficult corner case. GnuPG-bug-id: 1779 Signed-off-by: NIIBE Yutaka diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 15202ac..e65198a 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -718,6 +718,29 @@ finalize_rereadable_options (void) } +static void +thread_init_once (void) +{ + static int npth_initialized = 0; + + if (!npth_initialized) + { + npth_initialized++; + npth_init (); + } +} + +static void +initialize_modules (void) +{ + thread_init_once (); + assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); + initialize_module_cache (); + initialize_module_call_pinentry (); + initialize_module_call_scd (); + initialize_module_trustlist (); +} + /* The main entry point. */ int @@ -765,14 +788,11 @@ main (int argc, char **argv ) i18n_init (); init_common_subsystems (&argc, &argv); - npth_init (); - malloc_hooks.malloc = gcry_malloc; malloc_hooks.realloc = gcry_realloc; malloc_hooks.free = gcry_free; assuan_set_malloc_hooks (&malloc_hooks); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); - assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); assuan_sock_init (); setup_libassuan_logging (&opt.debug, NULL); @@ -1080,16 +1100,12 @@ main (int argc, char **argv ) exit (1); } - initialize_module_cache (); - initialize_module_call_pinentry (); - initialize_module_call_scd (); - initialize_module_trustlist (); - /* Try to create missing directories. */ create_directories (); if (debug_wait && pipe_server) { + thread_init_once (); log_debug ("waiting for debugger - my pid is %u .....\n", (unsigned int)getpid()); gnupg_sleep (debug_wait); @@ -1196,6 +1212,8 @@ main (int argc, char **argv ) /* This is the simple pipe based server */ ctrl_t ctrl; + initialize_modules (); + ctrl = xtrycalloc (1, sizeof *ctrl); if (!ctrl) { @@ -1403,6 +1421,8 @@ main (int argc, char **argv ) This is the child */ + initialize_modules (); + /* Detach from tty and put process into a new session */ if (!nodetach ) { diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 64d93b7..621c2bb 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -647,6 +647,22 @@ pid_suffix_callback (unsigned long *r_suffix) #endif /*!HAVE_W32_SYSTEM*/ +static void +thread_init (void) +{ + npth_init (); + + /* Now with NPth running we can set the logging callback. Our + windows implementation does not yet feature the NPth TLS + functions. */ +#ifndef HAVE_W32_SYSTEM + if (npth_key_create (&my_tlskey_current_fd, NULL) == 0) + if (npth_setspecific (my_tlskey_current_fd, NULL) == 0) + log_set_pid_suffix_cb (pid_suffix_callback); +#endif /*!HAVE_W32_SYSTEM*/ +} + + int main (int argc, char **argv) { @@ -680,8 +696,6 @@ main (int argc, char **argv) i18n_init (); init_common_subsystems (&argc, &argv); - npth_init (); - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); /* Check that the libraries are suitable. Do it here because @@ -722,15 +736,6 @@ main (int argc, char **argv) if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) csh_style = 1; - /* Now with NPth running we can set the logging callback. Our - windows implementation does not yet feature the NPth TLS - functions. */ -#ifndef HAVE_W32_SYSTEM - if (npth_key_create (&my_tlskey_current_fd, NULL) == 0) - if (npth_setspecific (my_tlskey_current_fd, NULL) == 0) - log_set_pid_suffix_cb (pid_suffix_callback); -#endif /*!HAVE_W32_SYSTEM*/ - /* Reset rereadable options to default values. */ parse_rereadable_options (NULL, 0); @@ -981,6 +986,7 @@ main (int argc, char **argv) ldap_wrapper_launch_thread (); #endif /*USE_LDAP*/ + thread_init (); cert_cache_init (); crl_cache_init (); start_command_handler (ASSUAN_INVALID_FD); @@ -1179,6 +1185,7 @@ main (int argc, char **argv) ldap_wrapper_launch_thread (); #endif /*USE_LDAP*/ + thread_init (); cert_cache_init (); crl_cache_init (); handle_connections (fd); @@ -1206,6 +1213,7 @@ main (int argc, char **argv) #if USE_LDAP ldap_wrapper_launch_thread (); #endif /*USE_LDAP*/ + thread_init (); cert_cache_init (); crl_cache_init (); if (!argc) @@ -1231,6 +1239,7 @@ main (int argc, char **argv) #if USE_LDAP ldap_wrapper_launch_thread (); #endif /*USE_LDAP*/ + thread_init (); cert_cache_init (); crl_cache_init (); rc = crl_fetch (&ctrlbuf, argv[0], &reader); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index bf54d95..3571e66 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -422,8 +422,6 @@ main (int argc, char **argv ) i18n_init (); init_common_subsystems (&argc, &argv); - npth_init (); - ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); malloc_hooks.malloc = gcry_malloc; @@ -724,6 +722,8 @@ main (int argc, char **argv ) } #endif + npth_init (); + /* If --debug-allow-core-dump has been given we also need to switch the working directory to a place where we can actually write. */ @@ -861,6 +861,8 @@ main (int argc, char **argv ) /* This is the child. */ + npth_init (); + /* Detach from tty and put process into a new session. */ if (!nodetach ) { ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 36 ++++++++++++++++++++++++++++-------- dirmngr/dirmngr.c | 31 ++++++++++++++++++++----------- scd/scdaemon.c | 6 ++++-- 3 files changed, 52 insertions(+), 21 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 4 09:40:23 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 04 Oct 2016 09:40:23 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-31-g777650b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 777650b9b021342ba887543396c67f9148218caf (commit) from db3b2bf0c7ae4d3d0fbeecfe6a9a77ea4ed0f84e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 777650b9b021342ba887543396c67f9148218caf Author: Werner Koch Date: Tue Oct 4 09:36:39 2016 +0200 core: Add a way to print ERROR status lines. * pinentry/pinentry.h (struct pinentry): New fields SPECIFIC_ERR_LOC and SPECIFIC_ERR_INFO. * pinentry/pinentry.c (pinentry_reset): Free the new field. (write_status_error): New. (cmd_getpin): Use new fields. (cmd_confirm): Ditto. * gnome3/pinentry-gnome3.c (create_prompt): Set error for failed GCR_PROMPT. Signed-off-by: Werner Koch diff --git a/gnome3/pinentry-gnome3.c b/gnome3/pinentry-gnome3.c index 8f91cb8..f8968c9 100644 --- a/gnome3/pinentry-gnome3.c +++ b/gnome3/pinentry-gnome3.c @@ -82,6 +82,9 @@ create_prompt (pinentry_t pe, int confirm) { g_warning ("couldn't create prompt for gnupg passphrase: %s", error->message); + pe->specific_err_loc = "gcr_prompt"; + pe->specific_err_info = strdup (error->message); + pe->specific_err = gpg_error (GPG_ERR_CONFIGURATION); g_error_free (error); return NULL; } diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 0c87271..e5cb806 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -132,6 +132,7 @@ pinentry_reset (int use_defaults) free (pinentry.quality_bar); free (pinentry.quality_bar_tt); free (pinentry.keyinfo); + free (pinentry.specific_err_info); /* Reset the pinentry structure. */ memset (&pinentry, 0, sizeof (pinentry)); @@ -947,6 +948,27 @@ strcpy_escaped (char *d, const char *s) } +static void +write_status_error (assuan_context_t ctx, pinentry_t pe) +{ + char buf[500]; + const char *pgm; + + pgm = strchr (this_pgmname, '-'); + if (pgm && pgm[1]) + pgm++; + else + pgm = this_pgmname; + + snprintf (buf, sizeof buf, "%s.%s %d %s", + pgm, + pe->specific_err_loc? pe->specific_err_loc : "?", + pe->specific_err, + pe->specific_err_info? pe->specific_err_info : ""); + assuan_write_status (ctx, "ERROR", buf); +} + + static gpg_error_t cmd_setdesc (assuan_context_t ctx, char *line) { @@ -1261,6 +1283,9 @@ cmd_getpin (assuan_context_t ctx, char *line) } pinentry.locale_err = 0; pinentry.specific_err = 0; + pinentry.specific_err_loc = NULL; + free (pinentry.specific_err_info); + pinentry.specific_err_info = NULL; pinentry.close_button = 0; pinentry.repeat_okay = 0; pinentry.one_button = 0; @@ -1289,7 +1314,10 @@ cmd_getpin (assuan_context_t ctx, char *line) { pinentry_setbuffer_clear (&pinentry); if (pinentry.specific_err) - return pinentry.specific_err; + { + write_status_error (ctx, &pinentry); + return pinentry.specific_err; + } return (pinentry.locale_err ? gpg_error (GPG_ERR_LOCALE_PROBLEM) : gpg_error (GPG_ERR_CANCELED)); @@ -1337,6 +1365,9 @@ cmd_confirm (assuan_context_t ctx, char *line) pinentry.close_button = 0; pinentry.locale_err = 0; pinentry.specific_err = 0; + pinentry.specific_err_loc = NULL; + free (pinentry.specific_err_info); + pinentry.specific_err_info = NULL; pinentry.canceled = 0; pinentry_setbuffer_clear (&pinentry); result = (*pinentry_cmd_handler) (&pinentry); @@ -1353,7 +1384,10 @@ cmd_confirm (assuan_context_t ctx, char *line) return 0; if (pinentry.specific_err) - return pinentry.specific_err; + { + write_status_error (ctx, &pinentry); + return pinentry.specific_err; + } if (pinentry.locale_err) return gpg_error (GPG_ERR_LOCALE_PROBLEM); diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index b203cfe..50d5f98 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -118,6 +118,13 @@ struct pinentry passphrase or a negative error code. */ int specific_err; + /* The frontend may store a string with the error location here. */ + const char *specific_err_loc; + + /* The frontend may store a malloced string here to emit an ERROR + * status code with this extra info along with SPECIFIC_ERR. */ + char *specific_err_info; + /* The frontend should set this to true if the window close button has been used. This flag is used in addition to a regular return value. */ ----------------------------------------------------------------------- Summary of changes: gnome3/pinentry-gnome3.c | 3 +++ pinentry/pinentry.c | 38 ++++++++++++++++++++++++++++++++++++-- pinentry/pinentry.h | 7 +++++++ 3 files changed, 46 insertions(+), 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 4 10:43:50 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 04 Oct 2016 10:43:50 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-32-g65d8e0e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 65d8e0ec19795d9ec60d7f37f1511f65135cfd84 (commit) from 777650b9b021342ba887543396c67f9148218caf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 65d8e0ec19795d9ec60d7f37f1511f65135cfd84 Author: Werner Koch Date: Tue Oct 4 10:35:52 2016 +0200 gnome3: Drop unnecessary use of gtk * configure.ac: pinentry-gnome3 only needs gcr-base, not gcr. * gnome3/pinentry-gnome3.c (main): Instead of testing whether GTK can be loaded, check for DBUS_SESSION_BUS_ADDRESS. (create_prompt): Use fprintf (stderr, ...) instead of g_warning (...), to align with the rest of pinentry.c. -- pinentry-gnome3 really just uses gcr and libsecret -- there is no direct use of gtk at all. By linking only to the minimal gcr-base-3 and avoiding gcr-3 itself, we remove many unnecessary library dependencies from pinentry-gnome3. Specifically, "ldd $(which pinentry-gnome3) | wc -l" goes from 69 to 23 on debian testing. Signed-off-by: Daniel Kahn Gillmor Added missing LF. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 41e9d93..1620ebd 100644 --- a/configure.ac +++ b/configure.ac @@ -476,15 +476,15 @@ AM_CONDITIONAL(BUILD_PINENTRY_GTK_2, test "$pinentry_gtk_2" = "yes") if test "$pinentry_gnome_3" != "no"; then AC_MSG_CHECKING([for gcr]) - "${PKG_CONFIG}" --exists gcr-3,gcr-base-3 + "${PKG_CONFIG}" --exists gcr-base-3 if test $? -ne 0 ; then AC_MSG_RESULT([no]) - AC_MSG_WARN([pkg-config could not find the module gcr-3,gcr-base-3]) + AC_MSG_WARN([pkg-config could not find the module gcr-base-3]) pinentry_gnome_3=no else AC_MSG_RESULT([yes]) - GNOME3CFLAGS=`"${PKG_CONFIG}" --cflags gcr-3,gcr-base-3` - GNOME3LIBS=`"${PKG_CONFIG}" --libs gcr-3,gcr-base-3` + GNOME3CFLAGS=`"${PKG_CONFIG}" --cflags gcr-base-3` + GNOME3LIBS=`"${PKG_CONFIG}" --libs gcr-base-3` AC_SUBST(GNOME3CFLAGS) AC_SUBST(GNOME3LIBS) AC_DEFINE(GCR_API_SUBJECT_TO_CHANGE, 1, [Nod nod]) diff --git a/gnome3/pinentry-gnome3.c b/gnome3/pinentry-gnome3.c index f8968c9..d6d7d16 100644 --- a/gnome3/pinentry-gnome3.c +++ b/gnome3/pinentry-gnome3.c @@ -22,10 +22,10 @@ # include "config.h" #endif -#include #include #include +#include #include @@ -80,8 +80,8 @@ create_prompt (pinentry_t pe, int confirm) prompt = GCR_PROMPT (gcr_system_prompt_open (-1, NULL, &error)); if (! prompt) { - g_warning ("couldn't create prompt for gnupg passphrase: %s", - error->message); + fprintf (stderr, "couldn't create prompt for gnupg passphrase: %s\n", + error->message); pe->specific_err_loc = "gcr_prompt"; pe->specific_err_info = strdup (error->message); pe->specific_err = gpg_error (GPG_ERR_CONFIGURATION); @@ -188,7 +188,7 @@ gnome3_cmd_handler (pinentry_t pe) /* "The returned password is valid until the next time a method is called to display another prompt." */ - password = gcr_prompt_password_run (prompt, NULL, &error); + password = gcr_prompt_password (prompt, NULL, &error); if (error) /* Error. */ { @@ -264,15 +264,12 @@ main (int argc, char *argv[]) pinentry_init (PGMNAME); #ifdef FALLBACK_CURSES - if (pinentry_have_display (argc, argv)) + if (!getenv ("DBUS_SESSION_BUS_ADDRESS")) { - if (! gtk_init_check (&argc, &argv)) - pinentry_cmd_handler = curses_cmd_handler; + fprintf (stderr, "No $DBUS_SESSION_BUS_ADDRESS found," + " falling back to curses\n"); + pinentry_cmd_handler = curses_cmd_handler; } - else - pinentry_cmd_handler = curses_cmd_handler; -#else - gtk_init (&argc, &argv); #endif pinentry_parse_opts (argc, argv); ----------------------------------------------------------------------- Summary of changes: configure.ac | 8 ++++---- gnome3/pinentry-gnome3.c | 19 ++++++++----------- 2 files changed, 12 insertions(+), 15 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 4 14:11:28 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 04 Oct 2016 14:11:28 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-193-g4a232d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4a232d23a8f51bebf9ee382e480248b4bde30f28 (commit) via 41b510f9c510f8fd1b59eb0c5dd2e2b2deaf0a1b (commit) via 949e70115eb2c04bd09da6477f6c433e6fd9a366 (commit) via fbc83c0cdd390473c044953fb774571ffc636c6d (commit) from eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4a232d23a8f51bebf9ee382e480248b4bde30f28 Author: Justus Winter Date: Fri Sep 30 16:22:40 2016 +0200 build,w32: Unconditionally build tests. * configure.ac (run_tests, RUN_TESTS, RUN_GPG_TESTS): Remove variables. They are misleadingly named, as they inhibit building the tests. There is no reason not to build the tests even when cross-compiling, as they are only run if one does 'make check'. * Makefile: Adapt accordingly. * tests/Makefile.am: Adapt accordingly. Avoid building 'asschk' on Windows as it uses non-portable functions. Signed-off-by: Justus Winter diff --git a/Makefile.am b/Makefile.am index b589e72..7950980 100644 --- a/Makefile.am +++ b/Makefile.am @@ -90,15 +90,9 @@ else doc = endif -if RUN_TESTS -tests = tests -else -tests = -endif - SUBDIRS = m4 common kbx \ ${gpg} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \ - ${tools} po ${doc} ${tests} + ${tools} po ${doc} tests dist_doc_DATA = README diff --git a/configure.ac b/configure.ac index 85cd69a..9c591ed 100644 --- a/configure.ac +++ b/configure.ac @@ -626,7 +626,6 @@ have_dosish_system=no have_w32_system=no have_w32ce_system=no have_android_system=no -run_tests=yes use_simple_gettext=no use_ldapwrapper=yes mmap_needed=yes @@ -643,7 +642,6 @@ case "${host}" in have_dosish_system=yes have_w32_system=yes require_iconv=no - run_tests=no use_ldapwrapper=no # Fixme: Do this only for CE. case "${host}" in *-mingw32ce*) @@ -702,7 +700,6 @@ case "${host}" in # Android is fully utf-8 and we do not want to use iconv to # keeps things simple require_iconv=no - run_tests=no ;; *) ;; @@ -733,11 +730,6 @@ if test "$have_android_system" = yes; then fi AM_CONDITIONAL(HAVE_ANDROID_SYSTEM, test "$have_android_system" = yes) -if test "$run_tests" = yes; then - AC_DEFINE(RUN_TESTS,1, [Defined if we should run the tests]) -fi -AM_CONDITIONAL(RUN_TESTS, test "$run_tests" = yes) - # (These need to go after AC_PROG_CC so that $EXEEXT is defined) AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any]) @@ -1693,9 +1685,6 @@ AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes) AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no) AM_CONDITIONAL(USE_TOFU, test "$use_tofu" = yes) -AM_CONDITIONAL(RUN_GPG_TESTS, - test x$cross_compiling = xno -a "$build_gpg" = yes ) - # # Set some defines for use gpgconf. # diff --git a/tests/Makefile.am b/tests/Makefile.am index d72f51e..6ede0d4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -18,14 +18,7 @@ ## Process this file with automake to produce Makefile.in - -if RUN_GPG_TESTS -openpgp = openpgp -else -openpgp = -endif - -SUBDIRS = gpgscm ${openpgp} . migrations pkits +SUBDIRS = gpgscm openpgp migrations pkits . GPGSM = ../sm/gpgsm @@ -66,7 +59,9 @@ CLEANFILES = inittests.stamp x y y z out err \ DISTCLEANFILES = pubring.kbx~ random_seed +if !HAVE_W32_SYSTEM noinst_PROGRAMS = asschk +endif asschk_SOURCES = asschk.c commit 41b510f9c510f8fd1b59eb0c5dd2e2b2deaf0a1b Author: Justus Winter Date: Tue Oct 4 12:59:18 2016 +0200 tests,w32: Do not expose 'glob' to gpgscm. * tests/gpgscm/ffi.c (do_glob): Remove function. (ffi_init): Likewise. -- 'glob' is not available on mingw, and portability is the whole point of gpgscm. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index 4559f10..829384a 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -25,7 +25,6 @@ #include #include #include -#include #include #include #include @@ -1025,42 +1024,6 @@ do_string_contains (scheme *sc, pointer args) FFI_RETURN_POINTER (sc, strstr (haystack, needle) ? sc->T : sc->F); } -static pointer -do_glob (scheme *sc, pointer args) -{ - FFI_PROLOG (); - pointer result = sc->NIL; - size_t i; - char *pattern; - glob_t pglob; - FFI_ARG_OR_RETURN (sc, char *, pattern, string, args); - FFI_ARGS_DONE_OR_RETURN (sc, args); - - switch (glob (pattern, 0, NULL, &pglob)) - { - case 0: - for (i = 0; i < pglob.gl_pathc; i++) - result = - (sc->vptr->cons) (sc, - sc->vptr->mk_string (sc, pglob.gl_pathv[i]), - result); - globfree (&pglob); - break; - - case GLOB_NOMATCH: - /* Return the empty list. */ - break; - - case GLOB_NOSPACE: - return ffi_sprintf (sc, "out of memory"); - case GLOB_ABORTED: - return ffi_sprintf (sc, "read error"); - default: - assert (! "not reached"); - } - FFI_RETURN_POINTER (sc, result); -} - static pointer @@ -1289,7 +1252,6 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname, ffi_define_function (sc, string_index); ffi_define_function (sc, string_rindex); ffi_define_function_name (sc, "string-contains?", string_contains); - ffi_define_function (sc, glob); /* User interface. */ ffi_define_function (sc, flush_stdio); commit 949e70115eb2c04bd09da6477f6c433e6fd9a366 Author: Justus Winter Date: Tue Oct 4 12:46:00 2016 +0200 tests,w32: Avoid using 'glob'. * tests/openpgp/setup.scm: Avoid 'glob' which is not available on mingw. Signed-off-by: Justus Winter diff --git a/tests/openpgp/setup.scm b/tests/openpgp/setup.scm index d4a3e37..0a9a153 100755 --- a/tests/openpgp/setup.scm +++ b/tests/openpgp/setup.scm @@ -127,8 +127,7 @@ (setenv "GNUPGHOME" (getcwd) #t) (create-gpghome) (kill-agent) - (call-check `(,(tool 'gpgtar) --create --output ,(cadr *args*) - ,@(glob "*"))))) + (call-check `(,(tool 'gpgtar) --create --output ,(cadr *args*) ".")))) ((member "--unpack-tarball" *args*) (call-check `(,(tool 'gpgtar) --extract --directory=. ,(cadr *args*))) (start-agent)) commit fbc83c0cdd390473c044953fb774571ffc636c6d Author: Justus Winter Date: Tue Oct 4 12:44:14 2016 +0200 tools: Ignore existing directories in gpgtar. * tools/gpgtar-extract.c (extract_directory): Ignore existing directories now that we have '--directory'. Signed-off-by: Justus Winter diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index cee609c..8641126 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -122,11 +122,15 @@ extract_directory (const char *dirname, tar_header_t hdr) if (fname[strlen (fname)-1] == '/') fname[strlen (fname)-1] = 0; - /* Note that we don't need to care about EEXIST because we always - extract into a new hierarchy. */ if (! opt.dry_run && gnupg_mkdir (fname, "-rwx------")) { err = gpg_error_from_syserror (); + if (gpg_err_code (err) == GPG_ERR_EEXIST) + { + /* Ignore existing directories while extracting. */ + err = 0; + } + if (gpg_err_code (err) == GPG_ERR_ENOENT) { /* Try to create the directory with parents but keep the ----------------------------------------------------------------------- Summary of changes: Makefile.am | 8 +------- configure.ac | 11 ----------- tests/Makefile.am | 11 +++-------- tests/gpgscm/ffi.c | 38 -------------------------------------- tests/openpgp/setup.scm | 3 +-- tools/gpgtar-extract.c | 8 ++++++-- 6 files changed, 11 insertions(+), 68 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 4 17:17:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 04 Oct 2016 17:17:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-197-g1a9c8d7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1a9c8d78ece2f31fdb1a8e2be049aa71053061fa (commit) via afcfae7959f39e7d85309b9496e1f1cf9acd5cc2 (commit) via dc059af1ff007842e2633e686c87d05daf1d45e3 (commit) via 9f92b62a51d2d60f038fdbe01602865c5933fa95 (commit) from 4a232d23a8f51bebf9ee382e480248b4bde30f28 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1a9c8d78ece2f31fdb1a8e2be049aa71053061fa Author: Werner Koch Date: Tue Oct 4 17:02:49 2016 +0200 agent: Streamline the supervised mode code. * agent/gpg-agent.c (get_socket_path): Rename to ... (get_socket_name): this. This is to comply with the GNU coding guide. Use xtrymalloc instead of malloc. Do not build for W32. (map_supervised_sockets): Use strtokenize and set the the socket names here. (main): Adjust for above change. Do not close the socket. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 0ebba1e..1696e5a 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -576,6 +576,208 @@ remove_socket (char *name, char *redir_name) } +/* Return a malloc'ed string that is the path to the passed + * unix-domain socket (or return NULL if this is not a valid + * unix-domain socket). We use a plain int here because it is only + * used on Linux. + * + * FIXME: This function needs to be moved to libassuan. */ +#ifndef HAVE_W32_SYSTEM +static char * +get_socket_name (int fd) +{ + struct sockaddr_un un; + socklen_t len = sizeof(un); + char *name = NULL; + + if (getsockname (fd, (struct sockaddr*)&un, &len) != 0) + log_error ("could not getsockname(%d): %s\n", fd, + gpg_strerror (gpg_error_from_syserror ())); + else if (un.sun_family != AF_UNIX) + log_error ("file descriptor %d is not a unix-domain socket\n", fd); + else if (len <= offsetof (struct sockaddr_un, sun_path)) + log_error ("socket name not present for file descriptor %d\n", fd); + else if (len > sizeof(un)) + log_error ("socket name for file descriptor %d was truncated " + "(passed %lu bytes, wanted %u)\n", fd, sizeof(un), len); + else + { + log_debug ("file descriptor %d has path %s (%lu octets)\n", fd, + un.sun_path, len - offsetof (struct sockaddr_un, sun_path)); + name = xtrymalloc (len - offsetof (struct sockaddr_un, sun_path) + 1); + if (!name) + log_error ("failed to allocate memory for name of fd %d: %s\n", + fd, gpg_strerror (gpg_error_from_syserror ())); + else + { + memcpy (name, un.sun_path, len); + name[len] = 0; + } + } + + return name; +} +#endif /*!HAVE_W32_SYSTEM*/ + + +/* Discover which inherited file descriptors correspond to which + * services/sockets offered by gpg-agent, using the LISTEN_FDS and + * LISTEN_FDNAMES convention. The understood labels are "ssh", + * "extra", and "browser". "std" or other labels will be interpreted + * as the standard socket. + * + * This function is designed to log errors when the expected file + * descriptors don't make sense, but to do its best to continue to + * work even in the face of minor misconfigurations. + * + * For more information on the LISTEN_FDS convention, see + * sd_listen_fds(3) on certain Linux distributions. + */ +#ifndef HAVE_W32_SYSTEM +static void +map_supervised_sockets (gnupg_fd_t *r_fd, + gnupg_fd_t *r_fd_extra, + gnupg_fd_t *r_fd_browser, + gnupg_fd_t *r_fd_ssh) +{ + struct { + const char *label; + int **fdaddr; + char **nameaddr; + } tbl[] = { + { "ssh", &r_fd_ssh, &socket_name_ssh }, + { "browser", &r_fd_browser, &socket_name_browser }, + { "extra", &r_fd_extra, &socket_name_extra }, + { "std", &r_fd, &socket_name } /* (Must be the last item.) */ + }; + const char *envvar; + char **fdnames; + int nfdnames; + int fd_count; + + *r_fd = *r_fd_extra = *r_fd_browser = *r_fd_ssh = -1; + + /* Print a warning if LISTEN_PID does not match outr pid. */ + envvar = getenv ("LISTEN_PID"); + if (!envvar) + log_error ("no LISTEN_PID environment variable found in " + "--supervised mode (ignoring)\n"); + else if (strtoul (envvar, NULL, 10) != (unsigned long)getpid ()) + log_error ("environment variable LISTEN_PID (%lu) does not match" + " our pid (%lu) in --supervised mode (ignoring)\n", + (unsigned long)strtoul (envvar, NULL, 10), + (unsigned long)getpid ()); + + /* Parse LISTEN_FDNAMES into the array FDNAMES. */ + envvar = getenv ("LISTEN_FDNAMES"); + if (envvar) + { + fdnames = strtokenize (envvar, ":"); + if (!fdnames) + { + log_error ("strtokenize failed: %s\n", + gpg_strerror (gpg_error_from_syserror ())); + agent_exit (1); + } + for (nfdnames=0; fdnames[nfdnames]; nfdnames++) + ; + } + else + { + fdnames = NULL; + nfdnames = 0; + } + + /* Parse LISTEN_FDS into fd_count or provide a replacement. */ + envvar = getenv ("LISTEN_FDS"); + if (envvar) + fd_count = atoi (envvar); + else if (fdnames) + { + log_error ("no LISTEN_FDS environment variable found in --supervised" + " mode (relying on LISTEN_FDNAMES instead)\n"); + fd_count = nfdnames; + } + else + { + log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables " + "found in --supervised mode" + " (assuming 1 active descriptor)\n"); + fd_count = 1; + } + + if (fd_count < 1) + { + log_error ("--supervised mode expects at least one file descriptor" + " (was told %d, carrying on as though it were 1)\n", + fd_count); + fd_count = 1; + } + + /* Assign the descriptors to the return values. */ + if (!fdnames) + { + if (fd_count != 1) + log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1" + " in --supervised mode." + " (ignoring all sockets but the first one)\n", + fd_count); + *r_fd = 3; + } + else if (fd_count != nfdnames) + { + log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match " + "LISTEN_FDS (%d) in --supervised mode\n", + nfdnames, fd_count); + } + else + { + int i, j, fd; + char *name; + + for (i = 0; i < nfdnames; i++) + { + for (j = 0; j < DIM (tbl); j++) + { + log_debug ("i=%d j=%d fdname=%s check=%s\n", i, j, + fdnames[i], tbl[j].label); + if (!strcmp (fdnames[i], tbl[j].label) || j == DIM(tbl)-1) + { + if (**tbl[j].fdaddr == -1) + { + fd = 3 + i; + name = get_socket_name (fd); + if (name) + { + **tbl[j].fdaddr = fd; + *tbl[j].nameaddr = name; + log_info ("using fd %d for %s socket (%s)\n", + fd, tbl[j].label, name); + } + else + { + log_error ("cannot listen on fd %d for %s socket\n", + fd, tbl[j].label); + close (i); + } + } + else + { + log_error ("cannot listen on more than one %s socket\n", + tbl[j].label); + close (i); + } + break; + } + } + } + } + + xfree (fdnames); +} +#endif /*!HAVE_W32_SYSTEM*/ + + /* Cleanup code for this program. This is either called has an atexit handler or directly. */ static void @@ -756,180 +958,6 @@ initialize_modules (void) } -/* return a malloc'ed string that is the path to the passed unix-domain socket - (or return NULL if this is not a valid unix-domain socket) */ -static char * -get_socket_path (gnupg_fd_t fd) -{ -#ifdef HAVE_W32_SYSTEM - return NULL; -#else - struct sockaddr_un un; - socklen_t len = sizeof(un); - char *ret = NULL; - - if (fd == GNUPG_INVALID_FD) - return NULL; - - if (getsockname (fd, (struct sockaddr*)&un, &len) != 0) - log_error ("could not getsockname(%d) -- error %d (%s)\n", fd, - errno, strerror(errno)); - else if (un.sun_family != AF_UNIX) - log_error ("file descriptor %d is not a unix-domain socket\n", fd); - else if (len <= offsetof (struct sockaddr_un, sun_path)) - log_error ("socket path not present for file descriptor %d\n", fd); - else if (len > sizeof(un)) - log_error ("socket path for file descriptor %d was truncated " - "(passed %lu bytes, wanted %u)\n", fd, sizeof(un), len); - else - { - log_debug ("file descriptor %d has path %s (%lu octets)\n", fd, - un.sun_path, len - offsetof (struct sockaddr_un, sun_path)); - ret = malloc(len - offsetof (struct sockaddr_un, sun_path)); - if (ret == NULL) - log_error ("failed to allocate memory for path to file " - "descriptor %d\n", fd); - else - memcpy (ret, un.sun_path, len); - } - return ret; -#endif /* HAVE_W32_SYSTEM */ -} - - -/* Discover which inherited file descriptors correspond to which - services/sockets offered by gpg-agent, using the LISTEN_FDS and - LISTEN_FDNAMES convention. The understood labels are "ssh", - "extra", and "browser". Any other label will be interpreted as the - standard socket. - - This function is designed to log errors when the expected file - descriptors don't make sense, but to do its best to continue to - work even in the face of minor misconfigurations. - - For more information on the LISTEN_FDS convention, see - sd_listen_fds(3). - */ -static void -map_supervised_sockets (gnupg_fd_t *fd, - gnupg_fd_t *fd_extra, - gnupg_fd_t *fd_browser, - gnupg_fd_t *fd_ssh) -{ - const char *listen_pid = NULL; - const char *listen_fds = NULL; - const char *listen_fdnames = NULL; - int listen_fd_count = -1; - int listen_fdnames_colons = 0; - const char *fdnamep = NULL; - - listen_pid = getenv ("LISTEN_PID"); - listen_fds = getenv ("LISTEN_FDS"); - listen_fdnames = getenv ("LISTEN_FDNAMES"); - - if (!listen_pid) - log_error ("no $LISTEN_PID environment variable found in " - "--supervised mode (ignoring).\n"); - else if (atoi (listen_pid) != getpid ()) - log_error ("$LISTEN_PID (%d) does not match process ID (%d) " - "in --supervised mode (ignoring).\n", - atoi (listen_pid), getpid ()); - else - log_debug ("$LISTEN_PID matches process ID (%d)\n", - getpid()); - - if (listen_fdnames) - for (fdnamep = listen_fdnames; *fdnamep; fdnamep++) - if (*fdnamep == ':') - listen_fdnames_colons++; - log_debug ("%d colon(s) in $LISTEN_FDNAMES: (%s)\n", listen_fdnames_colons, listen_fdnames); - - if (!listen_fds) - { - if (!listen_fdnames) - { - log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables " - "found in --supervised mode (assuming 1 active descriptor).\n"); - listen_fd_count = 1; - } - else - { - log_error ("no LISTEN_FDS environment variable found in --supervised " - " mode (relying on colons in LISTEN_FDNAMES instead)\n"); - listen_fd_count = listen_fdnames_colons + 1; - } - } - else - listen_fd_count = atoi (listen_fds); - - if (listen_fd_count < 1) - { - log_error ("--supervised mode expects at least one file descriptor (was told %d) " - "(carrying on as though it were 1)\n", listen_fd_count); - listen_fd_count = 1; - } - - if (!listen_fdnames) - { - if (listen_fd_count != 1) - log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1 in --supervised mode. " - "(ignoring all sockets but the first one)\n", listen_fd_count); - *fd = 3; - } - else - { - int i; - if (listen_fd_count != listen_fdnames_colons + 1) - { - log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match " - "LISTEN_FDS (%d) in --supervised mode\n", - listen_fdnames_colons + 1, listen_fd_count); - exit (1); - } - - for (i = 3; i < 3 + listen_fd_count; i++) - { - int found = 0; - char *next = strchrnul(listen_fdnames, ':'); - *next = '\0'; -#define match_socket(var) if (!found && strcmp (listen_fdnames, #var) == 0) \ - { \ - found = 1; \ - if (*fd_ ## var == GNUPG_INVALID_FD) \ - { \ - *fd_ ## var = i; \ - log_info (#var " socket on fd %d\n", i); \ - } \ - else \ - { \ - log_error ("cannot listen on more than one " #var " socket. (closing fd %d)\n", i); \ - close (i); \ - } \ - } - match_socket(ssh); - match_socket(browser); - match_socket(extra); -#undef match_socket - if (!found) - { - if (*fd == GNUPG_INVALID_FD) - { - *fd = i; - log_info ("standard socket (\"%s\") on fd %d\n", - listen_fdnames, i); - } - else - { - log_error ("cannot listen on more than one standard socket. (closing fd %d)\n", i); - close (i); - } - } - listen_fdnames = next + 1; - } - } -} - - /* The main entry point. */ int main (int argc, char **argv ) @@ -1425,10 +1453,8 @@ main (int argc, char **argv ) } else if (is_supervised) { - gnupg_fd_t fd = GNUPG_INVALID_FD; - gnupg_fd_t fd_extra = GNUPG_INVALID_FD; - gnupg_fd_t fd_browser = GNUPG_INVALID_FD; - gnupg_fd_t fd_ssh = GNUPG_INVALID_FD; +#ifndef HAVE_W32_SYSTEM + gnupg_fd_t fd, fd_extra, fd_browser, fd_ssh; /* when supervised and sending logs to stderr, the process supervisor should handle log entry metadata (pid, name, @@ -1439,29 +1465,17 @@ main (int argc, char **argv ) log_info ("%s %s starting in supervised mode.\n", strusage(11), strusage(13) ); - /* See below on why we remove certain envvars. */ -#ifndef HAVE_W32_SYSTEM + /* See below in "regular server mode" on why we remove certain + * envvars. */ if (!opt.keep_display) gnupg_unsetenv ("DISPLAY"); -#endif gnupg_unsetenv ("INSIDE_EMACS"); - /* Virtually create the sockets. */ + /* Virtually create the sockets. Note that we use -1 here + * because the whole thing works only on Unix. */ map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh); - if (fd == GNUPG_INVALID_FD) - { - log_error ("no standard socket provided\n"); - agent_exit (1); - } - /* record socket names where possible: */ - socket_name = get_socket_path (fd); - socket_name_extra = get_socket_path (fd_extra); - if (socket_name_extra) - opt.extra_socket = 2; - socket_name_browser = get_socket_path (fd_browser); - if (socket_name_browser) - opt.browser_socket = 2; - socket_name_ssh = get_socket_path (fd_ssh); + if (fd == -1) + log_fatal ("no standard socket provided\n"); #ifdef HAVE_SIGPROCMASK if (startup_signal_mask_valid) @@ -1477,7 +1491,7 @@ main (int argc, char **argv ) log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n", fd, fd_extra, fd_browser, fd_ssh); handle_connections (fd, fd_extra, fd_browser, fd_ssh); - assuan_sock_close (fd); +#endif /*!HAVE_W32_SYSTEM*/ } else if (!is_daemon) ; /* NOTREACHED */ diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 7aacb7b..cc10a79 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -164,12 +164,14 @@ shell, gpg-agent terminates within a few seconds. Run in the foreground, sending logs by default to stderr, and listening on provided file descriptors, which must already be bound to listening sockets. This command is useful when running under systemd -or other similar process supervision schemes. +or other similar process supervision schemes. This option is not +supported on Windows. In --supervised mode, different file descriptors can be provided for use as different socket types (e.g. ssh, extra) as long as they are -identified in the environment variable $LISTEN_FDNAMES (see -sd_listen_fds(3) for more information on this convention). +identified in the environment variable @code{LISTEN_FDNAMES} (see +sd_listen_fds(3) on some Linux distributions for more information on +this convention). @end table @mansect options commit afcfae7959f39e7d85309b9496e1f1cf9acd5cc2 Author: Werner Koch Date: Tue Oct 4 16:57:55 2016 +0200 agent: Adjust cleanup for supervised mode. Fix for W32. * agent/gpg-agent.c (opts) [W32]: Remove option --supervised. (is_supervised): Move from main() to global. (inhibit_socket_removal): New. (cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL. (check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of seting the socket names to empty. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 3e938f5..0ebba1e 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -153,7 +153,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")), ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")), - ARGPARSE_s_n (oSupervised, "supervised", N_("run supervised (e.g., systemd)")), +#ifndef HAVE_W32_SYSTEM + ARGPARSE_s_n (oSupervised, "supervised", N_("run in supervised mode")), +#endif ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")), @@ -323,6 +325,12 @@ static int check_own_socket_running; /* Flags to indicate that check_own_socket shall not be called. */ static int disable_check_own_socket; +/* Flag indicating that we are in supervised mode. */ +static int is_supervised; + +/* Flag to inhibit socket removal in cleanup. */ +static int inhibit_socket_removal; + /* It is possible that we are currently running under setuid permissions */ static int maybe_setuid = 1; @@ -579,12 +587,15 @@ cleanup (void) return; done = 1; deinitialize_module_cache (); - remove_socket (socket_name, redir_socket_name); - if (opt.extra_socket > 1) - remove_socket (socket_name_extra, redir_socket_name_extra); - if (opt.browser_socket > 1) - remove_socket (socket_name_browser, redir_socket_name_browser); - remove_socket (socket_name_ssh, redir_socket_name_ssh); + if (!is_supervised && !inhibit_socket_removal) + { + remove_socket (socket_name, redir_socket_name); + if (opt.extra_socket > 1) + remove_socket (socket_name_extra, redir_socket_name_extra); + if (opt.browser_socket > 1) + remove_socket (socket_name_browser, redir_socket_name_browser); + remove_socket (socket_name_ssh, redir_socket_name_ssh); + } } @@ -934,7 +945,6 @@ main (int argc, char **argv ) int default_config =1; int pipe_server = 0; int is_daemon = 0; - int is_supervised = 0; int nodetach = 0; int csh_style = 0; char *logfile = NULL; @@ -3055,11 +3065,8 @@ check_own_socket_thread (void *arg) if (rc) { /* We may not remove the socket as it is now in use by another - server. Setting the name to empty does this. */ - if (socket_name) - *socket_name = 0; - if (socket_name_ssh) - *socket_name_ssh = 0; + server. */ + inhibit_socket_removal = 1; shutdown_pending = 2; log_info ("this process is useless - shutting down\n"); } commit dc059af1ff007842e2633e686c87d05daf1d45e3 Author: Werner Koch Date: Tue Oct 4 11:23:18 2016 +0200 agent: Adjust supervised mode for the new default socket names. * agent/gpg-agent.c (main): In supervised mode do not provide default socket names. Unset DISPLAY and INSIDE_EMACS. Use log_error and agent_exit. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 9221dc3..3e938f5 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1244,10 +1244,10 @@ main (int argc, char **argv ) agent_exit (0); } - if (! opt.extra_socket) - { - opt.extra_socket = 1; - } + if (is_supervised) + ; + else if (!opt.extra_socket) + opt.extra_socket = 1; else if (socket_name_extra && (!strcmp (socket_name_extra, "none") || !strcmp (socket_name_extra, "/dev/null"))) @@ -1257,10 +1257,10 @@ main (int argc, char **argv ) socket_name_extra = NULL; } - if (! opt.browser_socket) - { - opt.browser_socket = 1; - } + if (is_supervised) + ; + else if (!opt.browser_socket) + opt.browser_socket = 1; else if (socket_name_browser && (!strcmp (socket_name_browser, "none") || !strcmp (socket_name_browser, "/dev/null"))) @@ -1429,11 +1429,19 @@ main (int argc, char **argv ) log_info ("%s %s starting in supervised mode.\n", strusage(11), strusage(13) ); + /* See below on why we remove certain envvars. */ +#ifndef HAVE_W32_SYSTEM + if (!opt.keep_display) + gnupg_unsetenv ("DISPLAY"); +#endif + gnupg_unsetenv ("INSIDE_EMACS"); + + /* Virtually create the sockets. */ map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh); if (fd == GNUPG_INVALID_FD) { - log_fatal ("no standard socket provided\n"); - exit (1); + log_error ("no standard socket provided\n"); + agent_exit (1); } /* record socket names where possible: */ socket_name = get_socket_path (fd); @@ -1456,8 +1464,8 @@ main (int argc, char **argv ) log_info ("no saved signal mask\n"); #endif /*HAVE_SIGPROCMASK*/ - log_debug ("FDs: std: %d extra: %d browser: %d ssh: %d\n", - fd, fd_extra, fd_browser, fd_ssh); + log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n", + fd, fd_extra, fd_browser, fd_ssh); handle_connections (fd, fd_extra, fd_browser, fd_ssh); assuan_sock_close (fd); } commit 9f92b62a51d2d60f038fdbe01602865c5933fa95 Author: Daniel Kahn Gillmor Date: Fri Aug 12 01:37:59 2016 -0400 agent: Implement --supervised command (for systemd, etc). * agent/gpg-agent.c (get_socket_path): New function for POSIX systems to return the path for a provided unix-domain socket. (map_supervised_sockets): New function to inspect $LISTEN_FDS and $LISTEN_FDNAMES and map them to the specific functionality offered by the agent. (main): Add --supervised command. When used, listen on already-open file descriptors instead of opening our own. * doc/gpg-agent.texi: Document --supervised option. -- "gpg-agent --supervised" is a way to invoke gpg-agent such that a system supervisor like systemd can provide socket-activated startup, log management, and scheduled shutdown. When running in this mode, gpg-agent: * Does not open its own listening socket; rather, it expects to be given a listening socket on incoming file descriptors. * Does not detach from the invoking process, staying in the foreground instead. Unless otherwise specified, logs are sent to stderr. Signed-off-by: Daniel Kahn Gillmor diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index e65198a..9221dc3 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -90,6 +90,7 @@ enum cmd_and_opt_values oLogFile, oServer, oDaemon, + oSupervised, oBatch, oPinentryProgram, @@ -152,6 +153,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")), ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")), + ARGPARSE_s_n (oSupervised, "supervised", N_("run supervised (e.g., systemd)")), ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")), @@ -730,6 +732,7 @@ thread_init_once (void) } } + static void initialize_modules (void) { @@ -742,6 +745,180 @@ initialize_modules (void) } +/* return a malloc'ed string that is the path to the passed unix-domain socket + (or return NULL if this is not a valid unix-domain socket) */ +static char * +get_socket_path (gnupg_fd_t fd) +{ +#ifdef HAVE_W32_SYSTEM + return NULL; +#else + struct sockaddr_un un; + socklen_t len = sizeof(un); + char *ret = NULL; + + if (fd == GNUPG_INVALID_FD) + return NULL; + + if (getsockname (fd, (struct sockaddr*)&un, &len) != 0) + log_error ("could not getsockname(%d) -- error %d (%s)\n", fd, + errno, strerror(errno)); + else if (un.sun_family != AF_UNIX) + log_error ("file descriptor %d is not a unix-domain socket\n", fd); + else if (len <= offsetof (struct sockaddr_un, sun_path)) + log_error ("socket path not present for file descriptor %d\n", fd); + else if (len > sizeof(un)) + log_error ("socket path for file descriptor %d was truncated " + "(passed %lu bytes, wanted %u)\n", fd, sizeof(un), len); + else + { + log_debug ("file descriptor %d has path %s (%lu octets)\n", fd, + un.sun_path, len - offsetof (struct sockaddr_un, sun_path)); + ret = malloc(len - offsetof (struct sockaddr_un, sun_path)); + if (ret == NULL) + log_error ("failed to allocate memory for path to file " + "descriptor %d\n", fd); + else + memcpy (ret, un.sun_path, len); + } + return ret; +#endif /* HAVE_W32_SYSTEM */ +} + + +/* Discover which inherited file descriptors correspond to which + services/sockets offered by gpg-agent, using the LISTEN_FDS and + LISTEN_FDNAMES convention. The understood labels are "ssh", + "extra", and "browser". Any other label will be interpreted as the + standard socket. + + This function is designed to log errors when the expected file + descriptors don't make sense, but to do its best to continue to + work even in the face of minor misconfigurations. + + For more information on the LISTEN_FDS convention, see + sd_listen_fds(3). + */ +static void +map_supervised_sockets (gnupg_fd_t *fd, + gnupg_fd_t *fd_extra, + gnupg_fd_t *fd_browser, + gnupg_fd_t *fd_ssh) +{ + const char *listen_pid = NULL; + const char *listen_fds = NULL; + const char *listen_fdnames = NULL; + int listen_fd_count = -1; + int listen_fdnames_colons = 0; + const char *fdnamep = NULL; + + listen_pid = getenv ("LISTEN_PID"); + listen_fds = getenv ("LISTEN_FDS"); + listen_fdnames = getenv ("LISTEN_FDNAMES"); + + if (!listen_pid) + log_error ("no $LISTEN_PID environment variable found in " + "--supervised mode (ignoring).\n"); + else if (atoi (listen_pid) != getpid ()) + log_error ("$LISTEN_PID (%d) does not match process ID (%d) " + "in --supervised mode (ignoring).\n", + atoi (listen_pid), getpid ()); + else + log_debug ("$LISTEN_PID matches process ID (%d)\n", + getpid()); + + if (listen_fdnames) + for (fdnamep = listen_fdnames; *fdnamep; fdnamep++) + if (*fdnamep == ':') + listen_fdnames_colons++; + log_debug ("%d colon(s) in $LISTEN_FDNAMES: (%s)\n", listen_fdnames_colons, listen_fdnames); + + if (!listen_fds) + { + if (!listen_fdnames) + { + log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables " + "found in --supervised mode (assuming 1 active descriptor).