[git] GnuPG - branch, master, updated. gnupg-2.1.21-10-g509e4a4
by NIIBE Yutaka
cvs at cvs.gnupg.org
Mon May 22 23:46:55 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 509e4a4d7491daf496b21e5892f4f63ab90e8e21 (commit)
via fbb2259d22e6c6eadc2af722bdc52922da348677 (commit)
from 3713f67026467f63f80649c92ac4cc7973589855 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 509e4a4d7491daf496b21e5892f4f63ab90e8e21
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Tue May 23 06:42:44 2017 +0900
agent: Add const qualifier for read-only table.
* agent/call-pinentry.c (start_pinentry): Add const to tbl.
* agent/command-ssh.c (request_specs): Add const.
(ssh_key_types): Likewise.
(request_spec_lookup): Add const to the return value and SPEC.
(ssh_request_process): Likewise.
* agent/protect.c (protect_info): Add const.
(agent_unprotect): Add const to algotable.
--
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 1ff4059..9d8e7f6 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -489,7 +489,7 @@ start_pinentry (ctrl_t ctrl)
{
/* Provide a few default strings for use by the pinentries. This
may help a pinentry to avoid implementing localization code. */
- static struct { const char *key, *value; int what; } tbl[] = {
+ static const struct { const char *key, *value; int what; } tbl[] = {
/* TRANSLATORS: These are labels for buttons etc used in
Pinentries. An underscore indicates that the next letter
should be used as an accelerator. Double the underscore for
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 57e2e42..99c80c0 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -262,7 +262,7 @@ static gpg_error_t ssh_key_extract_comment (gcry_sexp_t key, char **comment);
/* Associating request types with the corresponding request
handlers. */
-static ssh_request_spec_t request_specs[] =
+static const ssh_request_spec_t request_specs[] =
{
#define REQUEST_SPEC_DEFINE(id, name, secret_input) \
{ SSH_REQUEST_##id, ssh_handler_##name, #name, secret_input }
@@ -280,7 +280,7 @@ static ssh_request_spec_t request_specs[] =
/* Table holding key type specifications. */
-static ssh_key_type_spec_t ssh_key_types[] =
+static const ssh_key_type_spec_t ssh_key_types[] =
{
{
"ssh-ed25519", "Ed25519", GCRY_PK_EDDSA, "qd", "q", "rs", "qd",
@@ -3376,10 +3376,10 @@ ssh_handler_unlock (ctrl_t ctrl, estream_t request, estream_t response)
/* Return the request specification for the request identified by TYPE
or NULL in case the requested request specification could not be
found. */
-static ssh_request_spec_t *
+static const ssh_request_spec_t *
request_spec_lookup (int type)
{
- ssh_request_spec_t *spec;
+ const ssh_request_spec_t *spec;
unsigned int i;
for (i = 0; i < DIM (request_specs); i++)
@@ -3403,7 +3403,7 @@ request_spec_lookup (int type)
static int
ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
{
- ssh_request_spec_t *spec;
+ const ssh_request_spec_t *spec;
estream_t response = NULL;
estream_t request = NULL;
unsigned char request_type;
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index c764be8..6ec9b67 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1911,7 +1911,7 @@ agent_copy_startup_env (ctrl_t ctrl)
const char *value;
for (idx=0; !err && names[idx]; idx++)
- if ((value = session_env_getenv (opt.startup_env, names[idx])))
+ if ((value = session_env_getenv (opt.startup_env, names[idx])))
err = session_env_setenv (ctrl->session_env, names[idx], value);
if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
diff --git a/agent/protect.c b/agent/protect.c
index a9de732..66c3741 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -54,7 +54,7 @@
/* A table containing the information needed to create a protected
private key. */
-static struct {
+static const struct {
const char *algo;
const char *parmlist;
int prot_from, prot_to;
@@ -1010,7 +1010,7 @@ agent_unprotect (ctrl_t ctrl,
gnupg_isotime_t protected_at,
unsigned char **result, size_t *resultlen)
{
- static struct {
+ static const struct {
const char *name; /* Name of the protection method. */
int algo; /* (A zero indicates the "openpgp-native" hack.) */
int keylen; /* Used key length in bytes. */
commit fbb2259d22e6c6eadc2af722bdc52922da348677
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Mon May 22 09:27:36 2017 +0900
g10: Fix default-key selection for signing, possibly by card.
* g10/call-agent.c (warn_version_mismatch): Revert.
(start_agent): Suppress version mismatch if relevant.
* g10/getkey.c (get_seckey_default_or_card): New.
* g10/skclist.c (build_sk_list): Use get_seckey_default_or_card.
--
The change of 97a2394, which prefers available card than default key
specified is too strong.
Fixes-commit: 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 4698a25..e6dbb73 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -184,8 +184,7 @@ default_inq_cb (void *opaque, const char *line)
/* Print a warning if the server's version number is less than our
- version number. Returns an error code on a connection problem.
