From cvs at cvs.gnupg.org Tue Oct 3 13:35:04 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Oct 2017 13:35:04 +0200 Subject: [git] gnupg-doc - branch, master, updated. c6ef2102703908c97aa37817ccb5e4b5062f4d01 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c6ef2102703908c97aa37817ccb5e4b5062f4d01 (commit) from aa6437473cfbec02c55bbca90c2c9b2db1163087 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c6ef2102703908c97aa37817ccb5e4b5062f4d01 Author: Werner Koch Date: Tue Oct 3 13:31:35 2017 +0200 verein: Marcus terminated his membership. diff --git a/web/people/index.org b/web/people/index.org index 1f65d18..ea3e484 100644 --- a/web/people/index.org +++ b/web/people/index.org @@ -63,7 +63,7 @@ joined the [[http://www.debian.org][Debian]] project. Probably best known for his past work on GNU/Hurd, he also has a diploma degree in mathematics, and was part and full time employed by [[https://g10code.com][g10^code]] to work on GnuPG and - related software from 2001 to 2012 and for 7 months in 2017. He is + related software from 2001 to 2012 and for 7 months in 2017. He was a founding member of the [[../verein/index.org][GnuPG e.V.]] #+HTML:

diff --git a/web/verein/members.org b/web/verein/members.org index 3b0daad..faad51c 100644 --- a/web/verein/members.org +++ b/web/verein/members.org @@ -18,11 +18,14 @@ active in development or in evangelizing end-to-end encryption. - Justus Winter - Kai Michaelis - Kristian Fiskerstrand - - Marcus Brinkmann - Neal Walfied - Werner Koch - Yutaka Niibe +*** Former members + + - Marcus Brinkmann + ** The supporting members /none so far - we still need to setup rules/ ----------------------------------------------------------------------- Summary of changes: web/people/index.org | 2 +- web/verein/members.org | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 4 18:21:31 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 04 Oct 2017 18:21:31 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-78-g4632adf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 4632adf403611b50be2b4e852a4607070935d0e5 (commit) via b5b996b1a142abb90296f5feadf0b5b19c59f738 (commit) via bff944842887908dfcf66469251598065c0abcff (commit) from bd5d470cef513b2f459316869b81267cde7a9f13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4632adf403611b50be2b4e852a4607070935d0e5 Author: Werner Koch Date: Wed Oct 4 18:03:54 2017 +0200 core: Allow disabling the use of SYS_getdents for Linux. * configure.ac (USE_LINUX_GETDENTS): New ac_define. Add option --disable-linux-getdents. * src/posix-io.c: Make use of USE_LINUX_GETDENTS. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 1284317..6859357 100644 --- a/configure.ac +++ b/configure.ac @@ -762,7 +762,28 @@ fi AM_CONDITIONAL(HAVE_UISERVER, test "$uiserver" != "no") +# Option --disable-linux-getdents +# +# By default we use SYS_getdents on Linux to optimize fd closing +# before an exec. This option allows to switch this optimization off. +use_linux_getdents=yes +AC_ARG_ENABLE(linux-getdents, + AC_HELP_STRING([--disable-linux-getdents], + [do not use SYS_getdents on Linux]), + use_linux_getdents=$enableval) +if test "$use_linux_getdents" = "yes"; then + case "${host}" in + *-*-linux*) + AC_DEFINE(USE_LINUX_GETDENTS,1, + [Defined if SYS_getdents can be used on Linux]) + ;; + esac +fi + + +# # Add a few constants to help porting to W32 +# AH_VERBATIM([SEPCONSTANTS], [ /* Separators as used in $PATH and file name. */ diff --git a/src/posix-io.c b/src/posix-io.c index 4267713..9b7b181 100644 --- a/src/posix-io.c +++ b/src/posix-io.c @@ -47,11 +47,11 @@ #include #include -#if __linux__ +#ifdef USE_LINUX_GETDENTS # include # include # include -#endif /*__linux__ */ +#endif /*USE_LINUX_GETDENTS*/ #include "util.h" @@ -60,6 +60,7 @@ #include "ath.h" #include "debug.h" + void _gpgme_io_subsystem_init (void) @@ -280,7 +281,7 @@ _gpgme_io_set_nonblocking (int fd) } -#ifdef __linux__ +#ifdef USE_LINUX_GETDENTS /* This is not declared in public headers; getdents(2) says that we must * define it ourselves. */ struct linux_dirent @@ -292,7 +293,8 @@ struct linux_dirent }; # define DIR_BUF_SIZE 1024 -#endif /* __linux__ */ +#endif /*USE_LINUX_GETDENTS*/ + static long int get_max_fds (void) @@ -310,7 +312,7 @@ get_max_fds (void) * fork and exec in a multi-threaded process because opendir uses * malloc and thus a mutex which may deadlock with a malloc in another * thread. However, the underlying getdents system call is safe. */ -#ifdef __linux__ +#ifdef USE_LINUX_GETDENTS { int dir_fd; char dir_buf[DIR_BUF_SIZE]; @@ -356,7 +358,7 @@ get_max_fds (void) source = "/proc"; } } -#endif /* __linux__ */ +#endif /*USE_LINUX_GETDENTS*/ #ifdef RLIMIT_NOFILE if (fds == -1) commit b5b996b1a142abb90296f5feadf0b5b19c59f738 Author: Colin Watson Date: Sat Sep 16 04:16:45 2017 +0100 core: Restore get_max_fds optimization on Linux * src/posix-io.c (get_max_fds): Restore Linux optimization, this time using open/getdents/close rather than opendir/readdir/closedir. -- opendir/readdir/closedir may allocate/free memory, and aren't required to do so in an async-signal-safe way. On the other hand, opening /proc/self/fd directly and iterating over it using getdents is safe. (getdents is not strictly speaking documented to be async-signal-safe because it's not in POSIX. However, the Linux implementation is essentially just a souped-up read. Python >= 3.2.3 makes the same assumption.) Signed-off-by: Colin Watson diff --git a/src/posix-io.c b/src/posix-io.c index 14856df..4267713 100644 --- a/src/posix-io.c +++ b/src/posix-io.c @@ -48,6 +48,7 @@ #include #if __linux__ +# include # include # include #endif /*__linux__ */ @@ -279,6 +280,20 @@ _gpgme_io_set_nonblocking (int fd) } +#ifdef __linux__ +/* This is not declared in public headers; getdents(2) says that we must + * define it ourselves. */ +struct linux_dirent +{ + unsigned long d_ino; + unsigned long d_off; + unsigned short d_reclen; + char d_name[]; +}; + +# define DIR_BUF_SIZE 1024 +#endif /* __linux__ */ + static long int get_max_fds (void) { @@ -291,39 +306,57 @@ get_max_fds (void) * than for example doing 4096 close calls where almost all of them * will fail. * - * Unfortunately we can't call opendir between fork and exec in a - * multi-threaded process because opendir uses malloc and thus a - * mutex which may deadlock with a malloc in another thread. Thus - * the code is not used until we can have a opendir variant which - * does not use malloc. */ -/* #ifdef __linux__ */ -/* { */ -/* DIR *dir = NULL; */ -/* struct dirent *dir_entry; */ -/* const char *s; */ -/* int x; */ - -/* dir = opendir ("/proc/self/fd"); */ -/* if (dir) */ -/* { */ -/* while ((dir_entry = readdir (dir))) */ -/* { */ -/* s = dir_entry->d_name; */ -/* if ( *s < '0' || *s > '9') */ -/* continue; */ -/* x = atoi (s); */ -/* if (x > fds) */ -/* fds = x; */ -/* } */ -/* closedir (dir); */ -/* } */ -/* if (fds != -1) */ -/* { */ -/* fds++; */ -/* source = "/proc"; */ -/* } */ -/* } */ -/* #endif /\* __linux__ *\/ */ + * We can't use the normal opendir/readdir/closedir interface between + * fork and exec in a multi-threaded process because opendir uses + * malloc and thus a mutex which may deadlock with a malloc in another + * thread. However, the underlying getdents system call is safe. */ +#ifdef __linux__ + { + int dir_fd; + char dir_buf[DIR_BUF_SIZE]; + struct linux_dirent *dir_entry; + int r, pos; + const char *s; + int x; + + dir_fd = open ("/proc/self/fd", O_RDONLY | O_DIRECTORY); + if (dir_fd != -1) + { + for (;;) + { + r = syscall(SYS_getdents, dir_fd, dir_buf, DIR_BUF_SIZE); + if (r == -1) + { + /* Fall back to other methods. */ + fds = -1; + break; + } + if (r == 0) + break; + + for (pos = 0; pos < r; pos += dir_entry->d_reclen) + { + dir_entry = (struct linux_dirent *) (dir_buf + pos); + s = dir_entry->d_name; + if (*s < '0' || *s > '9') + continue; + /* atoi is not guaranteed to be async-signal-safe. */ + for (x = 0; *s >= '0' && *s <= '9'; s++) + x = x * 10 + (*s - '0'); + if (!*s && x > fds && x != dir_fd) + fds = x; + } + } + + close (dir_fd); + } + if (fds != -1) + { + fds++; + source = "/proc"; + } + } +#endif /* __linux__ */ #ifdef RLIMIT_NOFILE if (fds == -1) commit bff944842887908dfcf66469251598065c0abcff Author: Werner Koch Date: Wed Oct 4 17:25:36 2017 +0200 Register DCO for Colin Watson. -- diff --git a/AUTHORS b/AUTHORS index 855284a..90f6906 100644 --- a/AUTHORS +++ b/AUTHORS @@ -53,6 +53,8 @@ Authors with a DCO Daniel Kahn Gillmor 2014-09-24:878ul9w4j8.fsf at alice.fifthhorseman.net: +Colin Watson +2017-09-16:20170916031428.uypfrdojquvjteor at riva.ucam.org: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 ++ configure.ac | 21 ++++++++++++ src/posix-io.c | 105 ++++++++++++++++++++++++++++++++++++++------------------- 3 files changed, 93 insertions(+), 35 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 5 13:43:54 2017 From: cvs at cvs.gnupg.org (by Matthias Apitz) Date: Thu, 05 Oct 2017 13:43:54 +0200 Subject: [git] gnupg-doc - branch, master, updated. 1a205a38ce00cb051eae5248806c882814870cfa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 1a205a38ce00cb051eae5248806c882814870cfa (commit) from c6ef2102703908c97aa37817ccb5e4b5062f4d01 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1a205a38ce00cb051eae5248806c882814870cfa Author: Matthias Apitz Date: Thu Oct 5 13:39:58 2017 +0200 blog: Howto use an OpenPGP card with an Ubuntu phone. diff --git a/misc/blog.gnupg.org/draft-gnupg-ccid-card-daemon-UbuntuPhone.org b/misc/blog.gnupg.org/draft-gnupg-ccid-card-daemon-UbuntuPhone.org new file mode 100644 index 0000000..3f9f885 --- /dev/null +++ b/misc/blog.gnupg.org/draft-gnupg-ccid-card-daemon-UbuntuPhone.org @@ -0,0 +1,485 @@ +#+TITLE: Using an OpenPGP card in the UbuntuPhone BQ E4.5 +#+STARTUP: showall +#+AUTHOR: Matthias +#+DATE: October 5, 2017 + +** Using an OpenPGP card in the UbuntuPhone BQ E4.5 + +#+CAPTION: The device BQ E4.5 with the attached OpenPGP card +#+ATTR_HTML: :class right :style max-width: 350px +[[file:img/UbuntuPhone-GnuPG-card.png]] + +This small tutorial describes how to setup and use GnuPG together with +an OpenPGP card in the mobile device BQ E4.5, running Ubuntu 15-04. The device +root file system is for good reason mounted read-only. I.e. one can not +just install any other piece of software into it. The way used here is +an additional Linux system inside the phones system and *chroot*-ing into it +for the to be installed software, and later calling the software from outside +the chroot'ed file system. + +When you login into the phone, either by SSH or via the terminal-app, your +~HOME~ directory is ~/home/phablet~. ~phablet~ is the default user in the +phone. I have created there an additional directory ~/home/phablet/myRoot~ +and below this untar'ed a complete Debian based Linux. +How to do this is described in a small +[[https://gurucubano.gitbooks.io/bq-aquaris-e-4-5-ubuntu-phone/content/en/chapter27.html][Gitbook about the BQ E4.5]]. + +In the following text as naming convention the shell +prompt =$= means, we are in the phones file system and something +like =root at ubuntu-phablet:/#= or +=phablet at ubuntu-phablet:~$= means, +we are in the chroot'ed file system, best to understand with these commands: + +#+begin_src sh +$ ssh phablet at 10.42.0.1 + +Welcome to Ubuntu 15.04 (GNU/Linux 3.4.67 armv7l) + +Last login: Mon Sep 25 07:45:37 2017 from 10.42.0.152 + +phablet at ubuntu-phablet-bq:~$ + +phablet at ubuntu-phablet-bq:~$ PS1='$ ' + +$ sudo chroot /home/phablet/myRoot +[sudo] password for phablet: +root at ubuntu-phablet:/# su phablet +phablet at ubuntu-phablet:/$ cd +phablet at ubuntu-phablet:~$ pwd +/home/phablet +phablet at ubuntu-phablet:~$ +#+end_src + +*** Installing GnuPG 2.2.1 into the 'myRoot' system + +In the chroot'ed system we install some additional packages: + +#+begin_src sh +phablet at ubuntu-phablet:~$ sudo apt-get install pinentry-curses +phablet at ubuntu-phablet:~$ sudo apt-get install pass +phablet at ubuntu-phablet:~$ sudo apt-get install libudev-dev +phablet at ubuntu-phablet:~$ sudo apt-get install libusb-dev +phablet at ubuntu-phablet:~$ sudo apt-get install libusb-1.0-0-dev +#+end_src + +~pass~ is a small password-storage manager which we will later use for our +GnuPG encrypted tree of password, for example for websites or any other +purpose, bank account PIN, ... + +~pinentry-curses~ is used by the ~gpg-agent~ to ask for the OpenPGP card +PIN, i.e. all the usage is later done or in a SSH session or in the +terminal-app. + +We now compile the following pieces of GnuPG software in that order: + +#+begin_example +libgpg-error-1.27 +libassuan-2.4.3 +libksba-1.3.5 +npth-1.5 +libgcrypt-1.8.1 +gnupg-2.2.1 +#+end_example + +always with ~./configure && make && sudo make install~ The compiled +software ends up below ~/usr/local~ (i.e. below +~/home/phablet/myRoot/usr/local~ when one looks from outside the +chroot'ed phone system); + +Now in the phone system we configure for GnuPG the following config +files: + +#+begin_src sh +$ mkdir ~/.gnupg + +$ cat .gnupg/gpg.conf +# +agent-program /home/phablet/myRoot/usr/local/bin/gpg-agent + +$ cat .gnupg/gpg-agent.conf +pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses +scdaemon-program /home/phablet/myRoot/usr/local/libexec/scdaemon +log-file /home/phablet/gpg-agent.log +log-file /dev/null +debug-level guru +#+end_src + +Due to the nature of the installation in the chroot'ed system we +need small wrapper scripts to set ~PATH~, ~LD_LIBRARY_PATH~, ... and +other stuff; + +#+begin_src sh +$ cat ~/gpg.sh +#!/bin/sh +LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH +PATH=/home/phablet/myRoot/usr/local/bin:$PATH export PATH +GNUPGHOME=/home/phablet/.gnupg export GNUPGHOME +GPG_TTY=$(tty) export GPG_TTY +/home/phablet/myRoot/usr/local/bin/gpg-agent \ + --homedir /home/phablet/.gnupg \ + --daemon \ + --pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses +/home/phablet/myRoot/usr/local/bin/gpg-connect-agent /bye +/home/phablet/myRoot/usr/local/bin/gpg $* +#+end_src + +run and create for test a key pair (later we want to use the OpenPGP card key pair +for instead of this) + +#+begin_src sh +$ ~/gpg.sh --full-generate-key +gpg-agent[2973]: enabled debug flags: mpi crypto memory cache memstat hashing ipc +gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) +Your selection? +... +#+end_src + +This starts the gpg-agent as: + +#+begin_src sh +$ ps ax | grep gpg-a + 2974 ? Ss 0:00 /home/phablet/myRoot/usr/local/bin/gpg-agent --homedir /home/phablet/.gnupg --daemon --pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses +#+end_src + + +Now we can use the 'pass' command we installed in the chroot'es system +with + +#+begin_src sh +$ cat pass.sh +#!/bin/sh +LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH +PATH=/home/phablet/myRoot/usr/local/bin:$PATH export PATH +GNUPGHOME=/home/phablet/.gnupg export GNUPGHOME +GPG_TTY=$(tty) export GPG_TTY +unset GPG_AGENT_INFO +/home/phablet/myRoot/usr/bin/pass $* +#+end_src + + +Init the pass storage as: + +#+begin_src sh +$ ./pass.sh init Matthias + + ?????????????????????????????????????????????????????????????????? + ? Please enter the passphrase to unlock the OpenPGP secret key: ? + ? "Matthias Apitz (test) " ? + ? 2048-bit RSA key, ID 93A6FBF52FA76DB0, ? + ? created 2017-09-22 (main key ID 3FECB79DDDA409E4). ? + ? ? + ? ? + ? Passphrase: ***_______________________________________________ ? + ? ? + ? ? + ?????????????????????????????????????????????????????????????????? + +$ find .password-store/ +.password-store/ +.password-store/.gpg-id +#+end_src + +Insert some password for test: + +#+begin_src sh +$ ./pass.sh insert -m web/bla +Enter contents of web/bla and press Ctrl+D when finished: + +password +Username: guru + +$ ./pass.sh web/bla +password +Username: guru +#+end_src + + +Final step is getting support for the OpenPGP card. We need the 'pcscd' daemon. +Its build is a bit tricky because it must later, on start from outside the +chroot'ed syste, find the ccid driver. + +We compile the following pieces inside the chroot'ed system: + +pcsc-lite-1.8.20 +ccid-1.4.25 + +with the following options set on ~./configure~ ... + +#+begin_src sh +phablet at ubuntu-phablet-bq:~$ cd pcsc-lite-1.8.20 +phablet at ubuntu-phablet-bq:~/pcsc-lite-1.8.20$ ./configure --enable-usbdropdir=/home/phablet/myRoot/usr/local/lib/pcsc/drivers --enable-confdir=/home/phablet/myRoot/etc/reader.conf.d + +... +PC/SC lite has been configured with following options: + +Version: 1.8.20 +System binaries: /usr/local/sbin +Configuration dir: /usr/local/etc/reader.conf.d + + +Host: armv7l-unknown-linux-gnueabihf +Compiler: gcc +Preprocessor flags: -I${top_srcdir}/src +Compiler flags: -Wall -fno-common -g -O2 +Preprocessor flags: -I${top_srcdir}/src +Linker flags: +Libraries: -ldl -lrt + +PTHREAD_CFLAGS: -pthread +PTHREAD_LIBS: +PCSC_ARCH: Linux + +pcscd binary /usr/local/sbin/pcscd +polkit support: no +polkit policy dir: +libudev support: yes +libusb support: no +USB drop directory: /home/phablet/myRoot/usr/local/lib/pcsc/drivers +ATR parsing messages: false +ipcdir: /var/run/pcscd +use serial: yes +use usb: yes +systemd unit directory: /lib/systemd/system +serial config dir.: /home/phablet/myRoot/etc/reader.conf.d +filter: no + +PCSCLITE_FEATURES: Linux armv7l-unknown-linux-gnueabihf serial usb libudev usbdropdir=/home/phablet/myRoot/usr/local/lib/pcsc/drivers ipcdir=/var/run/pcscd configdir=/home/phablet/myRoot/etc/reader.conf.d + +checking that generated files are newer than configure... done +... + +phablet at ubuntu-phablet-bq:~/ccid-1.4.25$ make +phablet at ubuntu-phablet-bq:~/ccid-1.4.25$ sudo make install +#+end_src + + +ok, now the 'ccid' driver, installed (copied) to be seen by the daemon: + +#+begin_src sh + +phablet at ubuntu-phablet-bq:~$ cd ccid-1.4.25 +phablet at ubuntu-phablet:~/ccid-1.4.25$ ./configure -enable-usbdropdir=/home/phablet/myRoot/usr/local/lib/pcsc/drivers +... +libccid has been configured with following options: + +Version: 1.4.25 +User binaries: /usr/local/bin +Configuration files: /usr/local/etc + + +Host: armv7l-unknown-linux-gnueabihf +Compiler: gcc +Preprocessor flags: +Compiler flags: -g -O2 +Preprocessor flags: +Linker flags: +Libraries: + +PCSC_CFLAGS: -pthread -I/usr/local/include/PCSC +PCSC_LIBS: -L/usr/local/lib -lpcsclite +PTHREAD_CFLAGS: -pthread +PTHREAD_LIBS: +BUNDLE_HOST: Linux +DYN_LIB_EXT: so +LIBUSB_CFLAGS: -I/usr/include/libusb-1.0 +LIBUSB_LIBS: -lusb-1.0 +SYMBOL_VISIBILITY: -fvisibility=hidden +NOCLASS: + +libusb support: yes +composite as multislot: no +multi threading: yes +bundle directory name: ifd-ccid.bundle +USB drop directory: /home/phablet/myRoot/usr/local/lib/pcsc/drivers +serial Twin support: no +serial twin install dir: /home/phablet/myRoot/usr/local/lib/pcsc/drivers/serial +serial config directory: /home/phablet/myRoot/etc/reader.conf.d +compiled for pcsc-lite: yes +syslog debug: no +class driver: yes + +... + +phablet at ubuntu-phablet:~/ccid-1.4.25$ make +phablet at ubuntu-phablet:~/ccid-1.4.25$ sudo make install +#+end_src + +the driver ~libccid.so~ and its control file ~Info.plist~ ended up as configured in: + +#+begin_src sh +phablet at ubuntu-phablet:~$ find /home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/ +/home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/ +/home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux +/home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so +/home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist +#+end_src + +This is fine, +but if we run the daemon from outside the chroot'ed system, the files must be in +some other place because ~/home/phablet/myRoot~ is added in front; so +we copy them over to the correct place: + +#+begin_src sh +phablet at ubuntu-phablet:~$ sudo mkdir -p /usr/local/lib/pcsc/drivers/ifd-ccid.bundle +phablet at ubuntu-phablet:~$ sudo cp -rp /home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents /usr/local/lib/pcsc/drivers/ifd-ccid.bundle +phablet at ubuntu-phablet:~$ find /usr/local/lib/pcsc/drivers/ifd-ccid.bundle +/usr/local/lib/pcsc/drivers/ifd-ccid.bundle +/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents +/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux +/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so +/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist +#+end_src + +From outside the chroot'ed system we can now start the daemon as: + +#+begin_src sh +$ sudo /home/phablet/myRoot/usr/local/sbin/pcscd --foreground --debug | tee pcscd.log +#+end_src + +and check the log file ~pcscd.log~ to see if it sees the card attaching (see at the very +end of the write-up); + +Now we start in the phone the pcscd daemon as: + +#+begin_src sh +$ sudo /home/phablet/myRoot/usr/local/sbin/pcscd +$ ps ax | grep pcscd +31669 pts/53 Sl 0:00 /home/phablet/myRoot/usr/local/sbin/pcscd +#+end_src + +and run the gpg --card-status to see if it finds the card on attach: + +#+begin_src sh +$ ./gpg.sh --card-status +gpg-agent[20254]: enabled debug flags: mpi crypto memory cache memstat hashing ipc +gpg-agent: a gpg-agent is already running - not starting a new one +gpg-agent: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 + outmix=0 getlvl1=0/0 getlvl2=0/0 +gpg-agent: secmem usage: 0/32768 bytes in 0 blocks +Reader ...........: Identiv uTrust 3512 SAM slot Token [CCID Interface] (55511514602745) 00 00 +Application ID ...: D27600012401020100050000532B0000 +Version ..........: 2.1 +Manufacturer .....: ZeitControl +Serial number ....: 0000532B +Name of cardholder: Matthias Apitz +Language prefs ...: en +Sex ..............: unspecified +URL of public key : http://www.unixarea.de/ccid--export-key-guru.pub +Login data .......: [not set] +Signature PIN ....: not forced +Key attributes ...: rsa4096 rsa4096 rsa4096 +Max. PIN lengths .: 32 32 32 +PIN retry counter : 3 0 3 +Signature counter : 457 +Signature key ....: 5E69 FBAC 1618 562C B3CB FBC1 47CC F7E4 76FE 9D11 + created ....: 2017-05-14 18:20:07 +Encryption key....: EB62 00DA 13A1 9E80 679B 1A13 61F1 ECB6 25C9 A6C3 + created ....: 2017-05-14 18:20:07 +Authentication key: E51D D2D6 C727 35D6 651D EA4B 6AA5 C5C4 51A1 CD1C + created ....: 2017-05-14 18:20:07 +General key info..: [none] +#+end_src + + +Now we removed ~/home/phablet/.gnupg~ (saving the ~*.conf~ files) and copied over from my +real netbook the ~/.password-store~ and the key material for the +OpenPGP card; +let's see if 'pass' can unlock the card (via the gpg-agent) and decipher the +crypted information (uncrypted shown here as ~XXXXXXXX-XXXXXX~). The ~gpg-agent~ +will first ask for the card to be inserted and then for its PIN. + +#+begin_src sh +$ ./pass.sh askubuntu.com/guru at unixarea.de +#+end_src + +#+html:

+#+CAPTION: The request for the card +#+ATTR_HTML: :class center :style max-width: 400px +[[file:img/gnupg-card-insert-card.png]] + +#+html:
+#+html:

+ +#+html:

+#+CAPTION: The request for the PIN +#+ATTR_HTML: :class center :style max-width: 400px +[[file:img/gnupg-card-insert-pin.png]] + +#+html:
+#+html:

+ +#+begin_src sh +XXXXXXXX-XXXXXX +$ +#+end_src + + +on the 2nd run it does not need anymore the PIN: + +#+begin_src sh +$ ./pass.sh askubuntu.com/guru at unixarea.de +XXXXXXXX-XXXXXX +#+end_src + +i.e. all is fine! + + +This is only the debug log of the pcscd daemon for reference. + +#+begin_example +00000000 debuglog.c:289:DebugLogSetLevel() debug level=debug +00001760 configfile.l:282:DBGetReaderListDir() Parsing conf directory: /home/phablet/myRoot/etc/reader.conf.d +00000840 configfile.l:319:DBGetReaderListDir() Skipping non regular file: . +00000349 configfile.l:319:DBGetReaderListDir() Skipping non regular file: .. +00000364 configfile.l:358:DBGetReaderList() Parsing conf file: /home/phablet/myRoot/etc/reader.conf.d/libccidtwin +00000568 pcscdaemon.c:655:main() pcsc-lite 1.8.20 daemon ready. +00007279 hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001 +07475463 hotplug_libudev.c:648:HPEstablishUSBNotifications() USB Device add +00005501 hotplug_libudev.c:294:get_driver() Looking for a driver for VID: 0x04E6, PID: 0x5816, path: /dev/bus/usb/001/009 +00000555 hotplug_libudev.c:433:HPAddDevice() Adding USB device: Identiv uTrust 3512 SAM slot Token +00000673 readerfactory.c:1079:RFInitializeReader() Attempting startup of Identiv uTrust 3512 SAM slot Token [CCID Interface] (55511514602745) 00 00 using /home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so +00001129 readerfactory.c:954:RFBindFunctions() Loading IFD Handler 3.0 +00013183 ifdhandler.c:1953:init_driver() Driver version: 1.4.25 +00004027 ifdhandler.c:1970:init_driver() LogLevel: 0x0003 +00004427 ifdhandler.c:1981:init_driver() DriverOptions: 0x0000 +00001127 ifdhandler.c:110:CreateChannelByNameOrChannel() Lun: 0, device: usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 +00001212 ccid_usb.c:287:OpenUSBByName() Using: /home/phablet/myRoot/usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist +00005565 ccid_usb.c:305:OpenUSBByName() ifdManufacturerString: Ludovic Rousseau (ludovic.rousseau at free.fr) +00001479 ccid_usb.c:306:OpenUSBByName() ifdProductString: Generic CCID driver +00000362 ccid_usb.c:307:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version. +00003937 ccid_usb.c:621:OpenUSBByName() Found Vendor/Product: 04E6/5816 (Identiv uTrust 3512 SAM slot Token) +00000667 ccid_usb.c:623:OpenUSBByName() Using USB bus/device: 1/9 +00000337 ccid_usb.c:680:OpenUSBByName() bNumDataRatesSupported is 0 +00010195 ifdhandler.c:379:IFDHGetCapabilities() tag: 0xFB3, usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 (lun: 0) +00000626 readerfactory.c:395:RFAddReader() Using the reader polling thread +00000838 ifdhandler.c:379:IFDHGetCapabilities() tag: 0xFAE, usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 (lun: 0) +00000470 ifdhandler.c:470:IFDHGetCapabilities() Reader supports 1 slot(s) +00001264 ifdhandler.c:1146:IFDHPowerICC() action: PowerUp, usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 (lun: 0) +00032378 eventhandler.c:286:EHStatusHandlerThread() powerState: POWER_STATE_POWERED +00000596 Card ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C +05001478 ifdhandler.c:1146:IFDHPowerICC() action: PowerDown, usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 (lun: 0) +00003148 eventhandler.c:479:EHStatusHandlerThread() powerState: POWER_STATE_UNPOWERED +14774363 hotplug_libudev.c:642:HPEstablishUSBNotifications() USB Device removed +00000796 hotplug_libudev.c:360:HPRemoveDevice() Removing USB device[0]: Identiv uTrust 3512 SAM slot Token [CCID Interface] (55511514602745) at /dev/bus/usb/001/009 +00000053 readerfactory.c:608:RFRemoveReader() UnrefReader() count was: 1 +00000024 eventhandler.c:176:EHDestroyEventHandler() Stomping thread. +00000026 ifdhandler.c:379:IFDHGetCapabilities() tag: 0xFB1, usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 (lun: 0) +00000024 ifdhandler.c:379:IFDHGetCapabilities() tag: 0xFB2, usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 (lun: 0) +00000018 eventhandler.c:201:EHDestroyEventHandler() Request stopping of polling thread +00000020 ifdhandler.c:344:IFDHStopPolling() usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 (lun: 0) +00397726 eventhandler.c:502:EHStatusHandlerThread() Die +00001909 eventhandler.c:216:EHDestroyEventHandler() Thread stomped. +00000049 readerfactory.c:1130:RFUnInitializeReader() Attempting shutdown of Identiv uTrust 3512 SAM slot Token [CCID Interface] (55511514602745) 00 00. +00000039 ifdhandler.c:282:IFDHCloseChannel() usb:04e6/5816:libudev:0:/dev/bus/usb/001/009 (lun: 0) +00000101 ccid_usb.c:797:WriteUSB() write failed (1/9): -4 LIBUSB_ERROR_NO_DEVICE +00000147 ccid_usb.c:189:close_libusb_if_needed() libusb_exit +00001864 readerfactory.c:991:RFUnloadReader() Unloading reader driver. +#+end_example diff --git a/misc/blog.gnupg.org/img/UbuntuPhone-GnuPG-card.png b/misc/blog.gnupg.org/img/UbuntuPhone-GnuPG-card.png new file mode 100644 index 0000000..ca51fe4 Binary files /dev/null and b/misc/blog.gnupg.org/img/UbuntuPhone-GnuPG-card.png differ diff --git a/misc/blog.gnupg.org/img/gnupg-card-insert-card.png b/misc/blog.gnupg.org/img/gnupg-card-insert-card.png new file mode 100644 index 0000000..7448ae8 Binary files /dev/null and b/misc/blog.gnupg.org/img/gnupg-card-insert-card.png differ diff --git a/misc/blog.gnupg.org/img/gnupg-card-insert-pin.png b/misc/blog.gnupg.org/img/gnupg-card-insert-pin.png new file mode 100644 index 0000000..7a2b5b8 Binary files /dev/null and b/misc/blog.gnupg.org/img/gnupg-card-insert-pin.png differ diff --git a/web/share/site.css b/web/share/site.css index 46a6350..b34693f 100644 --- a/web/share/site.css +++ b/web/share/site.css @@ -135,6 +135,13 @@ img.rfloat { } +/* Use an outer div with this class to move an org figure to the left. + Note that org uses a fixed class for a figure and we use this hack + to override it. */ +div.figure-left { + float: left; +} + div.figure { float: right; margin-right:0 !important; ----------------------------------------------------------------------- Summary of changes: .../draft-gnupg-ccid-card-daemon-UbuntuPhone.org | 485 +++++++++++++++++++++ misc/blog.gnupg.org/img/UbuntuPhone-GnuPG-card.png | Bin 0 -> 1565379 bytes misc/blog.gnupg.org/img/gnupg-card-insert-card.png | Bin 0 -> 23103 bytes misc/blog.gnupg.org/img/gnupg-card-insert-pin.png | Bin 0 -> 26828 bytes web/share/site.css | 7 + 5 files changed, 492 insertions(+) create mode 100644 misc/blog.gnupg.org/draft-gnupg-ccid-card-daemon-UbuntuPhone.org create mode 100644 misc/blog.gnupg.org/img/UbuntuPhone-GnuPG-card.png create mode 100644 misc/blog.gnupg.org/img/gnupg-card-insert-card.png create mode 100644 misc/blog.gnupg.org/img/gnupg-card-insert-pin.png hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 5 14:13:21 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 05 Oct 2017 14:13:21 +0200 Subject: [git] gnupg-doc - branch, master, updated. 20750924afd86f0362fa8bfe1b597cdaebbb5c63 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 20750924afd86f0362fa8bfe1b597cdaebbb5c63 (commit) from 1a205a38ce00cb051eae5248806c882814870cfa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 20750924afd86f0362fa8bfe1b597cdaebbb5c63 Author: Werner Koch Date: Thu Oct 5 14:09:53 2017 +0200 blog: Oops, a blog needs to have the date in the file name. diff --git a/misc/blog.gnupg.org/draft-gnupg-ccid-card-daemon-UbuntuPhone.org b/misc/blog.gnupg.org/20171005-gnupg-ccid-card-daemon-UbuntuPhone.org similarity index 100% rename from misc/blog.gnupg.org/draft-gnupg-ccid-card-daemon-UbuntuPhone.org rename to misc/blog.gnupg.org/20171005-gnupg-ccid-card-daemon-UbuntuPhone.org ----------------------------------------------------------------------- Summary of changes: ...on-UbuntuPhone.org => 20171005-gnupg-ccid-card-daemon-UbuntuPhone.org} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename misc/blog.gnupg.org/{draft-gnupg-ccid-card-daemon-UbuntuPhone.org => 20171005-gnupg-ccid-card-daemon-UbuntuPhone.org} (100%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 6 11:55:35 2017 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 06 Oct 2017 11:55:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-22-g1ed21ee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1ed21eee79749b976b4a935f2279b162634e9c5e (commit) from 98c260e057e7829580da99f0c8e0037a3896bfae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ed21eee79749b976b4a935f2279b162634e9c5e Author: Neal H. Walfield Date: Fri Oct 6 11:51:39 2017 +0200 gpg: Fix comparison. * g10/gpgcompose.c (literal_name): Complain if passed zero arguments, not one or fewer. Signed-off-by: Neal H. Walfield diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c index 2b42bfb..8c156d2 100644 --- a/g10/gpgcompose.c +++ b/g10/gpgcompose.c @@ -2746,7 +2746,7 @@ literal_name (const char *option, int argc, char *argv[], void *cookie) { struct litinfo *li = cookie; - if (argc <= 1) + if (argc <= 0) log_fatal ("Usage: %s NAME\n", option); if (strlen (argv[0]) > 255) ----------------------------------------------------------------------- Summary of changes: g10/gpgcompose.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 6 12:28:13 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 06 Oct 2017 12:28:13 +0200 Subject: [git] gnupg-doc - branch, master, updated. 40a42e1f14f43914a06a8d18c492cf9161c12518 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 40a42e1f14f43914a06a8d18c492cf9161c12518 (commit) from 20750924afd86f0362fa8bfe1b597cdaebbb5c63 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40a42e1f14f43914a06a8d18c492cf9161c12518 Author: Werner Koch Date: Fri Oct 6 12:24:44 2017 +0200 verein: Update financial info diff --git a/web/verein/finances.org b/web/verein/finances.org index 0c1d08e..7a71e2a 100644 --- a/web/verein/finances.org +++ b/web/verein/finances.org @@ -26,6 +26,9 @@ | 2017-09-11 | 38650.36 | | | Exchange of 10 BTC | | 2017-09-14 | 25868.08 | | 139326.35 | Exchange of 10 BTC | | 2017-09-19 | | 119.00 | 139207.35 | Design postcards | +| 2017-09-29 | | 12.00 | | Banking card | +| 2017-09-29 | | 6.30 | 139189.05 | Bank fees | +| 2017-10-06 | 18197.53 | | 157386.58 | Exchange of 5 BTC | The 59.000 ? from the Wau Holland Stiftung have been collected by them @@ -37,5 +40,5 @@ shows and other opportunities. ** Bitcoin transactions - As of 2017-09-19 we have 5.17 BTC. 21 BTC have already been + As of 2017-10-06 we own 0.12 BTC. 26 BTC have been transferred to our Euro account (see above). ----------------------------------------------------------------------- Summary of changes: web/verein/finances.org | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 10 17:30:37 2017 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Tue, 10 Oct 2017 17:30:37 +0200 Subject: [git] gnupg-doc - branch, master, updated. ef82711275cb07232c685d1f4bbc2ab04571201d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via ef82711275cb07232c685d1f4bbc2ab04571201d (commit) via 9f62c504b4565be97f2f603fc4876276d8da0a6b (commit) from 40a42e1f14f43914a06a8d18c492cf9161c12518 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef82711275cb07232c685d1f4bbc2ab04571201d Merge: 9f62c50 40a42e1 Author: Robert J. Hansen Date: Tue Oct 10 11:30:09 2017 -0400 Merge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg-doc commit 9f62c504b4565be97f2f603fc4876276d8da0a6b Author: Robert J. Hansen Date: Tue Oct 10 11:29:50 2017 -0400 Added a couple of references to FSF literature. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 16f6472..d62e270 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -26,6 +26,7 @@ very litigious. :END: - Linux is a trademark of Linus Torvalds. +- GNU is a trademark of the Free Software Foundation. - Macintosh, OS X and Mac OS X are all trademarks of the Apple Corporation. - PGP is a trademark of Symantec Corporation. @@ -148,8 +149,7 @@ Yes. :CUSTOM_ID: last_checked :END: -February 2016. - +October 2017. * General questions :PROPERTIES: @@ -261,6 +261,14 @@ Linux systems. The good news is that it?s usually installed by default, so nothing needs to be downloaded! +**** ? for Android? + :PROPERTIES: + :CUSTOM_ID: get_gnupg_android + :END: + +Both OpenKeychain and the Android Privacy Guard are available in the +Android app store. + **** ? for Debian GNU/Linux or Ubuntu? :PROPERTIES: :CUSTOM_ID: get_gnupg_debian @@ -276,8 +284,6 @@ At a terminal window type =sudo apt-get install gnupg2=. At a terminal window type =sudo zypper install gnupg2=. -installation. - **** ? for Fedora, CentOS, or RHEL? :PROPERTIES: @@ -352,9 +358,9 @@ binary is required to give you the source code upon your request. :END: The word ?free? should evoke ideas of liberty, not price. An awful -lot of the software industry does not respect your freedoms: your -freedom to use the software for any purpose, your freedom to study and -learn from how it works, your freedom to share it with others who +lot of the software industry does not respect your freedoms: +your freedom to use the software for any purpose, your freedom to study +and learn from how it works, your freedom to share it with others who might benefit from it, and more. Free Software is the antithesis of this: Free Software is meant to respect your rights. You may use the software for any purpose: you may inspect and modify the source code: @@ -711,9 +717,9 @@ is actively developed. is a known bug and people are working on it. -** ? Linux or FreeBSD? +** ? Free UNIX systems? :PROPERTIES: - :CUSTOM_ID: email_clients_linux + :CUSTOM_ID: email_clients_free_unix :END: | Name | Plugins | see | ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 11 04:32:26 2017 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Wed, 11 Oct 2017 04:32:26 +0200 Subject: [git] gnupg-doc - branch, master, updated. 01d93fab0542bd01b11ec89032a04c070b0dc9d6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 01d93fab0542bd01b11ec89032a04c070b0dc9d6 (commit) from ef82711275cb07232c685d1f4bbc2ab04571201d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 01d93fab0542bd01b11ec89032a04c070b0dc9d6 Author: Robert J. Hansen Date: Tue Oct 10 22:31:19 2017 -0400 Bungled a URL. Fixed. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 13adb1d..e69809b 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -358,7 +358,8 @@ binary is required to give you the source code upon your request. :END: The word ?free? should evoke ideas of liberty, not price. An awful -lot of the software industry does not respect your freedoms: +lot of the software industry does not +[[https://gnu.org/philosophy/free-software-even-more-important.html][respect your freedoms]]: your freedom to use the software for any purpose, your freedom to study and learn from how it works, your freedom to share it with others who might benefit from it, and more. Free Software is the antithesis of ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 11 13:42:53 2017 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Wed, 11 Oct 2017 13:42:53 +0200 Subject: [git] gnupg-doc - branch, master, updated. 8efec959f1f4792cefb3de1623157731c7da912b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8efec959f1f4792cefb3de1623157731c7da912b (commit) from 01d93fab0542bd01b11ec89032a04c070b0dc9d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8efec959f1f4792cefb3de1623157731c7da912b Author: Robert J. Hansen Date: Wed Oct 11 07:42:49 2017 -0400 Fixed erroneous implication we're connected with OpenKeychain. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index e69809b..0a6e65b 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -266,8 +266,8 @@ default, so nothing needs to be downloaded! :CUSTOM_ID: get_gnupg_android :END: -Both OpenKeychain and the Android Privacy Guard are available in the -Android app store. +There is no official port of GnuPG to Android. Users in need of a +GnuPG-compatible FOSS tool on Android may wish to check out OpenKeychain. **** ? for Debian GNU/Linux or Ubuntu? :PROPERTIES: ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 11 18:22:36 2017 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Wed, 11 Oct 2017 18:22:36 +0200 Subject: [git] gnupg-doc - branch, master, updated. 1ef11df475f59de3253ee3048ee2b93b9cfdc6ac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 1ef11df475f59de3253ee3048ee2b93b9cfdc6ac (commit) from 8efec959f1f4792cefb3de1623157731c7da912b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ef11df475f59de3253ee3048ee2b93b9cfdc6ac Author: Robert J. Hansen Date: Wed Oct 11 12:22:29 2017 -0400 Dropped a reference to PGP-Basics, as that mailing list is dead. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 0a6e65b..454b570 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -27,7 +27,7 @@ very litigious. - Linux is a trademark of Linus Torvalds. - GNU is a trademark of the Free Software Foundation. -- Macintosh, OS X and Mac OS X are all trademarks of the Apple +- Macintosh, OS X, macOS, and Mac OS X are all trademarks of the Apple Corporation. - PGP is a trademark of Symantec Corporation. - Solaris is a trademark of Oracle Corporation. @@ -45,7 +45,7 @@ purposes. :CUSTOM_ID: documentation_license :END: -This document is ? 2012-2015, Robert J. Hansen <[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]> and +This document is ? 2012-2017, Robert J. Hansen <[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]> and A.M. Kuchling <[[mailto:amk at amk.ca?subject=The%20GnuPG%20FAQ][amk at amk.ca]]>. You are free to make use of this document in accordance with the [[https://creativecommons.org/licenses/by-sa/3.0/][Creative Commons Attribution-ShareAlike 3.0 license]]; alternately, you may make use of it under terms of the @@ -246,28 +246,18 @@ A convenient Windows installer is available from [[https://www.gpg4win.org][GPG4 :END: The [[https://www.gpgtools.org][GPGtools project]] has everything needed to get started. -However, GPGTools only offers GnuPG 2.0; if you want the latest-and-greatest 2.1, look -at Patrick Brunschwig?s [[http://sourceforge.net/projects/gpgosx/][GnuPG for OS X]] project -on SourceForge. +However, GPGTools only offers GnuPG 2.0; if you want the +latest-and-greatest 2.1, look at Patrick Brunschwig?s +[[http://sourceforge.net/projects/gpgosx/][GnuPG for OS X]] project on SourceForge. Finally, +[[https://brew.sh][Homebrew]], [[http://www.finkproject.org/][Fink]], and [[https://www.macports.org/][MacPorts]] all have it in their repositories. - -*** ? for Linux? +*** ? for the free Unixes? :PROPERTIES: :CUSTOM_ID: get_gnupg_linux :END: -The bad news is there is no single, consistent way to install GnuPG on -Linux systems. The good news is that it?s usually installed by -default, so nothing needs to be downloaded! - - -**** ? for Android? - :PROPERTIES: - :CUSTOM_ID: get_gnupg_android - :END: - -There is no official port of GnuPG to Android. Users in need of a -GnuPG-compatible FOSS tool on Android may wish to check out OpenKeychain. +There are as many ways to install it as there are free Unix +systems. **** ? for Debian GNU/Linux or Ubuntu? :PROPERTIES: @@ -316,7 +306,7 @@ To install GnuPG on Gentoo, run the following command as root: The Gentoo documentation includes a [[https://www.gentoo.org/doc/en/gnupg-user.xml][GnuPG User Guide]]. -*** ? for FreeBSD? +**** ? for FreeBSD? :PROPERTIES: :CUSTOM_ID: get_gnupg_freebsd :END: @@ -343,7 +333,7 @@ sudo pkg_add -r gnupg A port to *VMS* is maintained by Steven M. Schweda at [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]]. -** Is there source code available for it? +** Is source code available? :PROPERTIES: :CUSTOM_ID: source_code :END: @@ -388,7 +378,6 @@ list's archives. The [[https://bugs.gnupg.org/gnupg/][GnuPG project's bug tracker]] is also publicly available. - * Where can I get more information? :PROPERTIES: :CUSTOM_ID: more_info @@ -508,25 +497,6 @@ started using it. The list is lightly moderated. - -*** PGP-Basics - :PROPERTIES: - :CUSTOM_ID: pgp-basics_list - :END: - - -- Subscribing :: visit the [[http://tech.groups.yahoo.com/group/PGP-Basics][PGP-Basics webpage]] -- Unsubscribing :: see above -- List moderator :: Mike Daigle <[[mailto:mdaigle at gswot.org?subject=The%20PGP-Basics%20list][mdaigle at gswot.org]]> -- Supports PGP/MIME :: No -- Languages supported :: English - -PGP-Basics was established over a decade ago specifically to provide a -communications security. The list is low-volume, lightly-moderated, -place where newcomers to GnuPG and PGP could learn about -and remarkably friendly to new users. - - *** PGPNET :PROPERTIES: :CUSTOM_ID: pgpnet_list @@ -535,8 +505,8 @@ and remarkably friendly to new users. - Subscribing :: visit the [[http://tech.groups.yahoo.com/group/PGPNET][PGPNET page]] - Unsubscribing :: see above -- List moderator(s) :: Unknown -- Supports PGP/MIME? :: No +- List moderator(s) :: Paul Kapaldo <[[mailto:pjkapaldo at yahoo.com?subject=PGPNET][pjkapaldo at yahoo.com]]> +- Supports PGP/MIME? :: Yes - Languages supported :: Unknown PGPNET exists to provide people with the opportunity to practice @@ -657,7 +627,6 @@ liberties for over twenty years. The [[https://www.fsf.org][Free Software Foundation]] is also deeply involved in these matters, although in a different way than the EFF. - * What email clients support GnuPG on? :PROPERTIES: :CUSTOM_ID: email_clients @@ -762,7 +731,6 @@ That said, Windows users should check [[http://portableapps.com/apps/internet/th Or, to build your own, use the /mkportable/ tool which comes with [[https://www.gpg4win.org][Gpg4win]]. - * What do all these strange words mean? :PROPERTIES: :CUSTOM_ID: glossary @@ -771,7 +739,6 @@ Or, to build your own, use the /mkportable/ tool which comes with Cryptography tends to use a whole lot of specialized language and jargon. In this section some of it will be deciphered. - ** What?s ?public-key cryptography?? :PROPERTIES: :CUSTOM_ID: define_asymc @@ -882,7 +849,7 @@ keyservers that share keys, so you only need to upload your key once to that network. One widely-used keyserver network is [[https://www.sks-keyservers.net/][sks-keyservers.net]]. SKS stands -for ?Synchronising Key Server?. You can use this network by supplying +for ?Synchronizing Key Server?. You can use this network by supplying the =--keyserver pool.sks-keyservers.net= option. @@ -958,8 +925,6 @@ AES. AES is a thoroughly modern cipher design and may be used with confidence. - - ** What are Twofish and Blowfish? :PROPERTIES: :CUSTOM_ID: define_fish @@ -971,8 +936,6 @@ should not be used to encrypt files larger than 4Gb in size, but Twofish has no such restrictions. These algorithms are modern, and may be used with confidence. - - ** What?s 3DES? :PROPERTIES: :CUSTOM_ID: define_3des @@ -1016,7 +979,6 @@ should not be used to encrypt files larger than 4Gb in size. With that said, though, CAST is a modern cipher and may be used with confidence. - ** What?s Camellia? :PROPERTIES: :CUSTOM_ID: define_camellia @@ -1032,8 +994,6 @@ Rijndael won the United States? AES trials. Camellia is a thoroughly modern cipher design and may be used with confidence. - - ** What are SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and SHA-3? :PROPERTIES: :CUSTOM_ID: define_sha @@ -1063,7 +1023,6 @@ to an astonishing amount of peer review. it. However, SHA-3 will probably be incorporated into the spec, and GnuPG will support it as soon as it does. - ** What?s MD5? :PROPERTIES: :CUSTOM_ID: define_md5 @@ -1075,7 +1034,6 @@ MD5 is a 128-bit cryptographic hash function invented by Ron Rivest the standard algorithms of the field, but is now completely obsolete. For that reason, MD5 is not supported by GnuPG. - ** What are ZLIB, ZIP and BZIP? :PROPERTIES: :CUSTOM_ID: define_compress @@ -1087,8 +1045,6 @@ GnuPG will use one of these three algorithms to compress your data before encrypting it, unless GnuPG can see the data is already compressed. - - ** What?s a ?revocation certificate?? :PROPERTIES: :CUSTOM_ID: define_rev_cert @@ -1104,8 +1060,6 @@ generating a new GnuPG certificate. Store it somewhere safe. Consult [[#generate_revocation_certificate][the FAQ instructions]] on how to do this. - - ** What?s a ?designated revoker?? :PROPERTIES: :CUSTOM_ID: define_desig_revkr @@ -1120,7 +1074,6 @@ your certificate, so that when you left the company the IT staff could revoke your certificate. - ** What does ?validity? mean? :PROPERTIES: :CUSTOM_ID: define_validity @@ -1142,7 +1095,6 @@ particular needs and the threats you face. - ** What does ?trust? mean? :PROPERTIES: :CUSTOM_ID: define_trust @@ -1153,7 +1105,6 @@ particular needs and the threats you face. The terms are used somewhat interchangeably. - ** What does ?ownertrust? mean? :PROPERTIES: :CUSTOM_ID: define_ownertrust @@ -1171,7 +1122,6 @@ she is about the certificates he validates. Alice declares she has ownertrust in Bob. Now, any certificates that Bob validates will appear to Alice as valid, too. - * How do I start using GnuPG? :PROPERTIES: :CUSTOM_ID: starting_out @@ -1731,7 +1681,6 @@ Check out [[https://www.gnupg.org/software/gpgme/][GPGME (GnuPG Made Easy)]]. No, nor will there be. - * What common problems come up? :PROPERTIES: :CUSTOM_ID: common_problems @@ -1789,7 +1738,6 @@ beginning of a signature, and so forth. These lines start with that line will be slightly mangled in order to prevent GnuPG from misinterpreting your data as one of its special lines. - * What are some common best practices? :PROPERTIES: :CUSTOM_ID: best_practices @@ -1875,7 +1823,6 @@ secure. Your private key is already encrypted: your passphrase is the key used to decrypt your private key. - * Advanced topics :PROPERTIES: :CUSTOM_ID: advanced_topics @@ -1895,8 +1842,8 @@ some of the answers in this section. Although all the ciphers in GnuPG are believed strong, they are not all equally recommended. For asymmetric ciphers we recommend RSA over -DSA and/or Elgamal; for symmetric ciphers we recommend AES, Camellia, and/or -Twofish over all the others. +DSA and/or Elgamal; for symmetric ciphers we recommend AES, Camellia, +and/or Twofish over all the others. With respect to our RSA recommendation, there is no reason to believe RSA is any better or worse than DSA and/or Elgamal in a cryptographic sense. @@ -1906,37 +1853,39 @@ other cryptographic token, you'll find RSA is much better supported. With respect to our symmetric cipher recommendations, we have to explain a little bit about cryptanalysis. -First, ciphers are deterministic: given the same inputs, they generate the same -outputs. +First, ciphers are deterministic: given the same inputs, they generate +the same outputs. Second, ciphers don't operate on individual bytes. They work on blocks of data, either eight or sixteen bytes large, depending on the cipher. Third, the OpenPGP standard requires that ciphers run in what's called a ?feedback mode.? In feedback mode, a cipher has two inputs: the -random session key used for the message, and the output of the previous block. +random session key used for the message, and the output of the previous +block. -Put it all together and imagine what would happen if, within the same message, -two identical ciphertext blocks were created. Since the cipher is +Put it all together and imagine what would happen if, within the same +message, two identical ciphertext blocks were created. Since the cipher is deterministic (always generates the same output for the same inputs), and since the key and the previous block are the same, the output of this block would be the same. This repetition creates a distinctive pattern which a cryptanalyst might be able to potentially exploit. For a cipher with an eight-byte block size, you'll probably repeat a block -after about 32 gigabytes of data. This means if you encrypt a single message -larger than 32 gigabytes, it's pretty much a statistical guarantee you'll have -a repeated block. That's bad. For this reason, we recommend you not use -ciphers with eight-byte data blocks if you're going to be doing bulk -encryption. It's very unlikely you'll have any problems if you keep your +after about 32 gigabytes of data. This means if you encrypt a single +message larger than 32 gigabytes, it's pretty much a statistical guarantee +you'll have a repeated block. That's bad. For this reason, we recommend +you not use ciphers with eight-byte data blocks if you're going to be +doing bulk encryption. It's very unlikely you'll have any problems if you +keep your messages under 4 gigabytes in size. For a cipher with a sixteen-byte block size, you'd need to encrypt a single message that contained more data than is found in the entire internet. In other words, it's no longer an issue. -Twofish, AES, and Camellia all operate on sixteen bytes at a time. The others -all operate on eight bytes at a time. +Twofish, AES, and Camellia all operate on sixteen bytes at a time. The +others all operate on eight bytes at a time. ** Why does GnuPG default to 2048 bit RSA-2048? :PROPERTIES: @@ -2210,7 +2159,6 @@ which is an older branch of GnuPG that had some (but by no means complete) PGP 2.6 support. - * COMMENT HTML style specifications #+begin_src emacs-lisp ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 112 ++++++++++++++------------------------------------ 1 file changed, 30 insertions(+), 82 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 12 09:04:47 2017 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 12 Oct 2017 09:04:47 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-79-g00daac1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 00daac15530eabed5e61d841b2df939c2242667c (commit) from 4632adf403611b50be2b4e852a4607070935d0e5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 00daac15530eabed5e61d841b2df939c2242667c Author: Daniel Kahn Gillmor Date: Wed Oct 11 11:38:39 2017 -0400 core: use getdents64 syscall on linux instead of getdents. * src/posix-io.c (get_max_fds): use getdents64 instead of getdents. -- getdents64 was introduced in linux 2.4, so it should be widely available. some Linux architectures which post-date 2.4 (e.g. arm64) appear to not have getdents at all, so it's probably better to use the more modern interface. Signed-off-by: Daniel Kahn Gillmor diff --git a/src/posix-io.c b/src/posix-io.c index 9b7b181..0448d29 100644 --- a/src/posix-io.c +++ b/src/posix-io.c @@ -282,13 +282,14 @@ _gpgme_io_set_nonblocking (int fd) #ifdef USE_LINUX_GETDENTS -/* This is not declared in public headers; getdents(2) says that we must +/* This is not declared in public headers; getdents64(2) says that we must * define it ourselves. */ -struct linux_dirent +struct linux_dirent64 { - unsigned long d_ino; - unsigned long d_off; + ino64_t d_ino; + off64_t d_off; unsigned short d_reclen; + unsigned char d_type; char d_name[]; }; @@ -316,7 +317,7 @@ get_max_fds (void) { int dir_fd; char dir_buf[DIR_BUF_SIZE]; - struct linux_dirent *dir_entry; + struct linux_dirent64 *dir_entry; int r, pos; const char *s; int x; @@ -326,7 +327,7 @@ get_max_fds (void) { for (;;) { - r = syscall(SYS_getdents, dir_fd, dir_buf, DIR_BUF_SIZE); + r = syscall(SYS_getdents64, dir_fd, dir_buf, DIR_BUF_SIZE); if (r == -1) { /* Fall back to other methods. */ @@ -338,7 +339,7 @@ get_max_fds (void) for (pos = 0; pos < r; pos += dir_entry->d_reclen) { - dir_entry = (struct linux_dirent *) (dir_buf + pos); + dir_entry = (struct linux_dirent64 *) (dir_buf + pos); s = dir_entry->d_name; if (*s < '0' || *s > '9') continue; ----------------------------------------------------------------------- Summary of changes: src/posix-io.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 12 23:05:46 2017 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 12 Oct 2017 23:05:46 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-1.0.0-30-gd7c5437 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via d7c54372512fbbd77709a3ea913b902061e5d45d (commit) from 2b1fb2f30a94a967dacec298e3c7d8a80b4c3194 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d7c54372512fbbd77709a3ea913b902061e5d45d Author: Daniel Kahn Gillmor Date: Mon Apr 20 04:21:06 2015 -0300 tty: correct comments * tty/Makefile.am, tty/pinentry-tty.c: comments were copy/pasted from pinentry-curses; correcting them. Signed-off-by: Daniel Kahn Gillmor diff --git a/tty/Makefile.am b/tty/Makefile.am index 7168342..1e8ffb5 100644 --- a/tty/Makefile.am +++ b/tty/Makefile.am @@ -1,4 +1,4 @@ -# Makefile.am - PIN entry curses frontend. +# Makefile.am - PIN entry tty frontend. # Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 8b37340..0e9ab4b 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -1,4 +1,4 @@ -/* pinentry-curses.c - A secure curses dialog for PIN entry, library version +/* pinentry-tty.c - A minimalist dumb terminal mechanism for PIN entry Copyright (C) 2014 Serge Voilokov Copyright (C) 2015 Daniel Kahn Gillmor Copyright (C) 2015 g10 Code GmbH ----------------------------------------------------------------------- Summary of changes: tty/Makefile.am | 2 +- tty/pinentry-tty.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 12 23:14:50 2017 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 12 Oct 2017 23:14:50 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-1.0.0-32-g1f5b351 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 1f5b351531205214e9513a0aed170660dc822ceb (commit) via 242b658289488696d371c639c1da631712bd774c (commit) from d7c54372512fbbd77709a3ea913b902061e5d45d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f5b351531205214e9513a0aed170660dc822ceb Author: Daniel Kahn Gillmor Date: Sun Feb 5 00:20:47 2017 -0500 core: Only scan for the command line if probably on the same host. * pinentry/pinentry.c (pinentry_get_title): Check the current hostname and make sure it matches. If it does not, do not bother looking for the command line. -- If we don't do this, and the agent is forwarded from somewhere else, pinentry will be looking up arbitrary process command lines. Signed-off-by: Daniel Kahn Gillmor diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 3303c77..2ba4baa 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -28,6 +28,7 @@ #include #include #include +#include #ifndef HAVE_W32CE_SYSTEM # include #endif @@ -441,19 +442,22 @@ pinentry_get_title (pinentry_t pe) else if (pe->owner_pid) { char buf[200]; - char *cmdline = get_cmdline (pe->owner_pid); + struct utsname utsbuf; + char *cmdline = NULL; + + if (pe->owner_host && + !uname (&utsbuf) && utsbuf.nodename && + !strcmp (utsbuf.nodename, pe->owner_host)) + cmdline = get_cmdline (pe->owner_pid); if (pe->owner_host && cmdline) snprintf (buf, sizeof buf, "[%lu]@%s (%s)", pe->owner_pid, pe->owner_host, cmdline); - else if (cmdline) - snprintf (buf, sizeof buf, "[%lu] (%s)", - pe->owner_pid, cmdline); else if (pe->owner_host) snprintf (buf, sizeof buf, "[%lu]@%s", pe->owner_pid, pe->owner_host); else - snprintf (buf, sizeof buf, "[%lu]", + snprintf (buf, sizeof buf, "[%lu] ", pe->owner_pid); buf[sizeof buf - 1] = 0; free (cmdline); commit 242b658289488696d371c639c1da631712bd774c Author: Daniel Kahn Gillmor Date: Sat Feb 4 23:11:51 2017 -0500 core: Clean up command line extraction. * pinentry/pinentry.c (get_cmdline): Avoid trailing space, and return NULL when no bytes were read from /proc. Signed-off-by: Daniel Kahn Gillmor diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 5f7912a..3303c77 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -413,14 +413,16 @@ get_cmdline (unsigned long pid) fclose (fp); return NULL; } - /* Arguments are delimites by Nuls. We should do proper quoting but + fclose (fp); + if (n == 0) + return NULL; + /* Arguments are delimited by Nuls. We should do proper quoting but * that can be a bit complicated, thus we simply replace the Nuls by * spaces. */ for (i=0; i < n; i++) - if (!buffer[i]) + if (!buffer[i] && i < n-1) buffer[i] = ' '; buffer[i] = 0; /* Make sure the last byte is the string terminator. */ - fclose (fp); return strdup (buffer); } ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sun Oct 15 12:57:30 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 15 Oct 2017 12:57:30 +0200 Subject: [git] gnupg-doc - branch, master, updated. e2d6928a96636adfdd08e49be0e57bf9a5dd6514 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e2d6928a96636adfdd08e49be0e57bf9a5dd6514 (commit) from 1ef11df475f59de3253ee3048ee2b93b9cfdc6ac (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e2d6928a96636adfdd08e49be0e57bf9a5dd6514 Author: Werner Koch Date: Sun Oct 15 12:52:20 2017 +0200 verein: Add new member diff --git a/web/verein/finances.org b/web/verein/finances.org index 7a71e2a..243f474 100644 --- a/web/verein/finances.org +++ b/web/verein/finances.org @@ -29,6 +29,8 @@ | 2017-09-29 | | 12.00 | | Banking card | | 2017-09-29 | | 6.30 | 139189.05 | Bank fees | | 2017-10-06 | 18197.53 | | 157386.58 | Exchange of 5 BTC | +| 2017-10-12 | 220.00 | | | Donation kernel-recipes | +| 2017-10-12 | 310.00 | | 157916.58 | Donation kernel-recipes | The 59.000 ? from the Wau Holland Stiftung have been collected by them diff --git a/web/verein/members.org b/web/verein/members.org index faad51c..3c1297f 100644 --- a/web/verein/members.org +++ b/web/verein/members.org @@ -19,6 +19,7 @@ active in development or in evangelizing end-to-end encryption. - Kai Michaelis - Kristian Fiskerstrand - Neal Walfied + - Phil Pennock - Werner Koch - Yutaka Niibe ----------------------------------------------------------------------- Summary of changes: web/verein/finances.org | 2 ++ web/verein/members.org | 1 + 2 files changed, 3 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Oct 16 15:33:00 2017 From: cvs at cvs.gnupg.org (by Jochen Saalfeld) Date: Mon, 16 Oct 2017 15:33:00 +0200 Subject: [git] GpgOL - branch, master, updated. gpgol-2.0.1-2-g6a54171 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 6a54171276524e2e39f3d9f2ad88683d0c0036c2 (commit) from 00480682f46fe7355dfd3e993ad2ecdb46472c8b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6a54171276524e2e39f3d9f2ad88683d0c0036c2 Author: Jochen Saalfeld Date: Mon Oct 16 15:32:49 2017 +0200 Update Portugese translations * po/pt.po: Update -- Translation provided by Marco A.G. Pinto. diff --git a/po/pt.po b/po/pt.po index 148cb7a..941fbb0 100644 --- a/po/pt.po +++ b/po/pt.po @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: GpgOL 1.1.1\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" "POT-Creation-Date: 2017-09-12 13:26+0200\n" -"PO-Revision-Date: 2017-08-26 07:52+0100\n" +"PO-Revision-Date: 2017-10-16 14:17+0100\n" "Last-Translator: Marco A.G.Pinto \n" "Language-Team: Portuguese \n" "Language: pt\n" @@ -16,7 +16,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-SourceCharset: UTF-8\n" -"X-Generator: Poedit 2.0.3\n" +"X-Generator: Poedit 2.0.4\n" #: src/addin-options.cpp:37 src/gpgoladdin.cpp:1139 src/gpgoladdin.cpp:1222 #: src/gpgoladdin.cpp:1301 src/olflange-dlgs.cpp:43 @@ -37,20 +37,20 @@ msgstr "Envio de mensagem" #: src/addin-options.cpp:44 src/olflange-dlgs.cpp:47 msgid "&Encrypt new messages by default" -msgstr "Encriptar novas mensagens por defeito" +msgstr "Encriptar novas mensagens por omiss?o" #: src/addin-options.cpp:45 src/olflange-dlgs.cpp:48 msgid "&Sign new messages by default" -msgstr "Assinar novas mensagens por defeito" +msgstr "Assinar novas mensagens por omiss?o" #: src/addin-options.cpp:46 msgid "&Send OpenPGP mails without attachments as PGP/Inline" -msgstr "Enviar mails OpenPGP sem anexos como PGP/Inline" +msgstr "Enviar e-mails OpenPGP sem anexos como PGP/Inline" #: src/addin-options.cpp:48 msgid "S&elect crypto settings automatically for reply and forward" msgstr "" -"Seleciona as defini??es de criptografia automaticamente para responder e " +"Selecionar as defini??es de criptografia automaticamente para responder e " "encaminhar." #: src/addin-options.cpp:50 @@ -67,11 +67,11 @@ msgstr "Configurar o GnuPG" #: src/addin-options.cpp:55 msgid "Version " -msgstr "Vers?o" +msgstr "Vers?o " #: src/addin-options.cpp:133 msgid "Changing the interface requires a restart of Outlook." -msgstr "Mudar a interface requer reiniciar o Outlook." +msgstr "Mudar a interface necessita reiniciar o Outlook." #: src/addin-options.cpp:134 src/cmdbarcontrols.cpp:105 src/engine.c:377 #: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:314 @@ -121,7 +121,7 @@ msgstr "N?o foi poss?vel iniciar o gestor de certificados" #: src/common.c:237 msgid "GpgOL - Save attachment" -msgstr "GpgOL - Gravar anexo" +msgstr "GpgOL - Guardar anexo" #: src/config-dialog.c:135 msgid "Debug output (for analysing problems)" @@ -164,7 +164,7 @@ msgstr "" "o GpgOL num estado desativado para que as mensagens n?o sejam mais " "processadas pelo GpgOL.\n" "\n" -"Deves converter todas as pastas uma ap?s a outra com este comando, fechar o " +"Deves converter todas as pastas, uma ap?s a outra com este comando, fechar o " "Outlook e depois desinstalar o GpgOL.\n" "\n" "Nota que se iniciares o Outlook novamente com o GpgOL ainda a ser instalado, " @@ -214,7 +214,7 @@ msgstr "" #: src/gpgoladdin.cpp:815 msgid "Open the settings dialog for GpgOL" -msgstr "Abre o di?logo de defini??es para o GpgOL" +msgstr "Abrir o di?logo de defini??es para o GpgOL" #: src/gpgoladdin.cpp:865 src/gpgoladdin.cpp:983 msgid "Secure" @@ -244,7 +244,7 @@ msgid "" "generate your own certificates. " msgstr "" "Abre o GPA ou Kleopatra para gerir os teus certificados. Podes usar isto " -"para gerar os teus pr?prios certificados." +"para gerar os teus pr?prios certificados. " #: src/gpgoladdin.cpp:1017 msgid "Encrypt the text of the message" @@ -256,7 +256,7 @@ msgid "" "replace the text with the encrypted message." msgstr "" "Escolher os certificados para quem a mensagem deve ser encriptada e " -"substitui o texto com a mensagem encriptada." +"substituir o texto com a mensagem encriptada." #: src/gpgoladdin.cpp:1023 msgid "Add a file as an encrypted attachment" @@ -264,7 +264,7 @@ msgstr "Adicionar um ficheiro como anexo encriptado" #: src/gpgoladdin.cpp:1025 msgid "Encrypts a file and adds it as an attachment to the message. " -msgstr "Encripta um ficheiro e adiciona-o como um anexo ? mensagem." +msgstr "Encripta um ficheiro e adiciona-o como um anexo ? mensagem. " #: src/gpgoladdin.cpp:1028 msgid "Add a file as an encrypted attachment with a signature" @@ -275,8 +275,8 @@ msgid "" "Encrypts a file, signs it and adds both the encrypted file and the signature " "as attachments to the message. " msgstr "" -"Encripta um ficheiro, assina-o e adiciona quer o ficheiro encriptado e a " -"assinatura como anexos ? mensagem." +"Encripta um ficheiro, assina-o e adiciona o ficheiro encriptado e a " +"assinatura como anexos ? mensagem. " #: src/gpgoladdin.cpp:1033 msgid "Decrypt the message" @@ -308,7 +308,7 @@ msgstr "" #: src/gpgoladdin.cpp:1047 msgid "Open the settings dialog for GpgOL." -msgstr "Abre o di?logo de defini??es para o GpgOL" +msgstr "Abre o di?logo de defini??es para o GpgOL." #: src/gpgoladdin.cpp:1140 src/gpgoladdin.cpp:1223 src/gpgoladdin.cpp:1302 msgid "Start Certificate Manager" @@ -336,7 +336,7 @@ msgstr "Ficheiro encriptado e Assinatura" #: src/gpgoladdin.cpp:1228 src/gpgoladdin.cpp:1305 src/gpgoladdin.cpp:1306 msgid "Save and decrypt" -msgstr "Gravar e desencriptar" +msgstr "Guardar e desencriptar" #: src/inspectors.cpp:690 msgid "&encrypt message with GnuPG" @@ -372,7 +372,7 @@ msgid "" "Click for more information. " msgstr "" "Esta ? uma mensagem assinada.\n" -"Clica para mais informa??o." +"Clica para mais informa??o. " #: src/inspectors.cpp:936 msgid "" @@ -380,7 +380,7 @@ msgid "" "Click for more information. " msgstr "" "Esta ? uma mensagem encriptada.\n" -"Clica para mais informa??o." +"Clica para mais informa??o. " #: src/mail.cpp:338 msgid "" @@ -417,7 +417,7 @@ msgid "" "Note: The attachments may be encrypted or signed on a file level but the " "GpgOL status does not apply to them." msgstr "" -"Nota: Os anexos podem ser encriptados ou assinados a n?vel de ficheiro, mas " +"Nota: Os anexos podem ser encriptados ou assinados ao n?vel de ficheiro, mas " "o status do GpgOL n?o se aplica a eles." #: src/mail.cpp:389 @@ -481,15 +481,16 @@ msgstr "Mensagem insegura" #: src/mail.cpp:1772 msgid "You cannot be sure who sent, modified and read the message in transit." msgstr "" -"N?o podes ter certeza quem enviou, modificou e leu a mensagem em tr?nsito." +"N?o podes ter a certeza de quem enviou, modificou e leu a mensagem em " +"tr?nsito." #: src/mail.cpp:1781 msgid "The encryption was VS-NfD-compliant." -msgstr "A encripta??o foi em conformidade com VS-NfD." +msgstr "A encripta??o est? em conformidade com VS-NfD." #: src/mail.cpp:1785 msgid "The encryption was not VS-NfD-compliant." -msgstr "A encripta??o n?o foi em conformidade com VS-NfD." +msgstr "A encripta??o n?o est? em conformidade com VS-NfD." #: src/mail.cpp:1789 msgid "You cannot be sure who sent the message because it is not signed." @@ -534,7 +535,7 @@ msgid "" "You encrypted %i and verified %i messages since." msgstr "" "O endere?o dos remetentes ? confi?vel, porque estabeleceste um hist?rico de " -"comunica??o com este endere?o a partir de %s.\n" +"comunica??o com este endere?o desde %s.\n" "Encriptaste %i e verificaste %i mensagens desde ent?o." #: src/mail.cpp:1872 @@ -609,7 +610,7 @@ msgstr "n?o reivindica o endere?o: \"%s\"." #: src/mail.cpp:1967 msgid "is not certified by any trustworthy key." -msgstr "n?o ? certificado por qualquer chave confi?vel." +msgstr "n?o est? certificado por qualquer chave confi?vel." #: src/mail.cpp:1971 msgid "" @@ -662,7 +663,7 @@ msgstr "Clica aqui para localizar a chave no servidor de chaves configurado." #: src/mail.cpp:2027 msgid "Click here to search the certificate on the configured X509 keyserver." msgstr "" -"Clica aqui para localizar o certificado X509 no servidor de chaves " +"Clica aqui para localizar o certificado no servidor de chaves X509 " "configurado." #: src/mailitem.cpp:160 src/message-events.cpp:279 @@ -690,7 +691,7 @@ msgid "" "\n" "For example by right clicking but not selecting the message.\n" msgstr "" -"O GpgOL impediu a mudan?a para a propriedade \"%s\".\n" +"O GpgOL impediu a altera??o para a propriedade \"%s\".\n" "As altera??es de propriedade n?o s?o ainda manejadas para mensagens de " "criptografia.\n" "\n" @@ -716,7 +717,7 @@ msgid "" "another Outlook session. Use the \"decrypt/verify\" command to make it " "visible]" msgstr "" -"[O conte?do desta mensagem n?o ? vis?vel porque foi desencriptado noutra " +"[O conte?do desta mensagem n?o ? vis?vel porque foi desencriptado por outra " "sess?o do Outlook. Usa o comando \"desencriptar/verificar\" para torn?-lo " "vis?vel]" @@ -812,7 +813,7 @@ msgstr "I/O-Erro" #: src/olflange.cpp:568 msgid "Welcome to GpgOL " -msgstr "Bem-vindo ao GpgOL" +msgstr "Bem-vindo ao GpgOL " #: src/olflange.cpp:569 msgid "" @@ -838,15 +839,15 @@ msgstr "" "Embora test?mos este software extensivamente, n?o podemos dar qualquer " "garantia que funcione da forma esperada. A interface de programa??o em uso " "n?o foi devidamente documentada pela Microsoft e da? a funcionalidade do " -"GpgOL pode cessar com uma actualiza??o do teu sistema Windows.\n" +"GpgOL poder cessar com uma atualiza??o do teu sistema Windows.\n" "\n" "ACONSELHAMOS FORTEMENTE A EXECUTAR TESTES DE ENCRIPTA??O ANTES DE COME?AR A " "USAR O GPGOL EM DADOS SENS?VEIS!\n" "\n" "Existem alguns problemas conhecidos, sendo os mais graves o n?o " "funcionamento em enviar e-mails encriptados ou assinados usando uma conta " -"com base no Exchange. Usar o GpgOL com outros plug-ins do Outlook poder? n?o " -"funcionar em alguns casos.\n" +"com base no Exchange. Usar o GpgOL com outros suplementos do Outlook poder? " +"n?o funcionar em alguns casos.\n" #: src/olflange.cpp:595 msgid "" @@ -873,11 +874,10 @@ msgid "" msgstr "" "Esta vers?o do Outlook ? muito antiga!\n" "\n" -"Pelo menos as vers?es do Outlook 2003 mais antigas que o SP2 exibem crashes " -"ao enviar as mensagens e estas podem ficar presas na fila de sa?da.\n" +"As vers?es do Outlook 2003 anteriores ao SP2 exibem crashes ao enviar as " +"mensagens, podendo estas ficar presas na fila de sa?da.\n" "\n" -"Por favor atualiza pelo menos para o SP2 antes de tentares enviar uma " -"mensagem." +"Por favor atualiza pelo menos para o SP2 antes de tentar enviar uma mensagem." #: src/olflange.cpp:811 msgid "" @@ -910,7 +910,7 @@ msgstr "Motor Criptogr?fico" #: src/olflange-dlgs.cpp:256 msgid "-#GpgOLFullHelpText#-" msgstr "" -"O GpgOL ? um plugin para o Outlook que permite a encripta??o e\n" +"O GpgOL ? um suplemento para o Outlook que permite a encripta??o e\n" "assinatura de mensagens usando o standard OpenPGP e S/MIME.\n" "Ele usa o software GnuPG (http://www.gnupg.org). A mais recente\n" "informa??o de lan?amento ? acess?vel ao clicar no log?tipo.\n" @@ -922,11 +922,11 @@ msgstr "" "\n" "O GpgOL ? distribu?do na esperan?a que possa ser ?til,\n" "mas SEM QUALQUER GARANTIA; nem mesmo a garantia impl?cita de\n" -"MERCANTIBILIDADE ou APTID?O PARA UMA FINALIDADE PARTICULAR. V? a\n" +"MERCANTIBILIDADE ou APTID?O PARA UMA FINALIDADE ESPEC?FICA. V? a\n" "GNU Lesser General Public License para mais detalhes.\n" "\n" "Deves ter recebido uma c?pia da GNU Lesser General Public License\n" -"juntamente com este programa; se n?o, v? ." +"juntamente com este programa; se n?o, v?: ." #: src/olflange-dlgs.cpp:262 #, c-format @@ -951,7 +951,7 @@ msgstr "" #: src/parsecontroller.cpp:196 msgid "Could not decrypt the data: " -msgstr "N?o foi poss?vel desencriptar os dados:" +msgstr "N?o foi poss?vel desencriptar os dados: " #: src/parsecontroller.cpp:203 src/parsecontroller.cpp:258 msgid "Encrypted message (decryption not possible)" @@ -975,7 +975,7 @@ msgstr "" #: src/pgpmime.c:510 msgid "Error writing file" -msgstr "Erro ao gravar o ficheiro" +msgstr "Erro ao escrever o ficheiro" #: src/pgpmime.c:586 msgid "[PGP/MIME message]" @@ -1007,7 +1007,7 @@ msgstr "Por favor adiciona pelo menos um destinat?rio." #: src/ribbon-callbacks.cpp:685 msgid "Please select a Mail." -msgstr "Por favor seleciona um mail." +msgstr "Por favor seleciona um e-mail." #: src/ribbon-callbacks.cpp:699 msgid "Please select the data you wish to decrypt." @@ -1015,7 +1015,7 @@ msgstr "Por favor seleciona os dados que desejas desencriptar." #: src/ribbon-callbacks.cpp:712 msgid "Nothing to decrypt." -msgstr "Nada a desencriptar." +msgstr "Nada para desencriptar." #: src/ribbon-callbacks.cpp:891 msgid "Plain text" @@ -1027,7 +1027,7 @@ msgstr "Texto assinado" #: src/ribbon-callbacks.cpp:1084 msgid "Select file to encrypt" -msgstr "Seleciona ficheiro a encriptar" +msgstr "Seleciona o ficheiro a encriptar" #: src/ribbon-callbacks.cpp:1596 msgid "No message selected" @@ -1049,7 +1049,7 @@ msgid "" "Could not find Kleopatra.\n" "Please reinstall Gpg4win with the Kleopatra component enabled." msgstr "" -"N?o foi poss?vel encontrar Kleopatra.\n" +"N?o foi poss?vel encontrar o Kleopatra.\n" "Por favor reinstala o Gpg4win com o componente Kleopatra ativado." #~ msgid "" ----------------------------------------------------------------------- Summary of changes: po/pt.po | 92 ++++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 46 insertions(+), 46 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Oct 16 15:34:22 2017 From: cvs at cvs.gnupg.org (by Jochen Saalfeld) Date: Mon, 16 Oct 2017 15:34:22 +0200 Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.5-2-g1f68171 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnupG extension for the Windows Explorer". The branch, master has been updated via 1f6817197c17c1bd92b7547860b4a8119774f902 (commit) from 011b0afb4012258af479fb40b26911d7be874750 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1f6817197c17c1bd92b7547860b4a8119774f902 Author: Jochen Saalfeld Date: Mon Oct 16 15:34:11 2017 +0200 Update Portugese translations * po/pt.po: Update -- Translation provided by Marco A.G. Pinto. diff --git a/po/pt.po b/po/pt.po index 859fa61..9486899 100644 --- a/po/pt.po +++ b/po/pt.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: GpgEX\n" "Report-Msgid-Bugs-To: http://bugs.gnupg.org\n" -"PO-Revision-Date: 2017-08-26 07:52+0100\n" +"PO-Revision-Date: 2017-10-16 13:38+0100\n" "Last-Translator: Marco A.G.Pinto \n" "Language-Team: Portuguese \n" "Language: pt\n" @@ -16,7 +16,8 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-SourceCharset: UTF-8\n" -"X-Generator: Poedit 2.0.3\n" +"X-Generator: Poedit 2.0.4\n" +"POT-Creation-Date: \n" #, c-format msgid "" @@ -109,7 +110,7 @@ msgstr "Mostrar mais op??es do GpgEX." #. TRANSLATORS: See the source for the full english text. msgid "-#GpgEXFullHelpText#-" msgstr "" -"O GpgEX ? um plug-in Explorer para encripta??o e assinar dados.\n" +"O GpgEX ? um plug-in Explorer para encriptar e assinar dados.\n" "Ele usa o software GnuPG (http://www.gnupg.org).\n" "\n" "O GpgEX ? software livre; podes redistribu?-lo e/ou\n" @@ -119,7 +120,7 @@ msgstr "" "\n" "O GpgEX ? distribu?do na esperan?a que possa ser ?til,\n" "mas SEM QUALQUER GARANTIA; nem mesmo a garantia impl?cita de\n" -"MERCANTIBILIDADE ou APTID?O PARA UMA FINALIDADE PARTICULAR. V? a\n" +"MERCANTIBILIDADE ou APTID?O PARA UMA FINALIDADE ESPEC?FICA. V? a\n" "GNU Lesser General Public License para mais detalhes.