From cvs at cvs.gnupg.org Thu Feb 1 12:11:33 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 01 Feb 2018 12:11:33 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-17-gf98e193 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via f98e193c84250bbc49d5d1c625f54f2c14501ae3 (commit) from 64aa98c8a05513d9c00f53a2b880d80f9035333e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f98e193c84250bbc49d5d1c625f54f2c14501ae3 Author: Werner Koch Date: Thu Feb 1 12:05:19 2018 +0100 gpg: Update list of card vendors from master -- Signed-off-by: Werner Koch diff --git a/g10/card-util.c b/g10/card-util.c index a396b7d..759dde8 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -212,9 +212,11 @@ get_manufacturer (unsigned int no) case 0x000A: return "Dangerous Things"; case 0x002A: return "Magrathea"; + case 0x0042: return "GnuPG e.V."; case 0x1337: return "Warsaw Hackerspace"; case 0x2342: return "warpzone"; /* hackerspace Muenster. */ + case 0xBD0E: return "Paranoidlabs"; case 0xF517: return "FSIJ"; /* 0x0000 and 0xFFFF are defined as test cards per spec, ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 1 12:11:49 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 01 Feb 2018 12:11:49 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.4-114-g26c900a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 26c900a8f09df5a15cc9dfce11b98a1caa2dd682 (commit) via 303310d05e708dd58dcf7b7d8e8634cd5085bc7e (commit) from 660eafa3a9f68e116e9b0597edc317d8ff90f9b2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 26c900a8f09df5a15cc9dfce11b98a1caa2dd682 Author: Werner Koch Date: Thu Feb 1 12:02:13 2018 +0100 Add a new OpenPGP card vendor. -- diff --git a/g10/card-util.c b/g10/card-util.c index 854b94f..4c1ab03 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -216,6 +216,7 @@ get_manufacturer (unsigned int no) case 0x1337: return "Warsaw Hackerspace"; case 0x2342: return "warpzone"; /* hackerspace Muenster. */ + case 0xBD0E: return "Paranoidlabs"; case 0xF517: return "FSIJ"; /* 0x0000 and 0xFFFF are defined as test cards per spec, commit 303310d05e708dd58dcf7b7d8e8634cd5085bc7e Author: Werner Koch Date: Sun Jan 28 18:59:18 2018 +0100 gpg: Rename a misnomed arg in open_outfile. * g10/openfile.c (open_outfile): Rename inp_fd to out_fd. Signed-off-by: Werner Koch diff --git a/g10/main.h b/g10/main.h index 2f7c159..de8639e 100644 --- a/g10/main.h +++ b/g10/main.h @@ -341,7 +341,7 @@ gpg_error_t generate_card_subkeypair (ctrl_t ctrl, kbnode_t pub_keyblock, int overwrite_filep( const char *fname ); char *make_outfile_name( const char *iname ); char *ask_outfile_name( const char *name, size_t namelen ); -int open_outfile (int inp_fd, const char *iname, int mode, +int open_outfile (int out_fd, const char *iname, int mode, int restrictedperm, iobuf_t *a); char *get_matching_datafile (const char *sigfilename); iobuf_t open_sigfile (const char *sigfilename, progress_filter_context_t *pfx); diff --git a/g10/openfile.c b/g10/openfile.c index 78f4dbb..f4730da 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -171,32 +171,34 @@ ask_outfile_name( const char *name, size_t namelen ) * 2 = use ".sig" * 3 = use ".rev" * - * If INP_FD is not -1 the function simply creates an IOBUF for that - * file descriptor and ignore INAME and MODE. Note that INP_FD won't - * be closed if the returned IOBUF is closed. With RESTRICTEDPERM a - * file will be created with mode 700 if possible. - */ + * With RESTRICTEDPERM a file will be created with mode 700 if + * possible. + * + * If OUT_FD is not -1 the function simply creates an IOBUF for that + * file descriptor and ignores INAME and MODE. Note that OUT_FD won't + * be closed if the returned IOBUF is closed. This is used for gpg's + * --server mode. */ int -open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm, +open_outfile (int out_fd, const char *iname, int mode, int restrictedperm, iobuf_t *a) { int rc = 0; *a = NULL; - if (inp_fd != -1) + if (out_fd != -1) { char xname[64]; - *a = iobuf_fdopen_nc (inp_fd, "wb"); + *a = iobuf_fdopen_nc (out_fd, "wb"); if (!*a) { rc = gpg_error_from_syserror (); - snprintf (xname, sizeof xname, "[fd %d]", inp_fd); + snprintf (xname, sizeof xname, "[fd %d]", out_fd); log_error (_("can't open '%s': %s\n"), xname, gpg_strerror (rc)); } else if (opt.verbose) { - snprintf (xname, sizeof xname, "[fd %d]", inp_fd); + snprintf (xname, sizeof xname, "[fd %d]", out_fd); log_info (_("writing to '%s'\n"), xname); } } ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 1 + g10/main.h | 2 +- g10/openfile.c | 22 ++++++++++++---------- 3 files changed, 14 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Feb 3 13:00:29 2018 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sat, 03 Feb 2018 13:00:29 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-41-gffdc6f3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ffdc6f3623a0bcb41324d562340b2cd1c288e387 (commit) from 0b55f349a8b8f4b0ac9ed724c2d5b8dcc9f5401c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ffdc6f3623a0bcb41324d562340b2cd1c288e387 Author: Jussi Kivilinna Date: Wed Jan 31 20:02:48 2018 +0200 Fix incorrect counter overflow handling for GCM * cipher/cipher-gcm.c (gcm_ctr_encrypt): New function to handle 32-bit CTR increment for GCM. (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Do not use generic CTR implementation directly, use gcm_ctr_encrypt instead. * tests/basic.c (_check_gcm_cipher): Add test-vectors for 32-bit CTR overflow. (check_gcm_cipher): Add 'split input to 15 bytes and 17 bytes' test-runs. -- Reported-by: Clemens Lang > I believe we have found what seems to be a bug in counter overflow > handling in AES-GCM in libgcrypt's implementation. This leads to > incorrect results when using a non-12-byte IV and decrypting payloads > encrypted with other AES-GCM implementations, such as OpenSSL. > > According to the NIST Special Publication 800-38D "Recommendation for > Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC", > section 7.1, algorithm 4, step 3 [NIST38D], the counter increment is > defined as inc_32. Section 6.2 of the same document defines the > incrementing function inc_s for positive integers s as follows: > > | the function increments the right-most s bits of the string, regarded > | as the binary representation of an integer, modulo 2^s; the remaining, > | left-most len(X) - s bits remain unchanged > > (X is the complete counter value in this case) > > This problem does not occur when using a 12-byte IV, because AES-GCM has > a special case for the inital counter value with 12-byte IVs: > > | If len(IV)=96, then J_0 = IV || 0^31 || 1 > > i.e., one would have to encrypt (UINT_MAX - 1) * blocksize of data to > hit an overflow. However, for non-12-byte IVs, the initial counter value > is the output of a hash function, which makes hitting an overflow much > more likely. > > In practice, we have found that using > > iv = 9e 79 18 8c ff 09 56 1e c9 90 99 cc 6d 5d f6 d3 > key = 26 56 e5 73 76 03 c6 95 0d 22 07 31 5d 32 5c 6b a5 54 5f 40 23 98 60 f6 f7 06 6f 7a 4f c2 ca 40 > > will reliably trigger an overflow when encrypting 10 MiB of data. It > seems that this is caused by re-using the AES-CTR implementation for > incrementing the counter. Bug was introduced by commit bd4bd23a2511a4bce63c3217cca0d4ecf0c79532 "GCM: Use counter mode code for speed-up". GnuPG-bug-id: 3764 Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index 2b8b454..6169d14 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -1,6 +1,6 @@ /* cipher-gcm.c - Generic Galois Counter Mode implementation * Copyright (C) 2013 Dmitry Eremin-Solenikov - * Copyright (C) 2013 Jussi Kivilinna + * Copyright (C) 2013, 2018 Jussi Kivilinna * * This file is part of Libgcrypt. * @@ -556,6 +556,77 @@ do_ghash_buf(gcry_cipher_hd_t c, byte *hash, const byte *buf, } +static gcry_err_code_t +gcm_ctr_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, + const byte *inbuf, size_t inbuflen) +{ + gcry_err_code_t err = 0; + + while (inbuflen) + { + u32 nblocks_to_overflow; + u32 num_ctr_increments; + u32 curr_ctr_low; + size_t currlen = inbuflen; + byte ctr_copy[GCRY_GCM_BLOCK_LEN]; + int fix_ctr = 0; + + /* GCM CTR increments only least significant 32-bits, without carry + * to upper 96-bits of counter. Using generic CTR implementation + * directly would carry 32-bit overflow to upper 96-bit. Detect + * if input length is long enough to cause overflow, and limit + * input length so that CTR overflow happen but updated CTR value is + * not used to encrypt further input. After overflow, upper 96 bits + * of CTR are restored to cancel out modification done by generic CTR + * encryption. */ + + if (inbuflen > c->unused) + { + curr_ctr_low = gcm_add32_be128 (c->u_ctr.ctr, 0); + + /* Number of CTR increments this inbuflen would cause. */ + num_ctr_increments = (inbuflen - c->unused) / GCRY_GCM_BLOCK_LEN + + !!((inbuflen - c->unused) % GCRY_GCM_BLOCK_LEN); + + if ((u32)(num_ctr_increments + curr_ctr_low) < curr_ctr_low) + { + nblocks_to_overflow = 0xffffffffU - curr_ctr_low + 1; + currlen = nblocks_to_overflow * GCRY_GCM_BLOCK_LEN + c->unused; + if (currlen > inbuflen) + { + currlen = inbuflen; + } + + fix_ctr = 1; + buf_cpy(ctr_copy, c->u_ctr.ctr, GCRY_GCM_BLOCK_LEN); + } + } + + err = _gcry_cipher_ctr_encrypt(c, outbuf, outbuflen, inbuf, currlen); + if (err != 0) + return err; + + if (fix_ctr) + { + /* Lower 32-bits of CTR should now be zero. */ + gcry_assert(gcm_add32_be128 (c->u_ctr.ctr, 0) == 0); + + /* Restore upper part of CTR. */ + buf_cpy(c->u_ctr.ctr, ctr_copy, GCRY_GCM_BLOCK_LEN - sizeof(u32)); + + wipememory(ctr_copy, sizeof(ctr_copy)); + } + + inbuflen -= currlen; + inbuf += currlen; + outbuflen -= currlen; + outbuf += currlen; + } + + return err; +} + + gcry_err_code_t _gcry_cipher_gcm_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, @@ -595,7 +666,7 @@ _gcry_cipher_gcm_encrypt (gcry_cipher_hd_t c, return GPG_ERR_INV_LENGTH; } - err = _gcry_cipher_ctr_encrypt(c, outbuf, outbuflen, inbuf, inbuflen); + err = gcm_ctr_encrypt(c, outbuf, outbuflen, inbuf, inbuflen); if (err != 0) return err; @@ -642,7 +713,7 @@ _gcry_cipher_gcm_decrypt (gcry_cipher_hd_t c, do_ghash_buf(c, c->u_mode.gcm.u_tag.tag, inbuf, inbuflen, 0); - return _gcry_cipher_ctr_encrypt(c, outbuf, outbuflen, inbuf, inbuflen); + return gcm_ctr_encrypt(c, outbuf, outbuflen, inbuf, inbuflen); } diff --git a/tests/basic.c b/tests/basic.c index c883eb3..42ee819 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -1347,6 +1347,7 @@ check_ofb_cipher (void) static void _check_gcm_cipher (unsigned int step) { +#define MAX_GCM_DATA_LEN (256 + 32) static const struct tv { int algo; @@ -1355,9 +1356,9 @@ _check_gcm_cipher (unsigned int step) int ivlen; unsigned char aad[MAX_DATA_LEN]; int aadlen; - unsigned char plaintext[MAX_DATA_LEN]; + unsigned char plaintext[MAX_GCM_DATA_LEN]; int inlen; - char out[MAX_DATA_LEN]; + char out[MAX_GCM_DATA_LEN]; char tag[MAX_DATA_LEN]; int taglen; int should_fail; @@ -1551,11 +1552,687 @@ _check_gcm_cipher (unsigned int step) "\xee\xb2\xb2\x2a\xaf\xde\x64\x19\xa0\x58\xab\x4f\x6f\x74\x6b\xf4" "\x0f\xc0\xc3\xb7\x80\xf2\x44\x45\x2d\xa3\xeb\xf1\xc5\xd8\x2c\xde" "\xa2\x41\x89\x97\x20\x0e\xf8\x2e\x44\xae\x7e\x3f", - "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a" } + "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a" }, + /* Test vectors for overflowing CTR. */ + /* After setiv, ctr_low: 0xffffffff */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x86\xdd\x40\xe7", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x7d\x6e\x38\xfd\xd0\x04\x9d\x28\xdf\x4a\x10\x3f\xa3\x9e\xf8\xf8" + "\x6c\x2c\x10\xa7\x91\xab\xc0\x86\xd4\x6d\x69\xea\x58\xc4\xf9\xc0" + "\xd4\xee\xc2\xb0\x9d\x36\xae\xe7\xc9\xa9\x1f\x71\xa8\xee\xa2\x1d" + "\x20\xfd\x79\xc7\xd9\xc4\x90\x51\x38\x97\xb6\x9f\x55\xea\xf3\xf0" + "\x78\xb4\xd3\x8c\xa9\x9b\x32\x7d\x19\x36\x96\xbc\x8e\xab\x80\x9f" + "\x61\x56\xcc\xbd\x3a\x80\xc6\x69\x37\x0a\x89\x89\x21\x82\xb7\x79" + "\x6d\xe9\xb4\x34\xc4\x31\xe0\xbe\x71\xad\xf3\x50\x05\xb2\x61\xab" + "\xb3\x1a\x80\x57\xcf\xe1\x11\x26\xcb\xa9\xd1\xf6\x58\x46\xf1\x69" + "\xa2\xb8\x42\x3c\xe8\x28\x13\xca\x58\xd9\x28\x99\xf8\xc8\x17\x32" + "\x4a\xf9\xb3\x4c\x7a\x47\xad\xe4\x77\x64\xec\x70\xa1\x01\x0b\x88" + "\xe7\x30\x0b\xbd\x66\x25\x39\x1e\x51\x67\xee\xec\xdf\xb8\x24\x5d" + "\x7f\xcb\xee\x7a\x4e\xa9\x93\xf0\xa1\x84\x7b\xfe\x5a\xe3\x86\xb2" + "\xfb\xcd\x39\xe7\x1e\x5e\x48\x65\x4b\x50\x2b\x4a\x99\x46\x3f\x6f" + "\xdb\xd9\x97\xdb\xe5\x6d\xa4\xdd\x6c\x18\x64\x5e\xae\x7e\x2c\xd3" + "\xb4\xf3\x57\x5c\xb5\xf8\x7f\xe5\x87\xb5\x35\xdb\x80\x38\x6e\x2c" + "\x5c\xdd\xeb\x7c\x63\xac\xe4\xb5\x5a\x6a\x40\x6d\x72\x69\x9a\xa9" + "\x8f\x5e\x93\x91\x4d\xce\xeb\x87\xf5\x25\xed\x75\x6b\x3b\x1a\xf2" + "\x0c\xd2\xa4\x10\x45\xd2\x87\xae\x29\x6d\xeb\xea\x66\x5f\xa0\xc2", + "\x8c\x22\xe3\xda\x9d\x94\x8a\xbe\x8a\xbc\x55\x2c\x94\x63\x44\x40" }, + /* After setiv, ctr_low: 0xfffffffe */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8d\xd1\xc1\xdf", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\xac\x6a\x10\x3f\xe2\x8d\xed\x27\x55\x14\xca\x1f\x03\x67\x0a\xa8" + "\xa1\x07\xbf\x00\x73\x5b\x64\xef\xac\x30\x83\x81\x48\x4c\xaa\xd5" + "\xff\xca\xef\x2f\x77\xbe\xfe\x1b\x20\x5c\x86\x19\xc7\xf9\x11\x99" + "\x27\xc5\x57\xa7\x0a\xc2\xa8\x05\xd9\x07\x2b\xb9\x38\xa4\xef\x58" + "\x92\x74\xcf\x89\xc7\xba\xfc\xb9\x70\xac\x86\xe2\x31\xba\x7c\xf9" + "\xc4\xe2\xe0\x4c\x1b\xe4\x3f\x75\x83\x5c\x40\x0e\xa4\x13\x8b\x04" + "\x60\x78\x57\x29\xbb\xe6\x61\x93\xe3\x16\xf9\x58\x07\x75\xd0\x96" + "\xfb\x8f\x6d\x1e\x49\x0f\xd5\x31\x9e\xee\x31\xe6\x0a\x85\x93\x49" + "\x22\xcf\xd6\x1b\x40\x44\x63\x9c\x95\xaf\xf0\x44\x23\x51\x37\x92" + "\x0d\xa0\x22\x37\xb9\x6d\x13\xf9\x78\xba\x27\x27\xed\x08\x7e\x35" + "\xe4\xe2\x28\xeb\x0e\xbe\x3d\xce\x89\x93\x35\x84\x0f\xa0\xf9\x8d" + "\x94\xe9\x5a\xec\xd4\x0d\x1f\x5c\xbe\x6f\x8e\x6a\x4d\x10\x65\xbb" + "\xc7\x0b\xa0\xd5\x5c\x20\x80\x0b\x4a\x43\xa6\xe1\xb0\xe0\x56\x6a" + "\xde\x90\xe0\x6a\x45\xe7\xc2\xd2\x69\x9b\xc6\x62\x11\xe3\x2b\xa5" + "\x45\x98\xb0\x80\xd3\x57\x4d\x1f\x09\x83\x58\xd4\x4d\xa6\xc5\x95" + "\x87\x59\xb0\x58\x6c\x81\x49\xc5\x95\x18\x23\x1b\x6f\x10\x86\xa2" + "\xd9\x56\x19\x30\xec\xd3\x4a\x4b\xe8\x1c\x11\x37\xfb\x31\x60\x4d" + "\x4f\x9b\xc4\x95\xba\xda\x49\x43\x6c\xc7\x3d\x5b\x13\xf9\x91\xf8", + "\xcd\x2b\x83\xd5\x5b\x5a\x8e\x0b\x2e\x77\x0d\x97\xbf\xf7\xaa\xab" }, + /* After setiv, ctr_low: 0xfffffffd */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x76\x8c\x18\x92", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x3d\x6f\x4e\xf6\xd2\x6f\x4e\xce\xa6\xb4\x4a\x9e\xcb\x57\x13\x90" + "\x51\x3b\xf6\xb2\x40\x55\x0c\x2c\xa2\x85\x44\x72\xf2\x90\xaf\x6b" + "\x86\x8c\x75\x2a\x9c\xd6\x52\x50\xee\xc6\x5f\x59\xbc\x8d\x18\xd7" + "\x87\xa5\x7f\xa0\x13\xd1\x5d\x54\x77\x30\xe2\x5d\x1b\x4f\x87\x9f" + "\x3a\x41\xcb\x6a\xdf\x44\x4f\xa2\x1a\xbc\xfb\x4b\x16\x67\xed\x59" + "\x65\xf0\x77\x48\xca\xfd\xf0\xb6\x90\x65\xca\x23\x09\xca\x83\x43" + "\x8f\xf0\x78\xb4\x5f\x96\x2a\xfd\x29\xae\xda\x62\x85\xc5\x87\x4b" + "\x2a\x3f\xba\xbe\x15\x5e\xb0\x4e\x8e\xe7\x66\xae\xb4\x80\x66\x90" + "\x10\x9d\x81\xb9\x64\xd3\x36\x00\xb2\x95\xa8\x7d\xaf\x54\xf8\xbd" + "\x8f\x7a\xb1\xa1\xde\x09\x0d\x10\xc8\x8e\x1e\x18\x2c\x1e\x73\x71" + "\x2f\x1e\xfd\x16\x6e\xbe\xe1\x3e\xe5\xb4\xb5\xbf\x03\x63\xf4\x5a" + "\x0d\xeb\xff\xe0\x61\x80\x67\x51\xb4\xa3\x1f\x18\xa5\xa9\xf1\x9a" + "\xeb\x2a\x7f\x56\xb6\x01\x88\x82\x78\xdb\xec\xb7\x92\xfd\xef\x56" + "\x55\xd3\x72\x35\xcd\xa4\x0d\x19\x6a\xb6\x79\x91\xd5\xcb\x0e\x3b" + "\xfb\xea\xa3\x55\x9f\x77\xfb\x75\xc2\x3e\x09\x02\x73\x7a\xff\x0e" + "\xa5\xf0\x83\x11\xeb\xe7\xff\x3b\xd0\xfd\x7a\x07\x53\x63\x43\x89" + "\xf5\x7b\xc4\x7d\x3b\x2c\x9b\xca\x1c\xf6\xb2\xab\x13\xf5\xc4\x2a" + "\xbf\x46\x77\x3b\x09\xdd\xd1\x80\xef\x55\x11\x3e\xd8\xe4\x42\x22", + "\xa3\x86\xa1\x5f\xe3\x4f\x3b\xed\x12\x23\xeb\x5c\xb8\x0c\xad\x4a" }, + /* After setiv, ctr_low: 0xfffffffc */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9b\xc8\xc3\xaf", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x33\x5f\xdc\x8d\x5d\x77\x7b\x78\xc1\x5b\x7b\xb3\xd9\x08\x9a\x0c" + "\xce\x63\x4e\xef\x19\xf8\x8c\x7a\xcb\x31\x39\x93\x69\x7a\x2c\x97" + "\x3a\xb4\x52\x45\x9e\x7b\x78\xbc\xa9\xad\x54\x7f\x88\xa6\xae\xd5" + "\xc0\x8b\x7a\xe4\x23\x6b\xb2\x29\x98\xea\x25\x7a\xae\x11\x0c\xc9" + "\xf3\x77\xa1\x74\x82\xde\x0c\xec\x68\xce\x94\xfd\xb0\xa0\xc5\x32" + "\xd6\xbb\xc3\xe7\xed\x3c\x6f\x0b\x53\x9d\xf3\xc8\xeb\x4e\xee\x99" + "\x19\xc7\x16\xd1\xa5\x59\x1d\xa9\xd3\xe6\x43\x52\x74\x61\x28\xe6" + "\xac\xd8\x47\x63\xc2\xb7\x53\x39\xc1\x9a\xb0\xa3\xa4\x26\x14\xd0" + "\x88\xa9\x8c\xc5\x6d\xe9\x21\x7c\xb9\xa5\xab\x67\xe3\x8d\xe9\x1d" + "\xe3\x1c\x7b\xcd\xa4\x12\x0c\xd7\xa6\x5d\x41\xcf\xdd\x3d\xfc\xbc" + "\x2a\xbb\xa2\x7a\x9c\x4b\x3a\x42\x6c\x98\x1d\x50\x99\x9c\xfb\xda" + "\x21\x09\x2a\x31\xff\x05\xeb\xa5\xf1\xba\x65\x78\xbe\x15\x8e\x84" + "\x35\xdd\x45\x29\xcc\xcd\x32\x2d\x27\xe9\xa8\x94\x4b\x16\x16\xcc" + "\xab\xf2\xec\xfb\xa0\xb5\x9d\x39\x81\x3e\xec\x5e\x3d\x13\xd1\x83" + "\x04\x79\x2d\xbb\x2c\x76\x76\x93\x28\x77\x27\x13\xdd\x1d\x3e\x89" + "\x3e\x37\x46\x4c\xb8\x34\xbe\xbf\x9f\x4f\x9f\x37\xff\x0c\xe6\x14" + "\x14\x66\x52\x41\x18\xa9\x39\x2b\x0c\xe5\x44\x04\xb0\x93\x06\x64" + "\x67\xf7\xa0\x19\xa7\x61\xcf\x03\x7b\xcb\xc8\xb3\x88\x28\xe4\xe7", + "\xe6\xe8\x0a\xe3\x72\xfc\xe0\x07\x69\x09\xf2\xeb\xbc\xc8\x6a\xf0" }, + /* After setiv, ctr_low: 0xfffffffb */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x60\x95\x1a\xe2", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\xd8\x32\x5a\xe3\x55\x8e\xb3\xc2\x51\x84\x2b\x09\x01\x5e\x6c\xfb" + "\x4a\xc4\x88\xa0\x33\xe7\x3e\xbf\xe5\x7c\xd2\x00\x4c\x1a\x85\x32" + "\x34\xec\x38\x9d\x18\x5f\xf1\x50\x61\x82\xee\xf3\x84\x5a\x84\x4e" + "\xeb\x29\x08\x4c\x7b\xb5\x27\xec\x7d\x79\x77\xd7\xa1\x68\x91\x32" + "\x2d\xf3\x38\xa9\xd6\x27\x16\xfb\x7d\x8b\x09\x5e\xcf\x1b\x74\x6d" + "\xcf\x51\x91\x91\xa1\xe7\x40\x19\x43\x7b\x0d\xa5\xa9\xa5\xf4\x2e" + "\x7f\x1c\xc7\xba\xa2\xea\x00\xdd\x24\x01\xa8\x66\x1e\x88\xf1\xf6" + "\x0c\x9a\xd6\x2b\xda\x3f\x3e\xb2\x98\xea\x89\xc7\xc6\x63\x27\xb7" + "\x6a\x48\x9a\xee\x1e\x70\xa0\xc8\xec\x3d\xc3\x3e\xb5\xf0\xc2\xb1" + "\xb9\x71\x1a\x69\x9d\xdd\x72\x1e\xfe\x72\xa0\x21\xb8\x9f\x18\x96" + "\x26\xcf\x89\x2e\x92\xf1\x02\x65\xa5\xb4\x2e\xb7\x4e\x12\xbd\xa0" + "\x48\xbe\xf6\x5c\xef\x7e\xf3\x0a\xcf\x9d\x1f\x1e\x14\x70\x3e\xa0" + "\x01\x0f\x14\xbf\x38\x10\x3a\x3f\x3f\xc2\x76\xe0\xb0\xe0\x7c\xc6" + "\x77\x6d\x7f\x69\x8e\xa0\x4b\x00\xc3\x9d\xf9\x0b\x7f\x8a\x8e\xd3" + "\x17\x58\x40\xfe\xaf\xf4\x16\x3a\x65\xff\xce\x85\xbb\x80\xfa\xb8" + "\x34\xc9\xef\x3a\xdd\x04\x46\xca\x8f\x70\x48\xbc\x1c\x71\x4d\x6a" + "\x17\x30\x32\x87\x2e\x2e\x54\x9e\x3f\x15\xed\x17\xd7\xa1\xcf\x6c" + "\x5d\x0f\x3c\xee\xf5\x96\xf1\x8f\x68\x1c\xbc\x27\xdc\x10\x3c\x3c", + "\x8c\x31\x06\xbb\xf8\x18\x2d\x9d\xd1\x0d\x03\x56\x2b\x28\x25\x9b" }, + /* After setiv, ctr_low: 0xfffffffa */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6b\x99\x9b\xda", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x7a\x74\x57\xe7\xc1\xb8\x7e\xcf\x91\x98\xf4\x1a\xa4\xdb\x4d\x2c" + "\x6e\xdc\x05\x0b\xd1\x16\xdf\x25\xa8\x1e\x42\xa6\xf9\x09\x36\xfb" + "\x02\x8a\x10\x7d\xa1\x07\x88\x40\xb7\x41\xfd\x64\xf6\xe3\x92\x20" + "\xfd\xc9\xde\xbd\x88\x46\xd3\x1f\x20\x14\x73\x86\x09\xb6\x68\x61" + "\x64\x90\xda\x24\xa8\x0f\x6a\x10\xc5\x01\xbf\x52\x8a\xee\x23\x44" + "\xd5\xb0\xd8\x68\x5e\x77\xc3\x62\xed\xcb\x3c\x1b\x0c\x1f\x13\x92" + "\x2c\x74\x6d\xee\x40\x1b\x6b\xfe\xbe\x3c\xb8\x02\xdd\x24\x9d\xd3" + "\x3d\x4e\xd3\x9b\x18\xfd\xd6\x8f\x95\xef\xa3\xbf\xa9\x2f\x33\xa8" + "\xc2\x37\x69\x58\x92\x42\x3a\x30\x46\x12\x1b\x2c\x04\xf0\xbf\xa9" + "\x79\x55\xcd\xac\x45\x36\x79\xc0\xb4\xb2\x5f\x82\x88\x49\xe8\xa3" + "\xbf\x33\x41\x7a\xcb\xc4\x11\x0e\xcc\x61\xed\xd1\x6b\x59\x5f\x9d" + "\x20\x6f\x85\x01\xd0\x16\x2a\x51\x1b\x79\x35\x42\x5e\x49\xdf\x6f" + "\x64\x68\x31\xac\x49\x34\xfb\x2b\xbd\xb1\xd9\x12\x4e\x4b\x16\xc5" + "\xa6\xfe\x15\xd3\xaf\xac\x51\x08\x95\x1f\x8c\xd2\x52\x37\x8b\x88" + "\xf3\x20\xe2\xf7\x09\x55\x82\x83\x1c\x38\x5f\x17\xfc\x37\x26\x21" + "\xb8\xf1\xfe\xa9\xac\x54\x1e\x53\x83\x53\x3f\x43\xe4\x67\x22\xd5" + "\x86\xec\xf2\xb6\x4a\x8b\x8a\x66\xea\xe0\x92\x50\x3b\x51\xe4\x00" + "\x25\x2a\x7a\x64\x14\xd6\x09\xe1\x6c\x75\x32\x28\x53\x5e\xb3\xab", + "\x5d\x4b\xb2\x8f\xfe\xa5\x7f\x01\x6d\x78\x6c\x13\x58\x08\xe4\x94" }, + /* After setiv, ctr_low: 0xfffffff9 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90\xc4\x42\x97", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\xf5\xc1\xed\xb8\x7f\x55\x7b\xb5\x47\xed\xaa\x42\xd2\xda\x33\x41" + "\x4a\xe0\x36\x6d\x51\x28\x40\x9c\x35\xfb\x11\x65\x18\x83\x9c\xb5" + "\x02\xb2\xa7\xe5\x52\x27\xa4\xe8\x57\x3d\xb3\xf5\xea\xcb\x21\x07" + "\x67\xbe\xbe\x0f\xf6\xaa\x32\xa1\x4b\x5e\x79\x4f\x50\x67\xcd\x80" + "\xfc\xf1\x65\xf2\x6c\xd0\xdb\x17\xcc\xf9\x52\x93\xfd\x5e\xa6\xb9" + "\x5c\x9f\xa8\xc6\x36\xb7\x80\x80\x6a\xea\x62\xdc\x61\x13\x45\xbe" + "\xab\x8f\xd8\x99\x17\x51\x9b\x29\x04\x6e\xdb\x3e\x9f\x83\xc6\x35" + "\xb3\x90\xce\xcc\x74\xec\xcb\x04\x41\xac\xb1\x92\xde\x20\xb1\x67" + "\xb0\x38\x14\xaa\x7d\xee\x3c\xb2\xd3\xbb\x2f\x88\x0b\x73\xcf\x7b" + "\x69\xc1\x55\x5b\x2b\xf2\xd4\x38\x2b\x3c\xef\x04\xc9\x14\x7c\x31" + "\xd6\x61\x88\xa8\xb3\x8c\x69\xb4\xbc\xaa\x0d\x15\xd2\xd5\x27\x63" + "\xc4\xa4\x80\xe9\x2b\xe9\xd2\x34\xc9\x0e\x3f\x7b\xd3\x43\x0d\x47" + "\x5d\x37\x8e\x42\xa4\x4e\xef\xcd\xbb\x3a\x5b\xa4\xe1\xb0\x8d\x64" + "\xb7\x0b\x58\x52\xec\x55\xd0\xef\x23\xfe\xf2\x8d\xe0\xd1\x6a\x2c" + "\xaa\x1c\x03\xc7\x3e\x58\x4c\x61\x72\x07\xc6\xfd\x0e\xbc\xd4\x6b" + "\x99\x4f\x91\xda\xff\x6f\xea\x81\x0c\x76\x85\x5d\x0c\x7f\x1c\xb8" + "\x84\x8c\x2f\xe1\x36\x3e\x68\xa0\x57\xf5\xdf\x13\x0a\xd6\xe1\xcd" + "\xae\x23\x99\x4e\xed\x7a\x72\x1b\x7c\xe5\x65\xd1\xb7\xcf\x2f\x73", + "\x1e\x2f\xcf\x3c\x95\x9a\x29\xec\xd3\x37\x90\x8c\x84\x8a\xfb\x95" }, + /* After setiv, ctr_low: 0xfffffff8 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xfa\xc7\x4f", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x14\x33\xc6\x9d\x04\xd3\x48\x29\x0c\x6a\x24\x27\xdf\x5f\x0a\xd2" + "\x71\xd6\xd0\x18\x04\xc0\x9f\x72\x0a\x60\xb7\x10\x52\x56\xf7\xae" + "\x64\xb0\x28\xd4\xfd\x25\x93\x8e\x67\x7e\xac\xc2\x93\xc7\x54\x2e" + "\x82\x93\x88\x6a\xb9\x8b\x73\xbc\x88\xec\x27\xdd\x4f\x9b\x21\x9e" + "\x77\x98\x70\x0b\xf4\xd8\x55\xfe\xf4\xc3\x3a\xcb\xca\x3a\xfb\xd4" + "\x52\x72\x2f\xf8\xac\xa9\x6a\xf5\x13\xab\x7a\x2e\x9f\x52\x41\xbd" + "\x87\x90\x68\xad\x17\xbd\x5a\xff\xc3\xc6\x10\x4d\xc1\xfe\xfc\x72" + "\x21\xb5\x53\x4a\x3f\xe0\x15\x9f\x29\x36\x23\xc0\x9a\x31\xb2\x0f" + "\xcd\x2f\xa6\xd0\xfc\xe6\x4d\xed\x68\xb3\x3d\x26\x67\xab\x40\xf0" + "\xab\xcf\x72\xc0\x50\xb1\x1e\x86\x38\xe2\xe0\x46\x3a\x2e\x3e\x1d" + "\x07\xd6\x9d\xe8\xfc\xa3\xe7\xac\xc9\xa0\xb3\x22\x05\xbc\xbf\xd2" + "\x63\x44\x66\xfc\xb4\x7b\xb4\x70\x7e\x96\xa9\x16\x1b\xb2\x7d\x93" + "\x44\x92\x5e\xbd\x16\x34\xa7\x11\xd0\xdf\x52\xad\x6f\xbd\x23\x3c" + "\x3d\x58\x16\xaf\x99\x8b\xbb\xa0\xdc\x3a\xff\x17\xda\x56\xba\x77" + "\xae\xc4\xb1\x51\xe2\x61\x4f\xf0\x66\x1b\x4c\xac\x79\x34\x1c\xfd" + "\x6c\x5f\x9a\x2c\x60\xfc\x47\x00\x5f\x2d\x81\xcc\xa9\xdd\x2b\xf4" + "\x5b\x53\x44\x61\xd4\x13\x5a\xf3\x93\xf0\xc9\x24\xd4\xe6\x60\x6f" + "\x78\x02\x0c\x75\x9d\x0d\x23\x97\x35\xe2\x06\x8a\x49\x5e\xe5\xbe", + "\x23\xc0\x4a\x2f\x98\x93\xca\xbd\x2e\x44\xde\x05\xcc\xe7\xf1\xf5" }, + /* After setiv, ctr_low: 0xfffffff7 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4c\xa7\x1e\x02", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x51\x51\x64\x89\xeb\x9f\xf9\xd6\xb1\xa6\x73\x5f\xf1\x62\xb5\xe4" + "\x00\x80\xdb\x4c\x1c\xce\xe5\x00\xeb\xea\x6c\x57\xe4\x27\xfc\x71" + "\x08\x8c\xa1\xfc\x59\x1d\x07\x45\x3c\xc9\x4e\x0f\xb6\xea\x96\x90" + "\xae\xf7\x81\x1e\x7e\x6c\x5e\x50\xaf\x34\x3e\xa0\x55\x59\x8e\xe7" + "\xc1\xba\x48\xfa\x9e\x07\xf6\x6a\x24\x54\x3e\x9b\xa5\xfe\x31\x16" + "\x3d\x4d\x9c\xc4\xe1\xec\x26\xa0\x8b\x59\xa6\xf3\x94\xf8\x88\xda" + "\x1f\x88\x23\x5f\xfb\xfd\x79\xa2\xd3\x62\x30\x66\x69\xd9\x0d\x05" + "\xc0\x75\x4c\xb8\x48\x34\x1d\x97\xcf\x29\x6a\x12\x1c\x26\x54\x1d" + "\x80\xa9\x06\x74\x86\xff\xc6\xb4\x72\xee\x34\xe2\x56\x06\x6c\xf5" + "\x11\xe7\x26\x71\x47\x6b\x05\xbd\xe4\x0b\x40\x78\x84\x3c\xf9\xf2" + "\x78\x34\x2b\x3c\x5f\x0e\x4c\xfb\x17\x39\xdc\x59\x6b\xd1\x56\xac" + "\xe4\x1f\xb9\x19\xbc\xec\xb1\xd0\x6d\x47\x3b\x37\x4d\x0d\x6b\x65" + "\x7c\x70\xe9\xec\x58\xcc\x09\xd4\xd9\xbf\x9f\xe0\x6c\x7f\x60\x28" + "\xd8\xdf\x8e\xd1\x6a\x73\x42\xf3\x50\x01\x79\x68\x41\xc3\xba\x19" + "\x1e\x2d\x30\xc2\x81\x2c\x9f\x11\x8b\xd0\xdc\x31\x3b\x01\xfe\x53" + "\xa5\x11\x13\x22\x89\x40\xb9\x1b\x12\x89\xef\x9a\xcb\xa8\x03\x4f" + "\x54\x1a\x15\x6d\x11\xba\x05\x09\xd3\xdb\xbf\x05\x42\x3a\x5a\x27" + "\x3b\x34\x5c\x58\x8a\x5c\xa4\xc2\x28\xdc\xb2\x3a\xe9\x99\x01\xd6", + "\x30\xb2\xb5\x11\x8a\x3a\x8d\x70\x67\x71\x14\xde\xed\xa7\x43\xb5" }, + /* After setiv, ctr_low: 0xfffffff6 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x47\xab\x9f\x3a", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x05\x72\x44\xa0\x99\x11\x1d\x2c\x4b\x03\x4f\x20\x92\x88\xbe\x55" + "\xee\x31\x2c\xd9\xc0\xc1\x64\x77\x79\xd7\x3e\xfa\x5a\x7d\xf0\x48" + "\xf8\xc8\xfe\x81\x8f\x89\x92\xa6\xc2\x07\xdc\x9f\x3f\xb2\xc8\xf2" + "\xf3\xe9\xe1\xd3\xed\x55\xb4\xab\xc3\x22\xed\x8f\x00\xde\x32\x95" + "\x91\xc0\xc5\xf3\xd3\x93\xf0\xee\x56\x14\x8f\x96\xff\xd0\x6a\xbd" + "\xfc\x57\xc2\xc3\x7b\xc1\x1d\x56\x48\x3f\xa6\xc7\x92\x47\xf7\x2f" + "\x0b\x85\x1c\xff\x87\x29\xe1\xbb\x9b\x14\x6c\xac\x51\x0a\xc0\x7b" + "\x22\x25\xb0\x48\x92\xad\x09\x09\x6e\x39\x8e\x96\x13\x05\x55\x92" + "\xbd\xd7\x5d\x95\x35\xdd\x8a\x9d\x05\x59\x60\xae\xbb\xc0\x85\x92" + "\x4c\x8b\xa0\x3f\xa2\x4a\xe5\x2e\xde\x85\x1a\x39\x10\x22\x11\x1b" + "\xdd\xcc\x96\xf4\x93\x97\xf5\x81\x85\xf3\x33\xda\xa1\x9a\xba\xfd" + "\xb8\xaf\x60\x81\x37\xf1\x02\x88\x54\x15\xeb\x21\xd1\x19\x1a\x1f" + "\x28\x9f\x02\x27\xca\xce\x97\xda\xdc\xd2\x0f\xc5\x0e\x2e\xdd\x4f" + "\x1d\x24\x62\xe4\x6e\x4a\xbe\x96\x95\x38\x0c\xe9\x26\x14\xf3\xf0" + "\x92\xbc\x97\xdc\x38\xeb\x64\xc3\x04\xc1\xa2\x6c\xad\xbd\xf8\x03" + "\xa0\xa4\x68\xaa\x9d\x1f\x09\xe6\x62\x95\xa2\x1c\x32\xef\x62\x28" + "\x7e\x54\x6d\x4b\x6a\xcc\x4a\xd0\x82\x47\x46\x0d\x45\x3c\x36\x03" + "\x86\x90\x44\x65\x18\xac\x19\x75\xe6\xba\xb1\x9a\xb4\x5d\x84\x9b", + "\x31\x22\x2b\x11\x6e\x2b\x94\x56\x37\x9d\xc3\xa5\xde\xe7\x6e\xc9" }, + /* After setiv, ctr_low: 0xfffffff5 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbc\xf6\x46\x77", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x6e\x32\xdb\x04\x32\x57\x15\x78\x0e\x4c\x70\x66\x5c\x91\x43\x0c" + "\x63\x73\xb8\x86\xad\xb0\xf1\x34\x0f\x0c\x7e\xd3\x4e\xcb\xc9\xea" + "\x19\x3c\xb8\x14\xd0\xab\x9e\x9b\x22\xda\x7a\x96\xa7\xf5\xa2\x99" + "\x58\xe3\xd6\x72\x0f\xf5\xdf\x88\xd1\x33\xb1\xe5\x03\x72\x62\x1c" + "\xa7\xf2\x67\x50\x0e\x70\xc3\x7a\x6c\x4a\x90\xba\x78\x9e\xd2\x0b" + "\x29\xd4\xc8\xa7\x57\x06\xf2\xf4\x01\x4b\x30\x53\xea\xf7\xde\xbf" + "\x1c\x12\x03\xcf\x9f\xcf\x80\x8b\x77\xfd\x73\x48\x79\x19\xbe\x38" + "\x75\x0b\x6d\x78\x7d\x79\x05\x98\x65\x3b\x35\x8f\x68\xff\x30\x7a" + "\x6e\xf7\x10\x9e\x11\x25\xc4\x95\x97\x7d\x92\x0f\xbf\x38\x95\xbd" + "\x5d\x2a\xf2\x06\x2c\xd9\x5a\x80\x91\x4e\x22\x7d\x5f\x69\x85\x03" + "\xa7\x5d\xda\x22\x09\x2b\x8d\x29\x67\x7c\x8c\xf6\xb6\x49\x20\x63" + "\xb9\xb6\x4d\xb6\x37\xa3\x7b\x19\xa4\x28\x90\x83\x55\x3d\x4e\x18" + "\xc8\x65\xbc\xd1\xe7\xb5\xcf\x65\x28\xea\x19\x11\x5c\xea\x83\x8c" + "\x44\x1f\xac\xc5\xf5\x3a\x4b\x1c\x2b\xbf\x76\xd8\x98\xdb\x50\xeb" + "\x64\x45\xae\xa5\x39\xb7\xc8\xdf\x5a\x73\x6d\x2d\x0f\x4a\x5a\x17" + "\x37\x66\x1c\x3d\x27\xd5\xd6\x7d\xe1\x08\x7f\xba\x4d\x43\xc2\x29" + "\xf7\xbe\x83\xec\xd0\x3b\x2e\x19\x9e\xf7\xbf\x1b\x16\x34\xd8\xfa" + "\x32\x17\x2a\x90\x55\x93\xd5\x3e\x14\x8d\xd6\xa1\x40\x45\x09\x52", + "\x89\xf2\xae\x78\x38\x8e\xf2\xd2\x52\xa8\xba\xb6\xf2\x5d\x7c\xfc" }, + /* After setiv, ctr_low: 0xfffffff4 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x51\xb2\x9d\x4a", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x1d\xb8\x77\xcd\xcd\xfe\xde\x07\x97\xcb\x97\x3a\x4f\xa0\xd0\xe6" + "\xcc\xcf\x8b\x71\xd5\x65\x3d\xc4\x17\x52\xe7\x1d\x6a\x68\x4a\x77" + "\xca\x04\x4a\xef\x8e\x7e\xce\x79\xa1\x80\x0d\x9e\xd5\xf4\xce\x66" + "\x4d\x54\xb1\x09\xd1\xb6\xb0\x43\x28\xe8\x53\xe2\x24\x9c\x76\xc5" + "\x4d\x22\xf3\x6e\x13\xf3\xd7\xe0\x85\xb8\x9e\x0b\x17\x22\xc0\x79" + "\x2b\x72\x57\xaa\xbd\x43\xc3\xf7\xde\xce\x22\x41\x3c\x7e\x37\x1a" + "\x55\x2e\x36\x0e\x7e\xdc\xb3\xde\xd7\x33\x36\xc9\xc8\x56\x93\x51" + "\x68\x77\x9a\xb0\x08\x5c\x22\x35\xef\x5c\x9b\xbf\x3e\x20\x8a\x84" + "\x3d\xb3\x60\x10\xe1\x97\x30\xd7\xb3\x6f\x40\x5a\x2c\xe0\xe5\x52" + "\x19\xb6\x2b\xed\x6e\x8e\x18\xb4\x8d\x78\xbd\xc4\x9f\x4f\xbd\x82" + "\x98\xd6\x71\x3d\x71\x5b\x78\x73\xee\x8e\x4b\x37\x88\x9e\x21\xca" + "\x00\x6c\xc2\x96\x8d\xf0\xcd\x09\x58\x54\x5a\x58\x59\x8e\x9b\xf8" + "\x72\x93\xd7\xa0\xf9\xc4\xdc\x48\x89\xaa\x31\x95\xda\x4e\x2f\x79" + "\x1e\x37\x49\x92\x2e\x32\x2e\x76\x54\x2a\x64\xa8\x96\x67\xe9\x75" + "\x10\xa6\xeb\xad\xc6\xa8\xec\xb7\x18\x0a\x32\x26\x8d\x6e\x03\x74" + "\x0e\x1f\xfc\xde\x76\xff\x6e\x96\x42\x2d\x80\x0a\xc6\x78\x70\xc4" + "\xd8\x56\x7b\xa6\x38\x2f\xf6\xc0\x9b\xd7\x21\x6e\x88\x5d\xc8\xe5" + "\x02\x6a\x09\x1e\xb3\x46\x44\x80\x82\x5b\xd1\x66\x06\x61\x4f\xb8", + "\x16\x0e\x73\xa3\x14\x43\xdb\x15\x9c\xb0\x0d\x30\x6d\x9b\xe1\xb1" }, + /* After setiv, ctr_low: 0xfffffff3 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xef\x44\x07", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x42\x71\x54\xe2\xdb\x50\x5d\x3c\x10\xbd\xf8\x60\xbd\xdb\x26\x14" + "\x7d\x13\x59\x98\x28\xfb\x43\x42\xca\x72\xe6\xd8\x58\x00\xa2\x1b" + "\x6a\x61\xb4\x3a\x80\x6b\x9e\x14\xbd\x11\x33\xab\xe9\xb9\x91\x95" + "\xd7\x5d\xc3\x98\x1f\x7f\xcb\xa8\xf0\xec\x31\x26\x51\xea\x2e\xdf" + "\xd9\xde\x70\xf5\x84\x27\x3a\xac\x22\x05\xb9\xce\x2a\xfb\x2a\x83" + "\x1e\xce\x0e\xb2\x31\x35\xc6\xe6\xc0\xd7\xb0\x5f\xf5\xca\xdb\x13" + "\xa7\xfe\x4f\x85\xa3\x4f\x94\x5c\xc1\x04\x12\xde\x6f\xa1\xdb\x41" + "\x59\x82\x22\x22\x65\x97\x6d\xc8\x67\xab\xf3\x90\xeb\xa4\x00\xb3" + "\x7d\x94\x3d\x7b\x2a\xe2\x85\x36\x87\x16\xb8\x19\x92\x02\xe0\x43" + "\x42\x85\xa1\xe6\xb8\x11\x30\xcc\x2c\xd8\x63\x09\x0e\x53\x5f\xa3" + "\xe0\xd4\xee\x0e\x04\xee\x65\x61\x96\x84\x42\x0c\x68\x8d\xb7\x48" + "\xa3\x02\xb4\x82\x69\xf2\x35\xe4\xce\x3b\xe3\x44\xce\xad\x49\x32" + "\xab\xda\x04\xea\x06\x60\xa6\x2a\x7d\xee\x0f\xb8\x95\x90\x22\x62" + "\x9c\x78\x59\xd3\x7b\x61\x02\x65\x63\x96\x9f\x67\x50\xa0\x61\x43" + "\x53\xb2\x3f\x22\xed\x8c\x42\x39\x97\xd9\xbc\x6e\x81\xb9\x21\x97" + "\xc6\x5b\x68\xd7\x7f\xd0\xc5\x4a\xfb\x74\xc4\xfd\x9a\x2a\xb8\x9b" + "\x48\xe0\x00\xea\x6d\xf5\x30\x26\x61\x8f\xa5\x45\x70\xc9\x3a\xea" + "\x6d\x19\x11\x57\x0f\x21\xe6\x0a\x53\x94\xe3\x0c\x99\xb0\x2f\xc5", + "\x92\x92\x89\xcd\x4f\x3c\x6d\xbc\xe8\xb3\x70\x14\x5b\x3c\x12\xe4" }, + /* After setiv, ctr_low: 0xfffffff2 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa1\xe3\xc5\x3f", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x41\xc3\xcb\xd7\x6e\xde\x2a\xc6\x15\x05\xc6\xba\x27\xae\xcd\x37" + "\xc0\xe5\xbf\xb9\x5c\xdc\xd6\xad\x1a\xe1\x35\x7c\xc0\x85\x85\x51" + "\x8c\x98\x06\xc0\x72\x43\x71\x7a\x2d\x7c\x81\x3c\xe7\xd6\x32\x8e" + "\x22\x2b\x46\x95\x6a\xde\x45\x40\x56\xe9\x63\x32\x68\xbf\xb6\x78" + "\xb7\x86\x00\x9d\x2c\x9e\xed\x67\xc1\x9b\x09\x9e\xd9\x0a\x56\xcb" + "\x57\xc9\x48\x14\x23\x4e\x97\x04\xb5\x85\x25\x1d\xcb\x1a\x79\x9b" + "\x54\x06\x95\xad\x16\x81\x84\x3a\x38\xec\x41\x90\x2a\xfa\x50\xe0" + "\xb9\x20\xa6\xeb\xfe\x2e\x5c\xa1\xf6\x3c\x69\x4c\xce\xf8\x30\xe0" + "\x87\x68\xa2\x3a\x9d\xad\x75\xd4\xa5\x6b\x0a\x90\x65\xa2\x27\x64" + "\x9d\xf5\xa0\x6f\xd0\xd3\x62\xa5\x2d\xae\x02\x89\xb4\x1a\xfa\x32" + "\x9b\xa0\x44\xdd\x50\xde\xaf\x41\xa9\x89\x1e\xb0\x41\xbc\x9c\x41" + "\xb0\x35\x5e\xf1\x9a\xd9\xab\x57\x53\x21\xca\x39\xfc\x8b\xb4\xd4" + "\xb2\x19\x8a\xe9\xb2\x24\x1e\xce\x2e\x19\xb0\xd2\x93\x30\xc4\x70" + "\xe2\xf8\x6a\x8a\x99\x3b\xed\x71\x7e\x9e\x98\x99\x2a\xc6\xdd\xcf" + "\x43\x32\xdb\xfb\x27\x22\x89\xa4\xc5\xe0\xa2\x94\xe9\xcf\x9d\x48" + "\xab\x3f\xfa\x4f\x75\x63\x46\xdd\xfe\xfa\xf0\xbf\x6e\xa1\xf9\xca" + "\xb1\x77\x79\x35\x6c\x33\xe1\x57\x68\x50\xe9\x78\x4e\xe4\xe2\xf0" + "\xcf\xe4\x23\xde\xf4\xa7\x34\xb3\x44\x97\x38\xd2\xbd\x27\x44\x0e", + "\x75\x0a\x41\x3b\x87\xe3\xc7\xf6\xd6\xe3\xab\xfa\x4b\xbe\x2e\x56" }, + /* After setiv, ctr_low: 0xfffffff1 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5a\xbe\x1c\x72", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\xf1\x3c\x7a\xa4\xa9\xaf\xe7\x49\x19\x7d\xad\x50\xc1\x6a\x84\x87" + "\xf5\x69\xe4\xe5\xc2\x0a\x90\x33\xc3\xeb\x76\x63\x5f\x9b\x1d\xf9" + "\x53\x4a\x2a\x6d\x6b\x61\xe0\x5d\xed\xcb\x98\x0d\xf2\x57\x33\x12" + "\xd1\x44\xaa\x7a\x7e\x4e\x41\x0e\xe6\xa7\x9f\x17\x92\x28\x91\xad" + "\xca\xce\xf2\xa8\x73\x4a\xad\x89\x62\x73\x0b\x9a\x68\x91\xa8\x11" + "\x44\x01\xfd\x57\xe4\xf8\x84\x55\x2b\x66\xdb\xb9\xd6\xee\x83\xe5" + "\x57\xea\x5c\x6a\x23\x87\xdd\x0a\x45\x63\xb4\x0c\x8f\xc5\x9f\x22" + "\xf3\x4f\x4e\x6f\x7b\x14\x62\xf7\x80\x59\x4a\xc5\xc8\xae\x8a\x6f" + "\x5e\xe3\x1e\xe6\xae\xec\x99\x77\x6b\x88\x14\xe3\x58\x88\x61\x74" + "\x38\x91\xa1\x32\xb8\xd2\x39\x6b\xe2\xcb\x8e\x77\xde\x92\x36\x78" + "\xad\x50\xcf\x08\xb8\xfa\x29\x59\xb4\x68\x1b\x23\x10\x57\x32\x92" + "\xf8\xec\xe1\x97\xdb\x30\x85\x22\xb5\x68\x2f\xf2\x98\xda\x06\xee" + "\x65\x02\xe7\xf9\xc8\xc1\xca\x8f\xd3\xed\x4a\x3c\x09\xdd\xde\x64" + "\xd9\x85\x17\x2c\x62\x41\x35\x24\xed\x6b\x87\x78\x1e\xb5\x7a\x9b" + "\xa3\x90\xa3\x99\xc7\x39\x51\x10\xb7\x6a\x12\x3b\x64\xfe\x32\x3c" + "\xb6\x84\x9a\x3f\x95\xd3\xcb\x22\x69\x9c\xf9\xb7\xc2\x8b\xf4\x55" + "\x68\x60\x11\x20\xc5\x3e\x0a\xc0\xba\x00\x0e\x88\x96\x66\xfa\xf0" + "\x75\xbc\x2b\x9c\xff\xc5\x33\x7b\xaf\xb2\xa6\x34\x78\x44\x9c\xa7", + "\x01\x24\x0e\x17\x17\xe5\xfc\x90\x07\xfa\x78\xd5\x5d\x66\xa3\xf5" }, }; gcry_cipher_hd_t hde, hdd; - unsigned char out[MAX_DATA_LEN]; + unsigned char out[MAX_GCM_DATA_LEN]; unsigned char tag[GCRY_GCM_BLOCK_LEN]; int i, keylen; gcry_error_t err = 0; @@ -1885,8 +2562,12 @@ check_gcm_cipher (void) _check_gcm_cipher(1); /* Split input to 7 byte buffers. */ _check_gcm_cipher(7); + /* Split input to 15 byte buffers. */ + _check_gcm_cipher(15); /* Split input to 16 byte buffers. */ _check_gcm_cipher(16); + /* Split input to 17 byte buffers. */ + _check_gcm_cipher(17); } ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm.c | 77 +++++- tests/basic.c | 689 +++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 759 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 6 02:44:07 2018 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 06 Feb 2018 02:44:07 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-1.1.0-2-g822c668 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 822c66815b5072281563fc4faa055493d20d660d (commit) from 0499975e76752601cbab4eb06ebf3303ddaad30c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 822c66815b5072281563fc4faa055493d20d660d Author: Daniel Kahn Gillmor Date: Mon Feb 5 20:43:32 2018 -0500 tqt: use UTF-8 instead of ISO-8859-1 diff --git a/tqt/pinentrydialog.h b/tqt/pinentrydialog.h index 8e901db..d6f20c6 100644 --- a/tqt/pinentrydialog.h +++ b/tqt/pinentrydialog.h @@ -1,5 +1,5 @@ /* pinentrydialog.h - A secure KDE dialog for PIN entry. - * Copyright (C) 2002 Klar?lvdalens Datakonsult AB + * Copyright (C) 2002 Klar??lvdalens Datakonsult AB * Written by Steffen Hansen . * * This program is free software; you can redistribute it and/or ----------------------------------------------------------------------- Summary of changes: tqt/pinentrydialog.