[git] GnuPG - branch, master, updated. gnupg-2.2.1-20-gecbbafb
by Werner Koch
cvs at cvs.gnupg.org
Wed Sep 27 10:01:30 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38 (commit)
via 76c80021d4da0755dbb04bd5d42f32015cba0b9a (commit)
via 6aa4478c78cb34cf3d0ae5c752525110947bd247 (commit)
from cd2d758f3f9e0007ecd6bae9d2ee0d631773e237 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38
Author: Werner Koch <wk at gnupg.org>
Date: Wed Sep 27 09:42:13 2017 +0200
gpg: Prepare for a longer fingerprint
* g10/card-util.c (change_cafpr): Use MAX_FINGERPRINT_LEN.
* g10/cipher.c (write_header): Use snprintf.
* g10/gpg.h (MAX_FINGERPRINT_LEN): Change to 32.
(MAX_FORMATTED_FINGERPRINT_LEN): Change to 59
* g10/keyid.c (format_hexfingerprint): Add v5 fingerprint format.
* g10/tofu.c (get_policy): Use MAX_FINGERPRINT_LEN for the buffer but
keep the raw length for now.
--
Note that this patch only increases the size of the buffer and adds a
new formatting for v5 fingerprints. Moe work is required to fix
internal data structures like those in trustdb.gpg and the tofu
tables.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/card-util.c b/g10/card-util.c
index 62b2a67..790f95e 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1121,7 +1121,8 @@ change_cafpr (int fprno)
char *data;
const char *s;
int i, c, rc;
- unsigned char fpr[20];
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
+ int fprlen;
data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: "));
if (!data)
@@ -1129,7 +1130,7 @@ change_cafpr (int fprno)
trim_spaces (data);
cpr_kill_prompt ();
- for (i=0, s=data; i < 20 && *s; )
+ for (i=0, s=data; i < MAX_FINGERPRINT_LEN && *s; )
{
while (spacep(s))
s++;
@@ -1143,8 +1144,9 @@ change_cafpr (int fprno)
fpr[i++] = c;
s += 2;
}
+ fprlen = i;
xfree (data);
- if (i != 20 || *s)
+ if ((fprlen != 20 && fprlen != 32) || *s)
{
tty_printf (_("Error: invalid formatted fingerprint.\n"));
return -1;
@@ -1152,7 +1154,7 @@ change_cafpr (int fprno)
rc = agent_scd_setattr (fprno==1?"CA-FPR-1":
fprno==2?"CA-FPR-2":
- fprno==3?"CA-FPR-3":"x", fpr, 20, NULL );
+ fprno==3?"CA-FPR-3":"x", fpr, fprlen, NULL );
if (rc)
log_error ("error setting cafpr: %s\n", gpg_strerror (rc));
write_sc_op_status (rc);
diff --git a/g10/cipher.c b/g10/cipher.c
index 655937f..7031d93 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -66,7 +66,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
{
char buf[20];
- sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo);
+ snprintf (buf, sizeof buf, "%d %d", ed.mdc_method, cfx->dek->algo);
write_status_text (STATUS_BEGIN_ENCRYPTION, buf);
}
diff --git a/g10/gpg.h b/g10/gpg.h
index 9b8b77c..03fe384 100644
--- a/g10/gpg.h
+++ b/g10/gpg.h
@@ -38,14 +38,15 @@
#define MAX_EXTERN_MPI_BITS 16384
/* The maximum length of a binary fingerprints. This is used to
- provide a static buffer and will be increased if we need to support
- longer fingerprints.
- Warning: At some places we still use 20 instead of this macro. */
-#define MAX_FINGERPRINT_LEN 20
+ * provide a static buffer and will be increased if we need to support
+ * longer fingerprints. Warning: At some places we have some
+ * assumption on a 20 byte fingerprint.