\n" "\n" "Deves ter recebido uma c?pia da GNU Lesser General Public License\n" ----------------------------------------------------------------------- Summary of changes: po/pt.po | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- GnupG extension for the Windows Explorer http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 17 15:08:53 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 17 Oct 2017 15:08:53 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-15-gc6e42e7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c6e42e7ec3d1046969d783c443c13aad7cb61bb8 (commit) from e4dc458b0b7dc9b8417a2177ef17822d9b9064ec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c6e42e7ec3d1046969d783c443c13aad7cb61bb8 Author: Werner Koch Date: Tue Oct 17 15:00:08 2017 +0200 api: New function gcry_mpi_get_ui. * src/gcrypt.h.in (gcry_mpi_get_ui): New. (mpi_get_ui): New macro. * src/libgcrypt.def, src/libgcrypt.vers: Add new function. * src/visibility.c (gcry_mpi_get_ui): New. * src/visibility.h: Mark that function. (gcry_mpi_get_ui): New. * mpi/mpiutil.c (MY_UINT_MAX): New macro. (_gcry_mpi_get_ui): Re-implemented. This function existed but was never imported or used. * tests/mpitests.c (test_maxsize): Add some test for this function. -- Note that in libgcrypt.def the cardinal 91 is used which was never used in the past. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 3e07a94..3b49350 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,11 @@ Noteworthy changes in version 1.9.0 (unreleased) [C22/A3/R0] ------------------------------------------------ + * Interface changes relative to the 1.8.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gcry_mpi_get_ui NEW function. + + Noteworthy changes in version 1.8.1 (2017-08-27) [C22/A2/R1] ------------------------------------------------ diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 2bf23a5..a684134 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4578,6 +4578,18 @@ int} as type for @var{u} and thus it is only possible to set @var{w} to small values (usually up to the word size of the CPU). @end deftypefun + at deftypefun gcry_error_t gcry_mpi_get_ui (@w{unsigned int *@var{w}}, @w{gcry_mpi_t @var{u}}) + +If @var{u} is not negative and small enough to be stored in an + at code{unsigned int} variable, store its value at @var{w}. If the +value does not fit or is negative return GPG_ERR_ERANGE and do not +change the value stored at @var{w}. Note that this function returns +an @code{unsigned int} so that this value can immediately be used with +the bit test functions. This is in contrast to the other "_ui" +functions which allow for values up to an @code{unsigned long}. + at end deftypefun + + @deftypefun void gcry_mpi_swap (@w{gcry_mpi_t @var{a}}, @w{gcry_mpi_t @var{b}}) Swap the values of @var{a} and @var{b}. @@ -5122,7 +5134,7 @@ currently defined flags are: Setting this flag converts @var{a} into an MPI stored in "secure memory". Clearing this flag is not allowed. @item GCRYMPI_FLAG_OPAQUE -This is an interanl flag, indicating the an opaque valuue and not an +This is an internal flag, indicating the an opaque valuue and not an integer is stored. This is an read-only flag; it may not be set or cleared. @item GCRYMPI_FLAG_IMMUTABLE diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 3ae84c3..9dde37f 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -28,6 +28,21 @@ #include "mpi-internal.h" #include "mod-source-info.h" + +#if SIZEOF_UNSIGNED_INT == 2 +# define MY_UINT_MAX 0xffff +/* (visual check: 0123 ) */ +#elif SIZEOF_UNSIGNED_INT == 4 +# define MY_UINT_MAX 0xffffffff +/* (visual check: 01234567 ) */ +#elif SIZEOF_UNSIGNED_INT == 8 +# define MY_UINT_MAX 0xffffffffffffffff +/* (visual check: 0123456789abcdef ) */ +#else +# error Need MY_UINT_MAX for this limb size +#endif + + /* Constants allocated right away at startup. */ static gcry_mpi_t constants[MPI_NUMBER_OF_CONSTANTS]; @@ -539,23 +554,27 @@ _gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u) return w; } +/* If U is non-negative and small enough store it as an unsigned int + * at W. If the value does not fit into an unsigned int or is + * negative return GPG_ERR_ERANGE. Note that we return an unsigned + * int so that the value can be used with the bit test functions; in + * contrast the other _ui functions take an unsigned long so that on + * some platforms they may accept a larger value. On error the value + * at U is not changed. */ gcry_err_code_t -_gcry_mpi_get_ui (gcry_mpi_t w, unsigned long *u) +_gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; - unsigned long x = 0; + mpi_limb_t x; - if (w->nlimbs > 1) - err = GPG_ERR_TOO_LARGE; - else if (w->nlimbs == 1) - x = w->d[0]; - else - x = 0; + if (u->nlimbs > 1 || u->sign) + return GPG_ERR_ERANGE; - if (! err) - *u = x; + x = (u->nlimbs == 1) ? u->d[0] : 0; + if (sizeof (x) > sizeof (unsigned int) && x > MY_UINT_MAX) + return GPG_ERR_ERANGE; - return err; + *w = x; + return 0; } diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index ad719be..e88f868 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -362,7 +362,7 @@ gcry_mpi_t _gcry_mpi_copy (const gcry_mpi_t a); void _gcry_mpi_snatch (gcry_mpi_t w, gcry_mpi_t u); gcry_mpi_t _gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u); gcry_mpi_t _gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u); -gcry_err_code_t _gcry_mpi_get_ui (gcry_mpi_t w, ulong *u); +gcry_err_code_t _gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u); void _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b); int _gcry_mpi_is_neg (gcry_mpi_t a); void _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u); @@ -464,7 +464,7 @@ int _gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); #define mpi_snatch( w, u) _gcry_mpi_snatch( (w), (u) ) #define mpi_set( w, u) _gcry_mpi_set( (w), (u) ) #define mpi_set_ui( w, u) _gcry_mpi_set_ui( (w), (u) ) -#define mpi_get_ui(a,b) _gcry_mpi_get_ui( (a), (b) ) +#define mpi_get_ui(w,u) _gcry_mpi_get_ui( (w), (u) ) #define mpi_swap(a,b) _gcry_mpi_swap ((a),(b)) #define mpi_abs( w ) _gcry_mpi_abs( (w) ) #define mpi_neg( w, u) _gcry_mpi_neg( (w), (u) ) diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 89b1303..76d9b1d 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -587,6 +587,9 @@ gcry_mpi_t gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u); /* Store the unsigned integer value U in W. */ gcry_mpi_t gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u); +/* Store U as an unsigned int at W or return GPG_ERR_ERANGE. */ +gpg_error_t gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u); + /* Swap the values of A and B. */ void gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b); @@ -840,6 +843,7 @@ gcry_mpi_t _gcry_mpi_get_const (int no); #define mpi_snatch( w, u) gcry_mpi_snatch( (w), (u) ) #define mpi_set( w, u) gcry_mpi_set( (w), (u) ) #define mpi_set_ui( w, u) gcry_mpi_set_ui( (w), (u) ) +#define mpi_get_ui( w, u) gcry_mpi_get_ui( (w), (u) ) #define mpi_abs( w ) gcry_mpi_abs( (w) ) #define mpi_neg( w, u) gcry_mpi_neg( (w), (u) ) #define mpi_cmp( u, v ) gcry_mpi_cmp( (u), (v) ) diff --git a/src/libgcrypt.def b/src/libgcrypt.def index a76b377..6239a95 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -118,7 +118,7 @@ EXPORTS gcry_mpi_set_flag @88 gcry_mpi_clear_flag @89 gcry_mpi_get_flag @90 - + gcry_mpi_get_ui @91 gcry_cipher_open @92 gcry_cipher_close @93 diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 1aa830f..edf8a76 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -108,6 +108,7 @@ GCRYPT_1.6 { gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_sub; gcry_mpi_ec_mul; gcry_mpi_ec_curve_point; gcry_mpi_ec_decode_point; gcry_mpi_point_copy; + gcry_mpi_get_ui; gcry_log_debug; gcry_log_debughex; gcry_log_debugmpi; gcry_log_debugpnt; gcry_log_debugsxp; diff --git a/src/visibility.c b/src/visibility.c index 104c70d..44972a1 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -308,7 +308,7 @@ gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u) } gcry_error_t -gcry_mpi_get_ui (gcry_mpi_t w, unsigned long *u) +gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u) { return gpg_error (_gcry_mpi_get_ui (w, u)); } diff --git a/src/visibility.h b/src/visibility.h index df2caf6..9c9fa87 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -265,6 +265,7 @@ MARK_VISIBLEX (gcry_mpi_set_highbit) MARK_VISIBLEX (gcry_mpi_set_opaque) MARK_VISIBLEX (gcry_mpi_set_opaque_copy) MARK_VISIBLEX (gcry_mpi_set_ui) +MARK_VISIBLEX (gcry_mpi_get_ui) MARK_VISIBLEX (gcry_mpi_snew) MARK_VISIBLEX (gcry_mpi_sub) MARK_VISIBLEX (gcry_mpi_sub_ui) @@ -484,6 +485,7 @@ MARK_VISIBLEX (_gcry_mpi_get_const) #define gcry_mpi_set_highbit _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_set_opaque _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_set_ui _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_mpi_get_ui _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_snatch _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_snew _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_sub _gcry_USE_THE_UNDERSCORED_FUNCTION diff --git a/tests/mpitests.c b/tests/mpitests.c index 18156d1..9b4a66c 100644 --- a/tests/mpitests.c +++ b/tests/mpitests.c @@ -205,6 +205,7 @@ test_maxsize (void) { gpg_error_t err; gcry_mpi_t a; + unsigned int val; char buffer[2+2048]; /* For PGP: 2 length bytes and 16384 bits. */ memset (buffer, 0x55, sizeof buffer); @@ -232,7 +233,36 @@ test_maxsize (void) err = gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buffer, sizeof buffer, NULL); if (err) die ("gcry_mpi_scan did not parse a large PGP: %s\n", gpg_strerror (err)); + + /* Let's also test get_ui. */ + gcry_mpi_set_ui (a, 0); + val = 4711; + err = gcry_mpi_get_ui (&val, a); + if (err || val != 0) + die ("gcry_mpi_get_ui failed at %d: %s\n", __LINE__, gpg_strerror (err)); + + gcry_mpi_sub_ui (a, a, 1); + val = 4711; + err = gcry_mpi_get_ui (&val, a); + if (gpg_err_code (err) != GPG_ERR_ERANGE || val != 4711) + die ("gcry_mpi_get_ui failed at %d: %s\n", __LINE__, gpg_strerror (err)); + + gcry_mpi_set_ui (a, 0xffffffff); + val = 4711; + err = gcry_mpi_get_ui (&val, a); + if (err || val != 0xffffffff) + die ("gcry_mpi_get_ui failed at %d: %s\n", __LINE__, gpg_strerror (err)); + + if (sizeof (val) == 4) + { + gcry_mpi_add_ui (a, a, 1); + err = gcry_mpi_get_ui (&val, a); + if (gpg_err_code (err) != GPG_ERR_ERANGE) + die ("gcry_mpi_get_ui failed at %d: %s\n", __LINE__,gpg_strerror (err)); + } + gcry_mpi_release (a); + } ----------------------------------------------------------------------- Summary of changes: NEWS | 5 +++++ doc/gcrypt.texi | 14 +++++++++++++- mpi/mpiutil.c | 43 +++++++++++++++++++++++++++++++------------ src/gcrypt-int.h | 4 ++-- src/gcrypt.h.in | 4 ++++ src/libgcrypt.def | 2 +- src/libgcrypt.vers | 1 + src/visibility.c | 2 +- src/visibility.h | 2 ++ tests/mpitests.c | 30 ++++++++++++++++++++++++++++++ 10 files changed, 90 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 17 21:14:47 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 17 Oct 2017 21:14:47 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-24-g825abec Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 825abec0e7f38667a34dce3025fc2f3a05001dde (commit) via 69e579d78545aee5096a5d170e1cb9e511a09a90 (commit) from 1ed21eee79749b976b4a935f2279b162634e9c5e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 825abec0e7f38667a34dce3025fc2f3a05001dde Author: Werner Koch Date: Tue Oct 17 21:10:19 2017 +0200 gpg,sm: New option --with-key-screening. * common/pkscreening.c: New. * common/pkscreening.h: New. * common/Makefile.am (common_sources): Add them. * g10/gpg.c (opts): New option --with-key-screening. * g10/options.h (struct opt): New field with_key_screening. * g10/keylist.c: Include pkscreening.h. (print_pk_screening): New. (list_keyblock_print): Call it. (print_compliance_flags): Call it. * sm/gpgsm.c (opts): New option --with-key-screening. * sm/gpgsm.h (scruct opt): New field with_key_screening. * sm/keylist.c: Include pkscreening.h. (print_pk_screening): New. (print_compliance_flags): Call it. Add new arg cert. (list_cert_colon): Pass arg cert (list_cert_std): Call print_pk_screening. * sm/fingerprint.c (gpgsm_get_rsa_modulus): New. -- This new option can be used to detect ROCA affected keys. To scan an entire keyring and print the affected fingerprints use this: gpg -k --with-key-screening --with-colons | gawk -F: \ '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next}; $1=="fpr" && found {print $10}; {found=0}' The same works for gpgsm. Note that we need gawk due to the "\<" in the r.e. Signed-off-by: Werner Koch diff --git a/common/Makefile.am b/common/Makefile.am index fcbe7ea..94318da 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -94,7 +94,8 @@ common_sources = \ name-value.c name-value.h \ recsel.c recsel.h \ ksba-io-support.c ksba-io-support.h \ - compliance.c compliance.h + compliance.c compliance.h \ + pkscreening.c pkscreening.h if HAVE_W32_SYSTEM diff --git a/common/pkscreening.c b/common/pkscreening.c new file mode 100644 index 0000000..a3bfb47 --- /dev/null +++ b/common/pkscreening.c @@ -0,0 +1,159 @@ +/* pkscreening.c - Screen public keys for vulnerabilities + * Copyright (C) 2017 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#include +#include + +#include "util.h" +#include "pkscreening.h" + + +/* Helper */ +static inline gpg_error_t +my_error (gpg_err_code_t ec) +{ + return gpg_err_make (default_errsource, ec); +} + + +/* Emulation of the new gcry_mpi_get_ui function. */ +static gpg_error_t +my_mpi_get_ui (unsigned int *v, gcry_mpi_t a) +{ + gpg_error_t err; + unsigned char buf[8]; + size_t n; + int i, mul; + + if (gcry_mpi_cmp_ui (a, 16384) > 0) + return my_error (GPG_ERR_ERANGE); /* Clearly too large for our purpose. */ + + err = gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, a); + if (err) + return err; + + *v = 0; + for (i = n - 1, mul = 1; i >= 0; i--, mul *= 256) + *v += mul * buf[i]; + + return 0; +} + + +/* Detect whether the MODULUS of a public RSA key is affected by the + * ROCA vulnerability as found in the Infinion RSA library + * (CVE-2017-15361). Returns 0 if not affected, GPG_ERR_TRUE if + * affected, GPG_ERR_BAD_MPI if an opaque RSA was passed, or other + * error codes if something weird happened */ +gpg_error_t +screen_key_for_roca (gcry_mpi_t modulus) +{ + static struct { + unsigned int prime_ui; + const char *print_hex; + gcry_mpi_t prime; + gcry_mpi_t print; + } table[] = { + { 3, "0x6" }, + { 5, "0x1E" }, + { 7, "0x7E" }, + { 11, "0x402" }, + { 13, "0x161A" }, + { 17, "0x1A316" }, + { 19, "0x30AF2" }, + { 23, "0x7FFFFE" }, + { 29, "0x1FFFFFFE" }, + { 31, "0x7FFFFFFE" }, + { 37, "0x4000402" }, + { 41, "0x1FFFFFFFFFE" }, + { 43, "0x7FFFFFFFFFE" }, + { 47, "0x7FFFFFFFFFFE" }, + { 53, "0x12DD703303AED2" }, + { 59, "0x7FFFFFFFFFFFFFE" }, + { 61, "0x1434026619900B0A" }, + { 67, "0x7FFFFFFFFFFFFFFFE" }, + { 71, "0x1164729716B1D977E" }, + { 73, "0x147811A48004962078A" }, + { 79, "0xB4010404000640502" }, + { 83, "0x7FFFFFFFFFFFFFFFFFFFE" }, + { 89, "0x1FFFFFFFFFFFFFFFFFFFFFE" }, + { 97, "0x1000000006000001800000002" }, + { 101, "0x1FFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 103, "0x16380E9115BD964257768FE396" }, + { 107, "0x27816EA9821633397BE6A897E1A" }, + { 109, "0x1752639F4E85B003685CBE7192BA" }, + { 113, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 127, "0x6CA09850C2813205A04C81430A190536" }, + { 131, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 137, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 139, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 149, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 151, "0x50C018BC00482458DAC35B1A2412003D18030A" }, + { 157, "0x161FB414D76AF63826461899071BD5BACA0B7E1A" }, + { 163, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 167, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" } + }; + gpg_error_t err; + int i; + gcry_mpi_t rem; + unsigned int bitno; + + /* Initialize on the first call. */ + if (!table[0].prime) + { + /* We pass primes[i] to the call so that in case of a concurrent + * second thread the already allocated space is reused. */ + for (i = 0; i < DIM (table); i++) + { + table[i].prime = gcry_mpi_set_ui (table[i].prime, table[i].prime_ui); + if (gcry_mpi_scan (&table[i].print, GCRYMPI_FMT_HEX, + table[i].print_hex, 0, NULL)) + BUG (); + } + } + + /* Check that it is not NULL or an opaque MPI. */ + if (!modulus || gcry_mpi_get_flag (modulus, GCRYMPI_FLAG_OPAQUE)) + return my_error (GPG_ERR_BAD_MPI); + + /* We divide the modulus of an RSA public key by a set of small + * PRIMEs and examine all the remainders. If all the bits at the + * index given by the remainder are set in the corresponding PRINT + * masks the key is very likely vulnerable. If any of the tested + * bits is zero, the key is not vulnerable. */ + rem = gcry_mpi_new (0); + for (i = 0; i < DIM (table); i++) + { + gcry_mpi_mod (rem, modulus, table[i].prime); + err = my_mpi_get_ui (&bitno, rem); + if (gpg_err_code (err) == GPG_ERR_ERANGE) + continue; + if (err) + goto leave; + if (!gcry_mpi_test_bit (table[i].print, bitno)) + goto leave; /* Not vulnerable. */ + } + + /* Very likely vulnerable */ + err = my_error (GPG_ERR_TRUE); + + leave: + gcry_mpi_release (rem); + return err; +} diff --git a/common/pkscreening.h b/common/pkscreening.h new file mode 100644 index 0000000..a647589 --- /dev/null +++ b/common/pkscreening.h @@ -0,0 +1,26 @@ +/* pkscreening.c - Screen public keys for vulnerabilities + * Copyright (C) 2017 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#ifndef GNUPG_COMMON_PKSCREENING_H +#define GNUPG_COMMON_PKSCREENING_H + +gpg_error_t screen_key_for_roca (gcry_mpi_t modulus); + + +#endif /*GNUPG_COMMON_PKSCREENING_H*/ diff --git a/doc/DETAILS b/doc/DETAILS index 0be55f4..8ead6a8 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -222,12 +222,14 @@ described here. *** Field 18 - Compliance flags - Space separated list of asserted compliance modes for this key. + Space separated list of asserted compliance modes and + screening result for this key. Valid values are: - 8 :: The key is compliant with RFC4880bis - 23 :: The key is compliant with compliance mode "de-vs". + - 6001 :: Screening hit on the ROCA vulnerability. *** Field 19 - Last update diff --git a/g10/gpg.c b/g10/gpg.c index 62d6131..61e39b8 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -197,6 +197,7 @@ enum cmd_and_opt_values oWithSubkeyFingerprint, oWithICAOSpelling, oWithKeygrip, + oWithKeyScreening, oWithSecret, oWithWKDHash, oWithColons, @@ -785,6 +786,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"), ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"), ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), + ARGPARSE_s_n (oWithKeyScreening,"with-key-screening", "@"), ARGPARSE_s_n (oWithSecret, "with-secret", "@"), ARGPARSE_s_n (oWithWKDHash, "with-wkd-hash", "@"), ARGPARSE_s_n (oWithKeyOrigin, "with-key-origin", "@"), @@ -2737,6 +2739,10 @@ main (int argc, char **argv) opt.with_keygrip = 1; break; + case oWithKeyScreening: + opt.with_key_screening = 1; + break; + case oWithSecret: opt.with_secret = 1; break; diff --git a/g10/keylist.c b/g10/keylist.c index dccae91..bcbad45 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -45,6 +45,7 @@ #include "../common/zb32.h" #include "tofu.h" #include "../common/compliance.h" +#include "../common/pkscreening.h" static void list_all (ctrl_t, int, int); @@ -696,6 +697,37 @@ print_key_data (PKT_public_key * pk) } } + +/* Various public key screenings. (Right now just ROCA). With + * COLON_MODE set the output is formatted for use in the compliance + * field of a colon listing. + */ +static void +print_pk_screening (PKT_public_key *pk, int colon_mode) +{ + gpg_error_t err; + + if (is_RSA (pk->pubkey_algo) && pubkey_get_npkey (pk->pubkey_algo)) + { + err = screen_key_for_roca (pk->pkey[0]); + if (!err) + ; + else if (gpg_err_code (err) == GPG_ERR_TRUE) + { + if (colon_mode) + es_fprintf (es_stdout, colon_mode > 1? " %d":"%d", 6001); + else + es_fprintf (es_stdout, + " Screening: ROCA vulnerability detected\n"); + } + else if (!colon_mode) + es_fprintf (es_stdout, " Screening: [ROCA check failed: %s]\n", + gpg_strerror (err)); + } + +} + + static void print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock) { @@ -922,6 +954,9 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, if (opt.with_key_data) print_key_data (pk); + if (opt.with_key_screening) + print_pk_screening (pk, 0); + if (opt.with_key_origin && (pk->keyorg || pk->keyupdate || pk->updateurl)) { @@ -1063,6 +1098,8 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); if (opt.with_key_data) print_key_data (pk2); + if (opt.with_key_screening) + print_pk_screening (pk2, 0); } else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs) @@ -1227,6 +1264,9 @@ print_compliance_flags (PKT_public_key *pk, gnupg_status_compliance_flag (CO_DE_VS)); any++; } + + if (opt.with_key_screening) + print_pk_screening (pk, 1+any); } diff --git a/g10/options.h b/g10/options.h index 130bec8..61f7403 100644 --- a/g10/options.h +++ b/g10/options.h @@ -82,6 +82,7 @@ struct int with_fingerprint; /* Option --with-fingerprint active. */ int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active. */ int with_keygrip; /* Option --with-keygrip active. */ + int with_key_screening;/* Option --with-key-screening active. */ int with_tofu_info; /* Option --with-tofu_info active. */ int with_secret; /* Option --with-secret active. */ int with_wkd_hash; /* Option --with-wkd-hash. */ diff --git a/sm/fingerprint.c b/sm/fingerprint.c index fbcec58..59688f3 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -277,6 +277,70 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits) } +/* If KEY is an RSA key, return its modulus. For non-RSA keys or on + * error return NULL. */ +gcry_mpi_t +gpgsm_get_rsa_modulus (ksba_cert_t cert) +{ + gpg_error_t err; + gcry_sexp_t key; + gcry_sexp_t list = NULL; + gcry_sexp_t l2 = NULL; + char *name = NULL; + gcry_mpi_t modulus = NULL; + + { + ksba_sexp_t ckey; + size_t n; + + ckey = ksba_cert_get_public_key (cert); + if (!ckey) + return NULL; + n = gcry_sexp_canon_len (ckey, 0, NULL, NULL); + if (!n) + { + xfree (ckey); + return NULL; + } + err = gcry_sexp_sscan (&key, NULL, (char *)ckey, n); + xfree (ckey); + if (err) + return NULL; + } + + list = gcry_sexp_find_token (key, "public-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "private-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "protected-private-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "shadowed-private-key", 0); + + gcry_sexp_release (key); + if (!list) + return NULL; /* No suitable key. */ + + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + l2 = NULL; + + name = gcry_sexp_nth_string (list, 0); + if (!name) + ; + else if (gcry_pk_map_name (name) == GCRY_PK_RSA) + { + l2 = gcry_sexp_find_token (list, "n", 1); + if (l2) + modulus = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + } + + gcry_free (name); + gcry_sexp_release (l2); + gcry_sexp_release (list); + return modulus; +} + /* For certain purposes we need a certificate id which has an upper diff --git a/sm/gpgsm.c b/sm/gpgsm.c index fa37f63..bd701ab 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -155,6 +155,7 @@ enum cmd_and_opt_values { oWithMD5Fingerprint, oWithKeygrip, oWithSecret, + oWithKeyScreening, oAnswerYes, oAnswerNo, oKeyring, @@ -391,6 +392,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"), ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), ARGPARSE_s_n (oWithSecret, "with-secret", "@"), + ARGPARSE_s_n (oWithKeyScreening,"with-key-screening", "@"), ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"), ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"), ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"), @@ -1289,6 +1291,10 @@ main ( int argc, char **argv) opt.with_keygrip = 1; break; + case oWithKeyScreening: + opt.with_key_screening = 1; + break; + case oOptions: /* config files may not be nested (silently ignore them) */ if (!configfp) diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 8c1f520..0421b97 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -85,6 +85,8 @@ struct int with_keygrip; /* Option --with-keygrip active. */ + int with_key_screening; /* Option --with-key-screening active. */ + int pinentry_mode; int armor; /* force base64 armoring (see also ctrl.with_base64) */ @@ -258,6 +260,7 @@ unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array); char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert); int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits); +gcry_mpi_t gpgsm_get_rsa_modulus (ksba_cert_t cert); char *gpgsm_get_certid (ksba_cert_t cert); diff --git a/sm/keylist.c b/sm/keylist.c index 9997da8..ea2a220 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -37,6 +37,7 @@ #include "../common/i18n.h" #include "../common/tlv.h" #include "../common/compliance.h" +#include "../common/pkscreening.h" struct list_external_parm_s { @@ -238,6 +239,38 @@ print_key_data (ksba_cert_t cert, estream_t fp) #endif } + +/* Various public key screenings. (Right now just ROCA). With + * COLON_MODE set the output is formatted for use in the compliance + * field of a colon listing. */ +static void +print_pk_screening (ksba_cert_t cert, int colon_mode, estream_t fp) +{ + gpg_error_t err; + gcry_mpi_t modulus; + + modulus = gpgsm_get_rsa_modulus (cert); + if (modulus) + { + err = screen_key_for_roca (modulus); + if (!err) + ; + else if (gpg_err_code (err) == GPG_ERR_TRUE) + { + if (colon_mode) + es_fprintf (fp, colon_mode > 1? " %d":"%d", 6001); + else + es_fprintf (fp, " screening: ROCA vulnerability detected\n"); + } + else if (!colon_mode) + es_fprintf (fp, " screening: [ROCA check failed: %s]\n", + gpg_strerror (err)); + gcry_mpi_release (modulus); + } + +} + + static void print_capabilities (ksba_cert_t cert, estream_t fp) { @@ -348,10 +381,19 @@ email_kludge (const char *name) /* Print the compliance flags to field 18. ALGO is the gcrypt algo * number. NBITS is the length of the key in bits. */ static void -print_compliance_flags (int algo, unsigned int nbits, estream_t fp) +print_compliance_flags (ksba_cert_t cert, int algo, unsigned int nbits, + estream_t fp) { + int any = 0; + if (gnupg_pk_is_compliant (CO_DE_VS, algo, NULL, nbits, NULL)) - es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp); + { + es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp); + any++; + } + + if (opt.with_key_screening) + print_pk_screening (cert, 1+any, fp); } @@ -526,7 +568,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, es_putc (':', fp); /* End of field 15. */ es_putc (':', fp); /* End of field 16. */ es_putc (':', fp); /* End of field 17. */ - print_compliance_flags (algo, nbits, fp); + print_compliance_flags (cert, algo, nbits, fp); es_putc (':', fp); /* End of field 18. */ es_putc ('\n', fp); @@ -1253,6 +1295,9 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret, } } + if (opt.with_key_screening) + print_pk_screening (cert, 0, fp); + if (have_secret) { char *cardsn; commit 69e579d78545aee5096a5d170e1cb9e511a09a90 Author: Werner Koch Date: Tue Oct 17 20:56:55 2017 +0200 sm: Fix colon listing of fields > 12 in crt records. * sm/keylist.c (print_capabilities): Move colon printing ... (list_cert_colon): to here. -- Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693 Signed-off-by: Werner Koch diff --git a/sm/keylist.c b/sm/keylist.c index 24c86e1..9997da8 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -289,8 +289,6 @@ print_capabilities (ksba_cert_t cert, estream_t fp) es_putc ('S', fp); if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN)) es_putc ('C', fp); - - es_putc (':', fp); } @@ -503,6 +501,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, es_putc (':', fp); /* Field 12, capabilities: */ print_capabilities (cert, fp); + es_putc (':', fp); /* Field 13, not used: */ es_putc (':', fp); /* Field 14, not used: */ ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 3 +- common/pkscreening.c | 159 ++++++++++++++++++++++++++++++ tools/send-mail.h => common/pkscreening.h | 16 ++- doc/DETAILS | 4 +- g10/gpg.c | 6 ++ g10/keylist.c | 40 ++++++++ g10/options.h | 1 + sm/fingerprint.c | 64 ++++++++++++ sm/gpgsm.c | 6 ++ sm/gpgsm.h | 3 + sm/keylist.c | 54 +++++++++- 11 files changed, 340 insertions(+), 16 deletions(-) create mode 100644 common/pkscreening.c copy tools/send-mail.h => common/pkscreening.h (61%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 18 14:02:56 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 18 Oct 2017 14:02:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-25-g18e5946 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 18e5946aef458cd95fdce4a04e144747b52b0472 (commit) from 825abec0e7f38667a34dce3025fc2f3a05001dde (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 18e5946aef458cd95fdce4a04e144747b52b0472 Author: Werner Koch Date: Wed Oct 18 13:55:56 2017 +0200 gpg: Fix wrong Tofu DB consistency check. * g10/tofu.c (build_conflict_set): Do not assume MAX_FINGERPRINT_LEN is the size of the fingerprint. -- This problem was exhibited by commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38. Signed-off-by: Werner Koch diff --git a/g10/tofu.c b/g10/tofu.c index ddd7f8c..e63e989 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2083,13 +2083,16 @@ build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs, * policy to ask due to a conflict. */ for (iter = conflict_set; iter; iter = iter->next) { + /* Fixme: Why the check against N+1? */ int l = strlen (iter->d); - if (!(l == 2 * MAX_FINGERPRINT_LEN - || l == 2 * MAX_FINGERPRINT_LEN + 1)) + if (!(l == 2 * 20 + || l == 2 * 20 + 1 + || l == 2 * 32 + || l == 2 * 32 + 1)) { log_error (_("TOFU db corruption detected.\n")); - print_further_info ("fingerprint '%s' is not %d characters long", - iter->d, 2 * MAX_FINGERPRINT_LEN); + print_further_info ("fingerprint '%s' is %d characters long", + iter->d, l); } if (l >= 1 && iter->d[l - 1] == '!') ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 18 18:45:10 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 18 Oct 2017 18:45:10 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-28-g645f30a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 645f30ad310a518a863eb7bd3e11251a7e7f2eca (commit) via 3bb06531d38b85be295308e826a50a1a7ba935ec (commit) via d353287f721ffb56627d55bef04cc770ff0a8681 (commit) from 18e5946aef458cd95fdce4a04e144747b52b0472 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 645f30ad310a518a863eb7bd3e11251a7e7f2eca Author: Werner Koch Date: Wed Oct 18 18:28:52 2017 +0200 gpg: Keep a lock during the read-update/insert cycle in import. * g10/keydb.c (keydb_handle): New field 'keep_lock'. (keydb_release): Clear that flag. (keydb_lock): New function. (unlock_all): Skip if KEEP_LOCK is set. * g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if requested. -- That change is straightforward. It helps to avoid the race condition that another gpg process inserts a key while the first process is between the search and the insert. A similar change is due for gpgsm. Note that the key edit operations may still suffer from a race. GnuPG-bug-id: 3446 diff --git a/g10/getkey.c b/g10/getkey.c index 6d18d29..7061f51 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1877,14 +1877,25 @@ get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd, hd = keydb_new (); if (!hd) return gpg_error_from_syserror (); - if (r_hd) - *r_hd = hd; if (lock) { + err = keydb_lock (hd); + if (err) + { + /* If locking did not work, we better don't return a handle + * at all - there was a reason that locking has been + * requested. */ + keydb_release (hd); + return err; + } keydb_disable_caching (hd); } + /* Fo all other errors we return the handle. */ + if (r_hd) + *r_hd = hd; + err = keydb_search_fpr (hd, fprbuf); if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) { diff --git a/g10/keydb.c b/g10/keydb.c index 0f28bc3..58a14a8 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -96,6 +96,10 @@ struct keydb_handle / keybox_lock, as appropriate). */ int locked; + /* If this flag is set a lock will only be released by + * keydb_release. */ + int keep_lock; + /* The index into ACTIVE of the resources in which the last search result was found. Initially -1. */ int found; @@ -964,6 +968,7 @@ keydb_release (KEYDB_HANDLE hd) log_assert (active_handles > 0); active_handles--; + hd->keep_lock = 0; unlock_all (hd); for (i=0; i < hd->used; i++) { @@ -985,6 +990,24 @@ keydb_release (KEYDB_HANDLE hd) } +/* Take a lock on the files immediately and not only during insert or + * update. This lock is released with keydb_release. */ +gpg_error_t +keydb_lock (KEYDB_HANDLE hd) +{ + gpg_error_t err; + + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + + err = lock_all (hd); + if (!err) + hd->keep_lock = 1; + + return err; +} + + /* Set a flag on the handle to suppress use of cached results. This * is required for updating a keyring and for key listings. Fixme: * Using a new parameter for keydb_new might be a better solution. */ @@ -1098,7 +1121,7 @@ unlock_all (KEYDB_HANDLE hd) { int i; - if (!hd->locked) + if (!hd->locked || hd->keep_lock) return; for (i=hd->used-1; i >= 0; i--) diff --git a/g10/keydb.h b/g10/keydb.h index b173751..7393768 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -154,6 +154,10 @@ KEYDB_HANDLE keydb_new (void); /* Free all resources owned by the database handle. */ void keydb_release (KEYDB_HANDLE hd); +/* Take a lock on the files immediately and not only during insert or + * update. This lock is released with keydb_release. */ +gpg_error_t keydb_lock (KEYDB_HANDLE hd); + /* Set a flag on the handle to suppress use of cached results. This is required for updating a keyring and for key listings. Fixme: Using a new parameter for keydb_new might be a better solution. */ commit 3bb06531d38b85be295308e826a50a1a7ba935ec Author: Werner Koch Date: Wed Oct 18 17:52:41 2017 +0200 gpg: Improve keydb handling in the main import function. * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ... (get_keyblock_byfprint_fast): .. new function. * g10/import.c (revocation_present): s/int rc/gpg_error_t err/. (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a handle. Remove the now surplus keyblock fetch in the merge branch. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 486330a..6d18d29 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1828,16 +1828,47 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock, * * Like get_pubkey_byfprint, PK may be NULL. In that case, this * function effectively just checks for the existence of the key. */ -int +gpg_error_t get_pubkey_byfprint_fast (PKT_public_key * pk, const byte * fprint, size_t fprint_len) { - int rc = 0; - KEYDB_HANDLE hd; + gpg_error_t err; KBNODE keyblock; + + err = get_keyblock_byfprint_fast (&keyblock, NULL, fprint, fprint_len, 0); + if (!err) + { + if (pk) + copy_public_key (pk, keyblock->pkt->pkt.public_key); + release_kbnode (keyblock); + } + + return err; +} + + +/* This function is similar to get_pubkey_byfprint_fast but returns a + * keydb handle at R_HD and the keyblock at R_KEYBLOCK. R_KEYBLOCK or + * R_HD may be NULL. If LOCK is set the handle has been opend in + * locked mode and keydb_disable_caching () has been called. On error + * R_KEYBLOCK is set to NULL but R_HD must be released by the caller; + * it may have a value of NULL, though. This allows to do an insert + * operation on a locked keydb handle. */ +gpg_error_t +get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd, + const byte *fprint, size_t fprint_len, int lock) +{ + gpg_error_t err; + KEYDB_HANDLE hd; + kbnode_t keyblock; byte fprbuf[MAX_FINGERPRINT_LEN]; int i; + if (r_keyblock) + *r_keyblock = NULL; + if (r_hd) + *r_hd = NULL; + for (i = 0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++) fprbuf[i] = fprint[i]; while (i < MAX_FINGERPRINT_LEN) @@ -1846,33 +1877,48 @@ get_pubkey_byfprint_fast (PKT_public_key * pk, hd = keydb_new (); if (!hd) return gpg_error_from_syserror (); + if (r_hd) + *r_hd = hd; - rc = keydb_search_fpr (hd, fprbuf); - if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + if (lock) { - keydb_release (hd); - return GPG_ERR_NO_PUBKEY; + keydb_disable_caching (hd); } - rc = keydb_get_keyblock (hd, &keyblock); - keydb_release (hd); - if (rc) + + err = keydb_search_fpr (hd, fprbuf); + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) { - log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc)); - return GPG_ERR_NO_PUBKEY; + if (!r_hd) + keydb_release (hd); + return gpg_error (GPG_ERR_NO_PUBKEY); + } + err = keydb_get_keyblock (hd, &keyblock); + if (err) + { + log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (err)); + if (!r_hd) + keydb_release (hd); + return gpg_error (GPG_ERR_NO_PUBKEY); } log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY); - if (pk) - copy_public_key (pk, keyblock->pkt->pkt.public_key); - release_kbnode (keyblock); /* Not caching key here since it won't have all of the fields properly set. */ + if (r_keyblock) + *r_keyblock = keyblock; + else + release_kbnode (keyblock); + + if (!r_hd) + keydb_release (hd); + return 0; } + const char * parse_def_secret_key (ctrl_t ctrl) { diff --git a/g10/import.c b/g10/import.c index e785002..8dd6b50 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1618,7 +1618,6 @@ import_one (ctrl_t ctrl, { gpg_error_t err = 0; PKT_public_key *pk; - PKT_public_key *pk_orig = NULL; kbnode_t node, uidnode; kbnode_t keyblock_orig = NULL; byte fpr2[MAX_FINGERPRINT_LEN]; @@ -1800,16 +1799,15 @@ import_one (ctrl_t ctrl, goto leave; /* Do we have this key already in one of our pubrings ? */ - hd = keydb_new (); - if (!hd) - return gpg_error_from_syserror (); - keydb_disable_caching (hd); - pk_orig = xmalloc_clear( sizeof *pk_orig ); - err = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len); - if (err - && gpg_err_code (err) != GPG_ERR_NO_PUBKEY - && gpg_err_code (err) != GPG_ERR_UNUSABLE_PUBKEY ) - { + err = get_keyblock_byfprint_fast (&keyblock_orig, &hd, + fpr2, fpr2len, 1/*locked*/); + if ((err + && gpg_err_code (err) != GPG_ERR_NO_PUBKEY + && gpg_err_code (err) != GPG_ERR_UNUSABLE_PUBKEY) + || !hd) + { + /* The !hd above is to catch a misbehaving function which + * returns NO_PUBKEY for failing to allocate a handle. */ if (!silent) log_error (_("key %s: public key not found: %s\n"), keystr(keyid), gpg_strerror (err)); @@ -1823,6 +1821,7 @@ import_one (ctrl_t ctrl, } else if (err) /* Insert this key. */ { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ int n_sigs_cleaned, n_uids_cleaned; err = keydb_locate_writable (hd); @@ -1892,45 +1891,26 @@ import_one (ctrl_t ctrl, stats->imported++; new_key = 1; } - else /* Merge the key. */ + else /* Key already exists - merge. */ { int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned; u32 curtime = make_timestamp (); /* Compare the original against the new key; just to be sure nothing * weird is going on */ - if (cmp_public_keys( pk_orig, pk ) ) + if (cmp_public_keys (keyblock_orig->pkt->pkt.public_key, pk)) { if (!silent) log_error( _("key %s: doesn't match our copy\n"),keystr(keyid)); goto leave; } - /* Now read the original keyblock again so that we can use the - * handle for updating the keyblock. FIXME: Why not let - * get_pubkey_byfprint_fast do that - it fetches the keyblock - * anyway. */ - err = keydb_search_fpr (hd, fpr2); - if (err) - { - log_error (_("key %s: can't locate original keyblock: %s\n"), - keystr(keyid), gpg_strerror (err)); - goto leave; - } - err = keydb_get_keyblock (hd, &keyblock_orig); - if (err) - { - log_error (_("key %s: can't read original keyblock: %s\n"), - keystr(keyid), gpg_strerror (err)); - goto leave; - } - /* Make sure the original direct key sigs are all sane. */ n_sigs_cleaned = fix_bad_direct_key_sigs (ctrl, keyblock_orig, keyid); if (n_sigs_cleaned) commit_kbnode (&keyblock_orig); - /* and try to merge the block */ + /* Try to merge KEYBLOCK into KEYBLOCK_ORIG. */ clear_kbnode_flags( keyblock_orig ); clear_kbnode_flags( keyblock ); n_uids = n_sigs = n_subk = n_uids_cleaned = 0; @@ -2091,7 +2071,6 @@ import_one (ctrl_t ctrl, } release_kbnode( keyblock_orig ); - free_public_key( pk_orig ); return err; } @@ -3266,14 +3245,15 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) /* Okay, we have a revocation key, and a * revocation issued by it. Do we have the key * itself? */ - int rc; + gpg_error_t err; - rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx].fpr, - MAX_FINGERPRINT_LEN); - if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY - || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY) + err = get_pubkey_byfprint_fast (NULL, + sig->revkey[idx].fpr, + MAX_FINGERPRINT_LEN); + if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY + || gpg_err_code (err) == GPG_ERR_UNUSABLE_PUBKEY) { - char *tempkeystr=xstrdup(keystr_from_pk(pk)); + char *tempkeystr = xstrdup (keystr_from_pk (pk)); /* No, so try and get it */ if ((opt.keyserver_options.options @@ -3289,13 +3269,13 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) opt.keyserver, 0); /* Do we have it now? */ - rc=get_pubkey_byfprint_fast (NULL, + err = get_pubkey_byfprint_fast (NULL, sig->revkey[idx].fpr, MAX_FINGERPRINT_LEN); } - if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY - || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY) + if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY + || gpg_err_code (err) == GPG_ERR_UNUSABLE_PUBKEY) log_info(_("WARNING: key %s may be revoked:" " revocation key %s not present.