\n"); + listen_fd_count = 1; + } + else + { + log_error ("no LISTEN_FDS environment variable found in --supervised " + " mode (relying on colons in LISTEN_FDNAMES instead)\n"); + listen_fd_count = listen_fdnames_colons + 1; + } + } + else + listen_fd_count = atoi (listen_fds); + + if (listen_fd_count < 1) + { + log_error ("--supervised mode expects at least one file descriptor (was told %d) " + "(carrying on as though it were 1)\n", listen_fd_count); + listen_fd_count = 1; + } + + if (!listen_fdnames) + { + if (listen_fd_count != 1) + log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1 in --supervised mode. " + "(ignoring all sockets but the first one)\n", listen_fd_count); + *fd = 3; + } + else + { + int i; + if (listen_fd_count != listen_fdnames_colons + 1) + { + log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match " + "LISTEN_FDS (%d) in --supervised mode\n", + listen_fdnames_colons + 1, listen_fd_count); + exit (1); + } + + for (i = 3; i < 3 + listen_fd_count; i++) + { + int found = 0; + char *next = strchrnul(listen_fdnames, ':'); + *next = '\0'; +#define match_socket(var) if (!found && strcmp (listen_fdnames, #var) == 0) \ + { \ + found = 1; \ + if (*fd_ ## var == GNUPG_INVALID_FD) \ + { \ + *fd_ ## var = i; \ + log_info (#var " socket on fd %d\n", i); \ + } \ + else \ + { \ + log_error ("cannot listen on more than one " #var " socket. (closing fd %d)\n", i); \ + close (i); \ + } \ + } + match_socket(ssh); + match_socket(browser); + match_socket(extra); +#undef match_socket + if (!found) + { + if (*fd == GNUPG_INVALID_FD) + { + *fd = i; + log_info ("standard socket (\"%s\") on fd %d\n", + listen_fdnames, i); + } + else + { + log_error ("cannot listen on more than one standard socket. (closing fd %d)\n", i); + close (i); + } + } + listen_fdnames = next + 1; + } + } +} + + /* The main entry point. */ int main (int argc, char **argv ) @@ -757,6 +934,7 @@ main (int argc, char **argv ) int default_config =1; int pipe_server = 0; int is_daemon = 0; + int is_supervised = 0; int nodetach = 0; int csh_style = 0; char *logfile = NULL; @@ -954,6 +1132,7 @@ main (int argc, char **argv ) case oSh: csh_style = 0; break; case oServer: pipe_server = 1; break; case oDaemon: is_daemon = 1; break; + case oSupervised: is_supervised = 1; break; case oDisplay: default_display = xstrdup (pargs.r.ret_str); break; case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break; @@ -1053,9 +1232,9 @@ main (int argc, char **argv ) bind_textdomain_codeset (PACKAGE_GT, "UTF-8"); #endif - if (!pipe_server && !is_daemon && !gpgconf_list) + if (!pipe_server && !is_daemon && !gpgconf_list && !is_supervised) { - /* We have been called without any options and thus we merely + /* We have been called without any command and thus we merely check whether an agent is already running. We do this right here so that we don't clobber a logfile with this check but print the status directly to stderr. */ @@ -1234,6 +1413,54 @@ main (int argc, char **argv ) agent_deinit_default_ctrl (ctrl); xfree (ctrl); } + else if (is_supervised) + { + gnupg_fd_t fd = GNUPG_INVALID_FD; + gnupg_fd_t fd_extra = GNUPG_INVALID_FD; + gnupg_fd_t fd_browser = GNUPG_INVALID_FD; + gnupg_fd_t fd_ssh = GNUPG_INVALID_FD; + + /* when supervised and sending logs to stderr, the process + supervisor should handle log entry metadata (pid, name, + timestamp) */ + if (!logfile) + log_set_prefix (NULL, 0); + + log_info ("%s %s starting in supervised mode.\n", + strusage(11), strusage(13) ); + + map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh); + if (fd == GNUPG_INVALID_FD) + { + log_fatal ("no standard socket provided\n"); + exit (1); + } + /* record socket names where possible: */ + socket_name = get_socket_path (fd); + socket_name_extra = get_socket_path (fd_extra); + if (socket_name_extra) + opt.extra_socket = 2; + socket_name_browser = get_socket_path (fd_browser); + if (socket_name_browser) + opt.browser_socket = 2; + socket_name_ssh = get_socket_path (fd_ssh); + +#ifdef HAVE_SIGPROCMASK + if (startup_signal_mask_valid) + { + if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL)) + log_error ("error restoring signal mask: %s\n", + strerror (errno)); + } + else + log_info ("no saved signal mask\n"); +#endif /*HAVE_SIGPROCMASK*/ + + log_debug ("FDs: std: %d extra: %d browser: %d ssh: %d\n", + fd, fd_extra, fd_browser, fd_ssh); + handle_connections (fd, fd_extra, fd_browser, fd_ssh); + assuan_sock_close (fd); + } else if (!is_daemon) ; /* NOTREACHED */ else @@ -1246,6 +1473,8 @@ main (int argc, char **argv ) pid_t pid; #endif + initialize_modules (); + /* Remove the DISPLAY variable so that a pinentry does not default to a specific display. There is still a default display when gpg-agent was started using --display or a diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 0bb7db2..7aacb7b 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -158,6 +158,18 @@ As an alternative you may create a new process as a child of gpg-agent: @code{gpg-agent --daemon /bin/sh}. This way you get a new shell with the environment setup properly; after you exit from this shell, gpg-agent terminates within a few seconds. + + at item --supervised + at opindex supervised +Run in the foreground, sending logs by default to stderr, and +listening on provided file descriptors, which must already be bound to +listening sockets. This command is useful when running under systemd +or other similar process supervision schemes. + +In --supervised mode, different file descriptors can be provided for +use as different socket types (e.g. ssh, extra) as long as they are +identified in the environment variable $LISTEN_FDNAMES (see +sd_listen_fds(3) for more information on this convention). @end table @mansect options ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 300 +++++++++++++++++++++++++++++++++++++++++++++++++---- doc/gpg-agent.texi | 14 +++ 2 files changed, 293 insertions(+), 21 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 08:16:21 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Wed, 05 Oct 2016 08:16:21 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-198-ga2127c7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a2127c71dbf87c1710b43d91a733dd4c9b2953bc (commit) from 1a9c8d78ece2f31fdb1a8e2be049aa71053061fa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a2127c71dbf87c1710b43d91a733dd4c9b2953bc Author: Daniel Kahn Gillmor Date: Wed Oct 5 00:23:11 2016 -0400 agent: Fix error handling in map_supervised_sockets * agent/gpg-agent.c (map_supervised_sockets): the file descriptor to close on error is fd, not i. Signed-off-by: Daniel Kahn Gillmor diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 1696e5a..9c7b8fc 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -758,14 +758,14 @@ map_supervised_sockets (gnupg_fd_t *r_fd, { log_error ("cannot listen on fd %d for %s socket\n", fd, tbl[j].label); - close (i); + close (fd); } } else { log_error ("cannot listen on more than one %s socket\n", tbl[j].label); - close (i); + close (fd); } break; } ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 09:21:00 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Oct 2016 09:21:00 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-199-gf57dc2b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f57dc2b1e6f28d164f882373535dbcb0d632ca17 (commit) from a2127c71dbf87c1710b43d91a733dd4c9b2953bc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f57dc2b1e6f28d164f882373535dbcb0d632ca17 Author: Werner Koch Date: Wed Oct 5 09:13:27 2016 +0200 agent: Fix npth + supervised mode problem. * agent/gpg-agent.c (main): Initialize modules in supervised mode. -- It was probably my fault. I had to rebase my patches to take in the npth patches but for some reason my addition of initialize_modules got lost. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 9c7b8fc..dcc9bb6 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1456,6 +1456,8 @@ main (int argc, char **argv ) #ifndef HAVE_W32_SYSTEM gnupg_fd_t fd, fd_extra, fd_browser, fd_ssh; + initialize_modules (); + /* when supervised and sending logs to stderr, the process supervisor should handle log entry metadata (pid, name, timestamp) */ ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 12:00:43 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Oct 2016 12:00:43 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-201-ge514a5b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e514a5b725f0c997cef4362808b2778a3faa9cf8 (commit) via 1cedc32c95c2e3c3ab98af23ddc2845d51e596c1 (commit) from f57dc2b1e6f28d164f882373535dbcb0d632ca17 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e514a5b725f0c997cef4362808b2778a3faa9cf8 Author: Werner Koch Date: Wed Oct 5 11:51:32 2016 +0200 wks: Add option --fake-submission-addr to gpg-wks-client. * tools/gpg-wks-client.c (oFakeSubmissionAddr): New. (opts): Add option --fake-submission-addr. (fake_submission_addr): New variable. (parse_arguments): Set it. (command_send): Use --fake-submission-addr. -- This option is useful for testing. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index f4257ec..4df54cc 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -56,6 +56,7 @@ enum cmd_and_opt_values oGpgProgram, oSend, + oFakeSubmissionAddr, oDummy }; @@ -83,6 +84,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"), ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"), + ARGPARSE_s_s (oFakeSubmissionAddr, "fake-submission-addr", "@"), ARGPARSE_end () }; @@ -102,6 +104,11 @@ static struct debug_flags_s debug_flags [] = }; + +/* Value of the option --fake-submission-addr. */ +const char *fake_submission_addr; + + static void wrong_args (const char *text) GPGRT_ATTR_NORETURN; static gpg_error_t command_supported (char *userid); static gpg_error_t command_send (const char *fingerprint, char *userid); @@ -180,6 +187,9 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case oOutput: opt.output = pargs->r.ret_str; break; + case oFakeSubmissionAddr: + fake_submission_addr = pargs->r.ret_str; + break; case aSupported: case aCreate: @@ -551,30 +561,37 @@ command_send (const char *fingerprint, char *userid) goto leave; /* Get the submission address. */ - err = wkd_get_submission_address (addrspec, &submission_to); + if (fake_submission_addr) + { + submission_to = xstrdup (fake_submission_addr); + err = 0; + } + else + err = wkd_get_submission_address (addrspec, &submission_to); if (err) goto leave; log_info ("submitting request to '%s'\n", submission_to); /* Get the policy flags. */ - { - estream_t mbuf; + if (!fake_submission_addr) + { + estream_t mbuf; - err = wkd_get_policy_flags (addrspec, &mbuf); - if (err) - { - log_error ("error reading policy flags for '%s': %s\n", - submission_to, gpg_strerror (err)); - goto leave; - } - if (mbuf) - { - err = wks_parse_policy (&policy, mbuf, 1); - es_fclose (mbuf); - if (err) + err = wkd_get_policy_flags (addrspec, &mbuf); + if (err) + { + log_error ("error reading policy flags for '%s': %s\n", + submission_to, gpg_strerror (err)); goto leave; } - } + if (mbuf) + { + err = wks_parse_policy (&policy, mbuf, 1); + es_fclose (mbuf); + if (err) + goto leave; + } + } if (policy.auth_submit) log_info ("no confirmation required for '%s'\n", addrspec); commit 1cedc32c95c2e3c3ab98af23ddc2845d51e596c1 Author: Werner Koch Date: Wed Oct 5 11:48:59 2016 +0200 agent: Another minor fix to map_supervised_sockets. * agent/gpg-agent.c (map_supervised_sockets): Remove debug message. Provide correct fd in the second error case. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index dcc9bb6..a4025ce 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -739,13 +739,11 @@ map_supervised_sockets (gnupg_fd_t *r_fd, { for (j = 0; j < DIM (tbl); j++) { - log_debug ("i=%d j=%d fdname=%s check=%s\n", i, j, - fdnames[i], tbl[j].label); if (!strcmp (fdnames[i], tbl[j].label) || j == DIM(tbl)-1) { + fd = 3 + i; if (**tbl[j].fdaddr == -1) { - fd = 3 + i; name = get_socket_name (fd); if (name) { ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 4 +--- tools/gpg-wks-client.c | 49 +++++++++++++++++++++++++++++++++---------------- 2 files changed, 34 insertions(+), 19 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 13:09:46 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Oct 2016 13:09:46 +0200 Subject: [git] gnupg-doc - branch, master, updated. e28c0acedc6f13459022f3324264e77c2da4f768 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e28c0acedc6f13459022f3324264e77c2da4f768 (commit) from 83cb8037c27558e8de8bc62876a713562f491aed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e28c0acedc6f13459022f3324264e77c2da4f768 Author: Werner Koch Date: Wed Oct 5 13:06:48 2016 +0200 drafts,openpgp-webkey-service: Published -02 diff --git a/misc/id/openpgp-webkey-service/Makefile b/misc/id/openpgp-webkey-service/Makefile index dad63f1..9023455 100644 --- a/misc/id/openpgp-webkey-service/Makefile +++ b/misc/id/openpgp-webkey-service/Makefile @@ -14,6 +14,7 @@ draft.txt, draft.xml: draft.org --eval $(MD_EXAMPLE_FIX) \ --visit "draft.org" \ --eval "(org-md-export-to-markdown)" + sed -i 's/\*\*$.*$:\*\*/"\1":/' draft.md sed template.xml sed tmp-abstract.md diff --git a/misc/id/openpgp-webkey-service/draft-koch-openpgp-webkey-service-02.txt b/misc/id/openpgp-webkey-service/draft-koch-openpgp-webkey-service-02.txt new file mode 100644 index 0000000..0ac9ab9 --- /dev/null +++ b/misc/id/openpgp-webkey-service/draft-koch-openpgp-webkey-service-02.txt @@ -0,0 +1,896 @@ + + + + +Network Working Group W. Koch +Internet-Draft GnuPG Project +Intended status: Informational October 5, 2016 +Expires: April 8, 2017 + + + OpenPGP Web Key Service + draft-koch-openpgp-webkey-service-02 + +Abstract + + This specification describes a service to locate OpenPGP keys by mail + address using a Web service and the HTTPS protocol. It also provides + a method for secure communication between the key owner and the mail + provider to publish and revoke the public key. + +Status of This Memo + + This Internet-Draft is submitted in full conformance with the + provisions of BCP 78 and BCP 79. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF). Note that other groups may also distribute + working documents as Internet-Drafts. The list of current Internet- + Drafts is at http://datatracker.ietf.org/drafts/current/. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + This Internet-Draft will expire on April 8, 2017. + +Copyright Notice + + Copyright (c) 2016 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + + + +Koch Expires April 8, 2017 [Page 1] + +Internet-Draft OpenPGP Web Key Service October 2016 + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 2. Notational Conventions . . . . . . . . . . . . . . . . . . . 2 + 3. Web Key Directory . . . . . . . . . . . . . . . . . . . . . . 2 + 3.1. Key Discovery . . . . . . . . . . . . . . . . . . . . . . 3 + 4. Web Key Directory Update Protocol . . . . . . . . . . . . . . 4 + 4.1. The Submission Address . . . . . . . . . . . . . . . . . 5 + 4.2. The Submission Mail . . . . . . . . . . . . . . . . . . . 6 + 4.3. The Confirmation Request . . . . . . . . . . . . . . . . 6 + 4.4. The Confirmation Response . . . . . . . . . . . . . . . . 8 + 4.5. Policy Flags . . . . . . . . . . . . . . . . . . . . . . 8 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 + 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 + 6.1. Well-Known URI . . . . . . . . . . . . . . . . . . . . . 9 + 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 + 8. Normative References . . . . . . . . . . . . . . . . . . . . 10 + Appendix A. Sample Protocol Run . . . . . . . . . . . . . . . . 10 + A.1. Sample Keys . . . . . . . . . . . . . . . . . . . . . . . 10 + A.2. Sample Messages . . . . . . . . . . . . . . . . . . . . . 11 + Appendix B. Changes Since -01 . . . . . . . . . . . . . . . . . 15 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16 + +1. Introduction + + This memo describes a method to associate OpenPGP keys with a mail + address and how to look them up using a web service with a well-known + URI. In addition a mail based protocol is given to allow a client to + setup such an association and to maintain it. + +2. Notational Conventions + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + +3. Web Key Directory + + A major use case for OpenPGP is the encryption of mail. A common + difficulty of sending encrypted mails to a new communication partner + is to find the appropriate public key of the recipient. Unless an + off-channel key exchange has been done, there are no easy ways to + discover the required key. The common practice is to search the + network of public key servers for a key matching the recipient's mail + address. This practise bears the problem that the keyservers are not + able to give a positive confirmation that a key actually belongs to + the mail addresses given in the key. Further, there are often + several keys matching a mail address and thus one needs to pick a key + + + +Koch Expires April 8, 2017 [Page 2] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + on good luck. This is clearly not a secure way to setup an end-to- + end encryption. Even if the need for a trusted key for an initial + mail message is relinquished, a non-authenticated key may be a wrong + one and the actual recipient would receive a mail which she can't + decrypt, due to the use of a wrong key. + + Methods to overcome this problem are + + o sending an initial unencrypted message with the public key + attached, + + o using the OpenPGP DANE protocol to lookup the recipients key via + the DNS. + + The first method has the obvious problems of not even trying to + encrypt the initial mail, an extra mail round-trip, and problems with + unattended key discovery. + + The latter method works fine but requires that mail providers need to + set up a separate DNS resolver to provide the key. The + administration of a DNS zone is often not in the hands of small mail + installations. Thus an update of the DNS resource records needs to + be delegated to the ISP running the DNS service. Further, DNS + lookups are not encrypted and missing all confidentially. Even if + the participating MUAs are using STARTTLS to encrypt the mail + exchange, a DNS lookup for the key unnecessarily identifies the + local-part of the recipients mail address to any passive + eavesdroppers. + + This memo specified a new method for key discovery using an encrypted + https connection. + +3.1. Key Discovery + + Although URIs are able to encode all kind of characters, + straightforward implementations of a key directory may want to store + the "local-part" of a mail address directly in the file system. This + forbids the use of certain characters in the "local-part". To allow + for such an implementation method the URI uses an encoded form of the + "local-part" which can be directly mapped to a file name. + + OpenPGP defines its User IDs, and thus the mail address, as UTF-8 + strings. To help with the common pattern of using capitalized names + (e.g. "Joe.Doe at example.org") for mail addresses, and under the + premise that almost all MTAs treat the "local-part" case-insensitive + and that the "domain-part" is required to be compared case- + insensitive anyway, all upper-case ASCII characters in a User ID are + mapped to lowercase. Non-ASCII characters are not changed. + + + +Koch Expires April 8, 2017 [Page 3] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + The so mapped "local-part" is hashed using the SHA-1 algorithm. The + resulting 160 bit digest is encoded using the Z-Base-32 method as + described in [RFC6189], section 5.1.6. The resulting string has a + fixed length of 32 octets. To form the URI, the scheme "https://" is + concatenated with the mapped "domain-part", the fixed string "/.well- + known/openpgpkey/hu/", and the above constructed 32 octet string. + + For example the URI to lookup the key for Joe.Doe at Example.ORG is: + + https://example.org/.well-known/openpgpkey/ + hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q + + (line has been wrapped for rendering purposes) + + The HTTP GET method MUST return the binary representation of the + OpenPGP key for the given mail address. The key needs to carry a + User ID packet ([RFC4880]) with that mail address. Note that the key + may be revoked or expired - it is up to the client to handle such + conditions. To ease distribution of revoked keys, a server may + return revoked keys in addition to a new key. The keys are returned + by a single request as concatenated key blocks. + + The server MUST accept the HTTP HEAD method to allow a client to + check for the existence of a key. + + The server SHOULD return "application/octet-string" as the Content- + Type for the data but clients SHOULD also accept any other Content- + Type. The server MUST NOT return an ASCII armored version of the + key. + +4. Web Key Directory Update Protocol + + To put keys into the key directory a protocol to automate the task is + desirable. The protocol defined here is entirely based on mail and + the assumption that a mail provider can securely deliver mail to the + INBOX of a user (e.g. an IMAP folder). Note that the same protocol + may also be used for submitting keys for use with OpenPGP DANE. + + We assume that the user already created a key for her mail account + alice at example.org. To install the key at her provider's Web Key + Directory, she performs the following steps: + + 1. She retrieves a file which contains one line with the mail + address used to submit the key to the mail provider. See below + for the syntax of that file. For a mail address at the domain + "example.org" the URI of the file is + + https://example.org/.well-known/openpgpkey/submission-address + + + +Koch Expires April 8, 2017 [Page 4] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + 2. She sends her key using SMTP (or any other transport mechanism) + to the provider using the submission address and key format as + specified by PGP/MIME. + + 3. The provider checks that the received key has a User ID which + matches an account name of the provider. + + 4. The provider sends an encrypted message containing a nonce and + the fingerprint of the key to the mail account of the user. Note + that a similar scheme is used by the well known caff(1) tool to + help with key signing parties. + + 5. A legitimate user will be able to decrypt the message because she + created the key and is in charge of the private key. This step + verifies that the submitted key has actually been created by the + owner of the account. + + 6. The user sends the decrypted nonce back to the submission address + as a confirmation that the private key is owned by her and that + the provider may now publish the key. Although technically not + required, it is suggested that the mail to the provider is + encrypted. The public key for this is retrieved using the key + lookup protocol described above. + + 7. The provider receives the nonce, matches it with its database of + pending confirmations and then publishes the key. Finally the + provider sends a mail back to the user to notify her of the + publication of her key. + + The message data structures used for the above protocol are specified + in detail below. In the following sections the string "WELLKNOWN" + denotes the first part of an URI specific for a domain. In the + examples the domain "example.org" is assumed, thus + + WELLKNOWN := https://example.org/.well-known/openpgpkey + + The term "target key" denotes the to be published key, the term + "submission key" the key associated with the submission-address of + the mail provider. + +4.1. The Submission Address + + The address of the submission file is + + WELLKNOWN/submission-address + + The file consists of exactly one line, terminated by a LF, or the + sequence of CR and LF, with the full mail address to be used for + + + +Koch Expires April 8, 2017 [Page 5] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + submission of a key to the mail provider. For example the content of + the file may be + + key-submission-example.org at directory.example.org + +4.2. The Submission Mail + + The mail used to submit a key to the mail provider MUST comply to the + PGP/MIME specification ([RFC3156], section 7), which states that the + Content-Type must be "application/pgp-keys", there are no required or + optional parameters, and the body part contains the ASCII-armored + transferable Public Key Packets as defined in [RFC4880], section + 11.1. + + The mail provider MUST publish a key capable of signing and + encryption for the submission-address in the Web Key Directory or via + DANE. The key to be published MUST be submitted using a PGP/MIME + encrypted message ([RFC3156], section 4). The message MUST NOT be + signed (because the authenticity of the signing key has not yet been + confirmed). After decryption of the message at the mail provider a + single "application/pgp-keys" part, as specified above, is expected. + +4.3. The Confirmation Request + + The mail provider sends a confirmation mail in response to a received + key publication request. The message MUST be sent from the + submission-address of the mail provider to the mail address extracted + from the target key. The message needs to be a PGP/MIME signed + message using the submission key of the provider for the signature. + The signed message MUST have two parts: + + The first part MUST have "text" as its Content-Type and can be used + to explain the purpose of the mail. For example it may point to this + RFC and explain on how to manually perform the protocol. + + The second part jMUST have "application/vnd.gnupg.wkd" as its + Content-Type and carry an OpenPGP encrypted message in ASCII Armor + format. The message MUST be encrypted to the target key and MUST not + be signed. After decryption a text file in the Web Key data format + must be yielded. + + That data format consists of name-value pairs with one name-value + pair per LF or CR+LF terminated line. Empty lines are allowed and + will be ignored by the receiver. A colon is used to terminate a + name. + + In a confirmation request the following names MUST be send in the + specified order: + + + +Koch Expires April 8, 2017 [Page 6] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + o "type": The value must be "confirmation-request". + + o "sender": This is the mailbox the user is expected to sent the + confirmation response to. The value must match the mailbox part + of the "From:" address of this request. Exactly one address MUST + be given. + + o "address": The value is the addr-spec part of the target key's + mail address. The value SHOULD match the addr-spec part of the + recipient's address. The value MUST be UTF-8 encoded as required + for an OpenPGP User ID. + + o "fingerprint": The value is the fingerprint of the target key. + The fingerprint is given in uppercase hex encoding without any + interleaving spaces. + + o "nonce": The value is a string with a minimum length of 16 octets + and a maximum length of 64 octets. The string must entirely be + made up of random ASCII letters or digits. This nonce will be + sent back to the mail provider as proof that the recipient is the + legitimate owner of the target-key. + + The receiver of that message is expected to verify the outer + signature and disregard the entire message if it can't be verified or + has not been signed by the key associated with the submission + address. + + After the message as been verified the receiver decrypts the second + part of the message, checks that the "fingerprint" matches the target + key, checks that the "address" matches a User ID of the target key, + and checks the other constrains of the request format. If any + constraint is not asserted, or the fingerprint or User ID do not + match the target key, or there is no pending publication requests + (i.e. a mail recently sent o the submission address), the user MAY be + notified about this fake confirmation attempt. + + In other cases the confirmation request is legitimate and the MUA + shall silently send a response as described in the next section. + + The rationale for the outer signature used with this request is to + allow early detection of spam mails. This can be done prior to the + decryption step and avoids asking the user to enter a passphrase to + perform the decryption for a non-legitimate message. The use of a + simple encrypted attachment, instead of using PGP/MIME encryption, is + to convey the Content-Type of that attachment in the clear and also + to prevent automatic decryption of that attachment by PGP/MIME aware + clients. The MUA may in fact detect this confirmation request and + present a customized dialog for confirming that request. + + + +Koch Expires April 8, 2017 [Page 7] + +Internet-Draft OpenPGP Web Key Service October 2016 + + +4.4. The Confirmation Response + + A response to a confirmation request MUST only be send in the + positive case; there is no negative confirmation response. A mail + service provider is expected to cancel a pending key submission after + a suitable time without a confirmation. The mail service provider + SHOULD NOT retry the sending of a confirmation request after the + first request has been send successfully. + + The user MUST send the confirmation response from her target mail + address to the "from" address of the confirmation request. The + message MUST be signed and encrypted using the PGP/MIME Combined + format ([RFC3156], section 6.2). The signing key is the target key + and the encryption key is the key associated with the provider's + submission address. + + The Content-Type used for the plaintext message MUST also be + "application/vnd.gnupg.wkd". The format is the same as described + above for the Confirmation Request. The body must contain three + name-value pairs in this order: + + o "type": The value must be "confirmation-response". + + o "sender": The value must match the mailbox part of the "From:" + address of this response. Exactly one address MUST be given. + + o "nonce": The value is the value of the "nonce" parameter from the + confirmation request. + +4.5. Policy Flags + + For key generation and submission it is sometimes useful to tell the + client about certain properties of the mail provider in advance. + This can be done with a file at the URL + + WELLKNOWN/policy + + The file contains keywords and optioanlly values, one per line with + each line terminated by a LF or the sequence of CR and LF. Empty + lines and lines starting with a '#' character are considered comment + lines. A keyword is made up of lowercase letters, digits, hyphens, + or dots. An underscore is allowed as a name space delimiters; see + below. The first character must be a letter. Keywords which are + defined to require a value are directly followed by a colon and then + after optional white space the value. Clients MUST use case- + insensitive matching for the keyword. + + Currently defined keywords are: + + + +Koch Expires April 8, 2017 [Page 8] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + o "mailbox-only": The mail server provider does only accept keys + with only a mailbox in the User ID. In particular User IDs with a + real name in addition to the mailbox will be rejected as invalid. + + o "dane-only": The mail server provider does not run a Web Key + Directory but only an OpenPGP DANE service. The Web Key Directory + Update protocol is used to update the keys for the DANE service. + + o "auth-submit": The submission of the mail to the server is done + using an authenticated connection. Thus the submitted key will be + published immediately without any confirmation request. + + More keywords will be defined in updates to this I-D. There is no + registry except for this document. For experimental use of new + features or for provider specific settings, keywords MUST be prefixed + with a domain name and an underscore. + +5. Security Considerations + + The use of SHA-1 for the mapping of the "local-part" to a fixed + string is not a security feature but merely used to map the local- + part to a fixed-sized string made from a well defined set of + characters. It is not intended to conceal information about a mail + address. + + The domain name part of the mail address is not part of the hash to + avoid problems with internationalized domain names. Instead a + separate URL is required for each domain name. + +6. IANA Considerations + +6.1. Well-Known URI + + IANA is requested to assign a well-known URI in the "Well-Known URIs" + registry as defined by [RFC5785]: + + URI suffix: openpgpkey + + Change controller: IETF + + Specification document: This + +7. Acknowledgments + + The author would like to acknowledge the help of the individuals who + kindly voiced their opinions on the GnuPG mailing lists, in + particular, the help of Bernhard Reiter and Guilhem Moulin. + + + + +Koch Expires April 8, 2017 [Page 9] + +Internet-Draft OpenPGP Web Key Service October 2016 + + +8. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, + "MIME Security with OpenPGP", RFC 3156, August 2001. + + [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. + Thayer, "OpenPGP Message Format", RFC 4880, November 2007. + + [RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known + Uniform Resource Identifiers (URIs)", RFC 5785, DOI + 10.17487/RFC5785, April 2010, + . + + [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: + Media Path Key Agreement for Unicast Secure RTP", RFC + 6189, DOI 10.17487/RFC6189, April 2011, + . + +Appendix A. Sample Protocol Run + + The following non-normative example can be used by implementors as + guidance. + + Note that GnuPG version 2.1.12 supports the key discovery described + in version -00 of this document (auto-key-locate method "wkd"). + Version 2.1.16 can run the protocol decribed in this document but is + also able to run the protocol version specified by -01. + +A.1. Sample Keys + + This is the provider's submission key: + + + + + + + + + + + + + + + + + +Koch Expires April 8, 2017 [Page 10] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + -----BEGIN PGP PRIVATE KEY BLOCK----- + + lFgEV/TAohYJKwYBBAHaRw8BAQdAB/k9YQfSTI8qQqqK1KimH/BsvzsowWItSQPT + FP+fOC4AAP46uJ3Snno3Vy+kORye3rf0VvWvuz82voEQLxG6WpfHhREEtBprZXkt + c3VibWlzc2lvbkBleGFtcGxlLm5ldIh5BBMWCAAhBQJX9MCiAhsDBQsJCAcCBhUI + CQoLAgQWAgMBAh4BAheAAAoJEKhtNooW0cqEWMUA/0e9XaeptszWC9ZvPg8INL6a + BvRqPBYGU7PGmuXsxBovAQDyckOykG0UAfHVyN1w4gSK/biMcnqVr857i8/HuvjW + C5xdBFf0wKISCisGAQQBl1UBBQEBB0Apvaoe4MtSEJ1fpds/4DFl2kXXBpnVji/s + Wg9btdthNQMBCAcAAP9FJX99T1LEJzBnvBBnc6bimnT6/1OKM9RdO4R0/uVP6BFL + iGEEGBYIAAkFAlf0wKICGwwACgkQqG02ihbRyoTlGwD9FBr92osjL7HkhhZZ7Z2D + My3b9zpoZeMjvPg5YPqpdKMA/jhZoHuZCRMBYf7YRFb8aXtuyetDFZYrkjnum+OG + HFAD + =Hnwd + -----END PGP PRIVATE KEY BLOCK----- + + This is the target key to be published: + + -----BEGIN PGP PRIVATE KEY BLOCK----- + + lFgEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL + nTEoBRkAAP94nCZMM4WY2IORXfM6phLGSz3RsHvs/vA1Opaus4+R3BKJtBtwYXRy + aWNlLmx1bXVtYmFAZXhhbXBsZS5uZXSIeQQTFggAIQUCV2o9XQIbAwULCQgHAgYV + CAkKCwIEFgIDAQIeAQIXgAAKCRATlWNoKgINCpkNAQDFDcwJUzsxu7aJUiPdpYXj + 4uVarrXakxEE8mGFotWhLAD9GH4rqLDYIE3NKEU0s+Okt4tEIwJaV8H1NNPPPMiK + 3g2cXQRXaj2NEgorBgEEAZdVAQUBAQdAFnnmZc99TuKk5iCq9wmYZUVF2RcXN2Cs + qAl8iGQQUWsDAQgHAAD/VN/VGmlcwGBPcLTya2hfU4t37nMcFCKdNSXjJ5DFA0AP + PohhBBgWCAAJBQJXaj2NAhsMAAoJEBOVY2gqAg0Ky4UA/0GmVaXzXemLvv1Xw4yx + Eaz/KfKKGc4RJ+38fyqUzw8NAQCohQ+ki3I5f84EXLZEiUiLsnVtOn1HNxvND/gW + TiFZBA== + =GHi7 + -----END PGP PRIVATE KEY BLOCK----- + +A.2. Sample Messages + + The first message triggeres the publication requests. + + + + + + + + + + + + + + + + +Koch Expires April 8, 2017 [Page 11] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + From: patrice.lumumba at example.net + To: key-submission at example.net + Subject: Key publishing request + MIME-Version: 1.0 + Content-Type: multipart/encrypted; + protocol="application/pgp-encrypted"; + boundary="=-=01-e8k41e11ob31eefa36wo=-=" + Date: Wed, 05 Oct 2016 10:15:51 +0000 + + + --=-=01-e8k41e11ob31eefa36wo=-= + Content-Type: application/pgp-encrypted + + Version: 1 + + --=-=01-e8k41e11ob31eefa36wo=-= + Content-Type: application/octet-stream + + -----BEGIN PGP MESSAGE----- + + hF4DUgLY5tvmW2sSAQdAR1AcqvFpQe/fHRZbf0xcnl9Tb+AtwaX2yZnZXGELGHsw + 1/e3E0JptwM5tpRAVe71ooF8Zq4jl76ZgQKfj/SyjpLJxyoEDy2N5wTQaqW4JtML + 0ukB1vh7dIRDxBJX/LQIJC0wz8o1Q3vjcLJKFFvDb7YrerABpPIzwOAupcgIbQHj + 5m1+2WU5CL8ffyJy2h1jV2X4OnvWF1Sn6J6SVD6DfZpOPRt9TxSemJrN1LJ3lG0N + ts8AuYmCOeC1H2r5TYyxqkC98JF8+Nvyxd/fwne8IOjK9uixkNMC5H9/ZOH0YWCb + wBnNB4iXuym4OIPxiLkDymsVF0ww/XrODE9Y259EGmO45VFNrJAX3HFs9/PcMCVk + n2qMyEkr8LHiXeEPun6Z54RHUPYv2cUkEZ0hhSJ+rtBxkc/5D/cAScCEXRKFSKEF + jLJAvLK/u/ga5DAzVai+vh6b6Bq+YVPaD9GWMhWj4CgR90p9LULi6S/Hzwhv9Wzf + 8fJoJOaDjyvRDgr09jYLWamxkS9NWxqwy6MXJvxwbNdd5XtqiW4Y4o0Ll1hDJhxR + ljn/XvotXKwhKN+4QGhIXDVt4Dl4XxS5ptWfVTau8W8DYqDsU2obEcfsirZv53M1 + Q9FCD8CD9+dkBt8VAJekCWVhEltcRHxlrznbk2jxm93xSD2o6gZ5X0VSaSUXyEhm + J+8F3gyTHGgbq/TgyjFoockWh5EtGgAFuWvmPJCF5PO/UaNeoKwgwSJBu6oTXkHx + R4nvvMRcj5UgTsKpZ79NiDQukbjG5ScNT5TCUiiZsBXBqBx3fD61EH6cAuh4P3Kr + iM7PY4fwAHo890Dx+Qlt + =WIhx + -----END PGP MESSAGE----- + + --=-=01-e8k41e11ob31eefa36wo=-=-- + + The server decrypts this message to + + + + + + + + + + + +Koch Expires April 8, 2017 [Page 12] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + Content-Type: application/pgp-keys + + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mDMEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL + nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIh5BBMWCAAhBQJXaj1d + AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEBOVY2gqAg0KmQ0BAMUNzAlT + OzG7tolSI92lhePi5VqutdqTEQTyYYWi1aEsAP0YfiuosNggTc0oRTSz46S3i0Qj + AlpXwfU00888yIreDbg4BFdqPY0SCisGAQQBl1UBBQEBB0AWeeZlz31O4qTmIKr3 + CZhlRUXZFxc3YKyoCXyIZBBRawMBCAeIYQQYFggACQUCV2o9jQIbDAAKCRATlWNo + KgINCsuFAP9BplWl813pi779V8OMsRGs/ynyihnOESft/H8qlM8PDQEAqIUPpIty + OX/OBFy2RIlIi7J1bTp9RzcbzQ/4Fk4hWQQ= + =qRfF + -----END PGP PUBLIC KEY BLOCK----- + + and returns this confirmation request + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Koch Expires April 8, 2017 [Page 13] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + From: key-submission at example.net + To: patrice.lumumba at example.net + Subject: Confirm your key publication + MIME-Version: 1.0 + Content-Type: multipart/encrypted; + protocol="application/pgp-encrypted"; + boundary="=-=01-wrzqued738dfx4x97u7y=-=" + Date: Wed, 05 Oct 2016 10:16:57 +0000 + + + --=-=01-wrzqued738dfx4x97u7y=-= + Content-Type: application/pgp-encrypted + + Version: 1 + + --=-=01-wrzqued738dfx4x97u7y=-= + Content-Type: application/octet-stream + + -----BEGIN PGP MESSAGE----- + + hF4DkYWHjk/NdMASAQdAluQeqhECpU2T0zEyBAEbFzhLkpubN160wjkFCrtUc0Mw + FwYgM2fp9cvTMdJ/xjkvmAcIEOT4AY/hn1yFQ4z0KG0gCkSac+8mkDylnPdxlXYw + 0sBSAXlbqpVA7eUpFuU2Zs10zbIXxlwe6osR5wUIJut/RCOsYQmfvxC55x8mUX5/ + zgTnNzlMzye5ws4pTgAeQm2x0Yv018L8IZgY5KxwJLBzlss0wLZ45ZcS80hR11Fx + NCow1fKF8lMnOJxagTEOih807nctz8vT5bR1gx0d7N3LM+th8nAg9/6Ghf1XTpLo + MzwGW0FtOG7Dg1Uxbw2bjaOuRBeh6IIpmNAw1pmIfnNu7PpoRydU5w1K/R8MT06z + MKdJ7IW5mVGes9EGnG3e4mjuILvNaZhfYy+a73IhDSaPm3oqdl1Qx7tbNg6lGjn6 + KStCYAcPGPp3m7aWkfsPGThOVRhEXqaFFywfwSVEj1pdIRjDFA== + =Cdjh + -----END PGP MESSAGE----- + + --=-=01-wrzqued738dfx4x97u7y=-=-- + + The client decrypts the attachment as + + Content-Type: application/vnd.gnupg.wks + Content-Transfer-Encoding: 8bit + + type: confirmation-request + sender: key-submission at example.net + address: patrice.lumumba at example.net + fingerprint: B21DEAB4F875FB3DA42F1D1D139563682A020D0A + nonce: f5pscz57zj6fk11wekk8gx4cmrb659a7 + + creates this response + + + + + + +Koch Expires April 8, 2017 [Page 14] + +Internet-Draft OpenPGP Web Key Service October 2016 + + + Content-Type: application/vnd.gnupg.wks + Content-Transfer-Encoding: 8bit + + type: confirmation-response + sender: key-submission at example.net + address: patrice.lumumba at example.net + nonce: f5pscz57zj6fk11wekk8gx4cmrb659a7 + + and sends it encrypted to the server + + From: patrice.lumumba at example.net + To: key-submission at example.net + Subject: Key publication confirmation + MIME-Version: 1.0 + Content-Type: multipart/encrypted; + protocol="application/pgp-encrypted"; + boundary="=-=01-iacqg4og4pqz11a5cg1o=-=" + Date: Wed, 05 Oct 2016 10:18:52 +0000 + + + --=-=01-iacqg4og4pqz11a5cg1o=-= + Content-Type: application/pgp-encrypted + + Version: 1 + + --=-=01-iacqg4og4pqz11a5cg1o=-= + Content-Type: application/octet-stream + + -----BEGIN PGP MESSAGE----- + + hF4DUgLY5tvmW2sSAQdAnB1C3PMjS4AsGU0qaCqBdWQO5i6blWEyZrEsY+JZY1Qw + ooNq7zdVWOHhL9LPGAALAgoL3Qfz+dN2u5QamSQ/LJ2c8M0XipNs3lqlNH63yQN1 + 0sAmAc3W8xkwul+rf6OLK/gMi6WzM4fnUhd4D1LJGIJoNUN0l3636C7ecOt2lkMl + 5bVAYg/SyMT3ymyfQnvtiem2T5DSnPsS1g6n6QNXWvkqvX9yGxNsNDJEHTuGJB8k + OJoRlfWQTEo6pgA89febWl1EdeM1pPLstQ2uZE8NPjXoY1nMxAlu+iPYsR41/4sg + dqwOv5BPLh/GIat8hh9SPWCA9iKlgSQ/EIv5DpjQogEzpriT55dkgfvSVYIAcOdO + ShZ91YKkcZffevdY72omqTk10a1SUXehPooIlRFmroDsi3VDaRKrUIo= + =7uve + -----END PGP MESSAGE----- + + --=-=01-iacqg4og4pqz11a5cg1o=-=-- + +Appendix B. Changes Since -01 + + o Changed the format of the confirmation request. + + o Added sample messages. + + + + +Koch Expires April 8, 2017 [Page 15] + +Internet-Draft OpenPGP Web Key Service October 2016 + + +Author's Address + + Werner Koch + GnuPG Project + + Email: wk at gnupg.org + URI: https://gnupg.org + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Koch Expires April 8, 2017 [Page 16] diff --git a/misc/id/openpgp-webkey-service/draft.org b/misc/id/openpgp-webkey-service/draft.org index e259279..df58654 100644 --- a/misc/id/openpgp-webkey-service/draft.org +++ b/misc/id/openpgp-webkey-service/draft.org @@ -19,7 +19,7 @@ ]> + docName="draft-koch-openpgp-webkey-service-02"> @@ -39,7 +39,7 @@ - + Security @@ -162,16 +162,20 @@ For example the URI to lookup the key for Joe.Doe at Example.ORG is: (line has been wrapped for rendering purposes) -The HTTP GET method MUST return the binary representation of the OpenPGP -key for the given mail address. The key needs to carry a User ID packet -({{{RFC(4880)}}}) with that mail address. Note that the key may be -revoked or expired - it is up to the client to handle such conditions. -The server MUST also accept a HEAD method so that a client may only +The HTTP GET method MUST return the binary representation of the +OpenPGP key for the given mail address. The key needs to carry a User +ID packet ({{{RFC(4880)}}}) with that mail address. Note that the key +may be revoked or expired - it is up to the client to handle such +conditions. To ease distribution of revoked keys, a server may return +revoked keys in addition to a new key. The keys are returned by a +single request as concatenated key blocks. + +The server MUST accept the HTTP HEAD method to allow a client to check for the existence of a key. The server SHOULD return "application/octet-string" as the -content-type for the data but clients SHOULD also accept any other -content-type. The server MUST NOT return an ASCII armored version of +Content-Type for the data but clients SHOULD also accept any other +Content-Type. The server MUST NOT return an ASCII armored version of the key. * Web Key Directory Update Protocol @@ -262,66 +266,89 @@ or optional parameters, and the body part contains the ASCII-armored transferable Public Key Packets as defined in {{{RFC(4880)}}}, section 11.1. -If the mail provider has published an encryption key for the -submission-address in the Web Key Directory, the key to be published -MUST be submitted using a PGP/MIME encrypted message ({{{RFC(3156)}}}, -section 4). The message MUST NOT be signed (because the authenticity of -the signing key has not yet been confirmed). After decryption of the -message at the mail provider a single "application/pgp-keys" part, as -specified above, is expected. +The mail provider MUST publish a key capable of signing and encryption +for the submission-address in the Web Key Directory or via DANE. The +key to be published MUST be submitted using a PGP/MIME encrypted +message ({{{RFC(3156)}}}, section 4). The message MUST NOT be signed +(because the authenticity of the signing key has not yet been +confirmed). After decryption of the message at the mail provider a +single "application/pgp-keys" part, as specified above, is expected. ** The Confirmation Request The mail provider sends a confirmation mail in response to a received -key publication request. The message SHOULD be sent from the +key publication request. The message MUST be sent from the submission-address of the mail provider to the mail address extracted -from the target key. The message needs to be encrypted to the target key -and MAY be signed by the submission key. PGP/MIME MUST be used for -encryption and signing; the Combined method ({{{RFC(3156)}}}, section -6.2) MUST be used if the message is to be signed. - -The Content-type used for the plaintext part MUST be -"application/vnd.gnupg.wkd". The body consists of name-value pairs with -one name-value pair per LF or CR+LF terminated line. Empty lines are -allowed and will be ignored by the receiver. A colon is used to -terminate a name. - -In a confirmation request the following names MUST be send in the -specified order: +from the target key. The message needs to be a PGP/MIME signed +message using the submission key of the provider for the +signature. The signed message MUST have two parts: -- "type" :: The value must be "confirmation-request". +The first part MUST have "text" as its Content-Type and can be used to +explain the purpose of the mail. For example it may point to this RFC +and explain on how to manually perform the protocol. -- "sender" :: This is the mailbox the user is expected to sent the - confirmation response to. The value must match the - mailbox part of the "From:" address of this - request. Exactly one address MUST be given. +The second part jMUST have "application/vnd.gnupg.wkd" as its +Content-Type and carry an OpenPGP encrypted message in ASCII Armor +format. The message MUST be encrypted to the target key and MUST not +be signed. After decryption a text file in the Web Key data format +must be yielded. -- "address" :: The value is the addr-spec part of the target key's - mail address. The value SHOULD match the addr-spec part - of the recipient's address. The value MUST be UTF-8 - encoded as required for an OpenPGP User ID. +That data format consists of name-value pairs with one name-value pair +per LF or CR+LF terminated line. Empty lines are allowed and will be +ignored by the receiver. A colon is used to terminate a name. -- "fingerprint" :: The value is the fingerprint of the target key. The - fingerprint is given in uppercase hex encoding - without any interleaving spaces. - -- "nonce" :: The value is a string with a minimum length of 16 octets - and a maximum length of 64 octets. The string must - entirely be made up of random ASCII letters or - digits. This nonce will be sent back to the mail provider - as proof that the recipient is the legitimate owner of - the target-key. +In a confirmation request the following names MUST be send in the +specified order: -The receiver of the message decrypts the message, checks that the -"fingerprint" matches the target key, checks that the "address" matches -a User ID of the target key, and checks the other constrains of the -request format. If any constraint is not asserted, or the fingerprint or -User ID do not match the target key, or there is no pending publication -requests (i.e. a mail recently sent o the submission address), the user -MAY be notified about this fake confirmation attempt. +- type :: The value must be "confirmation-request". + +- sender :: This is the mailbox the user is expected to sent the + confirmation response to. The value must match the + mailbox part of the "From:" address of this + request. Exactly one address MUST be given. + +- address :: The value is the addr-spec part of the target key's + mail address. The value SHOULD match the addr-spec part + of the recipient's address. The value MUST be UTF-8 + encoded as required for an OpenPGP