+ * Watch out for FIXME(fingerprint) */
+#define MAX_FINGERPRINT_LEN 32
/* The maximum length of a formatted fingerprint as returned by
- format_hexfingerprint(). */
-#define MAX_FORMATTED_FINGERPRINT_LEN 50
+ * format_hexfingerprint(). */
+#define MAX_FORMATTED_FINGERPRINT_LEN 59
/*
diff --git a/g10/keyid.c b/g10/keyid.c
index de38580..78a5b0b 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -835,8 +835,22 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
/* Half way through we add a second space. */
+ 1);
}
+ else if (hexlen == 64 || hexlen == 50) /* v5 fingerprint */
+ {
+ /* The v5 fingerprint is commonly printed truncated to 25
+ * octets. We accept the truncated as well as the full hex
+ * version here and format it like this:
+ * B2CCB6 838332 5D61BA C50F9F 5E CD21A8 0AC8C5 2565C8 C52565
+ */
+ hexlen = 50;
+ space = 8 * 6 + 2 + 8 + 1;
+ }
else /* Other fingerprint versions - print as is. */
{
+ /* We truncated here so that we do not need to provide a buffer
+ * of a length which is in reality never used. */
+ if (hexlen > MAX_FORMATTED_FINGERPRINT_LEN - 1)
+ hexlen = MAX_FORMATTED_FINGERPRINT_LEN - 1;
space = hexlen + 1;
}
@@ -849,7 +863,7 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
{
for (i = 0, j = 0; i < 40; i ++)
{
- if (i && i % 4 == 0)
+ if (i && !(i % 4))
buffer[j ++] = ' ';
if (i == 40 / 2)
buffer[j ++] = ' ';
@@ -859,9 +873,29 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
buffer[j ++] = 0;
log_assert (j == space);
}
+ else if (hexlen == 50) /* v5 fingerprint */
+ {
+ for (i=j=0; i < 24; i++)
+ {
+ if (i && !(i % 6))
+ buffer[j++] = ' ';
+ buffer[j++] = fingerprint[i];
+ }
+ buffer[j++] = ' ';
+ buffer[j++] = fingerprint[i++];
+ buffer[j++] = fingerprint[i++];
+ for (; i < 50; i++)
+ {
+ if (!((i-26) % 6))
+ buffer[j++] = ' ';
+ buffer[j++] = fingerprint[i];
+ }
+ buffer[j++] = 0;
+ log_assert (j == space);
+ }
else
{
- strcpy (buffer, fingerprint);
+ mem2str (buffer, fingerprint, space);
}
return buffer;
diff --git a/g10/keylist.c b/g10/keylist.c
index 86d1c56..dccae91 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1906,6 +1906,9 @@ print_card_serialno (const char *serialno)
* pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
* 80615870F5BAD690333686D0F2AD85AC1E42B367
*
+ * pub rsa2048 2017-12-31 [SC] [expires: 2028-12-31]
+ * 80615870F5BAD690333686D0F2AD85AC1E42B3671122334455
+ *
* Some global options may result in a different output format. If
* SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
* depending on the value a flag character is shown:
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 63c38a6..f8e366b 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -233,7 +233,7 @@ check_signature2 (ctrl_t ctrl,
unsigned char *p, *buffer;
size_t n, nbytes;
int i;
- char hashbuf[20];
+ char hashbuf[20]; /* We use SHA-1 here. */
nbytes = 6;
for (i=0; i < nsig; i++ )
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index 5ea903f..37bf78b 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -129,7 +129,7 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
char *p;
size_t n, fprlen;
unsigned int otrust;
- byte fpr[20];
+ byte fpr[MAX_FINGERPRINT_LEN];
int any = 0;
int rc;
@@ -171,7 +171,7 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
continue;
}
fprlen = p - line;
- if( fprlen != 32 && fprlen != 40 ) {
+ if( fprlen != 32 && fprlen != 40 && fprlen != 64) {