\n"), tempkeystr,keystr(keyid)); diff --git a/g10/keydb.h b/g10/keydb.h index f503c99..b173751 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -339,8 +339,17 @@ int get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock, /* This function is similar to get_pubkey_byfprint, but it doesn't merge the self-signed data into the public key and subkeys or into the user ids. */ -int get_pubkey_byfprint_fast (PKT_public_key *pk, - const byte *fprint, size_t fprint_len); +gpg_error_t get_pubkey_byfprint_fast (PKT_public_key *pk, + const byte *fprint, size_t fprint_len); + +/* This function is similar to get_pubkey_byfprint, but it doesn't + merge the self-signed data into the public key and subkeys or into + the user ids. */ +gpg_error_t get_keyblock_byfprint_fast (kbnode_t *r_keyblock, + KEYDB_HANDLE *r_hd, + const byte *fprint, size_t fprint_len, + int lock); + /* Returns true if a secret key is available for the public key with key id KEYID. */ commit d353287f721ffb56627d55bef04cc770ff0a8681 Author: Werner Koch Date: Wed Oct 18 13:09:47 2017 +0200 gpg: Simplify keydb handling of the main import function. * g10/import.c (import_keys_internal): Return gpg_error_t instead of int. Change var names. (import_keys_es_stream): Ditto. (import_one): Ditto. Use a single keydb_new and simplify the use of of keydb_release. -- Note that this opens a keydb handle before we call get_pubkey_byfprint_fast which internally uses another key db handle. A further patch will cleanup this double use. Note that we also disable the keydb caching for the insert case. The s/int/gpg_error_t/ has been done while checking the call chains of the import functions and making sure that gpg_err_code is always used. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index 5b55f8f..e785002 100644 --- a/g10/import.c +++ b/g10/import.c @@ -102,7 +102,7 @@ static int import (ctrl_t ctrl, static int read_block (IOBUF a, int with_meta, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys); static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); -static int import_one (ctrl_t ctrl, +static gpg_error_t import_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, @@ -436,7 +436,7 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock) * * Key revocation certificates have special handling. */ -static int +static gpg_error_t import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, @@ -445,7 +445,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, int origin, const char *url) { int i; - int rc = 0; + gpg_error_t err = 0; struct import_stats_s *stats = stats_handle; if (!stats) @@ -453,8 +453,8 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, if (inp) { - rc = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options, - screener, screener_arg, origin, url); + err = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options, + screener, screener_arg, origin, url); } else { @@ -478,14 +478,14 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, log_error (_("can't open '%s': %s\n"), fname, strerror (errno)); else { - rc = import (ctrl, inp2, fname, stats, fpr, fpr_len, options, + err = import (ctrl, inp2, fname, stats, fpr, fpr_len, options, screener, screener_arg, origin, url); iobuf_close (inp2); /* Must invalidate that ugly cache to actually close it. */ iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname); - if (rc) + if (err) log_error ("import from '%s' failed: %s\n", - fname, gpg_strerror (rc) ); + fname, gpg_strerror (err) ); } if (!fname) break; @@ -507,7 +507,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, if (!(options & IMPORT_FAST)) check_or_update_trustdb (ctrl); - return rc; + return err; } @@ -521,7 +521,7 @@ import_keys (ctrl_t ctrl, char **fnames, int nnames, } -int +gpg_error_t import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, @@ -529,23 +529,23 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_screener_t screener, void *screener_arg, int origin, const char *url) { - int rc; + gpg_error_t err; iobuf_t inp; inp = iobuf_esopen (fp, "rb", 1); if (!inp) { - rc = gpg_error_from_syserror (); - log_error ("iobuf_esopen failed: %s\n", gpg_strerror (rc)); - return rc; + err = gpg_error_from_syserror (); + log_error ("iobuf_esopen failed: %s\n", gpg_strerror (err)); + return err; } - rc = import_keys_internal (ctrl, inp, NULL, 0, stats_handle, + err = import_keys_internal (ctrl, inp, NULL, 0, stats_handle, fpr, fpr_len, options, screener, screener_arg, origin, url); iobuf_close (inp); - return rc; + return err; } @@ -1608,7 +1608,7 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) * even most error messages are suppressed. ORIGIN is the origin of * the key (0 for unknown) and URL the corresponding URL. */ -static int +static gpg_error_t import_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, @@ -1616,6 +1616,7 @@ import_one (ctrl_t ctrl, import_screener_t screener, void *screener_arg, int origin, const char *url) { + gpg_error_t err = 0; PKT_public_key *pk; PKT_public_key *pk_orig = NULL; kbnode_t node, uidnode; @@ -1623,7 +1624,6 @@ import_one (ctrl_t ctrl, byte fpr2[MAX_FINGERPRINT_LEN]; size_t fpr2len; u32 keyid[2]; - int rc = 0; int new_key = 0; int mod_key = 0; int same_key = 0; @@ -1632,6 +1632,7 @@ import_one (ctrl_t ctrl, char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; int any_filter = 0; + KEYDB_HANDLE hd = NULL; /* Get the key and print some info about it. */ node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); @@ -1791,7 +1792,7 @@ import_one (ctrl_t ctrl, merge_keys_and_selfsig (ctrl, keyblock); merge_keys_done = 1; } - rc = write_keyblock_to_output (keyblock, opt.armor, opt.export_options); + err = write_keyblock_to_output (keyblock, opt.armor, opt.export_options); goto leave; } @@ -1799,37 +1800,37 @@ import_one (ctrl_t ctrl, goto leave; /* Do we have this key already in one of our pubrings ? */ + hd = keydb_new (); + if (!hd) + return gpg_error_from_syserror (); + keydb_disable_caching (hd); pk_orig = xmalloc_clear( sizeof *pk_orig ); - rc = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len); - if (rc && gpg_err_code (rc) != GPG_ERR_NO_PUBKEY - && gpg_err_code (rc) != GPG_ERR_UNUSABLE_PUBKEY ) + err = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len); + if (err + && gpg_err_code (err) != GPG_ERR_NO_PUBKEY + && gpg_err_code (err) != GPG_ERR_UNUSABLE_PUBKEY ) { if (!silent) log_error (_("key %s: public key not found: %s\n"), - keystr(keyid), gpg_strerror (rc)); + keystr(keyid), gpg_strerror (err)); } - else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) ) + else if (err && (opt.import_options&IMPORT_MERGE_ONLY) ) { if (opt.verbose && !silent ) log_info( _("key %s: new key - skipped\n"), keystr(keyid)); - rc = 0; + err = 0; stats->skipped_new_keys++; } - else if (rc ) /* Insert this key. */ + else if (err) /* Insert this key. */ { - KEYDB_HANDLE hd; int n_sigs_cleaned, n_uids_cleaned; - hd = keydb_new (); - if (!hd) - return gpg_error_from_syserror (); - - rc = keydb_locate_writable (hd); - if (rc) + err = keydb_locate_writable (hd); + if (err) { - log_error (_("no writable keyring found: %s\n"), gpg_strerror (rc)); - keydb_release (hd); - return GPG_ERR_GENERAL; + log_error (_("no writable keyring found: %s\n"), gpg_strerror (err)); + err = gpg_error (GPG_ERR_GENERAL); + goto leave; } if (opt.verbose > 1 ) log_info (_("writing to '%s'\n"), keydb_get_resource_name (hd) ); @@ -1843,19 +1844,19 @@ import_one (ctrl_t ctrl, * and thus the address of KEYBLOCK won't change. */ if ( !(options & IMPORT_RESTORE) ) { - rc = insert_key_origin (keyblock, origin, url); - if (rc) + err = insert_key_origin (keyblock, origin, url); + if (err) { - log_error ("insert_key_origin failed: %s\n", gpg_strerror (rc)); - keydb_release (hd); - return GPG_ERR_GENERAL; + log_error ("insert_key_origin failed: %s\n", gpg_strerror (err)); + err = gpg_error (GPG_ERR_GENERAL); + goto leave; } } - rc = keydb_insert_keyblock (hd, keyblock ); - if (rc) + err = keydb_insert_keyblock (hd, keyblock ); + if (err) log_error (_("error writing keyring '%s': %s\n"), - keydb_get_resource_name (hd), gpg_strerror (rc)); + keydb_get_resource_name (hd), gpg_strerror (err)); else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST)) { /* This should not be possible since we delete the @@ -1868,7 +1869,10 @@ import_one (ctrl_t ctrl, if (non_self) revalidation_mark (ctrl); } + + /* Release the handle and thus unlock the keyring asap. */ keydb_release (hd); + hd = NULL; /* We are ready. */ if (!opt.quiet && !silent) @@ -1890,7 +1894,6 @@ import_one (ctrl_t ctrl, } else /* Merge the key. */ { - KEYDB_HANDLE hd; int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned; u32 curtime = make_timestamp (); @@ -1903,29 +1906,22 @@ import_one (ctrl_t ctrl, goto leave; } - /* Now read the original keyblock again so that we can use - that handle for updating the keyblock. */ - hd = keydb_new (); - if (!hd) - { - rc = gpg_error_from_syserror (); - goto leave; - } - keydb_disable_caching (hd); - rc = keydb_search_fpr (hd, fpr2); - if (rc ) + /* Now read the original keyblock again so that we can use the + * handle for updating the keyblock. FIXME: Why not let + * get_pubkey_byfprint_fast do that - it fetches the keyblock + * anyway. */ + err = keydb_search_fpr (hd, fpr2); + if (err) { log_error (_("key %s: can't locate original keyblock: %s\n"), - keystr(keyid), gpg_strerror (rc)); - keydb_release (hd); + keystr(keyid), gpg_strerror (err)); goto leave; } - rc = keydb_get_keyblock (hd, &keyblock_orig); - if (rc) + err = keydb_get_keyblock (hd, &keyblock_orig); + if (err) { log_error (_("key %s: can't read original keyblock: %s\n"), - keystr(keyid), gpg_strerror (rc)); - keydb_release (hd); + keystr(keyid), gpg_strerror (err)); goto leave; } @@ -1938,14 +1934,11 @@ import_one (ctrl_t ctrl, clear_kbnode_flags( keyblock_orig ); clear_kbnode_flags( keyblock ); n_uids = n_sigs = n_subk = n_uids_cleaned = 0; - rc = merge_blocks (ctrl, options, keyblock_orig, keyblock, keyid, - curtime, origin, url, - &n_uids, &n_sigs, &n_subk ); - if (rc ) - { - keydb_release (hd); - goto leave; - } + err = merge_blocks (ctrl, options, keyblock_orig, keyblock, keyid, + curtime, origin, url, + &n_uids, &n_sigs, &n_subk ); + if (err) + goto leave; if ((options & IMPORT_CLEAN)) clean_key (ctrl, keyblock_orig, opt.verbose, (options&IMPORT_MINIMAL), @@ -1958,25 +1951,28 @@ import_one (ctrl_t ctrl, * and thus the address of KEYBLOCK won't change. */ if ( !(options & IMPORT_RESTORE) ) { - rc = update_key_origin (keyblock_orig, curtime, origin, url); - if (rc) + err = update_key_origin (keyblock_orig, curtime, origin, url); + if (err) { log_error ("update_key_origin failed: %s\n", - gpg_strerror (rc)); - keydb_release (hd); + gpg_strerror (err)); goto leave; } } mod_key = 1; /* KEYBLOCK_ORIG has been updated; write */ - rc = keydb_update_keyblock (ctrl, hd, keyblock_orig); - if (rc) + err = keydb_update_keyblock (ctrl, hd, keyblock_orig); + if (err) log_error (_("error writing keyring '%s': %s\n"), - keydb_get_resource_name (hd), gpg_strerror (rc) ); + keydb_get_resource_name (hd), gpg_strerror (err)); else if (non_self) revalidation_mark (ctrl); + /* Release the handle and thus unlock the keyring asap. */ + keydb_release (hd); + hd = NULL; + /* We are ready. */ if (!opt.quiet && !silent) { @@ -2025,6 +2021,10 @@ import_one (ctrl_t ctrl, } else { + /* Release the handle and thus unlock the keyring asap. */ + keydb_release (hd); + hd = NULL; + /* Fixme: we do not track the time we last checked a key for * updates. To do this we would need to rewrite even the * keys which have no changes. */ @@ -2041,11 +2041,10 @@ import_one (ctrl_t ctrl, stats->unchanged++; } - - keydb_release (hd); hd = NULL; } leave: + keydb_release (hd); if (mod_key || new_key || same_key) { /* A little explanation for this: we fill in the fingerprint @@ -2094,7 +2093,7 @@ import_one (ctrl_t ctrl, release_kbnode( keyblock_orig ); free_public_key( pk_orig ); - return rc; + return err; } diff --git a/g10/main.h b/g10/main.h index 4850360..4a8f8c3 100644 --- a/g10/main.h +++ b/g10/main.h @@ -356,7 +356,7 @@ gpg_error_t read_key_from_file (ctrl_t ctrl, const char *fname, void import_keys (ctrl_t ctrl, char **fnames, int nnames, import_stats_t stats_hd, unsigned int options, int origin, const char *url); -int import_keys_es_stream (ctrl_t ctrl, estream_t fp, +gpg_error_t import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options, ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 87 ++++++++++++++++++++++----- g10/import.c | 189 ++++++++++++++++++++++++++--------------------------------- g10/keydb.c | 25 +++++++- g10/keydb.h | 17 +++++- g10/main.h | 2 +- 5 files changed, 196 insertions(+), 124 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 19 04:23:56 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 19 Oct 2017 04:23:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-29-g995c46e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 995c46ea77cff5b99b2fca17b547d6525a4f227e (commit) from 645f30ad310a518a863eb7bd3e11251a7e7f2eca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 995c46ea77cff5b99b2fca17b547d6525a4f227e Author: NIIBE Yutaka Date: Thu Oct 19 11:08:24 2017 +0900 g10: Fix find_and_check_key for multiple keyrings. * g10/pkclist.c (find_and_check_key): Call get_validity on a specific keyblock. -- When we have multiple keyrings, get_validity after get_best_pubkey_byname should access same keyring. Or else, the situation of an expired key in keyring A but valid key in keyring B causes SEGV. Thanks to Guido G?nther for the use case and the log. Debian-bug-id: 878812 Signed-off-by: NIIBE Yutaka diff --git a/g10/pkclist.c b/g10/pkclist.c index 67d932e..220936c 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -826,6 +826,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, { int rc; PKT_public_key *pk; + KBNODE keyblock = NULL; if (!name || !*name) return gpg_error (GPG_ERR_INV_USER_ID); @@ -838,7 +839,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, if (from_file) rc = get_pubkey_fromfile (ctrl, pk, name); else - rc = get_best_pubkey_byname (ctrl, NULL, pk, name, NULL, 0, 0); + rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0, 0); if (rc) { int code; @@ -861,6 +862,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, if (rc) { /* Key found but not usable for us (e.g. sign-only key). */ + release_kbnode (keyblock); send_status_inv_recp (3, name); /* Wrong key usage */ log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) ); free_public_key (pk); @@ -872,7 +874,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, { int trustlevel; - trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1); + trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1); + release_kbnode (keyblock); if ( (trustlevel & TRUST_FLAG_DISABLED) ) { /* Key has been disabled. */ ----------------------------------------------------------------------- Summary of changes: g10/pkclist.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 19 04:36:26 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 19 Oct 2017 04:36:26 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-16-g72d0ca1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 72d0ca10c884e09e8f28f084c385743c0796f09c (commit) from c6e42e7ec3d1046969d783c443c13aad7cb61bb8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 72d0ca10c884e09e8f28f084c385743c0796f09c Author: NIIBE Yutaka Date: Thu Oct 19 11:35:00 2017 +0900 Register DCO for Jia Zhang. -- Signed-off-by: NIIBE Yutaka diff --git a/AUTHORS b/AUTHORS index 0d1da12..8c553e6 100644 --- a/AUTHORS +++ b/AUTHORS @@ -157,6 +157,9 @@ Dmitry Eremin-Solenikov Dmitry Kasatkin 2012-12-14:50CAE2DB.80302 at intel.com: +Jia Zhang +2017-10-17:59E56E30.9060503 at alibaba-inc.com: + J?r?mie Courr?ges-Anglas 2016-05-26:87bn3ssqg0.fsf at ritchie.wxcvbn.org: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 19 09:38:10 2017 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 19 Oct 2017 09:38:10 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-30-g28aa689 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 28aa6890588cc108639951bb4bef03ac17743046 (commit) from 995c46ea77cff5b99b2fca17b547d6525a4f227e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 28aa6890588cc108639951bb4bef03ac17743046 Author: Daniel Kahn Gillmor Date: Sun Feb 5 02:12:25 2017 -0500 agent: Send pinentry the uid of connecting process where possible. * agent/agent.h (server_control_s): Add field 'client_uid'. * agent/call-pinentry.c (start_pinentry): Add uid field to assuan option "owner" sent to pinentry. * agent/command-ssh.c (peer_info_s): New static struct. (get_client_pid): Rename to... (get_client_info): Here, and extract uid in addition to pid. (start_command_handler_ssh): Use get_client_info() instead of get_client_pid(). * agent/command.c (start_command_handler): Try assuan_get_peercred, and only fall back to assuan_get_pid when assuan_get_peercred fails. -- This also requires an update to pinentry to handle the new uid field. Distributing the uid as well as the pid makes it harder for a different user on the same machine to take advantage of any race conditions between when a requesting process might ask for something that needs pinentry, and when pinentry gets around to inspecting the state of that process. We put the uid before the nodename because the uid is guaranteed to be a integer (represented in decimal), which makes it much simpler to parse past than the potentially arbitrarily structured nodename. Use a / instead of whitespace to delimit pid/uid at Werner's request. If we were willing to depend on the nodename being whitespace-delimited (as the current, unreleased pinentry code does), then we could add the uid after the nodename. But since no released pinentry depends on this option anyway, i think we should make the more conservative, easily-parseable choice and put the user ID first. Signed-off-by: Daniel Kahn Gillmor diff --git a/agent/agent.h b/agent/agent.h index f5df75e..af64f33 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -226,6 +226,7 @@ struct server_control_s char *lc_ctype; char *lc_messages; unsigned long client_pid; + int client_uid; /* The current pinentry mode. */ pinentry_mode_t pinentry_mode; diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 6a5c1fe..98af95a 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -593,8 +593,9 @@ start_pinentry (ctrl_t ctrl) nodename = utsbuf.nodename; #endif /*!HAVE_W32_SYSTEM*/ - if ((optstr = xtryasprintf ("OPTION owner=%lu %s", - ctrl->client_pid, nodename))) + if ((optstr = xtryasprintf ("OPTION owner=%lu/%d %s", + ctrl->client_pid, ctrl->client_uid, + nodename))) { assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 9d45a18..866f439 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -255,6 +255,11 @@ static gpg_error_t ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec, static gpg_error_t ssh_key_extract_comment (gcry_sexp_t key, char **comment); +struct peer_info_s +{ + unsigned long pid; + int uid; +}; /* Global variables. */ @@ -3581,10 +3586,11 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) /* Return the peer's pid. */ -static unsigned long -get_client_pid (int fd) +static void +get_client_info (int fd, struct peer_info_s *out) { - pid_t client_pid = (pid_t)0; + pid_t client_pid = (pid_t)(-1); + uid_t client_uid = (uid_t)-1; #ifdef SO_PEERCRED { @@ -3599,8 +3605,10 @@ get_client_pid (int fd) { #if defined (HAVE_STRUCT_SOCKPEERCRED_PID) || defined (HAVE_STRUCT_UCRED_PID) client_pid = cr.pid; + client_uid = cr.uid; #elif defined (HAVE_STRUCT_UCRED_CR_PID) client_pid = cr.cr_pid; + client_pid = cr.cr_uid; #else #error "Unknown SO_PEERCRED struct" #endif @@ -3611,6 +3619,7 @@ get_client_pid (int fd) socklen_t len = sizeof (pid_t); getsockopt (fd, SOL_LOCAL, LOCAL_PEERPID, &client_pid, &len); + getsockopt (fd, SOL_LOCAL, LOCAL_PEERUID, &client_uid, &len); } #elif defined (LOCAL_PEEREID) { @@ -3619,6 +3628,7 @@ get_client_pid (int fd) if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1) client_pid = unp.unp_pid; + client_uid = unp.unp_euid; } #elif defined (HAVE_GETPEERUCRED) { @@ -3626,7 +3636,8 @@ get_client_pid (int fd) if (getpeerucred (fd, &ucred) != -1) { - client_pid= ucred_getpid (ucred); + client_pid = ucred_getpid (ucred); + client_uid = ucred_geteuid (ucred); ucred_free (ucred); } } @@ -3634,7 +3645,8 @@ get_client_pid (int fd) (void)fd; #endif - return (unsigned long)client_pid; + out->pid = (client_pid == (pid_t)(-1)? 0 : (unsigned long)client_pid); + out->uid = (int)client_uid; } @@ -3645,12 +3657,15 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) estream_t stream_sock = NULL; gpg_error_t err; int ret; + struct peer_info_s peer_info; err = agent_copy_startup_env (ctrl); if (err) goto out; - ctrl->client_pid = get_client_pid (FD2INT(sock_client)); + get_client_info (FD2INT(sock_client), &peer_info); + ctrl->client_pid = peer_info.pid; + ctrl->client_uid = peer_info.uid; /* Create stream from socket. */ stream_sock = es_fdopen (FD2INT(sock_client), "r+"); diff --git a/agent/command.c b/agent/command.c index fd39c68..4016cc2 100644 --- a/agent/command.c +++ b/agent/command.c @@ -3328,7 +3328,7 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) for (;;) { - pid_t client_pid; + assuan_peercred_t client_creds; rc = assuan_accept (ctx); if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1) @@ -3341,12 +3341,20 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) break; } - client_pid = assuan_get_pid (ctx); - ctrl->server_local->connect_from_self = (client_pid == getpid ()); - if (client_pid != ASSUAN_INVALID_PID) - ctrl->client_pid = (unsigned long)client_pid; + rc = assuan_get_peercred (ctx, &client_creds); + if (rc) + { + log_info ("Assuan get_peercred failed: %s\n", gpg_strerror (rc)); + client_creds->pid = assuan_get_pid (ctx); + ctrl->client_uid = -1; + } + ctrl->server_local->connect_from_self = + (client_creds->pid == getpid ()); + if (client_creds->pid != ASSUAN_INVALID_PID) + ctrl->client_pid = (unsigned long)client_creds->pid; else ctrl->client_pid = 0; + ctrl->client_uid = client_creds->uid; rc = assuan_process (ctx); if (rc) ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 1 + agent/call-pinentry.c | 5 +++-- agent/command-ssh.c | 27 +++++++++++++++++++++------ agent/command.c | 18 +++++++++++++----- 4 files changed, 38 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 19 09:41:53 2017 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 19 Oct 2017 09:41:53 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-1.0.0-33-g6aafa61 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 6aafa61b199ab9091d6c9e190129f2ead2a647c7 (commit) from 1f5b351531205214e9513a0aed170660dc822ceb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6aafa61b199ab9091d6c9e190129f2ead2a647c7 Author: Daniel Kahn Gillmor Date: Sun Feb 5 00:44:12 2017 -0500 core: Expect (and verify) a uid on "owner" option. * pinentry/pinentry.h (struct pinentry): Add field 'owner_uid'. * pinentry/pinentry.c (pinentry_reset): Handle this new field. (get_pid_name_for_uid): New. Atomic check for the base process name contingent on process ownership. (pinentry_get_title): Only scan for full commandline if the process actually belongs to the claimed uid. (option_handler): Option "owner" now expects "pid/uid hostname". -- This requires an update to gpg's use of the "owner" option to emit the uid (which will follow shortly). It is not as atomic as it should be. In particular, there's a race condition between reading from /proc/PID/status and reading from /proc/PID/cmdline, but it's a much smaller race than there was previously. Werner suggested using a / between pid/uid instead of whitespace. Signed-off-by: Daniel Kahn Gillmor diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 2ba4baa..ac3a323 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -101,6 +101,7 @@ pinentry_reset (int use_defaults) char *default_tt_hide = pinentry.default_tt_hide; char *touch_file = pinentry.touch_file; unsigned long owner_pid = pinentry.owner_pid; + int owner_uid = pinentry.owner_uid; char *owner_host = pinentry.owner_host; /* These options are set from the command line. Don't reset @@ -176,6 +177,8 @@ pinentry_reset (int use_defaults) pinentry.color_bg = PINENTRY_COLOR_DEFAULT; pinentry.color_so = PINENTRY_COLOR_DEFAULT; pinentry.color_so_bright = 0; + + pinentry.owner_uid = -1; } else /* Restore the options. */ { @@ -195,6 +198,7 @@ pinentry_reset (int use_defaults) pinentry.default_tt_hide = default_tt_hide; pinentry.touch_file = touch_file; pinentry.owner_pid = owner_pid; + pinentry.owner_uid = owner_uid; pinentry.owner_host = owner_host; pinentry.debug = debug; @@ -429,6 +433,54 @@ get_cmdline (unsigned long pid) } +/* Atomically ask the kernel for information about process PID. + * Return a malloc'ed copy of the process name as long as the process + * uid matches UID. If it cannot determine that the process has uid + * UID, it returns NULL. + + * This is not as informative as get_cmdline, but it verifies that the + * process does belong to the user in question. + */ +static char * +get_pid_name_for_uid (unsigned long pid, int uid) +{ + char buffer[400]; + FILE *fp; + size_t end, n; + char *uidstr; + + snprintf (buffer, sizeof buffer, "/proc/%lu/status", pid); + buffer[sizeof buffer - 1] = 0; + + fp = fopen (buffer, "rb"); + if (!fp) + return NULL; + n = fread (buffer, 1, sizeof buffer - 1, fp); + if (n < sizeof buffer -1 && ferror (fp)) + { + /* Some error occurred. */ + fclose (fp); + return NULL; + } + fclose (fp); + if (n == 0) + return NULL; + if (strncmp (buffer, "Name:\t", 6)) + return NULL; + end = strcspn (buffer + 6, "\n") + 6; + buffer[end] = 0; + + /* check that uid matches what we expect */ + uidstr = strstr (buffer + end + 1, "\nUid:\t"); + if (!uidstr) + return NULL; + if (atoi (uidstr + 6) != uid) + return NULL; + + return strdup (buffer + 6); +} + + /* Return a malloced string with the title. The caller mus free the * string. If no title is available or the title string has an error * NULL is returned. */ @@ -443,16 +495,21 @@ pinentry_get_title (pinentry_t pe) { char buf[200]; struct utsname utsbuf; + char *pidname = NULL; char *cmdline = NULL; if (pe->owner_host && !uname (&utsbuf) && utsbuf.nodename && !strcmp (utsbuf.nodename, pe->owner_host)) - cmdline = get_cmdline (pe->owner_pid); + { + pidname = get_pid_name_for_uid (pe->owner_pid, pe->owner_uid); + if (pidname) + cmdline = get_cmdline (pe->owner_pid); + } - if (pe->owner_host && cmdline) + if (pe->owner_host && (cmdline || pidname)) snprintf (buf, sizeof buf, "[%lu]@%s (%s)", - pe->owner_pid, pe->owner_host, cmdline); + pe->owner_pid, pe->owner_host, cmdline ? cmdline : pidname); else if (pe->owner_host) snprintf (buf, sizeof buf, "[%lu]@%s", pe->owner_pid, pe->owner_host); @@ -460,6 +517,7 @@ pinentry_get_title (pinentry_t pe) snprintf (buf, sizeof buf, "[%lu] ", pe->owner_pid); buf[sizeof buf - 1] = 0; + free (pidname); free (cmdline); title = strdup (buf); } @@ -1027,24 +1085,35 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) free (pinentry.owner_host); pinentry.owner_host = NULL; + pinentry.owner_uid = -1; + pinentry.owner_pid = 0; errno = 0; along = strtol (value, &endp, 10); - if (along < 0 || errno) - pinentry.owner_pid = 0; - else + if (along && !errno) { pinentry.owner_pid = (unsigned long)along; - while (endp && *endp == ' ') - endp++; if (*endp) { - pinentry.owner_host = strdup (endp); - if (pinentry.owner_host) + errno = 0; + if (*endp == '/') { /* we have a uid */ + endp++; + along = strtol (endp, &endp, 10); + if (along >= 0 && !errno) + pinentry.owner_uid = (int)along; + } + if (endp) { - for (endp=pinentry.owner_host; *endp && *endp != ' '; endp++) - ; - *endp = 0; + while (*endp == ' ') + endp++; + if (*endp) + { + pinentry.owner_host = strdup (endp); + for (endp=pinentry.owner_host; + *endp && *endp != ' '; endp++) + ; + *endp = 0; + } } } } diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index a4447a8..128331c 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -98,7 +98,11 @@ struct pinentry * which actually triggered the the pinentry. For example gpg. */ unsigned long owner_pid; - /* The malloced hostname of the owener or NULL. */ + /* The numeric uid (user ID) of the owner process or -1 if not + * known. */ + int owner_uid; + + /* The malloced hostname of the owner or NULL. */ char *owner_host; /* The window ID of the parent window over which the pinentry window ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry.c | 95 +++++++++++++++++++++++++++++++++++++++++++++-------- pinentry/pinentry.h | 6 +++- 2 files changed, 87 insertions(+), 14 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 19 15:10:26 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 19 Oct 2017 15:10:26 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-10-gd07de38 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb (commit) via 7c73db3d31c6457dfbdc82a8dc89951c023f0603 (commit) via 8448347b5bdee56e6f9938a93ea92fe4d3c8800c (commit) via 752cae6dd2ee8982a34c796a3f168ae538f7938c (commit) via 1bf5cbd3ef01b7f5fdcfa30c882047b924dcf3f0 (commit) via b509d81cab030cca6abf0d878e1fc884eda344e6 (commit) from e725c4d65335d18dea6b855726ee7c57afd4a60a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb Author: NIIBE Yutaka Date: Thu Oct 19 11:08:24 2017 +0900 g10: Fix find_and_check_key for multiple keyrings. * g10/pkclist.c (find_and_check_key): Call get_validity on a specific keyblock. -- When we have multiple keyrings, get_validity after get_best_pubkey_byname should access same keyring. Or else, the situation of an expired key in keyring A but valid key in keyring B causes SEGV. Thanks to Guido G?nther for the use case and the log. Debian-bug-id: 878812 Signed-off-by: NIIBE Yutaka diff --git a/g10/pkclist.c b/g10/pkclist.c index 67d932e..220936c 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -826,6 +826,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, { int rc; PKT_public_key *pk; + KBNODE keyblock = NULL; if (!name || !*name) return gpg_error (GPG_ERR_INV_USER_ID); @@ -838,7 +839,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, if (from_file) rc = get_pubkey_fromfile (ctrl, pk, name); else - rc = get_best_pubkey_byname (ctrl, NULL, pk, name, NULL, 0, 0); + rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0, 0); if (rc) { int code; @@ -861,6 +862,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, if (rc) { /* Key found but not usable for us (e.g. sign-only key). */ + release_kbnode (keyblock); send_status_inv_recp (3, name); /* Wrong key usage */ log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) ); free_public_key (pk); @@ -872,7 +874,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, { int trustlevel; - trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1); + trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1); + release_kbnode (keyblock); if ( (trustlevel & TRUST_FLAG_DISABLED) ) { /* Key has been disabled. */ commit 7c73db3d31c6457dfbdc82a8dc89951c023f0603 Author: Werner Koch Date: Wed Oct 18 18:28:52 2017 +0200 gpg: Keep a lock during the read-update/insert cycle in import. * g10/keydb.c (keydb_handle): New field 'keep_lock'. (keydb_release): Clear that flag. (keydb_lock): New function. (unlock_all): Skip if KEEP_LOCK is set. * g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if requested. -- That change is straightforward. It helps to avoid the race condition that another gpg process inserts a key while the first process is between the search and the insert. A similar change is due for gpgsm. Note that the key edit operations may still suffer from a race. GnuPG-bug-id: 3446 diff --git a/g10/getkey.c b/g10/getkey.c index 5ce5805..c58e8ff 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1877,14 +1877,25 @@ get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd, hd = keydb_new (); if (!hd) return gpg_error_from_syserror (); - if (r_hd) - *r_hd = hd; if (lock) { + err = keydb_lock (hd); + if (err) + { + /* If locking did not work, we better don't return a handle + * at all - there was a reason that locking has been + * requested. */ + keydb_release (hd); + return err; + } keydb_disable_caching (hd); } + /* Fo all other errors we return the handle. */ + if (r_hd) + *r_hd = hd; + err = keydb_search_fpr (hd, fprbuf); if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) { diff --git a/g10/keydb.c b/g10/keydb.c index 0f28bc3..58a14a8 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -96,6 +96,10 @@ struct keydb_handle / keybox_lock, as appropriate). */ int locked; + /* If this flag is set a lock will only be released by + * keydb_release. */ + int keep_lock; + /* The index into ACTIVE of the resources in which the last search result was found. Initially -1. */ int found; @@ -964,6 +968,7 @@ keydb_release (KEYDB_HANDLE hd) log_assert (active_handles > 0); active_handles--; + hd->keep_lock = 0; unlock_all (hd); for (i=0; i < hd->used; i++) { @@ -985,6 +990,24 @@ keydb_release (KEYDB_HANDLE hd) } +/* Take a lock on the files immediately and not only during insert or + * update. This lock is released with keydb_release. */ +gpg_error_t +keydb_lock (KEYDB_HANDLE hd) +{ + gpg_error_t err; + + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + + err = lock_all (hd); + if (!err) + hd->keep_lock = 1; + + return err; +} + + /* Set a flag on the handle to suppress use of cached results. This * is required for updating a keyring and for key listings. Fixme: * Using a new parameter for keydb_new might be a better solution. */ @@ -1098,7 +1121,7 @@ unlock_all (KEYDB_HANDLE hd) { int i; - if (!hd->locked) + if (!hd->locked || hd->keep_lock) return; for (i=hd->used-1; i >= 0; i--) diff --git a/g10/keydb.h b/g10/keydb.h index b173751..7393768 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -154,6 +154,10 @@ KEYDB_HANDLE keydb_new (void); /* Free all resources owned by the database handle. */ void keydb_release (KEYDB_HANDLE hd); +/* Take a lock on the files immediately and not only during insert or + * update. This lock is released with keydb_release. */ +gpg_error_t keydb_lock (KEYDB_HANDLE hd); + /* Set a flag on the handle to suppress use of cached results. This is required for updating a keyring and for key listings. Fixme: Using a new parameter for keydb_new might be a better solution. */ commit 8448347b5bdee56e6f9938a93ea92fe4d3c8800c Author: Werner Koch Date: Wed Oct 18 17:52:41 2017 +0200 gpg: Improve keydb handling in the main import function. * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ... (get_keyblock_byfprint_fast): .. new function. * g10/import.c (revocation_present): s/int rc/gpg_error_t err/. (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a handle. Remove the now surplus keyblock fetch in the merge branch. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 852c532..5ce5805 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1828,16 +1828,47 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock, * * Like get_pubkey_byfprint, PK may be NULL. In that case, this * function effectively just checks for the existence of the key. */ -int +gpg_error_t get_pubkey_byfprint_fast (PKT_public_key * pk, const byte * fprint, size_t fprint_len) { - int rc = 0; - KEYDB_HANDLE hd; + gpg_error_t err; KBNODE keyblock; + + err = get_keyblock_byfprint_fast (&keyblock, NULL, fprint, fprint_len, 0); + if (!err) + { + if (pk) + copy_public_key (pk, keyblock->pkt->pkt.public_key); + release_kbnode (keyblock); + } + + return err; +} + + +/* This function is similar to get_pubkey_byfprint_fast but returns a + * keydb handle at R_HD and the keyblock at R_KEYBLOCK. R_KEYBLOCK or + * R_HD may be NULL. If LOCK is set the handle has been opend in + * locked mode and keydb_disable_caching () has been called. On error + * R_KEYBLOCK is set to NULL but R_HD must be released by the caller; + * it may have a value of NULL, though. This allows to do an insert + * operation on a locked keydb handle. */ +gpg_error_t +get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd, + const byte *fprint, size_t fprint_len, int lock) +{ + gpg_error_t err; + KEYDB_HANDLE hd; + kbnode_t keyblock; byte fprbuf[MAX_FINGERPRINT_LEN]; int i; + if (r_keyblock) + *r_keyblock = NULL; + if (r_hd) + *r_hd = NULL; + for (i = 0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++) fprbuf[i] = fprint[i]; while (i < MAX_FINGERPRINT_LEN) @@ -1846,33 +1877,48 @@ get_pubkey_byfprint_fast (PKT_public_key * pk, hd = keydb_new (); if (!hd) return gpg_error_from_syserror (); + if (r_hd) + *r_hd = hd; - rc = keydb_search_fpr (hd, fprbuf); - if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + if (lock) { - keydb_release (hd); - return GPG_ERR_NO_PUBKEY; + keydb_disable_caching (hd); } - rc = keydb_get_keyblock (hd, &keyblock); - keydb_release (hd); - if (rc) + + err = keydb_search_fpr (hd, fprbuf); + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) { - log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc)); - return GPG_ERR_NO_PUBKEY; + if (!r_hd) + keydb_release (hd); + return gpg_error (GPG_ERR_NO_PUBKEY); + } + err = keydb_get_keyblock (hd, &keyblock); + if (err) + { + log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (err)); + if (!r_hd) + keydb_release (hd); + return gpg_error (GPG_ERR_NO_PUBKEY); } log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY); - if (pk) - copy_public_key (pk, keyblock->pkt->pkt.public_key); - release_kbnode (keyblock); /* Not caching key here since it won't have all of the fields properly set. */ + if (r_keyblock) + *r_keyblock = keyblock; + else + release_kbnode (keyblock); + + if (!r_hd) + keydb_release (hd); + return 0; } + const char * parse_def_secret_key (ctrl_t ctrl) { diff --git a/g10/import.c b/g10/import.c index e785002..8dd6b50 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1618,7 +1618,6 @@ import_one (ctrl_t ctrl, { gpg_error_t err = 0; PKT_public_key *pk; - PKT_public_key *pk_orig = NULL; kbnode_t node, uidnode; kbnode_t keyblock_orig = NULL; byte fpr2[MAX_FINGERPRINT_LEN]; @@ -1800,16 +1799,15 @@ import_one (ctrl_t ctrl, goto leave; /* Do we have this key already in one of our pubrings ? */ - hd = keydb_new (); - if (!hd) - return gpg_error_from_syserror (); - keydb_disable_caching (hd); - pk_orig = xmalloc_clear( sizeof *pk_orig ); - err = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len); - if (err - && gpg_err_code (err) != GPG_ERR_NO_PUBKEY - && gpg_err_code (err) != GPG_ERR_UNUSABLE_PUBKEY ) - { + err = get_keyblock_byfprint_fast (&keyblock_orig, &hd, + fpr2, fpr2len, 1/*locked*/); + if ((err + && gpg_err_code (err) != GPG_ERR_NO_PUBKEY + && gpg_err_code (err) != GPG_ERR_UNUSABLE_PUBKEY) + || !hd) + { + /* The !hd above is to catch a misbehaving function which + * returns NO_PUBKEY for failing to allocate a handle. */ if (!silent) log_error (_("key %s: public key not found: %s\n"), keystr(keyid), gpg_strerror (err)); @@ -1823,6 +1821,7 @@ import_one (ctrl_t ctrl, } else if (err) /* Insert this key. */ { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ int n_sigs_cleaned, n_uids_cleaned; err = keydb_locate_writable (hd); @@ -1892,45 +1891,26 @@ import_one (ctrl_t ctrl, stats->imported++; new_key = 1; } - else /* Merge the key. */ + else /* Key already exists - merge. */ { int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned; u32 curtime = make_timestamp (); /* Compare the original against the new key; just to be sure nothing * weird is going on */ - if (cmp_public_keys( pk_orig, pk ) ) + if (cmp_public_keys (keyblock_orig->pkt->pkt.public_key, pk)) { if (!silent) log_error( _("key %s: doesn't match our copy\n"),keystr(keyid)); goto leave; } - /* Now read the original keyblock again so that we can use the - * handle for updating the keyblock. FIXME: Why not let - * get_pubkey_byfprint_fast do that - it fetches the keyblock - * anyway. */ - err = keydb_search_fpr (hd, fpr2); - if (err) - { - log_error (_("key %s: can't locate original keyblock: %s\n"), - keystr(keyid), gpg_strerror (err)); - goto leave; - } - err = keydb_get_keyblock (hd, &keyblock_orig); - if (err) - { - log_error (_("key %s: can't read original keyblock: %s\n"), - keystr(keyid), gpg_strerror (err)); - goto leave; - } - /* Make sure the original direct key sigs are all sane. */ n_sigs_cleaned = fix_bad_direct_key_sigs (ctrl, keyblock_orig, keyid); if (n_sigs_cleaned) commit_kbnode (&keyblock_orig); - /* and try to merge the block */ + /* Try to merge KEYBLOCK into KEYBLOCK_ORIG. */ clear_kbnode_flags( keyblock_orig ); clear_kbnode_flags( keyblock ); n_uids = n_sigs = n_subk = n_uids_cleaned = 0; @@ -2091,7 +2071,6 @@ import_one (ctrl_t ctrl, } release_kbnode( keyblock_orig ); - free_public_key( pk_orig ); return err; } @@ -3266,14 +3245,15 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) /* Okay, we have a revocation key, and a * revocation issued by it. Do we have the key * itself? */ - int rc; + gpg_error_t err; - rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx].fpr, - MAX_FINGERPRINT_LEN); - if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY - || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY) + err = get_pubkey_byfprint_fast (NULL, + sig->revkey[idx].fpr, + MAX_FINGERPRINT_LEN); + if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY + || gpg_err_code (err) == GPG_ERR_UNUSABLE_PUBKEY) { - char *tempkeystr=xstrdup(keystr_from_pk(pk)); + char *tempkeystr = xstrdup (keystr_from_pk (pk)); /* No, so try and get it */ if ((opt.keyserver_options.options @@ -3289,13 +3269,13 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) opt.keyserver, 0); /* Do we have it now? */ - rc=get_pubkey_byfprint_fast (NULL, + err = get_pubkey_byfprint_fast (NULL, sig->revkey[idx].fpr, MAX_FINGERPRINT_LEN); } - if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY - || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY) + if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY + || gpg_err_code (err) == GPG_ERR_UNUSABLE_PUBKEY) log_info(_("WARNING: key %s may be revoked:" " revocation key %s not present.\n"), tempkeystr,keystr(keyid)); diff --git a/g10/keydb.h b/g10/keydb.h index f503c99..b173751 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -339,8 +339,17 @@ int get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock, /* This function is similar to get_pubkey_byfprint, but it doesn't merge the self-signed data into the public key and subkeys or into the user ids. */ -int get_pubkey_byfprint_fast (PKT_public_key *pk, - const byte *fprint, size_t fprint_len); +gpg_error_t get_pubkey_byfprint_fast (PKT_public_key *pk, + const byte *fprint, size_t fprint_len); + +/* This function is similar to get_pubkey_byfprint, but it doesn't + merge the self-signed data into the public key and subkeys or into + the user ids. */ +gpg_error_t get_keyblock_byfprint_fast (kbnode_t *r_keyblock, + KEYDB_HANDLE *r_hd, + const byte *fprint, size_t fprint_len, + int lock); + /* Returns true if a secret key is available for the public key with key id KEYID. */ commit 752cae6dd2ee8982a34c796a3f168ae538f7938c Author: Werner Koch Date: Wed Oct 18 13:09:47 2017 +0200 gpg: Simplify keydb handling of the main import function. * g10/import.c (import_keys_internal): Return gpg_error_t instead of int. Change var names. (import_keys_es_stream): Ditto. (import_one): Ditto. Use a single keydb_new and simplify the use of of keydb_release. -- Note that this opens a keydb handle before we call get_pubkey_byfprint_fast which internally uses another key db handle. A further patch will cleanup this double use. Note that we also disable the keydb caching for the insert case. The s/int/gpg_error_t/ has been done while checking the call chains of the import functions and making sure that gpg_err_code is always used. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index 5b55f8f..e785002 100644 --- a/g10/import.c +++ b/g10/import.c @@ -102,7 +102,7 @@ static int import (ctrl_t ctrl, static int read_block (IOBUF a, int with_meta, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys); static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); -static int import_one (ctrl_t ctrl, +static gpg_error_t import_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, @@ -436,7 +436,7 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock) * * Key revocation certificates have special handling. */ -static int +static gpg_error_t import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, @@ -445,7 +445,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, int origin, const char *url) { int i; - int rc = 0; + gpg_error_t err = 0; struct import_stats_s *stats = stats_handle; if (!stats) @@ -453,8 +453,8 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, if (inp) { - rc = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options, - screener, screener_arg, origin, url); + err = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options, + screener, screener_arg, origin, url); } else { @@ -478,14 +478,14 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, log_error (_("can't open '%s': %s\n"), fname, strerror (errno)); else { - rc = import (ctrl, inp2, fname, stats, fpr, fpr_len, options, + err = import (ctrl, inp2, fname, stats, fpr, fpr_len, options, screener, screener_arg, origin, url); iobuf_close (inp2); /* Must invalidate that ugly cache to actually close it. */ iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname); - if (rc) + if (err) log_error ("import from '%s' failed: %s\n", - fname, gpg_strerror (rc) ); + fname, gpg_strerror (err) ); } if (!fname) break; @@ -507,7 +507,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, if (!(options & IMPORT_FAST)) check_or_update_trustdb (ctrl); - return rc; + return err; } @@ -521,7 +521,7 @@ import_keys (ctrl_t ctrl, char **fnames, int nnames, } -int +gpg_error_t import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, @@ -529,23 +529,23 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_screener_t screener, void *screener_arg, int origin, const char *url) { - int rc; + gpg_error_t err; iobuf_t inp; inp = iobuf_esopen (fp, "rb", 1); if (!inp) { - rc = gpg_error_from_syserror (); - log_error ("iobuf_esopen failed: %s\n", gpg_strerror (rc)); - return rc; + err = gpg_error_from_syserror (); + log_error ("iobuf_esopen failed: %s\n", gpg_strerror (err)); + return err; } - rc = import_keys_internal (ctrl, inp, NULL, 0, stats_handle, + err = import_keys_internal (ctrl, inp, NULL, 0, stats_handle, fpr, fpr_len, options, screener, screener_arg, origin, url); iobuf_close (inp); - return rc; + return err; } @@ -1608,7 +1608,7 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) * even most error messages are suppressed. ORIGIN is the origin of * the key (0 for unknown) and URL the corresponding URL. */ -static int +static gpg_error_t import_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, @@ -1616,6 +1616,7 @@ import_one (ctrl_t ctrl, import_screener_t screener, void *screener_arg, int origin, const char *url) { + gpg_error_t err = 0; PKT_public_key *pk; PKT_public_key *pk_orig = NULL; kbnode_t node, uidnode; @@ -1623,7 +1624,6 @@ import_one (ctrl_t ctrl, byte fpr2[MAX_FINGERPRINT_LEN]; size_t fpr2len; u32 keyid[2]; - int rc = 0; int new_key = 0; int mod_key = 0; int same_key = 0; @@ -1632,6 +1632,7 @@ import_one (ctrl_t ctrl, char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; int any_filter = 0; + KEYDB_HANDLE hd = NULL; /* Get the key and print some info about it. */ node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); @@ -1791,7 +1792,7 @@ import_one (ctrl_t ctrl, merge_keys_and_selfsig (ctrl, keyblock); merge_keys_done = 1; } - rc = write_keyblock_to_output (keyblock, opt.armor, opt.export_options); + err = write_keyblock_to_output (keyblock, opt.armor, opt.export_options); goto leave; } @@ -1799,37 +1800,37 @@ import_one (ctrl_t ctrl, goto leave; /* Do we have this key already in one of our pubrings ? */ + hd = keydb_new (); + if (!hd) + return gpg_error_from_syserror (); + keydb_disable_caching (hd); pk_orig = xmalloc_clear( sizeof *pk_orig ); - rc = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len); - if (rc && gpg_err_code (rc) != GPG_ERR_NO_PUBKEY - && gpg_err_code (rc) != GPG_ERR_UNUSABLE_PUBKEY ) + err = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len); + if (err + && gpg_err_code (err) != GPG_ERR_NO_PUBKEY + && gpg_err_code (err) != GPG_ERR_UNUSABLE_PUBKEY ) { if (!silent) log_error (_("key %s: public key not found: %s\n"), - keystr(keyid), gpg_strerror (rc)); + keystr(keyid), gpg_strerror (err)); } - else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) ) + else if (err && (opt.import_options&IMPORT_MERGE_ONLY) ) { if (opt.verbose && !silent ) log_info( _("key %s: new key - skipped\n"), keystr(keyid)); - rc = 0; + err = 0; stats->skipped_new_keys++; } - else if (rc ) /* Insert this key. */ + else if (err) /* Insert this key. */ { - KEYDB_HANDLE hd; int n_sigs_cleaned, n_uids_cleaned; - hd = keydb_new (); - if (!hd) - return gpg_error_from_syserror (); - - rc = keydb_locate_writable (hd); - if (rc) + err = keydb_locate_writable (hd); + if (err) { - log_error (_("no writable keyring found: %s\n"), gpg_strerror (rc)); - keydb_release (hd); - return GPG_ERR_GENERAL; + log_error (_("no writable keyring found: %s\n"), gpg_strerror (err)); + err = gpg_error (GPG_ERR_GENERAL); + goto leave; } if (opt.verbose > 1 ) log_info (_("writing to '%s'\n"), keydb_get_resource_name (hd) ); @@ -1843,19 +1844,19 @@ import_one (ctrl_t ctrl, * and thus the address of KEYBLOCK won't change. */ if ( !(options & IMPORT_RESTORE) ) { - rc = insert_key_origin (keyblock, origin, url); - if (rc) + err = insert_key_origin (keyblock, origin, url); + if (err) { - log_error ("insert_key_origin failed: %s\n", gpg_strerror (rc)); - keydb_release (hd); - return GPG_ERR_GENERAL; + log_error ("insert_key_origin failed: %s\n", gpg_strerror (err)); + err = gpg_error (GPG_ERR_GENERAL); + goto leave; } } - rc = keydb_insert_keyblock (hd, keyblock ); - if (rc) + err = keydb_insert_keyblock (hd, keyblock ); + if (err) log_error (_("error writing keyring '%s': %s\n"), - keydb_get_resource_name (hd), gpg_strerror (rc)); + keydb_get_resource_name (hd), gpg_strerror (err)); else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST)) { /* This should not be possible since we delete the @@ -1868,7 +1869,10 @@ import_one (ctrl_t ctrl, if (non_self) revalidation_mark (ctrl); } + + /* Release the handle and thus unlock the keyring asap. */ keydb_release (hd); + hd = NULL; /* We are ready. */ if (!opt.quiet && !silent) @@ -1890,7 +1894,6 @@ import_one (ctrl_t ctrl, } else /* Merge the key. */ { - KEYDB_HANDLE hd; int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned; u32 curtime = make_timestamp (); @@ -1903,29 +1906,22 @@ import_one (ctrl_t ctrl, goto leave; } - /* Now read the original keyblock again so that we can use - that handle for updating the keyblock. */ - hd = keydb_new (); - if (!hd) - { - rc = gpg_error_from_syserror (); - goto leave; - } - keydb_disable_caching (hd); - rc = keydb_search_fpr (hd, fpr2); - if (rc ) + /* Now read the original keyblock again so that we can use the + * handle for updating the keyblock. FIXME: Why not let + * get_pubkey_byfprint_fast do that - it fetches the keyblock + * anyway. */ + err = keydb_search_fpr (hd, fpr2); + if (err) { log_error (_("key %s: can't locate original keyblock: %s\n"), - keystr(keyid), gpg_strerror (rc)); - keydb_release (hd); + keystr(keyid), gpg_strerror (err)); goto leave; } - rc = keydb_get_keyblock (hd, &keyblock_orig); - if (rc) + err = keydb_get_keyblock (hd, &keyblock_orig); + if (err) { log_error (_("key %s: can't read original keyblock: %s\n"), - keystr(keyid), gpg_strerror (rc)); - keydb_release (hd); + keystr(keyid), gpg_strerror (err)); goto leave; } @@ -1938,14 +1934,11 @@ import_one (ctrl_t ctrl, clear_kbnode_flags( keyblock_orig ); clear_kbnode_flags( keyblock ); n_uids = n_sigs = n_subk = n_uids_cleaned = 0; - rc = merge_blocks (ctrl, options, keyblock_orig, keyblock, keyid, - curtime, origin, url, - &n_uids, &n_sigs, &n_subk ); - if (rc ) - { - keydb_release (hd); - goto leave; - } + err = merge_blocks (ctrl, options, keyblock_orig, keyblock, keyid, + curtime, origin, url, + &n_uids, &n_sigs, &n_subk ); + if (err) + goto leave; if ((options & IMPORT_CLEAN)) clean_key (ctrl, keyblock_orig, opt.verbose, (options&IMPORT_MINIMAL), @@ -1958,25 +1951,28 @@ import_one (ctrl_t ctrl, * and thus the address of KEYBLOCK won't change. */ if ( !(options & IMPORT_RESTORE) ) { - rc = update_key_origin (keyblock_orig, curtime, origin, url); - if (rc) + err = update_key_origin (keyblock_orig, curtime, origin, url); + if (err) { log_error ("update_key_origin failed: %s\n", - gpg_strerror (rc)); - keydb_release (hd); + gpg_strerror (err)); goto leave; } } mod_key = 1; /* KEYBLOCK_ORIG has been updated; write */ - rc = keydb_update_keyblock (ctrl, hd, keyblock_orig); - if (rc) + err = keydb_update_keyblock (ctrl, hd, keyblock_orig); + if (err) log_error (_("error writing keyring '%s': %s\n"), - keydb_get_resource_name (hd), gpg_strerror (rc) ); + keydb_get_resource_name (hd), gpg_strerror (err)); else if (non_self) revalidation_mark (ctrl); + /* Release the handle and thus unlock the keyring asap. */ + keydb_release (hd); + hd = NULL; + /* We are ready. */ if (!opt.quiet && !silent) { @@ -2025,6 +2021,10 @@ import_one (ctrl_t ctrl, } else { + /* Release the handle and thus unlock the keyring asap. */ + keydb_release (hd); + hd = NULL; + /* Fixme: we do not track the time we last checked a key for * updates. To do this we would need to rewrite even the * keys which have no changes. */ @@ -2041,11 +2041,10 @@ import_one (ctrl_t ctrl, stats->unchanged++; } - - keydb_release (hd); hd = NULL; } leave: + keydb_release (hd); if (mod_key || new_key || same_key) { /* A little explanation for this: we fill in the fingerprint @@ -2094,7 +2093,7 @@ import_one (ctrl_t ctrl, release_kbnode( keyblock_orig ); free_public_key( pk_orig ); - return rc; + return err; } diff --git a/g10/main.h b/g10/main.h index 87417ee..6c15a2a 100644 --- a/g10/main.h +++ b/g10/main.h @@ -354,7 +354,7 @@ gpg_error_t read_key_from_file (ctrl_t ctrl, const char *fname, void import_keys (ctrl_t ctrl, char **fnames, int nnames, import_stats_t stats_hd, unsigned int options, int origin, const char *url); -int import_keys_es_stream (ctrl_t ctrl, estream_t fp, +gpg_error_t import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options, commit 1bf5cbd3ef01b7f5fdcfa30c882047b924dcf3f0 Author: Werner Koch Date: Tue Oct 17 20:56:55 2017 +0200 sm: Fix colon listing of fields > 12 in crt records. * sm/keylist.c (print_capabilities): Move colon printing ... (list_cert_colon): to here. -- Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693 Signed-off-by: Werner Koch diff --git a/sm/keylist.c b/sm/keylist.c index 24c86e1..9997da8 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -289,8 +289,6 @@ print_capabilities (ksba_cert_t cert, estream_t fp) es_putc ('S', fp); if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN)) es_putc ('C', fp); - - es_putc (':', fp); } @@ -503,6 +501,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, es_putc (':', fp); /* Field 12, capabilities: */ print_capabilities (cert, fp); + es_putc (':', fp); /* Field 13, not used: */ es_putc (':', fp); /* Field 14, not used: */ commit b509d81cab030cca6abf0d878e1fc884eda344e6 Author: Werner Koch Date: Thu Sep 28 14:10:12 2017 +0200 gpg: Workaround for junk after --trusted-key. * g10/trust.c (register_trusted_key): Cut off everthing starting as a hash sign. -- This problem is fallout from commit f99830b72812395da5451152bdd2f2d90a7cb7fb which fixes GnuPG-bug-id: 1206 The same could happen with other options taking keyids but we won't change that because a trailing '#' does not indicate a comment. So this is really only a workaround and eventually we will deprecate --trusted-key anyway or require a fingerprint as a value. Signed-off-by: Werner Koch diff --git a/g10/trust.c b/g10/trust.c index ee6078b..6d4f0e7 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -66,6 +66,26 @@ register_trusted_key (const char *string) #ifdef NO_TRUST_MODELS (void)string; #else + + /* Some users have conf files with entries like + * trusted-key 0x1234567812345678 # foo + * That is obviously wrong. Before fixing bug#1206 trailing garbage + * on a key specification if was ignored. We detect the above use case + * here and cut off the junk-looking-like-a comment. */ + if (strchr (string, '#')) + { + char *buf; + + buf = xtrystrdup (string); + if (buf) + { + *strchr (buf, '#') = 0; + tdb_register_trusted_key (buf); + xfree (buf); + return; + } + } + tdb_register_trusted_key (string); #endif } ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 87 ++++++++++++++++++++++----- g10/import.c | 189 ++++++++++++++++++++++++++-------------------------------- g10/keydb.c | 25 +++++++- g10/keydb.h | 17 +++++- g10/main.h | 2 +- g10/pkclist.c | 7 ++- g10/trust.c | 20 +++++++ sm/keylist.c | 3 +- 8 files changed, 222 insertions(+), 128 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 19 15:38:38 2017 From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat) Date: Thu, 19 Oct 2017 15:38:38 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-11-g1ba308a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 1ba308aa0356a57c21c4c8c2dac75b4d62b8aac3 (commit) from d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ba308aa0356a57c21c4c8c2dac75b4d62b8aac3 Author: Damien Goutte-Gattat Date: Sun Oct 8 17:30:52 2017 +0100 dirmngr: Do not follow https-to-http redirects. * dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from a https URI to a http URI. -- GnuPG-bug-id: 3436 Signed-off-by: Damien Goutte-Gattat diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index 7fb7731..6492dda 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -73,12 +73,13 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) estream_t fp = NULL; char *request_buffer = NULL; parsed_uri_t uri = NULL; - int is_onion; + int is_onion, is_https; err = http_parse_uri (&uri, url, 0); if (err) goto leave; is_onion = uri->onion; + is_https = uri->use_tls; once_more: /* Note that we only use the system provided certificates with the @@ -152,17 +153,18 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) url, s?s:"[none]", http_get_status_code (http)); if (s && *s && redirects_left-- ) { - if (is_onion) + if (is_onion || is_https) { /* Make sure that an onion address only redirects to - * another onion address. */ + * another onion address, or that a https address + * only redirects to a https address. */ http_release_parsed_uri (uri); uri = NULL; err = http_parse_uri (&uri, s, 0); if (err) goto leave; - if (! uri->onion) + if ((is_onion && ! uri->onion) || (is_https && ! uri->use_tls)) { err = gpg_error (GPG_ERR_FORBIDDEN); goto leave; ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-http.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 19 17:26:27 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 19 Oct 2017 17:26:27 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-13-g2c7dccc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 2c7dccca9b617780a3ea760adf460bb3b77f90f3 (commit) via 68c8619114fd5f24cb6bfb9e0f25c428a8805323 (commit) from 1ba308aa0356a57c21c4c8c2dac75b4d62b8aac3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2c7dccca9b617780a3ea760adf460bb3b77f90f3 Author: Werner Koch Date: Thu Oct 19 17:12:36 2017 +0200 gpg: Print sec/sbb with --import-option import-show or show-only. * g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct. -- Note that this will likely add the suffix '#' top "sec" because the secret key has not yet (or will not be) imported. If the secret key already exists locally another suffix might be printed. The upshot is that the suffix has no usefulness. GnuPG-bug-id: 3431 Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index b14cb37..bd45b04 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2306,7 +2306,8 @@ opposite meaning. The options are: Show a listing of the key as imported right before it is stored. This can be combined with the option @option{--dry-run} to only look at keys; the option @option{show-only} is a shortcut for this - combination. + combination. Note that suffixes like '#' for "sec" and "sbb" lines + may or may not be printed. @item import-export Run the entire import code but instead of storing the key to the diff --git a/g10/import.c b/g10/import.c index 255e48f..71e3955 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1778,7 +1778,7 @@ import_one (ctrl_t ctrl, merge_keys_done = 1; /* Note that we do not want to show the validity because the key * has not yet imported. */ - list_keyblock_direct (ctrl, keyblock, 0, 0, + list_keyblock_direct (ctrl, keyblock, from_sk, 0, opt.fingerprint || opt.with_fingerprint, 1); es_fflush (es_stdout); } commit 68c8619114fd5f24cb6bfb9e0f25c428a8805323 Author: Werner Koch Date: Thu Oct 19 17:05:39 2017 +0200 gpg: Make --dry-run and show-only work for secret keys. * g10/import.c (import_secret_one): Check for dry-run before transferring keys. -- The use of --dry-run or --import-option show-only had no effect when importing a secret key and the public key already existed. If the public key did not exist an error message inhibited the import of the secret key. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index 8dd6b50..255e48f 100644 --- a/g10/import.c +++ b/g10/import.c @@ -2532,7 +2532,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, /* At least we cancel the secret key import when the public key import was skipped due to MERGE_ONLY option and a new key. */ - if (stats->skipped_new_keys <= nr_prev) + if (!(opt.dry_run || (options & IMPORT_DRY_RUN)) + && stats->skipped_new_keys <= nr_prev) { /* Read the keyblock again to get the effects of a merge. */ /* Fixme: we should do this based on the fingerprint or ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 3 ++- g10/import.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 19 18:15:17 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 19 Oct 2017 18:15:17 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-14-g44fb3fb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 44fb3fbc85b32552c91f32f099b6b246c12ce0cc (commit) from 2c7dccca9b617780a3ea760adf460bb3b77f90f3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 44fb3fbc85b32552c91f32f099b6b246c12ce0cc Author: Werner Koch Date: Thu Oct 19 18:10:37 2017 +0200 gpg: Fix creating on-disk subkey with on-card primary key. * g10/keygen.c (generate_subkeypair): Ignore error code issued for trying to verify a card based key. -- We try to verify the primary key and thus seed the passphrase cache before generating the subkey. However, the verification does not yet work for on-card keys and thus the PASSWD --verify send to the agent returns an error. This patch detects this error and continues without a seeded passphrase cache. After all that pre-seeding is just a convenience. GnuPG-bug-id: 3280 Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index 2b17a1e..8f30b7e 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -5051,6 +5051,9 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/, &cache_nonce, &passwd_nonce); xfree (desc); + if (gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED + && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT) + err = 0; /* Very likely that the key is on a card. */ if (err) goto leave; } ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 20 03:06:01 2017 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Fri, 20 Oct 2017 03:06:01 +0200 Subject: [git] gnupg-doc - branch, master, updated. 7419cef037fb2fc6df78b49d1cab555019fed3f8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 7419cef037fb2fc6df78b49d1cab555019fed3f8 (commit) via 679c90e1c28c450d58a1d11ef82d9373346cd476 (commit) via 52c0de52ff1588aa1c25a501f1af6a86d03e7211 (commit) from e2d6928a96636adfdd08e49be0e57bf9a5dd6514 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7419cef037fb2fc6df78b49d1cab555019fed3f8 Author: Robert J. Hansen Date: Thu Oct 19 21:05:57 2017 -0400 Some minor notes about PGP interop. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index a0c5996..39920be 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -73,7 +73,7 @@ for any errors. Welcome to the official GnuPG FAQ. Like all FAQs, this is a work in progress. If you have questions that you think should be on it but -aren't, please feel free to email the FAQ maintainer (Rob Hansen, +aren?t, please feel free to email the FAQ maintainer (Rob Hansen, [[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]) or bring your suggestion up on GnuPG-Users. @@ -90,32 +90,33 @@ Thanks to the Free Software Foundation, this FAQ is also available in :CUSTOM_ID: gethelp :END: -First, please don?t send emails directly to people in GnuPG. While we will -try to help to people who send email directly to us, those emails quickly -accumulate. Helping just six people a day can take an hour of time, and that's -an hour less we have to work on making GnuPG better. Please reach out to the -GnuPG community via the -[[https://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users mailing list]], -not individual people within -GnuPG. +First, please don?t send emails directly to people in GnuPG. While we +will try to help to people who send email directly to us, those emails +quickly accumulate. Helping just six people a day can take an hour of +time, and that?s an hour less we have to work on making GnuPG better. +Please reach out to the GnuPG community via the +[[https://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users mailing list]], not individual people within GnuPG. -Second, tell us your operating environment. Be as specific as possible. -What operating system are you using? Which version of GnuPG are you using? -Where did you get GnuPG from? If your problem is related to email, which email -client are you using? Which version number? Is GnuPG supported natively, or -is there a plugin? If so, what's the version number of that? +Second, tell us your operating environment. Be as specific as +possible. What operating system are you using? Which version of +GnuPG are you using? Where did you get GnuPG from? If your problem is +related to email, which email client are you using? Which version +number? Is GnuPG supported natively, or is there a plugin? If so, +what?s the version number of that? Third, tell us your problem. Be as specific as possible. -Do this, and you might be surprised at how quickly your problem is solved. -An example of a good question would be, ?I?m running GnuPG 1.4.14 on an -Ubuntu 15.04 x64 box. I'm using Thunderbird with Enigmail. Everything was -fine until I did a software update. Ever since then I can't use GnuPG with -email. What happened?? This question gives us enough to work with, and in -short order someone will have an answer for you. +Do this, and you might be surprised at how quickly your problem is +solved. An example of a good question would be, ?I?m running GnuPG +1.4.14 on an Ubuntu 15.04 x64 box. I?m using Thunderbird with +Enigmail. Everything was fine until I did a software update. Ever +since then I can?t use GnuPG with email. What happened?? This +question gives us enough to work with, and in short order someone will +have an answer for you. -A bad question would be, ?How do I uninstall GnuPG?? We can?t help you at all; -you've not given us any of the information we need to answer your question. +A bad question would be, ?How do I uninstall GnuPG?? We can?t help +you at all; you?ve not given us any of the information we need to +answer your question. ** Who maintains this FAQ? :PROPERTIES: @@ -392,9 +393,9 @@ The best way is to visit the [[https://gnupg.org/donate/][donation page]]. Development discussion takes place on the gnupg-devel mailing list. Go to the [[https://www.gnupg.org/documentation/mailing-lists.en.html][GnuPG mailing list page]] for links to subscribe and to the -list's archives. +list?s archives. -The [[https://bugs.gnupg.org/gnupg/][GnuPG project's bug tracker]] is also publicly available. +The [[https://bugs.gnupg.org/gnupg/][GnuPG project?s bug tracker]] is also publicly available. * Where can I get more information? @@ -740,10 +741,10 @@ is actively developed. :CUSTOM_ID: portable_app :END: -Yes, but we don't recommend it. Sharing a USB token between lots of -random computers is a great way to get infested with malware, and that's -not something you want to happen to the token you're using for secure -email. If you're going to do this, please show caution with respect to +Yes, but we don?t recommend it. Sharing a USB token between lots of +random computers is a great way to get infested with malware, and that?s +not something you want to happen to the token you?re using for secure +email. If you?re going to do this, please show caution with respect to which computers you use the portable app on. That said, Windows users should check [[http://portableapps.com/apps/internet/thunderbird_portable][PortableApps]]. @@ -1005,7 +1006,7 @@ confidence. During roughly the same time period that [[http://www.nist.gov][NIST]] was running the Advanced -Encryption Standard trials, Japan?s [[http://www.cryptrec.jp/english/][CRYPTREC]] and the European Union's +Encryption Standard trials, Japan?s [[http://www.cryptrec.jp/english/][CRYPTREC]] and the European Union?s [[http://www.cryptonessie.org/][NESSIE]] were running their own similar trials. Camellia is the cipher that won the NESSIE and CRYPTREC trials, much in the same way that Rijndael won the United States? AES trials. @@ -1037,8 +1038,8 @@ to an astonishing amount of peer review. these are the strongest hashes in GnuPG. - *SHA-3*: SHA-3 is a completely new hash algorithm that makes a clean break with the previous SHAs. It is believed to be safe, with no - warnings about its usage. It hasn't yet been officially introduced - into the OpenPGP standard, and for that reason GnuPG doesn't support + warnings about its usage. It hasn?t yet been officially introduced + into the OpenPGP standard, and for that reason GnuPG doesn?t support it. However, SHA-3 will probably be incorporated into the spec, and GnuPG will support it as soon as it does. @@ -1244,8 +1245,8 @@ Copy =revoke.asc= to a safe place. =gpg --keyserver pool.sks-keyservers.net --send-key= /[your certificate ID]/ You should only upload your own certificates to the keyservers, or -obtain the certificate holder's permission before doing so. In some -circles it's considered rude to upload someone else's certificate; not +obtain the certificate holder?s permission before doing so. In some +circles it?s considered rude to upload someone else?s certificate; not everyone wants to publish their key publicly. @@ -1273,11 +1274,11 @@ following is Rob Hansen?s =gpg.conf= file. # Tell GnuPG that I want maximum OpenPGP conformance. openpgp -# Disable a few messages from GnuPG that I know I don't need. +# Disable a few messages from GnuPG that I know I don?t need. no-greeting no-secmem-warning -# Don't include a version number or a comment in my output. +# Don?t include a version number or a comment in my output. no-emit-version no-comments @@ -1290,7 +1291,7 @@ keyid-format long keyserver pool.sks-keyservers.net keyserver-options import-clean-sigs import-clean-uids export-clean-sigs export-clean-uids -# If I don't explicitly state which certificate to use, use this one. +# If I don?t explicitly state which certificate to use, use this one. default-key 1DCBDC01B44427C7 # Always include signatures from these two certificates. @@ -1373,25 +1374,25 @@ multiple times to encrypt a message to multiple recipients: :CUSTOM_ID: common_commands :END: -GnuPG's primary functions are to encrypt and decrypt messages, and to -sign and verify them. It's possible to sign without encrypting or +GnuPG?s primary functions are to encrypt and decrypt messages, and to +sign and verify them. It?s possible to sign without encrypting or encrypt without signing. -Signing a file's content is done with the =-s= or =--sign= commands. +Signing a file?s content is done with the =-s= or =--sign= commands. A variation is =-b= or =--detach-sign=, which produces a separate -signature without including the file's content; this is useful for +signature without including the file?s content; this is useful for signing a software archive or other large file. The key to use for the signature can be specified with the =local-user= setting in your =gpg.conf= file, or with the =-u=, =--local-user= options. -Encrypting a file's content is done with the =-e= or =--encrypt= +Encrypting a file?s content is done with the =-e= or =--encrypt= commands. Recipients are specified with the =-r= or =--recipient= options. -GnuPG's default action is to decrypt and verify its input file, +GnuPG?s default action is to decrypt and verify its input file, writing the contents to standard output or to the filename specified by the =-o= or =--output= options. The =--verify= command will only -verify the signature without writing the file's contents anywhere. +verify the signature without writing the file?s contents anywhere. These commands are the most commonly used. GnuPG has many more commands, largely for managing your keyring containing your private @@ -1410,14 +1411,14 @@ Occasionally you might obtain the certificate physically, by meeting the certificate holder face-to-face and exchanging the certificate on some storage medium such as a USB stick, memory card, or portable disk. Or you might download a copy of the certificate from the -holder's web site. +holder?s web site. Once obtained in one of these ways, you can add the certificate to your collection of public keys by doing: =gpg --import certificate.txt= -More