User ID. + +- fingerprint :: The value is the fingerprint of the target key. The + fingerprint is given in uppercase hex encoding + without any interleaving spaces. + +- nonce :: The value is a string with a minimum length of 16 octets + and a maximum length of 64 octets. The string must + entirely be made up of random ASCII letters or + digits. This nonce will be sent back to the mail provider + as proof that the recipient is the legitimate owner of + the target-key. + +The receiver of that message is expected to verify the outer signature +and disregard the entire message if it can't be verified or has not +been signed by the key associated with the submission address. + +After the message as been verified the receiver decrypts the second part +of the message, checks that the "fingerprint" matches the target key, +checks that the "address" matches a User ID of the target key, and +checks the other constrains of the request format. If any constraint +is not asserted, or the fingerprint or User ID do not match the target +key, or there is no pending publication requests (i.e. a mail recently +sent o the submission address), the user MAY be notified about this +fake confirmation attempt. + +In other cases the confirmation request is legitimate and the MUA +shall silently send a response as described in the next section. + +The rationale for the outer signature used with this request is to +allow early detection of spam mails. This can be done prior to the +decryption step and avoids asking the user to enter a passphrase to +perform the decryption for a non-legitimate message. The use of a +simple encrypted attachment, instead of using PGP/MIME encryption, is +to convey the Content-Type of that attachment in the clear and also to +prevent automatic decryption of that attachment by PGP/MIME aware +clients. The MUA may in fact detect this confirmation request and +present a customized dialog for confirming that request. -In other cases the confirmation request is legitimate and the MUA shall -silently send a response as described in the next section. ** The Confirmation Response @@ -333,24 +360,25 @@ the sending of a confirmation request after the first request has been send successfully. The user MUST send the confirmation response from her target mail -address to the "from" address of the confirmation request. The message -MUST be signed and SHOULD be encrypted. The PGP/MIME Combined format -MUST be used for encryption and signing ({{{RFC(3156)}}}, section 6.2). -The encryption key can be taken from the Web Key Directory. +address to the "from" address of the confirmation request. The +message MUST be signed and encrypted using the PGP/MIME Combined +format ({{{RFC(3156)}}}, section 6.2). The signing key is the target +key and the encryption key is the key associated with the provider's +submission address. -The Content-type used for the plaintext message MUST also be +The Content-Type used for the plaintext message MUST also be "application/vnd.gnupg.wkd". The format is the same as described above for the Confirmation Request. The body must contain three name-value pairs in this order: -- "type" :: The value must be "confirmation-response". +- type :: The value must be "confirmation-response". -- "sender" :: The value must match the mailbox part of the "From:" - address of this response. Exactly one address MUST be - given. +- sender :: The value must match the mailbox part of the "From:" + address of this response. Exactly one address MUST be + given. -- "nonce" :: The value is the value of the "nonce" parameter from the - confirmation request. +- nonce :: The value is the value of the "nonce" parameter from the + confirmation request. ** Policy Flags @@ -374,17 +402,17 @@ case-insensitive matching for the keyword. Currently defined keywords are: -- "mailbox-only" :: The mail server provider does only accept keys +- mailbox-only :: The mail server provider does only accept keys with only a mailbox in the User ID. In particular User IDs with a real name in addition to the mailbox will be rejected as invalid. -- "dane-only" :: The mail server provider does not run a Web Key +- dane-only :: The mail server provider does not run a Web Key Directory but only an OpenPGP DANE service. The Web Key Directory Update protocol is used to update the keys for the DANE service. -- "auth-submit" :: The submission of the mail to the server is done +- auth-submit :: The submission of the mail to the server is done using an authenticated connection. Thus the submitted key will be published immediately without any confirmation request. @@ -404,7 +432,7 @@ intended to conceal information about a mail address. The domain name part of the mail address is not part of the hash to avoid problems with internationalized domain names. Instead a separate -web service is required for each domain name. +URL is required for each domain name. * IANA Considerations @@ -427,30 +455,212 @@ the help of Bernhard Reiter and Guilhem Moulin. * Back -* Test Vectors +* Sample Protocol Run + +The following non-normative example can be used by implementors as +guidance. + +Note that GnuPG version 2.1.12 supports the key discovery described in +version -00 of this document (auto-key-locate method "wkd"). Version +2.1.16 can run the protocol decribed in this document but is also able +to run the protocol version specified by -01. + +** Sample Keys + +This is the provider's submission key: +#+begin_example +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lFgEV/TAohYJKwYBBAHaRw8BAQdAB/k9YQfSTI8qQqqK1KimH/BsvzsowWItSQPT +FP+fOC4AAP46uJ3Snno3Vy+kORye3rf0VvWvuz82voEQLxG6WpfHhREEtBprZXkt +c3VibWlzc2lvbkBleGFtcGxlLm5ldIh5BBMWCAAhBQJX9MCiAhsDBQsJCAcCBhUI +CQoLAgQWAgMBAh4BAheAAAoJEKhtNooW0cqEWMUA/0e9XaeptszWC9ZvPg8INL6a +BvRqPBYGU7PGmuXsxBovAQDyckOykG0UAfHVyN1w4gSK/biMcnqVr857i8/HuvjW +C5xdBFf0wKISCisGAQQBl1UBBQEBB0Apvaoe4MtSEJ1fpds/4DFl2kXXBpnVji/s +Wg9btdthNQMBCAcAAP9FJX99T1LEJzBnvBBnc6bimnT6/1OKM9RdO4R0/uVP6BFL +iGEEGBYIAAkFAlf0wKICGwwACgkQqG02ihbRyoTlGwD9FBr92osjL7HkhhZZ7Z2D +My3b9zpoZeMjvPg5YPqpdKMA/jhZoHuZCRMBYf7YRFb8aXtuyetDFZYrkjnum+OG +HFAD +=Hnwd +-----END PGP PRIVATE KEY BLOCK----- +#+end_example + +This is the target key to be published: +#+begin_example +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lFgEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL +nTEoBRkAAP94nCZMM4WY2IORXfM6phLGSz3RsHvs/vA1Opaus4+R3BKJtBtwYXRy +aWNlLmx1bXVtYmFAZXhhbXBsZS5uZXSIeQQTFggAIQUCV2o9XQIbAwULCQgHAgYV +CAkKCwIEFgIDAQIeAQIXgAAKCRATlWNoKgINCpkNAQDFDcwJUzsxu7aJUiPdpYXj +4uVarrXakxEE8mGFotWhLAD9GH4rqLDYIE3NKEU0s+Okt4tEIwJaV8H1NNPPPMiK +3g2cXQRXaj2NEgorBgEEAZdVAQUBAQdAFnnmZc99TuKk5iCq9wmYZUVF2RcXN2Cs +qAl8iGQQUWsDAQgHAAD/VN/VGmlcwGBPcLTya2hfU4t37nMcFCKdNSXjJ5DFA0AP +PohhBBgWCAAJBQJXaj2NAhsMAAoJEBOVY2gqAg0Ky4UA/0GmVaXzXemLvv1Xw4yx +Eaz/KfKKGc4RJ+38fyqUzw8NAQCohQ+ki3I5f84EXLZEiUiLsnVtOn1HNxvND/gW +TiFZBA== +=GHi7 +-----END PGP PRIVATE KEY BLOCK----- +#+end_example + +** Sample Messages + +The first message triggeres the publication requests. +#+begin_example +From: patrice.lumumba at example.net +To: key-submission at example.net +Subject: Key publishing request +MIME-Version: 1.0 +Content-Type: multipart/encrypted; + protocol="application/pgp-encrypted"; + boundary="=-=01-e8k41e11ob31eefa36wo=-=" +Date: Wed, 05 Oct 2016 10:15:51 +0000 + + +--=-=01-e8k41e11ob31eefa36wo=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=01-e8k41e11ob31eefa36wo=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hF4DUgLY5tvmW2sSAQdAR1AcqvFpQe/fHRZbf0xcnl9Tb+AtwaX2yZnZXGELGHsw +1/e3E0JptwM5tpRAVe71ooF8Zq4jl76ZgQKfj/SyjpLJxyoEDy2N5wTQaqW4JtML +0ukB1vh7dIRDxBJX/LQIJC0wz8o1Q3vjcLJKFFvDb7YrerABpPIzwOAupcgIbQHj +5m1+2WU5CL8ffyJy2h1jV2X4OnvWF1Sn6J6SVD6DfZpOPRt9TxSemJrN1LJ3lG0N +ts8AuYmCOeC1H2r5TYyxqkC98JF8+Nvyxd/fwne8IOjK9uixkNMC5H9/ZOH0YWCb +wBnNB4iXuym4OIPxiLkDymsVF0ww/XrODE9Y259EGmO45VFNrJAX3HFs9/PcMCVk +n2qMyEkr8LHiXeEPun6Z54RHUPYv2cUkEZ0hhSJ+rtBxkc/5D/cAScCEXRKFSKEF +jLJAvLK/u/ga5DAzVai+vh6b6Bq+YVPaD9GWMhWj4CgR90p9LULi6S/Hzwhv9Wzf +8fJoJOaDjyvRDgr09jYLWamxkS9NWxqwy6MXJvxwbNdd5XtqiW4Y4o0Ll1hDJhxR +ljn/XvotXKwhKN+4QGhIXDVt4Dl4XxS5ptWfVTau8W8DYqDsU2obEcfsirZv53M1 +Q9FCD8CD9+dkBt8VAJekCWVhEltcRHxlrznbk2jxm93xSD2o6gZ5X0VSaSUXyEhm +J+8F3gyTHGgbq/TgyjFoockWh5EtGgAFuWvmPJCF5PO/UaNeoKwgwSJBu6oTXkHx +R4nvvMRcj5UgTsKpZ79NiDQukbjG5ScNT5TCUiiZsBXBqBx3fD61EH6cAuh4P3Kr +iM7PY4fwAHo890Dx+Qlt +=WIhx +-----END PGP MESSAGE----- + +--=-=01-e8k41e11ob31eefa36wo=-=-- +#+end_example -For help implementing this specification a non-normative example is -given: +The server decrypts this message to +#+begin_example +Content-Type: application/pgp-keys + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL +nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIh5BBMWCAAhBQJXaj1d +AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEBOVY2gqAg0KmQ0BAMUNzAlT +OzG7tolSI92lhePi5VqutdqTEQTyYYWi1aEsAP0YfiuosNggTc0oRTSz46S3i0Qj +AlpXwfU00888yIreDbg4BFdqPY0SCisGAQQBl1UBBQEBB0AWeeZlz31O4qTmIKr3 +CZhlRUXZFxc3YKyoCXyIZBBRawMBCAeIYQQYFggACQUCV2o9jQIbDAAKCRATlWNo +KgINCsuFAP9BplWl813pi779V8OMsRGs/ynyihnOESft/H8qlM8PDQEAqIUPpIty +OX/OBFy2RIlIi7J1bTp9RzcbzQ/4Fk4hWQQ= +=qRfF +-----END PGP PUBLIC KEY BLOCK----- +#+end_example -** Sample key +and returns this confirmation request +#+begin_example +From: key-submission at example.net +To: patrice.lumumba at example.net +Subject: Confirm your key publication +MIME-Version: 1.0 +Content-Type: multipart/encrypted; + protocol="application/pgp-encrypted"; + boundary="=-=01-wrzqued738dfx4x97u7y=-=" +Date: Wed, 05 Oct 2016 10:16:57 +0000 + + +--=-=01-wrzqued738dfx4x97u7y=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=01-wrzqued738dfx4x97u7y=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hF4DkYWHjk/NdMASAQdAluQeqhECpU2T0zEyBAEbFzhLkpubN160wjkFCrtUc0Mw +FwYgM2fp9cvTMdJ/xjkvmAcIEOT4AY/hn1yFQ4z0KG0gCkSac+8mkDylnPdxlXYw +0sBSAXlbqpVA7eUpFuU2Zs10zbIXxlwe6osR5wUIJut/RCOsYQmfvxC55x8mUX5/ +zgTnNzlMzye5ws4pTgAeQm2x0Yv018L8IZgY5KxwJLBzlss0wLZ45ZcS80hR11Fx +NCow1fKF8lMnOJxagTEOih807nctz8vT5bR1gx0d7N3LM+th8nAg9/6Ghf1XTpLo +MzwGW0FtOG7Dg1Uxbw2bjaOuRBeh6IIpmNAw1pmIfnNu7PpoRydU5w1K/R8MT06z +MKdJ7IW5mVGes9EGnG3e4mjuILvNaZhfYy+a73IhDSaPm3oqdl1Qx7tbNg6lGjn6 +KStCYAcPGPp3m7aWkfsPGThOVRhEXqaFFywfwSVEj1pdIRjDFA== +=Cdjh +-----END PGP MESSAGE----- + +--=-=01-wrzqued738dfx4x97u7y=-=-- +#+end_example -TODO +The client decrypts the attachment as +#+begin_example +Content-Type: application/vnd.gnupg.wks +Content-Transfer-Encoding: 8bit + +type: confirmation-request +sender: key-submission at example.net +address: patrice.lumumba at example.net +fingerprint: B21DEAB4F875FB3DA42F1D1D139563682A020D0A +nonce: f5pscz57zj6fk11wekk8gx4cmrb659a7 +#+end_example -** Software Notes +creates this response +#+begin_example +Content-Type: application/vnd.gnupg.wks +Content-Transfer-Encoding: 8bit -GnuPG supports the key discovery described in version -00 of this -document since version 2.1.12, 2.1.13 and the gurrent git version will -be adjusted to the changes specs dfescribed in -01. To use it, the -new method "wkd" needs to be used with the =--auto-key-locate= option. +type: confirmation-response +sender: key-submission at example.net +address: patrice.lumumba at example.net +nonce: f5pscz57zj6fk11wekk8gx4cmrb659a7 +#+end_example -* Changes since -00 +and sends it encrypted to the server +#+begin_example +From: patrice.lumumba at example.net +To: key-submission at example.net +Subject: Key publication confirmation +MIME-Version: 1.0 +Content-Type: multipart/encrypted; + protocol="application/pgp-encrypted"; + boundary="=-=01-iacqg4og4pqz11a5cg1o=-=" +Date: Wed, 05 Oct 2016 10:18:52 +0000 + + +--=-=01-iacqg4og4pqz11a5cg1o=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=01-iacqg4og4pqz11a5cg1o=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- + +hF4DUgLY5tvmW2sSAQdAnB1C3PMjS4AsGU0qaCqBdWQO5i6blWEyZrEsY+JZY1Qw +ooNq7zdVWOHhL9LPGAALAgoL3Qfz+dN2u5QamSQ/LJ2c8M0XipNs3lqlNH63yQN1 +0sAmAc3W8xkwul+rf6OLK/gMi6WzM4fnUhd4D1LJGIJoNUN0l3636C7ecOt2lkMl +5bVAYg/SyMT3ymyfQnvtiem2T5DSnPsS1g6n6QNXWvkqvX9yGxNsNDJEHTuGJB8k +OJoRlfWQTEo6pgA89febWl1EdeM1pPLstQ2uZE8NPjXoY1nMxAlu+iPYsR41/4sg +dqwOv5BPLh/GIat8hh9SPWCA9iKlgSQ/EIv5DpjQogEzpriT55dkgfvSVYIAcOdO +ShZ91YKkcZffevdY72omqTk10a1SUXehPooIlRFmroDsi3VDaRKrUIo= +=7uve +-----END PGP MESSAGE----- + +--=-=01-iacqg4og4pqz11a5cg1o=-=-- +#+end_example -- Dropped the second occurrence of the domain name from the URL. -- Changed field names in the request and response format. -- Removed useless checks. -- Added a new policy flag. -** TODO +* Changes Since -01 -- What about authenticated submission? -- Describe how to handle a key with several User IDs. +- Changed the format of the confirmation request. +- Added sample messages. ----------------------------------------------------------------------- Summary of changes: misc/id/openpgp-webkey-service/Makefile | 1 + .../draft-koch-openpgp-webkey-service-02.txt | 896 +++++++++++++++++++++ misc/id/openpgp-webkey-service/draft.org | 392 ++++++--- 3 files changed, 1198 insertions(+), 91 deletions(-) create mode 100644 misc/id/openpgp-webkey-service/draft-koch-openpgp-webkey-service-02.txt hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 14:34:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Oct 2016 14:34:58 +0200 Subject: [git] gnupg-doc - branch, master, updated. cef834fb232bd2f8b4c485122d8c7c3dd1024d7a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via cef834fb232bd2f8b4c485122d8c7c3dd1024d7a (commit) from e28c0acedc6f13459022f3324264e77c2da4f768 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cef834fb232bd2f8b4c485122d8c7c3dd1024d7a Author: Werner Koch Date: Wed Oct 5 14:32:01 2016 +0200 drafts,openpgp-webkey-service: Fix nits from last publication diff --git a/misc/id/openpgp-webkey-service/draft.org b/misc/id/openpgp-webkey-service/draft.org index df58654..25a661f 100644 --- a/misc/id/openpgp-webkey-service/draft.org +++ b/misc/id/openpgp-webkey-service/draft.org @@ -19,7 +19,7 @@ ]> + docName="draft-koch-openpgp-webkey-service-03"> @@ -39,7 +39,7 @@ - + Security @@ -287,9 +287,9 @@ The first part MUST have "text" as its Content-Type and can be used to explain the purpose of the mail. For example it may point to this RFC and explain on how to manually perform the protocol. -The second part jMUST have "application/vnd.gnupg.wkd" as its +The second part MUST have "application/vnd.gnupg.wkd" as its Content-Type and carry an OpenPGP encrypted message in ASCII Armor -format. The message MUST be encrypted to the target key and MUST not +format. The message MUST be encrypted to the target key and MUST NOT be signed. After decryption a text file in the Web Key data format must be yielded. ----------------------------------------------------------------------- Summary of changes: misc/id/openpgp-webkey-service/draft.org | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 14:42:02 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Oct 2016 14:42:02 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-202-g8ce800d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8ce800d21919eaaba7ed4f04f712292be310fd66 (commit) from e514a5b725f0c997cef4362808b2778a3faa9cf8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8ce800d21919eaaba7ed4f04f712292be310fd66 Author: Werner Koch Date: Wed Oct 5 14:38:37 2016 +0200 wks: Send key encrypted as required by draft -02 * tools/gpg-wks-client.c (get_key): Encrypt. (encrypt_response): Take care of --fake-submission-addr. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 4df54cc..7630953 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -112,6 +112,8 @@ const char *fake_submission_addr; static void wrong_args (const char *text) GPGRT_ATTR_NORETURN; static gpg_error_t command_supported (char *userid); static gpg_error_t command_send (const char *fingerprint, char *userid); +static gpg_error_t encrypt_response (estream_t *r_output, estream_t input, + const char *addrspec); static gpg_error_t read_confirmation_request (estream_t msg); static gpg_error_t command_receive_cb (void *opaque, const char *mediatype, estream_t fp, @@ -346,6 +348,9 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec) log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); goto leave; } + /* Prefix the key with the MIME content type. */ + es_fputs ("Content-Type: application/pgp-keys\n" + "\n", key); filterexp = es_bsprintf ("keep-uid=mbox = %s", addrspec); if (!filterexp) @@ -535,6 +540,7 @@ command_send (const char *fingerprint, char *userid) KEYDB_SEARCH_DESC desc; char *addrspec = NULL; estream_t key = NULL; + estream_t keyenc = NULL; char *submission_to = NULL; mime_maker_t mime = NULL; struct policy_flags_s policy; @@ -596,6 +602,15 @@ command_send (const char *fingerprint, char *userid) if (policy.auth_submit) log_info ("no confirmation required for '%s'\n", addrspec); + /* Encrypt the key part. */ + es_rewind (key); + err = encrypt_response (&keyenc, key, submission_to); + if (err) + goto leave; + es_fclose (key); + key = NULL; + + /* Send the key. */ err = mime_maker_new (&mime, NULL); if (err) @@ -610,16 +625,33 @@ command_send (const char *fingerprint, char *userid) if (err) goto leave; - err = mime_maker_add_header (mime, "Content-type", "application/pgp-keys"); + /* Tell server that we support draft version 3. */ + err = mime_maker_add_header (mime, "Wks-Draft-Version", "3"); if (err) goto leave; - /* Tell server that we support draft version 3. */ - err = mime_maker_add_header (mime, "Wks-Draft-Version", "3"); + err = mime_maker_add_header (mime, "Content-Type", + "multipart/encrypted; " + "protocol=\"application/pgp-encrypted\""); + if (err) + goto leave; + err = mime_maker_add_container (mime); if (err) goto leave; - err = mime_maker_add_stream (mime, &key); + err = mime_maker_add_header (mime, "Content-Type", + "application/pgp-encrypted"); + if (err) + goto leave; + err = mime_maker_add_body (mime, "Version: 1\n"); + if (err) + goto leave; + err = mime_maker_add_header (mime, "Content-Type", + "application/octet-stream"); + if (err) + goto leave; + + err = mime_maker_add_stream (mime, &keyenc); if (err) goto leave; @@ -628,6 +660,7 @@ command_send (const char *fingerprint, char *userid) leave: mime_maker_release (mime); xfree (submission_to); + es_fclose (keyenc); es_fclose (key); xfree (addrspec); return err; @@ -691,7 +724,10 @@ encrypt_response (estream_t *r_output, estream_t input, const char *addrspec) ccparray_put (&ccp, "--status-fd=2"); ccparray_put (&ccp, "--always-trust"); ccparray_put (&ccp, "--armor"); - ccparray_put (&ccp, "--auto-key-locate=clear,wkd,dane,local"); + if (fake_submission_addr) + ccparray_put (&ccp, "--auto-key-locate=clear,local"); + else + ccparray_put (&ccp, "--auto-key-locate=clear,wkd,dane,local"); ccparray_put (&ccp, "--recipient"); ccparray_put (&ccp, addrspec); ccparray_put (&ccp, "--encrypt"); ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-client.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 15:20:03 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Oct 2016 15:20:03 +0200 Subject: [git] gnupg-doc - branch, master, updated. f13388fd42405ea806e86c6f094074999831b360 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via f13388fd42405ea806e86c6f094074999831b360 (commit) from cef834fb232bd2f8b4c485122d8c7c3dd1024d7a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f13388fd42405ea806e86c6f094074999831b360 Author: Werner Koch Date: Wed Oct 5 15:17:05 2016 +0200 web: Typo fix diff --git a/web/documentation/security.org b/web/documentation/security.org index 783a5c9..c724827 100644 --- a/web/documentation/security.org +++ b/web/documentation/security.org @@ -25,5 +25,5 @@ publish it, please report it by mail to security at gnupg.org. Note that we do not use a team OpenPGP key. Thus please write a non-encrypted message to the security address and ask for the keys of the developers at duty and then encrypt the mail to all of them. A -list of our core developers can be found [[../people/index.org][here]]; the are all active on +list of our core developers can be found [[../people/index.org][here]]; they are all active on the gnupg-devel mailing list. ----------------------------------------------------------------------- Summary of changes: web/documentation/security.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 16:05:29 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 05 Oct 2016 16:05:29 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-25-g52a91cc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 52a91ccc6a25425d4374b77040e30efb6816940f (commit) from 453ab9d24ca48c9e01d21e1454d6b08de1938b76 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 52a91ccc6a25425d4374b77040e30efb6816940f Author: Andre Heinecke Date: Wed Oct 5 16:01:20 2016 +0200 qt: Disable t-wkspublish test * lang/qt/tests/Makefile.am (TESTS): Remove t-wkspublish. -- Even the only enabled test did a connection to localhost this might fail if it is stalled and is an outside factor. It also might be disturbing other services locally. diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index f243a55..72ea324 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -25,7 +25,7 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) EXTRA_DIST = initial.test TESTS = initial.test t-keylist t-keylocate t-ownertrust t-tofuinfo \ - t-encrypt t-wkspublish + t-encrypt moc_files = t-keylist.moc t-keylocate.moc t-ownertrust.moc t-tofuinfo.moc \ t-encrypt.moc t-support.hmoc t-wkspublish.moc ----------------------------------------------------------------------- Summary of changes: lang/qt/tests/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 17:23:10 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 05 Oct 2016 17:23:10 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-30-g24779c9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 24779c9e2301bd17fd328d65b0383e1cbc944119 (commit) via 4984cc93db6b55f2420a9abd844c074a5fb4ed0c (commit) via 9d1df990386010e0581b542a76a4f5d85d8d11b5 (commit) via 370ee1aa802ec6a4030a39b2df7d24a0c47e5ac7 (commit) via 39dd7585f5a7d801942efcb375d6dd46d01d2968 (commit) from 52a91ccc6a25425d4374b77040e30efb6816940f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24779c9e2301bd17fd328d65b0383e1cbc944119 Author: Andre Heinecke Date: Wed Oct 5 17:19:20 2016 +0200 qt: Disable tests that require a password for 2.0 * lang/qt/tests/t-encrypt.cpp: Disable tests that require a password for 2.0. -- The passphrase_cb apparently does not work with 2.0 so we would need a fake pinentry to get this to work. We just disable the test instead as this is a rarely used feature and works with 1.4 and 2.1. diff --git a/lang/qt/tests/t-encrypt.cpp b/lang/qt/tests/t-encrypt.cpp index c3ce610..4d65dc7 100644 --- a/lang/qt/tests/t-encrypt.cpp +++ b/lang/qt/tests/t-encrypt.cpp @@ -53,6 +53,23 @@ using namespace QGpgME; using namespace GpgME; +static bool decryptSupported() +{ + /* With GnuPG 2.0.x (at least 2.0.26 by default on jessie) + * the passphrase_cb does not work. So the test popped up + * a pinentry. So tests requiring decryption don't work. */ + static auto version = GpgME::engineInfo(GpgME::GpgEngine).engineVersion(); + if (version < "2.0.0") { + /* With 1.4 it just works */ + return true; + } + if (version < "2.1.0") { + /* With 2.1 it works with loopback mode */ + return false; + } + return true; +} + class EncryptionTest : public QGpgMETest { Q_OBJECT @@ -82,6 +99,9 @@ private Q_SLOTS: Q_ASSERT(cipherString.startsWith("-----BEGIN PGP MESSAGE-----")); /* Now decrypt */ + if (!decryptSupported()) { + return; + } auto ctx = Context::createForProtocol(OpenPGP); TestPassphraseProvider provider; ctx->setPassphraseProvider(&provider); @@ -150,6 +170,9 @@ private Q_SLOTS: void testSymmetricEncryptDecrypt() { + if (!decryptSupported()) { + return; + } auto ctx = Context::createForProtocol(OpenPGP); TestPassphraseProvider provider; ctx->setPassphraseProvider(&provider); @@ -182,6 +205,9 @@ private: * So this test is disabled until gnupg(?) is fixed for this. */ void testMixedEncryptDecrypt() { + if (!decryptSupported()) { + return; + } auto listjob = openpgp()->keyListJob(false, false, false); std::vector keys; auto keylistresult = listjob->exec(QStringList() << QStringLiteral("alfa at example.net"), commit 4984cc93db6b55f2420a9abd844c074a5fb4ed0c Author: Andre Heinecke Date: Wed Oct 5 16:55:14 2016 +0200 Add warning flags for c++ compiler, too * configure.ac (CXXFLAGS): Add Wall and Wextra. diff --git a/configure.ac b/configure.ac index efa1f19..114225a 100644 --- a/configure.ac +++ b/configure.ac @@ -588,6 +588,7 @@ if test "$GCC" = yes; then CFLAGS="$CFLAGS -Wno-missing-field-initializers" CFLAGS="$CFLAGS -Wno-sign-compare" fi + CXXFLAGS="$CXXFLAGS -Wall -Wextra -Wno-shadow" AC_MSG_CHECKING([if gcc supports -Wpointer-arith]) _gcc_cflags_save=$CFLAGS commit 9d1df990386010e0581b542a76a4f5d85d8d11b5 Author: Andre Heinecke Date: Wed Oct 5 16:44:53 2016 +0200 qt: Fix unused variable warnings * qt/src/qgpgmenewcryptoconfig.cpp, qt/src/threadedjobmixin.h, qt/tests/t-encrypt.cpp, qt/tests/t-support.h, qt/tests/t-wkspublish.cpp: Mark additional variables as unused. diff --git a/lang/qt/src/qgpgmenewcryptoconfig.cpp b/lang/qt/src/qgpgmenewcryptoconfig.cpp index 62566d5..eb3af56 100644 --- a/lang/qt/src/qgpgmenewcryptoconfig.cpp +++ b/lang/qt/src/qgpgmenewcryptoconfig.cpp @@ -84,7 +84,7 @@ QGpgMENewCryptoConfig::~QGpgMENewCryptoConfig() clear(); } -void QGpgMENewCryptoConfig::reloadConfiguration(bool showErrors) +void QGpgMENewCryptoConfig::reloadConfiguration(bool) { clear(); diff --git a/lang/qt/src/threadedjobmixin.h b/lang/qt/src/threadedjobmixin.h index 62d7f1c..d1b1043 100644 --- a/lang/qt/src/threadedjobmixin.h +++ b/lang/qt/src/threadedjobmixin.h @@ -223,7 +223,8 @@ protected: { return m_auditLogError; } - void showProgress(const char *what, int type, int current, int total) Q_DECL_OVERRIDE { + void showProgress(const char * /*what*/, + int /*type*/, int current, int total) Q_DECL_OVERRIDE { // will be called from the thread exec'ing the operation, so // just bounce everything to the owning thread: // ### hope this is thread-safe (meta obj is const, and diff --git a/lang/qt/tests/t-encrypt.cpp b/lang/qt/tests/t-encrypt.cpp index bc6b878..c3ce610 100644 --- a/lang/qt/tests/t-encrypt.cpp +++ b/lang/qt/tests/t-encrypt.cpp @@ -117,7 +117,7 @@ private Q_SLOTS: bool initSeen = false; bool finishSeen = false; - connect(job, &Job::progress, this, [this, &initSeen, &finishSeen] (const QString& what, int current, int total) { + connect(job, &Job::progress, this, [this, &initSeen, &finishSeen] (const QString&, int current, int total) { // We only check for progress 0 and max progress as the other progress // lines depend on the system speed and are as such unreliable to test. Q_ASSERT(total == PROGRESS_TEST_SIZE); @@ -129,8 +129,8 @@ private Q_SLOTS: } Q_ASSERT(current >= 0 && current <= total); }); - connect(job, &EncryptJob::result, this, [this, &initSeen, &finishSeen] (const GpgME::EncryptionResult &result, - const QByteArray &cipherText, + connect(job, &EncryptJob::result, this, [this, &initSeen, &finishSeen] (const GpgME::EncryptionResult &, + const QByteArray &, const QString, const GpgME::Error) { Q_ASSERT(initSeen); diff --git a/lang/qt/tests/t-support.h b/lang/qt/tests/t-support.h index 59d9a4d..704fab4 100644 --- a/lang/qt/tests/t-support.h +++ b/lang/qt/tests/t-support.h @@ -39,8 +39,8 @@ namespace GpgME class TestPassphraseProvider : public PassphraseProvider { public: - char *getPassphrase(const char *useridHint, const char *description, - bool previousWasBad, bool &canceled) Q_DECL_OVERRIDE + char *getPassphrase(const char * /*useridHint*/, const char * /*description*/, + bool /*previousWasBad*/, bool &/*canceled*/) Q_DECL_OVERRIDE { return strdup("abc"); } diff --git a/lang/qt/tests/t-wkspublish.cpp b/lang/qt/tests/t-wkspublish.cpp index 4558fdc..130c53b 100644 --- a/lang/qt/tests/t-wkspublish.cpp +++ b/lang/qt/tests/t-wkspublish.cpp @@ -126,7 +126,7 @@ private Q_SLOTS: // First check if it is supported auto job = openpgp()->wksPublishJob(); connect(job, &WKSPublishJob::result, this, - [this] (Error err, QByteArray out, QByteArray errout, QString, Error) { + [this] (Error err, QByteArray, QByteArray, QString, Error) { Q_ASSERT(err); Q_EMIT asyncDone(); }); @@ -144,7 +144,7 @@ private: // First check if it is supported auto job = openpgp()->wksPublishJob(); connect(job, &WKSPublishJob::result, this, - [this] (Error err, QByteArray out, QByteArray errout, QString, Error) { + [this] (Error err, QByteArray, QByteArray, QString, Error) { if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.0.16") { std::cout << err; Q_ASSERT(err); @@ -165,7 +165,7 @@ private: } auto job = openpgp()->wksPublishJob(); connect(job, &WKSPublishJob::result, this, - [this] (Error err, QByteArray out, QByteArray errout, QString, Error) { + [this] (Error err, QByteArray, QByteArray, QString, Error) { Q_ASSERT(err); Q_EMIT asyncDone(); }); @@ -197,7 +197,7 @@ private: auto keygenjob = openpgp()->keyGenerationJob(); QByteArray fpr; connect(keygenjob, &KeyGenerationJob::result, this, - [this, &fpr](KeyGenerationResult result, QByteArray pubkeyData, QString, Error) + [this, &fpr](KeyGenerationResult result, QByteArray, QString, Error) { Q_ASSERT(!result.error()); fpr = QByteArray(result.fingerprint()); @@ -211,7 +211,7 @@ private: /* Then try to create a request. */ auto job = openpgp()->wksPublishJob(); connect(job, &WKSPublishJob::result, this, - [this] (Error err, QByteArray out, QByteArray errout, QString, Error) { + [this] (Error err, QByteArray out, QByteArray, QString, Error) { Q_ASSERT(!err); Q_EMIT asyncDone(); const QString outstr = QString(out); @@ -247,7 +247,7 @@ private: /* Get a response. */ auto job = openpgp()->wksPublishJob(); connect(job, &WKSPublishJob::result, this, - [this] (Error err, QByteArray out, QByteArray errout, QString, Error) { + [this] (Error err, QByteArray out, QByteArray, QString, Error) { Q_ASSERT(!err); Q_EMIT asyncDone(); const QString outstr = QString(out); commit 370ee1aa802ec6a4030a39b2df7d24a0c47e5ac7 Author: Andre Heinecke Date: Wed Oct 5 16:43:16 2016 +0200 cpp: Add support for URL Data encodings * lang/cpp/src/data.h (Data::Encoding): Extend enum. * lang/cpp/src/data.cpp (Data::encoding), Data::setEncoding): Support new values. diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp index 84ed336..2cb4fa8 100644 --- a/lang/cpp/src/data.cpp +++ b/lang/cpp/src/data.cpp @@ -161,6 +161,9 @@ GpgME::Data::Encoding GpgME::Data::encoding() const case GPGME_DATA_ENCODING_BASE64: return Base64Encoding; case GPGME_DATA_ENCODING_ARMOR: return ArmorEncoding; case GPGME_DATA_ENCODING_MIME: return MimeEncoding; + case GPGME_DATA_ENCODING_URL: return UrlEncoding; + case GPGME_DATA_ENCODING_URLESC: return UrlEscEncoding; + case GPGME_DATA_ENCODING_URL0: return Url0Encoding; } return AutoEncoding; } @@ -174,6 +177,9 @@ GpgME::Error GpgME::Data::setEncoding(Encoding enc) case Base64Encoding: ge = GPGME_DATA_ENCODING_BASE64; break; case ArmorEncoding: ge = GPGME_DATA_ENCODING_ARMOR; break; case MimeEncoding: ge = GPGME_DATA_ENCODING_MIME; break; + case UrlEncoding: ge = GPGME_DATA_ENCODING_URL; break; + case UrlEscEncoding: ge = GPGME_DATA_ENCODING_URLESC; break; + case Url0Encoding: ge = GPGME_DATA_ENCODING_URL0; break; } return Error(gpgme_data_set_encoding(d->data, ge)); } diff --git a/lang/cpp/src/data.h b/lang/cpp/src/data.h index b2f2173..50bdf62 100644 --- a/lang/cpp/src/data.h +++ b/lang/cpp/src/data.h @@ -78,7 +78,10 @@ public: BinaryEncoding, Base64Encoding, ArmorEncoding, - MimeEncoding + MimeEncoding, + UrlEncoding, + UrlEscEncoding, + Url0Encoding, }; Encoding encoding() const; Error setEncoding(Encoding encoding); commit 39dd7585f5a7d801942efcb375d6dd46d01d2968 Author: Andre Heinecke Date: Wed Oct 5 16:27:18 2016 +0200 cpp: Fix gcc diagnostic push / pop * lang/cpp/src/context.cpp: Fix pragmas. -- This fixes an error with -Werror=unknown-pragmas diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 34d0efc..1121104 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -699,7 +699,7 @@ Error Context::startPasswd(const Key &key) } -#pragma GCC push_diagnostics +#pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wdeprecated-declarations" Error Context::edit(const Key &key, std::unique_ptr func, Data &data) @@ -759,7 +759,7 @@ Error Context::startCardEditing(const Key &key, std::unique_ptr dp ? dp->data : 0)); } -#pragma GCC pop_diagnostics +#pragma GCC diagnostic pop EditInteractor *Context::lastCardEditInteractor() const { ----------------------------------------------------------------------- Summary of changes: configure.ac | 1 + lang/cpp/src/context.cpp | 4 ++-- lang/cpp/src/data.cpp | 6 ++++++ lang/cpp/src/data.h | 5 ++++- lang/qt/src/qgpgmenewcryptoconfig.cpp | 2 +- lang/qt/src/threadedjobmixin.h | 3 ++- lang/qt/tests/t-encrypt.cpp | 32 +++++++++++++++++++++++++++++--- lang/qt/tests/t-support.h | 4 ++-- lang/qt/tests/t-wkspublish.cpp | 12 ++++++------ 9 files changed, 53 insertions(+), 16 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 5 17:40:57 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 05 Oct 2016 17:40:57 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-32-g8033cff Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8033cff441e9ea185531290273ec343f3402703c (commit) via 88c7e84ede4b6017cac3a396e8c87c2bd3a2bf58 (commit) from 24779c9e2301bd17fd328d65b0383e1cbc944119 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8033cff441e9ea185531290273ec343f3402703c Author: Andre Heinecke Date: Wed Oct 5 17:38:49 2016 +0200 cpp: Bump Revision * configure.ac (LIBGPGMEPP_LT_REVISION): Bump revision. -- The Data::Encoding enum now supports more encodings so this should have been done then. diff --git a/configure.ac b/configure.ac index 8634d8b..bc4aad9 100644 --- a/configure.ac +++ b/configure.ac @@ -63,7 +63,7 @@ LIBGPGME_LT_REVISION=0 LIBGPGMEPP_LT_CURRENT=6 LIBGPGMEPP_LT_AGE=0 -LIBGPGMEPP_LT_REVISION=1 +LIBGPGMEPP_LT_REVISION=2 LIBQGPGME_LT_CURRENT=7 LIBQGPGME_LT_AGE=0 commit 88c7e84ede4b6017cac3a396e8c87c2bd3a2bf58 Author: Andre Heinecke Date: Wed Oct 5 17:27:36 2016 +0200 qt: Fix spelling error in WKSPublishJob * src/qgpgmewkspublishjob.cpp, src/qgpgmewkspublishjob.h, src/wkspublishjob.h, tests/t-wkspublish.cpp: Fix spelling of received. * src/configure.ac (LIBQGPGME_LT_CURRENT): Bump accordingly. -- While this is an API break I've decided to fix this now instead of deprecating / keeping it around forever in the API. The only known users of QGpgME are KDE Applications and there it is not yet used. diff --git a/configure.ac b/configure.ac index 114225a..8634d8b 100644 --- a/configure.ac +++ b/configure.ac @@ -65,9 +65,9 @@ LIBGPGMEPP_LT_CURRENT=6 LIBGPGMEPP_LT_AGE=0 LIBGPGMEPP_LT_REVISION=1 -LIBQGPGME_LT_CURRENT=6 +LIBQGPGME_LT_CURRENT=7 LIBQGPGME_LT_AGE=0 -LIBQGPGME_LT_REVISION=1 +LIBQGPGME_LT_REVISION=0 # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 diff --git a/lang/qt/src/qgpgmewkspublishjob.cpp b/lang/qt/src/qgpgmewkspublishjob.cpp index 96f5a1d..9773893 100644 --- a/lang/qt/src/qgpgmewkspublishjob.cpp +++ b/lang/qt/src/qgpgmewkspublishjob.cpp @@ -141,7 +141,7 @@ static QGpgMEWKSPublishJob::result_type create_worker(const char *fpr, const QSt proc.readAllStandardOutput(), proc.readAllStandardError(), QString(), Error()); } -static QGpgMEWKSPublishJob::result_type recieve_worker(const QByteArray &response) +static QGpgMEWKSPublishJob::result_type receive_worker(const QByteArray &response) { if (response.isEmpty()) { return std::make_tuple (Error(make_error(GPG_ERR_INV_ARG)), @@ -185,9 +185,9 @@ void QGpgMEWKSPublishJob::startCreate(const char *fpr, const QString &mailbox) { run(std::bind(&create_worker, fpr, mailbox)); } -void QGpgMEWKSPublishJob::startRecieve(const QByteArray &response) +void QGpgMEWKSPublishJob::startReceive(const QByteArray &response) { - run(std::bind(&recieve_worker, response)); + run(std::bind(&receive_worker, response)); } #include "qgpgmewkspublishjob.moc" diff --git a/lang/qt/src/qgpgmewkspublishjob.h b/lang/qt/src/qgpgmewkspublishjob.h index 1a31149..5fd3c03 100644 --- a/lang/qt/src/qgpgmewkspublishjob.h +++ b/lang/qt/src/qgpgmewkspublishjob.h @@ -62,7 +62,7 @@ public: void startCheck(const QString &mailbox) Q_DECL_OVERRIDE; void startCreate(const char *fpr, const QString &mailbox) Q_DECL_OVERRIDE; - void startRecieve(const QByteArray &response) Q_DECL_OVERRIDE; + void startReceive(const QByteArray &response) Q_DECL_OVERRIDE; }; } diff --git a/lang/qt/src/wkspublishjob.h b/lang/qt/src/wkspublishjob.h index d7bcd5d..0cec630 100644 --- a/lang/qt/src/wkspublishjob.h +++ b/lang/qt/src/wkspublishjob.h @@ -82,7 +82,7 @@ public: * * @param response The response of the server. **/ - virtual void startRecieve(const QByteArray &response) = 0; + virtual void startReceive(const QByteArray &response) = 0; Q_SIGNALS: /* Result of the operation returned Data and returned Error are diff --git a/lang/qt/tests/t-wkspublish.cpp b/lang/qt/tests/t-wkspublish.cpp index 130c53b..326ecaa 100644 --- a/lang/qt/tests/t-wkspublish.cpp +++ b/lang/qt/tests/t-wkspublish.cpp @@ -226,7 +226,7 @@ private: Q_ASSERT(spy.wait()); } - void testWKSPublishRecieve() { + void testWKSPublishReceive() { if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.0.16") { /* Not supported */ return; @@ -258,7 +258,7 @@ private: Q_ASSERT(outstr.contains( QStringLiteral("From: " TEST_ADDRESS))); }); - job->startRecieve(QByteArray(testResponse)); + job->startReceive(QByteArray(testResponse)); Q_ASSERT(spy.wait()); } ----------------------------------------------------------------------- Summary of changes: configure.ac | 6 +++--- lang/qt/src/qgpgmewkspublishjob.cpp | 6 +++--- lang/qt/src/qgpgmewkspublishjob.h | 2 +- lang/qt/src/wkspublishjob.h | 2 +- lang/qt/tests/t-wkspublish.cpp | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 6 13:27:15 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 06 Oct 2016 13:27:15 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-33-g8575920 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 857592041b8355cd58a7068c9f2446cf8dc0968f (commit) from 8033cff441e9ea185531290273ec343f3402703c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 857592041b8355cd58a7068c9f2446cf8dc0968f Author: Justus Winter Date: Thu Oct 6 13:12:28 2016 +0200 Add missing includes. * lang/cpp/src/key.cpp: Include for 'strcasecmp'. * tests/gpg/t-cancel.c: Include for 'fd_set' and friends. Signed-off-by: Justus Winter diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index df3dc02..4531a2b 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -33,6 +33,7 @@ #include #include +#include #include #include diff --git a/tests/gpg/t-cancel.c b/tests/gpg/t-cancel.c index af98af9..16a062a 100644 --- a/tests/gpg/t-cancel.c +++ b/tests/gpg/t-cancel.c @@ -34,6 +34,7 @@ #include #include #include +#include #include ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/key.cpp | 1 + tests/gpg/t-cancel.c | 1 + 2 files changed, 2 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 6 14:53:19 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 06 Oct 2016 14:53:19 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-209-g4aadc75 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4aadc751f201f8f97c9c1f454e3a29803cce3edb (commit) via b0d2526bc4e5c663eeffe04500420c70cee98712 (commit) via 73000d1ce0317210f5a9e5262404cc90258041ff (commit) via 2d446759bd43ae38fbce9a18c955285ca535bc08 (commit) via 6b626824c8e30b41c47724b5ccbf761937499512 (commit) via 32f81f56a8be6d13dea0a64d24f52343c7e72c84 (commit) via 07cfb3b27a77491eae818d57f6eb660e75fa013f (commit) from 8ce800d21919eaaba7ed4f04f712292be310fd66 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4aadc751f201f8f97c9c1f454e3a29803cce3edb Author: Justus Winter Date: Thu Oct 6 14:48:52 2016 +0200 common: Avoid pointer arithmetic on string literals. * common/gettime.c (rfctimestamp): Use indexing instead. * common/signal.c (got_fatal_signal): Likewise. diff --git a/common/gettime.c b/common/gettime.c index 9702bbc..9c63658 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -740,10 +740,10 @@ rfctimestamp (u32 stamp) if (!tp) return NULL; return xtryasprintf ("%.3s, %02d %.3s %04d %02d:%02d:%02d +0000", - ("SunMonTueWedThuFriSat" + (tp->tm_wday%7)*3), + &"SunMonTueWedThuFriSat"[(tp->tm_wday%7)*3], tp->tm_mday, - ("JanFebMarAprMayJunJulAugSepOctNovDec" - + (tp->tm_mon%12)*3), + &"JanFebMarAprMayJunJulAugSepOctNovDec" + [(tp->tm_mon%12)*3], tp->tm_year + 1900, tp->tm_hour, tp->tm_min, diff --git a/common/signal.c b/common/signal.c index b202f0f..9064adc 100644 --- a/common/signal.c +++ b/common/signal.c @@ -134,7 +134,7 @@ got_fatal_signal (int sig) { if (value >= i || ((any || i==1) && !(value/i))) { - (void)write (2, "0123456789"+(value/i), 1); + (void)write (2, &"0123456789"[value/i], 1); if ((value/i)) any = 1; value %= i; commit b0d2526bc4e5c663eeffe04500420c70cee98712 Author: Justus Winter Date: Thu Oct 6 14:33:20 2016 +0200 g10: Fix singular term. * g10/tofu.c (ask_about_binding): Fix singular message. Signed-off-by: Justus Winter diff --git a/g10/tofu.c b/g10/tofu.c index 5b01c27..c100c43 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1619,7 +1619,7 @@ ask_about_binding (ctrl_t ctrl, else { if (labs(stats_iter->time_ago) == 3) - es_fprintf (fp, ngettext(" over the past days.", + es_fprintf (fp, ngettext(" over the past day.", " over the past %d days.", seen_in_past), TIME_AGO_SMALL_THRESHOLD commit 73000d1ce0317210f5a9e5262404cc90258041ff Author: Justus Winter Date: Thu Oct 6 14:32:10 2016 +0200 g10: Use appropriate variant of 'abs'. * g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'. Signed-off-by: Justus Winter diff --git a/g10/tofu.c b/g10/tofu.c index 1bd8ce2..5b01c27 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1588,7 +1588,7 @@ ask_about_binding (ctrl_t ctrl, seen_in_past = 0; } - if (abs(stats_iter->time_ago) == 1) + if (labs(stats_iter->time_ago) == 1) { /* The 1 in this case is the NULL entry. */ log_assert (stats_iter->count == 1); @@ -1610,7 +1610,7 @@ ask_about_binding (ctrl_t ctrl, if (!stats_iter->count) es_fputs (".", fp); - else if (abs(stats_iter->time_ago) == 2) + else if (labs(stats_iter->time_ago) == 2) { es_fprintf (fp, "in the future."); /* Reset it. */ @@ -1618,25 +1618,25 @@ ask_about_binding (ctrl_t ctrl, } else { - if (abs(stats_iter->time_ago) == 3) + if (labs(stats_iter->time_ago) == 3) es_fprintf (fp, ngettext(" over the past days.", " over the past %d days.", seen_in_past), TIME_AGO_SMALL_THRESHOLD / TIME_AGO_UNIT_SMALL); - else if (abs(stats_iter->time_ago) == 4) + else if (labs(stats_iter->time_ago) == 4) es_fprintf (fp, ngettext(" over the past month.", " over the past %d months.", seen_in_past), TIME_AGO_MEDIUM_THRESHOLD / TIME_AGO_UNIT_MEDIUM); - else if (abs(stats_iter->time_ago) == 5) + else if (labs(stats_iter->time_ago) == 5) es_fprintf (fp, ngettext(" over the past year.", " over the past %d years.", seen_in_past), TIME_AGO_LARGE_THRESHOLD / TIME_AGO_UNIT_LARGE); - else if (abs(stats_iter->time_ago) == 6) + else if (labs(stats_iter->time_ago) == 6) es_fprintf (fp, _(" in the past.")); else log_assert (! "Broken SQL.\n"); commit 2d446759bd43ae38fbce9a18c955285ca535bc08 Author: Justus Winter Date: Thu Oct 6 14:30:56 2016 +0200 sm: Remove statement without effect. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Remove statement without effect. Signed-off-by: Justus Winter diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 91f0c2f..f561bb0 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -559,7 +559,6 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, isvalid_status_cb, &stparm); if (opt.verbose > 1) log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay"); - rc = rc; if (!rc && stparm.seen) { commit 6b626824c8e30b41c47724b5ccbf761937499512 Author: Justus Winter Date: Thu Oct 6 14:17:55 2016 +0200 g10: Fix testing for debug flag. * g10/parse-packet.c (set_packet_list_mode): Fix testing for debug flag. Signed-off-by: Justus Winter diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 9a733b5..86c2be4 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -220,7 +220,7 @@ set_packet_list_mode (int mode) else listfp = es_stderr; - if (opt.debug && DBG_MPI_VALUE) + if (opt.debug & DBG_MPI_VALUE) mpi_print_mode = 1; } return old; commit 32f81f56a8be6d13dea0a64d24f52343c7e72c84 Author: Justus Winter Date: Thu Oct 6 14:17:03 2016 +0200 tools: Improve error handling. * tools/gpg-wks-server.c (copy_key_as_binary): Initialize 'argv'. Signed-off-by: Justus Winter diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 408e3f5..60505ab 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -519,7 +519,7 @@ copy_key_as_binary (const char *keyfile, const char *outfile, { gpg_error_t err; ccparray_t ccp; - const char **argv; + const char **argv = NULL; char *filterexp = NULL; if (addrspec) commit 07cfb3b27a77491eae818d57f6eb660e75fa013f Author: Justus Winter Date: Thu Oct 6 14:13:18 2016 +0200 gpgscm: Update callsite of 'gnupg_spawn_process'. * tests/gpgscm/ffi.c (do_spawn_process): Adapt to the changes to 'gnupg_spawn_process'. Fixes-commit: 44a32455 Fixes-commit: 96c7901e Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index 829384a..44db6bb 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -653,7 +653,7 @@ do_spawn_process (scheme *sc, pointer args) } err = gnupg_spawn_process (argv[0], (const char **) &argv[1], - GPG_ERR_SOURCE_DEFAULT, + NULL, NULL, flags, &infp, &outfp, &errfp, &pid); ----------------------------------------------------------------------- Summary of changes: common/gettime.c | 6 +++--- common/signal.c | 2 +- g10/parse-packet.c | 2 +- g10/tofu.c | 14 +++++++------- sm/call-dirmngr.c | 1 - tests/gpgscm/ffi.c | 2 +- tools/gpg-wks-server.c | 2 +- 7 files changed, 14 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 7 03:52:36 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 07 Oct 2016 03:52:36 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-210-gfc0b392 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fc0b392e766af8127094e8b529d25abb84ad1d65 (commit) from 4aadc751f201f8f97c9c1f454e3a29803cce3edb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fc0b392e766af8127094e8b529d25abb84ad1d65 Author: NIIBE Yutaka Date: Fri Oct 7 10:45:22 2016 +0900 agent, dirmngr, scd: Fix init_common_subsystems. * common/init.c (_init_common_subsystems): Don't call gpgrt_set_syscall_clamp in this function. * agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call gpgrt_set_syscall_clamp after npth_init. -- Signed-off-by: NIIBE Yutaka diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index a4025ce..70d9775 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -941,6 +941,7 @@ thread_init_once (void) npth_initialized++; npth_init (); } + gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); } diff --git a/common/init.c b/common/init.c index 8a86266..cb4228a 100644 --- a/common/init.c +++ b/common/init.c @@ -29,20 +29,12 @@ #include -#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ -#undef HAVE_NPTH -#undef USE_NPTH -#endif - #ifdef HAVE_W32_SYSTEM # ifdef HAVE_WINSOCK2_H # include # endif # include #endif -#ifdef HAVE_NPTH -# include -#endif #ifdef HAVE_W32CE_SYSTEM # include /* For _assuan_w32ce_finish_pipe. */ #endif @@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp) /* Initialize the Estream library. */ gpgrt_init (); gpgrt_set_alloc_func (gcry_realloc); -#ifdef USE_NPTH - gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); -#endif /* Special hack for Windows CE: We extract some options from arg to setup the standard handles. */ diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 621c2bb..271360e 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -651,6 +651,7 @@ static void thread_init (void) { npth_init (); + gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); /* Now with NPth running we can set the logging callback. Our windows implementation does not yet feature the NPth TLS diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 3571e66..df1abe8 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -723,6 +723,7 @@ main (int argc, char **argv ) #endif npth_init (); + gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); /* If --debug-allow-core-dump has been given we also need to switch the working directory to a place where we can actually @@ -862,6 +863,7 @@ main (int argc, char **argv ) /* This is the child. */ npth_init (); + gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); /* Detach from tty and put process into a new session. */ if (!nodetach ) ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 1 + common/init.c | 11 ----------- dirmngr/dirmngr.c | 1 + scd/scdaemon.c | 2 ++ 4 files changed, 4 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 7 08:10:06 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 07 Oct 2016 08:10:06 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-212-g1a24c67 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1a24c67e20e6ccc6c8e37403a26c715c0f1b6216 (commit) via 5d43d28aa3c44c3a27fde823f467b0c4be1a58c2 (commit) from fc0b392e766af8127094e8b529d25abb84ad1d65 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1a24c67e20e6ccc6c8e37403a26c715c0f1b6216 Author: Werner Koch Date: Fri Oct 7 07:59:21 2016 +0200 Revert "g10: Fix singular term." -- This reverts commit b0d2526bc4e5c663eeffe04500420c70cee98712. The number of format elements may not change in ngettext. The entire construct is anyway wrong because ngettext is passed a different value than what is used in the printf. We need to rework the use of most strings in tofu.c. Signed-off-by: Werner Koch diff --git a/g10/tofu.c b/g10/tofu.c index c100c43..5b01c27 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1619,7 +1619,7 @@ ask_about_binding (ctrl_t ctrl, else { if (labs(stats_iter->time_ago) == 3) - es_fprintf (fp, ngettext(" over the past day.", + es_fprintf (fp, ngettext(" over the past days.", " over the past %d days.", seen_in_past), TIME_AGO_SMALL_THRESHOLD commit 5d43d28aa3c44c3a27fde823f467b0c4be1a58c2 Author: Werner Koch Date: Fri Oct 7 07:54:38 2016 +0200 gpg: Put extra parens around bit tests. * g10/options.h (DBG_MPI): New. * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. Signed-off-by: Werner Koch diff --git a/doc/HACKING b/doc/HACKING index bb04fdf..e717479 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -174,6 +174,8 @@ Note that such a comment will be removed if the git commit option indicate a problem with the code. - Never init static or file local variables to 0 to make sure they end up in BSS. + - But extra parenthesis around terms with binary operators to make + it clear that the binary operator was indeed intended. - Use --enable-maintainer-mode with configure so that all suitable warnings are enabled. diff --git a/g10/gpg.c b/g10/gpg.c index 2d5b4ff..9ffce48 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1190,15 +1190,15 @@ set_debug (const char *level) g10_exit (2); } - if (opt.debug & DBG_MEMORY_VALUE ) + if ((opt.debug & DBG_MEMORY_VALUE)) memory_debug_mode = 1; - if (opt.debug & DBG_MEMSTAT_VALUE ) + if ((opt.debug & DBG_MEMSTAT_VALUE)) memory_stat_debug_mode = 1; - if (opt.debug & DBG_MPI_VALUE) + if (DBG_MPI) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2); - if (opt.debug & DBG_CRYPTO_VALUE ) + if (DBG_CRYPTO) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); - if (opt.debug & DBG_IOBUF_VALUE ) + if ((opt.debug & DBG_IOBUF_VALUE)) iobuf_debug_mode = 1; gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); diff --git a/g10/options.h b/g10/options.h index 544be60..43dfd99 100644 --- a/g10/options.h +++ b/g10/options.h @@ -305,6 +305,7 @@ struct { /* Tests for the debugging flags. */ #define DBG_PACKET (opt.debug & DBG_PACKET_VALUE) +#define DBG_MPI (opt.debug & DBG_MPI_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) #define DBG_FILTER (opt.debug & DBG_FILTER_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) @@ -317,7 +318,7 @@ struct { #define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) #define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE) -/* FIXME: We need to check whey we did not put this into opt. */ +/* FIXME: We need to check why we did not put this into opt. */ #define DBG_MEMORY memory_debug_mode #define DBG_MEMSTAT memory_stat_debug_mode diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 86c2be4..bda3e14 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -220,7 +220,7 @@ set_packet_list_mode (int mode) else listfp = es_stderr; - if (opt.debug & DBG_MPI_VALUE) + if (DBG_MPI) mpi_print_mode = 1; } return old; ----------------------------------------------------------------------- Summary of changes: doc/HACKING | 2 ++ g10/gpg.c | 10 +++++----- g10/options.h | 3 ++- g10/parse-packet.c | 2 +- g10/tofu.c | 2 +- 5 files changed, 11 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 7 12:01:59 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 07 Oct 2016 12:01:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-213-gfb3b3e1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fb3b3e1e7a4219f61a834fd07809898918611c2f (commit) from 1a24c67e20e6ccc6c8e37403a26c715c0f1b6216 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb3b3e1e7a4219f61a834fd07809898918611c2f Author: NIIBE Yutaka Date: Fri Oct 7 19:00:10 2016 +0900 agent: Fix get_socket_name. * agent/gpg-agent.c (get_socket_name): Fix the size of copying. -- Signed-off-by: NIIBE Yutaka diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 70d9775..32e072b 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -599,19 +599,21 @@ get_socket_name (int fd) log_error ("socket name not present for file descriptor %d\n", fd); else if (len > sizeof(un)) log_error ("socket name for file descriptor %d was truncated " - "(passed %lu bytes, wanted %u)\n", fd, sizeof(un), len); + "(passed %zu bytes, wanted %u)\n", fd, sizeof(un), len); else { - log_debug ("file descriptor %d has path %s (%lu octets)\n", fd, - un.sun_path, len - offsetof (struct sockaddr_un, sun_path)); - name = xtrymalloc (len - offsetof (struct sockaddr_un, sun_path) + 1); + size_t namelen = len - offsetof (struct sockaddr_un, sun_path); + + log_debug ("file descriptor %d has path %s (%zu octets)\n", fd, + un.sun_path, namelen); + name = xtrymalloc (namelen + 1); if (!name) log_error ("failed to allocate memory for name of fd %d: %s\n", fd, gpg_strerror (gpg_error_from_syserror ())); else { - memcpy (name, un.sun_path, len); - name[len] = 0; + memcpy (name, un.sun_path, namelen); + name[namelen] = 0; } } ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 7 14:16:02 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 07 Oct 2016 14:16:02 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-67-gc50e22b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via c50e22b8d996be374905e977deaaaacce040b15c (commit) via 9c4c7cdebd018a2e4bcb4fb519ba06cc0c6550ed (commit) via f0b818676f11d0c7395f6cf11a24e6a6ad6940a5 (commit) from 037b2aa3cba5d354586c1c7d311e86775ebb341e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c50e22b8d996be374905e977deaaaacce040b15c Author: Andre Heinecke Date: Fri Oct 7 14:14:38 2016 +0200 Clean up set_pa_info and add comment * src/oomhelp.cpp (set_pa_variant): Cleanup. * src/oomhelp.h (set_pa_variant): Document painful experiments. diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp index 3296637..562582c 100644 --- a/src/oomhelp.cpp +++ b/src/oomhelp.cpp @@ -811,7 +811,8 @@ get_oom_context_window (LPDISPATCH context) return ret; } -int set_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *value) +int +set_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *value) { LPDISPATCH propertyAccessor; VARIANT cVariant[2]; @@ -824,6 +825,8 @@ int set_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *value) wchar_t *w_property; unsigned int argErr = 0; + init_excepinfo (&execpinfo); + log_oom ("%s:%s: Looking up property: %s;", SRCNAME, __func__, dasl_id); @@ -849,9 +852,12 @@ int set_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *value) b_property = SysAllocString (w_property); xfree (w_property); + /* Variant 0 carries the data. */ + VariantCopy (&cVariant[0], value); + + /* Variant 1 is the DASL as found out by experiments. */ cVariant[1].vt = VT_BSTR; cVariant[1].bstrVal = b_property; - VariantCopy (&cVariant[0], value); dispparams.rgvarg = cVariant; dispparams.cArgs = 2; dispparams.cNamedArgs = 0; @@ -861,6 +867,7 @@ int set_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *value) DISPATCH_METHOD, &dispparams, &rVariant, &execpinfo, &argErr); SysFreeString (b_property); + VariantClear (&cVariant[0]); gpgol_release (propertyAccessor); if (hr != S_OK) { diff --git a/src/oomhelp.h b/src/oomhelp.h index d352a8f..0859d17 100644 --- a/src/oomhelp.h +++ b/src/oomhelp.h @@ -163,7 +163,24 @@ get_pa_string (LPDISPATCH pDisp, const char *property); int get_pa_int (LPDISPATCH pDisp, const char *property, int *rInt); -/* Set a variant with the propertyAccessor interface */ +/* Set a variant with the propertyAccessor interface. + + This is tested to work at least vor BSTR variants. Trying + to set PR_ATTACH_DATA_BIN_DASL with this failed with + hresults 0x80020005 type mismatch or 0x80020008 vad + variable type for: + VT_ARRAY | VT_UI1 | VT_BYREF + VT_SAFEARRAY | VT_UI1 | VT_BYREF + VT_BSTR | VT_BYREF + VT_BSTR + VT_ARRAY | VT_UI1 + VT_SAFEARRAY | VT_UI1 + + No idea whats wrong there. Needs more experiments. The + Type is only documented as "Binary". Outlookspy also + fails with the same error when trying to modify the + property. +*/ int set_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *value); commit 9c4c7cdebd018a2e4bcb4fb519ba06cc0c6550ed Author: Andre Heinecke Date: Fri Oct 7 14:13:10 2016 +0200 Add excepinfo init helper * src/oomhelp.cpp (init_excepinfo): New. Init the struct. -- Some invocation calls do not set excepinfo on failure this avoids that unitialized pointers in excepinfo are used in that case. diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp index 2a286e9..3296637 100644 --- a/src/oomhelp.cpp +++ b/src/oomhelp.cpp @@ -107,6 +107,24 @@ lookup_oom_dispid (LPDISPATCH pDisp, const char *name) return dispid; } +static void +init_excepinfo (EXCEPINFO *err) +{ + if (!err) + { + return; + } + err->wCode = 0; + err->wReserved = 0; + err->bstrSource = nullptr; + err->bstrDescription = nullptr; + err->bstrHelpFile = nullptr; + err->dwHelpContext = 0; + err->pvReserved = nullptr; + err->pfnDeferredFillIn = nullptr; + err->scode = 0; +} + void dump_excepinfo (EXCEPINFO err) { @@ -121,7 +139,9 @@ dump_excepinfo (EXCEPINFO err) " scode: 0x%x\n", SRCNAME, __func__, (unsigned int) err.wCode, (unsigned int) err.wReserved, - err.bstrSource, err.bstrDescription, err.bstrHelpFile, + err.bstrSource ? err.bstrSource : L"null", + err.bstrDescription ? err.bstrDescription : L"null", + err.bstrHelpFile ? err.bstrDescription : L"null", (unsigned int) err.dwHelpContext, err.pfnDeferredFillIn, (unsigned int) err.scode); commit f0b818676f11d0c7395f6cf11a24e6a6ad6940a5 Author: Andre Heinecke Date: Fri Oct 7 14:04:07 2016 +0200 Simplify Attachment code by using just Data * src/attachment.cpp (Attachment::get_data): Direct access to the underlying data structure. * src/attachment.h, src/mimedataprovider.cpp: Update accordingly. -- The plan was initially to use a MAPI Stream to hold the data now with the testing on GNU/Linux it's better to use a platform independent data structure and that simplifies the code. diff --git a/src/attachment.cpp b/src/attachment.cpp index 2dac020..fc528c7 100644 --- a/src/attachment.cpp +++ b/src/attachment.cpp @@ -51,34 +51,8 @@ Attachment::set_attach_type(attachtype_t type) m_type = type; } -bool -Attachment::isSupported(GpgME::DataProvider::Operation op) const +GpgME::Data & +Attachment::get_data() { - return op == GpgME::DataProvider::Read || - op == GpgME::DataProvider::Write || - op == GpgME::DataProvider::Seek || - op == GpgME::DataProvider::Release; -} - -ssize_t -Attachment::read(void *buffer, size_t bufSize) -{ - return m_data.read (buffer, bufSize); -} - -ssize_t -Attachment::write(const void *data, size_t size) -{ - return m_data.write (data, size); -} - -off_t Attachment::seek(off_t offset, int whence) -{ - return m_data.seek (offset, whence); -} - -void Attachment::release() -{ - /* No op. */ - log_debug ("%s:%s", SRCNAME, __func__); + return m_data; } diff --git a/src/attachment.h b/src/attachment.h index f2ba143..47c536e 100644 --- a/src/attachment.h +++ b/src/attachment.h @@ -22,11 +22,10 @@ #include -#include #include /** Helper class for attachment actions. */ -class Attachment : public GpgME::DataProvider +class Attachment { public: /** Creates and opens a new in memory attachment. */ @@ -39,12 +38,8 @@ public: void set_attach_type(attachtype_t type); - /* Dataprovider interface */ - bool isSupported(Operation) const; - ssize_t read(void *buffer, size_t bufSize); - ssize_t write(const void *buffer, size_t bufSize); - off_t seek(off_t offset, int whence); - void release(); + /* get the underlying data structure */ + GpgME::Data& get_data(); private: GpgME::Data m_data; diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index 59fcd38..a4aea43 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -662,10 +662,10 @@ MimeDataProvider::collect_input_lines(const char *input, size_t insize) } else if (m_mime_ctx->current_attachment && len) { - m_mime_ctx->current_attachment->write(linebuf, len); + m_mime_ctx->current_attachment->get_data().write(linebuf, len); if (!m_mime_ctx->is_base64_encoded && !slbrk) { - m_mime_ctx->current_attachment->write("\r\n", 2); + m_mime_ctx->current_attachment->get_data().write("\r\n", 2); } } else ----------------------------------------------------------------------- Summary of changes: src/attachment.cpp | 32 +++----------------------------- src/attachment.h | 11 +++-------- src/mimedataprovider.cpp | 4 ++-- src/oomhelp.cpp | 33 ++++++++++++++++++++++++++++++--- src/oomhelp.h | 19 ++++++++++++++++++- 5 files changed, 56 insertions(+), 43 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 7 15:04:01 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 07 Oct 2016 15:04:01 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-68-ga224067 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via a2240672cf62c7caea7b4d442f83d36b6c122ee7 (commit) from c50e22b8d996be374905e977deaaaacce040b15c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a2240672cf62c7caea7b4d442f83d36b6c122ee7 Author: Andre Heinecke Date: Fri Oct 7 15:01:11 2016 +0200 Make attachments work again * src/common.c (get_tmp_outfile): Add SHARE_DELETE * src/mail.cpp (get_attachment, get_cipherstream), (get_attachment_stream): Split get_cipherstream in two subfunctions. (copy_data_property): Add disabled experimental code. (copy_attachment_to_file): Copy attachment data to tmp file. (add_attachments): Use copy to file. (Mail::decrypt_verify): Update call according to new function. diff --git a/src/common.c b/src/common.c index 6e41876..557bc2a 100644 --- a/src/common.c +++ b/src/common.c @@ -758,7 +758,7 @@ get_tmp_outfile (wchar_t *name, HANDLE *outHandle) while ((*outHandle = CreateFileW (outName, GENERIC_WRITE | GENERIC_READ, - FILE_SHARE_READ, + FILE_SHARE_READ | FILE_SHARE_DELETE, NULL, CREATE_NEW, FILE_ATTRIBUTE_TEMPORARY, diff --git a/src/mail.cpp b/src/mail.cpp index 4c488eb..e4984c0 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -39,6 +39,8 @@ static std::map g_mail_map; +#define COPYBUFSIZE (8 * 1024) + /* TODO: Localize this once it is less bound to change. TODO: Use a dedicated message for failed decryption. */ #define HTML_TEMPLATE \ @@ -182,15 +184,11 @@ Mail::pre_process_message () return 0; } -/** Get the cipherstream of the mailitem. */ -static LPSTREAM -get_cipherstream (LPDISPATCH mailitem, int pos) +static LPDISPATCH +get_attachment (LPDISPATCH mailitem, int pos) { + LPDISPATCH attachment; LPDISPATCH attachments = get_oom_object (mailitem, "Attachments"); - LPDISPATCH attachment = NULL; - LPATTACH mapi_attachment = NULL; - LPSTREAM stream = NULL; - if (!attachments) { log_debug ("%s:%s: Failed to get attachments.", @@ -198,6 +196,7 @@ get_cipherstream (LPDISPATCH mailitem, int pos) return NULL; } + const auto item_str = std::string("Item(") + std::to_string(pos) + ")"; int count = get_oom_int (attachments, "Count"); if (count < 1) { @@ -206,11 +205,19 @@ get_cipherstream (LPDISPATCH mailitem, int pos) gpgol_release (attachments); return NULL; } - /* We assume the crypto attachment is the second item. */ - const auto item_str = std::string("Item(") + std::to_string(pos) + ")"; attachment = get_oom_object (attachments, item_str.c_str()); gpgol_release (attachments); - attachments = NULL; + + return attachment; +} + +/** Get the cipherstream of the mailitem. */ +static LPSTREAM +get_attachment_stream (LPDISPATCH mailitem, int pos) +{ + LPDISPATCH attachment = get_attachment (mailitem, pos); + LPATTACH mapi_attachment = NULL; + LPSTREAM stream = NULL; mapi_attachment = (LPATTACH) get_oom_iunknown (attachment, "MapiObject"); @@ -230,28 +237,177 @@ get_cipherstream (LPDISPATCH mailitem, int pos) return stream; } +#if 0 + +This should work. But Outlook says no. See the comment in set_pa_variant +about this. I left the code here as an example how to work with +safearrays and how this probably should work. + +static int +copy_data_property(LPDISPATCH target, std::shared_ptr attach) +{ + VARIANT var; + VariantInit (&var); + + /* Get the size */ + off_t size = attach->get_data ().seek (0, SEEK_END); + attach->get_data ().seek (0, SEEK_SET); + + if (!size) + { + TRACEPOINT; + return 1; + } + + if (!get_pa_variant (target, PR_ATTACH_DATA_BIN_DASL, &var)) + { + log_debug("Have variant. type: %x", var.vt); + } + else + { + log_debug("failed to get variant."); + } + + /* Set the type to an array of unsigned chars (OLE SAFEARRAY) */ + var.vt = VT_ARRAY | VT_UI1; + + /* Set up the bounds structure */ + SAFEARRAYBOUND rgsabound[1]; + rgsabound[0].cElements = static_cast (size); + rgsabound[0].lLbound = 0; + + /* Create an OLE SAFEARRAY */ + var.parray = SafeArrayCreate (VT_UI1, 1, rgsabound); + if (var.parray == NULL) + { + TRACEPOINT; + VariantClear(&var); + return 1; + } + + void *buffer = NULL; + /* Get a safe pointer to the array */ + if (SafeArrayAccessData(var.parray, &buffer) != S_OK) + { + TRACEPOINT; + VariantClear(&var); + return 1; + } + + /* Copy data to it */ + size_t nread = attach->get_data ().read (buffer, static_cast (size)); + + if (nread != static_cast (size)) + { + TRACEPOINT; + VariantClear(&var); + return 1; + } + + /*/ Unlock the variant data */ + if (SafeArrayUnaccessData(var.parray) != S_OK) + { + TRACEPOINT; + VariantClear(&var); + return 1; + } + + if (set_pa_variant (target, PR_ATTACH_DATA_BIN_DASL, &var)) + { + TRACEPOINT; + VariantClear(&var); + return 1; + } + + VariantClear(&var); + return 0; +} +#endif + +static int +copy_attachment_to_file (std::shared_ptr att, HANDLE hFile) +{ + char copybuf[COPYBUFSIZE]; + size_t nread; + + /* Security considerations: Writing the data to a temporary + file is necessary as neither MAPI manipulation works in the + read event to transmit the data nor Property Accessor + works (see above). From a security standpoint there is a + short time where the temporary files are on disk. Tempdir + should be protected so that only the user can read it. Thus + we have a local attack that could also take the data out + of Outlook. FILE_SHARE_READ is necessary so that outlook + can read the file. + + A bigger concern is that the file is manipulated + by another software to fake the signature state. So + we keep the write exlusive to us. + + We delete the file before closing the write file handle. + */ + + /* Make sure we start at the beginning */ + att->get_data ().seek (0, SEEK_SET); + while ((nread = att->get_data ().read (copybuf, COPYBUFSIZE))) + { + DWORD nwritten; + if (!WriteFile (hFile, copybuf, nread, &nwritten, NULL)) + { + log_error ("%s:%s: Failed to write in tmp attachment.", + SRCNAME, __func__); + return 1; + } + if (nread != nwritten) + { + log_error ("%s:%s: Write truncated.", + SRCNAME, __func__); + return 1; + } + } + return 0; +} + /** Helper to update the attachments of a mail object in oom. does not modify the underlying mapi structure. */ -static bool +static int add_attachments(LPDISPATCH mail, std::vector > attachments) { + int err = 0; for (auto att: attachments) { wchar_t* wchar_name = utf8_to_wchar (att->get_display_name().c_str()); - log_debug("DisplayName %s", att->get_display_name().c_str()); HANDLE hFile; - wchar_t* wchar_file = get_tmp_outfile (GpgOLStr("gpgol-attach-"), &hFile); + wchar_t* wchar_file = get_tmp_outfile (GpgOLStr (att->get_display_name().c_str()), + &hFile); + if (copy_attachment_to_file (att, hFile)) + { + log_error ("%s:%s: Failed to copy attachment %s to temp file", + SRCNAME, __func__, att->get_display_name().c_str()); + err = 1; + } if (add_oom_attachment (mail, wchar_file, wchar_name)) { - log_debug ("Failed to add attachment."); + log_error ("%s:%s: Failed to add attachment: %s", + SRCNAME, __func__, att->get_display_name().c_str()); + err = 1; + } + if (!DeleteFileW (wchar_file)) + { + log_error ("%s:%s: Failed to delete tmp attachment for: %s", + SRCNAME, __func__, att->get_display_name().c_str()); + err = 1; } CloseHandle (hFile); - DeleteFileW (wchar_file); xfree (wchar_file); xfree (wchar_name); + if (err) + { + return err; + } } - return false; + return 0; } static DWORD WINAPI @@ -305,7 +461,7 @@ Mail::decrypt_verify() xfree (placeholder_buf); /* Do the actual parsing */ - auto cipherstream = get_cipherstream (m_mailitem, m_moss_position); + auto cipherstream = get_attachment_stream (m_mailitem, m_moss_position); if (!cipherstream) { ----------------------------------------------------------------------- Summary of changes: src/common.c | 2 +- src/mail.cpp | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 174 insertions(+), 18 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 7 16:26:22 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 07 Oct 2016 16:26:22 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-218-gcbbf0a7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cbbf0a7a8da1757fea29cff0daaa42a6bbb95b26 (commit) via 1f76f8d8bc65fad98927c977baf4d5e36dafe52b (commit) via 11eac7eb2fa3392a9aa052f8f5bb9875129ab84b (commit) via dff266059813d22d1e2ba7e77279999cd41ceb75 (commit) via 5afbfdfd59540cb882d891ff1f4afa73fe48f99a (commit) from fb3b3e1e7a4219f61a834fd07809898918611c2f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cbbf0a7a8da1757fea29cff0daaa42a6bbb95b26 Author: Justus Winter Date: Fri Oct 7 16:17:49 2016 +0200 tests: Rework test environment setup. * tests/openpgp/setup.scm: Import one keyring at a time. This works around a yet to be investigated hang on Windows. It is also much prettier. Signed-off-by: Justus Winter diff --git a/tests/openpgp/setup.scm b/tests/openpgp/setup.scm index 0a9a153..75310d1 100755 --- a/tests/openpgp/setup.scm +++ b/tests/openpgp/setup.scm @@ -84,11 +84,12 @@ "C6A6390E9388CDBAD71EAEA698233FE5E04F001E" "D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3")) - (info "Importing public demo and test keys") - (call-check `(, at GPG --yes --import - ,(in-srcdir "pubdemo.asc") - ,(in-srcdir "pubring.asc") - ,(in-srcdir key-file1))) + (for-each-p + "Importing public demo and test keys" + (lambda (file) + (call-check `(, at GPG --yes --import ,(in-srcdir file)))) + (list "pubdemo.asc" "pubring.asc" key-file1)) + (pipe:do (pipe:open (in-srcdir "pubring.pkr.asc") (logior O_RDONLY O_BINARY)) (pipe:spawn `(, at GPG --dearmor)) commit 1f76f8d8bc65fad98927c977baf4d5e36dafe52b Author: Justus Winter Date: Fri Oct 7 16:16:15 2016 +0200 tests: Improve handling of Windows newlines. * tests/gpgscm/lib.scm (string-split-newlines): New function. * tests/openpgp/default-key.scm: Use new function. * tests/openpgp/defs.scm: Likewise. * tests/openpgp/export.scm: Likewise. * tests/openpgp/import.scm: Likewise. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/lib.scm b/tests/gpgscm/lib.scm index fe28262..e4ab483 100644 --- a/tests/gpgscm/lib.scm +++ b/tests/gpgscm/lib.scm @@ -92,6 +92,15 @@ (assert (string=? "bar" (cadr (string-split "foo:bar:baz" #\:)))) (assert (string=? "baz" (caddr (string-split "foo:bar:baz" #\:)))) +;; Split haystack at newlines. +(define (string-split-newlines haystack) + (if *win32* + (map (lambda (line) (if (string-suffix? line "\r") + (substring line 0 (- (string-length line) 1)) + line)) + (string-split haystack #\newline)) + (string-split haystack #\newline))) + ;; Trim the prefix of S containing only characters that make PREDICATE ;; true. (define (string-ltrim predicate s) diff --git a/tests/openpgp/default-key.scm b/tests/openpgp/default-key.scm index 4433658..07cc8c0 100755 --- a/tests/openpgp/default-key.scm +++ b/tests/openpgp/default-key.scm @@ -71,6 +71,6 @@ (unless (any (lambda (line) (and (string-prefix? line ":pubkey enc packet:") (string-suffix? line "45117079"))) - (string-split c #\newline)) + (string-split-newlines c)) (exit 1)))))) '("8BC90111" "3E880CFF" "F5F77B83" "45117079" "1EA97479")) diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 4a968da..e484e86 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -91,7 +91,7 @@ (define (gpg-with-colons args) (let ((s (call-popen `(, at GPG --with-colons , at args) ""))) (map (lambda (line) (string-split line #\:)) - (string-split s #\newline)))) + (string-split-newlines s)))) (define (get-config what) (string-split (caddar (gpg-with-colons `(--list-config ,what))) #\;)) @@ -133,8 +133,8 @@ (lambda (line) (let ((p (string-split line #\:))) (list (string->number (cadr p)) (caddr p)))) - (string-split - (call-popen `(, at GPG --with-colons , at args) input) #\newline))) + (string-split-newlines + (call-popen `(, at GPG --with-colons , at args) input)))) ;; Dearmor a file. (define (dearmor source-name sink-name) diff --git a/tests/openpgp/export.scm b/tests/openpgp/export.scm index 8291705..f7a23f4 100755 --- a/tests/openpgp/export.scm +++ b/tests/openpgp/export.scm @@ -37,13 +37,13 @@ "Signature packet not found")) (define (check-exported-public-key packet-dump keyid) - (let ((dump (string-split packet-dump #\newline))) + (let ((dump (string-split-newlines packet-dump))) (check-for (lambda (l) (string-prefix? l ":public key packet:")) dump "Public key packet not found") (check-exported-key dump keyid))) (define (check-exported-private-key packet-dump keyid) - (let ((dump (string-split packet-dump #\newline))) + (let ((dump (string-split-newlines packet-dump))) (check-for (lambda (l) (string-prefix? l ":secret key packet:")) dump "Secret key packet not found") (check-exported-key dump keyid))) diff --git a/tests/openpgp/import.scm b/tests/openpgp/import.scm index 580acea..98f3ad9 100755 --- a/tests/openpgp/import.scm +++ b/tests/openpgp/import.scm @@ -36,7 +36,7 @@ (unless (any (lambda (line) (and (string-prefix? line "rvk:") (string-contains? line ":0EE5BE979282D80B9F7540F1CCD2ED94D21739E9:"))) - (string-split c #\newline)) + (string-split-newlines c)) (exit 1))))) (define fpr1 "9E669861368BCA0BE42DAF7DDDA252EBB8EBE1AF") @@ -55,6 +55,6 @@ (lambda (line) (and (string-prefix? line "pub:") (string-contains? line ":4096:1:DDA252EBB8EBE1AF:"))) - (string-split c #\newline)))) + (string-split-newlines c)))) (unless (= 2 (length keys)) (error "Importing keys with long id collision failed")))))) commit 11eac7eb2fa3392a9aa052f8f5bb9875129ab84b Author: Justus Winter Date: Fri Oct 7 16:13:08 2016 +0200 gpgscm: Improve test of low-level functions. * tests/gpgscm/t-child.c: Print large amounts of data. * tests/gpgscm/t-child.scm: Test that this works. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/t-child.c b/tests/gpgscm/t-child.c index fe2e7b4..ae1a635 100644 --- a/tests/gpgscm/t-child.c +++ b/tests/gpgscm/t-child.c @@ -30,6 +30,8 @@ int main (int argc, char **argv) { + char buffer[4096]; + memset (buffer, 'A', sizeof buffer); #if _WIN32 if (! setmode (stdin, O_BINARY)) return 23; @@ -49,10 +51,16 @@ main (int argc, char **argv) fprintf (stdout, "hello"); else if (strcmp (argv[1], "hello_stderr") == 0) fprintf (stderr, "hello"); + else if (strcmp (argv[1], "stdout4096") == 0) + fwrite (buffer, 1, sizeof buffer, stdout); + else if (strcmp (argv[1], "stdout8192") == 0) + { + fwrite (buffer, 1, sizeof buffer, stdout); + fwrite (buffer, 1, sizeof buffer, stdout); + } else if (strcmp (argv[1], "cat") == 0) while (! feof (stdin)) { - char buffer[4096]; size_t bytes_read; bytes_read = fread (buffer, 1, sizeof buffer, stdin); fwrite (buffer, 1, bytes_read, stdout); diff --git a/tests/gpgscm/t-child.scm b/tests/gpgscm/t-child.scm index 27928f6..93208f4 100644 --- a/tests/gpgscm/t-child.scm +++ b/tests/gpgscm/t-child.scm @@ -22,6 +22,8 @@ (define (qualify executable) (string-append executable (getenv "EXEEXT"))) +(define child (qualify "t-child")) + (assert (= 0 (call `(,(qualify "t-child") "return0")))) (assert (= 1 (call `(,(qualify "t-child") "return1")))) (assert (= 77 (call `(,(qualify "t-child") "return77")))) @@ -51,6 +53,16 @@ (assert (string=? "" (:stdout r))) (assert (string=? "hello" (:stderr r)))) +(let ((r (call-with-io `(,(qualify "t-child") "stdout4096") ""))) + (assert (= 0 (:retcode r))) + (assert (= 4096 (string-length (:stdout r)))) + (assert (string=? "" (:stderr r)))) + +(let ((r (call-with-io `(,(qualify "t-child") "stdout8192") ""))) + (assert (= 0 (:retcode r))) + (assert (= 8192 (string-length (:stdout r)))) + (assert (string=? "" (:stderr r)))) + (let ((r (call-with-io `(,(qualify "t-child") "cat") "hellohello"))) (assert (= 0 (:retcode r))) (assert (string=? "hellohello" (:stdout r))) @@ -90,4 +102,17 @@ (wait-processes '("child0" "child1") (list pid0 pid1) #t)))) (echo " world.") +(tr:do + (tr:pipe-do + (pipe:spawn `(,child stdout4096)) + (pipe:spawn `(,child cat))) + (tr:call-with-content (lambda (c) + (assert (= 4096 (length c)))))) +(tr:do + (tr:pipe-do + (pipe:spawn `(,child stdout8192)) + (pipe:spawn `(,child cat))) + (tr:call-with-content (lambda (c) + (assert (= 8192 (length c)))))) + (echo "All good.") commit dff266059813d22d1e2ba7e77279999cd41ceb75 Author: Justus Winter Date: Fri Oct 7 12:53:25 2016 +0200 gpgscm: Improve path handling. * tests/gpgscm/ffi.c (ffi_init): New Scheme variable '*win32*'. * tests/gpgscm/tests.scm (canonical-path): Correctly handle paths with drive letter on Windows. Use 'path-join'. (path-expand): Use 'path-join'. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index 44db6bb..a0fbe2e 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -1276,6 +1276,15 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname, ffi_define (sc, "*pathsep*", sc->vptr->mk_character (sc, ':')); #endif + ffi_define (sc, "*win32*", +#if _WIN32 + sc->T +#else + sc->F +#endif + ); + + ffi_define (sc, "*stdin*", sc->vptr->mk_port_from_file (sc, stdin, port_input)); ffi_define (sc, "*stdout*", diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 71ca369..8986a70 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -181,9 +181,15 @@ (assert (string=? (path-join "" "bar" "baz") "bar/baz")) (define (canonical-path path) - (if (char=? #\/ (string-ref path 0)) + (if (or (char=? #\/ (string-ref path 0)) + (and *win32* (char=? #\\ (string-ref path 0))) + (and *win32* + (char-alphabetic? (string-ref path 0)) + (char=? #\: (string-ref path 1)) + (or (char=? #\/ (string-ref path 2)) + (char=? #\\ (string-ref path 2))))) path - (string-append (getcwd) "/" path))) + (path-join (getcwd) path))) (define (in-srcdir . names) (canonical-path (apply path-join (cons (getenv "srcdir") names)))) @@ -194,7 +200,7 @@ (let loop ((path paths)) (if (null? path) (throw "Could not find" name "in" paths) - (let* ((qualified-name (string-append (car path) "/" name)) + (let* ((qualified-name (path-join (car path) name)) (file-exists (call-with-input-file qualified-name (lambda (x) #t)))) (if file-exists commit 5afbfdfd59540cb882d891ff1f4afa73fe48f99a Author: Justus Winter Date: Fri Oct 7 12:52:09 2016 +0200 tools: Fix error handling. * tools/gpgtar-create.c (gpgtar_create): Do not crash if opening the tarball failed. Signed-off-by: Justus Winter diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index 6adc1f5..6780eff 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -853,8 +853,6 @@ gpgtar_create (char **inpattern, int encrypt, int sign) if (!outstream) { err = gpg_error_from_syserror (); - log_error (_("can't create '%s': %s\n"), - opt.outfile, gpg_strerror (err)); goto leave; } } @@ -958,7 +956,7 @@ gpgtar_create (char **inpattern, int encrypt, int sign) if (err) { log_error ("creating tarball '%s' failed: %s\n", - es_fname_get (outstream), gpg_strerror (err)); + opt.outfile ? opt.outfile : "-", gpg_strerror (err)); if (outstream && outstream != es_stdout) es_fclose (outstream); if (cipher_stream && cipher_stream != es_stdout) ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/ffi.c | 9 +++++++++ tests/gpgscm/lib.scm | 9 +++++++++ tests/gpgscm/t-child.c | 10 +++++++++- tests/gpgscm/t-child.scm | 25 +++++++++++++++++++++++++ tests/gpgscm/tests.scm | 12 +++++++++--- tests/openpgp/default-key.scm | 2 +- tests/openpgp/defs.scm | 6 +++--- tests/openpgp/export.scm | 4 ++-- tests/openpgp/import.scm | 4 ++-- tests/openpgp/setup.scm | 11 ++++++----- tools/gpgtar-create.c | 4 +--- 11 files changed, 76 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 7 16:28:46 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 07 Oct 2016 16:28:46 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.24-6-g0c837a8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 0c837a82207d0b19f9dabc8870ffb23d6a4ade64 (commit) via d6416fbd55256d8e693519cb548ad2cc7847898e (commit) from bf7eb978597ba07906f0a7490e626c071af1987f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0c837a82207d0b19f9dabc8870ffb23d6a4ade64 Author: Werner Koch Date: Fri Oct 7 16:25:34 2016 +0200 Add error code USER_ID_EXISTS, NAME_EXISTS, and DUP_NAME. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index f7e1af6..a646c7d 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,9 @@ Noteworthy changes in version 1.25 (unreleased) [C19/A19/R_) GPG_ERR_WINDOW_TOO_SMALL NEW. GPG_ERR_WINDOW_TOO_LARGE NEW. GPG_ERR_MISSING_ENVVAR NEW. + GPG_ERR_USER_ID_EXISTS NEW. + GPG_ERR_NAME_EXISTS NEW. + GPG_ERR_DUP_NAME NEW. Noteworthy changes in version 1.24 (2016-07-14) [C19/A19/R1) diff --git a/doc/errorref.txt b/doc/errorref.txt index b943c67..da5df23 100644 --- a/doc/errorref.txt +++ b/doc/errorref.txt @@ -798,7 +798,7 @@ GPG_ERR_INV_LOCK_OBJ Invalid lock object GPG_ERR_TRUE True - Used to retrun the boolena value True. Note that GPG_ERR_NO_ERROR + Used to return the boolean value True. Note that GPG_ERR_NO_ERROR (with the value 0) is also often used to indicate the value true. GPG_ERR_FALSE False @@ -844,6 +844,14 @@ GPG_ERR_MISSING_ENVVAR (303) Required environment variable not set Pinentry: - The size of the screen can't be determined. +GPG_ERR_USER_ID_EXISTS (304) User ID already exists + + GNUPG: - Existing user ID in --quick-gen-key. + +GPG_ERR_NAME_EXISTS (305) Name already exists +GPG_ERR_DUP_NAME (306) Duplicated name + + GPG_ERR_LDAP_GENERAL LDAP General error Catch all error for LDAP. Use if if can't map an erro rocde to an diff --git a/src/err-codes.h.in b/src/err-codes.h.in index dcbc0a3..1bf717d 100644 --- a/src/err-codes.h.in +++ b/src/err-codes.h.in @@ -323,7 +323,9 @@ 301 GPG_ERR_WINDOW_TOO_SMALL Screen or window too small 302 GPG_ERR_WINDOW_TOO_LARGE Screen or window too large 303 GPG_ERR_MISSING_ENVVAR Required environment variable not set - +304 GPG_ERR_USER_ID_EXISTS User ID already exists +305 GPG_ERR_NAME_EXISTS Name already exists +306 GPG_ERR_DUP_NAME Duplicated name # This range is free for use. # commit d6416fbd55256d8e693519cb548ad2cc7847898e Author: Werner Koch Date: Fri Oct 7 16:23:51 2016 +0200 syscfg: Add support for {i686,x86_64}-apple-darwin. -- Thanks to Chris Ballinger for the files. Signed-off-by: Werner Koch diff --git a/src/Makefile.am b/src/Makefile.am index 5623aff..c1e86a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -51,6 +51,7 @@ lock_obj_pub = \ syscfg/lock-obj-pub.armv5-unknown-linux-musleabi.h \ syscfg/lock-obj-pub.armv6-unknown-linux-musleabihf.h \ syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h \ + syscfg/lock-obj-pub.i386-apple-darwin.h \ syscfg/lock-obj-pub.i686-pc-gnu.h \ syscfg/lock-obj-pub.i686-pc-kfreebsd-gnu.h \ syscfg/lock-obj-pub.i686-pc-linux-gnu.h \ @@ -68,6 +69,7 @@ lock_obj_pub = \ syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h \ syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h \ syscfg/lock-obj-pub.sparc64-unknown-linux-gnu.h \ + syscfg/lock-obj-pub.x86_64-apple-darwin.h \ syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h \ syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h \ syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h \ diff --git a/src/syscfg/lock-obj-pub.i386-apple-darwin.h b/src/syscfg/lock-obj-pub.i386-apple-darwin.h new file mode 100644 index 0000000..a5963c4 --- /dev/null +++ b/src/syscfg/lock-obj-pub.i386-apple-darwin.h @@ -0,0 +1,26 @@ +## lock-obj-pub.i386-apple-darwin.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[44]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{167,171,170,50,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## diff --git a/src/syscfg/lock-obj-pub.x86_64-apple-darwin.h b/src/syscfg/lock-obj-pub.x86_64-apple-darwin.h new file mode 100644 index 0000000..eaf8689 --- /dev/null +++ b/src/syscfg/lock-obj-pub.x86_64-apple-darwin.h @@ -0,0 +1,28 @@ +## lock-obj-pub.x86_64-apple-darwin.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[64]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{167,171,170,50,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## ----------------------------------------------------------------------- Summary of changes: NEWS | 3 +++ doc/errorref.txt | 10 +++++++++- src/Makefile.am | 2 ++ src/err-codes.h.in | 4 +++- ...64-unknown-linux-gnu.h => lock-obj-pub.i386-apple-darwin.h} | 8 ++++---- ...rch64-apple-darwin.h => lock-obj-pub.x86_64-apple-darwin.h} | 2 +- 6 files changed, 22 insertions(+), 7 deletions(-) copy src/syscfg/{lock-obj-pub.aarch64-unknown-linux-gnu.h => lock-obj-pub.i386-apple-darwin.h} (72%) copy src/syscfg/{lock-obj-pub.aarch64-apple-darwin.h => lock-obj-pub.x86_64-apple-darwin.h} (92%) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Sat Oct 8 21:22:19 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 08 Oct 2016 21:22:19 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-34-g0ea2ff6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 0ea2ff67900c243fff9f689658dcb23d1c0961cd (commit) from 857592041b8355cd58a7068c9f2446cf8dc0968f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0ea2ff67900c243fff9f689658dcb23d1c0961cd Author: Werner Koch Date: Sat Oct 8 21:14:52 2016 +0200 core: New helper function gpgme_addrspec_from_uid. * src/gpgme.h.in: Add gpgme_addrspec_from_uid. * src/gpgme.def, src/libgpgme.vers: Ditto. * src/mbox-util.c (gpgme_addrspec_from_uid): New. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index b13c3a6..86e1d4f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ Noteworthy changes in version 1.7.1 (unreleased) [C26/A15/R_] ------------------------------------------------ + + * Interface changes relative to the 1.7.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gpgme_addrspec_from_uid NEW. + + Noteworthy changes in version 1.7.0 (2016-09-21) [C26/A15/R0] ------------------------------------------------ diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 6d6d692..cc59888 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -5109,6 +5109,23 @@ pointer, and @code{GPG_ERR_NO_DATA} if @var{cipher} does not contain any data to decrypt. @end deftypefun +When processing mails it is sometimes useful to extract the actual +mail address (the ``addr-spec'') from a string. GPGME provides this +helper function which uses the same semantics as the internal +functions in GPGME and GnuPG: + + at deftypefun @w{char *} gpgme_addrspec_from_uid (@w{const char *@var{uid}}) + +Return the mail address (called ``addr-spec'' in RFC-5322) from the +string @var{uid} which is assumed to be a user id (called ``address'' +in RFC-5322). All plain ASCII characters (i.e. those with bit 7 +cleared) in the result are converted to lowercase. Caller must free +the result using @code{gpgme_free}. Returns @code{NULL} if no valid +address was found (in which case @code{ERRNO} is set to @code{EINVAL}) +or for other errors. + + at end deftypefun + @node Sign @subsection Sign diff --git a/src/gpgme.def b/src/gpgme.def index 9815a83..c94c960 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -244,5 +244,7 @@ EXPORTS gpgme_op_interact_start @184 gpgme_op_interact @185 + gpgme_addrspec_from_uid @186 + ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 20654db..5c914ae 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -846,7 +846,7 @@ struct _gpgme_user_id /* The mail address (addr-spec from RFC5322) of the UID string. * This is general the same as the EMAIL part of this struct but - * might be slightly different. IF no mail address is available + * might be slightly different. If no mail address is available * NULL is stored. */ char *address; @@ -2471,6 +2471,10 @@ const char *gpgme_pubkey_algo_name (gpgme_pubkey_algo_t algo); algorithm ALGO, or NULL if that name is not known. */ const char *gpgme_hash_algo_name (gpgme_hash_algo_t algo); +/* Return the addr-spec from a user id. Caller must free the result + * with gpgme_free. */ +char *gpgme_addrspec_from_uid (const char *uid); + /* diff --git a/src/libgpgme.vers b/src/libgpgme.vers index aec9090..d3962db 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -117,6 +117,8 @@ GPGME_1.1 { gpgme_op_tofu_policy; gpgme_op_interact_start; gpgme_op_interact; + + gpgme_addrspec_from_uid; }; diff --git a/src/mbox-util.c b/src/mbox-util.c index 656b5d7..81e929b 100644 --- a/src/mbox-util.c +++ b/src/mbox-util.c @@ -255,3 +255,21 @@ _gpgme_mailbox_from_userid (const char *userid) /* return 1; */ /* } */ + + +/* + * Exported public API + */ + + +/* Return the mail address ("addr-spec" as per RFC-5322) from a string + * which is assumed to be an user id ("address" in RFC-5322). All + * plain ASCII characters (those with bit 7 cleared) in the result + * are converted to lowercase. Caller must free the result using + * gpgme_free. Returns NULL if no valid address was found (in which + * case ERRNO is set to EINVAL) or for other errors. */ +char * +gpgme_addrspec_from_uid (const char *uid) +{ + return _gpgme_mailbox_from_userid (uid); +} ----------------------------------------------------------------------- Summary of changes: NEWS | 6 ++++++ doc/gpgme.texi | 17 +++++++++++++++++ src/gpgme.def | 2 ++ src/gpgme.h.in | 6 +++++- src/libgpgme.vers | 2 ++ src/mbox-util.c | 18 ++++++++++++++++++ 6 files changed, 50 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Oct 10 12:27:40 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 10 Oct 2016 12:27:40 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-35-g098a2da Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 098a2da15b1b46b145add623dec0488abd39bd74 (commit) from 0ea2ff67900c243fff9f689658dcb23d1c0961cd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 098a2da15b1b46b145add623dec0488abd39bd74 Author: Andre Heinecke Date: Mon Oct 10 12:19:48 2016 +0200 core: Fix w32 crash in find_program_in_dir * src/w32-util.c (find_program_in_dir): Fix call to _gpgme_strconcat. -- This fixes a crash introduced by dc39552d0 because it tried to concat a strlen. diff --git a/src/w32-util.c b/src/w32-util.c index 9d42139..21de6dc 100644 --- a/src/w32-util.c +++ b/src/w32-util.c @@ -390,7 +390,7 @@ find_program_in_dir (const char *dir, const char *name) { char *result; - result = _gpgme_strconcat (dir, "\\", strlen (name), NULL); + result = _gpgme_strconcat (dir, "\\", name, NULL); if (!result) return NULL; ----------------------------------------------------------------------- Summary of changes: src/w32-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Oct 10 14:25:05 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 10 Oct 2016 14:25:05 +0200 Subject: [git] gnupg-doc - branch, master, updated. 683620c456f46d246ba218675f6a6977d3c620d6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 683620c456f46d246ba218675f6a6977d3c620d6 (commit) from f13388fd42405ea806e86c6f094074999831b360 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 683620c456f46d246ba218675f6a6977d3c620d6 Author: Justus Winter Date: Mon Oct 10 14:18:43 2016 +0200 misc: Use https, avoid mixed content on git.gnupg.org. GnuPG-bug-id: 2744 Signed-off-by: Justus Winter diff --git a/misc/git.gnupg.org/index.html b/misc/git.gnupg.org/index.html index 831c3d8..3e4fd23 100644 --- a/misc/git.gnupg.org/index.html +++ b/misc/git.gnupg.org/index.html @@ -118,12 +118,21 @@ Here is a list of shortcuts to often used repositories: For actual work you should clone a repository; use