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 6 17:46:29 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 06 Feb 2018 17:46:29 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.4-115-g8305739 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8305739fe857ed3378f885bb43777fd518dd1060 (commit) from 26c900a8f09df5a15cc9dfce11b98a1caa2dd682 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8305739fe857ed3378f885bb43777fd518dd1060 Author: Werner Koch Date: Tue Feb 6 17:34:08 2018 +0100 gpg: Fix packet length checking in symkeyenc parser. * g10/parse-packet.c (parse_symkeyenc): Move error printing to the end. Add additional check to cope for the 0je extra bytes needed for AEAD. -- Fixes-commit: 9aab9167bca38323973e853845ca95ae8e9b6871 GnuPG-bug-id: 3780 diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 5c6d364..e3ff432 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1108,13 +1108,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, int i, version, s2kmode, cipher_algo, aead_algo, hash_algo, seskeylen, minlen; if (pktlen < 4) - { - log_error ("packet(%d) too short\n", pkttype); - if (list_mode) - es_fprintf (listfp, ":symkey enc packet: [too short]\n"); - rc = gpg_error (GPG_ERR_INV_PACKET); - goto leave; - } + goto too_short; version = iobuf_get_noeof (inp); pktlen--; if (version == 4) @@ -1146,6 +1140,8 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, } else aead_algo = 0; + if (pktlen < 2) + goto too_short; s2kmode = iobuf_get_noeof (inp); pktlen--; hash_algo = iobuf_get_noeof (inp); @@ -1241,6 +1237,13 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, leave: iobuf_skip_rest (inp, pktlen, 0); return rc; + + too_short: + log_error ("packet(%d) too short\n", pkttype); + if (list_mode) + es_fprintf (listfp, ":symkey enc packet: [too short]\n"); + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; } ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 7 04:46:18 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 07 Feb 2018 04:46:18 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-18-g015fe1c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 015fe1c47b91da340e9df6bed908e0747ae8c60b (commit) from f98e193c84250bbc49d5d1c625f54f2c14501ae3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 015fe1c47b91da340e9df6bed908e0747ae8c60b Author: NIIBE Yutaka Date: Wed Feb 7 12:43:07 2018 +0900 scd: Use pipe to kick the loop on NetBSD. * configure.ac (HAVE_PSELECT_NO_EINTR): New. * scd/scdaemon.c (scd_kick_the_loop): Write to pipe. (handle_connections): Use pipe. -- On NetBSD, signal to the same process cannot unblock pselect, with unknown reason. Use pipe instead, for such systems. GnuPG-bug-id: 3778 Signed-off-by: NIIBE Yutaka diff --git a/configure.ac b/configure.ac index 420af92..bdb6146 100644 --- a/configure.ac +++ b/configure.ac @@ -639,6 +639,7 @@ have_android_system=no use_simple_gettext=no use_ldapwrapper=yes mmap_needed=yes +require_pipe_to_unblock_pselect=no case "${host}" in *-mingw32*) # special stuff for Windoze NT @@ -715,10 +716,20 @@ case "${host}" in AC_DEFINE(_DARWIN_C_SOURCE, 900000L, Expose all libc features (__DARWIN_C_FULL).) ;; + *-*-netbsd*) + require_pipe_to_unblock_pselect=yes + ;; *) - ;; + ;; esac +if test "$require_pipe_to_unblock_pselect" = yes; then + AC_DEFINE(HAVE_PSELECT_NO_EINTR, 1, + [Defined if we run on systems like NetBSD, where + pselect cannot be unblocked by signal from a thread + within the same process. We use pipe in this case, instead.]) +fi + if test "$have_dosish_system" = yes; then AC_DEFINE(HAVE_DOSISH_SYSTEM,1, [Defined if we run on some of the PCDOS like systems @@ -820,7 +831,8 @@ if test x"$LIBUSB_NAME" != x ; then have_libusb=yes ]) AC_MSG_CHECKING([libusb include dir]) usb_incdir_found="no" - for _incdir in "" "/usr/include/libusb-1.0" "/usr/local/include/libusb-1.0"; do + for _incdir in "" "/usr/include/libusb-1.0" \ + "/usr/local/include/libusb-1.0" "/usr/pkg/include/libusb-1.0"; do _libusb_save_cppflags=$CPPFLAGS if test -n "${_incdir}"; then CPPFLAGS="-I${_incdir} ${CPPFLAGS}" diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 3ad2657..cebeea9 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -236,6 +236,10 @@ static HANDLE the_event; /* PID to notify update of usb devices. */ static pid_t main_thread_pid; #endif +#ifdef HAVE_PSELECT_NO_EINTR +/* FD to notify changes. */ +static int notify_fd; +#endif static char *create_socket_name (char *standard_name); static gnupg_fd_t create_server_socket (const char *name, @@ -1210,6 +1214,8 @@ scd_kick_the_loop (void) if (ret == 0) log_error ("SetEvent for scd_kick_the_loop failed: %s\n", w32_strerror (-1)); +#elif defined(HAVE_PSELECT_NO_EINTR) + write (notify_fd, "", 1); #else ret = kill (main_thread_pid, SIGCONT); if (ret < 0) @@ -1241,6 +1247,17 @@ handle_connections (int listen_fd) #else int signo; #endif +#ifdef HAVE_PSELECT_NO_EINTR + int pipe_fd[2]; + + ret = gnupg_create_pipe (pipe_fd); + if (ret) + { + log_error ("pipe creation failed: %s\n", gpg_strerror (ret)); + return; + } + notify_fd = pipe_fd[1]; +#endif ret = npth_attr_init(&tattr); if (ret) @@ -1298,6 +1315,7 @@ handle_connections (int listen_fd) for (;;) { int periodical_check; + int max_fd = nfd; if (shutdown_pending) { @@ -1326,8 +1344,14 @@ handle_connections (int listen_fd) thus a simple assignment is fine to copy the entire set. */ read_fdset = fdset; +#ifdef HAVE_PSELECT_NO_EINTR + FD_SET (pipe_fd[0], &read_fdset); + if (max_fd < pipe_fd[0]) + max_fd = pipe_fd[0]; +#endif + #ifndef HAVE_W32_SYSTEM - ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, t, + ret = npth_pselect (max_fd+1, &read_fdset, NULL, NULL, t, npth_sigev_sigmask ()); saved_errno = errno; @@ -1353,6 +1377,15 @@ handle_connections (int listen_fd) /* Timeout. Will be handled when calculating the next timeout. */ continue; +#ifdef HAVE_PSELECT_NO_EINTR + if (FD_ISSET (pipe_fd[0], &read_fdset)) + { + char buf[256]; + + read (pipe_fd[0], buf, sizeof buf); + } +#endif + if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset)) { ctrl_t ctrl; @@ -1394,6 +1427,10 @@ handle_connections (int listen_fd) if (the_event != INVALID_HANDLE_VALUE) CloseHandle (the_event); #endif +#ifdef HAVE_PSELECT_NO_EINTR + close (pipe_fd[0]); + close (pipe_fd[1]); +#endif cleanup (); log_info (_("%s %s stopped\n"), strusage(11), strusage(13)); npth_attr_destroy (&tattr); ----------------------------------------------------------------------- Summary of changes: configure.ac | 16 ++++++++++++++-- scd/scdaemon.c | 39 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 52 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 9 09:46:15 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 09 Feb 2018 09:46:15 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-19-ge0658b1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via e0658b19d93b38ed9ebd07734c4678acdde1607d (commit) from 015fe1c47b91da340e9df6bed908e0747ae8c60b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e0658b19d93b38ed9ebd07734c4678acdde1607d Author: Andre Heinecke Date: Fri Feb 9 09:45:28 2018 +0100 doc: Add compliance de-vs to gpgsm in vsnfd.prf * doc/examples/vsnfd.prf: Set complaince mode for gpgsm. diff --git a/doc/examples/vsnfd.prf b/doc/examples/vsnfd.prf index e8732de..1dc21e0 100644 --- a/doc/examples/vsnfd.prf +++ b/doc/examples/vsnfd.prf @@ -6,6 +6,7 @@ default-new-key-algo rsa3072/cert,sign+rsa3072/encr [gpgsm] enable-crl-checks +compliance de-vs [gpg-agent] enable-extended-key-format ----------------------------------------------------------------------- Summary of changes: doc/examples/vsnfd.prf | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 9 16:11:43 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 09 Feb 2018 16:11:43 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-9-g7e27a0f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7e27a0ff64626026521dc5877b278794cea72e61 (commit) via 201db83a7f1b7759173b6e9f0a844caef4da6cce (commit) via f10605ffb5cc9d457c3e432918fdfbfaf3d04185 (commit) via 5a5b0d4996c17bfbc69b90f89fec23732f92813a (commit) from 59fcabbdf537b2745ef0c3cae908b21970a5b39b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7e27a0ff64626026521dc5877b278794cea72e61 Author: Andre Heinecke Date: Fri Feb 9 16:10:32 2018 +0100 cpp: Add SpawnShowWindow flag * lang/cpp/src/context.h (SpawnShowWindow): New. diff --git a/lang/cpp/src/context.h b/lang/cpp/src/context.h index 4cd5b30..aff8e49 100644 --- a/lang/cpp/src/context.h +++ b/lang/cpp/src/context.h @@ -408,7 +408,8 @@ public: enum SpawnFlags { SpawnNone = 0, SpawnDetached = 1, - SpawnAllowSetFg = 2 + SpawnAllowSetFg = 2, + SpawnShowWindow = 4 }; /** Spwan the process \a file with arguments \a argv. * commit 201db83a7f1b7759173b6e9f0a844caef4da6cce Author: Andre Heinecke Date: Fri Feb 9 16:07:58 2018 +0100 core, w32: Enable spawning GUI applications * src/engine-spawn.c (engspawn_start): Translate spawn flag to IOSPAWN flag. * src/gpgme-w32spawn.c (my_spawn): Handle the new flag. * src/gpgme.h.in (GPGME_SPAWN_SHOW_WINDOW): New. * src/priv-io.h (IOSPAWN_FLAG_SHOW_WINDOW): New. -- Used by GpgOL diff --git a/src/engine-spawn.c b/src/engine-spawn.c index 7044781..7f78bb5 100644 --- a/src/engine-spawn.c +++ b/src/engine-spawn.c @@ -241,7 +241,8 @@ engspawn_start (engine_spawn_t esp, const char *file, const char *argv[], spflags |= IOSPAWN_FLAG_DETACHED; if ((flags & GPGME_SPAWN_ALLOW_SET_FG)) spflags |= IOSPAWN_FLAG_ALLOW_SET_FG; - + if ((flags & GPGME_SPAWN_SHOW_WINDOW)) + spflags |= IOSPAWN_FLAG_SHOW_WINDOW; err = build_fd_data_map (esp); if (err) diff --git a/src/gpgme-w32spawn.c b/src/gpgme-w32spawn.c index d86c850..868dbd5 100644 --- a/src/gpgme-w32spawn.c +++ b/src/gpgme-w32spawn.c @@ -121,8 +121,6 @@ my_spawn (char **argv, struct spawn_fd_item_s *fd_list, unsigned int flags) int duped_stdout = 0; int duped_stderr = 0; HANDLE hnul = INVALID_HANDLE_VALUE; - /* FIXME. */ - int debug_me = 0; i = 0; while (argv[i]) @@ -142,7 +140,7 @@ my_spawn (char **argv, struct spawn_fd_item_s *fd_list, unsigned int flags) memset (&si, 0, sizeof si); si.cb = sizeof (si); si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; - si.wShowWindow = debug_me ? SW_SHOW : SW_HIDE; + si.wShowWindow = (flags & IOSPAWN_FLAG_SHOW_WINDOW) ? SW_SHOW : SW_HIDE; si.hStdInput = GetStdHandle (STD_INPUT_HANDLE); si.hStdOutput = GetStdHandle (STD_OUTPUT_HANDLE); si.hStdError = GetStdHandle (STD_ERROR_HANDLE); diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 31a9060..ff80023 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -2007,6 +2007,7 @@ gpgme_error_t gpgme_op_getauditlog (gpgme_ctx_t ctx, gpgme_data_t output, /* Flags for the spawn operations. */ #define GPGME_SPAWN_DETACHED 1 #define GPGME_SPAWN_ALLOW_SET_FG 2 +#define GPGME_SPAWN_SHOW_WINDOW 4 /* Run the command FILE with the arguments in ARGV. Connect stdin to diff --git a/src/priv-io.h b/src/priv-io.h index 2306175..bc9d3d5 100644 --- a/src/priv-io.h +++ b/src/priv-io.h @@ -83,6 +83,8 @@ int _gpgme_io_set_nonblocking (int fd); #define IOSPAWN_FLAG_ALLOW_SET_FG 2 /* Don't close any child FDs. */ #define IOSPAWN_FLAG_NOCLOSE 4 +/* Set show window to true for windows */ +#define IOSPAWN_FLAG_SHOW_WINDOW 8 /* Spawn the executable PATH with ARGV as arguments. After forking close all fds except for those in FD_LIST in the child, then commit f10605ffb5cc9d457c3e432918fdfbfaf3d04185 Author: Andre Heinecke Date: Fri Feb 9 16:04:54 2018 +0100 core, w32: Fix flags passing to gpgme-w32-spawn * src/w32-io.c (_gpgme_io_spawn): Don't hardcode flags value. -- IOSPAWN_FLAG_ALLOW_SET_FG is 2 and was translated to 1. This might fix the pinentry foreground handling pass through. diff --git a/src/w32-io.c b/src/w32-io.c index eed8a00..05e11ee 100644 --- a/src/w32-io.c +++ b/src/w32-io.c @@ -1724,8 +1724,8 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags, int written; size_t len; - if ((flags & IOSPAWN_FLAG_ALLOW_SET_FG)) - strcpy (line, "~1 \n"); + if (flags) + snprintf (line, BUFFER_MAX, "~%i \n", flags); else strcpy (line, "\n"); for (i = 0; fd_list[i].fd != -1; i++) commit 5a5b0d4996c17bfbc69b90f89fec23732f92813a Author: Andre Heinecke Date: Fri Feb 9 16:03:37 2018 +0100 cpp: Add conveniance Data::toString * lang/cpp/src/data.h, lang/cpp/src/data.cpp: Add Data::toString. -- I'm lazy and like to waste memory. diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp index 32ca561..52b8da2 100644 --- a/lang/cpp/src/data.cpp +++ b/lang/cpp/src/data.cpp @@ -254,3 +254,17 @@ std::vector GpgME::Data::toKeys(Protocol proto) const delete ctx; return ret; } + +std::string GpgME::Data::toString() +{ + std::string ret; + char buf[4096]; + size_t nread; + seek (0, SEEK_SET); + while ((nread = read (buf, 4096)) > 0) + { + ret += std::string (buf, nread); + } + seek (0, SEEK_SET); + return ret; +} diff --git a/lang/cpp/src/data.h b/lang/cpp/src/data.h index cc7906f..446f6fa 100644 --- a/lang/cpp/src/data.h +++ b/lang/cpp/src/data.h @@ -114,6 +114,9 @@ public: * Protocol proto. Returns an empty list on error.*/ std::vector toKeys(const Protocol proto = Protocol::OpenPGP) const; + /** Return a copy of the data as std::string. Sets seek pos to 0 */ + std::string toString(); + class Private; Private *impl() { ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/context.h | 3 ++- lang/cpp/src/data.cpp | 14 ++++++++++++++ lang/cpp/src/data.h | 3 +++ src/engine-spawn.c | 3 ++- src/gpgme-w32spawn.c | 4 +--- src/gpgme.h.in | 1 + src/priv-io.h | 2 ++ src/w32-io.c | 4 ++-- 8 files changed, 27 insertions(+), 7 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 12 11:00:57 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 12 Feb 2018 11:00:57 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-20-g0a3bec2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 0a3bec2c2525935362f87dce93d7df2c8d498498 (commit) from e0658b19d93b38ed9ebd07734c4678acdde1607d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0a3bec2c2525935362f87dce93d7df2c8d498498 Author: NIIBE Yutaka Date: Mon Feb 12 18:56:58 2018 +0900 scd: Fix handling for Data Object with no data. * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object with no data. -- When GET_DATA returns no data with success (90 00), this routine firstly returned buffer with length zero, and secondly (with cache) returned NULL, which is inconsistent. Now, it returns NULL for both cases. Signed-off-by: NIIBE Yutaka diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index c9f2840..5b1b0d3 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -348,7 +348,8 @@ get_cached_data (app_t app, int tag, err = iso7816_get_data (app->slot, exmode, tag, &p, &len); if (err) return err; - *result = p; + if (len) + *result = p; *resultlen = len; /* Check whether we should cache this object. */ @@ -370,7 +371,10 @@ get_cached_data (app_t app, int tag, c = xtrymalloc (sizeof *c + len); if (c) { - memcpy (c->data, p, len); + if (len) + memcpy (c->data, p, len); + else + xfree (p); c->length = len; c->tag = tag; c->next = app->app_local->cache; ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 12 13:02:39 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 12 Feb 2018 13:02:39 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-11-g88118b5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 88118b5baaff9c7289d27ca55b084e5c1860f8aa (commit) via 193d521b1bd7161fa28b86524acaf2e7046dc343 (commit) from 26b931937fe139a9acd3240242e154d3789652f5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 88118b5baaff9c7289d27ca55b084e5c1860f8aa Author: Andre Heinecke Date: Mon Feb 12 13:01:14 2018 +0100 Shorter and more careful window disabling * src/mail.cpp (do_crypt): Ensure window is renabled on error. (Mail::encrypt_sign_start): Disable window here. * src/mailitem-events.cpp (EVENT_SINK_INVOKE): Don't disable window in event. -- Leaving Outlooks window disabled for whatever reason is a big bug as Outlook then has to be killed. diff --git a/src/mail.cpp b/src/mail.cpp index 1734ba8..9013076 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -748,6 +748,7 @@ do_crypt (LPVOID arg) { log_debug ("%s:%s: invalid state %i", SRCNAME, __func__, mail->crypt_state ()); + mail->set_window_enabled (true); gpgrt_lock_unlock (&dtor_lock); return -1; } @@ -762,6 +763,7 @@ do_crypt (LPVOID arg) log_error ("%s:%s: no crypter found for mail: %p", SRCNAME, __func__, arg); gpgrt_lock_unlock (&parser_lock); + mail->set_window_enabled (true); return -1; } @@ -782,6 +784,7 @@ do_crypt (LPVOID arg) { log_debug ("%s:%s: crypto failed for: %p with: %i", SRCNAME, __func__, arg, rc); + mail->set_crypt_state (Mail::NoCryptMail); gpgrt_lock_unlock (&dtor_lock); return rc; } @@ -1148,22 +1151,19 @@ Mail::encrypt_sign_start () m_do_inline = m_is_gsuite ? true : opt.inline_pgp; - if (m_crypter) - { - log_error ("%s:%s: Crypter already exists for mail %p", - SRCNAME, __func__, this); - return -1; - } - GpgME::Protocol proto = opt.enable_smime ? GpgME::UnknownProtocol: GpgME::OpenPGP; m_crypter = std::shared_ptr (new CryptController (this, flags & 1, flags & 2, m_do_inline, proto)); + // Careful from here on we have to check every + // error condition with window enabling again. + set_window_enabled (false); if (m_crypter->collect_data ()) { log_error ("%s:%s: Crypter for mail %p failed to collect data.", SRCNAME, __func__, this); + set_window_enabled (true); return -1; } diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp index ec38046..34999e9 100644 --- a/src/mailitem-events.cpp +++ b/src/mailitem-events.cpp @@ -355,7 +355,6 @@ EVENT_SINK_INVOKE(MailItemEvents) // First contact with a mail to encrypt update // state and oom data. m_mail->update_oom_data (); - m_mail->set_window_enabled (false); m_mail->set_crypt_state (Mail::NeedsFirstAfterWrite); // Check inline response state before the write. commit 193d521b1bd7161fa28b86524acaf2e7046dc343 Author: Andre Heinecke Date: Mon Feb 12 12:59:45 2018 +0100 Start impl. new key resolution with resolver * src/cryptcontroller.cpp (release_recipient_array), (CryptController::parse_keys): New helpers. (CryptController::resolve_keys): Prepare args and launch resolver. * src/mail.cpp, src/mail.h (Mail::get_cached_sender): New helper to ensure getting sender without oom or mapi. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 2d14038..0ccaacf 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -38,6 +38,11 @@ #else # define _(a) a #endif + +#include + +#define DEBUG_RESOLVER 1 + static int sink_data_write (sink_t sink, const void *data, size_t datalen) { @@ -150,25 +155,173 @@ CryptController::collect_data () return 0; } +static void +release_recipient_array (char **recipients) +{ + int idx; + + if (recipients) + { + for (idx=0; recipients[idx]; idx++) + xfree (recipients[idx]); + xfree (recipients); + } +} + +int +CryptController::parse_keys (GpgME::Data &resolverOutput) +{ + // Todo: Use Data::toString + std::istringstream ss(resolverOutput.toString()); + std::string line; + + while (std::getline (ss, line)) + { + if (line == "cancel") + { + log_debug ("%s:%s: resolver canceled", + SRCNAME, __func__); + return -1; + } + if (line == "unencrypted") + { + log_debug ("%s:%s: FIXME resolver wants unencrypted", + SRCNAME, __func__); + return -1; + } + std::istringstream lss (line); + + // First is sig or enc + std::string what; + std::string how; + std::string fingerprint; + + lss >> what; + lss >> how; + lss >> fingerprint; + + log_debug ("Data what: %s how: %s fingerprint: %s", what.c_str (), how.c_str (), fingerprint.c_str ()); + } + return -1; +} + int CryptController::resolve_keys () { m_recipients.clear(); - /*XXX Temporary hack part do key resolution here. */ - GpgME::Error err; - auto ctx = std::shared_ptr (GpgME::Context::createForProtocol(GpgME::OpenPGP)); - const auto key = ctx->key ("EB4C5A5B7AD6C8527F050BAF1ED4F0BC6CFBC912", err, true); + std::vector args; + + // Collect the arguments + char *gpg4win_dir = get_gpg4win_dir (); + if (!gpg4win_dir) + { + TRACEPOINT; + return -1; + } + const auto resolver = std::string (gpg4win_dir) + "\\bin\\resolver.exe"; + args.push_back (resolver); + + log_debug ("%s:%s: resolving keys with '%s'", + SRCNAME, __func__, resolver.c_str ()); + + // We want debug output as OutputDebugString + args.push_back (std::string ("--debug")); + + if (m_sign) + { + args.push_back (std::string ("--sign")); + } + const auto cached_sender = m_mail->get_cached_sender (); + if (cached_sender.empty()) + { + log_error ("%s:%s: resolve keys without sender.", + SRCNAME, __func__); + } + else + { + args.push_back (std::string ("--sender")); + args.push_back (cached_sender); + } + + if (m_encrypt) + { + args.push_back (std::string ("--encrypt")); + } + + if (!opt.autoresolve) + { + args.push_back (std::string ("--alwaysShow")); + } + + // Get the recipients that are cached from OOM + char **recipients = m_mail->take_cached_recipients (); + for (size_t i = 0; recipients && recipients[i]; i++) + { + args.push_back (GpgME::UserID::addrSpecFromString (recipients[i])); + } + + release_recipient_array (recipients); + + // Convert our collected vector to c strings + // It's a bit overhead but should be quick for such small + // data. + char **cargs = (char**) xmalloc (sizeof (char*) * (args.size() + 1)); + for (size_t i = 0; i < args.size(); i++) + { + gpgrt_asprintf (cargs + i, "%s", args[i].c_str()); + } + cargs[args.size()] = NULL; + + // Args are prepared. Spawn the resolver. + auto ctx = GpgME::Context::createForEngine (GpgME::SpawnEngine); + + if (!ctx) + { + // can't happen + release_recipient_array (cargs); + TRACEPOINT; + return -1; + } + + GpgME::Data mystdin (GpgME::Data::null), mystdout, mystderr; + +#ifdef DEBUG_RESOLVER + log_debug ("Spawning args:"); + for (size_t i = 0; cargs && cargs[i]; i++) + { + log_debug ("%i: '%s'", i, cargs[i]); + } +#endif + + GpgME::Error err = ctx->spawn (cargs[0], const_cast (cargs), + mystdin, mystdout, mystderr, + (GpgME::Context::SpawnFlags) ( + GpgME::Context::SpawnAllowSetFg | + GpgME::Context::SpawnShowWindow)); + +#ifdef DEBUG_RESOLVER + log_debug ("Resolver stdout:\n'%s'", mystdout.toString ().c_str ()); + log_debug ("Resolver stderr:\n'%s'", mystderr.toString ().c_str ()); +#endif + + release_recipient_array (cargs); + + if (err) + { + log_debug ("%s:%s: Resolver spawn finished Err code: %i asString: %s", + SRCNAME, __func__, err.code(), err.asString()); + } - if (key.isNull()) + if (parse_keys (mystdout)) { - log_error ("%s:%s: Failure to resolve keys.", + log_debug ("%s:%s: Failed to parse / resolve keys.", SRCNAME, __func__); + log_debug ("Resolver stdout:\n'%s'", mystdout.toString ().c_str ()); + log_debug ("Resolver stderr:\n'%s'", mystderr.toString ().c_str ()); return -1; } - m_recipients.push_back(key); - m_signer_key = key; return 0; } diff --git a/src/cryptcontroller.h b/src/cryptcontroller.h index 193c8cc..580d696 100644 --- a/src/cryptcontroller.h +++ b/src/cryptcontroller.h @@ -60,6 +60,7 @@ public: private: int resolve_keys (); + int parse_keys (GpgME::Data &resolverOutput); private: Mail *m_mail; diff --git a/src/mail.cpp b/src/mail.cpp index e9000f2..1734ba8 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -1340,6 +1340,12 @@ Mail::get_sender () return m_sender; } +std::string +Mail::get_cached_sender () +{ + return m_sender; +} + int Mail::close_all_mails () { diff --git a/src/mail.h b/src/mail.h index ef0f353..80d57f9 100644 --- a/src/mail.h +++ b/src/mail.h @@ -195,9 +195,16 @@ public: * If the sender address has not been set through update_sender this * calls update_sender before returning the sender. * - * @returns A reference to the utf8 sender address. Or NULL. */ + * @returns A reference to the utf8 sender address. Or an empty string. */ std::string get_sender (); + /** @brief get sender SMTP address (UTF-8 encoded). + * + * Like get_sender but ensures not to touch oom or mapi + * + * @returns A reference to the utf8 sender address. Or an empty string. */ + std::string get_cached_sender (); + /** @brief get the subject string (UTF-8 encoded). * * @returns the subject or an empty string. */ ----------------------------------------------------------------------- Summary of changes: src/cryptcontroller.cpp | 169 +++++++++++++++++++++++++++++++++++++++++++++--- src/cryptcontroller.h | 1 + src/mail.cpp | 20 ++++-- src/mail.h | 9 ++- src/mailitem-events.cpp | 1 - 5 files changed, 183 insertions(+), 17 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 12 13:35:11 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 12 Feb 2018 13:35:11 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-2.0.6-2-gfb43d7d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via fb43d7dc2a4e7c6f822050eec0489248fe162af7 (commit) from 7341d641165effc57f6a6e38f7405f7be8e1926f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb43d7dc2a4e7c6f822050eec0489248fe162af7 Author: Andre Heinecke Date: Mon Feb 12 13:34:21 2018 +0100 Remove overly plain leaking debug output * src/mailitem-events.cpp (EVENT_SINK_INVOKE): Don't print full body in debug output. -- This was a development debug statement that accidentally made it into the release. diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp index b3161f0..9bf5e9b 100644 --- a/src/mailitem-events.cpp +++ b/src/mailitem-events.cpp @@ -504,8 +504,6 @@ EVENT_SINK_INVOKE(MailItemEvents) *(parms->rgvarg[0].pboolVal) = VARIANT_TRUE; } - log_debug ("%s:%s: Passing write event. Subject: %s Body: %s MsgCls: %s", - SRCNAME, __func__, m_mail->get_subject().c_str(), m_mail->get_body().c_str(), get_oom_string (m_object, "MessageClass")); log_debug ("%s:%s: Passing write event.", SRCNAME, __func__); m_mail->set_needs_save (false); ----------------------------------------------------------------------- Summary of changes: src/mailitem-events.cpp | 2 -- 1 file changed, 2 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 12 14:57:41 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 12 Feb 2018 14:57:41 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-2.0.6-6-g1536161 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 153616194d2562c1aabda8b61d787d8f6cf5b3b6 (commit) via cd8633c93a4f7f6f6b9668fcc9669beb9e47188b (commit) via 833c56e4f24674588b72fb9f3a958eba87ccdb62 (commit) via c2572084cdb13a154e0e2bbc156155865b08c83e (commit) from fb43d7dc2a4e7c6f822050eec0489248fe162af7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 153616194d2562c1aabda8b61d787d8f6cf5b3b6 Author: Andre Heinecke Date: Mon Feb 12 14:54:34 2018 +0100 Use different offsets for windowmessages * src/windowmessages.cpp (gpgol_window_proc) (send_msg_to_ui_thread): Use WM_USER + 42 * src/windowmessages.h: Start enum at 1100. -- While a better fix might be to use a nonce to ensure that a message really originated from us I hope that this is enough for other software that globally sends out WM_USER messages. GnuPG-Bug-ID: T3769 diff --git a/src/windowmessages.cpp b/src/windowmessages.cpp index da6ee34..5508d91 100644 --- a/src/windowmessages.cpp +++ b/src/windowmessages.cpp @@ -36,7 +36,7 @@ static HWND g_responder_window = NULL; LONG_PTR WINAPI gpgol_window_proc (HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) { - if (message == WM_USER + 1) + if (message == WM_USER + 42) { wm_ctx_t *ctx = (wm_ctx_t *) lParam; log_debug ("%s:%s: Recieved user msg: %i", @@ -140,7 +140,7 @@ send_msg_to_ui_thread (wm_ctx_t *ctx) SRCNAME, __func__); return -1; } - SendMessage (responder, WM_USER + 1, 0, (LPARAM) ctx); + SendMessage (responder, WM_USER + 42, 0, (LPARAM) ctx); return 0; } diff --git a/src/windowmessages.h b/src/windowmessages.h index 584ff68..014c7d9 100644 --- a/src/windowmessages.h +++ b/src/windowmessages.h @@ -40,13 +40,13 @@ */ typedef enum _gpgol_wmsg_type { - UNKNOWN = 0, - INVALIDATE_UI = 1, /* The UI should be invalidated. */ - PARSING_DONE = 2, /* A mail was parsed. Data should be a pointer + UNKNOWN = 1100, /* A large offset to avoid conflicts */ + INVALIDATE_UI, /* The UI should be invalidated. */ + PARSING_DONE, /* A mail was parsed. Data should be a pointer to the mail object. */ - RECIPIENT_ADDED = 3, /* A recipient was added. Data should be ptr + RECIPIENT_ADDED, /* A recipient was added. Data should be ptr to mail */ - CLOSE = 4, /* Send the message in the next event loop. */ + CLOSE, /* Send the message in the next event loop. */ } gpgol_wmsg_type; typedef struct commit cd8633c93a4f7f6f6b9668fcc9669beb9e47188b Author: Andre Heinecke Date: Mon Feb 12 14:52:40 2018 +0100 Hold invalidation lock while parsing * src/mail.cpp (do_parsing): Hold invalidation lock. * src/windowmessages.h: Expose invalidation lock. * src/windowmessages.cpp: Define / initialize lock. -- This should make it more robust to do the parsing without having the mail deleted under our hands because of invalidation wonkyness. GnuPG-Bug-Id: T3789 diff --git a/src/mail.cpp b/src/mail.cpp index 27a0665..d86d995 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -696,6 +696,7 @@ do_parsing (LPVOID arg) gpgrt_lock_unlock (&dtor_lock); gpgrt_lock_lock (&parser_lock); + gpgrt_lock_lock (&invalidate_lock); /* We lock the parser here to avoid too many decryption attempts if there are multiple mailobjects which might have already @@ -709,6 +710,7 @@ do_parsing (LPVOID arg) { log_debug ("%s:%s: cancel for: %p already deleted", SRCNAME, __func__, arg); + gpgrt_lock_unlock (&invalidate_lock); gpgrt_lock_unlock (&parser_lock); return 0; } @@ -717,11 +719,13 @@ do_parsing (LPVOID arg) { log_error ("%s:%s: no parser found for mail: %p", SRCNAME, __func__, arg); + gpgrt_lock_unlock (&invalidate_lock); gpgrt_lock_unlock (&parser_lock); return -1; } parser->parse(); do_in_ui_thread (PARSING_DONE, arg); + gpgrt_lock_unlock (&invalidate_lock); gpgrt_lock_unlock (&parser_lock); return 0; } diff --git a/src/windowmessages.cpp b/src/windowmessages.cpp index f44b9df..da6ee34 100644 --- a/src/windowmessages.cpp +++ b/src/windowmessages.cpp @@ -244,7 +244,8 @@ create_message_hook() GetCurrentThreadId()); } -GPGRT_LOCK_DEFINE(invalidate_lock); +gpgrt_lock_t invalidate_lock = GPGRT_LOCK_INITIALIZER; + static bool invalidation_in_progress; DWORD WINAPI @@ -261,7 +262,7 @@ delayed_invalidate_ui (LPVOID) /* We sleep here a bit to prevent invalidation immediately after the selection change before we have started processing the mail. */ - Sleep (500); + Sleep (250); do_in_ui_thread (INVALIDATE_UI, nullptr); invalidation_in_progress = false; gpgrt_lock_unlock(&invalidate_lock); diff --git a/src/windowmessages.h b/src/windowmessages.h index f53ecd4..584ff68 100644 --- a/src/windowmessages.h +++ b/src/windowmessages.h @@ -22,6 +22,10 @@ #include +#include "config.h" + +#include + /** Window Message handling for GpgOL. In Outlook only one thread has access to the Outlook Object model and this is the UI Thread. We can work in other threads but @@ -80,4 +84,7 @@ close_mail (LPVOID); void add_explorer (LPDISPATCH explorer); void remove_explorer (LPDISPATCH explorer); +/* The lock to invalide the ui */ +extern gpgrt_lock_t invalidate_lock; + #endif // WINDOWMESSAGES_H commit 833c56e4f24674588b72fb9f3a958eba87ccdb62 Author: Andre Heinecke Date: Mon Feb 12 14:50:33 2018 +0100 Use delayed invalidation when parsing is done * src/mail.cpp (Mail::parsing_done): Use delayed invalidation. -- If we are unlucky the direct invalidate ui would come right before or after a Window Message invalidation. This would then lead to behavior as we had in T3523 where Outlook goes bonkers. GnuPG-Bug-ID: T3769 GnuPG-Bug-ID: T3789 diff --git a/src/mail.cpp b/src/mail.cpp index a2f3e2b..27a0665 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -986,7 +986,11 @@ Mail::parsing_done() /* Invalidate UI to set the correct sig status. */ m_parser = nullptr; - gpgoladdin_invalidate_ui (); + + log_debug ("%s:%s: Delayed invalidate to update sigstate.", + SRCNAME, __func__); + CloseHandle(CreateThread (NULL, 0, delayed_invalidate_ui, (LPVOID) this, 0, + NULL)); TRACEPOINT; return; } commit c2572084cdb13a154e0e2bbc156155865b08c83e Author: Andre Heinecke Date: Mon Feb 12 14:49:38 2018 +0100 Log errors strings * src/mail.cpp (Mail::update_body): Log errors. -- Makes it easier to analyze what happend when only looking at the log. diff --git a/src/mail.cpp b/src/mail.cpp index 39342b1..a2f3e2b 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -841,6 +841,12 @@ Mail::update_body() log_error ("%s:%s: Failed to modify html body of item.", SRCNAME, __func__); } + else + { + log_debug ("%s:%s: Set error html to: '%s'", + SRCNAME, __func__, error.c_str ()); + } + } else { @@ -850,6 +856,11 @@ Mail::update_body() log_error ("%s:%s: Failed to modify html body of item.", SRCNAME, __func__); } + else + { + log_debug ("%s:%s: Set error plain to: '%s'", + SRCNAME, __func__, error.c_str ()); + } } return; } ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 21 ++++++++++++++++++++- src/windowmessages.cpp | 9 +++++---- src/windowmessages.h | 17 ++++++++++++----- 3 files changed, 37 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 12 15:36:54 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 12 Feb 2018 15:36:54 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-17-g77208c2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 77208c29861a06b70a8f4464e3255f0818ba96b0 (commit) via 153616194d2562c1aabda8b61d787d8f6cf5b3b6 (commit) via cd8633c93a4f7f6f6b9668fcc9669beb9e47188b (commit) via 833c56e4f24674588b72fb9f3a958eba87ccdb62 (commit) via c2572084cdb13a154e0e2bbc156155865b08c83e (commit) via fb43d7dc2a4e7c6f822050eec0489248fe162af7 (commit) from 88118b5baaff9c7289d27ca55b084e5c1860f8aa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 77208c29861a06b70a8f4464e3255f0818ba96b0 Merge: 88118b5 1536161 Author: Andre Heinecke Date: Mon Feb 12 15:34:12 2018 +0100 Merge branch 'master' into async-enc diff --cc src/windowmessages.h index a278675,014c7d9..fba7088 --- a/src/windowmessages.h +++ b/src/windowmessages.h @@@ -36,14 -40,13 +40,14 @@@ */ typedef enum _gpgol_wmsg_type { - UNKNOWN = 0, - INVALIDATE_UI = 1, /* The UI should be invalidated. */ - PARSING_DONE = 2, /* A mail was parsed. Data should be a pointer + UNKNOWN = 1100, /* A large offset to avoid conflicts */ + INVALIDATE_UI, /* The UI should be invalidated. */ + PARSING_DONE, /* A mail was parsed. Data should be a pointer to the mail object. */ - RECIPIENT_ADDED = 3, /* A recipient was added. Data should be ptr - to mail */ - CLOSE = 4, /* Close the message in the next event loop. */ - CRYPTO_DONE = 5, /* Sign / Encrypt done. */ + RECIPIENT_ADDED, /* A recipient was added. Data should be ptr - to mail */ - CLOSE, /* Send the message in the next event loop. */ ++ to mail */ ++ CLOSE, /* Close the message in the next event loop. */ ++ CRYPTO_DONE, /* Sign / Encrypt done. */ } gpgol_wmsg_type; typedef struct ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 21 ++++++++++++++++++++- src/windowmessages.cpp | 9 +++++---- src/windowmessages.h | 21 ++++++++++++++------- 3 files changed, 39 insertions(+), 12 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 12 16:22:10 2018 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Mon, 12 Feb 2018 16:22:10 +0100 Subject: [git] gnupg-doc - branch, master, updated. 