commonly, you'll download a correspondent's certificate from a +More commonly, you?ll download a correspondent?s certificate from a keyserver. @@ -1583,7 +1584,7 @@ GnuPG will generate output containing only printable characters. An inline signature wraps a textual header and footer around the text to be signed, leaving the text readable without running GnuPG. This -doesn't conceal the text at all and therefore provides no secrecy, but +doesn?t conceal the text at all and therefore provides no secrecy, but if someone edits the text GnuPG will report that the signature is bad. To generate an inline signature, run @@ -1596,7 +1597,7 @@ the signed file: =gpg signed_file.asc= -** How can I use GnuPG to verify a file I've downloaded? +** How can I use GnuPG to verify a file I?ve downloaded? :PROPERTIES: :CUSTOM_ID: how_do_i_verify_signed_packages :END: @@ -1607,7 +1608,7 @@ the signed file: Particularly, be careful if the certificate you have doesn?t match the one used for prior code releases. -2. Once you're confident you have the correct certificate, give it a local +2. Once you?re confident you have the correct certificate, give it a local signature. Assuming you want to locally sign certificate 1DCBDC01B44427C7, you?d type: @@ -1625,7 +1626,7 @@ the signed file: GnuPG will assume the original file is in foo.zip. (If GnuPG can?t find foo.zip, GnuPG will prompt you for the name of the original package.) If all goes well, GnuPG will report good signatures and you may be confident - you've received the package as the author intended. + you?ve received the package as the author intended. Please note that a good signature doesn?t mean a piece of software is trustworthy, reliable, or bug-free. It just means nobody tampered with it and @@ -1638,8 +1639,8 @@ our own foolishness. :CUSTOM_ID: automated_use :END: -You should use the =--batch= option. Don't bother to use a passphrase -because there's usually no way to store it more securely than on the +You should use the =--batch= option. Don?t bother to use a passphrase +because there?s usually no way to store it more securely than on the secret keyring itself. The suggested way to create keys for an automated environment is as @@ -1677,7 +1678,7 @@ follows. First, on a secure machine: On the target machine, install =secring.auto= as the secret keyring and begin writing scripts that invoke GnuPG. - It's a good idea to install an intrusion detection system so that + It?s a good idea to install an intrusion detection system so that you will get notice of a successful intrusion. If that happens, you can revoke all the subkeys installed on that machine and install new subkeys once the machine is secured again. @@ -1722,7 +1723,7 @@ claims to belong to Alice, but there?s no evidence it actually belongs to Alice, GnuPG will warn you that you?re using an untrusted certificate. -You probably want to validate the certificate; see [[#how_to_validate][this FAQ's +You probably want to validate the certificate; see [[#how_to_validate][this FAQ?s instructions]]. @@ -1788,9 +1789,9 @@ protecting the key will be your passphrase. A passphrase should be 1) difficult to guess for someone who knows you, and 2) difficult to brute-force by trying every possible combination of characters. -To meet requirement 1), the passphrase shouldn't be based on -publicly-available information about you: your birthday, your spouse's -name, your school's motto, a line of text from a book, etc. To meet +To meet requirement 1), the passphrase shouldn?t be based on +publicly-available information about you: your birthday, your spouse?s +name, your school?s motto, a line of text from a book, etc. To meet requirement 2), the passphrase should be long: commercially available hardware can try 2.8 billion passwords in a day, which is sufficient to crack a 10-letter all-lowercase password. @@ -1866,7 +1867,7 @@ and/or Twofish over all the others. With respect to our RSA recommendation, there is no reason to believe RSA is any better or worse than DSA and/or Elgamal in a cryptographic sense. However, if you ever want to migrate your certificate to a smart card or -other cryptographic token, you'll find RSA is much better supported. +other cryptographic token, you?ll find RSA is much better supported. With respect to our symmetric cipher recommendations, we have to explain a little bit about cryptanalysis. @@ -1874,10 +1875,10 @@ little bit about cryptanalysis. First, ciphers are deterministic: given the same inputs, they generate the same outputs. -Second, ciphers don't operate on individual bytes. They work on blocks of +Second, ciphers don?t operate on individual bytes. They work on blocks of data, either eight or sixteen bytes large, depending on the cipher. -Third, the OpenPGP standard requires that ciphers run in what's +Third, the OpenPGP standard requires that ciphers run in what?s called a ?feedback mode.? In feedback mode, a cipher has two inputs: the random session key used for the message, and the output of the previous block. @@ -1889,18 +1890,18 @@ since the key and the previous block are the same, the output of this block would be the same. This repetition creates a distinctive pattern which a cryptanalyst might be able to potentially exploit. -For a cipher with an eight-byte block size, you'll probably repeat a block +For a cipher with an eight-byte block size, you?ll probably repeat a block after about 32 gigabytes of data. This means if you encrypt a single -message larger than 32 gigabytes, it's pretty much a statistical guarantee -you'll have a repeated block. That's bad. For this reason, we recommend -you not use ciphers with eight-byte data blocks if you're going to be -doing bulk encryption. It's very unlikely you'll have any problems if you +message larger than 32 gigabytes, it?s pretty much a statistical guarantee +you?ll have a repeated block. That?s bad. For this reason, we recommend +you not use ciphers with eight-byte data blocks if you?re going to be +doing bulk encryption. It?s very unlikely you?ll have any problems if you keep your messages under 4 gigabytes in size. -For a cipher with a sixteen-byte block size, you'd need to encrypt a single +For a cipher with a sixteen-byte block size, you?d need to encrypt a single message that contained more data than is found in the entire internet. In -other words, it's no longer an issue. +other words, it?s no longer an issue. Twofish, AES, and Camellia all operate on sixteen bytes at a time. The others all operate on eight bytes at a time. @@ -1944,7 +1945,7 @@ Probably not. The future is elliptical-curve cryptography, which will bring a level of safety comparable to RSA-16384. Every minute we spend arguing about whether we should change the defaults to RSA-3072 or more is one minute the shift to ECC is delayed. Frankly, we think -ECC is a really good idea and we'd like to see it deployed as soon as +ECC is a really good idea and we?d like to see it deployed as soon as humanly possible. *** I think I need larger key sizes. @@ -1977,7 +1978,7 @@ is equivalent to about a 5-bit symmetric cipher. Breaking an RSA-20 key requires you to try each prime number between two and one thousand: there are 168 of them, meaning RSA-20 is equivalent to about an 8-bit cipher. Doubling the keylength (from RSA-10 to RSA-20) -didn't give us the benefit that we naively expected. Each additional +didn?t give us the benefit that we naively expected. Each additional bit gives correspondingly less in the way of additional security, and we quickly reach a point of diminishing returns. @@ -2070,7 +2071,7 @@ successfully cryptanalyzed. If you mean, ?have people figured out ways to obtain the plaintext anyway??, the answer is an emphatic ?yes.? In [[http://news.cnet.com/8301-10784_3-9741357-7.html][a 2007 Drug Enforcement -Administration case]], a keylogger was installed on a suspect's +Administration case]], a keylogger was installed on a suspect?s computer. GnuPG protects your traffic against cryptanalysis, but it is not magic @@ -2085,12 +2086,12 @@ against all threats. :END: Almost certainly. In the past this was a controversial question, but -recently there's come to be a consensus: use PGP/MIME whenever possible. -The reason for this is that it's possible to armor email headers and +recently there?s come to be a consensus: use PGP/MIME whenever possible. +The reason for this is that it?s possible to armor email headers and metadata with PGP/MIME, but sending messages inline leaves this data exposed. As recent years have taught us, the metadata is often as sensitive as the contents of the message. PGP/MIME can protect metadata; -inline can't. +inline can?t. However, please be aware that not all mail servers handle PGP/MIME properly. Some mailing lists are incompatible with it (PGP-Basics, for @@ -2098,7 +2099,7 @@ instance). Some mailing list software mangles PGP/MIME (old versions of Mailman, for instance). If you have any problems with PGP/MIME, consider carefully whether you -need metadata protection. If you don't, then fall back to inline. +need metadata protection. If you don?t, then fall back to inline. ** What are the best algorithms in GnuPG? @@ -2157,7 +2158,7 @@ use any of the longer SHAs with DSA-1024; GnuPG might use SHA-224, -256, -384 or -512 for DSA-2048; GnuPG might use SHA-256, SHA-384 or SHA-512 for DSA-3072. -** Why can't I decrypt things I encrypted twenty years ago with PGP 2.6? +** Why can?t I decrypt things I encrypted twenty years ago with PGP 2.6? :PROPERTIES: :CUSTOM_ID: pgp_26 :END: @@ -2166,13 +2167,13 @@ Twenty years ago, PGP 2.6 was released. It was very successful, but there were some unfortunate things about its design. Soon after a better version was released, and this was ultimately standardized as RFC 4880. -GnuPG supports RFC 4880. It does not support PGP 2.6. This shouldn't be +GnuPG supports RFC 4880. It does not support PGP 2.6. This shouldn?t be surprising: all software ultimately breaks compatibility with what came -before it. Word processors of 2015 don't support the WordStar document -format, just like you can't put a Kaypro floppy disk in a modern PC. +before it. Word processors of 2015 don?t support the WordStar document +format, just like you can?t put a Kaypro floppy disk in a modern PC. If you absolutely must have PGP 2.6 support, we recommend you use PGP 2.6. -It's easy to find on the internet. Barring that, you could use GnuPG 1.4, +It?s easy to find on the internet. Barring that, you could use GnuPG 1.4, which is an older branch of GnuPG that had some (but by no means complete) PGP 2.6 support. commit 679c90e1c28c450d58a1d11ef82d9373346cd476 Merge: 52c0de5 e2d6928 Author: Robert J. Hansen Date: Thu Oct 19 20:52:27 2017 -0400 Merge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg-doc commit 52c0de52ff1588aa1c25a501f1af6a86d03e7211 Author: Robert J. Hansen Date: Thu Oct 19 20:52:08 2017 -0400 Some minor notes about PGP interop. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 454b570..a0c5996 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -203,6 +203,25 @@ Largely, yes. It can be made to interoperate with anything from PGP 5 and onwards, and has excellent interoperability with the most recent releases. +*** Does it support Diffie-Hellman? +:PROPERTIES: +:CUSTOM_ID: pgp_dh +:END: + +Yes. ?Diffie-Hellman? is what PGP calls the Elgamal encryption +algorithm. If your PGP-generated keypair uses a Diffie-Hellman +encryption subkey, it will appear in GnuPG as an Elgamal subkey. The +correct name, incidentally, is Elgamal. + +*** Does it support SHA-2-256 and SHA-2-512? +:PROPERTIES: +:CUSTOM_ID: pgp_sha2 +:END: + +Yes. SHA-256 and SHA-512 belong to a group of hashes known +collectively as ?SHA-2?. PGP calls SHA-256 and SHA-512 by the +non-standard names ?SHA-2-256? and ?SHA-2-512?, but they are the same +algorithms. ** Which operating systems does it run on? :PROPERTIES: @@ -1822,7 +1841,6 @@ You can if you want, but it won?t make your private key any more secure. Your private key is already encrypted: your passphrase is the key used to decrypt your private key. - * Advanced topics :PROPERTIES: :CUSTOM_ID: advanced_topics ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 177 ++++++++++++++++++++++++++++---------------------- 1 file changed, 98 insertions(+), 79 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 20 09:00:35 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 20 Oct 2017 09:00:35 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-15-g9e3f2a7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 9e3f2a7e0b7a8713084bbdd835bc5c65410a402f (commit) from 44fb3fbc85b32552c91f32f099b6b246c12ce0cc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9e3f2a7e0b7a8713084bbdd835bc5c65410a402f Author: Werner Koch Date: Fri Oct 20 08:56:39 2017 +0200 doc: Fix "SEE ALSO" section of gpgv. -- diff --git a/doc/gpgv.texi b/doc/gpgv.texi index 5336c98..a052861 100644 --- a/doc/gpgv.texi +++ b/doc/gpgv.texi @@ -187,6 +187,6 @@ The default keyring with the allowed keys. @end table @mansect see also - at command{gpg2}(1) + at command{gpg}(1) @include see-also-note.texi ----------------------------------------------------------------------- Summary of changes: doc/gpgv.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Oct 23 13:13:30 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Oct 2017 13:13:30 +0200 Subject: [git] gnupg-doc - branch, master, updated. 075b9032092e903a31374c20d9d6184083c0f175 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 075b9032092e903a31374c20d9d6184083c0f175 (commit) from 7419cef037fb2fc6df78b49d1cab555019fed3f8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 075b9032092e903a31374c20d9d6184083c0f175 Author: Werner Koch Date: Mon Oct 23 13:08:28 2017 +0200 verein: Fix error in one transaction. I accidently entered 32868.08 instead of the correct 35868.08 for one BTC exchange. Also added running sums. diff --git a/web/verein/finances.org b/web/verein/finances.org index 243f474..6c33f48 100644 --- a/web/verein/finances.org +++ b/web/verein/finances.org @@ -17,19 +17,19 @@ | Date | Debit | Credit | Balance | Description | |------------+----------+--------+-----------+--------------------------| | 2017-06-23 | 200.00 | | 200.00 | Donation: g10 Code | -| 2017-06-30 | | 2.23 | | Banking fees | -| 2017-07-10 | 2000.00 | | | Donation: German company | -| 2017-07-25 | 59005.30 | | | Transfer from WHS | -| 2017-07-31 | | 5.80 | | Banking fees | -| 2017-08-81 | | 5.00 | | Banking fees | -| 2017-09-07 | 3615.64 | | | Exchange of 1 BTC | -| 2017-09-11 | 38650.36 | | | Exchange of 10 BTC | -| 2017-09-14 | 25868.08 | | 139326.35 | Exchange of 10 BTC | +| 2017-06-30 | | 2.23 | 197.77 | Bank fees | +| 2017-07-10 | 2000.00 | | 2197.77 | Donation: German company | +| 2017-07-25 | 59005.30 | | 61203.07 | Transfer from WHS | +| 2017-07-31 | | 5.80 | 61198.27 | Bank fees | +| 2017-08-31 | | 5.00 | 61192.27 | Bank fees | +| 2017-09-07 | 3615.64 | | 64807.91 | Exchange of 1 BTC | +| 2017-09-11 | 38650.36 | | 103458.27 | Exchange of 10 BTC | +| 2017-09-14 | 35868.08 | | 139326.35 | Exchange of 10 BTC | | 2017-09-19 | | 119.00 | 139207.35 | Design postcards | -| 2017-09-29 | | 12.00 | | Banking card | -| 2017-09-29 | | 6.30 | 139189.05 | Bank fees | +| 2017-09-29 | | 12.00 | 139195.35 | Banking card | +| 2017-09-29 | | 6.30 | 139190.05 | Bank fees | | 2017-10-06 | 18197.53 | | 157386.58 | Exchange of 5 BTC | -| 2017-10-12 | 220.00 | | | Donation kernel-recipes | +| 2017-10-12 | 220.00 | | 157606.58 | Donation kernel-recipes | | 2017-10-12 | 310.00 | | 157916.58 | Donation kernel-recipes | @@ -37,8 +37,9 @@ The 59.000 ? from the Wau Holland Stiftung have been collected by them for the GnuPG project since 2013. After the Verein reached charitable state they were able to transfer that money. Many thanks to them. -We have produced two kinds of postcards to be used as giveaways at -shows and other opportunities. +We have produced two postcards to be used as giveaways at shows and +other opportunities. Our account has not yet been charged for +printing costs. ** Bitcoin transactions ----------------------------------------------------------------------- Summary of changes: web/verein/finances.org | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 24 09:04:45 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 24 Oct 2017 09:04:45 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-18-gaa94491 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via aa944910979b52ad4ca2b317b9d551d8b4d48df2 (commit) via 5b31e22d9fc542bdccb1586ef2c83d9794a731d3 (commit) from 72d0ca10c884e09e8f28f084c385743c0796f09c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit aa944910979b52ad4ca2b317b9d551d8b4d48df2 Author: NIIBE Yutaka Date: Tue Oct 24 15:55:12 2017 +0900 Add crypto hash SM3. * configure.ac (available_digests): Add sm3. * src/cipher.h: Add declarations for SM3. * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm3.c. * cipher/md.c [USE_SM3] (digest_list): Add _gcry_digest_spec_sm3. * cipher/pubkey-util.c (hashnames): Add "sm3". * cipher/sm3.c: New. * tests/basic.c (check_digests): Add test vectors for SM3. * tests/hashtest-256g.in (algos): Add SM3. * tests/hashtest.c (testvectors): Add for SM3. -- GnuPG-bug-id: 3454 Signed-off-by: Jia Zhang diff --git a/cipher/Makefile.am b/cipher/Makefile.am index ee99262..bbfab4c 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -96,6 +96,7 @@ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha256-armv8-aarch32-ce.S sha256-armv8-aarch64-ce.S \ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \ sha512-armv7-neon.S sha512-arm.S \ +sm3.c \ keccak.c keccak_permute_32.h keccak_permute_64.h keccak-armv7-neon.S \ stribog.c \ tiger.c \ diff --git a/cipher/md.c b/cipher/md.c index c1f585f..94f1b5d 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -95,6 +95,9 @@ static gcry_md_spec_t *digest_list[] = &_gcry_digest_spec_blake2s_160, &_gcry_digest_spec_blake2s_128, #endif +#if USE_SM3 + &_gcry_digest_spec_sm3, +#endif NULL }; diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index c40ef97..ae0e1c4 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -221,6 +221,7 @@ get_hash_algo (const char *s, size_t n) { "sha3-256", GCRY_MD_SHA3_256 }, { "sha3-384", GCRY_MD_SHA3_384 }, { "sha3-512", GCRY_MD_SHA3_512 }, + { "sm3", GCRY_MD_SM3 }, { NULL, 0 } }; int algo; diff --git a/cipher/sm3.c b/cipher/sm3.c new file mode 100644 index 0000000..f0c574a --- /dev/null +++ b/cipher/sm3.c @@ -0,0 +1,454 @@ +/* sm3.c - SM3 hash function + * Copyright (C) 2017 Jia Zhang + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + + +/* Test vectors: + + "abc" + SM3: 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0 + + "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd" + SM3: debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732 + + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + SM3: 639b6cc5 e64d9e37 a390b192 df4fa1ea 0720ab74 7ff692b9 f38c4e66 ad7b8c05 + + "a" one million times + SM3: c8aaf894 29554029 e231941a 2acc0ad6 1ff2a5ac d8fadd25 847a3a73 2b3b02c3 + + */ + + +#include +#include +#include +#include + +#include "g10lib.h" +#include "bithelp.h" +#include "bufhelp.h" +#include "cipher.h" +#include "hash-common.h" + + +typedef struct { + gcry_md_block_ctx_t bctx; + u32 h0,h1,h2,h3,h4,h5,h6,h7; +} SM3_CONTEXT; + + +static unsigned int +transform (void *c, const unsigned char *data, size_t nblks); + + +static void +sm3_init (void *context, unsigned int flags) +{ + SM3_CONTEXT *hd = context; + unsigned int features = _gcry_get_hw_features (); + + (void)flags; + + hd->h0 = 0x7380166f; + hd->h1 = 0x4914b2b9; + hd->h2 = 0x172442d7; + hd->h3 = 0xda8a0600; + hd->h4 = 0xa96f30bc; + hd->h5 = 0x163138aa; + hd->h6 = 0xe38dee4d; + hd->h7 = 0xb0fb0e4e; + + hd->bctx.nblocks = 0; + hd->bctx.nblocks_high = 0; + hd->bctx.count = 0; + hd->bctx.blocksize = 64; + hd->bctx.bwrite = transform; + + (void)features; +} + + +/* + Transform the message X which consists of 16 32-bit-words. See + GM/T 004-2012 for details. */ +#define R(i,a,b,c,d,e,f,g,h,t,w1,w2) do \ + { \ + ss1 = rol ((rol ((a), 12) + (e) + (t)), 7); \ + ss2 = ss1 ^ rol ((a), 12); \ + d += FF##i(a,b,c) + ss2 + ((w1) ^ (w2)); \ + h += GG##i(e,f,g) + ss1 + (w1); \ + b = rol ((b), 9); \ + f = rol ((f), 19); \ + h = P0 ((h)); \ + } while (0) + +#define R1(a,b,c,d,e,f,g,h,t,w1,w2) R(1,a,b,c,d,e,f,g,h,t,w1,w2) +#define R2(a,b,c,d,e,f,g,h,t,w1,w2) R(2,a,b,c,d,e,f,g,h,t,w1,w2) + +#define FF1(x, y, z) (x ^ y ^ z) + +#define FF2(x, y, z) ((x & y) | (x & z) | (y & z)) + +#define GG1(x, y, z) (x ^ y ^ z) + +#define GG2(x, y, z) ((x & y) | ( ~x & z)) + +/* Message expansion */ +#define P0(x) ((x) ^ rol ((x), 9) ^ rol ((x), 17)) +#define P1(x) ((x) ^ rol ((x), 15) ^ rol ((x), 23)) +#define I(i) ( w[i] = buf_get_be32(data + i * 4) ) +#define W1(i) ( w[i&0x0f] ) +#define W2(i) ( w[i&0x0f] = P1(w[i &0x0f] \ + ^ w[(i-9)&0x0f] \ + ^ rol (w[(i-3)&0x0f], 15)) \ + ^ rol (w[(i-13)&0x0f], 7) \ + ^ w[(i-6)&0x0f] ) + +static unsigned int +transform_blk (void *ctx, const unsigned char *data) +{ + SM3_CONTEXT *hd = ctx; + static const u32 K[64] = { + 0x79cc4519, 0xf3988a32, 0xe7311465, 0xce6228cb, + 0x9cc45197, 0x3988a32f, 0x7311465e, 0xe6228cbc, + 0xcc451979, 0x988a32f3, 0x311465e7, 0x6228cbce, + 0xc451979c, 0x88a32f39, 0x11465e73, 0x228cbce6, + 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c, + 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce, + 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec, + 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5, + 0x7a879d8a, 0xf50f3b14, 0xea1e7629, 0xd43cec53, + 0xa879d8a7, 0x50f3b14f, 0xa1e7629e, 0x43cec53d, + 0x879d8a7a, 0x0f3b14f5, 0x1e7629ea, 0x3cec53d4, + 0x79d8a7a8, 0xf3b14f50, 0xe7629ea1, 0xcec53d43, + 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c, + 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce, + 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec, + 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5 + }; + + u32 a,b,c,d,e,f,g,h,ss1,ss2; + u32 w[16]; + + a = hd->h0; + b = hd->h1; + c = hd->h2; + d = hd->h3; + e = hd->h4; + f = hd->h5; + g = hd->h6; + h = hd->h7; + + R1(a, b, c, d, e, f, g, h, K[0], I(0), I(4)); + R1(d, a, b, c, h, e, f, g, K[1], I(1), I(5)); + R1(c, d, a, b, g, h, e, f, K[2], I(2), I(6)); + R1(b, c, d, a, f, g, h, e, K[3], I(3), I(7)); + R1(a, b, c, d, e, f, g, h, K[4], W1(4), I(8)); + R1(d, a, b, c, h, e, f, g, K[5], W1(5), I(9)); + R1(c, d, a, b, g, h, e, f, K[6], W1(6), I(10)); + R1(b, c, d, a, f, g, h, e, K[7], W1(7), I(11)); + R1(a, b, c, d, e, f, g, h, K[8], W1(8), I(12)); + R1(d, a, b, c, h, e, f, g, K[9], W1(9), I(13)); + R1(c, d, a, b, g, h, e, f, K[10], W1(10), I(14)); + R1(b, c, d, a, f, g, h, e, K[11], W1(11), I(15)); + R1(a, b, c, d, e, f, g, h, K[12], W1(12), W2(16)); + R1(d, a, b, c, h, e, f, g, K[13], W1(13), W2(17)); + R1(c, d, a, b, g, h, e, f, K[14], W1(14), W2(18)); + R1(b, c, d, a, f, g, h, e, K[15], W1(15), W2(19)); + + R2(a, b, c, d, e, f, g, h, K[16], W1(16), W2(20)); + R2(d, a, b, c, h, e, f, g, K[17], W1(17), W2(21)); + R2(c, d, a, b, g, h, e, f, K[18], W1(18), W2(22)); + R2(b, c, d, a, f, g, h, e, K[19], W1(19), W2(23)); + R2(a, b, c, d, e, f, g, h, K[20], W1(20), W2(24)); + R2(d, a, b, c, h, e, f, g, K[21], W1(21), W2(25)); + R2(c, d, a, b, g, h, e, f, K[22], W1(22), W2(26)); + R2(b, c, d, a, f, g, h, e, K[23], W1(23), W2(27)); + R2(a, b, c, d, e, f, g, h, K[24], W1(24), W2(28)); + R2(d, a, b, c, h, e, f, g, K[25], W1(25), W2(29)); + R2(c, d, a, b, g, h, e, f, K[26], W1(26), W2(30)); + R2(b, c, d, a, f, g, h, e, K[27], W1(27), W2(31)); + R2(a, b, c, d, e, f, g, h, K[28], W1(28), W2(32)); + R2(d, a, b, c, h, e, f, g, K[29], W1(29), W2(33)); + R2(c, d, a, b, g, h, e, f, K[30], W1(30), W2(34)); + R2(b, c, d, a, f, g, h, e, K[31], W1(31), W2(35)); + + R2(a, b, c, d, e, f, g, h, K[32], W1(32), W2(36)); + R2(d, a, b, c, h, e, f, g, K[33], W1(33), W2(37)); + R2(c, d, a, b, g, h, e, f, K[34], W1(34), W2(38)); + R2(b, c, d, a, f, g, h, e, K[35], W1(35), W2(39)); + R2(a, b, c, d, e, f, g, h, K[36], W1(36), W2(40)); + R2(d, a, b, c, h, e, f, g, K[37], W1(37), W2(41)); + R2(c, d, a, b, g, h, e, f, K[38], W1(38), W2(42)); + R2(b, c, d, a, f, g, h, e, K[39], W1(39), W2(43)); + R2(a, b, c, d, e, f, g, h, K[40], W1(40), W2(44)); + R2(d, a, b, c, h, e, f, g, K[41], W1(41), W2(45)); + R2(c, d, a, b, g, h, e, f, K[42], W1(42), W2(46)); + R2(b, c, d, a, f, g, h, e, K[43], W1(43), W2(47)); + R2(a, b, c, d, e, f, g, h, K[44], W1(44), W2(48)); + R2(d, a, b, c, h, e, f, g, K[45], W1(45), W2(49)); + R2(c, d, a, b, g, h, e, f, K[46], W1(46), W2(50)); + R2(b, c, d, a, f, g, h, e, K[47], W1(47), W2(51)); + + R2(a, b, c, d, e, f, g, h, K[48], W1(48), W2(52)); + R2(d, a, b, c, h, e, f, g, K[49], W1(49), W2(53)); + R2(c, d, a, b, g, h, e, f, K[50], W1(50), W2(54)); + R2(b, c, d, a, f, g, h, e, K[51], W1(51), W2(55)); + R2(a, b, c, d, e, f, g, h, K[52], W1(52), W2(56)); + R2(d, a, b, c, h, e, f, g, K[53], W1(53), W2(57)); + R2(c, d, a, b, g, h, e, f, K[54], W1(54), W2(58)); + R2(b, c, d, a, f, g, h, e, K[55], W1(55), W2(59)); + R2(a, b, c, d, e, f, g, h, K[56], W1(56), W2(60)); + R2(d, a, b, c, h, e, f, g, K[57], W1(57), W2(61)); + R2(c, d, a, b, g, h, e, f, K[58], W1(58), W2(62)); + R2(b, c, d, a, f, g, h, e, K[59], W1(59), W2(63)); + R2(a, b, c, d, e, f, g, h, K[60], W1(60), W2(64)); + R2(d, a, b, c, h, e, f, g, K[61], W1(61), W2(65)); + R2(c, d, a, b, g, h, e, f, K[62], W1(62), W2(66)); + R2(b, c, d, a, f, g, h, e, K[63], W1(63), W2(67)); + + hd->h0 ^= a; + hd->h1 ^= b; + hd->h2 ^= c; + hd->h3 ^= d; + hd->h4 ^= e; + hd->h5 ^= f; + hd->h6 ^= g; + hd->h7 ^= h; + + return /*burn_stack*/ 26*4+32; +} +#undef P0 +#undef P1 +#undef R +#undef R1 +#undef R2 + +static unsigned int +transform (void *ctx, const unsigned char *data, size_t nblks) +{ + SM3_CONTEXT *hd = ctx; + unsigned int burn; + + do + { + burn = transform_blk (hd, data); + data += 64; + } + while (--nblks); + + return burn; +} + + +/* + The routine finally terminates the computation and returns the + digest. The handle is prepared for a new cycle, but adding bytes + to the handle will the destroy the returned buffer. Returns: 32 + bytes with the message the digest. */ +static void +sm3_final(void *context) +{ + SM3_CONTEXT *hd = context; + u32 t, th, msb, lsb; + byte *p; + unsigned int burn; + + _gcry_md_block_write (hd, NULL, 0); /* flush */; + + t = hd->bctx.nblocks; + if (sizeof t == sizeof hd->bctx.nblocks) + th = hd->bctx.nblocks_high; + else + th = hd->bctx.nblocks >> 32; + + /* multiply by 64 to make a byte count */ + lsb = t << 6; + msb = (th << 6) | (t >> 26); + /* add the count */ + t = lsb; + if ((lsb += hd->bctx.count) < t) + msb++; + /* multiply by 8 to make a bit count */ + t = lsb; + lsb <<= 3; + msb <<= 3; + msb |= t >> 29; + + if (hd->bctx.count < 56) + { /* enough room */ + hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ + while (hd->bctx.count < 56) + hd->bctx.buf[hd->bctx.count++] = 0; /* pad */ + } + else + { /* need one extra block */ + hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */ + while (hd->bctx.count < 64) + hd->bctx.buf[hd->bctx.count++] = 0; + _gcry_md_block_write (hd, NULL, 0); /* flush */; + memset (hd->bctx.buf, 0, 56 ); /* fill next block with zeroes */ + } + /* append the 64 bit count */ + buf_put_be32(hd->bctx.buf + 56, msb); + buf_put_be32(hd->bctx.buf + 60, lsb); + burn = transform (hd, hd->bctx.buf, 1); + _gcry_burn_stack (burn); + + p = hd->bctx.buf; +#define X(a) do { buf_put_be32(p, hd->h##a); p += 4; } while(0) + X(0); + X(1); + X(2); + X(3); + X(4); + X(5); + X(6); + X(7); +#undef X +} + +static byte * +sm3_read (void *context) +{ + SM3_CONTEXT *hd = context; + + return hd->bctx.buf; +} + + +/* Shortcut functions which puts the hash value of the supplied buffer + * into outbuf which must have a size of 32 bytes. */ +void +_gcry_sm3_hash_buffer (void *outbuf, const void *buffer, size_t length) +{ + SM3_CONTEXT hd; + + sm3_init (&hd, 0); + _gcry_md_block_write (&hd, buffer, length); + sm3_final (&hd); + memcpy (outbuf, hd.bctx.buf, 32); +} + + +/* Variant of the above shortcut function using multiple buffers. */ +void +_gcry_sm3_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt) +{ + SM3_CONTEXT hd; + + sm3_init (&hd, 0); + for (;iovcnt > 0; iov++, iovcnt--) + _gcry_md_block_write (&hd, + (const char*)iov[0].data + iov[0].off, iov[0].len); + sm3_final (&hd); + memcpy (outbuf, hd.bctx.buf, 32); +} + + + +/* + Self-test section. + */ + + +static gpg_err_code_t +selftests_sm3 (int extended, selftest_report_func_t report) +{ + const char *what; + const char *errtxt; + + what = "short string (spec example 1)"; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SM3, 0, + "abc", 3, + "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2" + "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0", 32); + if (errtxt) + goto failed; + + if (extended) + { + what = "long string (spec example 2)"; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SM3, 0, + "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", 64, + "\xde\xbe\x9f\xf9\x22\x75\xb8\xa1\x38\x60\x48\x89\xc1\x8e\x5a\x4d" + "\x6f\xdb\x70\xe5\x38\x7e\x57\x65\x29\x3d\xcb\xa3\x9c\x0c\x57\x32", + 32); + if (errtxt) + goto failed; + + what = "long string"; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SM3, 0, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56, + "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea" + "\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05", + 32); + if (errtxt) + goto failed; + + what = "one million \"a\""; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SM3, 1, + NULL, 0, + "\xc8\xaa\xf8\x94\x29\x55\x40\x29\xe2\x31\x94\x1a\x2a\xcc\x0a\xd6" + "\x1f\xf2\xa5\xac\xd8\xfa\xdd\x25\x84\x7a\x3a\x73\x2b\x3b\x02\xc3", + 32); + if (errtxt) + goto failed; + } + + return 0; /* Succeeded. */ + + failed: + if (report) + report ("digest", GCRY_MD_SM3, what, errtxt); + return GPG_ERR_SELFTEST_FAILED; +} + + +/* Run a full self-test for ALGO and return 0 on success. */ +static gpg_err_code_t +run_selftests (int algo, int extended, selftest_report_func_t report) +{ + gpg_err_code_t ec; + + switch (algo) + { + case GCRY_MD_SM3: + ec = selftests_sm3 (extended, report); + break; + default: + ec = GPG_ERR_DIGEST_ALGO; + break; + + } + return ec; +} + +gcry_md_spec_t _gcry_digest_spec_sm3 = + { + GCRY_MD_SM3, {0, 1}, + "SM3", NULL, 0, NULL, 32, + sm3_init, _gcry_md_block_write, sm3_final, sm3_read, NULL, + sizeof (SM3_CONTEXT), + run_selftests + }; diff --git a/configure.ac b/configure.ac index a2ac9ce..86035a4 100644 --- a/configure.ac +++ b/configure.ac @@ -198,6 +198,7 @@ enabled_pubkey_ciphers="" # Definitions for message digests. available_digests="crc gostr3411-94 md2 md4 md5 rmd160 sha1 sha256 sha512" available_digests="$available_digests sha3 tiger whirlpool stribog blake2" +available_digests="$available_digests sm3" enabled_digests="" # Definitions for kdfs (optional ones) @@ -2456,6 +2457,12 @@ case "${host}" in ;; esac +LIST_MEMBER(sm3, $enabled_digests) +if test "$found" = "1" ; then + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sm3.lo" + AC_DEFINE(USE_SM3, 1, [Defined if this module should be included]) +fi + LIST_MEMBER(scrypt, $enabled_kdfs) if test "$found" = "1" ; then GCRYPT_KDFS="$GCRYPT_KDFS scrypt.lo" diff --git a/src/cipher.h b/src/cipher.h index f2acb55..a6f257d 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -133,6 +133,12 @@ void _gcry_sha512_hash_buffer (void *outbuf, void _gcry_sha512_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt); +/*-- sm3.c --*/ +void _gcry_sm3_hash_buffer (void *outbuf, + const void *buffer, size_t length); +void _gcry_sm3_hash_buffers (void *outbuf, + const gcry_buffer_t *iov, int iovcnt); + /*-- blake2.c --*/ gcry_err_code_t _gcry_blake2_init_with_key(void *ctx, unsigned int flags, const unsigned char *key, @@ -326,6 +332,7 @@ extern gcry_md_spec_t _gcry_digest_spec_blake2s_256; extern gcry_md_spec_t _gcry_digest_spec_blake2s_224; extern gcry_md_spec_t _gcry_digest_spec_blake2s_160; extern gcry_md_spec_t _gcry_digest_spec_blake2s_128; +extern gcry_md_spec_t _gcry_digest_spec_sm3; /* Declarations for the pubkey cipher specifications. */ extern gcry_pk_spec_t _gcry_pubkey_spec_rsa; diff --git a/tests/basic.c b/tests/basic.c index 89b7917..c2b4208 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -7770,6 +7770,31 @@ check_digests (void) "\x0e\xfc\x29\xde" }, { GCRY_MD_BLAKE2S_128, "?", "\x70\x0b\x8a\x71\x1d\x34\x0a\xf0\x13\x93\x19\x93\x5e\xd7\x54\x9c" }, + + { GCRY_MD_SM3, "abc", + "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2" + "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0" }, + { GCRY_MD_SM3, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea" + "\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05" }, + { GCRY_MD_SM3, "!", + "\xc8\xaa\xf8\x94\x29\x55\x40\x29\xe2\x31\x94\x1a\x2a\xcc\x0a\xd6" + "\x1f\xf2\xa5\xac\xd8\xfa\xdd\x25\x84\x7a\x3a\x73\x2b\x3b\x02\xc3" }, + { GCRY_MD_SM3, "?", + "\x3a\x3f\x53\xfc\x96\xc2\xde\xb2\xd9\x12\x3a\x1b\xd8\x47\x71\x28" + "\xbc\x5d\x5e\x94\xea\x08\x86\x3d\xfb\xe4\x00\x5a\xd9\xed\x79\x26" }, + { GCRY_MD_SM3, + "Libgcrypt is free software; you can redistribute it and/or modif" + "y it under the terms of the GNU Lesser general Public License as" + " published by the Free Software Foundation; either version 2.1 o" + "f the License, or (at your option) any later version.\nLibgcrypt" + " is distributed in the hope that it will be useful, but WITHOUT " + "ANY WARRANTY; without even the implied warranty of MERCHANTABILI" + "TY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser Gene" + "ral Public License for more details.", + "\x8b\x91\x3f\x0e\x85\xae\x43\x25\x6d\x28\x38\x6c\x09\x5c\xc7\x72" + "\xcc\x2e\x78\x89\x7e\x2e\x4e\x5a\x3d\xf6\x55\xfe\x87\xbe\xa6\xbc" }, { 0 } }; gcry_error_t err; diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in index 92b1c1b..a52b869 100755 --- a/tests/hashtest-256g.in +++ b/tests/hashtest-256g.in @@ -1,6 +1,6 @@ #!/bin/sh -algos="SHA1 SHA256 SHA512" +algos="SHA1 SHA256 SHA512 SM3" test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77 echo " now running 256 GiB tests for $algos - this takes looong" diff --git a/tests/hashtest.c b/tests/hashtest.c index 2ecbc1f..3394594 100644 --- a/tests/hashtest.c +++ b/tests/hashtest.c @@ -102,6 +102,17 @@ static struct { "0c91b91665ceaf7af5102e0ed31aa4f050668ab3c57b1f4763946d567efe66b3" "ab9a2016cf238dee5b44eae9f0cdfbf7b7a6eb1e759986273243dc35894706b6" }, + { GCRY_MD_SM3, 256, -64, + "4ceb893abeb43965d4cac7626da9a4be895585b5b2f16f302626801308b1c02a" }, + { GCRY_MD_SM3, 256, -1, + "825f01e4f2b6084136abc356fa1b343a9411d844a4dc1474293aad817cd2a48f" }, + { GCRY_MD_SM3, 256, +0, + "d948a4025ac3ea0aa8989f43203411bd22ad17eaa5fd92ebdf9cabf869f1ba1b" }, + { GCRY_MD_SM3, 256, +1, + "4f6d0e260299c1f286ef1dbb4638a0770979f266b6c007c55410ee6849cba2a8" }, + { GCRY_MD_SM3, 256, +64, + "ed34869dbadd62e3bec1f511004d7bbfc9cafa965477cc48843b248293bbe867" }, + { 0 } }; commit 5b31e22d9fc542bdccb1586ef2c83d9794a731d3 Author: NIIBE Yutaka Date: Tue Oct 24 15:43:41 2017 +0900 Add new constant GCRY_MD_SM3 for crypto hash SM3. * src/gcrypt.h.in (GCRY_MD_SM3): New. Signed-off-by: NIIBE Yutaka diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 76d9b1d..b55657f 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1244,7 +1244,8 @@ enum gcry_md_algos GCRY_MD_BLAKE2S_256 = 322, GCRY_MD_BLAKE2S_224 = 323, GCRY_MD_BLAKE2S_160 = 324, - GCRY_MD_BLAKE2S_128 = 325 + GCRY_MD_BLAKE2S_128 = 325, + GCRY_MD_SM3 = 326, }; /* Flags used with the open function. */ ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 1 + cipher/md.c | 3 + cipher/pubkey-util.c | 1 + cipher/sm3.c | 454 +++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 7 + src/cipher.h | 7 + src/gcrypt.h.in | 3 +- tests/basic.c | 25 +++ tests/hashtest-256g.in | 2 +- tests/hashtest.c | 11 ++ 10 files changed, 512 insertions(+), 2 deletions(-) create mode 100644 cipher/sm3.