log_error (_("error in '%s': %s\n"),
fname, _("invalid fingerprint") );
continue;
@@ -183,10 +183,12 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
}
if( !otrust )
continue; /* no otrust defined - no need to update or insert */
- /* convert the ascii fingerprint to binary */
- for(p=line, fprlen=0; fprlen < 20 && *p != ':'; p += 2 )
- fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
- while (fprlen < 20)
+ /* Convert the ascii fingerprint to binary */
+ for(p=line, fprlen=0;
+ fprlen < MAX_FINGERPRINT_LEN && *p != ':';
+ p += 2 )
+ fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
+ while (fprlen < MAX_FINGERPRINT_LEN)
fpr[fprlen++] = 0;
rc = tdbio_search_trust_byfpr (fpr, &rec);
diff --git a/g10/tofu.c b/g10/tofu.c
index c183fc6..ddd7f8c 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2469,10 +2469,11 @@ get_policy (ctrl_t ctrl, tofu_dbs_t dbs, PKT_public_key *pk,
/* See if the key is signed by an ultimately trusted key. */
{
int fingerprint_raw_len = strlen (fingerprint) / 2;
- char fingerprint_raw[20];
+ char fingerprint_raw[MAX_FINGERPRINT_LEN];
int len = 0;
- if (fingerprint_raw_len != sizeof fingerprint_raw
+ /* FIXME(fingerprint) */
+ if (fingerprint_raw_len != 20 /*sizeof fingerprint_raw */
|| ((len = hex2bin (fingerprint,
fingerprint_raw, fingerprint_raw_len))
!= strlen (fingerprint)))
commit 76c80021d4da0755dbb04bd5d42f32015cba0b9a
Author: Werner Koch <wk at gnupg.org>
Date: Wed Sep 27 09:33:14 2017 +0200
common: Add constant KEYGRIP_LEN.
* common/util.h (KEYGRIP_LEN): New.
* g10/call-agent.c (agent_probe_any_secret_key): Use that constant.
* g10/keyid.c (keygrip_from_pk): Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/util.h b/common/util.h
index c6d19c6..f372281 100644
--- a/common/util.h
+++ b/common/util.h
@@ -59,6 +59,11 @@
/* Hash function used with libksba. */
#define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
+/* The length of the keygrip. This is a SHA-1 hash of the key
+ * parameters as generated by gcry_pk_get_keygrip. */
+#define KEYGRIP_LEN 20
+
+
/* Get all the stuff from jnlib. */
#include "../common/logging.h"
#include "../common/argparse.h"
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 3874ac1..684771b 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1474,7 +1474,7 @@ agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
char *p;
kbnode_t kbctx, node;
int nkeys;
- unsigned char grip[20];
+ unsigned char grip[KEYGRIP_LEN];
err = start_agent (ctrl, 0);
if (err)
diff --git a/g10/keyid.c b/g10/keyid.c
index c519bc5..de38580 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -959,18 +959,18 @@ gpg_error_t
hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip)
{
gpg_error_t err;
- unsigned char grip[20];
+ unsigned char grip[KEYGRIP_LEN];
*r_grip = NULL;
err = keygrip_from_pk (pk, grip);
if (!err)
{
- char * buf = xtrymalloc (20*2+1);
+ char * buf = xtrymalloc (KEYGRIP_LEN * 2 + 1);
if (!buf)
err = gpg_error_from_syserror ();
else
{
- bin2hex (grip, 20, buf);
+ bin2hex (grip, KEYGRIP_LEN, buf);
*r_grip = buf;
}
}
commit 6aa4478c78cb34cf3d0ae5c752525110947bd247
Author: Werner Koch <wk at gnupg.org>
Date: Wed Sep 27 07:58:02 2017 +0200
gpg: Let --debug clock time sign and verify.
* configure.ac (ENABLE_LOG_CLOCK): New ac_define and option.
* common/logging.c (log_clock): Use ENABLE_LOG_CLOCK to enable
timestamp printing.
* g10/call-agent.c (agent_pksign): Time signing.