4c38a248f204cd3a55b3bd97790dfc9e4731502c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 4c38a248f204cd3a55b3bd97790dfc9e4731502c (commit) from 5227081f8bc0d221e261a0553f4353b697068cd7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4c38a248f204cd3a55b3bd97790dfc9e4731502c Author: Robert J. Hansen Date: Mon Feb 12 10:21:44 2018 -0500 Corrected Greek orthography, credit to Emiel Wiedijk. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 8850eea..1490c10 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -171,7 +171,7 @@ data. Let?s try that again: GnuPG is? Software is meant to be used by people, and people deserve freedom. - /Cryptographic./ The word ?cryptography? is derived from two Greek words, ??????? (pronounced ?kryptos,? meaning ?hidden?) and ????? - (pronounced ?graphein,? meaning ?writing?). Cryptography is the + (pronounced ?grapho,? meaning ?writing?). Cryptography is the mathematical study of codes and ciphers. - /Software./ This one should already be obvious. - /GNU Project./ The [[https://www.gnu.org][GNU Project]] is a group that aims to give people ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 13 00:52:37 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 13 Feb 2018 00:52:37 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-10-g77ca9cc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 77ca9cc2db2c6da303b9224a931679a325ebda1e (commit) from 7e27a0ff64626026521dc5877b278794cea72e61 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 77ca9cc2db2c6da303b9224a931679a325ebda1e Author: NIIBE Yutaka Date: Tue Feb 13 08:51:26 2018 +0900 configure: MinGW has thread-safe getenv. * configure.ac: have_thread_safe_getenv=yes with have_w64_system. Signed-off-by: NIIBE Yutaka diff --git a/configure.ac b/configure.ac index 608c376..b7919c0 100644 --- a/configure.ac +++ b/configure.ac @@ -656,7 +656,7 @@ fi # Try to find a thread-safe version of getenv(). have_thread_safe_getenv=no jm_GLIBC21 -if test $GLIBC21 = yes; then +if test $GLIBC21 = yes -o have_w64_system = yes; then have_thread_safe_getenv=yes fi if test $have_thread_safe_getenv = yes; then ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 13 01:30:21 2018 From: cvs at cvs.gnupg.org (by Arnaud Fontaine) Date: Tue, 13 Feb 2018 01:30:21 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-21-g25f3b69 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 25f3b69129015c54392636818c8846e236f5cb2c (commit) from 0a3bec2c2525935362f87dce93d7df2c8d498498 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 25f3b69129015c54392636818c8846e236f5cb2c Author: Arnaud Fontaine Date: Thu Feb 8 19:03:08 2018 +0100 scd: Improve KDF-DO support * scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO. -- Length check added by gniibe. Signed-off-by: Arnaud Fontaine diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 5b1b0d3..f3065ed 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -2072,7 +2072,8 @@ pin2hash_if_kdf (app_t app, int chvno, char *pinvalue, int *r_pinlen) size_t buflen; if (app->app_local->extcap.kdf_do - && (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL))) + && (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL)) + && buflen == 110 && (buffer[2] == 0x03)) { char *salt; unsigned long s2k_count; ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 13 07:50:26 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 13 Feb 2018 07:50:26 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-11-g5ec890b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 5ec890b9c76db0f23cc396108ff6f1fe658855a8 (commit) from 77ca9cc2db2c6da303b9224a931679a325ebda1e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5ec890b9c76db0f23cc396108ff6f1fe658855a8 Author: Andre Heinecke Date: Tue Feb 13 07:49:10 2018 +0100 configure: Fix mingw check for getenv. * configure.ac: have_thread_safe_getenv=yes with have_w32_system. -- We want to define this for both 32 and 64 bit targets if we use mingw. have_w32_system is defined for both targets. Signed-off-by: Andre Heinecke diff --git a/configure.ac b/configure.ac index b7919c0..c6c6dc8 100644 --- a/configure.ac +++ b/configure.ac @@ -656,7 +656,7 @@ fi # Try to find a thread-safe version of getenv(). have_thread_safe_getenv=no jm_GLIBC21 -if test $GLIBC21 = yes -o have_w64_system = yes; then +if test $GLIBC21 = yes -o $have_w32_system = yes; then have_thread_safe_getenv=yes fi if test $have_thread_safe_getenv = yes; then ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 07:54:45 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 14 Feb 2018 07:54:45 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-20-g65599bb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 65599bb918388d537c29a3d29b4263497eb261de (commit) via cd5db6bf72dd3318d06a4861070ecdf2effec1a7 (commit) via c7b17baec73ee5191ee7a98c9e884e70bea3621d (commit) from 77208c29861a06b70a8f4464e3255f0818ba96b0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 65599bb918388d537c29a3d29b4263497eb261de Author: Andre Heinecke Date: Wed Feb 14 07:51:45 2018 +0100 Fix state machine for PGP/Inline mails * src/mail.cpp, src/mail.h (Mail::WantsSendMIME) (Mail::WantsSendInline): More explicit states. (Mail::update_crypt_oom): Switch into Inline send for inline body. (Mail::update_crypt_mapi): Switch into WantsSendMime. * src/mailitem-events.cpp (EVENT_SINK_INVOKE): Pass inline mails directly. diff --git a/src/mail.cpp b/src/mail.cpp index 8f209a8..c5e6946 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -2574,7 +2574,7 @@ Mail::update_crypt_mapi() } else { - m_crypt_state = WantsSend; + m_crypt_state = WantsSendMIME; } // We don't need the crypter anymore. m_crypter = nullptr; @@ -2605,7 +2605,7 @@ Mail::update_crypt_oom() { log_debug ("%s:%s: Looks like inline body. You can pass %p.", SRCNAME, __func__, this); - m_crypt_state = NeedsSecondAfterWrite; + m_crypt_state = WantsSendInline; return; } diff --git a/src/mail.h b/src/mail.h index a0c6c65..08450d9 100644 --- a/src/mail.h +++ b/src/mail.h @@ -56,7 +56,8 @@ public: NeedsUpdateInOOM, NeedsSecondAfterWrite, NeedsUpdateInMAPI, - WantsSend + WantsSendInline, + WantsSendMIME, }; /** @brief Construct a mail object for the item. diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp index 34999e9..dc667be 100644 --- a/src/mailitem-events.cpp +++ b/src/mailitem-events.cpp @@ -383,12 +383,19 @@ EVENT_SINK_INVOKE(MailItemEvents) } if (m_mail->crypt_state () == Mail::NeedsSecondAfterWrite) { - m_mail->set_crypt_state (Mail::WantsSend); + m_mail->set_crypt_state (Mail::WantsSendMIME); } } } - if (m_mail->crypt_state () == Mail::WantsSend) + if (m_mail->crypt_state () == Mail::WantsSendInline) + { + log_debug ("%s:%s: Passing send event for no-mime message %p.", + SRCNAME, __func__, m_object); + break; + } + + if (m_mail->crypt_state () == Mail::WantsSendMIME) { /* Now we adress T3656 if Outlooks internal S/MIME is somehow * mixed in (even if it is enabled and then disabled) it might @@ -419,8 +426,8 @@ EVENT_SINK_INVOKE(MailItemEvents) if (propval->Value.lpszA && !strstr (propval->Value.lpszA, "GpgOL")) { // Does not have a message class by us. - log_debug ("%s:%s: Message %p - No GpgOL Message class after encryption.", - SRCNAME, __func__, m_object); + log_debug ("%s:%s: Message %p - No GpgOL Message class after encryption. cls is: '%s'", + SRCNAME, __func__, m_object, propval->Value.lpszA); log_debug ("%s:%s: Message %p - Activating T3656 Workaround", SRCNAME, __func__, m_object); message = get_oom_base_message (m_object); commit cd5db6bf72dd3318d06a4861070ecdf2effec1a7 Author: Andre Heinecke Date: Wed Feb 14 07:48:11 2018 +0100 Implement key parsing in cryptcontroller * src/cryptcontroller.cpp (release_recipient_array): Renamed. (rtrim): New helper. (CryptController::lookup_fingerprints): New. Resolve keys from fingerprints. (CryptController::parse_keys): Renamed to parse_output. * src/cryptcontroller.h: Update accordingly. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 0ccaacf..9f6cdbf 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -156,7 +156,7 @@ CryptController::collect_data () } static void -release_recipient_array (char **recipients) +release_carray (char **recipients) { int idx; @@ -168,20 +168,85 @@ release_recipient_array (char **recipients) } } +static inline void +rtrim(std::string &s) { + s.erase(std::find_if(s.rbegin(), s.rend(), [](int ch) { + return !std::isspace(ch); + }).base(), s.end()); +} + int -CryptController::parse_keys (GpgME::Data &resolverOutput) +CryptController::lookup_fingerprints (const std::string &sigFpr, + const std::vector recpFprs, + GpgME::Protocol proto) +{ + auto ctx = std::shared_ptr (GpgME::Context::createForProtocol (proto)); + + ctx->setKeyListMode (GpgME::Local); + GpgME::Error err; + + if (!sigFpr.empty()) { + m_signer_key = ctx->key (sigFpr.c_str (), err, true); + if (err || m_signer_key.isNull () ) { + log_error ("%s:%s: failed to lookup key for '%s'", + SRCNAME, __func__, sigFpr.c_str ()); + return -1; + } + // reset context + ctx = std::shared_ptr (GpgME::Context::createForProtocol (proto)); + ctx->setKeyListMode (GpgME::Local); + } + + if (!recpFprs.size()) { + return 0; + } + + // Convert recipient fingerprints + char **cRecps = (char**) xmalloc (sizeof (char*) * (recpFprs.size() + 1)); + for (size_t i = 0; i < recpFprs.size(); i++) + { + cRecps[i] = strdup (recpFprs[i].c_str()); + } + cRecps[recpFprs.size()] = NULL; + + err = ctx->startKeyListing (const_cast (cRecps)); + + if (err) { + log_error ("%s:%s: failed to start recipient keylisting", + SRCNAME, __func__); + return -1; + } + + do { + m_recipients.push_back(ctx->nextKey(err)); + } while (!err); + + m_recipients.pop_back(); + + release_carray (cRecps); + + return 0; +} + + +int +CryptController::parse_output (GpgME::Data &resolverOutput) { // Todo: Use Data::toString std::istringstream ss(resolverOutput.toString()); std::string line; + GpgME::Protocol proto = GpgME::UnknownProtocol; + + std::string sigFpr; + std::vector recpFprs; while (std::getline (ss, line)) { if (line == "cancel") { log_debug ("%s:%s: resolver canceled", SRCNAME, __func__); - return -1; + return -2; } if (line == "unencrypted") { @@ -196,13 +261,49 @@ CryptController::parse_keys (GpgME::Data &resolverOutput) std::string how; std::string fingerprint; - lss >> what; - lss >> how; - lss >> fingerprint; + std::getline (lss, what, ':'); + std::getline (lss, how, ':'); + std::getline (lss, fingerprint, ':'); - log_debug ("Data what: %s how: %s fingerprint: %s", what.c_str (), how.c_str (), fingerprint.c_str ()); + // Remove possible trailing newline / cr + rtrim (fingerprint); + + if (proto == GpgME::UnknownProtocol) + { + proto = (how == "smime") ? GpgME::CMS : GpgME::OpenPGP; + } + + if (what == "sig") + { + if (!sigFpr.empty ()) + { + log_error ("%s:%s: multiple signing keys not supported", + SRCNAME, __func__); + + } + sigFpr = fingerprint; + continue; + } + if (what == "enc") + { + recpFprs.push_back (fingerprint); + } } - return -1; + + if (m_sign && sigFpr.empty()) + { + log_error ("%s:%s: Sign requested but no signing fingerprint", + SRCNAME, __func__); + return -1; + } + if (m_encrypt && !recpFprs.size()) + { + log_error ("%s:%s: Encrypt requested but no recipient fingerprints", + SRCNAME, __func__); + return -1; + } + + return lookup_fingerprints (sigFpr, recpFprs, proto); } int @@ -223,11 +324,27 @@ CryptController::resolve_keys () args.push_back (resolver); log_debug ("%s:%s: resolving keys with '%s'", - SRCNAME, __func__, resolver.c_str ()); + SRCNAME, __func__, resolver.c_str ()); // We want debug output as OutputDebugString args.push_back (std::string ("--debug")); + // Pass the handle of the active window for raise / overlay. + args.push_back (std::string ("--hwnd")); + // Yes passing it as int is ok. + args.push_back (std::to_string ((int) m_mail->get_window ())); + + // Set the overlay caption + args.push_back (std::string ("--overlayText")); + if (m_encrypt) + { + args.push_back (std::string (_("Resolving recipients..."))); + } + else if (m_sign) + { + args.push_back (std::string (_("Resolving signers..."))); + } + if (m_sign) { args.push_back (std::string ("--sign")); @@ -261,7 +378,7 @@ CryptController::resolve_keys () args.push_back (GpgME::UserID::addrSpecFromString (recipients[i])); } - release_recipient_array (recipients); + release_carray (recipients); // Convert our collected vector to c strings // It's a bit overhead but should be quick for such small @@ -269,7 +386,7 @@ CryptController::resolve_keys () char **cargs = (char**) xmalloc (sizeof (char*) * (args.size() + 1)); for (size_t i = 0; i < args.size(); i++) { - gpgrt_asprintf (cargs + i, "%s", args[i].c_str()); + cargs[i] = strdup (args[i].c_str()); } cargs[args.size()] = NULL; @@ -279,7 +396,7 @@ CryptController::resolve_keys () if (!ctx) { // can't happen - release_recipient_array (cargs); + release_carray (cargs); TRACEPOINT; return -1; } @@ -305,7 +422,7 @@ CryptController::resolve_keys () log_debug ("Resolver stderr:\n'%s'", mystderr.toString ().c_str ()); #endif - release_recipient_array (cargs); + release_carray (cargs); if (err) { @@ -313,7 +430,7 @@ CryptController::resolve_keys () SRCNAME, __func__, err.code(), err.asString()); } - if (parse_keys (mystdout)) + if (parse_output (mystdout)) { log_debug ("%s:%s: Failed to parse / resolve keys.", SRCNAME, __func__); @@ -579,11 +696,13 @@ create_encrypt_attach (sink_t sink, protocol_t protocol, int CryptController::update_mail_mapi () { - log_debug ("%s:%s:", SRCNAME, __func__); + log_debug ("%s:%s", SRCNAME, __func__); if (m_inline) { // Nothing to do for inline. + log_debug ("%s:%s: Inline mail. No MAPI update.", + SRCNAME, __func__); return 0; } diff --git a/src/cryptcontroller.h b/src/cryptcontroller.h index 580d696..416a918 100644 --- a/src/cryptcontroller.h +++ b/src/cryptcontroller.h @@ -60,7 +60,10 @@ public: private: int resolve_keys (); - int parse_keys (GpgME::Data &resolverOutput); + int parse_output (GpgME::Data &resolverOutput); + int lookup_fingerprints (const std::string &sigFpr, + const std::vector recpFprs, + GpgME::Protocol proto); private: Mail *m_mail; commit c7b17baec73ee5191ee7a98c9e884e70bea3621d Author: Andre Heinecke Date: Wed Feb 14 07:53:37 2018 +0100 Add mail window id accessor * src/mail.h (Mail::get_window): New. -- Kind of ugly as the window is only valid for a short time but helps in cryptcontroller. diff --git a/src/mail.h b/src/mail.h index 80d57f9..a0c6c65 100644 --- a/src/mail.h +++ b/src/mail.h @@ -410,6 +410,12 @@ public: */ bool check_inline_response (); + /** Get the window for the mail. Caution! This is only + really valid in the time that the window is disabled. + Use with care and can be null or invalid. + */ + HWND get_window () { return m_window; } + private: void update_categories (); void update_body (); ----------------------------------------------------------------------- Summary of changes: src/cryptcontroller.cpp | 149 +++++++++++++++++++++++++++++++++++++++++++----- src/cryptcontroller.h | 5 +- src/mail.cpp | 4 +- src/mail.h | 9 ++- src/mailitem-events.cpp | 15 +++-- 5 files changed, 159 insertions(+), 23 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 08:25:17 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Wed, 14 Feb 2018 08:25:17 +0100 Subject: [git] gnupg-doc - branch, master, updated. 838ed25349c148ae85336f533b13bb5cf587764b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 838ed25349c148ae85336f533b13bb5cf587764b (commit) via cc0a8f080e16dbdb2afc43c72f89e24b11567c4e (commit) via 81898d2cf872b0d059590b651abf6eefcf27412c (commit) from 4c38a248f204cd3a55b3bd97790dfc9e4731502c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 838ed25349c148ae85336f533b13bb5cf587764b Author: Ben McGinnes Date: Wed Feb 14 18:16:49 2018 +1100 EasyPG notes * Added references to EPA and EPG as being the core components of EasyPG. * Then included a sentence on using customize-group with those two options to manually set things (like the user's default key ID and the path of the gpg binary. * Minor grammatical fix on the following note for Mutt and Neomutt. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 43e6d4d..b30a64f 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -713,11 +713,14 @@ is actively developed. and is compatible with the latest Thunderbird releases, with a friendly and welcoming user community. -(2) EasyPG is part of Emacs 23, proper. Thus there is no more need to - install the plugin. See the Gnus manual for configuration hints. - -(3) For best experience make sure to put ~set crypt_use_gpgme~ in your - =~/.muttrc= file. Note that this requires installing Mutt or +(2) EasyPG is part of Emacs 23, proper as EPA and the underlying EPG. + Thus there is no more need to install the plugin. See the Gnus + manual for configuration hints. Both EPA and EPG can be + customized with the customize-group command and using either the + =epa= or =epg= groups. + +(3) For the best experience make sure to put ~set crypt_use_gpgme~ in + your =~/.muttrc= file. Note that this requires installing Mutt or Neomutt compiled with GPGME support, refer to the Mutt or Neomutt documentation for details. @@ -745,11 +748,14 @@ is actively developed. and is compatible with the latest Thunderbird releases, with a friendly and welcoming user community. -(2) EasyPG is part of Emacs 23, proper. Thus there is no more need to - install the plugin. See the Gnus manual for configuration hints. +(2) EasyPG is part of Emacs 23, proper as EPA and the underlying EPG. + Thus there is no more need to install the plugin. See the Gnus + manual for configuration hints. Both EPA and EPG can be + customized with the customize-group command and using either the + =epa= or =epg= groups. -(3) For best experience make sure to put ~set crypt_use_gpgme~ in your - =~/.muttrc= file. Note that this requires installing Mutt or +(3) For the best experience make sure to put ~set crypt_use_gpgme~ in + your =~/.muttrc= file. Note that this requires installing Mutt or Neomutt compiled with GPGME support, refer to the Mutt or Neomutt documentation for details. commit cc0a8f080e16dbdb2afc43c72f89e24b11567c4e Author: Ben McGinnes Date: Wed Feb 14 18:03:32 2018 +1100 FreeBSD pkg * Added alternative method of calling the FreeBSD pkg manager. * Note: when called this way the commands are roughly analoguous to MacPorts except the main command there is port rather than pkg. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 1741f08..43e6d4d 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -352,6 +352,12 @@ Alternatively, you can install GnuPG using a package manager: sudo pkg_add -r gnupg #+end_example +Or with this variation for the package manager: + +#+begin_example +sudo pkg install gnupg +#+end_example + *** ? for VMS? :PROPERTIES: :CUSTOM_ID: get_gnupg_vms commit 81898d2cf872b0d059590b651abf6eefcf27412c Author: Ben McGinnes Date: Wed Feb 14 17:55:49 2018 +1100 Copyright * Updated copyright years to 2018. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 1490c10..1741f08 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -45,7 +45,7 @@ purposes. :CUSTOM_ID: documentation_license :END: -This document is ? 2012-2017, Robert J. Hansen <[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]> and +This document is ? 2012-2018, Robert J. Hansen <[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]> and A.M. Kuchling <[[mailto:amk at amk.ca?subject=The%20GnuPG%20FAQ][amk at amk.ca]]>. You are free to make use of this document in accordance with the [[https://creativecommons.org/licenses/by-sa/3.0/][Creative Commons Attribution-ShareAlike 3.0 license]]; alternately, you may make use of it under terms of the ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 08:44:05 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Wed, 14 Feb 2018 08:44:05 +0100 Subject: [git] gnupg-doc - branch, master, updated. 4b1a80cab6a49a7a5830b185bad10db8e9944b9b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 4b1a80cab6a49a7a5830b185bad10db8e9944b9b (commit) via bf7e10c84df91122161de0cb96640564ad489603 (commit) from 838ed25349c148ae85336f533b13bb5cf587764b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4b1a80cab6a49a7a5830b185bad10db8e9944b9b Author: Ben McGinnes Date: Wed Feb 14 18:41:54 2018 +1100 Getting the copy right * Bumped the footer and related copyright texts to this year. diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 2651c35..9f14d1c 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -343,7 +343,7 @@ string of the source file or nil if not available." > $\"CC$ This web page is - Copyright 2017 GnuPG e.V. and licensed under a + Copyright 2018 GnuPG e.V. and licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. See copying for details. @@ -354,7 +354,7 @@ string of the source file or nil if not available." > $\"CC$ These web pages are - Copyright 1998--2017 The GnuPG Project and licensed under a + Copyright 1998--2018 The GnuPG Project and licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. See copying for details. commit bf7e10c84df91122161de0cb96640564ad489603 Author: Ben McGinnes Date: Wed Feb 14 18:37:48 2018 +1100 Legality requires completion * Figured I'd better add myself here so the licences still apply. * Also bumped the years of coverage for Werner since it's kind of obvious. diff --git a/web/copying.org b/web/copying.org index cb556c1..705f2d6 100644 --- a/web/copying.org +++ b/web/copying.org @@ -11,11 +11,12 @@ authors: #+begin_verse - \copy 1998--2013 Werner Koch + \copy 1998--2018 Werner Koch \copy 2000--2002 Nils Ellmenreich \copy 2001--2002 Mike Ashley \copy 2002--2005 Lorenzo Cappelletti \copy 2006--2006 David Shaw + \copy 2017--2018 Ben McGinnes #+end_verse # The Aegypten pages are under a different license - there authors are # \copy 2001--2004 Bernhard Reiter ----------------------------------------------------------------------- Summary of changes: web/copying.org | 3 ++- web/share/gpgweb.el | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 09:29:12 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Wed, 14 Feb 2018 09:29:12 +0100 Subject: [git] gnupg-doc - branch, master, updated. e7b053a6252173c0c4b35d8dfb04947a62d0ff65 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e7b053a6252173c0c4b35d8dfb04947a62d0ff65 (commit) via a4264f4d8f709aad34c14543037a83c1ca724b59 (commit) via c4373a5b93983cabe0d3ae7e731b73e8a369823c (commit) from 4b1a80cab6a49a7a5830b185bad10db8e9944b9b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e7b053a6252173c0c4b35d8dfb04947a62d0ff65 Author: Ben McGinnes Date: Wed Feb 14 19:27:28 2018 +1100 Space clraning * Killed some whitespace. * Also updated copyright years here. * Added generic copyright to the project. diff --git a/web/faq/gpgme-faq.org b/web/faq/gpgme-faq.org index 36936cc..e991a83 100644 --- a/web/faq/gpgme-faq.org +++ b/web/faq/gpgme-faq.org @@ -43,7 +43,7 @@ #+begin_example import gpg - + ciphertext = open("filename.txt.asc", "rb") plaintext = gpg.Context().decrypt(ciphertext) ciphertext.close() @@ -53,7 +53,6 @@ del plaintext #+end_example - commit a4264f4d8f709aad34c14543037a83c1ca724b59 Author: Ben McGinnes Date: Wed Feb 14 19:22:26 2018 +1100 GPGME FAQ needs love * Added what would likely be the most obvious question since Justus' blog post on the Python bindings in 2016. * Also included a very simple example. diff --git a/web/faq/gpgme-faq.org b/web/faq/gpgme-faq.org index 814d12c..36936cc 100644 --- a/web/faq/gpgme-faq.org +++ b/web/faq/gpgme-faq.org @@ -27,8 +27,38 @@ See section 2.3 Largefile support of the GPGME Reference Manual. +** Why don't the Python bindings announced in 2016 work? + + The Python bindings have been undergoing continual improvement and + fine tuning since the initial announcement. To obtain the most + accurate bindings it is recommended to install the bindings shipped + with GPGME itself rather than older versions available on PyPI. + + The Python module has been renamed from =pyme= or =pyme3= and is + now simply called =gpg=. Otherwise the function remains similar + and example code is included with the source. + + A basic decryption operation to take an encrypted file and decrypt + it with a key in your secret keys would look something like this: + + #+begin_example + import gpg + + ciphertext = open("filename.txt.asc", "rb") + plaintext = gpg.Context().decrypt(ciphertext) + ciphertext.close() + f = open("filename.txt", "wb") + f.write(plaintext[0]) + f.close() + del plaintext + #+end_example + + + # Copyright (C) 2002-2004 Free Software Foundation, Inc. +# Copyright (C) 2006-2018 The GnuPG Project. # # Written by Werner Koch (2006-04-27 12:50:00). +# Ammended by Ben McGinnes (2018-02-14 08:21:32 UTC). commit c4373a5b93983cabe0d3ae7e731b73e8a369823c Author: Ben McGinnes Date: Wed Feb 14 18:46:21 2018 +1100 Grammar * It was inevitable: Finally had to fix one of my own grammatical errors. :) diff --git a/web/documentation/howtos.org b/web/documentation/howtos.org index 7d100f2..264f425 100644 --- a/web/documentation/howtos.org +++ b/web/documentation/howtos.org @@ -115,6 +115,6 @@ most developers to decipher, or both; Piotr Mase?kowski at [[https://maslosoft.com/][Maslosoft]] has an alternative guide using the CLI programs. - This HOWTO is available as: + This HOWTO is available: - as an online HTML article ( [[https://maslosoft.com/blog/2017/09/12/using-gpg-with-php-on-server/][en]] ) ----------------------------------------------------------------------- Summary of changes: web/documentation/howtos.org | 2 +- web/faq/gpgme-faq.org | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 09:38:47 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 14 Feb 2018 09:38:47 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-12-gf1d8a79 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via f1d8a7975b0a166f55aef06eb25d50230781b96f (commit) from 5ec890b9c76db0f23cc396108ff6f1fe658855a8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f1d8a7975b0a166f55aef06eb25d50230781b96f Author: NIIBE Yutaka Date: Wed Feb 14 17:34:28 2018 +0900 build: Fix Makefiles for portability. * tests/gpg/Makefile.am: Don't allow target with '/'. * tests/gpgsm/Makefile.am: Ditto. -- BSD Make doesn't allow a target with '/'. We still have such a target in lang/python/Makefile.am, but it's for maintainer only, so, assumption to GNU Make is OK there. Signed-off-by: NIIBE Yutaka diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index a2d2411..034bb5e 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -46,7 +46,7 @@ TESTS = initial.test $(c_tests) final.test CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \ random_seed S.gpg-agent .gpg-v21-migrated pubring-stamp \ - tofu.db *.conf.gpgconf.bak + gpg-sample.stamp tofu.db *.conf.gpgconf.bak private_keys = \ 13CD0F3BDF24BE53FE192D62F18737256FF6E4FD \ @@ -61,7 +61,7 @@ EXTRA_DIST = initial.test final.test \ geheim.txt pubkey-1.asc seckey-1.asc pinentry $(private_keys) BUILT_SOURCES = gpg.conf gpg-agent.conf pubring-stamp \ - private-keys-v1.d/gpg-sample.stamp + gpg-sample.stamp AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ AM_LDFLAGS = -no-install LDADD = ../../src/libgpgme.la @@ -88,15 +88,15 @@ export GNUPGHOME := $(abs_builddir) export GPG_AGENT_INFO := -private-keys-v1.d/gpg-sample.stamp: $(srcdir)/$(private_keys) +gpg-sample.stamp: $(srcdir)/$(private_keys) -gpgconf --kill all $(MKDIR_P) ./private-keys-v1.d for k in $(private_keys); do \ cp $(srcdir)/$$k private-keys-v1.d/$$k.key; \ done - echo x > ./private-keys-v1.d/gpg-sample.stamp + echo x > ./gpg-sample.stamp -pubring-stamp: $(srcdir)/pubdemo.asc private-keys-v1.d/gpg-sample.stamp +pubring-stamp: $(srcdir)/pubdemo.asc gpg-sample.stamp $(GPG) --batch --no-permission-warning \ --import $(srcdir)/pubdemo.asc -$(GPG) --batch --no-permission-warning \ diff --git a/tests/gpgsm/Makefile.am b/tests/gpgsm/Makefile.am index 9d47e2a..3b8eb72 100644 --- a/tests/gpgsm/Makefile.am +++ b/tests/gpgsm/Makefile.am @@ -46,7 +46,7 @@ noinst_PROGRAMS = $(c_tests) t-genkey cms-keylist cms-decrypt key_id = 32100C27173EF6E9C4E9A25D3D69F86D37A4F939 CLEANFILES = pubring-stamp pubring.kbx pubring.kbx~ gpgsm.conf trustlist.txt \ - random_seed S.gpg-agent + random_seed S.gpg-agent gpg-sample.stamp clean-local: -$(top_srcdir)/tests/start-stop-agent --stop @@ -57,9 +57,9 @@ export GNUPGHOME := $(abs_builddir) export GPG_AGENT_INFO := BUILT_SOURCES = gpgsm.conf trustlist.txt pubring-stamp \ - private-keys-v1.d/gpg-sample.stamp + gpg-sample.stamp -pubring-stamp: $(srcdir)/cert_g10code_test1.der private-keys-v1.d/gpg-sample.stamp +pubring-stamp: $(srcdir)/cert_g10code_test1.der gpg-sample.stamp $(GPGSM) --import $(srcdir)/cert_g10code_test1.der touch pubring-stamp @@ -68,11 +68,11 @@ gpgsm.conf: echo faked-system-time 1008241200 >> ./gpgsm.conf echo "agent-program `which $(GPG_AGENT)`|--debug-quick-random" >> ./gpgsm.conf -private-keys-v1.d/gpg-sample.stamp: $(srcdir)/$(key_id) +gpg-sample.stamp: $(srcdir)/$(key_id) -gpgconf --kill all $(MKDIR_P) ./private-keys-v1.d cp $(srcdir)/$(key_id) private-keys-v1.d/$(key_id).key - echo x > ./private-keys-v1.d/gpg-sample.stamp + echo x > ./gpg-sample.stamp trustlist.txt: echo $(key_id) > ./trustlist.txt ----------------------------------------------------------------------- Summary of changes: tests/gpg/Makefile.am | 10 +++++----- tests/gpgsm/Makefile.am | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 10:12:41 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Wed, 14 Feb 2018 10:12:41 +0100 Subject: [git] gnupg-doc - branch, master, updated. e29664284846ba6921d24233f868c6167ab2c8f2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e29664284846ba6921d24233f868c6167ab2c8f2 (commit) via 0ae9c247d49a48f915661442b8505378c6f19b5a (commit) from e7b053a6252173c0c4b35d8dfb04947a62d0ff65 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e29664284846ba6921d24233f868c6167ab2c8f2 Author: Ben McGinnes Date: Wed Feb 14 20:07:55 2018 +1100 More of me! * A bit of a bio, a bit of politics (but just a bit), an IRC handle and, of course my current GPG key (link to keyserver copy). diff --git a/web/people/index.org b/web/people/index.org index ea3e484..5eb6667 100644 --- a/web/people/index.org +++ b/web/people/index.org @@ -5,10 +5,10 @@ * The People behind GnuPG As with all technical things in the world, people and not machines - created them are responsible to keep them running. Software and - thus GnuPG is not different. Although software is build using a lot - of other software and thus the work of many thousand people, you may - be interested to see who is working on GnuPG. Here is a list of + created them and are responsible to keep them running. Software and + thus GnuPG is no different. Although software is built using a lot + of other software and thus the work of many thousands of people, you + may be interested to see who is working on GnuPG. Here is a list of some of them: #+HTML:
@@ -134,11 +134,35 @@ /Core components hacker/ Justus started to work on GnuPG in 2015 to support maintenance and - development in all areas. We was full time employed by g10^code + development in all areas. He was full time employed by g10^code from 2015 to 2017. He is a founding member of the [[../verein/index.org][GnuPG e.V.]] #+HTML:

+** Ben McGinnes + + #+HTML:

+ #+HTML:

Ben McGinnes

+ #+HTML:

+ + /GPGME python hacker/ + + Ben started working on GPGME in 2015 with the initial port of PyME + from Python 2 to Python 3. Then returned to take over stewardship + of Justus' enhanced version of that port from late 2017 onward. In + conjunction with with continuing work on documentation and + developing XML schemas for the XML format included in GPGME. + + He is a co-founder of the original CryptoParty movement in + Melbourne, Australia, a founding member of Pirate Party Australia + and actively advocating for civil and human rights since the '90s. + Ben can sometimes be found on freenode IRC using the handle + =Hasimir= name and, of course, on the GnuPG mailing lists. + + [[https://sks-keyservers.net/pks/lookup?op=get&search=0xDB4724E6FA4286C92B4E55C4321E4E2373590E5D][GPG key DB4724E6FA4286C92B4E55C4321E4E2373590E5D]] + + #+HTML:

+ * COMMENT # eof commit 0ae9c247d49a48f915661442b8505378c6f19b5a Author: Ben McGinnes Date: Wed Feb 14 19:42:19 2018 +1100 Me! * It's me! diff --git a/web/people/ben.png b/web/people/ben.png new file mode 100644 index 0000000..3d16e31 Binary files /dev/null and b/web/people/ben.png differ ----------------------------------------------------------------------- Summary of changes: web/people/ben.png | Bin 0 -> 66116 bytes web/people/index.org | 34 +++++++++++++++++++++++++++++----- 2 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 web/people/ben.png hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 10:56:16 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Wed, 14 Feb 2018 10:56:16 +0100 Subject: [git] gnupg-doc - branch, master, updated. 2a64c8aae45257527c6c838f8e5e9737f1414fd8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 2a64c8aae45257527c6c838f8e5e9737f1414fd8 (commit) from e29664284846ba6921d24233f868c6167ab2c8f2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2a64c8aae45257527c6c838f8e5e9737f1414fd8 Author: Ben McGinnes Date: Wed Feb 14 20:54:18 2018 +1100 The worms in the Apple * Anticipating and subsequently preventing Apple's random "helpfulness" from ever ending up in here. diff --git a/.gitignore b/.gitignore index ec7b6c5..aa50428 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,7 @@ scratch/ /misc/blog.gnupg.org/20*.html /misc/blog.gnupg.org/headlines.txt /misc/id/eddsa-for-openpgp/draft.txt +*~ +.DS_Store +._.DS_Store +default.profraw ----------------------------------------------------------------------- Summary of changes: .gitignore | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 11:10:44 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Wed, 14 Feb 2018 11:10:44 +0100 Subject: [git] GPGME - branch, ben/gitsettings, created. gpgme-1.10.0-13-g1b5719c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, ben/gitsettings has been created at 1b5719cd57d80dcd9577141491a0860912e74cd4 (commit) - Log ----------------------------------------------------------------- commit 1b5719cd57d80dcd9577141491a0860912e74cd4 Author: Ben McGinnes Date: Wed Feb 14 21:08:04 2018 +1100 House keeping * Added a bunch of things to .gitignore that might otherwise creep in during Python development. * This really should be merged ASAP. You'll thank me later ... diff --git a/.gitignore b/.gitignore index 4c37222..de173b8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +# GnuPG exclusions /aclocal.m4 /autom4te.cache /config.h.in @@ -11,3 +12,44 @@ Makefile stamp-h1 *.o *.lo + +# Hidden files +*~ + +# Byte compiled Python +*.py[cod] +__pycache__ + +# C extensions +*.so + +# Packages +*.egg +*.egg-info +build +eggs +parts +develop-eggs +.installed.cfg + +# Installer logs +pip-log.txt + +# Unit test / coverage reports +.coverage +.tox +nosetests.xml + +# Translations +*.mo + +# Mr Developer +.mr.developer.cfg +.project +.pydevproject + +# Assorted Apple crap +default.profraw +.DS_Store +._.DS_Store +default.profraw \ No newline at end of file ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 11:22:10 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 14 Feb 2018 11:22:10 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-25-g3e1974e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 3e1974e6ee4fa457c0953faf5d4770338f8c999a (commit) via 6b5f7b1fb392fce7b87aa7aa2bdf329b2ffc3c1f (commit) via be3109df4ca2f3374658c05e40fe34a9a23c7612 (commit) via d66b17083386f8be9fe190814abbc41cf85e1290 (commit) via 31b54cd71c4ff798b04b129f1739852f93a72167 (commit) from 65599bb918388d537c29a3d29b4263497eb261de (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3e1974e6ee4fa457c0953faf5d4770338f8c999a Author: Andre Heinecke Date: Wed Feb 14 11:18:37 2018 +0100 Start fixing S/MIME * src/cryptcontroller.h (m_bodyInput): Place to cache the plain text body. * src/cryptcontroller.cpp (CryptController::collect_data): Collect body into special data variable. (CryptController::lookup_fingerprints), (CryptController::parse_output), (CryptController::resolve_keys): Basically handle S/MIME. -- We now collect the body of a mail twice because when we do the protocol selection later we do not know if we can do inline (S/MIME inline is not supported by us). diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 6f164fa..733389f 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -120,14 +120,14 @@ CryptController::collect_data () } else if (m_inline) { - // Inline. Use Body as input and be done. - m_input.write (body, strlen (body)); - log_debug ("%s:%s: PGP Inline. Using cached body as input.", + /* Inline. Use Body as input. + We need to collect also our mime structure for S/MIME + as we don't know yet if we are S/MIME or OpenPGP */ + m_bodyInput.write (body, strlen (body)); + log_debug ("%s:%s: Inline. Caching body.", SRCNAME, __func__); - gpgol_release (message); /* Set the input buffer to start. */ - m_input.seek (0, SEEK_SET); - return 0; + m_bodyInput.seek (0, SEEK_SET); } /* Set up the sink object to collect the mime structure */ @@ -177,23 +177,35 @@ rtrim(std::string &s) { int CryptController::lookup_fingerprints (const std::string &sigFpr, - const std::vector recpFprs, - GpgME::Protocol proto) + const std::vector recpFprs) { - auto ctx = std::shared_ptr (GpgME::Context::createForProtocol (proto)); + auto ctx = std::shared_ptr (GpgME::Context::createForProtocol (m_proto)); + + if (!ctx) + { + log_error ("%s:%s: failed to create context with protocol '%s'", + SRCNAME, __func__, + m_proto == GpgME::CMS ? "smime" : + m_proto == GpgME::OpenPGP ? "openpgp" : + "unknown"); + return -1; + } ctx->setKeyListMode (GpgME::Local); GpgME::Error err; if (!sigFpr.empty()) { m_signer_key = ctx->key (sigFpr.c_str (), err, true); - if (err || m_signer_key.isNull () ) { - log_error ("%s:%s: failed to lookup key for '%s'", - SRCNAME, __func__, sigFpr.c_str ()); + if (err || m_signer_key.isNull ()) { + log_error ("%s:%s: failed to lookup key for '%s' with protocol '%s'", + SRCNAME, __func__, sigFpr.c_str (), + m_proto == GpgME::CMS ? "smime" : + m_proto == GpgME::OpenPGP ? "openpgp" : + "unknown"); return -1; } // reset context - ctx = std::shared_ptr (GpgME::Context::createForProtocol (proto)); + ctx = std::shared_ptr (GpgME::Context::createForProtocol (m_proto)); ctx->setKeyListMode (GpgME::Local); } @@ -236,8 +248,6 @@ CryptController::parse_output (GpgME::Data &resolverOutput) std::istringstream ss(resolverOutput.toString()); std::string line; - GpgME::Protocol proto = GpgME::UnknownProtocol; - std::string sigFpr; std::vector recpFprs; while (std::getline (ss, line)) @@ -266,9 +276,9 @@ CryptController::parse_output (GpgME::Data &resolverOutput) std::getline (lss, how, ':'); std::getline (lss, fingerprint, ':'); - if (proto == GpgME::UnknownProtocol) + if (m_proto == GpgME::UnknownProtocol) { - proto = (how == "smime") ? GpgME::CMS : GpgME::OpenPGP; + m_proto = (how == "smime") ? GpgME::CMS : GpgME::OpenPGP; } if (what == "sig") @@ -301,7 +311,7 @@ CryptController::parse_output (GpgME::Data &resolverOutput) return -1; } - return lookup_fingerprints (sigFpr, recpFprs, proto); + return lookup_fingerprints (sigFpr, recpFprs); } int @@ -363,24 +373,24 @@ CryptController::resolve_keys () args.push_back (cached_sender); } - if (m_encrypt) - { - args.push_back (std::string ("--encrypt")); - } - if (!opt.autoresolve) { args.push_back (std::string ("--alwaysShow")); } - // Get the recipients that are cached from OOM - char **recipients = m_mail->take_cached_recipients (); - for (size_t i = 0; recipients && recipients[i]; i++) + + if (m_encrypt) { - args.push_back (GpgME::UserID::addrSpecFromString (recipients[i])); - } + args.push_back (std::string ("--encrypt")); + // Get the recipients that are cached from OOM + char **recipients = m_mail->take_cached_recipients (); + for (size_t i = 0; recipients && recipients[i]; i++) + { + args.push_back (GpgME::UserID::addrSpecFromString (recipients[i])); + } - release_carray (recipients); + release_carray (recipients); + } // Convert our collected vector to c strings // It's a bit overhead but should be quick for such small @@ -460,7 +470,15 @@ CryptController::do_crypto () return -2; } - auto ctx = std::shared_ptr (GpgME::Context::createForProtocol(GpgME::OpenPGP)); + if (m_proto == GpgME::CMS && m_inline) + { + log_debug ("%s:%s: Inline for S/MIME not supported. Switching to mime.", + SRCNAME, __func__); + m_inline = false; + m_bodyInput = GpgME::Data(GpgME::Data::null); + } + + auto ctx = std::shared_ptr (GpgME::Context::createForProtocol(m_proto)); if (!ctx) { @@ -479,7 +497,7 @@ CryptController::do_crypto () if (m_encrypt && m_sign) { const auto result_pair = ctx->signAndEncrypt (m_recipients, - m_input, + m_inline ? m_bodyInput : m_input, m_output, GpgME::Context::AlwaysTrust); @@ -500,7 +518,7 @@ CryptController::do_crypto () } else if (m_encrypt) { - const auto result = ctx->encrypt (m_recipients, m_input, + const auto result = ctx->encrypt (m_recipients, m_inline ? m_bodyInput : m_input, m_output, GpgME::Context::AlwaysTrust); if (result.error()) @@ -518,7 +536,7 @@ CryptController::do_crypto () } else if (m_sign) { - const auto result = ctx->sign (m_input, m_output, + const auto result = ctx->sign (m_inline ? m_bodyInput : m_input, m_output, m_inline ? GpgME::Clearsigned : GpgME::Detached); if (result.error()) diff --git a/src/cryptcontroller.h b/src/cryptcontroller.h index 416a918..c6d0cbd 100644 --- a/src/cryptcontroller.h +++ b/src/cryptcontroller.h @@ -62,12 +62,11 @@ private: int resolve_keys (); int parse_output (GpgME::Data &resolverOutput); int lookup_fingerprints (const std::string &sigFpr, - const std::vector recpFprs, - GpgME::Protocol proto); + const std::vector recpFprs); private: Mail *m_mail; - GpgME::Data m_input, m_output; + GpgME::Data m_input, m_bodyInput, m_smime_intermediate, m_output; bool m_encrypt, m_sign, m_inline, m_crypto_success; GpgME::Protocol m_proto; GpgME::Key m_signer_key; commit 6b5f7b1fb392fce7b87aa7aa2bdf329b2ffc3c1f Author: Andre Heinecke Date: Wed Feb 14 08:29:37 2018 +0100 Revert "Launch Kleo/GPA in the background on start" This reverts commit 13950a98522818b27b3048617acb0282b65b54b3. -- For the async-enc branch this is no longer needed. diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 95eee5f..8907c18 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -559,53 +559,16 @@ op_assuan_deinit (void) cleanup (); } -/* Code for a thread in the background */ -static DWORD WINAPI -spawn_background (LPVOID arg) -{ - gpgme_error_t err; - assuan_context_t ctx; - pid_t pid; - ULONG cmdid; - - (void) arg; - - /* Run a test connection to see whether the UI server is available. */ - log_debug ("%s:%s: Initial uiserver connect", SRCNAME, __func__); - err = connect_uiserver (&ctx, &pid, &cmdid, NULL); - if (!err) - { - log_debug ("%s:%s: Sending noop", SRCNAME, __func__); - err = assuan_transact (ctx, "NOP", NULL, NULL, NULL, NULL, NULL, NULL); - assuan_release (ctx); - } - if (err) - log_debug ("%s:%s: Failed code: %i", SRCNAME, __func__, err); - - return 0; -} /* Initialize this system. */ int op_assuan_init (void) { static int init_done; - HANDLE thread; if (init_done) return 0; - /* Connect to UiServer in the background */ - - /* XXX This should not really be necessary but - it was often reported that the spawn and connect - did not work. Also it is much faster to access - Kleopatra when it's already running so spawning - it as lookahead probably makes sense. */ - thread = CreateThread (NULL, 0, spawn_background, - NULL, 0, NULL); - CloseHandle(thread); - /* Fire up the pipe worker thread. */ { HANDLE th; commit be3109df4ca2f3374658c05e40fe34a9a23c7612 Author: Andre Heinecke Date: Wed Feb 14 08:15:34 2018 +0100 Minor cleanup -- diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index e24f8fb..6f164fa 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -450,18 +450,8 @@ CryptController::resolve_keys () int CryptController::do_crypto () { - // TODO get recipients and sender and protocol. - - log_debug ("%s:%s:", + log_debug ("%s:%s", SRCNAME, __func__); - auto ctx = std::shared_ptr (GpgME::Context::createForProtocol(GpgME::OpenPGP)); - - if (!ctx) - { - log_error ("%s:%s: Failure to create context.", - SRCNAME, __func__); - return -1; - } if (resolve_keys ()) { @@ -470,6 +460,14 @@ CryptController::do_crypto () return -2; } + auto ctx = std::shared_ptr (GpgME::Context::createForProtocol(GpgME::OpenPGP)); + + if (!ctx) + { + log_error ("%s:%s: Failure to create context.", + SRCNAME, __func__); + return -1; + } if (!m_signer_key.isNull()) { ctx->addSigningKey (m_signer_key); commit d66b17083386f8be9fe190814abbc41cf85e1290 Author: Andre Heinecke Date: Wed Feb 14 08:12:46 2018 +0100 Fix parsing of command lines * src/cryptcontroller.cpp (CryptController::parse_output): rtrim parsed lines. -- This fixes cancel. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 389d307..e24f8fb 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -242,6 +242,7 @@ CryptController::parse_output (GpgME::Data &resolverOutput) std::vector recpFprs; while (std::getline (ss, line)) { + rtrim (line); if (line == "cancel") { log_debug ("%s:%s: resolver canceled", @@ -265,9 +266,6 @@ CryptController::parse_output (GpgME::Data &resolverOutput) std::getline (lss, how, ':'); std::getline (lss, fingerprint, ':'); - // Remove possible trailing newline / cr - rtrim (fingerprint); - if (proto == GpgME::UnknownProtocol) { proto = (how == "smime") ? GpgME::CMS : GpgME::OpenPGP; commit 31b54cd71c4ff798b04b129f1739852f93a72167 Author: Andre Heinecke Date: Wed Feb 14 08:09:41 2018 +0100 Bring mail window to front after keyresolution * src/common.c, src/common.h (bring_to_front): New. * src/cryptcontroller.cpp (CryptController::resolve_keys): Use it. -- Somehow when the Qt modal window is closed it brings the wrong window back. This fix does not prevent that but at least returns the previous active window to the front. GnuPG-Bug-Id: T3732 diff --git a/src/common.c b/src/common.c index f2bfc86..5d4c6fb 100644 --- a/src/common.c +++ b/src/common.c @@ -242,6 +242,23 @@ get_save_filename (HWND root, const char *srcname) return NULL; } +void +bring_to_front (HWND wid) +{ + if (wid) + { + if (!SetForegroundWindow (wid)) + { + log_debug ("%s:%s: SetForegroundWindow failed", SRCNAME, __func__); + /* Yet another fallback which will not work on some + * versions and is not recommended by msdn */ + if (!ShowWindow (wid, SW_SHOWNORMAL)) + { + log_debug ("%s:%s: ShowWindow failed.", SRCNAME, __func__); + } + } + } +} void fatal_error (const char *format, ...) diff --git a/src/common.h b/src/common.h index 09c6072..d306d16 100644 --- a/src/common.h +++ b/src/common.h @@ -140,6 +140,7 @@ extern int g_ol_version_major; void log_window_hierarchy (HWND window, const char *fmt, ...) __attribute__ ((format (printf,2,3))); +void bring_to_front (HWND wid); #ifdef __cplusplus } #endif diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 9f6cdbf..389d307 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -329,10 +329,14 @@ CryptController::resolve_keys () // We want debug output as OutputDebugString args.push_back (std::string ("--debug")); - // Pass the handle of the active window for raise / overlay. - args.push_back (std::string ("--hwnd")); // Yes passing it as int is ok. - args.push_back (std::to_string ((int) m_mail->get_window ())); + auto wnd = m_mail->get_window (); + if (wnd) + { + // Pass the handle of the active window for raise / overlay. + args.push_back (std::string ("--hwnd")); + args.push_back (std::to_string ((int) wnd)); + } // Set the overlay caption args.push_back (std::string ("--overlayText")); @@ -416,6 +420,9 @@ CryptController::resolve_keys () (GpgME::Context::SpawnFlags) ( GpgME::Context::SpawnAllowSetFg | GpgME::Context::SpawnShowWindow)); + // Somehow Qt messes up which window to bring back to front. + // So we do it manually. + bring_to_front (wnd); #ifdef DEBUG_RESOLVER log_debug ("Resolver stdout:\n'%s'", mystdout.toString ().c_str ()); ----------------------------------------------------------------------- Summary of changes: src/common.c | 17 +++++++ src/common.h | 1 + src/cryptcontroller.cpp | 117 ++++++++++++++++++++++++++++-------------------- src/cryptcontroller.h | 5 +-- src/engine-assuan.c | 37 --------------- 5 files changed, 89 insertions(+), 88 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 12:27:30 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Feb 2018 12:27:30 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-22-gf19ff78 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via f19ff78f0fbfc2793d8a9ab0173486bf712871ac (commit) from 25f3b69129015c54392636818c8846e236f5cb2c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f19ff78f0fbfc2793d8a9ab0173486bf712871ac Author: Werner Koch Date: Wed Feb 14 12:21:23 2018 +0100 common: Use new function to print status strings. * common/asshelp2.c (vprint_assuan_status_strings): New. (print_assuan_status_strings): New. * agent/command.c (agent_write_status): Replace by call to new function. * dirmngr/server.c (dirmngr_status): Ditto. * g13/server.c (g13_status): Ditto. * g13/sh-cmd.c (g13_status): Ditto. * sm/server.c (gpgsm_status2): Ditto. * scd/command.c (send_status_info): Bump up N. -- This fixes a potential overflow if LFs are passed to the status string functions. This is actually not the case and would be wrong because neither the truncating in libassuan or our escaping is not the Right Thing. In any case the functions need to be more robust and comply to the promised interface. Thus the code has been factored out to a helper function and N has been bumped up correctly and checked in all cases. For some uses this changes the behaviour in the error case (i.e. CR or LF passed): It will now always be C-escaped and not passed to libassuan which would truncate the line at the first LF. Reported-by: private_pers diff --git a/agent/command.c b/agent/command.c index 0916f88..3a547ff 100644 --- a/agent/command.c +++ b/agent/command.c @@ -293,50 +293,19 @@ parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf) /* Write an Assuan status line. KEYWORD is the first item on the - status line. The following arguments are all separated by a space - in the output. The last argument must be a NULL. Linefeeds and - carriage returns characters (which are not allowed in an Assuan - status line) are silently quoted in C-style. */ + * status line. The following arguments are all separated by a space + * in the output. The last argument must be a NULL. Linefeeds and + * carriage returns characters (which are not allowed in an Assuan + * status line) are silently quoted in C-style. */ gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...) { - gpg_error_t err = 0; + gpg_error_t err; va_list arg_ptr; - const char *text; assuan_context_t ctx = ctrl->server_local->assuan_ctx; - char buf[950], *p; - size_t n; va_start (arg_ptr, keyword); - - p = buf; - n = 0; - while ( (text = va_arg (arg_ptr, const char *)) ) - { - if (n) - { - *p++ = ' '; - n++; - } - for ( ; *text && n < DIM (buf)-3; n++, text++) - { - if (*text == '\n') - { - *p++ = '\\'; - *p++ = 'n'; - } - else if (*text == '\r') - { - *p++ = '\\'; - *p++ = 'r'; - } - else - *p++ = *text; - } - } - *p = 0; - err = assuan_write_status (ctx, keyword, buf); - + err = vprint_assuan_status_strings (ctx, keyword, arg_ptr); va_end (arg_ptr); return