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 24 09:19:45 2017 From: cvs at cvs.gnupg.org (by Jia Zhang) Date: Tue, 24 Oct 2017 09:19:45 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-18-g4423bf3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated discards aa944910979b52ad4ca2b317b9d551d8b4d48df2 (commit) via 4423bf3cc4432b9bfe801ff74cb05e6f0dd3eccd (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (aa944910979b52ad4ca2b317b9d551d8b4d48df2) \ N -- N -- N (4423bf3cc4432b9bfe801ff74cb05e6f0dd3eccd) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4423bf3cc4432b9bfe801ff74cb05e6f0dd3eccd Author: Jia Zhang Date: Tue Oct 24 15:55:12 2017 +0900 Add crypto hash SM3. * configure.ac (available_digests): Add sm3. * src/cipher.h: Add declarations for SM3. * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm3.c. * cipher/md.c [USE_SM3] (digest_list): Add _gcry_digest_spec_sm3. * cipher/pubkey-util.c (hashnames): Add "sm3". * cipher/sm3.c: New. * tests/basic.c (check_digests): Add test vectors for SM3. * tests/hashtest-256g.in (algos): Add SM3. * tests/hashtest.c (testvectors): Add for SM3. -- GnuPG-bug-id: 3454 Signed-off-by: Jia Zhang diff --git a/cipher/Makefile.am b/cipher/Makefile.am index ee99262..bbfab4c 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -96,6 +96,7 @@ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha256-armv8-aarch32-ce.S sha256-armv8-aarch64-ce.S \ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \ sha512-armv7-neon.S sha512-arm.S \ +sm3.c \ keccak.c keccak_permute_32.h keccak_permute_64.h keccak-armv7-neon.S \ stribog.c \ tiger.c \ diff --git a/cipher/md.c b/cipher/md.c index c1f585f..94f1b5d 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -95,6 +95,9 @@ static gcry_md_spec_t *digest_list[] = &_gcry_digest_spec_blake2s_160, &_gcry_digest_spec_blake2s_128, #endif +#if USE_SM3 + &_gcry_digest_spec_sm3, +#endif NULL }; diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index c40ef97..ae0e1c4 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -221,6 +221,7 @@ get_hash_algo (const char *s, size_t n) { "sha3-256", GCRY_MD_SHA3_256 }, { "sha3-384", GCRY_MD_SHA3_384 }, { "sha3-512", GCRY_MD_SHA3_512 }, + { "sm3", GCRY_MD_SM3 }, { NULL, 0 } }; int algo; diff --git a/cipher/sm3.c b/cipher/sm3.c new file mode 100644 index 0000000..f0c574a --- /dev/null +++ b/cipher/sm3.c @@ -0,0 +1,454 @@ +/* sm3.c - SM3 hash function + * Copyright (C) 2017 Jia Zhang + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + + +/* Test vectors: + + "abc" + SM3: 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0 + + "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd" + SM3: debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732 + + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + SM3: 639b6cc5 e64d9e37 a390b192 df4fa1ea 0720ab74 7ff692b9 f38c4e66 ad7b8c05 + + "a" one million times + SM3: c8aaf894 29554029 e231941a 2acc0ad6 1ff2a5ac d8fadd25 847a3a73 2b3b02c3 + + */ + + +#include +#include +#include +#include + +#include "g10lib.h" +#include "bithelp.h" +#include "bufhelp.h" +#include "cipher.h" +#include "hash-common.h" + + +typedef struct { + gcry_md_block_ctx_t bctx; + u32 h0,h1,h2,h3,h4,h5,h6,h7; +} SM3_CONTEXT; + + +static unsigned int +transform (void *c, const unsigned char *data, size_t nblks); + + +static void +sm3_init (void *context, unsigned int flags) +{ + SM3_CONTEXT *hd = context; + unsigned int features = _gcry_get_hw_features (); + + (void)flags; + + hd->h0 = 0x7380166f; + hd->h1 = 0x4914b2b9; + hd->h2 = 0x172442d7; + hd->h3 = 0xda8a0600; + hd->h4 = 0xa96f30bc; + hd->h5 = 0x163138aa; + hd->h6 = 0xe38dee4d; + hd->h7 = 0xb0fb0e4e; + + hd->bctx.nblocks = 0; + hd->bctx.nblocks_high = 0; + hd->bctx.count = 0; + hd->bctx.blocksize = 64; + hd->bctx.bwrite = transform; + + (void)features; +} + + +/* + Transform the message X which consists of 16 32-bit-words. See + GM/T 004-2012 for details. */ +#define R(i,a,b,c,d,e,f,g,h,t,w1,w2) do \ + { \ + ss1 = rol ((rol ((a), 12) + (e) + (t)), 7); \ + ss2 = ss1 ^ rol ((a), 12); \ + d += FF##i(a,b,c) + ss2 + ((w1) ^ (w2)); \ + h += GG##i(e,f,g) + ss1 + (w1); \ + b = rol ((b), 9); \ + f = rol ((f), 19); \ + h = P0 ((h)); \ + } while (0) + +#define R1(a,b,c,d,e,f,g,h,t,w1,w2) R(1,a,b,c,d,e,f,g,h,t,w1,w2) +#define R2(a,b,c,d,e,f,g,h,t,w1,w2) R(2,a,b,c,d,e,f,g,h,t,w1,w2) + +#define FF1(x, y, z) (x ^ y ^ z) + +#define FF2(x, y, z) ((x & y) | (x & z) | (y & z)) + +#define GG1(x, y, z) (x ^ y ^ z) + +#define GG2(x, y, z) ((x & y) | ( ~x & z)) + +/* Message expansion */ +#define P0(x) ((x) ^ rol ((x), 9) ^ rol ((x), 17)) +#define P1(x) ((x) ^ rol ((x), 15) ^ rol ((x), 23)) +#define I(i) ( w[i] = buf_get_be32(data + i * 4) ) +#define W1(i) ( w[i&0x0f] ) +#define W2(i) ( w[i&0x0f] = P1(w[i &0x0f] \ + ^ w[(i-9)&0x0f] \ + ^ rol (w[(i-3)&0x0f], 15)) \ + ^ rol (w[(i-13)&0x0f], 7) \ + ^ w[(i-6)&0x0f] ) + +static unsigned int +transform_blk (void *ctx, const unsigned char *data) +{ + SM3_CONTEXT *hd = ctx; + static const u32 K[64] = { + 0x79cc4519, 0xf3988a32, 0xe7311465, 0xce6228cb, + 0x9cc45197, 0x3988a32f, 0x7311465e, 0xe6228cbc, + 0xcc451979, 0x988a32f3, 0x311465e7, 0x6228cbce, + 0xc451979c, 0x88a32f39, 0x11465e73, 0x228cbce6, + 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c, + 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce, + 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec, + 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5, + 0x7a879d8a, 0xf50f3b14, 0xea1e7629, 0xd43cec53, + 0xa879d8a7, 0x50f3b14f, 0xa1e7629e, 0x43cec53d, + 0x879d8a7a, 0x0f3b14f5, 0x1e7629ea, 0x3cec53d4, + 0x79d8a7a8, 0xf3b14f50, 0xe7629ea1, 0xcec53d43, + 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c, + 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce, + 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec, + 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5 + }; + + u32 a,b,c,d,e,f,g,h,ss1,ss2; + u32 w[16]; + + a = hd->h0; + b = hd->h1; + c = hd->h2; + d = hd->h3; + e = hd->h4; + f = hd->h5; + g = hd->h6; + h = hd->h7; + + R1(a, b, c, d, e, f, g, h, K[0], I(0), I(4)); + R1(d, a, b, c, h, e, f, g, K[1], I(1), I(5)); + R1(c, d, a, b, g, h, e, f, K[2], I(2), I(6)); + R1(b, c, d, a, f, g, h, e, K[3], I(3), I(7)); + R1(a, b, c, d, e, f, g, h, K[4], W1(4), I(8)); + R1(d, a, b, c, h, e, f, g, K[5], W1(5), I(9)); + R1(c, d, a, b, g, h, e, f, K[6], W1(6), I(10)); + R1(b, c, d, a, f, g, h, e, K[7], W1(7), I(11)); + R1(a, b, c, d, e, f, g, h, K[8], W1(8), I(12)); + R1(d, a, b, c, h, e, f, g, K[9], W1(9), I(13)); + R1(c, d, a, b, g, h, e, f, K[10], W1(10), I(14)); + R1(b, c, d, a, f, g, h, e, K[11], W1(11), I(15)); + R1(a, b, c, d, e, f, g, h, K[12], W1(12), W2(16)); + R1(d, a, b, c, h, e, f, g, K[13], W1(13), W2(17)); + R1(c, d, a, b, g, h, e, f, K[14], W1(14), W2(18)); + R1(b, c, d, a, f, g, h, e, K[15], W1(15), W2(19)); + + R2(a, b, c, d, e, f, g, h, K[16], W1(16), W2(20)); + R2(d, a, b, c, h, e, f, g, K[17], W1(17), W2(21)); + R2(c, d, a, b, g, h, e, f, K[18], W1(18), W2(22)); + R2(b, c, d, a, f, g, h, e, K[19], W1(19), W2(23)); + R2(a, b, c, d, e, f, g, h, K[20], W1(20), W2(24)); + R2(d, a, b, c, h, e, f, g, K[21], W1(21), W2(25)); + R2(c, d, a, b, g, h, e, f, K[22], W1(22), W2(26)); + R2(b, c, d, a, f, g, h, e, K[23], W1(23), W2(27)); + R2(a, b, c, d, e, f, g, h, K[24], W1(24), W2(28)); + R2(d, a, b, c, h, e, f, g, K[25], W1(25), W2(29)); + R2(c, d, a, b, g, h, e, f, K[26], W1(26), W2(30)); + R2(b, c, d, a, f, g, h, e, K[27], W1(27), W2(31)); + R2(a, b, c, d, e, f, g, h, K[28], W1(28), W2(32)); + R2(d, a, b, c, h, e, f, g, K[29], W1(29), W2(33)); + R2(c, d, a, b, g, h, e, f, K[30], W1(30), W2(34)); + R2(b, c, d, a, f, g, h, e, K[31], W1(31), W2(35)); + + R2(a, b, c, d, e, f, g, h, K[32], W1(32), W2(36)); + R2(d, a, b, c, h, e, f, g, K[33], W1(33), W2(37)); + R2(c, d, a, b, g, h, e, f, K[34], W1(34), W2(38)); + R2(b, c, d, a, f, g, h, e, K[35], W1(35), W2(39)); + R2(a, b, c, d, e, f, g, h, K[36], W1(36), W2(40)); + R2(d, a, b, c, h, e, f, g, K[37], W1(37), W2(41)); + R2(c, d, a, b, g, h, e, f, K[38], W1(38), W2(42)); + R2(b, c, d, a, f, g, h, e, K[39], W1(39), W2(43)); + R2(a, b, c, d, e, f, g, h, K[40], W1(40), W2(44)); + R2(d, a, b, c, h, e, f, g, K[41], W1(41), W2(45)); + R2(c, d, a, b, g, h, e, f, K[42], W1(42), W2(46)); + R2(b, c, d, a, f, g, h, e, K[43], W1(43), W2(47)); + R2(a, b, c, d, e, f, g, h, K[44], W1(44), W2(48)); + R2(d, a, b, c, h, e, f, g, K[45], W1(45), W2(49)); + R2(c, d, a, b, g, h, e, f, K[46], W1(46), W2(50)); + R2(b, c, d, a, f, g, h, e, K[47], W1(47), W2(51)); + + R2(a, b, c, d, e, f, g, h, K[48], W1(48), W2(52)); + R2(d, a, b, c, h, e, f, g, K[49], W1(49), W2(53)); + R2(c, d, a, b, g, h, e, f, K[50], W1(50), W2(54)); + R2(b, c, d, a, f, g, h, e, K[51], W1(51), W2(55)); + R2(a, b, c, d, e, f, g, h, K[52], W1(52), W2(56)); + R2(d, a, b, c, h, e, f, g, K[53], W1(53), W2(57)); + R2(c, d, a, b, g, h, e, f, K[54], W1(54), W2(58)); + R2(b, c, d, a, f, g, h, e, K[55], W1(55), W2(59)); + R2(a, b, c, d, e, f, g, h, K[56], W1(56), W2(60)); + R2(d, a, b, c, h, e, f, g, K[57], W1(57), W2(61)); + R2(c, d, a, b, g, h, e, f, K[58], W1(58), W2(62)); + R2(b, c, d, a, f, g, h, e, K[59], W1(59), W2(63)); + R2(a, b, c, d, e, f, g, h, K[60], W1(60), W2(64)); + R2(d, a, b, c, h, e, f, g, K[61], W1(61), W2(65)); + R2(c, d, a, b, g, h, e, f, K[62], W1(62), W2(66)); + R2(b, c, d, a, f, g, h, e, K[63], W1(63), W2(67)); + + hd->h0 ^= a; + hd->h1 ^= b; + hd->h2 ^= c; + hd->h3 ^= d; + hd->h4 ^= e; + hd->h5 ^= f; + hd->h6 ^= g; + hd->h7 ^= h; + + return /*burn_stack*/ 26*4+32; +} +#undef P0 +#undef P1 +#undef R +#undef R1 +#undef R2 + +static unsigned int +transform (void *ctx, const unsigned char *data, size_t nblks) +{ + SM3_CONTEXT *hd = ctx; + unsigned int burn; + + do + { + burn = transform_blk (hd, data); + data += 64; + } + while (--nblks); + + return burn; +} + + +/* + The routine finally terminates the computation and returns the + digest. The handle is prepared for a new cycle, but adding bytes + to the handle will the destroy the returned buffer. Returns: 32 + bytes with the message the digest. */ +static void +sm3_final(void *context) +{ + SM3_CONTEXT *hd = context; + u32 t, th, msb, lsb; + byte *p; + unsigned int burn; + + _gcry_md_block_write (hd, NULL, 0); /* flush */; + + t = hd->bctx.nblocks; + if (sizeof t == sizeof hd->bctx.nblocks) + th = hd->bctx.nblocks_high; + else + th = hd->bctx.nblocks >> 32; + + /* multiply by 64 to make a byte count */ + lsb = t << 6; + msb = (th << 6) | (t >> 26); + /* add the count */ + t = lsb; + if ((lsb += hd->bctx.count) < t) + msb++; + /* multiply by 8 to make a bit count */ + t = lsb; + lsb <<= 3; + msb <<= 3; + msb |= t >> 29; + + if (hd->bctx.count < 56) + { /* enough room */ + hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ + while (hd->bctx.count < 56) + hd->bctx.buf[hd->bctx.count++] = 0; /* pad */ + } + else + { /* need one extra block */ + hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */ + while (hd->bctx.count < 64) + hd->bctx.buf[hd->bctx.count++] = 0; + _gcry_md_block_write (hd, NULL, 0); /* flush */; + memset (hd->bctx.buf, 0, 56 ); /* fill next block with zeroes */ + } + /* append the 64 bit count */ + buf_put_be32(hd->bctx.buf + 56, msb); + buf_put_be32(hd->bctx.buf + 60, lsb); + burn = transform (hd, hd->bctx.buf, 1); + _gcry_burn_stack (burn); + + p = hd->bctx.buf; +#define X(a) do { buf_put_be32(p, hd->h##a); p += 4; } while(0) + X(0); + X(1); + X(2); + X(3); + X(4); + X(5); + X(6); + X(7); +#undef X +} + +static byte * +sm3_read (void *context) +{ + SM3_CONTEXT *hd = context; + + return hd->bctx.buf; +} + + +/* Shortcut functions which puts the hash value of the supplied buffer + * into outbuf which must have a size of 32 bytes. */ +void +_gcry_sm3_hash_buffer (void *outbuf, const void *buffer, size_t length) +{ + SM3_CONTEXT hd; + + sm3_init (&hd, 0); + _gcry_md_block_write (&hd, buffer, length); + sm3_final (&hd); + memcpy (outbuf, hd.bctx.buf, 32); +} + + +/* Variant of the above shortcut function using multiple buffers. */ +void +_gcry_sm3_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt) +{ + SM3_CONTEXT hd; + + sm3_init (&hd, 0); + for (;iovcnt > 0; iov++, iovcnt--) + _gcry_md_block_write (&hd, + (const char*)iov[0].data + iov[0].off, iov[0].len); + sm3_final (&hd); + memcpy (outbuf, hd.bctx.buf, 32); +} + + + +/* + Self-test section. + */ + + +static gpg_err_code_t +selftests_sm3 (int extended, selftest_report_func_t report) +{ + const char *what; + const char *errtxt; + + what = "short string (spec example 1)"; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SM3, 0, + "abc", 3, + "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2" + "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0", 32); + if (errtxt) + goto failed; + + if (extended) + { + what = "long string (spec example 2)"; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SM3, 0, + "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", 64, + "\xde\xbe\x9f\xf9\x22\x75\xb8\xa1\x38\x60\x48\x89\xc1\x8e\x5a\x4d" + "\x6f\xdb\x70\xe5\x38\x7e\x57\x65\x29\x3d\xcb\xa3\x9c\x0c\x57\x32", + 32); + if (errtxt) + goto failed; + + what = "long string"; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SM3, 0, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56, + "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea" + "\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05", + 32); + if (errtxt) + goto failed; + + what = "one million \"a\""; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SM3, 1, + NULL, 0, + "\xc8\xaa\xf8\x94\x29\x55\x40\x29\xe2\x31\x94\x1a\x2a\xcc\x0a\xd6" + "\x1f\xf2\xa5\xac\xd8\xfa\xdd\x25\x84\x7a\x3a\x73\x2b\x3b\x02\xc3", + 32); + if (errtxt) + goto failed; + } + + return 0; /* Succeeded. */ + + failed: + if (report) + report ("digest", GCRY_MD_SM3, what, errtxt); + return GPG_ERR_SELFTEST_FAILED; +} + + +/* Run a full self-test for ALGO and return 0 on success. */ +static gpg_err_code_t +run_selftests (int algo, int extended, selftest_report_func_t report) +{ + gpg_err_code_t ec; + + switch (algo) + { + case GCRY_MD_SM3: + ec = selftests_sm3 (extended, report); + break; + default: + ec = GPG_ERR_DIGEST_ALGO; + break; + + } + return ec; +} + +gcry_md_spec_t _gcry_digest_spec_sm3 = + { + GCRY_MD_SM3, {0, 1}, + "SM3", NULL, 0, NULL, 32, + sm3_init, _gcry_md_block_write, sm3_final, sm3_read, NULL, + sizeof (SM3_CONTEXT), + run_selftests + }; diff --git a/configure.ac b/configure.ac index a2ac9ce..86035a4 100644 --- a/configure.ac +++ b/configure.ac @@ -198,6 +198,7 @@ enabled_pubkey_ciphers="" # Definitions for message digests. available_digests="crc gostr3411-94 md2 md4 md5 rmd160 sha1 sha256 sha512" available_digests="$available_digests sha3 tiger whirlpool stribog blake2" +available_digests="$available_digests sm3" enabled_digests="" # Definitions for kdfs (optional ones) @@ -2456,6 +2457,12 @@ case "${host}" in ;; esac +LIST_MEMBER(sm3, $enabled_digests) +if test "$found" = "1" ; then + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sm3.lo" + AC_DEFINE(USE_SM3, 1, [Defined if this module should be included]) +fi + LIST_MEMBER(scrypt, $enabled_kdfs) if test "$found" = "1" ; then GCRYPT_KDFS="$GCRYPT_KDFS scrypt.lo" diff --git a/src/cipher.h b/src/cipher.h index f2acb55..a6f257d 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -133,6 +133,12 @@ void _gcry_sha512_hash_buffer (void *outbuf, void _gcry_sha512_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt); +/*-- sm3.c --*/ +void _gcry_sm3_hash_buffer (void *outbuf, + const void *buffer, size_t length); +void _gcry_sm3_hash_buffers (void *outbuf, + const gcry_buffer_t *iov, int iovcnt); + /*-- blake2.c --*/ gcry_err_code_t _gcry_blake2_init_with_key(void *ctx, unsigned int flags, const unsigned char *key, @@ -326,6 +332,7 @@ extern gcry_md_spec_t _gcry_digest_spec_blake2s_256; extern gcry_md_spec_t _gcry_digest_spec_blake2s_224; extern gcry_md_spec_t _gcry_digest_spec_blake2s_160; extern gcry_md_spec_t _gcry_digest_spec_blake2s_128; +extern gcry_md_spec_t _gcry_digest_spec_sm3; /* Declarations for the pubkey cipher specifications. */ extern gcry_pk_spec_t _gcry_pubkey_spec_rsa; diff --git a/tests/basic.c b/tests/basic.c index 89b7917..c2b4208 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -7770,6 +7770,31 @@ check_digests (void) "\x0e\xfc\x29\xde" }, { GCRY_MD_BLAKE2S_128, "?", "\x70\x0b\x8a\x71\x1d\x34\x0a\xf0\x13\x93\x19\x93\x5e\xd7\x54\x9c" }, + + { GCRY_MD_SM3, "abc", + "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2" + "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0" }, + { GCRY_MD_SM3, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea" + "\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05" }, + { GCRY_MD_SM3, "!", + "\xc8\xaa\xf8\x94\x29\x55\x40\x29\xe2\x31\x94\x1a\x2a\xcc\x0a\xd6" + "\x1f\xf2\xa5\xac\xd8\xfa\xdd\x25\x84\x7a\x3a\x73\x2b\x3b\x02\xc3" }, + { GCRY_MD_SM3, "?", + "\x3a\x3f\x53\xfc\x96\xc2\xde\xb2\xd9\x12\x3a\x1b\xd8\x47\x71\x28" + "\xbc\x5d\x5e\x94\xea\x08\x86\x3d\xfb\xe4\x00\x5a\xd9\xed\x79\x26" }, + { GCRY_MD_SM3, + "Libgcrypt is free software; you can redistribute it and/or modif" + "y it under the terms of the GNU Lesser general Public License as" + " published by the Free Software Foundation; either version 2.1 o" + "f the License, or (at your option) any later version.\nLibgcrypt" + " is distributed in the hope that it will be useful, but WITHOUT " + "ANY WARRANTY; without even the implied warranty of MERCHANTABILI" + "TY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser Gene" + "ral Public License for more details.", + "\x8b\x91\x3f\x0e\x85\xae\x43\x25\x6d\x28\x38\x6c\x09\x5c\xc7\x72" + "\xcc\x2e\x78\x89\x7e\x2e\x4e\x5a\x3d\xf6\x55\xfe\x87\xbe\xa6\xbc" }, { 0 } }; gcry_error_t err; diff --git a/tests/hashtest-256g.in b/tests/hashtest-256g.in index 92b1c1b..a52b869 100755 --- a/tests/hashtest-256g.in +++ b/tests/hashtest-256g.in @@ -1,6 +1,6 @@ #!/bin/sh -algos="SHA1 SHA256 SHA512" +algos="SHA1 SHA256 SHA512 SM3" test "@RUN_LARGE_DATA_TESTS@" = yes || exit 77 echo " now running 256 GiB tests for $algos - this takes looong" diff --git a/tests/hashtest.c b/tests/hashtest.c index 2ecbc1f..3394594 100644 --- a/tests/hashtest.c +++ b/tests/hashtest.c @@ -102,6 +102,17 @@ static struct { "0c91b91665ceaf7af5102e0ed31aa4f050668ab3c57b1f4763946d567efe66b3" "ab9a2016cf238dee5b44eae9f0cdfbf7b7a6eb1e759986273243dc35894706b6" }, + { GCRY_MD_SM3, 256, -64, + "4ceb893abeb43965d4cac7626da9a4be895585b5b2f16f302626801308b1c02a" }, + { GCRY_MD_SM3, 256, -1, + "825f01e4f2b6084136abc356fa1b343a9411d844a4dc1474293aad817cd2a48f" }, + { GCRY_MD_SM3, 256, +0, + "d948a4025ac3ea0aa8989f43203411bd22ad17eaa5fd92ebdf9cabf869f1ba1b" }, + { GCRY_MD_SM3, 256, +1, + "4f6d0e260299c1f286ef1dbb4638a0770979f266b6c007c55410ee6849cba2a8" }, + { GCRY_MD_SM3, 256, +64, + "ed34869dbadd62e3bec1f511004d7bbfc9cafa965477cc48843b248293bbe867" }, + { 0 } }; ----------------------------------------------------------------------- Summary of changes: hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 24 11:11:40 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Oct 2017 11:11:40 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-17-g560d85e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 560d85ecff4246133d185dc29395f07c918b5556 (commit) via 016538d82867c40a21bc7cbf44ec386f4699077f (commit) from 9e3f2a7e0b7a8713084bbdd835bc5c65410a402f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 560d85ecff4246133d185dc29395f07c918b5556 Author: Werner Koch Date: Tue Oct 24 10:56:13 2017 +0200 gpg: Improve the "secret key available" notice in keyedit.c * g10/keyedit.c (KEYEDIT_NEED_SUBSK): New. (cmds): Add this flag to keytocard, bkuptocard, expire, and passwd. (keyedit_menu): Check whether only subkeys are available and take care of that in the command check and in the HELP listing. Also print a different notice if only subkeys are available. -- Print "Secret key is available" and the bailing out in all commands which require the _primary_ secret key was surprising. Now we print another notice and adjust the checks. GnuPG-bug-id: 3463 Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index 75c52af..4acb2de 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1223,6 +1223,8 @@ parse_sign_type (const char *str, int *localsig, int *nonrevokesig, /* Need an SK for this command */ #define KEYEDIT_NEED_SK 1 +/* Need an SUB KEY for this command */ +#define KEYEDIT_NEED_SUBSK 2 /* Match the tail of the string */ #define KEYEDIT_TAIL_MATCH 8 @@ -1288,9 +1290,9 @@ static struct #ifdef ENABLE_CARD_SUPPORT { "addcardkey", cmdADDCARDKEY, KEYEDIT_NEED_SK, N_("add a key to a smartcard")}, - { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK, + { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("move a key to a smartcard")}, - { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK, + { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("move a backup key to a smartcard")}, #endif /*ENABLE_CARD_SUPPORT */ { "delkey", cmdDELKEY, 0, N_("delete selected subkeys")}, @@ -1298,7 +1300,7 @@ static struct N_("add a revocation key")}, { "delsig", cmdDELSIG, 0, N_("delete signatures from the selected user IDs")}, - { "expire", cmdEXPIRE, KEYEDIT_NEED_SK, + { "expire", cmdEXPIRE, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("change the expiration date for the key or selected subkeys")}, { "primary", cmdPRIMARY, KEYEDIT_NEED_SK, N_("flag the selected user ID as primary")}, @@ -1313,9 +1315,9 @@ static struct N_("set the preferred keyserver URL for the selected user IDs")}, { "notation", cmdNOTATION, KEYEDIT_NEED_SK, N_("set a notation for the selected user IDs")}, - { "passwd", cmdPASSWD, KEYEDIT_NEED_SK, + { "passwd", cmdPASSWD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("change the passphrase")}, - { "password", cmdPASSWD, KEYEDIT_NEED_SK, NULL}, + { "password", cmdPASSWD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, NULL}, #ifndef NO_TRUST_MODELS { "trust", cmdTRUST, 0, N_("change the ownertrust")}, #endif /*!NO_TRUST_MODELS*/ @@ -1402,6 +1404,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, KBNODE keyblock = NULL; KEYDB_HANDLE kdbhd = NULL; int have_seckey = 0; + int have_anyseckey = 0; char *answer = NULL; int redisplay = 1; int modified = 0; @@ -1444,9 +1447,18 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, /* See whether we have a matching secret key. */ if (seckey_check) { - have_seckey = !agent_probe_any_secret_key (ctrl, keyblock); + have_anyseckey = !agent_probe_any_secret_key (ctrl, keyblock); + if (have_anyseckey + && !agent_probe_secret_key (ctrl, keyblock->pkt->pkt.public_key)) + { + /* The primary key is also available. */ + have_seckey = 1; + } + if (have_seckey && !quiet) - tty_printf (_("Secret key is available.\n")); + tty_printf (_("Secret key is available.\n")); + else if (have_anyseckey && !quiet) + tty_printf (_("Secret subkeys are available.\n")); } /* Main command loop. */ @@ -1544,12 +1556,14 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, else if (!ascii_strcasecmp (answer, cmds[i].name)) break; } - if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey) + if ((cmds[i].flags & (KEYEDIT_NEED_SK|KEYEDIT_NEED_SUBSK)) + && !(((cmds[i].flags & KEYEDIT_NEED_SK) && have_seckey) + || ((cmds[i].flags & KEYEDIT_NEED_SUBSK) && have_anyseckey))) { tty_printf (_("Need the secret key to do this.\n")); cmd = cmdNOP; } - else + else cmd = cmds[i].id; } @@ -1559,7 +1573,9 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, case cmdHELP: for (i = 0; cmds[i].name; i++) { - if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey) + if ((cmds[i].flags & (KEYEDIT_NEED_SK|KEYEDIT_NEED_SUBSK)) + && !(((cmds[i].flags & KEYEDIT_NEED_SK) && have_seckey) + ||((cmds[i].flags&KEYEDIT_NEED_SUBSK)&&have_anyseckey))) ; /* Skip those item if we do not have the secret key. */ else if (cmds[i].desc) tty_printf ("%-11s %s\n", cmds[i].name, _(cmds[i].desc)); commit 016538d82867c40a21bc7cbf44ec386f4699077f Author: Werner Koch Date: Tue Oct 24 09:31:49 2017 +0200 gpg: Remove unused flags from keyedit.c. * g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove. (cmds): Remove them. -- These flags were cruft from the time we had to switch between secret and public key view. Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index 38cdbce..75c52af 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1223,10 +1223,6 @@ parse_sign_type (const char *str, int *localsig, int *nonrevokesig, /* Need an SK for this command */ #define KEYEDIT_NEED_SK 1 -/* Cannot be viewing the SK for this command */ -#define KEYEDIT_NOT_SK 2 -/* Must be viewing the SK for this command */ -#define KEYEDIT_ONLY_SK 4 /* Match the tail of the string */ #define KEYEDIT_TAIL_MATCH 8 @@ -1268,12 +1264,12 @@ static struct { "key", cmdSELKEY, 0, N_("select subkey N")}, { "check", cmdCHECK, 0, N_("check signatures")}, { "c", cmdCHECK, 0, NULL}, - { "change-usage", cmdCHANGEUSAGE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "cross-certify", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "backsign", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "sign", cmdSIGN, KEYEDIT_NOT_SK | KEYEDIT_TAIL_MATCH, + { "change-usage", cmdCHANGEUSAGE, KEYEDIT_NEED_SK, NULL}, + { "cross-certify", cmdBACKSIGN, KEYEDIT_NEED_SK, NULL}, + { "backsign", cmdBACKSIGN, KEYEDIT_NEED_SK, NULL}, + { "sign", cmdSIGN, KEYEDIT_TAIL_MATCH, N_("sign selected user IDs [* see below for related commands]")}, - { "s", cmdSIGN, KEYEDIT_NOT_SK, NULL}, + { "s", cmdSIGN, 0, NULL}, /* "lsign" and friends will never match since "sign" comes first and it is a tail match. They are just here so they show up in the help menu. */ @@ -1282,62 +1278,62 @@ static struct { "nrsign", cmdNOP, 0, N_("sign selected user IDs with a non-revocable signature")}, { "debug", cmdDEBUG, 0, NULL}, - { "adduid", cmdADDUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a user ID")}, - { "addphoto", cmdADDPHOTO, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "adduid", cmdADDUID, KEYEDIT_NEED_SK, N_("add a user ID")}, + { "addphoto", cmdADDPHOTO, KEYEDIT_NEED_SK, N_("add a photo ID")}, - { "deluid", cmdDELUID, KEYEDIT_NOT_SK, N_("delete selected user IDs")}, + { "deluid", cmdDELUID, 0, N_("delete selected user IDs")}, /* delphoto is really deluid in disguise */ - { "delphoto", cmdDELUID, KEYEDIT_NOT_SK, NULL}, - { "addkey", cmdADDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a subkey")}, + { "delphoto", cmdDELUID, 0, NULL}, + { "addkey", cmdADDKEY, KEYEDIT_NEED_SK, N_("add a subkey")}, #ifdef ENABLE_CARD_SUPPORT - { "addcardkey", cmdADDCARDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "addcardkey", cmdADDCARDKEY, KEYEDIT_NEED_SK, N_("add a key to a smartcard")}, - { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK, + { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK, N_("move a key to a smartcard")}, - { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK, + { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK, N_("move a backup key to a smartcard")}, #endif /*ENABLE_CARD_SUPPORT */ - { "delkey", cmdDELKEY, KEYEDIT_NOT_SK, N_("delete selected subkeys")}, - { "addrevoker", cmdADDREVOKER, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "delkey", cmdDELKEY, 0, N_("delete selected subkeys")}, + { "addrevoker", cmdADDREVOKER, KEYEDIT_NEED_SK, N_("add a revocation key")}, - { "delsig", cmdDELSIG, KEYEDIT_NOT_SK, + { "delsig", cmdDELSIG, 0, N_("delete signatures from the selected user IDs")}, - { "expire", cmdEXPIRE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "expire", cmdEXPIRE, KEYEDIT_NEED_SK, N_("change the expiration date for the key or selected subkeys")}, - { "primary", cmdPRIMARY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "primary", cmdPRIMARY, KEYEDIT_NEED_SK, N_("flag the selected user ID as primary")}, { "toggle", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, /* Dummy command. */ { "t", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, - { "pref", cmdPREF, KEYEDIT_NOT_SK, N_("list preferences (expert)")}, - { "showpref", cmdSHOWPREF, KEYEDIT_NOT_SK, N_("list preferences (verbose)")}, - { "setpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "pref", cmdPREF, 0, N_("list preferences (expert)")}, + { "showpref", cmdSHOWPREF, 0, N_("list preferences (verbose)")}, + { "setpref", cmdSETPREF, KEYEDIT_NEED_SK, N_("set preference list for the selected user IDs")}, - { "updpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "keyserver", cmdPREFKS, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "updpref", cmdSETPREF, KEYEDIT_NEED_SK, NULL}, + { "keyserver", cmdPREFKS, KEYEDIT_NEED_SK, N_("set the preferred keyserver URL for the selected user IDs")}, - { "notation", cmdNOTATION, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "notation", cmdNOTATION, KEYEDIT_NEED_SK, N_("set a notation for the selected user IDs")}, - { "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "passwd", cmdPASSWD, KEYEDIT_NEED_SK, N_("change the passphrase")}, - { "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, + { "password", cmdPASSWD, KEYEDIT_NEED_SK, NULL}, #ifndef NO_TRUST_MODELS - { "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")}, + { "trust", cmdTRUST, 0, N_("change the ownertrust")}, #endif /*!NO_TRUST_MODELS*/ - { "revsig", cmdREVSIG, KEYEDIT_NOT_SK, + { "revsig", cmdREVSIG, 0, N_("revoke signatures on the selected user IDs")}, - { "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "revuid", cmdREVUID, KEYEDIT_NEED_SK, N_("revoke selected user IDs")}, - { "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "revphoto", cmdREVUID, KEYEDIT_NEED_SK, NULL}, + { "revkey", cmdREVKEY, KEYEDIT_NEED_SK, N_("revoke key or selected subkeys")}, #ifndef NO_TRUST_MODELS - { "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")}, - { "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")}, + { "enable", cmdENABLEKEY, 0, N_("enable key")}, + { "disable", cmdDISABLEKEY, 0, N_("disable key")}, #endif /*!NO_TRUST_MODELS*/ { "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")}, - { "clean", cmdCLEAN, KEYEDIT_NOT_SK, + { "clean", cmdCLEAN, 0, N_("compact unusable user IDs and remove unusable signatures from key")}, - { "minimize", cmdMINIMIZE, KEYEDIT_NOT_SK, + { "minimize", cmdMINIMIZE, 0, N_("compact unusable user IDs and remove all signatures from key")}, { NULL, cmdNONE, 0, NULL} ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 100 ++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 56 insertions(+), 44 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 24 12:09:28 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Oct 2017 12:09:28 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-18-g6e808ae Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 6e808ae4700dc5e95bf4cc2d5c063df582c234d0 (commit) from 560d85ecff4246133d185dc29395f07c918b5556 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6e808ae4700dc5e95bf4cc2d5c063df582c234d0 Author: Werner Koch Date: Tue Oct 24 12:01:07 2017 +0200 gpgconf: Ignore non-installed components with --apply-profile. * tools/gpgconf-comp.c (retrieve_options_from_program): Add arg only_installed. (gc_component_retrieve_options): Use this if we want to process all components. -- Note that this also also ignores them in --with-defaults. This is useful for systems which come without scdaemon. GnuPG-bug-id: 3313 Signed-off-by: Werner Koch diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index e6ef4f4..9ce752b 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -2085,9 +2085,12 @@ get_config_filename (gc_component_t component, gc_backend_t backend) /* Retrieve the options for the component COMPONENT from backend - BACKEND, which we already know is a program-type backend. */ + * BACKEND, which we already know is a program-type backend. With + * ONLY_INSTALLED set components which are not installed are silently + * ignored. */ static void -retrieve_options_from_program (gc_component_t component, gc_backend_t backend) +retrieve_options_from_program (gc_component_t component, gc_backend_t backend, + int only_installed) { gpg_error_t err; const char *pgmname; @@ -2107,6 +2110,11 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend) argv[0] = "--gpgconf-list"; argv[1] = NULL; + if (only_installed && access (pgmname, X_OK)) + { + return; /* The component is not installed. */ + } + err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0, NULL, &outfp, NULL, &pid); if (err) @@ -2378,7 +2386,7 @@ retrieve_options_from_file (gc_component_t component, gc_backend_t backend) /* Retrieve the currently active options and their defaults from all involved backends for this component. Using -1 for component will - retrieve all options from all components. */ + retrieve all options from all installed components. */ void gc_component_retrieve_options (int component) { @@ -2420,7 +2428,8 @@ gc_component_retrieve_options (int component) assert (backend != GC_BACKEND_ANY); if (gc_backend[backend].program) - retrieve_options_from_program (component, backend); + retrieve_options_from_program (component, backend, + process_all); else retrieve_options_from_file (component, backend); } ----------------------------------------------------------------------- Summary of changes: tools/gpgconf-comp.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 24 17:20:28 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Oct 2017 17:20:28 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-31-gf8e2d87 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f8e2d87532ef2db5eda9e4df397cfdd0800399dc (commit) from 28aa6890588cc108639951bb4bef03ac17743046 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f8e2d87532ef2db5eda9e4df397cfdd0800399dc Author: Werner Koch Date: Tue Oct 24 17:14:56 2017 +0200 Register DCO for Rainer Perske -- diff --git a/AUTHORS b/AUTHORS index 99bb0e2..dd86d53 100644 --- a/AUTHORS +++ b/AUTHORS @@ -215,6 +215,9 @@ Phil Pennock Phil Pennock 2017-01-19:20170119061225.GA26207 at breadbox.private.spodhuis.org: +Rainer Perske +2017-10-24:permail-2017102014511105be2aed00002fc6-perske at message-id.uni-muenster.de: + Other authors ============= ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 24 17:49:56 2017 From: cvs at cvs.gnupg.org (by Rainer Perske) Date: Tue, 24 Oct 2017 17:49:56 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-19-g1067403 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 1067403c8a7fb51decf30059e46901b5ee9f5b37 (commit) from 6e808ae4700dc5e95bf4cc2d5c063df582c234d0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1067403c8a7fb51decf30059e46901b5ee9f5b37 Author: Rainer Perske Date: Tue Oct 24 17:29:04 2017 +0200 sm: Do not expect X.509 keyids to be unique * sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it. * sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS (run_command_inq_cb): Ditto. * sm/gpgsm.c (main): Pass false. * sm/server.c (cmd_passwd): Pass false. -- As described in my report T1644, it is possible that multiple certificates exist with the same Distinguished Name and the same key. In this case, verifying S/MIME signatures and other actions fail with "certificate not found: Ambiguous name". For details see the bug report. To circumvent the problem, I am patching GnuPG since 2014 so that in this case the newest of the ambiguous certificates is used. This is not an ultimate solution of the problem: You should try every certificate with the same DN until verification succeeds or until all certificates fail, and if multiple certificates of a chain are ambiguous you even have to check every combination. You may even consider checking the keyUsage attributes of the ambiguous certificates to reduce the number of combinations. But in the existing case of the certificates in the German Research Network (DFN) PKI where the newest one is the valid one and all ambiguous certificates have the same keyUsage attributes, this patch has proven to be sufficient over the last three years. With every GnuPG update, I have adapted the patch, luckily I never needed to change anything except line numbers. GnuPG-bug-id: 1644 ChangeLog log written by wk, comment taken from mail. Signed-off line was missing in the plain diff. However the mail with the patch and the DCO posted as reply to that mail were both signed. Signed-off-by: Werner Koch diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 9301940..e943118 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -415,7 +415,7 @@ inq_certificate (void *opaque, const char *line) ksba_cert_t cert; - err = gpgsm_find_cert (parm->ctrl, line, ski, &cert); + err = gpgsm_find_cert (parm->ctrl, line, ski, &cert, 1); if (err) { log_error ("certificate not found: %s\n", gpg_strerror (err)); @@ -936,7 +936,7 @@ run_command_inq_cb (void *opaque, const char *line) if (!*line) return gpg_error (GPG_ERR_ASS_PARAMETER); - err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert); + err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert, 1); if (err) { log_error ("certificate not found: %s\n", gpg_strerror (err)); diff --git a/sm/certlist.c b/sm/certlist.c index 39ab03c..c9e275e 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -489,7 +489,8 @@ gpgsm_release_certlist (certlist_t list) subjectKeyIdentifier. */ int gpgsm_find_cert (ctrl_t ctrl, - const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert) + const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert, + int allow_ambiguous) { int rc; KEYDB_SEARCH_DESC desc; @@ -537,6 +538,16 @@ gpgsm_find_cert (ctrl_t ctrl, won't lead to ambiguous names. */ if (!rc && !keyid) { + ksba_isotime_t notbefore = ""; + const unsigned char *image = NULL; + size_t length = 0; + if (allow_ambiguous) + { + /* We want to return the newest certificate */ + if (ksba_cert_get_validity (*r_cert, 0, notbefore)) + *notbefore = '\0'; + image = ksba_cert_get_image (*r_cert, &length); + } next_ambiguous: rc = keydb_search (ctrl, kh, &desc, 1); if (rc == -1) @@ -546,6 +557,10 @@ gpgsm_find_cert (ctrl_t ctrl, if (!rc) { ksba_cert_t cert2 = NULL; + ksba_isotime_t notbefore2 = ""; + const unsigned char *image2 = NULL; + size_t length2 = 0; + int cmp = 0; if (!keydb_get_cert (kh, &cert2)) { @@ -554,6 +569,29 @@ gpgsm_find_cert (ctrl_t ctrl, ksba_cert_release (cert2); goto next_ambiguous; } + if (allow_ambiguous) + { + if (ksba_cert_get_validity (cert2, 0, notbefore2)) + *notbefore2 = '\0'; + image2 = ksba_cert_get_image (cert2, &length2); + cmp = strcmp (notbefore, notbefore2); + /* use certificate image bits as last resort for stable ordering */ + if (!cmp) + cmp = memcmp (image, image2, length < length2 ? length : length2); + if (!cmp) + cmp = length < length2 ? -1 : length > length2 ? 1 : 0; + if (cmp < 0) + { + ksba_cert_release (*r_cert); + *r_cert = cert2; + strcpy (notbefore, notbefore2); + image = image2; + length = length2; + } + else + ksba_cert_release (cert2); + goto next_ambiguous; + } ksba_cert_release (cert2); } rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME); diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 10eff0a..0feda90 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -2052,7 +2052,7 @@ main ( int argc, char **argv) ksba_cert_t cert = NULL; char *grip = NULL; - rc = gpgsm_find_cert (&ctrl, *argv, NULL, &cert); + rc = gpgsm_find_cert (&ctrl, *argv, NULL, &cert, 0); if (rc) ; else if (!(grip = gpgsm_get_keygrip_hexstring (cert))) diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 8c1f520..cd4fc99 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -328,7 +328,7 @@ int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, certlist_t *listaddr, int is_encrypt_to); void gpgsm_release_certlist (certlist_t list); int gpgsm_find_cert (ctrl_t ctrl, const char *name, ksba_sexp_t keyid, - ksba_cert_t *r_cert); + ksba_cert_t *r_cert, int allow_ambiguous); /*-- keylist.c --*/ gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names, diff --git a/sm/server.c b/sm/server.c index 64a3add..568e51b 100644 --- a/sm/server.c +++ b/sm/server.c @@ -1179,7 +1179,7 @@ cmd_passwd (assuan_context_t ctx, char *line) line = skip_options (line); - err = gpgsm_find_cert (ctrl, line, NULL, &cert); + err = gpgsm_find_cert (ctrl, line, NULL, &cert, 0); if (err) ; else if (!