- Ignore an error for scdaemon (MODE==2). */
+ version number. Returns an error code on a connection problem. */
static gpg_error_t
warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
{
@@ -194,7 +193,7 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
const char *myversion = strusage (13);
err = get_assuan_server_version (ctx, mode, &serverversion);
- if (err && mode != 2)
+ if (err)
log_error (_("error getting version from '%s': %s\n"),
servername, gpg_strerror (err));
else if (compare_version_strings (serverversion, myversion) < 0)
@@ -290,7 +289,8 @@ start_agent (ctrl_t ctrl, int flag_for_card)
memset (&info, 0, sizeof info);
- rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
+ if (!(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
+ rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
if (!rc)
rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
NULL, NULL, NULL, NULL,
diff --git a/g10/getkey.c b/g10/getkey.c
index d8c81c9..04ecf4f 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3960,6 +3960,58 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
}
}
+gpg_error_t
+get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
+ const byte *fpr_card, size_t fpr_len)
+{
+ gpg_error_t err;
+ strlist_t namelist = NULL;
+
+ const char *def_secret_key = parse_def_secret_key (ctrl);
+
+ if (def_secret_key)
+ add_to_strlist (&namelist, def_secret_key);
+ else if (fpr_card)
+ return get_pubkey_byfprint (ctrl, pk, NULL, fpr_card, fpr_len);
+
+ if (!fpr_card
+ || (def_secret_key && def_secret_key[strlen (def_secret_key)-1] == '!'))
+ err = key_byname (ctrl, NULL, namelist, pk, 1, 0, NULL, NULL);
+ else
+ { /* Default key is specified and card key is also available. */
+ kbnode_t k, keyblock = NULL;
+
+ err = key_byname (ctrl, NULL, namelist, pk, 1, 0, &keyblock, NULL);
+ if (!err)
+ for (k = keyblock; k; k = k->next)
+ {
+ PKT_public_key *pk_candidate;
+ char fpr[MAX_FINGERPRINT_LEN];
+
+ if (k->pkt->pkttype != PKT_PUBLIC_KEY
+ &&k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+ continue;
+
+ pk_candidate = k->pkt->pkt.public_key;
+ if (!pk_candidate->flags.valid)
+ continue;
+ if (!((pk_candidate->pubkey_usage & USAGE_MASK) & pk->req_usage))
+ continue;
+ fingerprint_from_pk (pk_candidate, fpr, NULL);
+ if (!memcmp (fpr_card, fpr, fpr_len))
+ {
+ release_public_key_parts (pk);
+ copy_public_key (pk, pk_candidate);
+ break;
+ }
+ }
+ release_kbnode (keyblock);
+ }
+
+ free_strlist (namelist);
+
+ return err;
+}
/*********************************************
*********** User ID printing helpers *******
diff --git a/g10/keydb.h b/g10/keydb.h
index 1da93a7..4016723 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -351,6 +351,8 @@ const char *parse_def_secret_key (ctrl_t ctrl);
/* Look up a secret key. */
gpg_error_t get_seckey_default (ctrl_t ctrl, PKT_public_key *pk);
+gpg_error_t get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
+ const byte *fpr, size_t fpr_len);
/* Search for keys matching some criteria. */
gpg_error_t getkey_bynames (ctrl_t ctrl,
diff --git a/g10/skclist.c b/g10/skclist.c
index 489277c..78890dc 100644
--- a/g10/skclist.c
+++ b/g10/skclist.c
@@ -137,7 +137,7 @@ build_sk_list (ctrl_t ctrl,
pk = xmalloc_clear (sizeof *pk);
pk->req_usage = use;
- /* Check if a card is available. If any, use it. */
+ /* Check if a card is available. If any, use the key as a hint. */
err = agent_scd_serialno (&serialno, NULL);
if (!err)
{
@@ -146,19 +146,11 @@ build_sk_list (ctrl_t ctrl,
if (err)
log_error ("error retrieving key fingerprint from card: %s\n",
gpg_strerror (err));
- else if (info.fpr1valid)
- {
- if ((err = get_pubkey_byfprint (ctrl, pk, NULL, info.fpr1, 20)))
- {
- info.fpr1valid = 0;
- log_error ("error on card key to sign: %s, try default\n",
- gpg_strerror (err));
- }
- }
}
- if (!info.fpr1valid
- && (err = getkey_byname (ctrl, NULL, pk, NULL, 1, NULL)))
+ err = get_seckey_default_or_card (ctrl, pk,
+ info.fpr1valid? info.fpr1 : NULL, 20);
+ if (err)
{
free_public_key (pk);
pk = NULL;
-----------------------------------------------------------------------
Summary of changes:
agent/call-pinentry.c | 2 +-
agent/command-ssh.c | 10 +++++-----
agent/gpg-agent.c | 2 +-
agent/protect.c | 4 ++--
g10/call-agent.c | 8 ++++----
g10/getkey.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++
g10/keydb.h | 2 ++
g10/skclist.c | 16 ++++------------
8 files changed, 71 insertions(+), 25 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list