+  git clone https://git.gnupg.org/foo.git
+

   git clone git://git.gnupg.org/foo.git

and replace foo by the name of the project (e.g. gnupg -or libgcrypt). +or libgcrypt). Many commits and all tags are signed using +GnuPG. To verify the signatures on a tag (e.g. gnupg-2.1.15) +do

+  git tag -v gnupg-2.1.15
+

@@ -135,8 +144,8 @@ Here is a list of projects now hosted on other servers:

gnupg-for-java is now at - http://github.com/smartrevolution/gnupg-for-java.

https://github.com/smartrevolution/gnupg-for-java

@@ -183,8 +192,8 @@ Here is a list of projects now hosted on other servers:

- - + @@ -193,13 +202,13 @@ Here is a list of projects now hosted on other servers: alt="Digital Respect for the Masses" height="40" width="69" /> - + - - +

----------------------------------------------------------------------- Summary of changes: misc/git.gnupg.org/index.html | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Oct 10 15:09:31 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 10 Oct 2016 15:09:31 +0200 Subject: [git] gnupg-doc - branch, master, updated. 6a6de7e95dcf0ef104134b7d47c8401e792f7895 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 6a6de7e95dcf0ef104134b7d47c8401e792f7895 (commit) from 683620c456f46d246ba218675f6a6977d3c620d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6a6de7e95dcf0ef104134b7d47c8401e792f7895 Author: Justus Winter Date: Mon Oct 10 15:08:47 2016 +0200 git.gnupg.org: Fix markup. Signed-off-by: Justus Winter diff --git a/misc/git.gnupg.org/index.html b/misc/git.gnupg.org/index.html index 3e4fd23..67c2198 100644 --- a/misc/git.gnupg.org/index.html +++ b/misc/git.gnupg.org/index.html @@ -97,13 +97,13 @@ Here is a list of shortcuts to often used repositories:

View the code of the GnuPG Made Easy library

- +

Libgcrypt

View the code of the Libgcrypt development version

- +

Gpg4win

View the code of the GpgOL, the Outlook plugin

For actual work you should clone a repository; use @@ -133,10 +134,6 @@ do

   git tag -v gnupg-2.1.15

- - -

Notes

----------------------------------------------------------------------- Summary of changes: misc/git.gnupg.org/index.html | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Oct 10 17:43:21 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 10 Oct 2016 17:43:21 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-39-ge7ceb83 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via e7ceb83a5969581f5e1b0b6a69d18a93b594f6d4 (commit) via b6b820bff14a9aa8fa67755b246c90062ffdba14 (commit) via 34e9dfee81958160f6604849b63369ae4de67417 (commit) via f131a5e72b0881cafcc3b0a91da8f050af2684a6 (commit) from 098a2da15b1b46b145add623dec0488abd39bd74 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e7ceb83a5969581f5e1b0b6a69d18a93b594f6d4 Author: Andre Heinecke Date: Mon Oct 10 17:42:10 2016 +0200 Add NEWS for cpp and qt, bump cpp version * NEWS: Add entries for cpp and qt changes. * configure.ac: Bump cpp version because of added API. diff --git a/NEWS b/NEWS index 86e1d4f..dff8e47 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,14 @@ Noteworthy changes in version 1.7.1 (unreleased) [C26/A15/R_] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_addrspec_from_uid NEW. + * qt Interface changes relative to the 1.7.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + WksPublishJob::startReceive NEW. + WksPublishJob::startRecieve REMOVED. + + * cpp Interface changes relative to the 1.7.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Signature::key(bool, bool) NEW. Noteworthy changes in version 1.7.0 (2016-09-21) [C26/A15/R0] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index bc4aad9..64f9385 100644 --- a/configure.ac +++ b/configure.ac @@ -62,7 +62,7 @@ LIBGPGME_LT_AGE=15 LIBGPGME_LT_REVISION=0 LIBGPGMEPP_LT_CURRENT=6 -LIBGPGMEPP_LT_AGE=0 +LIBGPGMEPP_LT_AGE=1 LIBGPGMEPP_LT_REVISION=2 LIBQGPGME_LT_CURRENT=7 commit b6b820bff14a9aa8fa67755b246c90062ffdba14 Author: Andre Heinecke Date: Mon Oct 10 17:38:43 2016 +0200 Add convenience function to get key from sig * lang/cpp/src/verificationresult.cpp (Signature::key(bool, bool)): New. Can be used to search / update the key associcated with this signature. -- By using update a caller can ensure that an incomplete key obtainable through the new key() function is fully loaded. With search the key can be looked up in the internal keyring. As the results are cached this can be done in the crypto thread and the result then better used in the UI thread. diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index a7b073e..23c458e 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -29,6 +29,7 @@ #include "result_p.h" #include "util.h" #include "key.h" +#include "context.h" #include @@ -121,6 +122,7 @@ public: std::vector keys; std::vector purls; std::string file_name; + Protocol proto; }; GpgME::VerificationResult::VerificationResult(gpgme_ctx_t ctx, int error) @@ -145,6 +147,10 @@ void GpgME::VerificationResult::init(gpgme_ctx_t ctx) return; } d.reset(new Private(res)); + gpgme_protocol_t proto = gpgme_get_protocol(ctx); + d->proto = proto == GPGME_PROTOCOL_OpenPGP ? OpenPGP : + proto == GPGME_PROTOCOL_CMS ? CMS : + UnknownProtocol; } make_standard_stuff(VerificationResult) @@ -386,6 +392,32 @@ GpgME::Key GpgME::Signature::key() const return d->keys[idx]; } +GpgME::Key GpgME::Signature::key(bool search, bool update) const +{ + if (isNull()) { + return Key(); + } + + GpgME::Key ret = key(); + if (ret.isNull() && search) { + auto ctx = Context::createForProtocol (d->proto); + if (ctx) { + ctx->setKeyListMode(KeyListMode::Local | + KeyListMode::Signatures | + KeyListMode::SignatureNotations | + KeyListMode::Validate | + KeyListMode::WithTofu); + Error e; + ret = d->keys[idx] = ctx->key(fingerprint(), e, false); + delete ctx; + } + } + if (update) { + ret.update(); + } + return ret; +} + class GpgME::Notation::Private { public: diff --git a/lang/cpp/src/verificationresult.h b/lang/cpp/src/verificationresult.h index 93288af..b6d1d8c 100644 --- a/lang/cpp/src/verificationresult.h +++ b/lang/cpp/src/verificationresult.h @@ -163,6 +163,27 @@ public: * set or the associated TOFU Information if applicable. */ GpgME::Key key() const; + /* Search / Update the key of this signature. + * + * Same as above but if search is set to true this will + * either update the key provided by the engine or search + * the key in the engine. The key is cached. + * + * As this involves an engine call it might take some time + * to finish so it should be avoided to do this in a UI + * thread. The result will be cached and no engine call + * will be done if update is set to false and a key is + * already cached. + * + * If no key was provided by the engine this will look + * up the key so this call might block while the engine + * is called to obtain the key. + * + * If both search and update are false this is the same + * as calling key() + */ + GpgME::Key key(bool search, bool update) const; + private: std::shared_ptr d; unsigned int idx; commit 34e9dfee81958160f6604849b63369ae4de67417 Author: Andre Heinecke Date: Mon Oct 10 17:36:41 2016 +0200 cpp: Return null key if the signature had no key * lang/cpp/src/verificationresult.cpp (Private): Add null key to list when there is no key associated with the signature. -- This fixes an out of bounds read when a verification did not have a key. diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index be33ca2..a7b073e 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -72,6 +72,8 @@ public: // copy keys if (scopy->key) { keys.push_back(Key(scopy->key, true)); + } else { + keys.push_back(Key()); } // copy notations: nota.push_back(std::vector()); commit f131a5e72b0881cafcc3b0a91da8f050af2684a6 Author: Andre Heinecke Date: Mon Oct 10 15:22:17 2016 +0200 qt: Add simple verify test * lang/qt/tests/t-verify.cpp: New. Small test if a signature returns a key with fingerprint. * lang/qt/tests/Makefile.am: Add new test. diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index 72ea324..ad08ad4 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -25,10 +25,10 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) EXTRA_DIST = initial.test TESTS = initial.test t-keylist t-keylocate t-ownertrust t-tofuinfo \ - t-encrypt + t-encrypt t-verify moc_files = t-keylist.moc t-keylocate.moc t-ownertrust.moc t-tofuinfo.moc \ - t-encrypt.moc t-support.hmoc t-wkspublish.moc + t-encrypt.moc t-support.hmoc t-wkspublish.moc t-verify.moc AM_LDFLAGS = -no-install @@ -56,6 +56,7 @@ t_ownertrust_SOURCES = t-ownertrust.cpp $(support_src) t_tofuinfo_SOURCES = t-tofuinfo.cpp $(support_src) t_encrypt_SOURCES = t-encrypt.cpp $(support_src) t_wkspublish_SOURCES = t-wkspublish.cpp $(support_src) +t_verify_SOURCES = t-verify.cpp $(support_src) run_keyformailboxjob_SOURCES = run-keyformailboxjob.cpp nodist_t_keylist_SOURCES = $(moc_files) @@ -63,7 +64,7 @@ nodist_t_keylist_SOURCES = $(moc_files) BUILT_SOURCES = $(moc_files) noinst_PROGRAMS = t-keylist t-keylocate t-ownertrust t-tofuinfo t-encrypt \ - run-keyformailboxjob t-wkspublish + run-keyformailboxjob t-wkspublish t-verify CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \ diff --git a/lang/qt/tests/t-verify.cpp b/lang/qt/tests/t-verify.cpp new file mode 100644 index 0000000..aedfc19 --- /dev/null +++ b/lang/qt/tests/t-verify.cpp @@ -0,0 +1,93 @@ +/* t-verifiy.cpp + + This file is part of qgpgme, the Qt API binding for gpgme + Copyright (c) 2016 Intevation GmbH + + QGpgME is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + QGpgME is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with any edition of + the Qt library by Trolltech AS, Norway (or with modified versions + of Qt that use the same license as Qt), and distribute linked + combinations including the two. You must obey the GNU General + Public License in all respects for all of the code used other than + Qt. If you modify this file, you may extend this exception to + your version of the file, but you are not obligated to do so. If + you do not wish to do so, delete this exception statement from + your version. +*/ +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include +#include + + +#include "protocol.h" + +#include "verifyopaquejob.h" +#include "verificationresult.h" +#include "key.h" +#include "t-support.h" + +using namespace QGpgME; +using namespace GpgME; + +static const char testMsg1[] = +"-----BEGIN PGP MESSAGE-----\n" +"\n" +"owGbwMvMwCSoW1RzPCOz3IRxjXQSR0lqcYleSUWJTZOvjVdpcYmCu1+oQmaJIleH\n" +"GwuDIBMDGysTSIqBi1MApi+nlGGuwDeHao53HBr+FoVGP3xX+kvuu9fCMJvl6IOf\n" +"y1kvP4y+8D5a11ang0udywsA\n" +"=Crq6\n" +"-----END PGP MESSAGE-----\n"; + + +class VerifyTest: public QGpgMETest +{ + Q_OBJECT + +private Q_SLOTS: + + /* Check that a signature always has a key. */ + void testSignatureKey() + { + const QByteArray signedData(testMsg1); + auto verifyJob = openpgp()->verifyOpaqueJob(true); + QByteArray verified; + + auto result = verifyJob->exec(signedData, verified); + Q_ASSERT(!result.error()); + delete verifyJob; + + Q_ASSERT(result.numSignatures() == 1); + auto sig = result.signatures()[0]; + + const auto key = sig.key(true, false); + Q_ASSERT(!key.isNull()); + + bool found = false; + for (const auto subkey: key.subkeys()) { + if (!strcmp (subkey.fingerprint(), sig.fingerprint())) { + found = true; + } + } + Q_ASSERT(found); + } +}; + +QTEST_MAIN(VerifyTest) +#include "t-verify.moc" ----------------------------------------------------------------------- Summary of changes: NEWS | 8 ++ configure.ac | 2 +- lang/cpp/src/verificationresult.cpp | 34 ++++++++ lang/cpp/src/verificationresult.h | 21 +++++ lang/qt/tests/Makefile.am | 7 +- .../qgpgmeverifyopaquejob.h => tests/t-verify.cpp} | 95 ++++++++++++---------- 6 files changed, 120 insertions(+), 47 deletions(-) copy lang/qt/{src/qgpgmeverifyopaquejob.h => tests/t-verify.cpp} (52%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 11 10:38:40 2016 From: cvs at cvs.gnupg.org (by Daiki Ueno) Date: Tue, 11 Oct 2016 10:38:40 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-33-ga383dde Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via a383ddeb76463ddcf5aca2fb38847ea3158c42a7 (commit) from 65d8e0ec19795d9ec60d7f37f1511f65135cfd84 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a383ddeb76463ddcf5aca2fb38847ea3158c42a7 Author: Daiki Ueno Date: Mon Oct 10 10:33:36 2016 +0200 core: Don't report error on setting option 'allow-emacs-pinentry'. Previously "OPTION allow-emacs-pinentry" returned an error if the Emacs pinentry is not compiled in. Since it is merely an option, it would make more sense to just return OK. Suggested-by: Werner Koch Signed-off-by: Daiki Ueno diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index e5cb806..3131b1e 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -910,8 +910,6 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) { #ifdef INSIDE_EMACS pinentry_enable_emacs_cmd_handler (); -#else - return gpg_error (GPG_ERR_NOT_SUPPORTED); #endif } else if (!strcmp (key, "invisible-char")) ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry.c | 2 -- 1 file changed, 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 11 14:14:57 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 11 Oct 2016 14:14:57 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-40-g54f94b1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 54f94b14e2bb9b38ffd89f509406bfbd012da632 (commit) from e7ceb83a5969581f5e1b0b6a69d18a93b594f6d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 54f94b14e2bb9b38ffd89f509406bfbd012da632 Author: Andre Heinecke Date: Tue Oct 11 14:13:15 2016 +0200 cpp: Add API for gpgme_addrspec_from_uid * lang/cpp/src/key.cpp (UserID::addrSpecFromString): New static function to expose addrspec from uid. (UserID::addrSpec): New. Get addrSpec from Userid. * NEWS: Update accordingly. diff --git a/NEWS b/NEWS index dff8e47..72f6f77 100644 --- a/NEWS +++ b/NEWS @@ -13,7 +13,9 @@ Noteworthy changes in version 1.7.1 (unreleased) [C26/A15/R_] * cpp Interface changes relative to the 1.7.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Signature::key(bool, bool) NEW. + Signature::key(bool, bool) NEW. + UserID::addrSpecFromString(const char*) NEW. + UserID::addrSpec() NEW. Noteworthy changes in version 1.7.0 (2016-09-21) [C26/A15/R0] ------------------------------------------------ diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 4531a2b..947405f 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -878,6 +878,22 @@ const char *UserID::Signature::policyURL() const return 0; } +std::string UserID::addrSpecFromString(const char *userid) +{ + if (!userid) { + return std::string(); + } + char *normalized = gpgme_addrspec_from_uid (userid); + std::string ret(normalized); + gpgme_free(normalized); + return ret; +} + +std::string UserID::addrSpec() const +{ + return addrSpecFromString(email()); +} + std::ostream &operator<<(std::ostream &os, const UserID &uid) { os << "GpgME::UserID("; diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index f193093..3f596a8 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -320,6 +320,21 @@ public: * @returns The TOFU stats or a null TofuInfo. */ GpgME::TofuInfo tofuInfo() const; + + /*! Wrapper around gpgme_addrspec_from_uid. + * + * The input string should match the format of + * a user id string. + * + * @returns a normalized mail address if found + * or an empty string. */ + static std::string addrSpecFromString(const char *uid); + + /*! Wrapper around gpgme_addrspec_from_uid. + * + * @returns a normalized mail address for this userid + * or an empty string. */ + std::string addrSpec() const; private: shared_gpgme_key_t key; gpgme_user_id_t uid; ----------------------------------------------------------------------- Summary of changes: NEWS | 4 +++- lang/cpp/src/key.cpp | 16 ++++++++++++++++ lang/cpp/src/key.h | 15 +++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 11 14:16:01 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 11 Oct 2016 14:16:01 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-77-gb4708d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via b4708d27c6a03dbcfb9eb5a29be15fff159be662 (commit) via 06369d42f7a4b486dd1023824d7584709d337f2a (commit) via 7bfc018dc713996e48c6db60cd78ce6490712720 (commit) via f8073ceb48e0dc0248165127dd731840d6a7b3b9 (commit) via d9d6454e9e8ac31c68e0dddcba14198e267ef686 (commit) via 30db9ee468bee6921c94c64033299eb84c6ab9da (commit) via 2eb057e3a033b34a20fd3c03115ece6938f75b0a (commit) via 1966b2b09940aa60f9f96553ef18860d4781d630 (commit) via ce29969cced4f9bd78061c27ed3b97e66ba9dc60 (commit) from a2240672cf62c7caea7b4d442f83d36b6c122ee7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b4708d27c6a03dbcfb9eb5a29be15fff159be662 Author: Andre Heinecke Date: Tue Oct 11 14:15:16 2016 +0200 Factor out is_valid check into own function * src/mail.cpp (is_valid_sig): New. Helper to check validity. diff --git a/src/mail.cpp b/src/mail.cpp index 5098347..4e33c06 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -845,42 +845,20 @@ Mail::close_inspector () return 0; } -void -Mail::update_categories () +static bool +is_valid_sig (const VerificationResult &result, const char *sender) { - const auto dec_result = m_parser->decrypt_result(); - const char *decCategory = _("GpgOL: Encrypted Message"); - const char *verifyCategory = _("GpgOL: Verified Sender"); - if (dec_result.numRecipients()) - { - /* We use the number of recipients as we don't care - if decryption was successful or not for this category */ - add_category (m_mailitem, decCategory); - } - else - { - /* As a small safeguard against fakes we remove our - categories */ - remove_category (m_mailitem, decCategory); - } - - const auto ver_result = m_parser->verify_result(); - const char *sender = get_sender(); - - if (ver_result.error() || !sender) + if (result.error() || !sender) { - remove_category (m_mailitem, verifyCategory); - return; + return false; } - - bool valid = false; - for (const auto sig: ver_result.signatures()) + for (const auto sig: result.signatures()) { if (sig.validity() != Signature::Validity::Marginal && sig.validity() != Signature::Validity::Full && sig.validity() != Signature::Validity::Ultimate) { - /* For our category we only care about full / ultimate. */ + /* For our category we only care about trusted sigs. */ continue; } Key k = sig.key(); @@ -891,24 +869,17 @@ Mail::update_categories () TRACEPOINT; continue; } - char *normalized_uid = gpgme_addrspec_from_uid (uid.email()); - char *normalized_sender = gpgme_addrspec_from_uid (sender); - - log_debug ("%s:%s: comparing '%s' and '%s'", - SRCNAME, __func__, normalized_uid, normalized_sender); + auto normalized_uid = uid.addrSpec(); + auto normalized_sender = UserID::addrSpecFromString(sender); - if (!normalized_sender || !normalized_uid) + if (normalized_sender.empty() || normalized_uid.empty()) { log_error ("%s:%s: normalizing '%s' or '%s' failed.", SRCNAME, __func__, uid.email(), sender); continue; } - int result = strcmp(normalized_uid, normalized_sender); - gpgme_free (normalized_sender); - gpgme_free (normalized_uid); - - if (!result) + if (normalized_sender == normalized_uid) { if (sig.validity() == Signature::Validity::Marginal) { @@ -926,12 +897,36 @@ Mail::update_categories () } log_debug ("%s:%s: Classified sender as verified", SRCNAME, __func__); - valid = true; - break; + return true; } } } - if (valid) + return false; +} + +void +Mail::update_categories () +{ + const auto dec_result = m_parser->decrypt_result(); + const char *decCategory = _("GpgOL: Encrypted Message"); + const char *verifyCategory = _("GpgOL: Verified Sender"); + if (dec_result.numRecipients()) + { + /* We use the number of recipients as we don't care + if decryption was successful or not for this category */ + add_category (m_mailitem, decCategory); + } + else + { + /* As a small safeguard against fakes we remove our + categories */ + remove_category (m_mailitem, decCategory); + } + + const auto ver_result = m_parser->verify_result(); + const char *sender = get_sender(); + + if (is_valid_sig (ver_result, sender)) { add_category (m_mailitem, verifyCategory); } commit 06369d42f7a4b486dd1023824d7584709d337f2a Author: Andre Heinecke Date: Tue Oct 11 13:47:58 2016 +0200 Fix crash when mail is deleted while parsing * src/windowmessages.cpp (gpgol_window_proc): Make safeguard actually work. diff --git a/src/windowmessages.cpp b/src/windowmessages.cpp index c1d7a18..db7b243 100644 --- a/src/windowmessages.cpp +++ b/src/windowmessages.cpp @@ -67,6 +67,7 @@ gpgol_window_proc (HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) { log_debug ("%s:%s: Parsing done for mail which is gone.", SRCNAME, __func__); + break; } mail->parsing_done(); } commit 7bfc018dc713996e48c6db60cd78ce6490712720 Author: Andre Heinecke Date: Tue Oct 11 13:37:05 2016 +0200 Add categories for crypto status and use them * src/gpgoladdin.cpp (OnStartupComplete): Create categories. * src/mail.cpp (Mail::update_categories): New. Set up categories based on trust. * src/mail.cpp (Mail::parsing_done): Update categories. * src/parsecontroller.cpp (ParseController::parse): Cache Signature keys in background thread. -- As we are already requiureing latest gpgme this also adds support for TOFU. A marginally trusted key with 10 or more signatures is shown as green. diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp index 58d2a58..21cf950 100644 --- a/src/gpgoladdin.cpp +++ b/src/gpgoladdin.cpp @@ -331,6 +331,12 @@ GpgolAddin::OnStartupComplete (SAFEARRAY** custom) SRCNAME, __func__); } + /* Set up categories */ + const char *decCategory = _("GpgOL: Encrypted Message"); + const char *verifyCategory = _("GpgOL: Verified Sender"); + ensure_category_exists (m_application, decCategory, 8); + ensure_category_exists (m_application, verifyCategory, 5); + if (m_application) { m_applicationEventSink = install_ApplicationEvents_sink(m_application); diff --git a/src/mail.cpp b/src/mail.cpp index c3016e8..5098347 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -33,10 +33,17 @@ #include "gpgolstr.h" #include "windowmessages.h" +#include +#include +#include +#include + #include #include #include +using namespace GpgME; + static std::map g_mail_map; #define COPYBUFSIZE (8 * 1024) @@ -525,6 +532,9 @@ void Mail::parsing_done() { m_needs_wipe = true; + /* Set categories according to the result. */ + update_categories(); + /* Update the body */ update_body(); @@ -834,3 +844,100 @@ Mail::close_inspector () } return 0; } + +void +Mail::update_categories () +{ + const auto dec_result = m_parser->decrypt_result(); + const char *decCategory = _("GpgOL: Encrypted Message"); + const char *verifyCategory = _("GpgOL: Verified Sender"); + if (dec_result.numRecipients()) + { + /* We use the number of recipients as we don't care + if decryption was successful or not for this category */ + add_category (m_mailitem, decCategory); + } + else + { + /* As a small safeguard against fakes we remove our + categories */ + remove_category (m_mailitem, decCategory); + } + + const auto ver_result = m_parser->verify_result(); + const char *sender = get_sender(); + + if (ver_result.error() || !sender) + { + remove_category (m_mailitem, verifyCategory); + return; + } + + bool valid = false; + for (const auto sig: ver_result.signatures()) + { + if (sig.validity() != Signature::Validity::Marginal && + sig.validity() != Signature::Validity::Full && + sig.validity() != Signature::Validity::Ultimate) + { + /* For our category we only care about full / ultimate. */ + continue; + } + Key k = sig.key(); + for (const auto uid: k.userIDs()) + { + if (!uid.email()) + { + TRACEPOINT; + continue; + } + char *normalized_uid = gpgme_addrspec_from_uid (uid.email()); + char *normalized_sender = gpgme_addrspec_from_uid (sender); + + log_debug ("%s:%s: comparing '%s' and '%s'", + SRCNAME, __func__, normalized_uid, normalized_sender); + + if (!normalized_sender || !normalized_uid) + { + log_error ("%s:%s: normalizing '%s' or '%s' failed.", + SRCNAME, __func__, uid.email(), sender); + continue; + } + + int result = strcmp(normalized_uid, normalized_sender); + gpgme_free (normalized_sender); + gpgme_free (normalized_uid); + + if (!result) + { + if (sig.validity() == Signature::Validity::Marginal) + { + const auto tofu = uid.tofuInfo(); + if (tofu.isNull() || + (tofu.validity() != TofuInfo::Validity::BasicHistory && + tofu.validity() != TofuInfo::Validity::LargeHistory)) + { + /* Marginal is not good enough without tofu. + We also wait for basic trust. */ + log_debug ("%s:%s: Discarding marginal signature.", + SRCNAME, __func__); + continue; + } + } + log_debug ("%s:%s: Classified sender as verified", + SRCNAME, __func__); + valid = true; + break; + } + } + } + if (valid) + { + add_category (m_mailitem, verifyCategory); + } + else + { + remove_category (m_mailitem, verifyCategory); + } + return; +} diff --git a/src/mail.h b/src/mail.h index af47f13..e76badd 100644 --- a/src/mail.h +++ b/src/mail.h @@ -195,6 +195,7 @@ public: */ void parsing_done (); private: + void update_categories (); void update_body (); LPDISPATCH m_mailitem; diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index 2235c30..cf4adab 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -26,6 +26,7 @@ #include #include +#include #include @@ -293,6 +294,13 @@ ParseController::parse() ss << m_decrypt_result << '\n' << m_verify_result; log_debug ("Decrypt / Verify result: %s", ss.str().c_str()); } + + /* Ensure that the Keys for the signatures are available */ + for (const auto sig: m_verify_result.signatures()) + { + sig.key(true, false); + } + return; } commit f8073ceb48e0dc0248165127dd731840d6a7b3b9 Author: Andre Heinecke Date: Tue Oct 11 13:36:06 2016 +0200 Add yet another way to lookup sender * src/mail.cpp (Mail::update_sender): Use SenderEmailAddress, too. diff --git a/src/mail.cpp b/src/mail.cpp index 8cf9af6..c3016e8 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -630,8 +630,25 @@ int Mail::update_sender () { LPDISPATCH sender = NULL; - sender = get_oom_object (m_mailitem, "SendUsingAccount"); + /* For some reason outlook my store the recipient address + in the send using account field. If we have SMTP we prefer + the SenderEmailAddress string. */ + char *type = get_oom_string (m_mailitem, "SenderEmailType"); + if (type && !strcmp ("SMTP", type)) + { + xfree (type); + char *senderMail = get_oom_string (m_mailitem, "SenderEmailAddress"); + if (senderMail) + { + xfree (m_sender); + m_sender = senderMail; + return 0; + } + } + xfree (type); + + sender = get_oom_object (m_mailitem, "SendUsingAccount"); xfree (m_sender); m_sender = NULL; commit d9d6454e9e8ac31c68e0dddcba14198e267ef686 Author: Andre Heinecke Date: Tue Oct 11 13:35:18 2016 +0200 Clarify that placeholder is used for verify, too * src/mail.cpp (Mail::decrypt_verify): Update string. diff --git a/src/mail.cpp b/src/mail.cpp index ceea551..8cf9af6 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -451,7 +451,7 @@ Mail::decrypt_verify() if (gpgrt_asprintf (&placeholder_buf, decrypt_template, is_smime() ? "S/MIME" : "OpenPGP", _("Encrypted message"), - _("Please wait while the message is being decrypted...")) == -1) + _("Please wait while the message is being decrypted / verified...")) == -1) { log_error ("%s:%s: Failed to format placeholder.", SRCNAME, __func__); commit 30db9ee468bee6921c94c64033299eb84c6ab9da Author: Andre Heinecke Date: Tue Oct 11 13:29:29 2016 +0200 Add safeground around parser start * src/mail.cpp (do_parsing): Safeguard against no parser. diff --git a/src/mail.cpp b/src/mail.cpp index dc5d21b..ceea551 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -414,11 +414,17 @@ add_attachments(LPDISPATCH mail, static DWORD WINAPI do_parsing (LPVOID arg) { - log_debug ("%s:%s: starting parsing for: %p", + log_debug ("%s:%s: starting the parser for: %p", SRCNAME, __func__, arg); Mail *mail = (Mail *)arg; auto parser = mail->parser(); + if (!parser) + { + log_error ("%s:%s: no parser found for mail: %p", + SRCNAME, __func__, arg); + return -1; + } parser->parse(); do_in_ui_thread (PARSING_DONE, arg); return 0; commit 2eb057e3a033b34a20fd3c03115ece6938f75b0a Author: Andre Heinecke Date: Tue Oct 11 13:28:48 2016 +0200 Free sender string on Mail deletion * src/mail.cpp (Mail::~Mail): Free sender. diff --git a/src/mail.cpp b/src/mail.cpp index e4984c0..dc5d21b 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -114,6 +114,7 @@ Mail::~Mail() g_mail_map.erase (it); } + xfree (m_sender); gpgol_release(m_mailitem); } commit 1966b2b09940aa60f9f96553ef18860d4781d630 Author: Andre Heinecke Date: Tue Oct 11 13:25:38 2016 +0200 Add category helpers to oomhelp * src/oomhelp.cpp (ensure_category_exists, create_category), (add_category, remove_category): New. * src/oomhelp.h: Update accordingly. diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp index 562582c..32c83f9 100644 --- a/src/oomhelp.cpp +++ b/src/oomhelp.cpp @@ -24,6 +24,7 @@ #include #include +#include #include "myexchext.h" #include "common.h" @@ -1295,3 +1296,219 @@ get_oom_mapi_session () } return session; } + +static int +create_category (LPDISPATCH categories, const char *category, int color) +{ + VARIANT cVariant[3]; + VARIANT rVariant; + DISPID dispid; + DISPPARAMS dispparams; + HRESULT hr; + EXCEPINFO execpinfo; + BSTR b_name; + wchar_t *w_name; + unsigned int argErr = 0; + + init_excepinfo (&execpinfo); + + if (!categories || !category) + { + TRACEPOINT; + return 1; + } + + dispid = lookup_oom_dispid (categories, "Add"); + if (dispid == DISPID_UNKNOWN) + { + log_error ("%s:%s: could not find Add DISPID", + SRCNAME, __func__); + return -1; + } + + /* Do the string dance */ + w_name = utf8_to_wchar (category); + b_name = SysAllocString (w_name); + xfree (w_name); + + /* Variants are in reverse order + ShortcutKey -> 0 / Int + Color -> 1 / Int + Name -> 2 / Bstr */ + VariantInit (&cVariant[2]); + cVariant[2].vt = VT_BSTR; + cVariant[2].bstrVal = b_name; + + VariantInit (&cVariant[1]); + cVariant[1].vt = VT_INT; + cVariant[1].intVal = color; + + VariantInit (&cVariant[0]); + cVariant[0].vt = VT_INT; + cVariant[0].intVal = 0; + + dispparams.cArgs = 3; + dispparams.cNamedArgs = 0; + dispparams.rgvarg = cVariant; + + hr = categories->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT, + DISPATCH_METHOD, &dispparams, + &rVariant, &execpinfo, &argErr); + SysFreeString (b_name); + VariantClear (&cVariant[0]); + VariantClear (&cVariant[1]); + VariantClear (&cVariant[2]); + if (hr != S_OK) + { + log_debug ("%s:%s: error: invoking Add p=%p vt=%d" + " hr=0x%x argErr=0x%x", + SRCNAME, __func__, + rVariant.pdispVal, rVariant.vt, (unsigned int)hr, + (unsigned int)argErr); + dump_excepinfo (execpinfo); + VariantClear (&rVariant); + return -1; + } + VariantClear (&rVariant); + log_debug ("%s:%s: Created category '%s'", + SRCNAME, __func__, category); + return 0; +} + +void +ensure_category_exists (LPDISPATCH application, const char *category, int color) +{ + if (!application || !category) + { + TRACEPOINT; + return; + } + + log_debug ("Ensure category exists called for %s, %i", category, color); + + LPDISPATCH stores = get_oom_object (application, "Session.Stores"); + if (!stores) + { + log_error ("%s:%s: No stores found.", + SRCNAME, __func__); + return; + } + auto store_count = get_oom_int (stores, "Count"); + + for (int n = 1; n <= store_count; n++) + { + const auto store_str = std::string("Item(") + std::to_string(n) + ")"; + LPDISPATCH store = get_oom_object (stores, store_str.c_str()); + + if (!store) + { + TRACEPOINT; + continue; + } + + LPDISPATCH categories = get_oom_object (store, "Categories"); + gpgol_release (store); + if (!categories) + { + TRACEPOINT; + continue; + } + + auto count = get_oom_int (categories, "Count"); + bool found = false; + for (int i = 1; i <= count && !found; i++) + { + const auto item_str = std::string("Item(") + std::to_string(i) + ")"; + LPDISPATCH category_obj = get_oom_object (categories, item_str.c_str()); + if (!category_obj) + { + TRACEPOINT; + break; + } + char *name = get_oom_string (category_obj, "Name"); + if (name && !strcmp (category, name)) + { + log_debug ("%s:%s: Found category '%s'", + SRCNAME, __func__, name); + found = true; + } + /* We don't check the color here as the user may change that. */ + gpgol_release (category_obj); + xfree (name); + } + + if (!found) + { + if (create_category (categories, category, color)) + { + log_debug ("%s:%s: Found category '%s'", + SRCNAME, __func__, category); + } + } + /* Otherwise we have to create the category */ + gpgol_release (categories); + } + gpgol_release (stores); +} + +int +add_category (LPDISPATCH mail, const char *category) +{ + char *tmp = get_oom_string (mail, "Categories"); + if (!tmp) + { + TRACEPOINT; + return 1; + } + + if (strstr (tmp, category)) + { + log_debug ("%s:%s: category '%s' already added.", + SRCNAME, __func__, category); + return 0; + } + + std::string newstr (tmp); + xfree (tmp); + if (!newstr.empty ()) + { + newstr += ", "; + } + newstr += category; + + return put_oom_string (mail, "Categories", newstr.c_str ()); +} + +int +remove_category (LPDISPATCH mail, const char *category) +{ + char *tmp = get_oom_string (mail, "Categories"); + if (!tmp) + { + TRACEPOINT; + return 1; + } + std::string newstr (tmp); + xfree (tmp); + std::string cat (category); + + size_t pos1 = newstr.find (cat); + size_t pos2 = newstr.find (std::string(", ") + cat); + if (pos1 == std::string::npos && pos2 == std::string::npos) + { + log_debug ("%s:%s: category '%s' not found.", + SRCNAME, __func__, category); + return 0; + } + + size_t len = cat.size(); + if (pos2) + { + len += 2; + } + newstr.erase (pos2 != std::string::npos ? pos2 : pos1, len); + log_debug ("%s:%s: removing category '%s'", + SRCNAME, __func__, category); + + return put_oom_string (mail, "Categories", newstr.c_str ()); +} diff --git a/src/oomhelp.h b/src/oomhelp.h index 0859d17..65a489f 100644 --- a/src/oomhelp.h +++ b/src/oomhelp.h @@ -233,6 +233,24 @@ invoke_oom_method (LPDISPATCH pDisp, const char *name, VARIANT *rVariant); LPMAPISESSION get_oom_mapi_session (void); +/* Ensure a category of the name name exists in + the session for the Mail mail. + + Creates the category with the specified color if required. + + returns 0 on success. */ +void +ensure_category_exists (LPDISPATCH mail, const char *category, int color); + +/* Add a category to a mail if it is not already added. */ +int +add_category (LPDISPATCH mail, const char *category); + +/* Remove a category from a mail if it was added. */ +int +remove_category (LPDISPATCH mail, const char *category); + + #ifdef __cplusplus } #endif commit ce29969cced4f9bd78061c27ed3b97e66ba9dc60 Author: Andre Heinecke Date: Tue Oct 11 13:19:33 2016 +0200 Define _FILE_OFFSET_BITS for gpgme data compat * src/Makefile.am (AM_CXXFLAGS): Add file offset bits. diff --git a/src/Makefile.am b/src/Makefile.am index 96207d8..8613260 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -34,7 +34,7 @@ EXEEXT = .dll AM_CFLAGS = $(GPGME_CFLAGS) $(LIBASSUAN_CFLAGS) -shared AM_CXXFLAGS = $(GPGME_CFLAGS) $(LIBASSUAN_CFLAGS) -shared -std=c++11 -AM_CXXFLAGS += $(GPGMEPP_CXXFLAGS) +AM_CXXFLAGS += $(GPGMEPP_CXXFLAGS) -D_FILE_OFFSET_BITS=64 gpgol_SOURCES = \ main.c gpgol.def \ ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 2 +- src/gpgoladdin.cpp | 6 ++ src/mail.cpp | 132 ++++++++++++++++++++++++++++- src/mail.h | 1 + src/oomhelp.cpp | 217 ++++++++++++++++++++++++++++++++++++++++++++++++ src/oomhelp.h | 18 ++++ src/parsecontroller.cpp | 8 ++ src/windowmessages.cpp | 1 + 8 files changed, 381 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 11 19:58:27 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 11 Oct 2016 19:58:27 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-43-g5f64018 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 5f64018af89e07dd0494775d6dfc82564536d6e0 (commit) via e5a35af5573651b96a90ef4a537b040333595472 (commit) via ce7385caabb57e5435695cc912acffe2815770b7 (commit) from 54f94b14e2bb9b38ffd89f509406bfbd012da632 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5f64018af89e07dd0494775d6dfc82564536d6e0 Author: Andre Heinecke Date: Tue Oct 11 19:57:35 2016 +0200 Mention Qt API fixes in news -- diff --git a/NEWS b/NEWS index 72f6f77..ebe2dd9 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,11 @@ Noteworthy changes in version 1.7.1 (unreleased) [C26/A15/R_] ------------------------------------------------ + * qt: Missed API from the Qt Binding inclusion has + been added again. + + * qt: abstractimportjob.h is now installed to that + ImportJobs can be used again. * Interface changes relative to the 1.7.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -10,6 +15,8 @@ Noteworthy changes in version 1.7.1 (unreleased) [C26/A15/R_] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ WksPublishJob::startReceive NEW. WksPublishJob::startRecieve REMOVED. + MultiDeleteJob NEW. + AbstractImportJob NEW. * cpp Interface changes relative to the 1.7.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ commit e5a35af5573651b96a90ef4a537b040333595472 Author: Daniel Vr?til Date: Tue Oct 11 19:32:54 2016 +0200 qt: Add missing implementation of MultiDeleteJob * lang/qt/src/multideletejob.h: Fix include, cryptobackend.h is now called protocol.h * lang/qt/src/multideletejob.cpp: New file. * lang/qt/src/Makefile.am: Add multideletejob.cpp. diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index df93a1d..e09e0d9 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -22,7 +22,7 @@ EXTRA_DIST = QGpgmeConfig.cmake.in.in QGpgmeConfigVersion.cmake.in \ gpgme_backend_debug.h qgpgme_version.h.in qgpgme_sources = \ - dataprovider.cpp job.cpp qgpgmeadduseridjob.cpp \ + dataprovider.cpp job.cpp multideletejob.cpp qgpgmeadduseridjob.cpp \ qgpgmebackend.cpp qgpgmechangeexpiryjob.cpp qgpgmechangeownertrustjob.cpp \ qgpgmechangepasswdjob.cpp qgpgmedecryptjob.cpp \ qgpgmedecryptverifyjob.cpp qgpgmedeletejob.cpp qgpgmedownloadjob.cpp \ @@ -76,6 +76,7 @@ qgpgme_headers= \ camelcase_headers= \ AddUserIDJob \ + AbstractImportJob \ ChangeExpiryJob \ ChangeOwnerTrustJob \ ChangePasswdJob \ diff --git a/lang/qt/src/multideletejob.cpp b/lang/qt/src/multideletejob.cpp new file mode 100644 index 0000000..67f2a78 --- /dev/null +++ b/lang/qt/src/multideletejob.cpp @@ -0,0 +1,117 @@ +/* + multideletejob.cpp + + This file is part of qgpgme, the Qt API binding for gpgme + Copyright (c) 2004 Klar?lvdalens Datakonsult AB + + QGpgME is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + QGpgME is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with any edition of + the Qt library by Trolltech AS, Norway (or with modified versions + of Qt that use the same license as Qt), and distribute linked + combinations including the two. You must obey the GNU General + Public License in all respects for all of the code used other than + Qt. If you modify this file, you may extend this exception to + your version of the file, but you are not obligated to do so. If + you do not wish to do so, delete this exception statement from + your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include "multideletejob.h" +#include "protocol.h" +#include "deletejob.h" + +#include +#include +#include + +#include + +#include + +QGpgME::MultiDeleteJob::MultiDeleteJob(const Protocol *protocol) + : Job(0), + mProtocol(protocol), + mJob(0) +{ + assert(protocol); +} + +QGpgME::MultiDeleteJob::~MultiDeleteJob() +{ + +} + +GpgME::Error QGpgME::MultiDeleteJob::start(const std::vector &keys, bool allowSecretKeyDeletion) +{ + mKeys = keys; + mAllowSecretKeyDeletion = allowSecretKeyDeletion; + mIt = mKeys.begin(); + + const GpgME::Error err = startAJob(); + + if (err) { + deleteLater(); + } + return err; +} + +void QGpgME::MultiDeleteJob::slotCancel() +{ + if (mJob) { + mJob->slotCancel(); + } + mIt = mKeys.end(); +} + +void QGpgME::MultiDeleteJob::slotResult(const GpgME::Error &err) +{ + mJob = 0; + GpgME::Error error = err; + if (error || // error in last op + mIt == mKeys.end() || // (shouldn't happen) + ++mIt == mKeys.end() || // was the last key + (error = startAJob())) { // error starting the job for the new key + Q_EMIT done(); + Q_EMIT result(error, error && mIt != mKeys.end() ? *mIt : GpgME::Key::null); + deleteLater(); + return; + } + + const int current = mIt - mKeys.begin(); + const int total = mKeys.size(); + Q_EMIT progress(QStringLiteral("%1/%2").arg(current).arg(total), current, total); +} + +GpgME::Error QGpgME::MultiDeleteJob::startAJob() +{ + if (mIt == mKeys.end()) { + return GpgME::Error(0); + } + mJob = mProtocol->deleteJob(); + assert(mJob); // FIXME: we need a way to generate errors ourselves, + // but I don't like the dependency on gpg-error :/ + + connect(mJob.data(), &DeleteJob::result, this, &MultiDeleteJob::slotResult); + + return mJob->start(*mIt, mAllowSecretKeyDeletion); +} + +#include "multideletejob.moc" diff --git a/lang/qt/src/multideletejob.h b/lang/qt/src/multideletejob.h index 8915cd1..8e9eb14 100644 --- a/lang/qt/src/multideletejob.h +++ b/lang/qt/src/multideletejob.h @@ -36,7 +36,7 @@ #include "qgpgme_export.h" #include "job.h" -#include "cryptobackend.h" +#include "protocol.h" #include commit ce7385caabb57e5435695cc912acffe2815770b7 Author: Daniel Vr?til Date: Tue Oct 11 19:32:08 2016 +0200 qt: Install abstractimportjob.h * lang/cpp/src/Makefile.am: Install abstractimportjob.h since it's included from importjob.h -- Fixes build when someone inclues importjob.h in their code. diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index 96b77b4..df93a1d 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -39,6 +39,7 @@ qgpgme_sources = \ # If you add one here make sure that you also add one in camelcase qgpgme_headers= \ + abstractimportjob.h \ adduseridjob.h \ changeexpiryjob.h \ changeownertrustjob.h \ @@ -109,7 +110,6 @@ camelcase_headers= \ private_qgpgme_headers = \ qgpgme_export.h \ - abstractimportjob.h \ protocol_p.h \ qgpgmeadduseridjob.h \ qgpgmebackend.h \ ----------------------------------------------------------------------- Summary of changes: NEWS | 7 +++ lang/qt/src/Makefile.am | 5 +- lang/qt/src/multideletejob.cpp | 117 +++++++++++++++++++++++++++++++++++++++++ lang/qt/src/multideletejob.h | 2 +- 4 files changed, 128 insertions(+), 3 deletions(-) create mode 100644 lang/qt/src/multideletejob.cpp hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 12 10:40:06 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 12 Oct 2016 10:40:06 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-79-gfb3c90c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via fb3c90c8852edf41ac97ef3e821228dc4a54bafe (commit) via 4d3b317569e3637692f7f925064cccf31d6671f9 (commit) from b4708d27c6a03dbcfb9eb5a29be15fff159be662 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb3c90c8852edf41ac97ef3e821228dc4a54bafe Author: Andre Heinecke Date: Wed Oct 12 10:37:47 2016 +0200 tests: Add two more multipart-signed tests * tests/data/openpgp-signed-no-attach-gpgol.mbox, tests/data/openpgp-signed-no-attach-gpgol.plain, tests/data/openpgp-signed-two-attachments.mbox, tests/data/openpgp-signed-two-attachments.plain: New. * tests/t-parser.cpp: Use them. -- The attachment test includes inline attachments. The gpgol test adds a message like it is seen by gpgol (Without headers) diff --git a/tests/data/openpgp-signed-no-attach-gpgol.mbox b/tests/data/openpgp-signed-no-attach-gpgol.mbox new file mode 100644 index 0000000..8e022f0 --- /dev/null +++ b/tests/data/openpgp-signed-no-attach-gpgol.mbox @@ -0,0 +1,32 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="nextPart1693035.rOZRFYHO8F"; micalg="pgp-sha256"; protocol="application/pgp-signature" + +--nextPart1693035.rOZRFYHO8F +Content-Transfer-Encoding: quoted-printable +Content-Type: text/plain; charset="iso-8859-1" + +Hallo Welt! +=2D-=20 +Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ +Intevation GmbH, Neuer Graben 17, 49074 Osnabr=FCck | AG Osnabr=FCck, H= +R B 18998 +Gesch=E4ftsf=FChrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wa= +gner +--nextPart1693035.rOZRFYHO8F +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: This is a digitally signed message part. +Content-Transfer-Encoding: 7Bit + +-----BEGIN PGP SIGNATURE----- + +iQEcBAABCAAGBQJX49NGAAoJEI2YYMWPJG3mYDsH/3DuwYTTYSxYdk3WecCn2TPx +UzzUB332tVE5SLzZcvH426jFwQ2qt7/f8kWjmr5+GCOenM6Nzz1FbC4K3ARuF4c3 +fZDlFegpsRg735uV8vjEEwQVkipyYMHeUJJ6d5O4FxF8q0dfkjNM53EC3cLiuKF7 +P4AjRZBycPyMf7XBaaU0zfMQkC+UkiBXMrcITQoPSSgbadlxLEc4oJIdD8zZDFVx +q2I8RFoKzVpHMn/OjBfXi94JVz7wCTa4wGG/emxoamRvqMp2S5SWPNps79/Trvzv +64F+3UalXGBfDybyUYgGb0wLtXnbFux03GJoY20NMjsMRBBKYfqMQbh0m8VZSI4= +=UY6M +-----END PGP SIGNATURE----- + +--nextPart1693035.rOZRFYHO8F-- + diff --git a/tests/data/openpgp-signed-no-attach-gpgol.plain b/tests/data/openpgp-signed-no-attach-gpgol.plain new file mode 100644 index 0000000..aba8dba --- /dev/null +++ b/tests/data/openpgp-signed-no-attach-gpgol.plain @@ -0,0 +1,5 @@ +Hallo Welt! +-- +Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ +Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 +Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner \ No newline at end of file diff --git a/tests/data/openpgp-signed-two-attachments.mbox b/tests/data/openpgp-signed-two-attachments.mbox new file mode 100644 index 0000000..462f62a --- /dev/null +++ b/tests/data/openpgp-signed-two-attachments.mbox @@ -0,0 +1,54 @@ +From: firstname.lastname at example.com +To: test at kolab.org +Subject: OpenPGP signed with 2 text attachments +Date: Sun, 30 Aug 2015 12:02:56 +0200 +Message-ID: <2033829.IGepAdxqt9 at vkpc5> +X-KMail-Identity: 402312391 +X-KMail-Dictionary: en_US +User-Agent: KMail/5.0.42 pre (Linux/3.16.6-2-desktop; KDE/5.14.0; x86_64; ; ) +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="nextPart3682207.KLrp2sxpbf"; micalg="pgp-sha1"; protocol="application/pgp-signature" + +--nextPart3682207.KLrp2sxpbf +Content-Type: multipart/mixed; boundary="nextPart2397422.QDHKUNdbyg" +Content-Transfer-Encoding: 7Bit + +This is a multi-part message in MIME format. + +--nextPart2397422.QDHKUNdbyg +Content-Transfer-Encoding: 7Bit +Content-Type: text/plain; charset="us-ascii" + +this is the main body text +--nextPart2397422.QDHKUNdbyg +Content-Disposition: inline; filename="attachment1.txt" +Content-Transfer-Encoding: 7Bit +Content-Type: text/plain; charset="utf-8"; name="attachment1.txt" + +this is attachment one +--nextPart2397422.QDHKUNdbyg +Content-Disposition: inline; filename="attachment2.txt" +Content-Transfer-Encoding: 7Bit +Content-Type: text/plain; charset="utf-8"; name="attachment2.txt" + +this is attachment two +--nextPart2397422.QDHKUNdbyg-- + +--nextPart3682207.KLrp2sxpbf +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: This is a digitally signed message part. +Content-Transfer-Encoding: 7Bit + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQEVAwUAVeLU0I2YYMWPJG3mAQL/fgf+LXmO7bKafdd4g5OOVHHyXRprVmX/6hBq +mZoor29KLIHkvAH9OJi4qBy/ZKwqqKLfttLzHb2UaAfl5kn4f0ckmnwUhU7u32Sm +JZ0Q50SxrRVFRyvTvPG22ho9IwQUO1YSZrL4wO9v8ZBQ3vkfpmAiUQVxPQMINc8L +i68xQEm4y1Dtoc+DTUkoIMeOOPnEl6PTMPrwn906K0r30hI4788fEGRn6uOXb+vD +G/ISlXu+JHIxxf/J5/jVjKNbra+trrfSPzB3piJIjBLEPO5FvLx8SgQFJcJHt/kw +ps8D5YULj/MVMLlsPtXDdZmbOi/G9pN0tr05MKcXsO5Ywe7n2BhASw== +=2Nzb +-----END PGP SIGNATURE----- + +--nextPart3682207.KLrp2sxpbf-- diff --git a/tests/data/openpgp-signed-two-attachments.plain b/tests/data/openpgp-signed-two-attachments.plain new file mode 100644 index 0000000..6c3403f --- /dev/null +++ b/tests/data/openpgp-signed-two-attachments.plain @@ -0,0 +1 @@ +this is the main body text diff --git a/tests/t-parser.cpp b/tests/t-parser.cpp index bc68c5e..0c06636 100644 --- a/tests/t-parser.cpp +++ b/tests/t-parser.cpp @@ -50,6 +50,18 @@ struct NULL, 0, "iso-8859-1"}, + { DATADIR "/openpgp-signed-no-attach-gpgol.mbox", + MSGTYPE_GPGOL_MULTIPART_SIGNED, + DATADIR "/openpgp-signed-no-attach-gpgol.plain", + NULL, + 0, + "iso-8859-1"}, + { DATADIR "/openpgp-signed-two-attachments.mbox", + MSGTYPE_GPGOL_MULTIPART_SIGNED, + DATADIR "/openpgp-signed-two-attachments.plain", + NULL, + 2, + "us-ascii"}, { DATADIR "/openpgp-encrypted+signed.mbox", MSGTYPE_GPGOL_MULTIPART_ENCRYPTED, DATADIR "/openpgp-encrypted+signed.plain", commit 4d3b317569e3637692f7f925064cccf31d6671f9 Author: Andre Heinecke Date: Wed Oct 12 10:35:50 2016 +0200 Change behavior of inline attachments * src/mimedataprovider.cpp (t2body): Treat inline attachments as attachments. -- The old parser added inline attachments to the body. Outlook by default shows inline attachments just as attachments. I also think this is better then just adding them in the body. diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp index a4aea43..e5dbe8f 100644 --- a/src/mimedataprovider.cpp +++ b/src/mimedataprovider.cpp @@ -158,7 +158,11 @@ is_cms_signed_data (const char *buffer, size_t length) /* Process the transition to body event. This means we have received the empty line indicating the body and - should now check the headers to see what to do about this part. */ + should now check the headers to see what to do about this part. + + This is mostly a C style function because it was based on the old + c mimeparser. +*/ static int t2body (MimeDataProvider *provider, rfc822parse_t msg) { @@ -169,7 +173,7 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) size_t off; char *p; int is_text = 0; - int not_inline_text = 0; + int is_text_attachment = 0; char *filename = NULL; char *charset = NULL; @@ -197,8 +201,21 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) if (s) filename = rfc2047_parse (s); s = rfc822parse_query_parameter (field, NULL, 1); - if (s && strcmp (s, "inline")) - not_inline_text = 1; + + /* This is a bit of a taste matter how to treat inline + attachments. Outlook does not show them inline so we + should not put it in the body either as we have + no way to show that it was actually an attachment. + For something like an inline patch it is better + to add it as an attachment instead of just putting + it in the body. + + The handling in the old parser was: + + if (s && strcmp (s, "inline")) + not_inline_text = 1; + */ + is_text_attachment = 1; rfc822parse_release_field (field); } @@ -325,16 +342,16 @@ t2body (MimeDataProvider *provider, rfc822parse_t msg) ctx->in_data = 1; log_mime_parser ("%s:%s: this body: nesting=%d partno=%d is_text=%d" - " charset=\"%s\"\n body_seen=%d not_inline_text=%d", + " charset=\"%s\"\n body_seen=%d is_text_attachment=%d", SRCNAME, __func__, ctx->nesting_level, ctx->part_counter, is_text, ctx->mimestruct_cur->charset?ctx->mimestruct_cur->charset:"", - ctx->body_seen, not_inline_text); + ctx->body_seen, is_text_attachment); /* If this is a text part, decide whether we treat it as one of our bodies. */ - if ((is_text && !not_inline_text)) + if ((is_text && !is_text_attachment)) { if (is_text == 2) { ----------------------------------------------------------------------- Summary of changes: src/mimedataprovider.cpp | 31 ++++++++++--- ...ch.mbox => openpgp-signed-no-attach-gpgol.mbox} | 9 ---- ....plain => openpgp-signed-no-attach-gpgol.plain} | 0 tests/data/openpgp-signed-two-attachments.mbox | 54 ++++++++++++++++++++++ tests/data/openpgp-signed-two-attachments.plain | 1 + tests/t-parser.cpp | 12 +++++ 6 files changed, 91 insertions(+), 16 deletions(-) copy tests/data/{openpgp-signed-no-attach.mbox => openpgp-signed-no-attach-gpgol.mbox} (75%) copy tests/data/{openpgp-signed-no-attach.plain => openpgp-signed-no-attach-gpgol.plain} (100%) create mode 100644 tests/data/openpgp-signed-two-attachments.mbox create mode 100644 tests/data/openpgp-signed-two-attachments.plain hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 12 21:17:23 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 12 Oct 2016 21:17:23 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-10-gbfd732f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via