(grip = gpgsm_get_keygrip_hexstring (cert))) ----------------------------------------------------------------------- Summary of changes: sm/call-dirmngr.c | 4 ++-- sm/certlist.c | 40 +++++++++++++++++++++++++++++++++++++++- sm/gpgsm.c | 2 +- sm/gpgsm.h | 2 +- sm/server.c | 2 +- 5 files changed, 44 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 24 19:15:14 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Oct 2017 19:15:14 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-21-g812fe29 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 812fe29bff42cf7dbd07e0becc55b2ada340dd97 (commit) via e417aaf69817fcb4a73c38077853dc940a2deabc (commit) from 1067403c8a7fb51decf30059e46901b5ee9f5b37 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 812fe29bff42cf7dbd07e0becc55b2ada340dd97 Author: Werner Koch Date: Tue Oct 24 18:42:37 2017 +0200 build: New configure option --enable-werror * configure.ac: Implement that option. -- This can be used as a workaround in case of bogus autoconf tests. GnuPG-bug-id: 2423 Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 1f933a7..551c970 100644 --- a/configure.ac +++ b/configure.ac @@ -1666,6 +1666,17 @@ AC_ARG_ENABLE(optimization, fi]) # +# Add -Werror to CFLAGS. This hack can be used to avoid problems with +# misbehaving autoconf tests in case the user supplied -Werror. +# +AC_ARG_ENABLE(werror, + AC_HELP_STRING([--enable-werror], + [append -Werror to CFLAGS]), + [if test $enableval = yes ; then + CFLAGS="$CFLAGS -Werror" + fi]) + +# # Configure option --enable-all-tests # AC_MSG_CHECKING([whether "make check" shall run all tests]) commit e417aaf69817fcb4a73c38077853dc940a2deabc Author: Werner Koch Date: Tue Oct 24 18:34:28 2017 +0200 build: Do not mess with CFLAGS in configure. * configure.ac: Do not mess with the user provided CFLAGS. -- A problem was claimed with some configure tests if the user provided CFLAGS=-Werror. The commit introducing this Fixes-commit: 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8 does not mention a concrete case. Anyway, messing with CFLAGS is a bad idea because configure tests will then test something different than what is used later (cf. autoconf manual). Tests which depend on the whether -Werror is used needsto be fixed. Note that in certain cases we modify CFLAGS. This is only done for some configure options or if the platform requires the use of special compiler flags (e.g. on HP/UX). GnuPG-bug-id: 2423 diff --git a/configure.ac b/configure.ac index 70c1226..1f933a7 100644 --- a/configure.ac +++ b/configure.ac @@ -89,12 +89,6 @@ AB_INIT AC_GNU_SOURCE -# Before we do anything with the C compiler, we first save the user's -# CFLAGS (they are restored at the end of the configure script). This -# is because some configure checks don't work with -Werror, but we'd -# like to use -Werror with our build. -CFLAGS_orig=$CFLAGS -CFLAGS= # Some status variables. have_gpg_error=no @@ -1701,11 +1695,6 @@ if test x"$gnupg_builddir_envvar" = x"yes"; then fi # -# Add user CFLAGS. -# -CFLAGS="$CFLAGS $CFLAGS_orig" - -# # Decide what to build # ----------------------------------------------------------------------- Summary of changes: configure.ac | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Oct 24 21:23:31 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Oct 2017 21:23:31 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-22-g84af859 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 84af859e391a757877c9a1d78e35face983e6d23 (commit) from 812fe29bff42cf7dbd07e0becc55b2ada340dd97 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 84af859e391a757877c9a1d78e35face983e6d23 Author: Werner Koch Date: Tue Oct 24 21:11:38 2017 +0200 gpg: Avoid superfluous sig check info during import. * g10/key-check.c (print_info): New. (key_check_all_keysigs): Print sig checking results only in debug mode. Prettify the stats info and suppress them in quiet mode. -- This also makes usable stats by prefixing them with the key and the program name. GnuPG-bug-id: 3397 Signed-off-by: Werner Koch diff --git a/g10/key-check.c b/g10/key-check.c index d32067b..86b1e76 100644 --- a/g10/key-check.c +++ b/g10/key-check.c @@ -32,6 +32,27 @@ #include "key-check.h" + +/* Print PREFIX followed by TEXT. With mode > 0 use log_info, with + * mode < 0 use ttyio, else print to stdout. If TEXT is not NULL, it + * may be modified by this function. */ +static void +print_info (int mode, const char *prefix, char *text) +{ + char *p; + + if (!text) + text = ""; + else if ((p = strchr (text,'\n'))) + *p = 0; /* Strip LF. */ + + if (mode > 0) + log_info ("%s %s\n", prefix, text); + else + tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text); +} + + /* Order two signatures. The actual ordering isn't important. Our * goal is to ensure that identical signatures occur together. */ static int @@ -100,7 +121,6 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, int only_selected, int only_selfsigs) { gpg_error_t err; - estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; PKT_public_key *pk; KBNODE n, n_next, *n_prevp, n2; char *pending_desc = NULL; @@ -476,8 +496,9 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, has_selfsig = 1; } - if ((n2 && n2 != last_printed_component) - || (! n2 && last_printed_component != current_component)) + if (DBG_PACKET + && ((n2 && n2 != last_printed_component) + || (! n2 && last_printed_component != current_component))) { int is_reordered = n2 && n2 != current_component; if (n2) @@ -489,36 +510,34 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, ; else if (last_printed_component->pkt->pkttype == PKT_USER_ID) { - tty_fprintf (fp, "uid "); - tty_print_utf8_string2 (fp, - last_printed_component - ->pkt->pkt.user_id->name, - last_printed_component - ->pkt->pkt.user_id->len, 0); + log_debug ("uid "); + print_utf8_buffer (log_get_stream (), + last_printed_component + ->pkt->pkt.user_id->name, + last_printed_component + ->pkt->pkt.user_id->len); + log_flush (); } else if (last_printed_component->pkt->pkttype == PKT_PUBLIC_KEY) - tty_fprintf (fp, "pub %s", - pk_keyid_str (last_printed_component + log_debug ("pub %s\n", + pk_keyid_str (last_printed_component ->pkt->pkt.public_key)); else - tty_fprintf (fp, "sub %s", - pk_keyid_str (last_printed_component - ->pkt->pkt.public_key)); + log_debug ("sub %s\n", + pk_keyid_str (last_printed_component + ->pkt->pkt.public_key)); if (modified) { if (is_reordered) - tty_fprintf (fp, _(" (reordered signatures follow)")); - if (mode > 0) - log_printf ("\n"); - else - tty_fprintf (fp, "\n"); + log_debug ("%s\n", _(" (reordered signatures follow)")); } } - if (modified) - keyedit_print_one_sig (ctrl, fp, rc, kb, n, NULL, NULL, NULL, + if (DBG_PACKET && modified) + keyedit_print_one_sig (ctrl, log_get_stream (), + rc, kb, n, NULL, NULL, NULL, has_selfsig, 0, only_selfsigs); } @@ -624,32 +643,62 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, } } - if (dups || missing_issuer || bad_signature || reordered) - tty_fprintf (fp, _("key %s:\n"), pk_keyid_str (pk)); - - if (dups) - tty_fprintf (fp, - ngettext ("%d duplicate signature removed\n", - "%d duplicate signatures removed\n", dups), dups); - if (missing_issuer) - tty_fprintf (fp, - ngettext ("%d signature not checked due to a missing key\n", - "%d signatures not checked due to missing keys\n", - missing_issuer), missing_issuer); - if (bad_signature) - tty_fprintf (fp, - ngettext ("%d bad signature\n", - "%d bad signatures\n", - bad_signature), bad_signature); - if (reordered) - tty_fprintf (fp, - ngettext ("%d signature reordered\n", - "%d signatures reordered\n", - reordered), reordered); - - if (only_selfsigs && (bad_signature || reordered)) - tty_fprintf (fp, _("Warning: errors found and only checked self-signatures," - " run '%s' to check all signatures.\n"), "check"); + if (!opt.quiet) + { + char prefix[100]; + char *p; + + /* To avoid string changes in 2.2 we strip the LF here. */ + snprintf (prefix, sizeof prefix, _("key %s:\n"), pk_keyid_str (pk)); + p = strrchr (prefix, '\n'); + if (p) + *p = 0; + + if (dups) + { + p = xtryasprintf + (ngettext ("%d duplicate signature removed\n", + "%d duplicate signatures removed\n", dups), dups); + print_info (mode, prefix, p); + xfree (p); + } + + if (missing_issuer) + { + p = xtryasprintf + (ngettext ("%d signature not checked due to a missing key\n", + "%d signatures not checked due to missing keys\n", + missing_issuer), missing_issuer); + print_info (mode, prefix, p); + xfree (p); + } + if (bad_signature) + { + p = xtryasprintf (ngettext ("%d bad signature\n", + "%d bad signatures\n", + bad_signature), bad_signature); + print_info (mode, prefix, p); + xfree (p); + } + + if (reordered) + { + p = xtryasprintf (ngettext ("%d signature reordered\n", + "%d signatures reordered\n", + reordered), reordered); + print_info (mode, prefix, p); + xfree (p); + } + + if (only_selfsigs && (bad_signature || reordered)) + { + p = xtryasprintf + (_("Warning: errors found and only checked self-signatures," + " run '%s' to check all signatures.\n"), "check"); + print_info (mode, prefix, p); + xfree (p); + } + } return modified; } ----------------------------------------------------------------------- Summary of changes: g10/key-check.c | 143 +++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 96 insertions(+), 47 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Oct 25 05:06:27 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 25 Oct 2017 05:06:27 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-19-g94b8436 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 94b84360ca55c407222a3eb8222d8b1816fc617f (commit) from 4423bf3cc4432b9bfe801ff74cb05e6f0dd3eccd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 94b84360ca55c407222a3eb8222d8b1816fc617f Author: NIIBE Yutaka Date: Wed Oct 25 12:04:30 2017 +0900 Add OID information for SM3. * cipher/sm3.c (asn_sm3, oid_spec_sm3): New. (_gcry_digest_spec_sm3): Add asn_sm3, oid_spec_sm3. Signed-off-by: NIIBE Yutaka diff --git a/cipher/sm3.c b/cipher/sm3.c index f0c574a..ee5daf2 100644 --- a/cipher/sm3.c +++ b/cipher/sm3.c @@ -444,10 +444,23 @@ run_selftests (int algo, int extended, selftest_report_func_t report) return ec; } +static byte asn_sm3[] = /* Object ID is 1.2.156.10197.401 */ + { 0x30, 0x2F, 0x30, 0x0B, 0x06, 0x07, 0x2A, 0x81, + 0x1C, 0xCF, 0x55, 0x83, 0x11, 0x05, 0x00, 0x04, + 0x20 }; + +static gcry_md_oid_spec_t oid_spec_sm3[] = + { + /* China Electronics Standardization Instutute, + OID White paper (2015), Table 6 */ + { "1.2.156.10197.401" }, + { NULL }, + }; + gcry_md_spec_t _gcry_digest_spec_sm3 = { GCRY_MD_SM3, {0, 1}, - "SM3", NULL, 0, NULL, 32, + "SM3", asn_sm3, DIM (asn_sm3), oid_spec_sm3, 32, sm3_init, _gcry_md_block_write, sm3_final, sm3_read, NULL, sizeof (SM3_CONTEXT), run_selftests ----------------------------------------------------------------------- Summary of changes: cipher/sm3.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 26 04:28:50 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 26 Oct 2017 04:28:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-33-gbf26c08 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via bf26c08b95389718ba07f12789d372c6f438134f (commit) via 3549dce4f5a726f5350ac2f20d83ba9f84cc23b4 (commit) from f8e2d87532ef2db5eda9e4df397cfdd0800399dc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bf26c08b95389718ba07f12789d372c6f438134f Author: NIIBE Yutaka Date: Thu Oct 26 11:24:39 2017 +0900 agent, tests: Support --disable-scdaemon build case. * agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON. * tests/openpgp/defs.scm (create-gpghome): Likewise. * tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise. -- We could modify gpg-agent to remove all support of scdaemon, with no inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would not be worth to do that. GnuPG-bug-id: 3316 Signed-off-by: NIIBE Yutaka diff --git a/agent/command.c b/agent/command.c index 4016cc2..3b249b1 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1988,14 +1988,17 @@ static const char hlp_scd[] = static gpg_error_t cmd_scd (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); int rc; - +#ifdef BUILD_WITH_SCDAEMON + ctrl_t ctrl = assuan_get_pointer (ctx); if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); rc = divert_generic_cmd (ctrl, line, ctx); - +#else + (void)ctx; (void)line; + rc = gpg_error (GPG_ERR_NOT_SUPPORTED); +#endif return rc; } diff --git a/tests/gpgsm/gpgsm-defs.scm b/tests/gpgsm/gpgsm-defs.scm index d99d7da..c78a127 100644 --- a/tests/gpgsm/gpgsm-defs.scm +++ b/tests/gpgsm/gpgsm-defs.scm @@ -67,7 +67,9 @@ "faked-system-time 1008241200") (create-file "gpg-agent.conf" (string-append "pinentry-program " (tool 'pinentry)) - (string-append "scdaemon-program " (tool 'scdaemon)) + (if (assoc "scdaemon" gpg-components) + (string-append "scdaemon-program " (tool 'scdaemon)) + "# No scdaemon available") ) (start-agent) (create-file diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index f52f316..a6347fe 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -354,7 +354,9 @@ (if (flag "--extended-key-format" *args*) "enable-extended-key-format" "#enable-extended-key-format") (string-append "pinentry-program " (tool 'pinentry)) - (string-append "scdaemon-program " (tool 'scdaemon)) + (if (assoc "scdaemon" gpg-components) + (string-append "scdaemon-program " (tool 'scdaemon)) + "# No scdaemon available") )) ;; Initialize the test environment, install appropriate configuration commit 3549dce4f5a726f5350ac2f20d83ba9f84cc23b4 Author: NIIBE Yutaka Date: Thu Oct 26 11:19:45 2017 +0900 Fix comment of configure. * configure.ac (BUILD_WITH_DIRMNGR): Comment fix. Signed-off-by: NIIBE Yutaka diff --git a/configure.ac b/configure.ac index c479325..22f082e 100644 --- a/configure.ac +++ b/configure.ac @@ -1777,7 +1777,7 @@ if test "$build_scdaemon" = yes ; then AC_DEFINE(BUILD_WITH_SCDAEMON,1,[Defined if SCDAEMON is to be build]) fi if test "$build_dirmngr" = yes ; then - AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if SCDAEMON is to be build]) + AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if DIRMNGR is to be build]) fi if test "$build_g13" = yes ; then AC_DEFINE(BUILD_WITH_G13,1,[Defined if G13 is to be build]) ----------------------------------------------------------------------- Summary of changes: agent/command.c | 9 ++++++--- configure.ac | 2 +- tests/gpgsm/gpgsm-defs.scm | 4 +++- tests/openpgp/defs.scm | 4 +++- 4 files changed, 13 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 26 04:41:18 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 26 Oct 2017 04:41:18 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-24-g05cb872 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 05cb87276c21c3a47226c75026fa46a955553dd9 (commit) via b13972dfbf7224478652038725ab0d2cb41b7303 (commit) from 84af859e391a757877c9a1d78e35face983e6d23 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 05cb87276c21c3a47226c75026fa46a955553dd9 Author: NIIBE Yutaka Date: Thu Oct 26 11:24:39 2017 +0900 agent, tests: Support --disable-scdaemon build case. * agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON. * tests/openpgp/defs.scm (create-gpghome): Likewise. * tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise. -- We could modify gpg-agent to remove all support of scdaemon, with no inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would not be worth to do that. GnuPG-bug-id: 3316 Signed-off-by: NIIBE Yutaka diff --git a/agent/command.c b/agent/command.c index f2a6683..e20361a 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1988,14 +1988,17 @@ static const char hlp_scd[] = static gpg_error_t cmd_scd (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); int rc; - +#ifdef BUILD_WITH_SCDAEMON + ctrl_t ctrl = assuan_get_pointer (ctx); if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); rc = divert_generic_cmd (ctrl, line, ctx); - +#else + (void)ctx; (void)line; + rc = gpg_error (GPG_ERR_NOT_SUPPORTED); +#endif return rc; } diff --git a/tests/gpgsm/gpgsm-defs.scm b/tests/gpgsm/gpgsm-defs.scm index d99d7da..c78a127 100644 --- a/tests/gpgsm/gpgsm-defs.scm +++ b/tests/gpgsm/gpgsm-defs.scm @@ -67,7 +67,9 @@ "faked-system-time 1008241200") (create-file "gpg-agent.conf" (string-append "pinentry-program " (tool 'pinentry)) - (string-append "scdaemon-program " (tool 'scdaemon)) + (if (assoc "scdaemon" gpg-components) + (string-append "scdaemon-program " (tool 'scdaemon)) + "# No scdaemon available") ) (start-agent) (create-file diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index f52f316..a6347fe 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -354,7 +354,9 @@ (if (flag "--extended-key-format" *args*) "enable-extended-key-format" "#enable-extended-key-format") (string-append "pinentry-program " (tool 'pinentry)) - (string-append "scdaemon-program " (tool 'scdaemon)) + (if (assoc "scdaemon" gpg-components) + (string-append "scdaemon-program " (tool 'scdaemon)) + "# No scdaemon available") )) ;; Initialize the test environment, install appropriate configuration commit b13972dfbf7224478652038725ab0d2cb41b7303 Author: NIIBE Yutaka Date: Thu Oct 26 11:19:45 2017 +0900 Fix comment of configure. * configure.ac (BUILD_WITH_DIRMNGR): Comment fix. Signed-off-by: NIIBE Yutaka diff --git a/configure.ac b/configure.ac index 551c970..dc1fc1a 100644 --- a/configure.ac +++ b/configure.ac @@ -1754,7 +1754,7 @@ if test "$build_scdaemon" = yes ; then AC_DEFINE(BUILD_WITH_SCDAEMON,1,[Defined if SCDAEMON is to be build]) fi if test "$build_dirmngr" = yes ; then - AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if SCDAEMON is to be build]) + AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if DIRMNGR is to be build]) fi if test "$build_g13" = yes ; then AC_DEFINE(BUILD_WITH_G13,1,[Defined if G13 is to be build]) ----------------------------------------------------------------------- Summary of changes: agent/command.c | 9 ++++++--- configure.ac | 2 +- tests/gpgsm/gpgsm-defs.scm | 4 +++- tests/openpgp/defs.scm | 4 +++- 4 files changed, 13 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Oct 26 07:44:00 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 26 Oct 2017 07:44:00 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-34-g3b66a25 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3b66a256e3760e88066ca11b7b49d924e42aa46b (commit) from bf26c08b95389718ba07f12789d372c6f438134f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3b66a256e3760e88066ca11b7b49d924e42aa46b Author: NIIBE Yutaka Date: Thu Oct 26 14:40:38 2017 +0900 agent: Allow recursive use of pinentry. * agent/agent.h (struct server_control_s): Add pinentry_level. * agent/call-pinentry.c (agent_popup_message_stop): Not clear ENTRY_CTX here. (unlock_pinentry): Handle recursion. Clear ENTRY_CTX here. (start_pinentry): Allow recursive use. -- GnuPG-bug-id: 3190 Signed-off-by: NIIBE Yutaka diff --git a/agent/agent.h b/agent/agent.h index af64f33..78a3764 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -255,6 +255,9 @@ struct server_control_s /* The current S2K which might be different from the calibrated count. */ unsigned long s2k_count; + + /* Recursion level of pinentry. */ + int pinentry_level; }; diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 98af95a..ef76007 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -177,15 +177,19 @@ unlock_pinentry (gpg_error_t rc) } } - entry_ctx = NULL; - err = npth_mutex_unlock (&entry_lock); - if (err) + if (--entry_owner->pinentry_level == 0) { - log_error ("failed to release the entry lock: %s\n", strerror (err)); - if (!rc) - rc = gpg_error_from_errno (err); + entry_owner = NULL; + entry_ctx = NULL; + err = npth_mutex_unlock (&entry_lock); + if (err) + { + log_error ("failed to release the entry lock: %s\n", strerror (err)); + if (!rc) + rc = gpg_error_from_errno (err); + } + assuan_release (ctx); } - assuan_release (ctx); return rc; } @@ -288,6 +292,13 @@ start_pinentry (ctrl_t ctrl) char *flavor_version; int err; + if (entry_owner == ctrl) + { + /* Allow recursive use of pinentry. */ + ctrl->pinentry_level++; + return 0; + } + npth_clock_gettime (&abstime); abstime.tv_sec += LOCK_TIMEOUT; err = npth_mutex_timedlock (&entry_lock, &abstime); @@ -371,6 +382,10 @@ start_pinentry (ctrl_t ctrl) log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc)); return rc; } + + ctrl->pinentry_level = 1; + entry_ctx = ctx; + /* We don't want to log the pinentry communication to make the logs easier to read. We might want to add a new debug option to enable pinentry logging. */ @@ -382,17 +397,15 @@ start_pinentry (ctrl_t ctrl) that atfork is used to change the environment for pinentry. We start the server in detached mode to suppress the console window under Windows. */ - rc = assuan_pipe_connect (ctx, full_pgmname, argv, + rc = assuan_pipe_connect (entry_ctx, full_pgmname, argv, no_close_list, atfork_cb, ctrl, ASSUAN_PIPE_CONNECT_DETACHED); if (rc) { log_error ("can't connect to the PIN entry module '%s': %s\n", full_pgmname, gpg_strerror (rc)); - assuan_release (ctx); return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY)); } - entry_ctx = ctx; if (DBG_IPC) log_debug ("connection to PIN entry established\n"); @@ -1552,7 +1565,6 @@ agent_popup_message_stop (ctrl_t ctrl) /* Thread IDs are opaque, but we try our best here by resetting it to the same content that a static global variable has. */ memset (&popup_tid, '\0', sizeof (popup_tid)); - entry_owner = NULL; /* Now we can close the connection. */ unlock_pinentry (0); ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 3 +++ agent/call-pinentry.c | 34 +++++++++++++++++++++++----------- 2 files changed, 26 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 27 03:21:13 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 27 Oct 2017 03:21:13 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-35-gfb78286 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fb7828676cc2c01047498898378711e049f73fee (commit) from 3b66a256e3760e88066ca11b7b49d924e42aa46b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb7828676cc2c01047498898378711e049f73fee Author: NIIBE Yutaka Date: Fri Oct 27 09:54:48 2017 +0900 agent: Clean up pinentry access locking. * agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE. * agent/call-pinentry.c (entry_owner): Remove. (agent_reset_query): Use thread private object of PINENTRY_ACTIVE. (unlock_pinentry): Add CTRL to arguments to access thread private. Check and decrement PINENTRY_ACTIVE for recursive use. (start_pinentry): Check and increment PINENTRY_ACTIVE for recursion. (agent_askpin): Follow the change of unlock_pinentry API. (agent_get_passphrase, agent_get_confirmation): Likewise. (agent_show_message, agent_popup_message_start): Likewise. (agent_popup_message_stop, agent_clear_passphrase): Likewise. -- We use the member PINENTRY_ACTIVE as a thread private object. It's only valid for a single thread at a time. It would be possible to have a thread shared object of PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its owner (which is also a thread shared object). But, in this case, access to ENTRY_OWNER is tricky (only comparison to accessing thread would be OK with no lock), or we need to introduce another lock for accessing ENTRY_OWNER, which complicates the code too much. So, simply have a thread private object for recursive pinentry access. GnuPG-bug-id: 3190 Signed-off-by: NIIBE Yutaka diff --git a/agent/agent.h b/agent/agent.h index 78a3764..bf8d244 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -256,8 +256,9 @@ struct server_control_s count. */ unsigned long s2k_count; - /* Recursion level of pinentry. */ - int pinentry_level; + /* If pinentry is active for this thread. It can be more than 1, + when pinentry is called recursively. */ + int pinentry_active; }; diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index ef76007..af4eb06 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -67,12 +67,6 @@ static struct } entry_features; -/* The control variable of the connection owning the current pinentry. - This is only valid if ENTRY_CTX is not NULL. Note, that we care - only about the value of the pointer and that it should never be - dereferenced. */ -static ctrl_t entry_owner; - /* A mutex used to serialize access to the pinentry. */ static npth_mutex_t entry_lock; @@ -128,7 +122,7 @@ agent_query_dump_state (void) void agent_reset_query (ctrl_t ctrl) { - if (entry_ctx && popup_tid && entry_owner == ctrl) + if (entry_ctx && popup_tid && ctrl->pinentry_active) { agent_popup_message_stop (ctrl); } @@ -140,7 +134,7 @@ agent_reset_query (ctrl_t ctrl) stalled pinentry does not block other threads. Fixme: We should have a timeout in Assuan for the disconnect operation. */ static gpg_error_t -unlock_pinentry (gpg_error_t rc) +unlock_pinentry (ctrl_t ctrl, gpg_error_t rc) { assuan_context_t ctx = entry_ctx; int err; @@ -177,9 +171,8 @@ unlock_pinentry (gpg_error_t rc) } } - if (--entry_owner->pinentry_level == 0) + if (--ctrl->pinentry_active == 0) { - entry_owner = NULL; entry_ctx = NULL; err = npth_mutex_unlock (&entry_lock); if (err) @@ -292,10 +285,11 @@ start_pinentry (ctrl_t ctrl) char *flavor_version; int err; - if (entry_owner == ctrl) + if (ctrl->pinentry_active) { - /* Allow recursive use of pinentry. */ - ctrl->pinentry_level++; + /* It's trying to use pinentry recursively. In this situation, + the thread holds ENTRY_LOCK already. */ + ctrl->pinentry_active++; return 0; } @@ -313,8 +307,6 @@ start_pinentry (ctrl_t ctrl) return rc; } - entry_owner = ctrl; - if (entry_ctx) return 0; @@ -336,7 +328,7 @@ start_pinentry (ctrl_t ctrl) the Wine implementation does not flush stdin,stdout and stderr - see above. Let's try to ignore the error. */ #ifndef HAVE_W32_SYSTEM - return unlock_pinentry (tmperr); + return unlock_pinentry (ctrl, tmperr); #endif } @@ -383,7 +375,7 @@ start_pinentry (ctrl_t ctrl) return rc; } - ctrl->pinentry_level = 1; + ctrl->pinentry_active = 1; entry_ctx = ctx; /* We don't want to log the pinentry communication to make the logs @@ -404,7 +396,7 @@ start_pinentry (ctrl_t ctrl) { log_error ("can't connect to the PIN entry module '%s': %s\n", full_pgmname, gpg_strerror (rc)); - return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY)); + return unlock_pinentry (ctrl, gpg_error (GPG_ERR_NO_PIN_ENTRY)); } if (DBG_IPC) @@ -415,65 +407,65 @@ start_pinentry (ctrl_t ctrl) { char *optstr; if (asprintf (&optstr, "OPTION pinentry-user-data=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, opt.no_grab? "OPTION no-grab":"OPTION grab", NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); value = session_env_getenv (ctrl->session_env, "GPG_TTY"); if (value) { char *optstr; if (asprintf (&optstr, "OPTION ttyname=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } value = session_env_getenv (ctrl->session_env, "TERM"); if (value) { char *optstr; if (asprintf (&optstr, "OPTION ttytype=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (ctrl->lc_ctype) { char *optstr; if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (ctrl->lc_messages) { char *optstr; if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -489,7 +481,7 @@ start_pinentry (ctrl_t ctrl) rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (opt.allow_emacs_pinentry) @@ -499,7 +491,7 @@ start_pinentry (ctrl_t ctrl) rc = assuan_transact (entry_ctx, "OPTION allow-emacs-prompt", NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -537,7 +529,7 @@ start_pinentry (ctrl_t ctrl) if (*s == '|' && (s2=strchr (s+1,'|'))) s = s2+1; if (asprintf (&optstr, "OPTION default-%s=%s", tbl[idx].key, s) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); @@ -665,8 +657,8 @@ start_pinentry (ctrl_t ctrl) rc = agent_inq_pinentry_launched (ctrl, pinentry_pid, flavor_version); if (gpg_err_code (rc) == GPG_ERR_CANCELED || gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) - return unlock_pinentry (gpg_err_make (GPG_ERR_SOURCE_DEFAULT, - gpg_err_code (rc))); + return unlock_pinentry (ctrl, gpg_err_make (GPG_ERR_SOURCE_DEFAULT, + gpg_err_code (rc))); rc = 0; } @@ -1036,18 +1028,18 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); build_cmd_setdesc (line, DIM(line), desc_text); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); snprintf (line, DIM(line), "SETPROMPT %s", prompt_text? prompt_text : is_pin? L_("PIN:") : L_("Passphrase:")); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); /* If a passphrase quality indicator has been requested and a minimum passphrase length has not been disabled, send the command @@ -1056,7 +1048,7 @@ agent_askpin (ctrl_t ctrl, { rc = setup_qualitybar (ctrl); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (initial_errtext) @@ -1065,7 +1057,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (pininfo->with_repeat) @@ -1096,7 +1088,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); errtext = NULL; } @@ -1106,7 +1098,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); @@ -1134,7 +1126,7 @@ agent_askpin (ctrl_t ctrl, errtext = is_pin? L_("PIN too long") : L_("Passphrase too long"); else if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (!errtext && pininfo->min_digits) { @@ -1160,7 +1152,7 @@ agent_askpin (ctrl_t ctrl, || gpg_err_code (rc) == GPG_ERR_BAD_PIN) errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); else if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (!errtext) @@ -1168,7 +1160,7 @@ agent_askpin (ctrl_t ctrl, if (pininfo->with_repeat && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED)) pininfo->repeat_okay = 1; - return unlock_pinentry (0); /* okay, got a PIN or passphrase */ + return unlock_pinentry (ctrl, 0); /* okay, got a PIN or passphrase */ } if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) @@ -1177,7 +1169,7 @@ agent_askpin (ctrl_t ctrl, pininfo->failed_tries --; } - return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN + return unlock_pinentry (ctrl, gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN : GPG_ERR_BAD_PASSPHRASE)); } @@ -1243,7 +1235,7 @@ agent_get_passphrase (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (desc) @@ -1252,18 +1244,18 @@ agent_get_passphrase (ctrl_t ctrl, snprintf (line, DIM(line), "RESET"); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); snprintf (line, DIM(line), "SETPROMPT %s", prompt); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (with_qualitybar && opt.min_passphrase_len) { rc = setup_qualitybar (ctrl); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (errtext) @@ -1271,14 +1263,14 @@ agent_get_passphrase (ctrl_t ctrl, snprintf (line, DIM(line), "SETERROR %s", errtext); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } memset (&parm, 0, sizeof parm); parm.size = ASSUAN_LINELENGTH/2 - 5; parm.buffer = gcry_malloc_secure (parm.size+10); if (!parm.buffer) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); @@ -1302,7 +1294,7 @@ agent_get_passphrase (ctrl_t ctrl, xfree (parm.buffer); else *retpass = parm.buffer; - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1346,7 +1338,7 @@ agent_get_confirmation (ctrl_t ctrl, rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok) { @@ -1354,7 +1346,7 @@ agent_get_confirmation (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (notok) { @@ -1377,7 +1369,7 @@ agent_get_confirmation (ctrl_t ctrl, NULL, NULL, NULL, NULL, NULL, NULL); } if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, "CONFIRM", @@ -1385,7 +1377,7 @@ agent_get_confirmation (ctrl_t ctrl, if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1419,7 +1411,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok_btn) { @@ -1427,7 +1419,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL, @@ -1435,7 +1427,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1483,19 +1475,19 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn) snprintf (line, DIM(line), "RESET"); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok_btn) { snprintf (line, DIM(line), "SETOK %s", ok_btn); rc = assuan_transact (entry_ctx, line, NULL,NULL,NULL,NULL,NULL,NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } err = npth_attr_init (&tattr); if (err) - return unlock_pinentry (gpg_error_from_errno (err)); + return unlock_pinentry (ctrl, gpg_error_from_errno (err)); npth_attr_setdetachstate (&tattr, NPTH_CREATE_JOINABLE); popup_finished = 0; @@ -1506,7 +1498,7 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = gpg_error_from_errno (err); log_error ("error spawning popup message handler: %s\n", strerror (err) ); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } npth_setname_np (popup_tid, "popup-message"); @@ -1567,7 +1559,7 @@ agent_popup_message_stop (ctrl_t ctrl) memset (&popup_tid, '\0', sizeof (popup_tid)); /* Now we can close the connection. */ - unlock_pinentry (0); + unlock_pinentry (ctrl, 0); } int @@ -1593,5 +1585,5 @@ agent_clear_passphrase (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 5 ++- agent/call-pinentry.c | 122 +++++++++++++++++++++++--------------------------- 2 files changed, 60 insertions(+), 67 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Oct 27 14:14:17 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 27 Oct 2017 14:14:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-57-gf6ab97f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f6ab97fd9620bb8f512ffb471a66e5f96098a7cc (commit) via 05cb87276c21c3a47226c75026fa46a955553dd9 (commit) via b13972dfbf7224478652038725ab0d2cb41b7303 (commit) via 84af859e391a757877c9a1d78e35face983e6d23 (commit) via 812fe29bff42cf7dbd07e0becc55b2ada340dd97 (commit) via e417aaf69817fcb4a73c38077853dc940a2deabc (commit) via 1067403c8a7fb51decf30059e46901b5ee9f5b37 (commit) via 6e808ae4700dc5e95bf4cc2d5c063df582c234d0 (commit) via 560d85ecff4246133d185dc29395f07c918b5556 (commit) via 016538d82867c40a21bc7cbf44ec386f4699077f (commit) via 9e3f2a7e0b7a8713084bbdd835bc5c65410a402f (commit) via 44fb3fbc85b32552c91f32f099b6b246c12ce0cc (commit) via 2c7dccca9b617780a3ea760adf460bb3b77f90f3 (commit) via 68c8619114fd5f24cb6bfb9e0f25c428a8805323 (commit) via 1ba308aa0356a57c21c4c8c2dac75b4d62b8aac3 (commit) via d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb (commit) via 7c73db3d31c6457dfbdc82a8dc89951c023f0603 (commit) via 8448347b5bdee56e6f9938a93ea92fe4d3c8800c (commit) via 752cae6dd2ee8982a34c796a3f168ae538f7938c (commit) via 1bf5cbd3ef01b7f5fdcfa30c882047b924dcf3f0 (commit) via b509d81cab030cca6abf0d878e1fc884eda344e6 (commit) via e725c4d65335d18dea6b855726ee7c57afd4a60a (commit) from fb7828676cc2c01047498898378711e049f73fee (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f6ab97fd9620bb8f512ffb471a66e5f96098a7cc Merge: fb78286 05cb872 Author: Werner Koch Date: Fri Oct 27 13:56:15 2017 +0200 Merge branch 'STABLE-BRANCH-2-2' into master -- Resolved Conflicts: configure.ac - Adjust due to new log_clock otions diff --cc configure.ac index 22f082e,dc1fc1a..ebd0c2f --- a/configure.ac +++ b/configure.ac @@@ -1680,19 -1666,15 +1674,28 @@@ AC_ARG_ENABLE(optimization fi]) # +# log_debug has certain requirements which might hamper portability. +# Thus we use an option to enable it. +# +AC_MSG_CHECKING([whether to enable log_clock]) +AC_ARG_ENABLE(log_clock, + AC_HELP_STRING([--enable-log-clock], + [enable log_clock timestamps]), + enable_log_clock=$enableval, enable_log_clock=no) +AC_MSG_RESULT($enable_log_clock) +if test "$enable_log_clock" = yes ; then + AC_DEFINE(ENABLE_LOG_CLOCK,1,[Defined to use log_clock timestamps]) +fi + + # Add -Werror to CFLAGS. This hack can be used to avoid problems with + # misbehaving autoconf tests in case the user supplied -Werror. + # + AC_ARG_ENABLE(werror, + AC_HELP_STRING([--enable-werror], + [append -Werror to CFLAGS]), + [if test $enableval = yes ; then + CFLAGS="$CFLAGS -Werror" + fi]) # # Configure option --enable-all-tests ----------------------------------------------------------------------- Summary of changes: configure.ac | 20 +++---- dirmngr/ks-engine-http.c | 10 ++-- doc/gpg.texi | 3 +- doc/gpgv.texi | 2 +- g10/import.c | 5 +- g10/key-check.c | 143 +++++++++++++++++++++++++++++++---------------- g10/keyedit.c | 100 ++++++++++++++++++--------------- g10/keygen.c | 3 + g10/trust.c | 20 +++++++ sm/call-dirmngr.c | 4 +- sm/certlist.c | 40 ++++++++++++- sm/gpgsm.c | 2 +- sm/gpgsm.h | 2 +- sm/server.c | 2 +- tools/gpgconf-comp.c | 17 ++++-- 15 files changed, 253 insertions(+), 120 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Oct 30 06:18:48 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 30 Oct 2017 06:18:48 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.1-58-gd63b796 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d63b7966cdd72548c60466c620de5cd6104a779e (commit) from f6ab97fd9620bb8f512ffb471a66e5f96098a7cc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d63b7966cdd72548c60466c620de5cd6104a779e Author: NIIBE Yutaka Date: Mon Oct 30 11:59:11 2017 +0900 g10: Simplify "factory-reset" procedure. * g10/card-util.c (factory_reset): Simplify. -- In this summer, I got report about old code before this change didn't work with newer Yubikey. I got another report test version of OpenPGP card V3.3 implementation didn't work, either. Then, I confirmed that according to the OpenPGP card specification, the procedure of old code is not expected by its author. This change simplify "factory-reset" as simple. Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this change. That's because the factory-reset feature of Gnuk was introduced by reading the implementation of GnuPG, instead of reading the specification. Gnuk 1.2.5 and later works well. All OpenPGPcard implementations I have work well (2.0, 2.1, 2.2, test version of 3). GnuPG-bug-id: 3286 Signed-off-by: NIIBE Yutaka diff --git a/g10/card-util.c b/g10/card-util.c index 790f95e..dae11b0 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1729,9 +1729,6 @@ factory_reset (void) scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 e6 00 00 - scd reset - scd serialno undefined - scd apdu 00 A4 04 00 06 D2 76 00 01 24 01 scd apdu 00 44 00 00 /echo Card has been reset to factory defaults @@ -1806,17 +1803,6 @@ factory_reset (void) goto leave; } - /* The card is in termination state - reset and select again. */ - err = send_apdu (NULL, "RESET", 0); - if (err) - goto leave; - err = send_apdu ("undefined", "dummy select", 0); - if (err) - goto leave; - - /* Select the OpenPGP application. (no error checking here). */ - send_apdu ("00A4040006D27600012401", "SELECT AID", 0xffff); - /* Send activate datafile command. This is used without confirmation if the card is already in termination state. */ err = send_apdu ("00440000", "ACTIVATE DF", 0); ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 14 -------------- 1 file changed, 14 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org