* g10/sig-check.c (check_signature_end_simple): Time verification.
--
Timing for verification is limited to data signatures because this is
the most common thing to evaluate. We should consider to change
log_clock to printf style so that we could print the signature class
and other info.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/logging.c b/common/logging.c
index c4eaca4..82b21e2 100644
--- a/common/logging.c
+++ b/common/logging.c
@@ -1039,11 +1039,11 @@ log_printsexp () {}
is found in sexputils.c
*/
-
+/* Print a microsecond timestamp followed by STRING. */
void
log_clock (const char *string)
{
-#if 0
+#if ENABLE_LOG_CLOCK
static unsigned long long initial;
struct timespec tv;
unsigned long long now;
@@ -1060,10 +1060,10 @@ log_clock (const char *string)
initial = now;
log_debug ("[%6llu] %s", (now - initial)/1000, string);
-#else
- /* You need to link with -ltr to enable the above code. */
- log_debug ("[not enabled in the source] %s", string);
-#endif
+#else /*!ENABLE_LOG_CLOCK*/
+ /* You may need to link with -ltr to use the above code. */
+ log_debug ("[not enabled by configure] %s", string);
+#endif /*!ENABLE_LOG_CLOCK*/
}
diff --git a/configure.ac b/configure.ac
index b43cb60..c479325 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1680,6 +1680,21 @@ AC_ARG_ENABLE(optimization,
fi])
#
+# log_debug has certain requirements which might hamper portability.
+# Thus we use an option to enable it.
+#
+AC_MSG_CHECKING([whether to enable log_clock])
+AC_ARG_ENABLE(log_clock,
+ AC_HELP_STRING([--enable-log-clock],
+ [enable log_clock timestamps]),
+ enable_log_clock=$enableval, enable_log_clock=no)
+AC_MSG_RESULT($enable_log_clock)
+if test "$enable_log_clock" = yes ; then
+ AC_DEFINE(ENABLE_LOG_CLOCK,1,[Defined to use log_clock timestamps])
+fi
+
+
+#
# Configure option --enable-all-tests
#
AC_MSG_CHECKING([whether "make check" shall run all tests])
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 545b244..3874ac1 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1854,10 +1854,16 @@ agent_pksign (ctrl_t ctrl, const char *cache_nonce,
snprintf (line, sizeof line, "PKSIGN%s%s",
cache_nonce? " -- ":"",
cache_nonce? cache_nonce:"");
+
+ if (DBG_CLOCK)
+ log_clock ("enter signing");
err = assuan_transact (agent_ctx, line,
put_membuf_cb, &data,
default_inq_cb, &dfltparm,
NULL, NULL);
+ if (DBG_CLOCK)
+ log_clock ("leave signing");
+
if (err)
xfree (get_membuf (&data, NULL));
else
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 23af12b..63c38a6 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -510,7 +510,11 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
return GPG_ERR_GENERAL;
/* Verify the signature. */
+ if (DBG_CLOCK && sig->sig_class <= 0x01)
+ log_clock ("enter pk_verify");
rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
+ if (DBG_CLOCK && sig->sig_class <= 0x01)
+ log_clock ("leave pk_verify");
gcry_mpi_release (result);
if( !rc && sig->flags.unknown_critical )
-----------------------------------------------------------------------
Summary of changes:
common/logging.c | 12 ++++++------
common/util.h | 5 +++++
configure.ac | 15 +++++++++++++++
g10/call-agent.c | 8 +++++++-
g10/card-util.c | 10 ++++++----
g10/cipher.c | 2 +-
g10/gpg.h | 13 +++++++------
g10/keyid.c | 44 +++++++++++++++++++++++++++++++++++++++-----
g10/keylist.c | 3 +++
g10/sig-check.c | 6 +++++-
g10/tdbdump.c | 14 ++++++++------
g10/tofu.c | 5 +++--
12 files changed, 105 insertions(+), 32 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list