bfd732f53a9b5dfe14217a68a0fa289bf6913ec0 (commit) via 27747921cb1dfced83c5666cd1c474764724c52b (commit) from 5418d9ca4c0e087fd6872ad350a996fe74880d86 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bfd732f53a9b5dfe14217a68a0fa289bf6913ec0 Author: Jussi Kivilinna Date: Sun Oct 9 12:53:48 2016 +0300 GCM: Add bulk processing for ARMv8/AArch64 implementation * cipher/cipher-gcm-armv8-aarch64-ce.S: Add 6 blocks bulk processing. -- Benchmark on Cortex-A53 (1152 Mhz): Before: | nanosecs/byte mebibytes/sec cycles/byte GMAC_AES | 1.30 ns/B 731.6 MiB/s 1.50 c/B After (1.49x faster): | nanosecs/byte mebibytes/sec cycles/byte GMAC_AES | 0.873 ns/B 1092.1 MiB/s 1.01 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-gcm-armv8-aarch64-ce.S b/cipher/cipher-gcm-armv8-aarch64-ce.S index 51d67b7..4830b61 100644 --- a/cipher/cipher-gcm-armv8-aarch64-ce.S +++ b/cipher/cipher-gcm-armv8-aarch64-ce.S @@ -43,14 +43,37 @@ gcry_gcm_reduction_constant: /* Register macros */ #define rhash v0 -#define rbuf v1 -#define rh0 v2 -#define rr0 v3 -#define rr1 v4 -#define rrconst v5 -#define vT0 v16 -#define vT1 v17 -#define vZZ v18 +#define rr0 v1 +#define rr1 v2 +#define rbuf v3 +#define rbuf1 v4 +#define rbuf2 v5 +#define rbuf3 v6 +#define rbuf4 v7 +#define rbuf5 v8 +#define rr2 v9 +#define rr3 v10 +#define rr4 v11 +#define rr5 v12 +#define rr6 v13 +#define rr7 v14 +#define rr8 v15 +#define rr9 v16 + +#define rrconst v18 +#define rh1 v19 +#define rh2 v20 +#define rh3 v21 +#define rh4 v22 +#define rh5 v23 +#define rh6 v24 +#define t0 v25 +#define t1 v26 +#define t2 v27 +#define t3 v28 +#define t4 v29 +#define t5 v30 +#define vZZ v31 /* GHASH macros */ @@ -59,38 +82,90 @@ gcry_gcm_reduction_constant: */ /* Input: 'a' and 'b', Output: 'r0:r1' (low 128-bits in r0, high in r1) */ -#define PMUL_128x128(r0, r1, a, b, interleave_op) \ - ext vT0.16b, b.16b, b.16b, #8; \ +#define PMUL_128x128(r0, r1, a, b, T0, T1, interleave_op) \ + ext T0.16b, b.16b, b.16b, #8; \ pmull r0.1q, a.1d, b.1d; \ pmull2 r1.1q, a.2d, b.2d; \ - pmull vT1.1q, a.1d, vT0.1d; \ - pmull2 vT0.1q, a.2d, vT0.2d; \ - interleave_op(); \ - eor vT0.16b, vT0.16b, vT1.16b; \ - ext vT1.16b, vZZ.16b, vT0.16b, #8; \ - ext vT0.16b, vT0.16b, vZZ.16b, #8; \ - eor r0.16b, r0.16b, vT1.16b; \ - eor r1.16b, r1.16b, vT0.16b; + pmull T1.1q, a.1d, T0.1d; \ + pmull2 T0.1q, a.2d, T0.2d; \ + interleave_op; \ + eor T0.16b, T0.16b, T1.16b; \ + ext T1.16b, vZZ.16b, T0.16b, #8; \ + ext T0.16b, T0.16b, vZZ.16b, #8; \ + eor r0.16b, r0.16b, T1.16b; \ + eor r1.16b, r1.16b, T0.16b; + +/* Input: 'aA' and 'bA', Output: 'r0A:r1A' (low 128-bits in r0A, high in r1A) + * Input: 'aB' and 'bB', Output: 'r0B:r1B' (low 128-bits in r0B, high in r1B) + * Input: 'aC' and 'bC', Output: 'r0C:r1C' (low 128-bits in r0C, high in r1C) + */ +#define PMUL_128x128_3(r0A, r1A, aA, bA, t0A, t1A, \ + r0B, r1B, aB, bB, t0B, t1B, \ + r0C, r1C, aC, bC, t0C, t1C, interleave_op) \ + ext t0A.16b, bA.16b, bA.16b, #8; \ + pmull r0A.1q, aA.1d, bA.1d; \ + pmull2 r1A.1q, aA.2d, bA.2d; \ + ext t0B.16b, bB.16b, bB.16b, #8; \ + pmull r0B.1q, aB.1d, bB.1d; \ + pmull2 r1B.1q, aB.2d, bB.2d; \ + ext t0C.16b, bC.16b, bC.16b, #8; \ + pmull r0C.1q, aC.1d, bC.1d; \ + pmull2 r1C.1q, aC.2d, bC.2d; \ + pmull t1A.1q, aA.1d, t0A.1d; \ + pmull2 t0A.1q, aA.2d, t0A.2d; \ + pmull t1B.1q, aB.1d, t0B.1d; \ + pmull2 t0B.1q, aB.2d, t0B.2d; \ + pmull t1C.1q, aC.1d, t0C.1d; \ + pmull2 t0C.1q, aC.2d, t0C.2d; \ + eor t0A.16b, t0A.16b, t1A.16b; \ + eor t0B.16b, t0B.16b, t1B.16b; \ + eor t0C.16b, t0C.16b, t1C.16b; \ + interleave_op; \ + ext t1A.16b, vZZ.16b, t0A.16b, #8; \ + ext t0A.16b, t0A.16b, vZZ.16b, #8; \ + ext t1B.16b, vZZ.16b, t0B.16b, #8; \ + ext t0B.16b, t0B.16b, vZZ.16b, #8; \ + ext t1C.16b, vZZ.16b, t0C.16b, #8; \ + ext t0C.16b, t0C.16b, vZZ.16b, #8; \ + eor r0A.16b, r0A.16b, t1A.16b; \ + eor r1A.16b, r1A.16b, t0A.16b; \ + eor r0B.16b, r0B.16b, t1B.16b; \ + eor r1B.16b, r1B.16b, t0B.16b; \ + eor r0C.16b, r0C.16b, t1C.16b; \ + eor r1C.16b, r1C.16b, t0C.16b; \ /* Input: 'r0:r1', Output: 'a' */ -#define REDUCTION(a, r0, r1, rconst, interleave_op) \ - pmull2 vT0.1q, r1.2d, rconst.2d; \ - interleave_op(); \ - ext vT1.16b, vT0.16b, vZZ.16b, #8; \ - ext vT0.16b, vZZ.16b, vT0.16b, #8; \ - eor r1.16b, r1.16b, vT1.16b; \ - eor r0.16b, r0.16b, vT0.16b; \ - pmull vT0.1q, r1.1d, rconst.1d; \ - eor a.16b, r0.16b, vT0.16b; - -#define _(...) /*_*/ -#define ld1_rbuf() ld1 {rbuf.16b}, [x2], #16; -#define rbit_rbuf() rbit rbuf.16b, rbuf.16b; +#define REDUCTION(a, r0, r1, rconst, T0, T1, interleave_op1, interleave_op2, \ + interleave_op3) \ + pmull2 T0.1q, r1.2d, rconst.2d; \ + interleave_op1; \ + ext T1.16b, T0.16b, vZZ.16b, #8; \ + ext T0.16b, vZZ.16b, T0.16b, #8; \ + interleave_op2; \ + eor r1.16b, r1.16b, T1.16b; \ + eor r0.16b, r0.16b, T0.16b; \ + pmull T0.1q, r1.1d, rconst.1d; \ + interleave_op3; \ + eor a.16b, r0.16b, T0.16b; /* Other functional macros */ +#define _(...) __VA_ARGS__ +#define __ _() + #define CLEAR_REG(reg) eor reg.16b, reg.16b, reg.16b; +#define VPUSH_ABI \ + stp d8, d9, [sp, #-16]!; \ + stp d10, d11, [sp, #-16]!; \ + stp d12, d13, [sp, #-16]!; \ + stp d14, d15, [sp, #-16]!; + +#define VPOP_ABI \ + ldp d14, d15, [sp], #16; \ + ldp d12, d13, [sp], #16; \ + ldp d10, d11, [sp], #16; \ + ldp d8, d9, [sp], #16; /* * unsigned int _gcry_ghash_armv8_ce_pmull (void *gcm_key, byte *result, @@ -112,16 +187,145 @@ _gcry_ghash_armv8_ce_pmull: GET_DATA_POINTER(x5, .Lrconst) - sub x3, x3, #1 - eor vZZ.16b, vZZ.16b, vZZ.16b ld1 {rhash.16b}, [x1] - ld1 {rh0.16b}, [x0] + ld1 {rh1.16b}, [x0] rbit rhash.16b, rhash.16b /* bit-swap */ ld1r {rrconst.2d}, [x5] + cmp x3, #6 + b.lo .Less_than_6 + + add x6, x4, #64 + VPUSH_ABI + + ld1 {rh2.16b-rh5.16b}, [x4] + ld1 {rh6.16b}, [x6] + + sub x3, x3, #6 + + ld1 {rbuf.16b-rbuf2.16b}, [x2], #(3*16) + ld1 {rbuf3.16b-rbuf5.16b}, [x2], #(3*16) + + rbit rbuf.16b, rbuf.16b /* bit-swap */ + rbit rbuf1.16b, rbuf1.16b /* bit-swap */ + rbit rbuf2.16b, rbuf2.16b /* bit-swap */ + rbit rbuf3.16b, rbuf3.16b /* bit-swap */ + rbit rbuf4.16b, rbuf4.16b /* bit-swap */ + rbit rbuf5.16b, rbuf5.16b /* bit-swap */ + eor rhash.16b, rhash.16b, rbuf.16b + + cmp x3, #6 + b.lo .Lend_6 + +.Loop_6: + + /* (in1) * H? => rr0:rr1 */ + /* (in2) * H? => rr2:rr3 */ + /* (in0 ^ hash) * H? => rr4:rr5 */ + PMUL_128x128_3(rr0, rr1, rbuf1, rh5, t0, t1, + rr2, rr3, rbuf2, rh4, t2, t3, + rr4, rr5, rhash, rh6, t4, t5, + _(sub x3, x3, #6)) + + ld1 {rbuf.16b-rbuf2.16b}, [x2], #(3*16) + cmp x3, #6 + + eor rr0.16b, rr0.16b, rr2.16b + eor rr1.16b, rr1.16b, rr3.16b + + /* (in3) * H? => rr2:rr3 */ + /* (in4) * H? => rr6:rr7 */ + /* (in5) * H? => rr8:rr9 */ + PMUL_128x128_3(rr2, rr3, rbuf3, rh3, t0, t1, + rr6, rr7, rbuf4, rh2, t2, t3, + rr8, rr9, rbuf5, rh1, t4, t5, + _(eor rr0.16b, rr0.16b, rr4.16b; + eor rr1.16b, rr1.16b, rr5.16b)) + + eor rr0.16b, rr0.16b, rr2.16b + eor rr1.16b, rr1.16b, rr3.16b + rbit rbuf.16b, rbuf.16b + eor rr0.16b, rr0.16b, rr6.16b + eor rr1.16b, rr1.16b, rr7.16b + rbit rbuf1.16b, rbuf1.16b + eor rr0.16b, rr0.16b, rr8.16b + eor rr1.16b, rr1.16b, rr9.16b + ld1 {rbuf3.16b-rbuf5.16b}, [x2], #(3*16) + + REDUCTION(rhash, rr0, rr1, rrconst, t0, t1, + _(rbit rbuf2.16b, rbuf2.16b), + _(rbit rbuf3.16b, rbuf3.16b), + _(rbit rbuf4.16b, rbuf4.16b)) + + rbit rbuf5.16b, rbuf5.16b + eor rhash.16b, rhash.16b, rbuf.16b + + b.hs .Loop_6 + +.Lend_6: + + /* (in1) * H? => rr0:rr1 */ + /* (in0 ^ hash) * H? => rr2:rr3 */ + /* (in2) * H? => rr4:rr5 */ + PMUL_128x128_3(rr0, rr1, rbuf1, rh5, t0, t1, + rr2, rr3, rhash, rh6, t2, t3, + rr4, rr5, rbuf2, rh4, t4, t5, + __) + eor rr0.16b, rr0.16b, rr2.16b + eor rr1.16b, rr1.16b, rr3.16b + eor rr0.16b, rr0.16b, rr4.16b + eor rr1.16b, rr1.16b, rr5.16b + + /* (in3) * H? => rhash:rbuf */ + /* (in4) * H? => rr6:rr7 */ + /* (in5) * H? => rr8:rr9 */ + PMUL_128x128_3(rhash, rbuf, rbuf3, rh3, t0, t1, + rr6, rr7, rbuf4, rh2, t2, t3, + rr8, rr9, rbuf5, rh1, t4, t5, + _(CLEAR_REG(rh4); + CLEAR_REG(rh5); + CLEAR_REG(rh6))) + eor rr0.16b, rr0.16b, rhash.16b + eor rr1.16b, rr1.16b, rbuf.16b + eor rr0.16b, rr0.16b, rr6.16b + eor rr1.16b, rr1.16b, rr7.16b + eor rr0.16b, rr0.16b, rr8.16b + eor rr1.16b, rr1.16b, rr9.16b + + REDUCTION(rhash, rr0, rr1, rrconst, t0, t1, + _(CLEAR_REG(rh2); + CLEAR_REG(rh3); + CLEAR_REG(rr2); + CLEAR_REG(rbuf2); + CLEAR_REG(rbuf3)), + _(CLEAR_REG(rr3); + CLEAR_REG(rr4); + CLEAR_REG(rr5); + CLEAR_REG(rr6); + CLEAR_REG(rr7)), + _(CLEAR_REG(rr8); + CLEAR_REG(rr9); + CLEAR_REG(rbuf1); + CLEAR_REG(rbuf2))) + + CLEAR_REG(rbuf4) + CLEAR_REG(rbuf5) + CLEAR_REG(t2) + CLEAR_REG(t3) + CLEAR_REG(t4) + CLEAR_REG(t5) + + VPOP_ABI + + cbz x3, .Ldone + +.Less_than_6: + /* Handle remaining blocks. */ + ld1 {rbuf.16b}, [x2], #16 + sub x3, x3, #1 rbit rbuf.16b, rbuf.16b /* bit-swap */ @@ -130,24 +334,25 @@ _gcry_ghash_armv8_ce_pmull: cbz x3, .Lend .Loop: - PMUL_128x128(rr0, rr1, rh0, rhash, ld1_rbuf) - sub x3, x3, #1 - REDUCTION(rhash, rr0, rr1, rrconst, rbit_rbuf) + PMUL_128x128(rr0, rr1, rh1, rhash, t0, t1, _(ld1 {rbuf.16b}, [x2], #16)) + REDUCTION(rhash, rr0, rr1, rrconst, t0, t1, + _(sub x3, x3, #1), + _(rbit rbuf.16b, rbuf.16b), + __) eor rhash.16b, rhash.16b, rbuf.16b cbnz x3, .Loop .Lend: - PMUL_128x128(rr0, rr1, rh0, rhash, _) - REDUCTION(rhash, rr0, rr1, rrconst, _) + PMUL_128x128(rr0, rr1, rh1, rhash, t0, t1, _(CLEAR_REG(rbuf))) + REDUCTION(rhash, rr0, rr1, rrconst, t0, t1, __, _(CLEAR_REG(rh1)), __) +.Ldone: CLEAR_REG(rr1) CLEAR_REG(rr0) rbit rhash.16b, rhash.16b /* bit-swap */ - CLEAR_REG(rbuf) - CLEAR_REG(vT0) - CLEAR_REG(vT1) - CLEAR_REG(rh0) + CLEAR_REG(t0) + CLEAR_REG(t1) st1 {rhash.2d}, [x1] CLEAR_REG(rhash) @@ -170,9 +375,37 @@ _gcry_ghash_setup_armv8_ce_pmull: * x1: gcm_table */ - ld1 {vT0.16b}, [x0] - rbit vT0.16b, vT0.16b - st1 {vT0.16b}, [x0] + GET_DATA_POINTER(x2, .Lrconst) + + /* H? */ + ld1 {rh1.16b}, [x0] + rbit rh1.16b, rh1.16b + st1 {rh1.16b}, [x0] + + ld1r {rrconst.2d}, [x2] + + /* H? */ + PMUL_128x128(rr0, rr1, rh1, rh1, t0, t1, __) + REDUCTION(rh2, rr0, rr1, rrconst, t0, t1, __, __, __) + + /* H? */ + PMUL_128x128(rr0, rr1, rh2, rh1, t0, t1, __) + REDUCTION(rh3, rr0, rr1, rrconst, t0, t1, __, __, __) + + /* H? */ + PMUL_128x128(rr0, rr1, rh2, rh2, t0, t1, __) + REDUCTION(rh4, rr0, rr1, rrconst, t0, t1, __, __, __) + + /* H? */ + PMUL_128x128(rr0, rr1, rh2, rh3, t0, t1, __) + REDUCTION(rh5, rr0, rr1, rrconst, t0, t1, __, __, __) + + /* H? */ + PMUL_128x128(rr0, rr1, rh3, rh3, t0, t1, __) + REDUCTION(rh6, rr0, rr1, rrconst, t0, t1, __, __, __) + + st1 {rh2.16b-rh4.16b}, [x1], #(3*16) + st1 {rh5.16b-rh6.16b}, [x1] ret .size _gcry_ghash_setup_armv8_ce_pmull,.-_gcry_ghash_setup_armv8_ce_pmull; commit 27747921cb1dfced83c5666cd1c474764724c52b Author: Jussi Kivilinna Date: Sun Oct 9 12:52:55 2016 +0300 GCM: Add bulk processing for ARMv8/AArch32 implementation * cipher/cipher-gcm-armv8-aarch32-ce.S: Add 4 blocks bulk processing. * tests/basic.c (check_digests): Print correct data length for "?" tests. (check_one_mac): Add large 1000000 bytes tests, when input is "!" or "?". (check_mac): Add "?" tests vectors for HMAC, CMAC, GMAC and POLY1305. -- Benchmark on Cortex-A53 (1152 Mhz): Before: | nanosecs/byte mebibytes/sec cycles/byte GMAC_AES | 0.924 ns/B 1032.2 MiB/s 1.06 c/B After (1.21x faster): | nanosecs/byte mebibytes/sec cycles/byte GMAC_AES | 0.764 ns/B 1248.2 MiB/s 0.880 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-gcm-armv8-aarch32-ce.S b/cipher/cipher-gcm-armv8-aarch32-ce.S index b879fb2..b61a787 100644 --- a/cipher/cipher-gcm-armv8-aarch32-ce.S +++ b/cipher/cipher-gcm-armv8-aarch32-ce.S @@ -57,69 +57,125 @@ gcry_gcm_reduction_constant: #define rhash_l d0 #define rhash_h d1 -#define rbuf q1 -#define rbuf_l d2 -#define rbuf_h d3 +#define rh1 q1 +#define rh1_l d2 +#define rh1_h d3 -#define rh0 q2 -#define rh0_l d4 -#define rh0_h d5 +#define rbuf q2 +#define rbuf_l d4 +#define rbuf_h d5 -#define rt0 q3 -#define rt0_l d6 -#define rt0_h d7 +#define rbuf1 q3 +#define rbuf1_l d6 +#define rbuf1_h d7 -#define rr0 q8 -#define rr0_l d16 -#define rr0_h d17 +#define rbuf2 q4 +#define rbuf2_l d8 +#define rbuf2_h d9 -#define rr1 q9 -#define rr1_l d18 -#define rr1_h d19 +#define rbuf3 q5 +#define rbuf3_l d10 +#define rbuf3_h d11 + +#define rh2 q6 +#define rh2_l d12 +#define rh2_h d13 + +#define rh3 q7 +#define rh3_l d14 +#define rh3_h d15 + +#define rh4 q8 +#define rh4_l d16 +#define rh4_h d17 + +#define rr2 q9 +#define rr2_l d18 +#define rr2_h d19 + +#define rr3 q10 +#define rr3_l d20 +#define rr3_h d21 + +#define rr0 q11 +#define rr0_l d22 +#define rr0_h d23 + +#define rr1 q12 +#define rr1_l d24 +#define rr1_h d25 + +#define rt0 q13 +#define rt0_l d26 +#define rt0_h d27 + +#define rt1 q14 +#define rt1_l d28 +#define rt1_h d29 #define rrconst q15 #define rrconst_l d30 #define rrconst_h d31 -#define ia rbuf_h -#define ib rbuf_l -#define oa rh0_l -#define ob rh0_h -#define co rrconst_l -#define ma rrconst_h - /* GHASH macros */ /* See "Gouv?a, C. P. L. & L?pez, J. Implementing GCM on ARMv8. Topics in * Cryptology ? CT-RSA 2015" for details. */ -/* Input: 'a' and 'b', Output: 'r0:r1' (low 128-bits in r0, high in r1) */ +/* Input: 'a' and 'b', Output: 'r0:r1' (low 128-bits in r0, high in r1) + * Note: 'r1' may be 'a' or 'b', 'r0' must not be either 'a' or 'b'. + */ #define PMUL_128x128(r0, r1, a, b, t, interleave_op) \ veor t##_h, b##_l, b##_h; \ veor t##_l, a##_l, a##_h; \ vmull.p64 r0, a##_l, b##_l; \ vmull.p64 r1, a##_h, b##_h; \ vmull.p64 t, t##_h, t##_l; \ - interleave_op(); \ + interleave_op; \ veor t, r0; \ veor t, r1; \ veor r0##_h, t##_l; \ veor r1##_l, t##_h; +/* Input: 'aA' and 'bA', Output: 'r0A:r1A' (low 128-bits in r0A, high in r1A) + * Note: 'r1A' may be 'aA' or 'bA', 'r0A' must not be either 'aA' or 'bA'. + * Input: 'aB' and 'bB', Output: 'r0B:r1B' (low 128-bits in r0B, high in r1B) + * Note: 'r1B' may be 'aB' or 'bB', 'r0B' must not be either 'aB' or 'bB'. + */ +#define PMUL_128x128_2(r0A, r1A, aA, bA, r0B, r1B, aB, bB, tA, tB, interleave_op) \ + veor tA##_h, bA##_l, bA##_h; \ + veor tA##_l, aA##_l, aA##_h; \ + veor tB##_h, bB##_l, bB##_h; \ + veor tB##_l, aB##_l, aB##_h; \ + vmull.p64 r0A, aA##_l, bA##_l; \ + vmull.p64 r1A, aA##_h, bA##_h; \ + vmull.p64 tA, tA##_h, tA##_l; \ + vmull.p64 r0B, aB##_l, bB##_l; \ + vmull.p64 r1B, aB##_h, bB##_h; \ + vmull.p64 tB, tB##_h, tB##_l; \ + interleave_op; \ + veor tA, r0A; \ + veor tA, r1A; \ + veor tB, r0B; \ + veor tB, r1B; \ + veor r0A##_h, tA##_l; \ + veor r1A##_l, tA##_h; \ + veor r0B##_h, tB##_l; \ + veor r1B##_l, tB##_h; \ + /* Input: 'r0:r1', Output: 'a' */ #define REDUCTION(a, r0, r1, rconst, t, interleave_op) \ vmull.p64 t, r0##_l, rconst; \ veor r0##_h, t##_l; \ veor r1##_l, t##_h; \ - interleave_op(); \ + interleave_op; \ vmull.p64 t, r0##_h, rconst; \ veor r1, t; \ veor a, r0, r1; -#define _(...) /*_*/ -#define vrev_rbuf() vrev64.8 rbuf, rbuf; -#define vext_rbuf() vext.8 rbuf, rbuf, rbuf, #8; +#define _(...) __VA_ARGS__ +#define __ _() /* Other functional macros */ @@ -142,22 +198,128 @@ _gcry_ghash_armv8_ce_pmull: * r3: nblocks * %st+0: gcm_table */ - push {r4, lr} + push {r4-r6, lr} cmp r3, #0 beq .Ldo_nothing - GET_DATA_POINTER(lr, .Lrconst64, r4) + GET_DATA_POINTER(r4, .Lrconst64, lr) - subs r3, r3, #1 vld1.64 {rhash}, [r1] - vld1.64 {rh0}, [r0] + vld1.64 {rh1}, [r0] vrev64.8 rhash, rhash /* byte-swap */ - vld1.64 {rrconst_h}, [lr] + vld1.64 {rrconst_h}, [r4] vext.8 rhash, rhash, rhash, #8 + cmp r3, #4 + blo .Less_than_4 + + /* Bulk processing of 4 blocks per loop iteration. */ + + ldr r5, [sp, #(4*4)]; + add r6, r5, #32 + + vpush {q4-q7} + + vld1.64 {rh2-rh3}, [r5] + vld1.64 {rh4}, [r6] + + vld1.64 {rbuf-rbuf1}, [r2]! + sub r3, r3, #4 + vld1.64 {rbuf2-rbuf3}, [r2]! + + cmp r3, #4 + vrev64.8 rbuf, rbuf /* byte-swap */ + vrev64.8 rbuf1, rbuf1 /* byte-swap */ + vrev64.8 rbuf2, rbuf2 /* byte-swap */ + vrev64.8 rbuf3, rbuf3 /* byte-swap */ + + vext.8 rbuf, rbuf, rbuf, #8 + vext.8 rbuf1, rbuf1, rbuf1, #8 + vext.8 rbuf2, rbuf2, rbuf2, #8 + vext.8 rbuf3, rbuf3, rbuf3, #8 + veor rhash, rhash, rbuf /* in0 ^ hash */ + + blo .Lend_4 + +.Loop_4: + /* (in0 ^ hash) * H? => rr2:rr3 */ + /* (in1) * H? => rr0:rr1 */ + PMUL_128x128_2(rr0, rr1, rbuf1, rh3, rr2, rr3, rhash, rh4, rt1, rt0, __) + + vld1.64 {rbuf-rbuf1}, [r2]! + sub r3, r3, #4 + veor rr0, rr0, rr2 + veor rr1, rr1, rr3 + + /* (in2) * H? => rr2:rr3 */ + /* (in3) * H? => rhash:rbuf3 */ + PMUL_128x128_2(rr2, rr3, rbuf2, rh2, rhash, rbuf3, rbuf3, rh1, rt0, rt1, + _(vrev64.8 rbuf, rbuf)) + + vld1.64 {rbuf2}, [r2]! + + vrev64.8 rbuf1, rbuf1 + veor rr0, rr0, rr2 + veor rr1, rr1, rr3 + + cmp r3, #4 + vext.8 rbuf, rbuf, rbuf, #8 + vext.8 rbuf1, rbuf1, rbuf1, #8 + + veor rr0, rr0, rhash + veor rr1, rr1, rbuf3 + + vld1.64 {rbuf3}, [r2]! + + REDUCTION(rhash, rr0, rr1, rrconst_h, rt1, + _(vrev64.8 rbuf2, rbuf2; + vrev64.8 rbuf3, rbuf3)) + + vext.8 rbuf2, rbuf2, rbuf2, #8 + vext.8 rbuf3, rbuf3, rbuf3, #8 + veor rhash, rhash, rbuf /* in0 ^ hash */ + + bhs .Loop_4 + +.Lend_4: + /* (in0 ^ hash) * H? => rr2:rr3 */ + /* (in1) * H? => rr0:rr1 */ + PMUL_128x128_2(rr0, rr1, rbuf1, rh3, rr2, rr3, rhash, rh4, rt1, rt0, __) + + /* (in2) * H? => rhash:rbuf */ + /* (in3) * H? => rbuf1:rbuf2 */ + PMUL_128x128_2(rhash, rbuf, rbuf2, rh2, rbuf1, rbuf2, rbuf3, rh1, rt0, rt1, + _(veor rr0, rr0, rr2; + veor rr1, rr1, rr3)) + + veor rr0, rr0, rhash + veor rr1, rr1, rbuf + + veor rr0, rr0, rbuf1 + veor rr1, rr1, rbuf2 + + REDUCTION(rhash, rr0, rr1, rrconst_h, rt1, + _(CLEAR_REG(rr2); + CLEAR_REG(rr3); + CLEAR_REG(rbuf1); + CLEAR_REG(rbuf2); + CLEAR_REG(rbuf3); + CLEAR_REG(rh2); + CLEAR_REG(rh3); + CLEAR_REG(rh4))) + + vpop {q4-q7} + + cmp r3, #0 + beq .Ldone + +.Less_than_4: + /* Handle remaining blocks. */ + vld1.64 {rbuf}, [r2]! + subs r3, r3, #1 vrev64.8 rbuf, rbuf /* byte-swap */ vext.8 rbuf, rbuf, rbuf, #8 @@ -169,30 +331,29 @@ _gcry_ghash_armv8_ce_pmull: .Loop: vld1.64 {rbuf}, [r2]! subs r3, r3, #1 - PMUL_128x128(rr0, rr1, rh0, rhash, rt0, vrev_rbuf) - REDUCTION(rhash, rr0, rr1, rrconst_h, rt0, vext_rbuf) + PMUL_128x128(rr0, rr1, rhash, rh1, rt0, _(vrev64.8 rbuf, rbuf)) + REDUCTION(rhash, rr0, rr1, rrconst_h, rt0, _(vext.8 rbuf, rbuf, rbuf, #8)) veor rhash, rhash, rbuf bne .Loop .Lend: - PMUL_128x128(rr0, rr1, rh0, rhash, rt0, _) - REDUCTION(rhash, rr0, rr1, rrconst_h, rt0, _) + PMUL_128x128(rr0, rr1, rhash, rh1, rt0, _(CLEAR_REG(rbuf))) + REDUCTION(rhash, rr0, rr1, rrconst_h, rt0, _(CLEAR_REG(rh1))) +.Ldone: CLEAR_REG(rr1) - CLEAR_REG(rr0) vrev64.8 rhash, rhash /* byte-swap */ - CLEAR_REG(rbuf) CLEAR_REG(rt0) + CLEAR_REG(rr0) vext.8 rhash, rhash, rhash, #8 - CLEAR_REG(rh0) - + CLEAR_REG(rt1) vst1.64 {rhash}, [r1] CLEAR_REG(rhash) .Ldo_nothing: mov r0, #0 - pop {r4, pc} + pop {r4-r6, pc} .size _gcry_ghash_armv8_ce_pmull,.-_gcry_ghash_armv8_ce_pmull; @@ -208,28 +369,64 @@ _gcry_ghash_setup_armv8_ce_pmull: * r1: gcm_table */ - push {r4, lr} + vpush {q4-q7} - GET_DATA_POINTER(r4, .Lrconst64, lr) + GET_DATA_POINTER(r2, .Lrconst64, r3) + + vld1.64 {rrconst_h}, [r2] + +#define GCM_LSH_1(r_out, ia, ib, const_d, oa, ob, ma) \ + /* H <<< 1 */ \ + vshr.s64 ma, ib, #63; \ + vshr.u64 oa, ib, #63; \ + vshr.u64 ob, ia, #63; \ + vand ma, const_d; \ + vshl.u64 ib, ib, #1; \ + vshl.u64 ia, ia, #1; \ + vorr ob, ib; \ + vorr oa, ia; \ + veor ob, ma; \ + vst1.64 {oa, ob}, [r_out] + + vld1.64 {rhash}, [r0] + vrev64.8 rhash, rhash /* byte-swap */ + vext.8 rhash, rhash, rhash, #8 + + vmov rbuf1, rhash + GCM_LSH_1(r0, rhash_l, rhash_h, rrconst_h, rh1_l, rh1_h, rt1_l) /* H<<<1 */ - /* H <<< 1 */ - vld1.64 {ib,ia}, [r0] - vld1.64 {co}, [r4] - vrev64.8 ib, ib; - vrev64.8 ia, ia; - vshr.s64 ma, ib, #63 - vshr.u64 oa, ib, #63 - vshr.u64 ob, ia, #63 - vand ma, co - vshl.u64 ib, ib, #1 - vshl.u64 ia, ia, #1 - vorr ob, ib - vorr oa, ia - veor ob, ma - - vst1.64 {oa, ob}, [r0] - - pop {r4, pc} + /* H? */ + PMUL_128x128(rr0, rr1, rbuf1, rh1, rt0, __) + REDUCTION(rh2, rr0, rr1, rrconst_h, rt0, __) + vmov rhash, rh2 + GCM_LSH_1(r1, rh2_l, rh2_h, rrconst_h, rbuf1_l, rbuf1_h, rt1_l) /* H?<<<1 */ + add r1, r1, #16 + + /* H? */ + PMUL_128x128(rr0, rr1, rhash, rh1, rt1, __) + REDUCTION(rh3, rr0, rr1, rrconst_h, rt1, __) + + /* H? */ + PMUL_128x128(rr0, rr1, rhash, rbuf1, rt0, __) + REDUCTION(rh4, rr0, rr1, rrconst_h, rt0, __) + + GCM_LSH_1(r1, rh3_l, rh3_h, rrconst_h, rt0_l, rt0_h, rt1_l) /* H?<<<1 */ + add r1, r1, #16 + GCM_LSH_1(r1, rh4_l, rh4_h, rrconst_h, rt0_l, rt0_h, rt1_l) /* H?<<<1 */ + + CLEAR_REG(rt0) + CLEAR_REG(rt1) + CLEAR_REG(rr1) + CLEAR_REG(rr0) + CLEAR_REG(rh1) + CLEAR_REG(rh2) + CLEAR_REG(rh3) + CLEAR_REG(rh4) + CLEAR_REG(rhash) + CLEAR_REG(rbuf1) + CLEAR_REG(rrconst) + vpop {q4-q7} + bx lr .size _gcry_ghash_setup_armv8_ce_pmull,.-_gcry_ghash_setup_armv8_ce_pmull; #endif diff --git a/tests/basic.c b/tests/basic.c index 96fb4cb..e5a325b 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -6902,7 +6902,7 @@ check_digests (void) fprintf (stderr, " checking %s [%i] for length %d\n", gcry_md_algo_name (algos[i].md), algos[i].md, - !strcmp (algos[i].data, "!")? + (!strcmp (algos[i].data, "!") || !strcmp (algos[i].data, "?"))? 1000000 : (int)strlen(algos[i].data)); check_one_md (algos[i].md, algos[i].data, @@ -7359,6 +7359,15 @@ check_one_mac (int algo, const char *data, int datalen, int i; gcry_error_t err = 0; + if (test_buffering) + { + if ((*data == '!' && !data[1]) || + (*data == '?' && !data[1])) + { + return; /* Skip. */ + } + } + err = gcry_mac_open (&hd, algo, 0, NULL); if (err) { @@ -7416,7 +7425,60 @@ check_one_mac (int algo, const char *data, int datalen, } else { - err = gcry_mac_write (hd, data, datalen); + if ((*data == '!' && !data[1]) || /* hash one million times a "a" */ + (*data == '?' && !data[1])) /* hash million byte data-set with byte pattern 0x00,0x01,0x02,... */ + { + char aaa[1000]; + size_t left = 1000 * 1000; + size_t startlen = 1; + size_t piecelen = startlen; + + if (*data == '!') + memset (aaa, 'a', 1000); + + /* Write in chuck with all sizes 1 to 1000 (500500 bytes) */ + for (i = 1; i <= 1000 && left > 0; i++) + { + piecelen = i; + if (piecelen > sizeof(aaa)) + piecelen = sizeof(aaa); + if (piecelen > left) + piecelen = left; + + if (*data == '?') + fillbuf_count(aaa, piecelen, 1000 * 1000 - left); + + gcry_mac_write (hd, aaa, piecelen); + + left -= piecelen; + } + + /* Write in odd size chunks so that we test the buffering. */ + while (left > 0) + { + if (piecelen > sizeof(aaa)) + piecelen = sizeof(aaa); + if (piecelen > left) + piecelen = left; + + if (*data == '?') + fillbuf_count(aaa, piecelen, 1000 * 1000 - left); + + gcry_mac_write (hd, aaa, piecelen); + + left -= piecelen; + + if (piecelen == sizeof(aaa)) + piecelen = ++startlen; + else + piecelen = piecelen * 2 - ((piecelen != startlen) ? startlen : 0); + } + } + else + { + err = gcry_mac_write (hd, data, datalen); + } + if (err) fail("algo %d, mac gcry_mac_write failed: %s\n", algo, gpg_strerror (err)); if (err) @@ -7426,8 +7488,6 @@ check_one_mac (int algo, const char *data, int datalen, err = gcry_mac_verify (hd, expect, maclen); if (err) fail("algo %d, mac gcry_mac_verify failed: %s\n", algo, gpg_strerror (err)); - if (err) - goto out; macoutlen = maclen; err = gcry_mac_read (hd, p, &macoutlen); @@ -7511,6 +7571,8 @@ check_mac (void) "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa", "\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e", }, + { GCRY_MAC_HMAC_MD5, "?", "????????????????", + "\x7e\x28\xf8\x8e\xf4\x6c\x48\x30\xa2\x0c\xe3\xe1\x42\xd4\xb5\x6b" }, { GCRY_MAC_HMAC_SHA256, "what do ya want for nothing?", "Jefe", "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7\x5a" "\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43" }, @@ -7564,6 +7626,9 @@ check_mac (void) "\xaa\xaa\xaa", "\x9b\x09\xff\xa7\x1b\x94\x2f\xcb\x27\x63\x5f\xbc\xd5\xb0\xe9\x44" "\xbf\xdc\x63\x64\x4f\x07\x13\x93\x8a\x7f\x51\x53\x5c\x3a\x35\xe2" }, + { GCRY_MAC_HMAC_SHA256, "?", "????????????????", + "\x1c\x0e\x57\xad\x4a\x02\xd2\x30\xce\x7e\xf8\x08\x23\x25\x71\x5e" + "\x16\x9b\x30\xca\xc3\xf4\x99\xc5\x1d\x4c\x25\x32\xa9\xf2\x15\x28" }, { GCRY_MAC_HMAC_SHA224, "what do ya want for nothing?", "Jefe", "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d\x0f" "\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44" }, @@ -7617,6 +7682,9 @@ check_mac (void) "\xaa\xaa\xaa", "\x3a\x85\x41\x66\xac\x5d\x9f\x02\x3f\x54\xd5\x17\xd0\xb3\x9d\xbd" "\x94\x67\x70\xdb\x9c\x2b\x95\xc9\xf6\xf5\x65\xd1" }, + { GCRY_MAC_HMAC_SHA224, "?", "????????????????", + "\xc1\x88\xaf\xcf\xce\x51\xa2\x14\x3d\xc1\xaf\x93\xcc\x2b\xe9\x4d" + "\x39\x55\x90\x4c\x46\x70\xfc\xc2\x04\xcf\xab\xfa" }, { GCRY_MAC_HMAC_SHA384, "what do ya want for nothing?", "Jefe", "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b\x1b" "\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22\x44\x5e" @@ -7676,6 +7744,10 @@ check_mac (void) "\x66\x17\x17\x8e\x94\x1f\x02\x0d\x35\x1e\x2f\x25\x4e\x8f\xd3\x2c" "\x60\x24\x20\xfe\xb0\xb8\xfb\x9a\xdc\xce\xbb\x82\x46\x1e\x99\xc5" "\xa6\x78\xcc\x31\xe7\x99\x17\x6d\x38\x60\xe6\x11\x0c\x46\x52\x3e" }, + { GCRY_MAC_HMAC_SHA384, "?", "????????????????", + "\xe7\x96\x29\xa3\x40\x5f\x1e\x6e\x92\xa5\xdb\xa5\xc6\xe9\x60\xa8" + "\xf5\xd1\x6d\xcb\x10\xec\x30\x2f\x6b\x9c\x37\xe0\xea\xf1\x53\x28" + "\x08\x01\x9b\xe3\x4a\x43\xc6\xc2\x2b\x0c\xd9\x43\x64\x35\x25\x78" }, { GCRY_MAC_HMAC_SHA512, "what do ya want for nothing?", "Jefe", "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0\xa3" "\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25\x05\x54" @@ -7741,6 +7813,11 @@ check_mac (void) "\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44" "\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15" "\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" }, + { GCRY_MAC_HMAC_SHA512, "?", "????????????????", + "\xd4\x43\x61\xfa\x3d\x3d\x57\xd6\xac\xc3\x9f\x1c\x3d\xd9\x26\x84" + "\x1f\xfc\x4d\xf2\xbf\x78\x87\x72\x5e\x6c\x3e\x00\x6d\x39\x5f\xfa" + "\xd7\x3a\xf7\x83\xb7\xb5\x61\xbd\xfb\x33\xe0\x03\x97\xa7\x72\x79" + "\x66\x66\xbf\xbd\x44\xfa\x04\x01\x1b\xc1\x48\x1d\x9e\xde\x5b\x8e" }, /* HMAC-SHA3 test vectors from * http://wolfgang-ehrhardt.de/hmac-sha3-testvectors.html */ { GCRY_MAC_HMAC_SHA3_224, @@ -7904,6 +7981,21 @@ check_mac (void) "\x1f\x3e\x6c\xf0\x48\x60\xc6\xbb\xd7\xfa\x48\x86\x74\x78\x2b\x46" "\x59\xfd\xbd\xf3\xfd\x87\x78\x52\x88\x5c\xfe\x6e\x22\x18\x5f\xe7" "\xb2\xee\x95\x20\x43\x62\x9b\xc9\xd5\xf3\x29\x8a\x41\xd0\x2c\x66" }, + { GCRY_MAC_HMAC_SHA3_224, "?", "????????????????", + "\x80\x2b\x3c\x84\xfe\x3e\x01\x22\x14\xf8\xba\x74\x79\xfd\xb5\x02" + "\xea\x0c\x06\xa4\x7e\x01\xe3\x2c\xc7\x24\x89\xc3" }, + { GCRY_MAC_HMAC_SHA3_256, "?", "????????????????", + "\x6c\x7c\x96\x5b\x19\xba\xcd\x61\x69\x8a\x2c\x7a\x2b\x96\xa1\xc3" + "\x33\xa0\x3c\x5d\x54\x87\x37\x60\xc8\x2f\xa2\xa6\x12\x38\x8d\x1b" }, + { GCRY_MAC_HMAC_SHA3_384, "?", "????????????????", + "\xc0\x20\xd0\x9b\xa7\xb9\xd5\xb8\xa6\xa4\xba\x20\x55\xd9\x0b\x35" + "\x8b\xe0\xb7\xec\x1e\x9f\xe6\xb9\xbd\xd5\xe9\x9b\xfc\x0a\x11\x3a" + "\x15\x41\xed\xfd\xef\x30\x8d\x03\xb8\xca\x3a\xa8\xc7\x2d\x89\x32" }, + { GCRY_MAC_HMAC_SHA3_512, "?", "????????????????", + "\xb4\xef\x24\xd2\x07\xa7\x01\xb3\xe1\x81\x11\x22\x93\x83\x64\xe0" + "\x5e\xad\x03\xb7\x43\x4f\x87\xa1\x14\x8e\x17\x8f\x2a\x97\x7d\xe8" + "\xbd\xb0\x37\x3b\x67\xb9\x97\x36\xa5\x82\x9b\xdc\x0d\xe4\x5a\x8c" + "\x5e\xda\xb5\xca\xea\xa9\xb4\x6e\xba\xca\x25\xc8\xbf\xa1\x0e\xb0" }, /* CMAC AES and DES test vectors from http://web.archive.org/web/20130930212819/http://csrc.nist.gov/publica\ tions/nistpubs/800-38B/Updated_CMAC_Examples.pdf */ @@ -7978,6 +8070,8 @@ check_mac (void) "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", "\xe1\x99\x21\x90\x54\x9f\x6e\xd5\x69\x6a\x2c\x05\x6c\x31\x54\x10" }, + { GCRY_MAC_CMAC_AES, "?", "????????????????????????????????", + "\x9f\x72\x73\x68\xb0\x49\x2e\xb1\x35\xa0\x1d\xf9\xa8\x0a\xf6\xee" }, { GCRY_MAC_CMAC_3DES, "", "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" @@ -8022,6 +8116,8 @@ check_mac (void) "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5\x8a\x3d\x10\xba\x80\x57\x0d\x38" "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5", "\x31\xb1\xe4\x31\xda\xbc\x4e\xb8" }, + { GCRY_MAC_CMAC_3DES, "?", "????????????????????????", + "\xc1\x38\x13\xb2\x31\x8f\x3a\xdf" }, /* CMAC Camellia test vectors from http://tools.ietf.org/html/draft-kato-ipsec-camellia-cmac96and128-05 */ { GCRY_MAC_CMAC_CAMELLIA, @@ -8045,6 +8141,8 @@ check_mac (void) "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", "\xc2\x69\x9a\x6e\xba\x55\xce\x9d\x93\x9a\x8a\x4e\x19\x46\x6e\xe9" }, + { GCRY_MAC_CMAC_CAMELLIA, "?", "????????????????????????????????", + "\xba\x8a\x5a\x8d\xa7\x54\x26\x83\x3e\xb1\x20\xb5\x45\xd0\x9f\x4e" }, /* http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip */ { GCRY_MAC_GMAC_AES, "", @@ -8081,6 +8179,8 @@ check_mac (void) "\xc9\xfc\xa7\x29\xab\x60\xad\xa0", "\x20\x4b\xdb\x1b\xd6\x21\x54\xbf\x08\x92\x2a\xaa\x54\xee\xd7\x05", "\x05\xad\x13\xa5\xe2\xc2\xab\x66\x7e\x1a\x6f\xbc" }, + { GCRY_MAC_GMAC_AES, "?", "????????????????????????????????", + "\x84\x37\xc3\x42\xae\xf5\xd0\x40\xd3\x73\x90\xa9\x36\xed\x8a\x12" }, /* from NaCl */ { GCRY_MAC_POLY1305, "\x8e\x99\x3b\x9f\x48\x68\x12\x73\xc2\x96\x50\xba\x32\xfc\x76\xce" @@ -8250,6 +8350,8 @@ check_mac (void) "\x12\x97\x6a\x08\xc4\x42\x6d\x0c\xe8\xa8\x24\x07\xc4\xf4\x82\x07" "\x80\xf8\xc2\x0a\xa7\x12\x02\xd1\xe2\x91\x79\xcb\xcb\x55\x5a\x57", "\x51\x54\xad\x0d\x2c\xb2\x6e\x01\x27\x4f\xc5\x11\x48\x49\x1f\x1b" }, + { GCRY_MAC_POLY1305, "?", "????????????????????????????????", + "\xc3\x88\xce\x8a\x52\xd6\xe7\x21\x86\xfa\xaa\x5d\x2d\x16\xf9\xa3" }, /* from http://cr.yp.to/mac/poly1305-20050329.pdf */ { GCRY_MAC_POLY1305_AES, "\xf3\xf6", @@ -8283,6 +8385,10 @@ check_mac (void) "\x51\x54\xad\x0d\x2c\xb2\x6e\x01\x27\x4f\xc5\x11\x48\x49\x1f\x1b", "\x9a\xe8\x31\xe7\x43\x97\x8d\x3a\x23\x52\x7c\x71\x28\x14\x9e\x3a", 0, 32 }, + { GCRY_MAC_POLY1305_AES, "?", "????????????????????????????????", + "\x9d\xeb\xb0\xcd\x24\x90\xd3\x9b\x47\x78\x37\x0a\x81\xf2\x83\x2a", + "\x61\xee\x09\x21\x8d\x29\xb0\xaa\xed\x7e\x15\x4a\x2c\x55\x09\xcc", + 0, 32 }, { 0 }, }; int i; @@ -8310,8 +8416,9 @@ check_mac (void) fprintf (stderr, " checking %s [%i] for %d byte key and %d byte data\n", gcry_mac_algo_name (algos[i].algo), - algos[i].algo, - (int)strlen(algos[i].key), (int)strlen(algos[i].data)); + algos[i].algo, (int)strlen(algos[i].key), + (!strcmp(algos[i].data, "!") || !strcmp(algos[i].data, "?")) + ? 1000000 : (int)strlen(algos[i].data)); klen = algos[i].klen ? algos[i].klen : strlen(algos[i].key); dlen = algos[i].dlen ? algos[i].dlen : strlen (algos[i].data); ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm-armv8-aarch32-ce.S | 321 +++++++++++++++++++++++++++------- cipher/cipher-gcm-armv8-aarch64-ce.S | 325 ++++++++++++++++++++++++++++++----- tests/basic.c | 119 ++++++++++++- 3 files changed, 651 insertions(+), 114 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 12 21:45:32 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 12 Oct 2016 21:45:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-222-g3ad17e7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3ad17e72fa81d18c95732ddcd4def244f52bb5b1 (commit) via ca84f65c7cf2c6a08a01018519965a82e6c52cac (commit) via 6fdf37f0831949cb279de6dc6b247ab2ed53fe5a (commit) via 78eda335fd1c29038b74b9cc912b6a4515fccd9f (commit) from cbbf0a7a8da1757fea29cff0daaa42a6bbb95b26 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3ad17e72fa81d18c95732ddcd4def244f52bb5b1 Author: Neal H. Walfield Date: Wed Oct 12 21:42:10 2016 +0200 g10: When changing a TOFU binding's policy, update the conflict info * g10/tofu.c (record_binding): Take an additional argument, CONFLICT. Set the binding's conflict accordingly. Update callers. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index ae7166c..d7f4e4c 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -797,8 +797,9 @@ get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName, If SHOW_OLD is set, the binding's old policy is displayed. */ static gpg_error_t record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email, - const char *user_id, enum tofu_policy policy, int show_old, - time_t now) + const char *user_id, enum tofu_policy policy, + const char *conflict, + int show_old, time_t now) { char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); gpg_error_t rc; @@ -850,12 +851,6 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email, " to %s.\n", fingerprint, show_old ? user_id : email, tofu_policy_str (policy)); - - if (policy_old == policy) - { - rc = 0; - goto leave; /* Nothing to do. */ - } } if (opt.dry_run) @@ -868,18 +863,19 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email, rc = gpgsql_stepx (dbs->db, &dbs->s.record_binding_update, NULL, NULL, &err, "insert or replace into bindings\n" - " (oid, fingerprint, email, user_id, time, policy)\n" + " (oid, fingerprint, email, user_id, time, policy, conflict)\n" " values (\n" /* If we don't explicitly reuse the OID, then SQLite will reallocate a new one. We just need to search for the OID based on the fingerprint and email since they are unique. */ " (select oid from bindings where fingerprint = ? and email = ?),\n" - " ?, ?, ?, ?, ?);", + " ?, ?, ?, ?, ?, ?);", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, user_id, GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_INT, (int) policy, + GPGSQL_ARG_STRING, conflict ? conflict : "", GPGSQL_ARG_END); if (rc) { @@ -1747,7 +1743,7 @@ ask_about_binding (ctrl_t ctrl, } if (record_binding (dbs, fingerprint, email, user_id, - *policy, 0, now)) + *policy, NULL, 0, now)) { /* If there's an error registering the * binding, don't save the signature. */ @@ -2087,7 +2083,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, /* New binding. */ { if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_GOOD, 0, now) != 0) + TOFU_POLICY_GOOD, NULL, 0, now) != 0) { log_error (_("error setting TOFU binding's trust level" " to %s\n"), "good"); @@ -2206,7 +2202,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, if (is_signed_by_utk) { if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_GOOD, 0, now) != 0) + TOFU_POLICY_GOOD, NULL, 0, now) != 0) { log_error (_("error setting TOFU binding's trust level" " to %s\n"), "good"); @@ -2246,7 +2242,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, fingerprint, email); if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_AUTO, 0, now) != 0) + TOFU_POLICY_AUTO, NULL, 0, now) != 0) { log_error (_("error setting TOFU binding's trust level to %s\n"), "auto"); @@ -2275,7 +2271,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, fingerprint, email); if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_AUTO, 0, now) != 0) + TOFU_POLICY_AUTO, NULL, 0, now) != 0) log_error (_("error setting TOFU binding's trust level to %s\n"), "auto"); @@ -2297,7 +2293,10 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, log_assert (policy == TOFU_POLICY_NONE); if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_ASK, 0, now) != 0) + TOFU_POLICY_ASK, + conflict_set && conflict_set->next + ? conflict_set->next->d : NULL, + 0, now) != 0) log_error (_("error setting TOFU binding's trust level to %s\n"), "ask"); @@ -3378,7 +3377,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) email = email_from_user_id (user_id->name); err = record_binding (dbs, fingerprint, email, user_id->name, - policy, 1, now); + policy, NULL, 1, now); if (err) { log_error (_("error setting policy for key %s, user id \"%s\": %s"), commit ca84f65c7cf2c6a08a01018519965a82e6c52cac Author: Neal H. Walfield Date: Wed Oct 12 21:40:03 2016 +0200 g10: Make a singular string singular. * g10/tofu.c (ask_about_binding): Make the singular string singular. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index ce107de..ae7166c 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1619,7 +1619,7 @@ ask_about_binding (ctrl_t ctrl, else { if (labs(stats_iter->time_ago) == 3) - es_fprintf (fp, ngettext(" over the past days.", + es_fprintf (fp, ngettext(" over the past day.", " over the past %d days.", seen_in_past), TIME_AGO_SMALL_THRESHOLD commit 6fdf37f0831949cb279de6dc6b247ab2ed53fe5a Author: Neal H. Walfield Date: Wed Oct 12 21:39:12 2016 +0200 g10: Correctly determine whether a binding has a conflict. * g10/tofu.c (build_conflict_set): A binding has a conflict is conflict is *not* NULL, not if it is NULL. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 97e7a6e..ce107de 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1793,7 +1793,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) "select" /* A binding should only appear once, but try not to break in the * case of corruption. */ - " fingerprint || case sum(conflict ISNULL) when 0 then '' else '!' end" + " fingerprint || case sum(conflict NOTNULL) when 0 then '' else '!' end" " from bindings where email = ?" " group by fingerprint" /* Make sure the current key comes first in the result list (if commit 78eda335fd1c29038b74b9cc912b6a4515fccd9f Author: Neal H. Walfield Date: Wed Oct 12 21:37:34 2016 +0200 g10: Fix a column's type in TOFU DB. * g10/tofu.c (initdb): Change policy from a boolean to an integer. -- Signed-off-by: Neal H. Walfield Reported-by: Daniel Kahn Gillmor Note: sqlite ignores type information so this change has no real impact. diff --git a/g10/tofu.c b/g10/tofu.c index 5b01c27..97e7a6e 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -606,7 +606,7 @@ initdb (sqlite3 *db) "create table bindings\n" " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n" " fingerprint TEXT, email TEXT, user_id TEXT, time INTEGER,\n" - " policy BOOLEAN CHECK (policy in (%d, %d, %d, %d, %d)),\n" + " policy INTEGER CHECK (policy in (%d, %d, %d, %d, %d)),\n" " conflict STRING,\n" " unique (fingerprint, email));\n" "create index bindings_fingerprint_email\n" ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 13 09:15:56 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 13 Oct 2016 09:15:56 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-45-g2538c12 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 2538c12fa0728f4113f83f69f8c8ec9efb163872 (commit) via a3cf30f89418c8a6bc9456533d95ba7fc2a33a4c (commit) from 5f64018af89e07dd0494775d6dfc82564536d6e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2538c12fa0728f4113f83f69f8c8ec9efb163872 Author: Andre Heinecke Date: Thu Oct 13 09:13:50 2016 +0200 qt: Install SpecialJob * lang/qt/src/Makefile.am: Install SpecialJob * NEWS: mention it. -- SpecialJob was and is public API. So it needs to be installed. diff --git a/NEWS b/NEWS index ebe2dd9..a34d37c 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,7 @@ Noteworthy changes in version 1.7.1 (unreleased) [C26/A15/R_] WksPublishJob::startRecieve REMOVED. MultiDeleteJob NEW. AbstractImportJob NEW. + SpecialJob NEW. * cpp Interface changes relative to the 1.7.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index e09e0d9..8c27e67 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -57,6 +57,7 @@ qgpgme_headers= \ protocol.h \ qgpgme_export.h \ qgpgmenewcryptoconfig.h \ + specialjob.h \ signjob.h \ signkeyjob.h \ signencryptjob.h \ @@ -91,6 +92,7 @@ camelcase_headers= \ MultiDeleteJob \ Protocol \ QGpgMENewCryptoConfig \ + SpecialJob \ SignJob \ SignKeyJob \ SignEncryptJob \ @@ -138,7 +140,6 @@ private_qgpgme_headers = \ qgpgmekeyformailboxjob.h \ qgpgmewkspublishjob.h \ qgpgmetofupolicyjob.h \ - specialjob.h \ threadedjobmixin.h qgpgme_moc_sources = \ commit a3cf30f89418c8a6bc9456533d95ba7fc2a33a4c Author: Andre Heinecke Date: Thu Oct 13 09:07:36 2016 +0200 qt, cpp: Fix expected targets in Config files * lang/cpp/src/GpgmeppConfig.cmake.in.in, lang/qt/src/QGpgmeConfig.cmake.in.in: Remove KF5 variants. diff --git a/lang/cpp/src/GpgmeppConfig.cmake.in.in b/lang/cpp/src/GpgmeppConfig.cmake.in.in index ca11deb..73f5eaa 100644 --- a/lang/cpp/src/GpgmeppConfig.cmake.in.in +++ b/lang/cpp/src/GpgmeppConfig.cmake.in.in @@ -37,7 +37,7 @@ set(CMAKE_IMPORT_FILE_VERSION 1) set(_targetsDefined) set(_targetsNotDefined) set(_expectedTargets) -foreach(_expectedTarget KF5::Gpgmepp Gpgmepp) +foreach(_expectedTarget Gpgmepp) list(APPEND _expectedTargets ${_expectedTarget}) if(NOT TARGET ${_expectedTarget}) list(APPEND _targetsNotDefined ${_expectedTarget}) diff --git a/lang/qt/src/QGpgmeConfig.cmake.in.in b/lang/qt/src/QGpgmeConfig.cmake.in.in index 9063408..5b6c188 100644 --- a/lang/qt/src/QGpgmeConfig.cmake.in.in +++ b/lang/qt/src/QGpgmeConfig.cmake.in.in @@ -37,7 +37,7 @@ set(CMAKE_IMPORT_FILE_VERSION 1) set(_targetsDefined) set(_targetsNotDefined) set(_expectedTargets) -foreach(_expectedTarget QGpgme KF5::QGpgme) +foreach(_expectedTarget QGpgme) list(APPEND _expectedTargets ${_expectedTarget}) if(NOT TARGET ${_expectedTarget}) list(APPEND _targetsNotDefined ${_expectedTarget}) ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + lang/cpp/src/GpgmeppConfig.cmake.in.in | 2 +- lang/qt/src/Makefile.am | 3 ++- lang/qt/src/QGpgmeConfig.cmake.in.in | 2 +- 4 files changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 13 09:45:59 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 13 Oct 2016 09:45:59 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-46-ga274c75 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a274c7590aa0e38d682d5177904983632f471cb0 (commit) from 2538c12fa0728f4113f83f69f8c8ec9efb163872 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a274c7590aa0e38d682d5177904983632f471cb0 Author: Andre Heinecke Date: Thu Oct 13 09:35:30 2016 +0200 qt, cpp: Fix permissions of Config files * lang/cpp/src/Makefile.am, lang/qt/src/Makefile.am: Do not install config files as executable. diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index 0500dbf..342bdf8 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -82,9 +82,9 @@ GpgmeppConfig.cmake: GpgmeppConfig.cmake.in install-cmake-files: GpgmeppConfig.cmake GpgmeppConfigVersion.cmake -$(INSTALL) -d $(DESTDIR)$(libdir)/cmake/Gpgmepp - $(INSTALL) GpgmeppConfig.cmake \ + $(INSTALL) -m 644 GpgmeppConfig.cmake \ $(DESTDIR)$(libdir)/cmake/Gpgmepp/GpgmeppConfig.cmake - $(INSTALL) GpgmeppConfigVersion.cmake \ + $(INSTALL) -m 644 GpgmeppConfigVersion.cmake \ $(DESTDIR)$(libdir)/cmake/Gpgmepp/GpgmeppConfigVersion.cmake uninstall-cmake-files: diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am index 8c27e67..51fe314 100644 --- a/lang/qt/src/Makefile.am +++ b/lang/qt/src/Makefile.am @@ -234,9 +234,9 @@ $(camelcase_headers): Makefile.am install-cmake-files: QGpgmeConfig.cmake QGpgmeConfigVersion.cmake -$(INSTALL) -d $(DESTDIR)$(libdir)/cmake/Gpgmepp - $(INSTALL) QGpgmeConfig.cmake \ + $(INSTALL) -m 644 QGpgmeConfig.cmake \ $(DESTDIR)$(libdir)/cmake/Gpgmepp/QGpgmeConfig.cmake - $(INSTALL) QGpgmeConfigVersion.cmake \ + $(INSTALL) -m 644 QGpgmeConfigVersion.cmake \ $(DESTDIR)$(libdir)/cmake/Gpgmepp/QGpgmeConfigVersion.cmake uninstall-cmake-files: ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/Makefile.am | 4 ++-- lang/qt/src/Makefile.am | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 13 10:15:07 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 13 Oct 2016 10:15:07 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-47-g56302e7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 56302e7bb6a694a7c570f389f9a7883efdfdaf42 (commit) from a274c7590aa0e38d682d5177904983632f471cb0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 56302e7bb6a694a7c570f389f9a7883efdfdaf42 Author: Andre Heinecke Date: Thu Oct 13 10:13:47 2016 +0200 cpp: Fix version number * configure.ac (LIBGPGMEPP_LT_CURRENT): Bump. -- Added API so it should have been correct to bump current and age and not to bump age. diff --git a/configure.ac b/configure.ac index 64f9385..0cfda5e 100644 --- a/configure.ac +++ b/configure.ac @@ -61,9 +61,9 @@ LIBGPGME_LT_CURRENT=26 LIBGPGME_LT_AGE=15 LIBGPGME_LT_REVISION=0 -LIBGPGMEPP_LT_CURRENT=6 -LIBGPGMEPP_LT_AGE=1 -LIBGPGMEPP_LT_REVISION=2 +LIBGPGMEPP_LT_CURRENT=8 +LIBGPGMEPP_LT_AGE=2 +LIBGPGMEPP_LT_REVISION=0 LIBQGPGME_LT_CURRENT=7 LIBQGPGME_LT_AGE=0 ----------------------------------------------------------------------- Summary of changes: configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 13 12:48:01 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 13 Oct 2016 12:48:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-226-g4c0389f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c (commit) via e09166c77273f459c8f87cab9224f85808af2cba (commit) via 5bf92e51dfdfb4f4746ecd817d8d2240ed27ea74 (commit) via 2282c3b761413dfa894300e70084bbd58908c0b1 (commit) from 3ad17e72fa81d18c95732ddcd4def244f52bb5b1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c Author: Neal H. Walfield Date: Thu Oct 13 12:44:59 2016 +0200 g10: Be more careful when checking cross signatures. * g10/tofu.c (cross_sigs): When checking cross signatures, only consider the signatures on the specified user id. * tests/openpgp/tofu.scm: Add test for the above. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file. * tests/openpgp/tofu/cross-sigs/README: New file. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 8184c6f..dcee6e7 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1211,7 +1211,7 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set, /* Return 1 if A signed B and B signed A. */ static int -cross_sigs (kbnode_t a, kbnode_t b) +cross_sigs (const char *email, kbnode_t a, kbnode_t b) { int i; @@ -1240,12 +1240,36 @@ cross_sigs (kbnode_t a, kbnode_t b) u32 *signer_kid = pk_main_keyid (signer_pk); kbnode_t n; + int saw_email = 0; + /* Iterate over SIGNEE's keyblock and see if there is a valid signature from SIGNER. */ for (n = signee; n; n = n->next) { PKT_signature *sig; + if (n->pkt->pkttype == PKT_USER_ID) + { + if (saw_email) + /* We're done: we've processed all signatures on the + user id. */ + break; + else + { + /* See if this is the matching user id. */ + PKT_user_id *user_id = n->pkt->pkt.user_id; + char *email2 = email_from_user_id (user_id->name); + + if (strcmp (email, email2) == 0) + saw_email = 1; + + xfree (email2); + } + } + + if (! saw_email) + continue; + if (n->pkt->pkttype != PKT_SIGNATURE) continue; @@ -1974,7 +1998,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) for (j = i + 1; j < conflict_set_count; j ++) /* Be careful: we might not have a key block for a key. */ - if (kb_all[i] && kb_all[j] && cross_sigs (kb_all[i], kb_all[j])) + if (kb_all[i] && kb_all[j] && cross_sigs (email, kb_all[i], kb_all[j])) die[j] = 1; } diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index e514ddf..96f7abe 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -159,3 +159,76 @@ (checkpolicy "BC15C85A" "ask") (checkpolicy "2183839A" "bad") (checkpolicy "EE37CF96" "ask") + + + +;; Check that we detect the following attack: +;; +;; Alice and Bob each have a key and cross sign them. Bob then adds a +;; new user id, "Alice". TOFU should now detect a conflict, because +;; Alice only signed Bob's "Bob" user id. + +(display "Checking cross sigs...\n") +(define GPG `(,(tool 'gpg) --no-permission-warning + --faked-system-time=1476304861)) + +;; Carefully remove the TOFU db. +(catch '() (unlink (string-append GNUPGHOME "/tofu.db"))) + +(define DIR "tofu/cross-sigs") +;; The test keys. +(define KEYA "1938C3A0E4674B6C217AC0B987DB2814EC38277E") +(define KEYB "DC463A16E42F03240D76E8BA8B48C6BD871C2247") + +(define (verify-messages) + (for-each + (lambda (key) + (for-each + (lambda (i) + (let ((fn (in-srcdir DIR (string-append key "-" i ".txt")))) + (call-check `(, at GPG --trust-model=tofu --verify ,fn)))) + (list "1" "2"))) + (list KEYA KEYB))) + +;; Import the public keys. +(display " > Two keys. ") +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-1.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-1.gpg")))) +;; Make sure the tofu engine registers the keys. +(verify-messages) +(display "<\n") + +;; Since their is no conflict, the policy should be auto. +(checkpolicy KEYA "auto") +(checkpolicy KEYB "auto") + +;; Import the cross sigs. +(display " > Adding cross signatures. ") +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-2.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-2.gpg")))) +(verify-messages) +(display "<\n") + +;; There is still no conflict, so the policy shouldn't have changed. +(checkpolicy KEYA "auto") +(checkpolicy KEYB "auto") + +;; Import the conflicting user id. +(display " > Adding conflicting user id. ") +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-3.gpg")))) +(call-check `(, at GPG --trust-model=tofu + --verify ,(in-srcdir DIR (string-append KEYB "-1.txt")))) +(verify-messages) +(display "<\n") + +(checkpolicy KEYA "ask") +(checkpolicy KEYB "ask") + +;; Import Alice's signature on the conflicting user id. +(display " > Adding cross signature on user id. ") +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-4.gpg")))) +(verify-messages) +(display "<\n") + +(checkpolicy KEYA "auto") +(checkpolicy KEYB "auto") diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg new file mode 100644 index 0000000..e6becec Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg differ diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt new file mode 100644 index 0000000..92236be Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt differ diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg new file mode 100644 index 0000000..d26bd54 Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg differ diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt new file mode 100644 index 0000000..b4013d3 Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt differ diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt new file mode 100644 index 0000000..9b2d49d Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt differ diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg new file mode 100644 index 0000000..1839e3a Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg differ diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg new file mode 100644 index 0000000..f706f70 Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg differ diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt new file mode 100644 index 0000000..0bdc1fc Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt differ diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg new file mode 100644 index 0000000..0b2485f Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg differ diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt new file mode 100644 index 0000000..4d3aaaa Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt differ diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg new file mode 100644 index 0000000..eb2c435 Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg differ diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt new file mode 100644 index 0000000..9b2d49d Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt differ diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg new file mode 100644 index 0000000..9c98ec1 Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg differ diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg new file mode 100644 index 0000000..a87c61b Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg differ diff --git a/tests/openpgp/tofu/cross-sigs/README b/tests/openpgp/tofu/cross-sigs/README new file mode 100644 index 0000000..439962b --- /dev/null +++ b/tests/openpgp/tofu/cross-sigs/README @@ -0,0 +1,79 @@ +# How I generate the keys and messages to verify: + +# Generate and export two non-conflicting keys. +gpg --quick-gen-key 'Spy Cow ' +gpg --quick-gen-key 'Spy R. Cow ' + +KEYIDA=1938C3A0E4674B6C217AC0B987DB2814EC38277E +KEYIDB=DC463A16E42F03240D76E8BA8B48C6BD871C2247 + +for KEYID in $KEYIDA $KEYIDB +do + gpg --export $KEYID > tofu-$KEYID.gpg + gpg --export-secret-keys $KEYID > tofu-$KEYID-secret.gpg +done + +# Sign some data. +echo foo | gpg --default-key $KEYIDA -s > tofu-$KEYIDA-1.txt +echo foo | gpg --default-key $KEYIDB -s > tofu-$KEYIDB-1.txt + +# Again, but with an issuer. +echo foo | gpg --default-key "" -s > tofu-$KEYIDA-2.txt +echo foo | gpg --default-key "" -s > tofu-$KEYIDB-2.txt + +# Have A sign B and vice versa. +gpg --default-key $KEYIDA --quick-sign $KEYIDB +gpg --default-key $KEYIDB --quick-sign $KEYIDA + +gpg --export $KEYIDA > tofu-$KEYIDA-2.gpg +gpg --export $KEYIDB > tofu-$KEYIDB-2.gpg + +# Cause A and B to conflict. +gpg --quick-adduid $KEYIDB 'Spy R. Cow ' +gpg --export $KEYIDB > tofu-$KEYIDB-3.gpg + +echo foo | gpg --default-key "" -s > tofu-$KEYIDA-3.txt +echo foo | gpg --default-key "" -s > tofu-$KEYIDB-3.txt + +# Have A sign B's conflicting user id. +gpg --default-key $KEYIDA --quick-sign $KEYIDB +gpg --export $KEYIDB > tofu-$KEYIDB-4.gpg + +exit 0 + +# In a new directory (so the keys are not ultimately trusted). + +D=~/neal/work/gpg/test +echo 'trust-model tofu+pgp' > gpg.conf +gpg --import $D/tofu-$KEYIDA.gpg +gpg --import $D/tofu-$KEYIDB.gpg +gpg -k + +gpg --verify $D/tofu-$KEYIDA-1.txt +gpg --verify $D/tofu-$KEYIDB-1.txt +# With an issuer. +gpg --verify $D/tofu-$KEYIDA-2.txt +gpg --verify $D/tofu-$KEYIDB-2.txt + +# Import the cross signatures. +gpg --import $D/tofu-$KEYIDA-2.gpg +gpg --import $D/tofu-$KEYIDB-2.gpg +gpg -k + +gpg --verify $D/tofu-$KEYIDA-1.txt +gpg --verify $D/tofu-$KEYIDB-1.txt +# With an issuer. +gpg --verify $D/tofu-$KEYIDA-2.txt +gpg --verify $D/tofu-$KEYIDB-2.txt + + +gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDA-3.txt | grep TRUST_UNDEFINED +gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDB-3.txt | grep TRUST_UNDEFINED + +# Import the conflicting user id. +gpg --import $D/tofu-$KEYIDB-3.gpg +gpg -k + +# Import the cross signature, which should remove the conflict. +gpg --import $D/tofu-$KEYIDB-4.gpg +gpg -k commit e09166c77273f459c8f87cab9224f85808af2cba Author: Neal H. Walfield Date: Thu Oct 13 12:38:19 2016 +0200 g10: Still check if the key is an UTK or cross signed in batch mode. * g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't bail immediately. Instead, check if the key in question is an ultimately trusted key or cross signed. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index b9416d5..8184c6f 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2131,12 +2131,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, case TOFU_POLICY_ASK: /* We need to ask the user what to do. Case #1 or #2 below. */ - if (! may_ask) - { - trust_level = TRUST_UNDEFINED; - goto out; - } - break; case TOFU_POLICY_NONE: @@ -2296,18 +2290,19 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, if (! may_ask) { - /* We can only get here in the third case (no saved policy) and - * if there is a conflict. (If the policy was ask (cases #1 and - * #2) and we weren't allowed to ask, we'd have already exited). */ - log_assert (policy == TOFU_POLICY_NONE); - - if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_ASK, - conflict_set && conflict_set->next - ? conflict_set->next->d : NULL, - 0, now) != 0) - log_error (_("error setting TOFU binding's trust level to %s\n"), - "ask"); + log_assert (policy == TOFU_POLICY_NONE || policy == TOFU_POLICY_ASK); + if (policy == TOFU_POLICY_NONE) + { + /* We get here in the third case (no saved policy) and if + * there is a conflict. */ + if (record_binding (dbs, fingerprint, email, user_id, + TOFU_POLICY_ASK, + conflict_set && conflict_set->next + ? conflict_set->next->d : NULL, + 0, now) != 0) + log_error (_("error setting TOFU binding's trust level to %s\n"), + "ask"); + } trust_level = TRUST_UNDEFINED; goto out; commit 5bf92e51dfdfb4f4746ecd817d8d2240ed27ea74 Author: Neal H. Walfield Date: Thu Oct 13 12:32:03 2016 +0200 g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL * g10/tofu.c (get_policy): If an sqlite operation fails, map the error code to GPG_ERR_GENERAL. (ask_about_binding): Likewise. (build_conflict_set): Likewise. (get_trust): Likewise. (show_statistics): Likewise. (tofu_register_signature): Likewise. (tofu_register_encryption): Likewise. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index d7f4e4c..b9416d5 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1082,6 +1082,7 @@ get_policy (tofu_dbs_t dbs, const char *fingerprint, const char *email, log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("checking for existing bad bindings"); sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); goto out; } @@ -1404,6 +1405,7 @@ ask_about_binding (ctrl_t ctrl, log_error (_("error gathering other user IDs: %s\n"), sqerr); sqlite3_free (sqerr); sqerr = NULL; + rc = gpg_error (GPG_ERR_GENERAL); } if (other_user_ids) @@ -1481,7 +1483,10 @@ ask_about_binding (ctrl_t ctrl, GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_END); if (rc) - break; + { + rc = gpg_error (GPG_ERR_GENERAL); + break; + } if (!stats || strcmp (iter->d, stats->fingerprint) != 0) /* No stats for this binding. Add a dummy entry. */ @@ -1496,7 +1501,10 @@ ask_about_binding (ctrl_t ctrl, GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_END); if (rc) - break; + { + rc = gpg_error (GPG_ERR_GENERAL); + break; + } #undef STATS_SQL @@ -1803,6 +1811,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email) log_error (_("error reading TOFU database: %s\n"), sqerr); print_further_info ("listing fingerprints"); sqlite3_free (sqerr); + rc = gpg_error (GPG_ERR_GENERAL); return NULL; } @@ -2349,6 +2358,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, fingerprint, user_id); sqlite3_free (sqerr); sqerr = NULL; + rc = gpg_error (GPG_ERR_GENERAL); } else if (DBG_TRUST) log_debug ("Set %s to conflict with %s\n", @@ -2597,6 +2607,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("getting signature statistics"); sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); goto out; } @@ -2629,6 +2640,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("getting encryption statistics"); sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); goto out; } @@ -2927,6 +2939,7 @@ tofu_register_signature (ctrl_t ctrl, log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("checking existence"); sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); } else if (c > 1) /* Duplicates! This should not happen. In particular, @@ -2980,6 +2993,7 @@ tofu_register_signature (ctrl_t ctrl, log_error (_("error updating TOFU database: %s\n"), err); print_further_info ("insert signatures"); sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); } } @@ -3093,6 +3107,7 @@ tofu_register_encryption (ctrl_t ctrl, log_error (_("error updating TOFU database: %s\n"), err); print_further_info ("insert encryption"); sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); } xfree (email); commit 2282c3b761413dfa894300e70084bbd58908c0b1 Author: Neal H. Walfield Date: Thu Oct 13 12:30:12 2016 +0200 tests: Remove support for deprecated functionality. * tests/openpgp/tofu.scm: Don't remove tofu.d. It's deprecated. -- Signed-off-by: Neal H. Walfield diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index f4de1d8..e514ddf 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -99,7 +99,6 @@ ;; Carefully remove the TOFU db. (catch '() (unlink (string-append GNUPGHOME "/tofu.db"))) -(catch '() (unlink-recursively (string-append GNUPGHOME "/tofu.d"))) ;; Verify a message. There should be no conflict and the trust ;; policy should be set to auto. ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 78 ++++++++++++++------ tests/openpgp/tofu.scm | 74 ++++++++++++++++++- .../1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg | Bin 0 -> 1171 bytes .../1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt | Bin 0 -> 321 bytes .../1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg | Bin 0 -> 1458 bytes .../1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt | Bin 0 -> 334 bytes .../1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt | Bin 0 -> 334 bytes ...C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg | Bin 0 -> 2473 bytes .../DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg | Bin 0 -> 1173 bytes .../DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt | Bin 0 -> 321 bytes .../DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg | Bin 0 -> 1460 bytes .../DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt | Bin 0 -> 333 bytes .../DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg | Bin 0 -> 1800 bytes .../DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt | Bin 0 -> 334 bytes .../DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg | Bin 0 -> 2087 bytes ...3A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg | Bin 0 -> 2475 bytes tests/openpgp/tofu/cross-sigs/README | 79 +++++++++++++++++++++ 17 files changed, 208 insertions(+), 23 deletions(-) create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg create mode 100644 tests/openpgp/tofu/cross-sigs/README hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 13 13:22:24 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 13 Oct 2016 13:22:24 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.7.0-50-gf526d0e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via f526d0e22e8b881ccbca66b46a0e1b68bbc4cd6b (commit) via 1e6073ffa98db2c265adbcf0dbbe70c067a910f0 (commit) via cabd4c74e52c8983d624b6877cddc7f8912eff04 (commit) from 56302e7bb6a694a7c570f389f9a7883efdfdaf42 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f526d0e22e8b881ccbca66b46a0e1b68bbc4cd6b Author: Justus Winter Date: Thu Oct 13 13:13:23 2016 +0200 python: Make 'get_key' more idiomatic. * lang/python/pyme/core.py (Context.get_key): Raise errors.KeyNotFound if the key is not found. This error is both a KeyError for idiomatic error handling as well as a GPGMEError so we don't break existing code. * lang/python/pyme/errors.py (KeyNotFound): New class. * lang/python/tests/support.py (no_such_key): New variable. * lang/python/tests/t-keylist.py: Test the new behavior. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index cd5217f..f0eab43 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -680,11 +680,19 @@ class Context(GpgmeWrapper): -- the matching key Raises: + KeyError -- if the key was not found GPGMEError -- as signaled by the underlying library """ ptr = gpgme.new_gpgme_key_t_p() - errorcheck(gpgme.gpgme_get_key(self.wrapped, fpr, ptr, secret)) + + try: + errorcheck(gpgme.gpgme_get_key(self.wrapped, fpr, ptr, secret)) + except errors.GPGMEError as e: + if e.getcode() == errors.EOF: + raise errors.KeyNotFound(fpr) + raise e + key = gpgme.gpgme_key_t_p_value(ptr) gpgme.delete_gpgme_key_t_p(ptr) assert key diff --git a/lang/python/pyme/errors.py b/lang/python/pyme/errors.py index e26c747..0fd85ef 100644 --- a/lang/python/pyme/errors.py +++ b/lang/python/pyme/errors.py @@ -21,10 +21,12 @@ del absolute_import, print_function, unicode_literals from . import gpgme from . import util -util.process_constants('GPG_ERR_', globals()) +# To appease static analysis tools, we define some constants here. +# They are overwritten with the proper values by process_constants. +NO_ERROR = None +EOF = None -# To appease static analysis tools, we define some constants here: -NO_ERROR = 0 +util.process_constants('GPG_ERR_', globals()) class PymeError(Exception): pass @@ -58,6 +60,20 @@ def errorcheck(retval, extradata = None): if retval: raise GPGMEError(retval, extradata) +class KeyNotFound(GPGMEError, KeyError): + """Raised if a key was not found + + GPGME indicates this condition with EOF, which is not very + idiomatic. We raise this error that is both a GPGMEError + indicating EOF, and a KeyError. + + """ + def __init__(self, keystr): + self.keystr = keystr + GPGMEError.__init__(self, EOF) + def __str__(self): + return self.keystr + # These errors are raised in the idiomatic interface code. class EncryptionError(PymeError): diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index 4d7135e..f1ffdc3 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -27,6 +27,7 @@ alpha = "A0FF4590BB6122EDEF6E3C542D727CC768697734" bob = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2" encrypt_only = "F52770D5C4DB41408D918C9F920572769B9FE19C" sign_only = "7CCA20CCDE5394CEE71C9F0BFED153F12F18F45D" +no_such_key = "A" * 40 def make_filename(name): return os.path.join(os.environ['top_srcdir'], 'tests', 'gpg', name) diff --git a/lang/python/tests/t-keylist.py b/lang/python/tests/t-keylist.py index 5e8b333..f7f6674 100755 --- a/lang/python/tests/t-keylist.py +++ b/lang/python/tests/t-keylist.py @@ -20,6 +20,7 @@ from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals +import pyme from pyme import core, constants import support @@ -244,3 +245,25 @@ for i, key in enumerate(c.keylist()): if misc_check: misc_check (uids[0][0], key) + + +# check get_key() +with pyme.Context() as c: + c.get_key(support.alpha) + c.get_key(support.alpha, secret=True) + + c.get_key(support.bob) + try: + c.get_key(support.bob, secret=True) + except KeyError: + pass + else: + assert False, "Expected KeyError" + + # Legacy error + try: + c.get_key(support.no_such_key) + except pyme.errors.GPGMEError: + pass + else: + assert False, "Expected GPGMEError" commit 1e6073ffa98db2c265adbcf0dbbe70c067a910f0 Author: Justus Winter Date: Thu Oct 13 12:05:59 2016 +0200 python: Return public keys by default. * lang/python/pyme/core.py (Core.get_key): Return public keys by default, improve docstring. * lang/python/examples/testCMSgetkey.py: Update example. * lang/python/examples/verifydetails.py: Likewise. GnuPG-bug-id: 2751 Signed-off-by: Justus Winter diff --git a/lang/python/examples/testCMSgetkey.py b/lang/python/examples/testCMSgetkey.py index 4467b6c..62c35d2 100644 --- a/lang/python/examples/testCMSgetkey.py +++ b/lang/python/examples/testCMSgetkey.py @@ -28,7 +28,7 @@ if len(sys.argv) != 2: sys.exit("fingerprint or unique key ID for gpgme_get_key()") with pyme.Context(protocol=pyme.constants.PROTOCOL_CMS) as c: - key = c.get_key(sys.argv[1], False) + key = c.get_key(sys.argv[1]) print("got key: ", key.subkeys[0].fpr) for uid in key.uids: diff --git a/lang/python/examples/verifydetails.py b/lang/python/examples/verifydetails.py index fa34926..81f82e9 100755 --- a/lang/python/examples/verifydetails.py +++ b/lang/python/examples/verifydetails.py @@ -52,7 +52,7 @@ def verifyprintdetails(filename, detached_sig_filename=None): print(" status: %#0x" % (sign.status)) print(" timestamp: ", sign.timestamp) print(" fingerprint:", sign.fpr) - print(" uid: ", c.get_key(sign.fpr, 0).uids[0].uid) + print(" uid: ", c.get_key(sign.fpr).uids[0].uid) # Print "unsigned" text if inline signature if data: diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index 88a086b..cd5217f 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -670,15 +670,26 @@ class Context(GpgmeWrapper): key.__del__ = lambda self: gpgme.gpgme_key_unref(self) return key - def get_key(self, fpr, secret): - """Return the key corresponding to the fingerprint 'fpr'""" + def get_key(self, fpr, secret=False): + """Get a key given a fingerprint + + Keyword arguments: + secret -- to request a secret key + + Returns: + -- the matching key + + Raises: + GPGMEError -- as signaled by the underlying library + + """ ptr = gpgme.new_gpgme_key_t_p() errorcheck(gpgme.gpgme_get_key(self.wrapped, fpr, ptr, secret)) key = gpgme.gpgme_key_t_p_value(ptr) gpgme.delete_gpgme_key_t_p(ptr) - if key: - key.__del__ = lambda self: gpgme.gpgme_key_unref(self) - return key + assert key + key.__del__ = lambda self: gpgme.gpgme_key_unref(self) + return key def op_trustlist_all(self, *args, **kwargs): self.op_trustlist_start(*args, **kwargs) commit cabd4c74e52c8983d624b6877cddc7f8912eff04 Author: Justus Winter Date: Thu Oct 13 12:45:50 2016 +0200 python: Fix example. * lang/python/examples/inter-edit.py: Fix example. Fixes-commit: a458e7fe Signed-off-by: Justus Winter diff --git a/lang/python/examples/inter-edit.py b/lang/python/examples/inter-edit.py index 39d6f17..3c0f29b 100644 --- a/lang/python/examples/inter-edit.py +++ b/lang/python/examples/inter-edit.py @@ -40,8 +40,8 @@ with pyme.Context() as c: print("Editing key {} ({}):".format(key.uids[0].uid, key.subkeys[0].fpr)) def edit_fnc(keyword, args): - print("Status: {} ({}), args: {} > ".format( - keyword, status, args), end='', flush=True) + print("Status: {}, args: {} > ".format( + keyword, args), end='', flush=True) if not 'GET' in keyword: # no prompt ----------------------------------------------------------------------- Summary of changes: lang/python/examples/inter-edit.py | 4 ++-- lang/python/examples/testCMSgetkey.py | 2 +- lang/python/examples/verifydetails.py | 2 +- lang/python/pyme/core.py | 31 +++++++++++++++++++++++++------ lang/python/pyme/errors.py | 22 +++++++++++++++++++--- lang/python/tests/support.py | 1 + lang/python/tests/t-keylist.py | 23 +++++++++++++++++++++++ 7 files changed, 72 insertions(+), 13 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 13 14:26:56 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 13 Oct 2016 14:26:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-227-gd2d936f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d2d936fbe86d61b89cead95df633b2b575690e05 (commit) from 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d2d936fbe86d61b89cead95df633b2b575690e05 Author: Neal H. Walfield Date: Thu Oct 13 14:26:53 2016 +0200 tests: Add test data to TEST_FILES. * tests/openpgp/Makefile.am (TEST_FILES): Add new test data. -- Signed-off-by: Neal H. Walfield Fixes-commit: 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 8c51ae6..be110fb 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -109,7 +109,22 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ bug537-test.data.asc bug894-test.asc \ bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc \ tofu-keys.asc tofu-keys-secret.asc \ - tofu-2183839A-1.txt tofu-BC15C85A-1.txt tofu-EE37CF96-1.txt + tofu-2183839A-1.txt tofu-BC15C85A-1.txt tofu-EE37CF96-1.txt \ + tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg \ + tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg \ + tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt \ + tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg \ + tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt \ + tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt \ + tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg \ + tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg \ + tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt \ + tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg \ + tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt \ + tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg \ + tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt \ + tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg \ + tofu/cross-sigs/README data_files = data-500 data-9000 data-32000 data-80000 plain-large ----------------------------------------------------------------------- Summary of changes: tests/openpgp/Makefile.am | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 13 21:22:05 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 13 Oct 2016 21:22:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-228-g95d0f3e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 95d0f3e5eebd85dcf226dca14891a1215bfe93ae (commit) from d2d936fbe86d61b89cead95df633b2b575690e05 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 95d0f3e5eebd85dcf226dca14891a1215bfe93ae Author: Neal H. Walfield Date: Thu Oct 13 20:54:06 2016 +0200 g10: Be more careful when checking if a binding is signed by a UTK. * g10/tofu.c (signed_by_utk): When checking if a key is signed by an ultimately trusted key, only consider the signatures on the specified user id. * tests/openpgp/tofu.scm: Add test for the above. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index dcee6e7..d437c5a 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1308,14 +1308,37 @@ cross_sigs (const char *email, kbnode_t a, kbnode_t b) /* Return whether the key was signed by an ultimately trusted key. */ static int -signed_by_utk (kbnode_t a) +signed_by_utk (const char *email, kbnode_t a) { kbnode_t n; + int saw_email = 0; for (n = a; n; n = n->next) { PKT_signature *sig; + if (n->pkt->pkttype == PKT_USER_ID) + { + if (saw_email) + /* We're done: we've processed all signatures on the + user id. */ + break; + else + { + /* See if this is the matching user id. */ + PKT_user_id *user_id = n->pkt->pkt.user_id; + char *email2 = email_from_user_id (user_id->name); + + if (strcmp (email, email2) == 0) + saw_email = 1; + + xfree (email2); + } + } + + if (! saw_email) + continue; + if (n->pkt->pkttype != PKT_SIGNATURE) continue; @@ -2221,7 +2244,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, } else { - is_signed_by_utk = signed_by_utk (kb); + is_signed_by_utk = signed_by_utk (email, kb); release_kbnode (kb); } } diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index 96f7abe..2939250 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -198,7 +198,7 @@ (verify-messages) (display "<\n") -;; Since their is no conflict, the policy should be auto. +;; Since there is no conflict, the policy should be auto. (checkpolicy KEYA "auto") (checkpolicy KEYB "auto") @@ -232,3 +232,85 @@ (checkpolicy KEYA "auto") (checkpolicy KEYB "auto") + +;; Remove the keys. +(call-check `(, at GPG --delete-key ,KEYA)) +(call-check `(, at GPG --delete-key ,KEYB)) + + +;; Check that we detect the following attack: +;; +;; Alice has an ultimately trusted key and she signs Bob's key. Then +;; Bob adds a new user id, "Alice". TOFU should now detect a +;; conflict, because Alice only signed Bob's "Bob" user id. + +(display "Checking UTK sigs...\n") +(define GPG `(,(tool 'gpg) --no-permission-warning + --faked-system-time=1476304861)) + +;; Carefully remove the TOFU db. +(catch '() (unlink (string-append GNUPGHOME "/tofu.db"))) + +(define DIR "tofu/cross-sigs") +;; The test keys. +(define KEYA "1938C3A0E4674B6C217AC0B987DB2814EC38277E") +(define KEYB "DC463A16E42F03240D76E8BA8B48C6BD871C2247") + +(define (verify-messages) + (for-each + (lambda (key) + (for-each + (lambda (i) + (let ((fn (in-srcdir DIR (string-append key "-" i ".txt")))) + (call-check `(, at GPG --trust-model=tofu --verify ,fn)))) + (list "1" "2"))) + (list KEYA KEYB))) + +;; Import the public keys. +(display " > Two keys. ") +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-1.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-1.gpg")))) +(display "<\n") + +;; Import the cross sigs. +(display " > Adding cross signatures. ") +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-2.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-2.gpg")))) +(display "<\n") + +;; Make KEYA ultimately trusted. +(display (string-append " > Marking " KEYA " as ultimately trusted. ")) +(pipe:do + (pipe:echo (string-append KEYA ":6:\n")) + (pipe:gpg `(--import-ownertrust))) +(display "<\n") + +;; An ultimately trusted key's policy is good. +(checkpolicy KEYA "good") +;; A key signed by a UTK for which there is no policy gets the default +;; policy of good. +(checkpolicy KEYB "good") + +;; Import the conflicting user id. +(display " > Adding conflicting user id. ") +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-3.gpg")))) +(call-check `(, at GPG --trust-model=tofu + --verify ,(in-srcdir DIR (string-append KEYB "-1.txt")))) +(verify-messages) +(display "<\n") + +(checkpolicy KEYA "good") +(checkpolicy KEYB "ask") + +;; Import Alice's signature on the conflicting user id. +(display " > Adding cross signature on user id. ") +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-4.gpg")))) +(verify-messages) +(display "<\n") + +(checkpolicy KEYA "good") +(checkpolicy KEYB "good") + +;; Remove the keys. +(call-check `(, at GPG --delete-key ,KEYA)) +(call-check `(, at GPG --delete-key ,KEYB)) ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 27 ++++++++++++++-- tests/openpgp/tofu.scm | 84 +++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 108 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 13 22:02:42 2016 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 13 Oct 2016 22:02:42 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-229-g0c56ad5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0c56ad5a8d89d69a9ed00571720b3b105f955214 (commit) from 95d0f3e5eebd85dcf226dca14891a1215bfe93ae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0c56ad5a8d89d69a9ed00571720b3b105f955214 Author: Neal H. Walfield Date: Thu Oct 13 21:38:50 2016 +0200 tests: Use shorter filenames. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-1.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-2.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-3.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-1.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-1.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-2.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-2.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-3.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-3.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-4.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg: .. to this. * tests/openpgp/Makefile.am (TEST_FILES): Update accordingly. -- Signed-off-by: Neal H. Walfield Fixed-commit: d2d936fbe86d61b89cead95df633b2b575690e05 diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index be110fb..bb9b2f4 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -110,20 +110,20 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc \ tofu-keys.asc tofu-keys-secret.asc \ tofu-2183839A-1.txt tofu-BC15C85A-1.txt tofu-EE37CF96-1.txt \ - tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg \ - tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg \ - tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt \ - tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg \ - tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt \ - tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt \ - tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg \ - tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg \ - tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt \ - tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg \ - tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt \ - tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg \ - tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt \ - tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg \ + tofu/cross-sigs/EC38277E-secret.gpg \ + tofu/cross-sigs/EC38277E-1.gpg \ + tofu/cross-sigs/EC38277E-1.txt \ + tofu/cross-sigs/EC38277E-2.gpg \ + tofu/cross-sigs/EC38277E-2.txt \ + tofu/cross-sigs/EC38277E-3.txt \ + tofu/cross-sigs/871C2247-secret.gpg \ + tofu/cross-sigs/871C2247-1.gpg \ + tofu/cross-sigs/871C2247-1.txt \ + tofu/cross-sigs/871C2247-2.gpg \ + tofu/cross-sigs/871C2247-2.txt \ + tofu/cross-sigs/871C2247-3.gpg \ + tofu/cross-sigs/871C2247-3.txt \ + tofu/cross-sigs/871C2247-4.gpg \ tofu/cross-sigs/README data_files = data-500 data-9000 data-32000 data-80000 plain-large diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index 2939250..3cca189 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -179,6 +179,8 @@ ;; The test keys. (define KEYA "1938C3A0E4674B6C217AC0B987DB2814EC38277E") (define KEYB "DC463A16E42F03240D76E8BA8B48C6BD871C2247") +(define KEYIDA (substring KEYA (- (string-length KEYA) 8))) +(define KEYIDB (substring KEYB (- (string-length KEYB) 8))) (define (verify-messages) (for-each @@ -188,12 +190,12 @@ (let ((fn (in-srcdir DIR (string-append key "-" i ".txt")))) (call-check `(, at GPG --trust-model=tofu --verify ,fn)))) (list "1" "2"))) - (list KEYA KEYB))) + (list KEYIDA KEYIDB))) ;; Import the public keys. (display " > Two keys. ") -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-1.gpg")))) -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-1.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDA "-1.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDB "-1.gpg")))) ;; Make sure the tofu engine registers the keys. (verify-messages) (display "<\n") @@ -204,8 +206,8 @@ ;; Import the cross sigs. (display " > Adding cross signatures. ") -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-2.gpg")))) -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-2.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDA "-2.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDB "-2.gpg")))) (verify-messages) (display "<\n") @@ -215,9 +217,7 @@ ;; Import the conflicting user id. (display " > Adding conflicting user id. ") -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-3.gpg")))) -(call-check `(, at GPG --trust-model=tofu - --verify ,(in-srcdir DIR (string-append KEYB "-1.txt")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDB "-3.gpg")))) (verify-messages) (display "<\n") @@ -226,7 +226,7 @@ ;; Import Alice's signature on the conflicting user id. (display " > Adding cross signature on user id. ") -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-4.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDB "-4.gpg")))) (verify-messages) (display "<\n") @@ -255,6 +255,8 @@ ;; The test keys. (define KEYA "1938C3A0E4674B6C217AC0B987DB2814EC38277E") (define KEYB "DC463A16E42F03240D76E8BA8B48C6BD871C2247") +(define KEYIDA (substring KEYA (- (string-length KEYA) 8))) +(define KEYIDB (substring KEYB (- (string-length KEYB) 8))) (define (verify-messages) (for-each @@ -264,18 +266,18 @@ (let ((fn (in-srcdir DIR (string-append key "-" i ".txt")))) (call-check `(, at GPG --trust-model=tofu --verify ,fn)))) (list "1" "2"))) - (list KEYA KEYB))) + (list KEYIDA KEYIDB))) ;; Import the public keys. (display " > Two keys. ") -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-1.gpg")))) -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-1.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDA "-1.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDB "-1.gpg")))) (display "<\n") ;; Import the cross sigs. (display " > Adding cross signatures. ") -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-2.gpg")))) -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-2.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDA "-2.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDB "-2.gpg")))) (display "<\n") ;; Make KEYA ultimately trusted. @@ -293,9 +295,7 @@ ;; Import the conflicting user id. (display " > Adding conflicting user id. ") -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-3.gpg")))) -(call-check `(, at GPG --trust-model=tofu - --verify ,(in-srcdir DIR (string-append KEYB "-1.txt")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDB "-3.gpg")))) (verify-messages) (display "<\n") @@ -304,7 +304,7 @@ ;; Import Alice's signature on the conflicting user id. (display " > Adding cross signature on user id. ") -(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-4.gpg")))) +(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYIDB "-4.gpg")))) (verify-messages) (display "<\n") diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg b/tests/openpgp/tofu/cross-sigs/871C2247-1.gpg similarity index 100% rename from tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg rename to tests/openpgp/tofu/cross-sigs/871C2247-1.gpg diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt b/tests/openpgp/tofu/cross-sigs/871C2247-1.txt similarity index 100% rename from tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt rename to tests/openpgp/tofu/cross-sigs/871C2247-1.txt diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg b/tests/openpgp/tofu/cross-sigs/871C2247-2.gpg similarity index 100% rename from tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg rename to tests/openpgp/tofu/cross-sigs/871C2247-2.gpg diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt b/tests/openpgp/tofu/cross-sigs/871C2247-2.txt similarity index 100% rename from tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt rename to tests/openpgp/tofu/cross-sigs/871C2247-2.txt diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg b/tests/openpgp/tofu/cross-sigs/871C2247-3.gpg similarity index 100% rename from tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg rename to tests/openpgp/tofu/cross-sigs/871C2247-3.gpg diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt b/tests/openpgp/tofu/cross-sigs/871C2247-3.txt similarity index 100% rename from tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt rename to tests/openpgp/tofu/cross-sigs/871C2247-3.txt diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg b/tests/openpgp/tofu/cross-sigs/871C2247-4.gpg similarity index 100% rename from tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg rename to tests/openpgp/tofu/cross-sigs/871C2247-4.gpg diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg b/tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg similarity index 100% rename from tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg rename to tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg b/tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg similarity index 100% rename from tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg rename to tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt b/tests/openpgp/tofu/cross-sigs/EC38277E-1.txt similarity index 100% rename from tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt rename to tests/openpgp/tofu/cross-sigs/EC38277E-1.txt diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg b/tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg similarity index 100% rename from tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg rename to tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt b/tests/openpgp/tofu/cross-sigs/EC38277E-2.txt similarity index 100% rename from tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt rename to tests/openpgp/tofu/cross-sigs/EC38277E-2.txt diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt b/tests/openpgp/tofu/cross-sigs/EC38277E-3.txt similarity index 100% rename from tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt rename to tests/openpgp/tofu/cross-sigs/EC38277E-3.txt diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg b/tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg similarity index 100% rename from tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg rename to tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg ----------------------------------------------------------------------- Summary of changes: tests/openpgp/Makefile.am | 28 ++++++++-------- tests/openpgp/tofu.scm | 36 ++++++++++----------- ...76E8BA8B48C6BD871C2247-1.gpg => 871C2247-1.gpg} | Bin ...76E8BA8B48C6BD871C2247-1.txt => 871C2247-1.txt} | Bin ...76E8BA8B48C6BD871C2247-2.gpg => 871C2247-2.gpg} | Bin ...76E8BA8B48C6BD871C2247-2.txt => 871C2247-2.txt} | Bin ...76E8BA8B48C6BD871C2247-3.gpg => 871C2247-3.gpg} | Bin ...76E8BA8B48C6BD871C2247-3.txt => 871C2247-3.txt} | Bin ...76E8BA8B48C6BD871C2247-4.gpg => 871C2247-4.gpg} | Bin ...C6BD871C2247-secret.gpg => 871C2247-secret.gpg} | Bin ...7AC0B987DB2814EC38277E-1.gpg => EC38277E-1.gpg} | Bin ...7AC0B987DB2814EC38277E-1.txt => EC38277E-1.txt} | Bin ...7AC0B987DB2814EC38277E-2.gpg => EC38277E-2.gpg} | Bin ...7AC0B987DB2814EC38277E-2.txt => EC38277E-2.txt} | Bin ...7AC0B987DB2814EC38277E-3.txt => EC38277E-3.txt} | Bin ...2814EC38277E-secret.gpg => EC38277E-secret.gpg} | Bin 16 files changed, 32 insertions(+), 32 deletions(-) rename tests/openpgp/tofu/cross-sigs/{DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg => 871C2247-1.gpg} (100%) rename tests/openpgp/tofu/cross-sigs/{DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt => 871C2247-1.txt} (100%) rename tests/openpgp/tofu/cross-sigs/{DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg => 871C2247-2.gpg} (100%) rename tests/openpgp/tofu/cross-sigs/{DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt => 871C2247-2.txt} (100%) rename tests/openpgp/tofu/cross-sigs/{DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg => 871C2247-3.gpg} (100%) rename tests/openpgp/tofu/cross-sigs/{DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt => 871C2247-3.txt} (100%) rename tests/openpgp/tofu/cross-sigs/{DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg => 871C2247-4.gpg} (100%) rename tests/openpgp/tofu/cross-sigs/{DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg => 871C2247-secret.gpg} (100%) rename tests/openpgp/tofu/cross-sigs/{1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg => EC38277E-1.gpg} (100%) rename tests/openpgp/tofu/cross-sigs/{1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt => EC38277E-1.txt} (100%) rename tests/openpgp/tofu/cross-sigs/{1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg => EC38277E-2.gpg} (100%) rename tests/openpgp/tofu/cross-sigs/{1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt => EC38277E-2.txt} (100%) rename tests/openpgp/tofu/cross-sigs/{1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt => EC38277E-3.txt} (100%) rename tests/openpgp/tofu/cross-sigs/{1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg => EC38277E-secret.gpg} (100%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 14 10:31:34 2016 From: cvs at cvs.gnupg.org (by Kai Michaelis) Date: Fri, 14 Oct 2016 10:31:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-230-gf99c5fa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f99c5fa1c970dc1122ac62371eb8d758f380ed57 (commit) from 0c56ad5a8d89d69a9ed00571720b3b105f955214 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f99c5fa1c970dc1122ac62371eb8d758f380ed57 Author: Kai Michaelis Date: Thu Oct 13 17:43:47 2016 +0200 dirmngr: add VERSIONCHECK command Given an application name and version VERSIONCHECK fetches the software version list from version.gnupg.org, verifies the signature and returns whenever the given version is older (UPDATE), current (CURRENT) or newer (ROLLBACK). diff --git a/dirmngr/server.c b/dirmngr/server.c index e5cf2c3..22d6f2d 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -54,6 +54,7 @@ #include "mbox-util.h" #include "zb32.h" #include "server-help.h" +#include "../common/exectool.h" /* To avoid DoS attacks we limit the size of a certificate to something reasonable. The DoS was actually only an issue back when @@ -2340,6 +2341,231 @@ cmd_reloaddirmngr (assuan_context_t ctx, char *line) } + +/* Returns -1 if version a is less than b, 0 if the versions are equal and 1 otherwise. + * Versions are compared as period-separated tuples starting at the front. Elements are + * interpreted as decimals first. If this fails strcmp is used. Comparison continues + * until two elements are found the be unequal of the end is reached. */ +static int +cmp_version(const char* a, const char* b) +{ + char *a_dup, *b_dup, *strtok_internal_a = NULL, *strtok_internal_b = NULL, *a_comp, *b_comp; + int ret = 0; + + assert (a && b); + + a_dup = xstrdup (a); + b_dup = xstrdup (b); + a_comp = strtok_r (a_dup, ".", &strtok_internal_a); + b_comp = strtok_r (b_dup, ".", &strtok_internal_b); + + while (a_comp || b_comp) + { + if (a_comp && *a_comp && b_comp && *b_comp) + { + char* a_end; + char* b_end; + int a_ver = strtol (a_comp, &a_end, 10); + int b_ver = strtol (b_comp, &b_end, 10); + + if (!*a_end && !*b_end) + { + if (a_ver != b_ver) + { + ret = a_ver - b_ver; + break; + } + } + else + { + int r = strcmp (a_comp, b_comp); + if (r != 0) + { + ret = r; + break; + } + } + } + else + { + if ((!a_comp || !*a_comp) && b_comp && *b_comp) + ret = -1; + else if (a_comp && *a_comp && (!b_comp || !*b_comp)) + ret = 1; + else + ret = 0; + break; + } + + a_comp = strtok_r (NULL, ".", &strtok_internal_a); + b_comp = strtok_r (NULL, ".", &strtok_internal_b); + } + + xfree (a_dup); + xfree (b_dup); + return ret; +} + +static int +fetch_into_tmpfile(const char* url, ctrl_t ctrl, estream_t* strm_out, char** path) +{ + gpg_error_t err = 0; + char* filename = xmalloc (128); + int fd = -1; + estream_t file; + estream_t strm; + size_t len = 0; + char buf[1024]; + + if (!strm_out) + { + err = (GPG_ERR_INV_ARG); + goto leave; + } + + snprintf (filename ,128 ,"%s%s%s" ,P_tmpdir ,DIRSEP_S ,"dirmngr_fetch_XXXXXX"); + + if ((fd = mkstemp (filename)) < 0) + { + err = gpg_err_code_from_syserror (); + goto leave; + } + + file = es_fdopen (fd, "w+"); + + if ((err = ks_http_fetch (ctrl, url, &strm))) + goto leave; + + while (!es_read (strm, buf, 1024, &len)) + { + if (!len) + break; + if ((err = es_write (file, buf, len, NULL))) + { + log_error ("error writing message to pipe: %s\n", gpg_strerror (err)); + es_free (strm); + goto leave; + } + } + + es_rewind (file); + es_fclose (strm); + *strm_out = file; + + if (path) + { + *path = filename; + filename = NULL; + } + +leave: + if (filename) + xfree (filename); + return err; +} + +static const char hlp_versioncheck[] = + "VERSIONCHECK " + "\n" + "Checks the internet to find whenever a new program version is available." + "\n" + " program name i.e. \"gnupg\"" + " current version of the program i.e. \"2.0.2\""; +static gpg_error_t +cmd_versioncheck (assuan_context_t ctx, char *line) +{ + gpg_error_t err; + char* strtok_internal = NULL; + char* name = strtok_r (line, " ", &strtok_internal); + char* version = strtok_r (NULL, " ", &strtok_internal); + ctrl_t ctrl = assuan_get_pointer (ctx); + estream_t swdb; + estream_t swdb_sig; + char* swdb_path = NULL; + char* swdb_sig_path = NULL; + char* buf = NULL; + size_t len = 0; + const size_t name_len = (name ? strlen (name) : 0); + const size_t version_len = (version ? strlen (version) : 0); + const char *argv[8]; + char keyring_path[128]; + + if (!name || name_len == 0) + { + err = set_error (GPG_ERR_ASS_PARAMETER, "No program name given"); + goto out; + } + + if (!version || version_len == 0) + { + err = set_error (GPG_ERR_ASS_PARAMETER, "No program version given"); + goto out; + } + + if ((err = fetch_into_tmpfile ("https://versions.gnupg.org/swdb.lst", ctrl, &swdb, &swdb_path))) + goto out; + + if ((err = fetch_into_tmpfile ("https://versions.gnupg.org/swdb.lst.sig", ctrl, &swdb_sig, &swdb_sig_path))) + goto out; + + snprintf(keyring_path, 128, "%s%s%s", gnupg_datadir (), DIRSEP_S, "distsigkey.gpg"); + + argv[0] = "--batch"; + argv[1] = "--no-default-keyring"; + argv[2] = "--keyring"; + argv[3] = keyring_path; + argv[4] = "--verify"; + argv[5] = swdb_sig_path; + argv[6] = "-"; + argv[7] = NULL; + + if ((err = gnupg_exec_tool_stream(gnupg_module_name (GNUPG_MODULE_NAME_GPG), + argv, swdb, NULL, NULL, NULL, NULL))) + goto out; + + es_fseek (swdb, 0, SEEK_SET); + + while (es_getline (&buf, &len, swdb) > 0) + { + if (len > name_len + 5 && + strncmp (buf, name, name_len) == 0 && + strncmp (buf + name_len, "_ver ", 5) == 0) + { + const char* this_ver_start = buf + name_len + 5; + char* this_ver_end = strchr (this_ver_start, '\n'); + int cmp; + + if (this_ver_end) + *this_ver_end = 0; + + err = assuan_write_status (ctx, "LINE", buf); + + cmp = cmp_version(this_ver_start,version); + + if (cmp < 0) + err = assuan_send_data (ctx, "ROLLBACK", strlen ("ROLLBACK")); + else if (cmp == 0) + err = assuan_send_data (ctx, "CURRENT", strlen ("CURRENT")); + else + err = assuan_send_data (ctx, "UPDATE", strlen ("UPDATE")); + + goto out; + } + } + + err = assuan_send_data (ctx, "NOT_FOUND", strlen ("NOT_FOUND")); + + out: + es_fclose (swdb); + es_fclose (swdb_sig); + xfree(buf); + unlink(swdb_path); + unlink(swdb_sig_path); + xfree(swdb_path); + xfree(swdb_sig_path); + return leave_cmd (ctx, err); +} + /* Tell the assuan library about our commands. */ @@ -2370,6 +2596,7 @@ register_commands (assuan_context_t ctx) { "GETINFO", cmd_getinfo, hlp_getinfo }, { "KILLDIRMNGR",cmd_killdirmngr,hlp_killdirmngr }, { "RELOADDIRMNGR",cmd_reloaddirmngr,hlp_reloaddirmngr }, + { "VERSIONCHECK",cmd_versioncheck,hlp_versioncheck }, { NULL, NULL } }; int i, j, rc; ----------------------------------------------------------------------- Summary of changes: dirmngr/server.c | 227 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 227 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 14 15:15:08 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 14 Oct 2016 15:15:08 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-85-g0499861 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 0499861a0dda3fd159d93e3638550e7fcd768501 (commit) via 04be440d4d1aad06a6d6f2f9f91a56b4be53d2eb (commit) via d299d6357ed98e31914bfc3cfe09f681b3deb73a (commit) via d3a2f213e0fd0ac0771d57d7af474332b81c63f9 (commit) via cf5689b2cd8226a440e8dbc8b17e226186e52781 (commit) via 6cb1c3fd4f31fa90a1cc003a4ae162c89614add4 (commit) from fb3c90c8852edf41ac97ef3e821228dc4a54bafe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0499861a0dda3fd159d93e3638550e7fcd768501 Author: Andre Heinecke Date: Fri Oct 14 14:42:40 2016 +0200 Start implementation of ribbon base sigstate * src/gpgoladdin.cpp (GpgolRibbonExtender::GetIDsOfNames): Register new names. (GpgolRibbonExtender::Invoke): Handle new names. (GetCustomUI_MIME): Reactivate Read code. Use new callbacks. (Mail::Mail): Do not cache sig validity. (Mail::get_valid_sig): Get Sig / UID pair of the valid sig. (Mail::is_valid_sig): Use get_valid_sig. (Mail::is_signed): Fix use of temporary parser object. (Mail::set_uid): Set uid to be identifyable from callbacks. (Mail::get_signature_status): Format string for supertip. * src/mail.h: Update accordingly. * src/ribbon-callbacks.cpp (get_crypt_status): Removed. (get_mail_from_control): New. Helper to resolve the Mail object. (MY_MAIL_GETTER): Helper macro for common task. (get_is_signed, get_sig_label, get_sig_ttip, get_sig_stip): New callbacks. (launch_cert_details): Dummy. -- This shows the signature state (currently only for valid signatures) in the GpgOL ribbon when reading mails. The UID is used to identify the according Mail object that belongs to a read inspector. diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp index 21cf950..ac5d399 100644 --- a/src/gpgoladdin.cpp +++ b/src/gpgoladdin.cpp @@ -528,10 +528,13 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames, ID_MAPPER (L"signMimeEx", ID_CMD_MIME_SIGN_EX) ID_MAPPER (L"getEncryptPressedEx", ID_GET_ENCRYPT_PRESSED_EX) ID_MAPPER (L"getSignPressedEx", ID_GET_SIGN_PRESSED_EX) - ID_MAPPER (L"ribbonLoaded", ID_ON_LOAD); + ID_MAPPER (L"ribbonLoaded", ID_ON_LOAD) ID_MAPPER (L"openOptions", ID_CMD_OPEN_OPTIONS) - ID_MAPPER (L"getSigStatus", ID_GET_SIG_STATUS) - ID_MAPPER (L"getEncStatus", ID_GET_ENC_STATUS) + ID_MAPPER (L"getSigLabel", ID_GET_SIG_LABEL) + ID_MAPPER (L"getSigSTip", ID_GET_SIG_STIP) + ID_MAPPER (L"getSigTip", ID_GET_SIG_TTIP) + ID_MAPPER (L"launchDetails", ID_LAUNCH_CERT_DETAILS) + ID_MAPPER (L"getIsSigned", ID_GET_IS_SIGNED) } if (cNames > 1) @@ -603,11 +606,17 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid, case ID_GET_SIGN_PRESSED_EX: return get_crypt_pressed (parms->rgvarg[0].pdispVal, OP_SIGN, result, true); - case ID_GET_ENC_STATUS: - return get_crypt_status (parms->rgvarg[0].pdispVal, OP_ENCRYPT, - result); - case ID_GET_SIG_STATUS: - return get_crypt_status (parms->rgvarg[0].pdispVal, OP_SIGN, result); + case ID_GET_SIG_STIP: + return get_sig_stip (parms->rgvarg[0].pdispVal, result); + case ID_GET_SIG_TTIP: + return get_sig_ttip (parms->rgvarg[0].pdispVal, result); + case ID_GET_SIG_LABEL: + return get_sig_label (parms->rgvarg[0].pdispVal, result); + case ID_LAUNCH_CERT_DETAILS: + return launch_cert_details (parms->rgvarg[0].pdispVal, result); + case ID_GET_IS_SIGNED: + return get_is_signed (parms->rgvarg[0].pdispVal, result); + case ID_ON_LOAD: { g_ribbon_uis.push_back (parms->rgvarg[0].pdispVal); @@ -663,16 +672,6 @@ GetCustomUI_MIME (BSTR RibbonID, BSTR * RibbonXml) _("Sign the message and all attachments before sending."); const char *optsSTip = _("Open the settings dialog for GpgOL."); -#if 0 - const char *encryptedTTip = - "If this is toggled the message was encrypted. (this is development UI)"; - const char *encryptedSTip = - "TODO insert more details here"; - const char *signedTTip = - "If this is toggled the message was signed. (this is development UI)"; - const char *signedSTip = - "TODO insert more details here"; -#endif log_debug ("%s:%s: GetCustomUI_MIME for id: %ls", SRCNAME, __func__, RibbonID); if (!RibbonXml || !RibbonID) @@ -724,27 +723,19 @@ GetCustomUI_MIME (BSTR RibbonID, BSTR * RibbonXml) gpgrt_asprintf (&buffer, "" -#if 0 " " " " " " " " - " " "