err; } diff --git a/common/asshelp.h b/common/asshelp.h index f169d87..bf1bd17 100644 --- a/common/asshelp.h +++ b/common/asshelp.h @@ -93,5 +93,12 @@ gpg_error_t vprint_assuan_status (assuan_context_t ctx, const char *format, va_list arg_ptr) GPGRT_ATTR_PRINTF(3,0); +gpg_error_t vprint_assuan_status_strings (assuan_context_t ctx, + const char *keyword, + va_list arg_ptr); +gpg_error_t print_assuan_status_strings (assuan_context_t ctx, + const char *keyword, + ...) GPGRT_ATTR_SENTINEL(1); + #endif /*GNUPG_COMMON_ASSHELP_H*/ diff --git a/common/asshelp2.c b/common/asshelp2.c index f85c1e6..0a7c454 100644 --- a/common/asshelp2.c +++ b/common/asshelp2.c @@ -71,3 +71,66 @@ print_assuan_status (assuan_context_t ctx, va_end (arg_ptr); return err; } + + +/* Helper function to print a list of strings as an assuan status + * line. KEYWORD is the first item on the status line. ARG_PTR is a + * list of strings which are all separated by a space in the output. + * The last argument must be a NULL. Linefeeds and carriage returns + * characters (which are not allowed in an Assuan status line) are + * silently quoted in C-style. */ +gpg_error_t +vprint_assuan_status_strings (assuan_context_t ctx, + const char *keyword, va_list arg_ptr) +{ + gpg_error_t err = 0; + const char *text; + char buf[950], *p; + size_t n; + + p = buf; + n = 0; + while ((text = va_arg (arg_ptr, const char *)) && n < DIM (buf)-3 ) + { + if (n) + { + *p++ = ' '; + n++; + } + for ( ; *text && n < DIM (buf)-3; n++, text++) + { + if (*text == '\n') + { + *p++ = '\\'; + *p++ = 'n'; + n++; + } + else if (*text == '\r') + { + *p++ = '\\'; + *p++ = 'r'; + n++; + } + else + *p++ = *text; + } + } + *p = 0; + err = assuan_write_status (ctx, keyword, buf); + + return err; +} + + +/* See vprint_assuan_status_strings. */ +gpg_error_t +print_assuan_status_strings (assuan_context_t ctx, const char *keyword, ...) +{ + va_list arg_ptr; + gpg_error_t err; + + va_start (arg_ptr, keyword); + err = vprint_assuan_status_strings (ctx, keyword, arg_ptr); + va_end (arg_ptr); + return err; +} diff --git a/dirmngr/server.c b/dirmngr/server.c index ab2ca85..60d9802 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2834,30 +2834,13 @@ dirmngr_status (ctrl_t ctrl, const char *keyword, ...) { gpg_error_t err = 0; va_list arg_ptr; - const char *text; assuan_context_t ctx; va_start (arg_ptr, keyword); if (ctrl->server_local && (ctx = ctrl->server_local->assuan_ctx)) { - char buf[950], *p; - size_t n; - - p = buf; - n = 0; - while ( (text = va_arg (arg_ptr, const char *)) ) - { - if (n) - { - *p++ = ' '; - n++; - } - for ( ; *text && n < DIM (buf)-2; n++) - *p++ = *text++; - } - *p = 0; - err = assuan_write_status (ctx, keyword, buf); + err = vprint_assuan_status_strings (ctx, keyword, arg_ptr); } va_end (arg_ptr); diff --git a/g13/server.c b/g13/server.c index bbe42d4..defde6c 100644 --- a/g13/server.c +++ b/g13/server.c @@ -34,6 +34,7 @@ #include "mount.h" #include "suspend.h" #include "../common/server-help.h" +#include "../common/asshelp.h" #include "../common/call-gpg.h" @@ -737,24 +738,8 @@ g13_status (ctrl_t ctrl, int no, ...) } else { - assuan_context_t ctx = ctrl->server_local->assuan_ctx; - char buf[950], *p; - size_t n; - - p = buf; - n = 0; - while ( (text = va_arg (arg_ptr, const char *)) ) - { - if (n) - { - *p++ = ' '; - n++; - } - for ( ; *text && n < DIM (buf)-2; n++) - *p++ = *text++; - } - *p = 0; - err = assuan_write_status (ctx, get_status_string (no), buf); + err = vprint_assuan_status_strings (ctrl->server_local->assuan_ctx, + get_status_string (no), arg_ptr); } va_end (arg_ptr); diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c index b57369d..791e3b7 100644 --- a/g13/sh-cmd.c +++ b/g13/sh-cmd.c @@ -28,6 +28,7 @@ #include "g13-syshelp.h" #include #include "../common/i18n.h" +#include "../common/asshelp.h" #include "keyblob.h" @@ -904,34 +905,13 @@ sh_encrypt_keyblob (ctrl_t ctrl, const void *keyblob, size_t keybloblen, gpg_error_t g13_status (ctrl_t ctrl, int no, ...) { - gpg_error_t err = 0; + gpg_error_t err; va_list arg_ptr; - const char *text; va_start (arg_ptr, no); - if (1) - { - assuan_context_t ctx = ctrl->server_local->assuan_ctx; - char buf[950], *p; - size_t n; - - p = buf; - n = 0; - while ( (text = va_arg (arg_ptr, const char *)) ) - { - if (n) - { - *p++ = ' '; - n++; - } - for ( ; *text && n < DIM (buf)-2; n++) - *p++ = *text++; - } - *p = 0; - err = assuan_write_status (ctx, get_status_string (no), buf); - } - + err = vprint_assuan_status_strings (ctrl->server_local->assuan_ctx, + get_status_string (no), arg_ptr); va_end (arg_ptr); return err; } diff --git a/scd/command.c b/scd/command.c index 6bcbce4..7011518 100644 --- a/scd/command.c +++ b/scd/command.c @@ -1848,7 +1848,8 @@ send_status_info (ctrl_t ctrl, const char *keyword, ...) p = buf; n = 0; - while ( (value = va_arg (arg_ptr, const unsigned char *)) ) + while ( (value = va_arg (arg_ptr, const unsigned char *)) + && n < DIM (buf)-2 ) { valuelen = va_arg (arg_ptr, size_t); if (!valuelen) @@ -1865,6 +1866,7 @@ send_status_info (ctrl_t ctrl, const char *keyword, ...) { sprintf (p, "%%%02X", *value); p += 3; + n += 2; } else if (*value == ' ') *p++ = '+'; diff --git a/sm/server.c b/sm/server.c index 568e51b..721f3fa 100644 --- a/sm/server.c +++ b/sm/server.c @@ -31,6 +31,7 @@ #include #include "../common/sysutils.h" #include "../common/server-help.h" +#include "../common/asshelp.h" #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) @@ -1426,24 +1427,8 @@ gpgsm_status2 (ctrl_t ctrl, int no, ...) } else { - assuan_context_t ctx = ctrl->server_local->assuan_ctx; - char buf[950], *p; - size_t n; - - p = buf; - n = 0; - while ( (text = va_arg (arg_ptr, const char *)) ) - { - if (n) - { - *p++ = ' '; - n++; - } - for ( ; *text && n < DIM (buf)-2; n++) - *p++ = *text++; - } - *p = 0; - err = assuan_write_status (ctx, get_status_string (no), buf); + err = vprint_assuan_status_strings (ctrl->server_local->assuan_ctx, + get_status_string (no), arg_ptr); } va_end (arg_ptr); ----------------------------------------------------------------------- Summary of changes: agent/command.c | 43 ++++++------------------------------- common/asshelp.h | 7 +++++++ common/asshelp2.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ dirmngr/server.c | 19 +---------------- g13/server.c | 21 +++---------------- g13/sh-cmd.c | 28 ++++--------------------- scd/command.c | 4 +++- sm/server.c | 21 +++---------------- 8 files changed, 90 insertions(+), 116 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 13:04:33 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 14 Feb 2018 13:04:33 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-29-g594b9ea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 594b9eadcc1539e01e5539f51834c085fb477a19 (commit) via 8adf84384e24e7241068ac4bd3868ac6bc50079e (commit) via 7e065b097cce4a694e2c59161a2c97040f5d4ba2 (commit) via 49aa620f7d551976c36d0141fdaeaca5d0e94cd1 (commit) from 3e1974e6ee4fa457c0953faf5d4770338f8c999a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 594b9eadcc1539e01e5539f51834c085fb477a19 Author: Andre Heinecke Date: Wed Feb 14 13:03:28 2018 +0100 Do sign then encrypt for MIME mails again * src/cryptcontroller.cpp (do_crypto): Do two step dance. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 5df1f66..c018f10 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -51,6 +51,11 @@ sink_data_write (sink_t sink, const void *data, size_t datalen) return 0; } +static int +create_sign_attach (sink_t sink, protocol_t protocol, + GpgME::Data &signature, + GpgME::Data &signedData, + const char *micalg); /** We have some C Style cruft in here as this was historically how GpgOL worked directly in the MAPI data objects. To reduce the regression @@ -494,8 +499,9 @@ CryptController::do_crypto () ctx->setTextMode (m_proto == GpgME::OpenPGP); ctx->setArmor (m_proto == GpgME::OpenPGP); - if (m_encrypt && m_sign) + if (m_encrypt && m_sign && m_inline) { + // Sign encrypt combined const auto result_pair = ctx->signAndEncrypt (m_recipients, m_inline ? m_bodyInput : m_input, m_output, @@ -516,6 +522,66 @@ CryptController::do_crypto () return -2; } } + else if (m_encrypt && m_sign) + { + // First sign then encrypt + const auto sigResult = ctx->sign (m_input, m_output, + GpgME::Detached); + if (sigResult.error()) + { + log_error ("%s:%s: Signing error %s.", + SRCNAME, __func__, sigResult.error().asString()); + return -1; + } + if (sigResult.error().isCanceled()) + { + log_debug ("%s:%s: User cancled", + SRCNAME, __func__); + return -2; + } + parse_micalg (sigResult); + + // We now have plaintext in m_input + // The detached signature in m_output + + // Set up the sink object to construct the multipart/signed + GpgME::Data multipart; + struct sink_s sinkmem; + sink_t sink = &sinkmem; + memset (sink, 0, sizeof *sink); + sink->cb_data = &multipart; + sink->writefnc = sink_data_write; + + if (create_sign_attach (sink, + m_proto == GpgME::CMS ? + PROTOCOL_SMIME : PROTOCOL_OPENPGP, + m_output, m_input, m_micalg.c_str ())) + { + TRACEPOINT; + return -1; + } + + // Now we have the multipart throw away the rest. + m_output = GpgME::Data (); + m_input = GpgME::Data (); + multipart.seek (0, SEEK_SET); + const auto encResult = ctx->encrypt (m_recipients, multipart, + m_output, + GpgME::Context::AlwaysTrust); + if (encResult.error()) + { + log_error ("%s:%s: Encryption error %s.", + SRCNAME, __func__, encResult.error().asString()); + return -1; + } + if (encResult.error().isCanceled()) + { + log_debug ("%s:%s: User cancled", + SRCNAME, __func__); + return -2; + } + // Now we have encrypted output just treat it like encrypted. + } else if (m_encrypt) { const auto result = ctx->encrypt (m_recipients, m_inline ? m_bodyInput : m_input, @@ -586,7 +652,7 @@ write_data (sink_t sink, GpgME::Data &data) return 0; } -static int +int create_sign_attach (sink_t sink, protocol_t protocol, GpgME::Data &signature, GpgME::Data &signedData, @@ -778,7 +844,6 @@ CryptController::update_mail_mapi () int rc = 0; if (m_sign && m_encrypt) { - // FIXME we need some doubling here for S/MIME. rc = create_encrypt_attach (sink, protocol, m_output); } else if (m_encrypt) commit 8adf84384e24e7241068ac4bd3868ac6bc50079e Author: Andre Heinecke Date: Wed Feb 14 12:42:28 2018 +0100 Take micalg from the created signature * src/cryptcontroller.cpp (CryptController::parse_micalg): New. (CryptController::update_mail_mapi): Pass micalg. (create_sign_attach): Take micalg. * src/cryptcontroller.h: Update accordingly. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index cc7b90d..5df1f66 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -551,6 +551,7 @@ CryptController::do_crypto () SRCNAME, __func__); return -2; } + parse_micalg (result); } else { @@ -588,7 +589,8 @@ write_data (sink_t sink, GpgME::Data &data) static int create_sign_attach (sink_t sink, protocol_t protocol, GpgME::Data &signature, - GpgME::Data &signedData) + GpgME::Data &signedData, + const char *micalg) { char boundary[BOUNDARYSIZE+1]; char top_header[BOUNDARYSIZE+200]; @@ -598,7 +600,7 @@ create_sign_attach (sink_t sink, protocol_t protocol, generate_boundary (boundary); create_top_signing_header (top_header, sizeof top_header, protocol, 1, boundary, - protocol == PROTOCOL_SMIME ? "sha1":"pgp-sha1"); + micalg); if ((rc = write_string (sink, top_header))) { @@ -785,7 +787,7 @@ CryptController::update_mail_mapi () } else if (m_sign) { - rc = create_sign_attach (sink, protocol, m_output, m_input); + rc = create_sign_attach (sink, protocol, m_output, m_input, m_micalg.c_str ()); } // Close our attachment @@ -832,3 +834,38 @@ CryptController::get_inline_data () } return ret; } + +void +CryptController::parse_micalg (const GpgME::SigningResult &result) +{ + if (result.isNull()) + { + TRACEPOINT; + return; + } + const auto signature = result.createdSignature(0); + if (signature.isNull()) + { + TRACEPOINT; + return; + } + + const char *hashAlg = signature.hashAlgorithmAsString (); + if (!hashAlg) + { + TRACEPOINT; + return; + } + if (m_proto == GpgME::OpenPGP) + { + m_micalg = std::string("pgp-") + hashAlg; + } + else + { + m_micalg = hashAlg; + } + std::transform(m_micalg.begin(), m_micalg.end(), m_micalg.begin(), ::tolower); + + log_debug ("%s:%s: micalg is: '%s'.", + SRCNAME, __func__, m_micalg.c_str ()); +} diff --git a/src/cryptcontroller.h b/src/cryptcontroller.h index c6d0cbd..1540978 100644 --- a/src/cryptcontroller.h +++ b/src/cryptcontroller.h @@ -29,6 +29,11 @@ class Mail; +namespace GpgME +{ + class SigningResult; +} // namespace GpgME + class CryptController { public: @@ -64,9 +69,12 @@ private: int lookup_fingerprints (const std::string &sigFpr, const std::vector recpFprs); + void parse_micalg (const GpgME::SigningResult &sResult); + private: Mail *m_mail; - GpgME::Data m_input, m_bodyInput, m_smime_intermediate, m_output; + GpgME::Data m_input, m_bodyInput, m_signedData, m_output; + std::string m_micalg; bool m_encrypt, m_sign, m_inline, m_crypto_success; GpgME::Protocol m_proto; GpgME::Key m_signer_key; commit 7e065b097cce4a694e2c59161a2c97040f5d4ba2 Author: Andre Heinecke Date: Wed Feb 14 12:06:43 2018 +0100 Fix S/MIME Encrypt * src/cryptcontroller.cpp (create_encrypt_attach): Write binary as base64. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 53aca67..cc7b90d 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -706,7 +706,15 @@ create_encrypt_attach (sink_t sink, protocol_t protocol, return rc; } - rc = write_data (sink, encryptedData); + if (protocol == PROTOCOL_OPENPGP) + { + rc = write_data (sink, encryptedData); + } + else + { + const auto encStr = encryptedData.toString(); + rc = write_b64 (sink, encStr.c_str(), encStr.size()); + } if (rc) { log_error ("%s:%s: Failed to create top header.", commit 49aa620f7d551976c36d0141fdaeaca5d0e94cd1 Author: Andre Heinecke Date: Wed Feb 14 11:56:03 2018 +0100 Fix S/MIME Signature in new architecture * src/cryptcontroller.cpp (CryptController::do_crypto): Set text mode and armor only for PGP (create_sign_attach): Write signature as base64 for S/MIME. * src/mimemaker.h, src/mimemaker.cpp (write_b64): Export. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 733389f..53aca67 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -491,8 +491,8 @@ CryptController::do_crypto () ctx->addSigningKey (m_signer_key); } - ctx->setTextMode (true); - ctx->setArmor (true); + ctx->setTextMode (m_proto == GpgME::OpenPGP); + ctx->setArmor (m_proto == GpgME::OpenPGP); if (m_encrypt && m_sign) { @@ -659,7 +659,16 @@ create_sign_attach (sink_t sink, protocol_t protocol, } // Write the signature data - if ((rc = write_data (sink, signature))) + if (protocol == PROTOCOL_SMIME) + { + const std::string sigStr = signature.toString(); + if ((rc = write_b64 (sink, (const void *) sigStr.c_str (), sigStr.size()))) + { + TRACEPOINT; + return rc; + } + } + else if ((rc = write_data (sink, signature))) { TRACEPOINT; return rc; diff --git a/src/mimemaker.cpp b/src/mimemaker.cpp index 2693f49..449a74e 100644 --- a/src/mimemaker.cpp +++ b/src/mimemaker.cpp @@ -318,7 +318,7 @@ write_boundary (sink_t sink, const char *boundary, int lastone) /* Write DATALEN bytes of DATA to SINK in base64 encoding. This creates a complete Base64 chunk including the trailing fillers. */ -static int +int write_b64 (sink_t sink, const void *data, size_t datalen) { int rc; diff --git a/src/mimemaker.h b/src/mimemaker.h index 3f29ecc..32415fb 100644 --- a/src/mimemaker.h +++ b/src/mimemaker.h @@ -91,6 +91,7 @@ void cancel_mapi_attachment (LPATTACH *attach, sink_t sink); void create_top_signing_header (char *buffer, size_t buflen, protocol_t protocol, int first, const char *boundary, const char *micalg); int write_string (sink_t sink, const char *text); +int write_b64 (sink_t sink, const void *data, size_t datalen); #ifdef __cplusplus } ----------------------------------------------------------------------- Summary of changes: src/cryptcontroller.cpp | 139 ++++++++++++++++++++++++++++++++++++++++++++---- src/cryptcontroller.h | 10 +++- src/mimemaker.cpp | 2 +- src/mimemaker.h | 1 + 4 files changed, 140 insertions(+), 12 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 14:07:25 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Feb 2018 14:07:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.4-116-g24ae5af Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 24ae5af102cb53bd7abfb9f25aca93debb785a2f (commit) from 8305739fe857ed3378f885bb43777fd518dd1060 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24ae5af102cb53bd7abfb9f25aca93debb785a2f Author: Werner Koch Date: Wed Feb 14 14:01:36 2018 +0100 Register DCO for Jussi. -- Also sorted the list. diff --git a/AUTHORS b/AUTHORS index dd86d53..fd215d2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -169,6 +169,9 @@ Andre Heinecke Andreas Schwier 2014-07-22:53CED1D8.1010306 at cardcontact.de: +Arnaud Fontaine +2016-10-17:580484F4.8040806 at ssi.gouv.fr: + Christian Aistleitner 2013-05-26:20130626112332.GA2228 at quelltextlich.at: @@ -190,9 +193,19 @@ Jonas Borgstr?m Joshua Rogers 2014-12-22:5497FE75.7010503 at internot.info: +Jussi Kivilinna +2018-02-11:2d8b7014-ff67-1e73-1152-9ff9fb8c10d7 at iki.fi: + Kyle Butt 2013-05-29:CAAODAYLbCtqOG6msLLL0UTdASKWT6u2ptxsgUQ1JpusBESBoNQ at mail.gmail.com: +Phil Pennock +Phil Pennock +2017-01-19:20170119061225.GA26207 at breadbox.private.spodhuis.org: + +Rainer Perske +2017-10-24:permail-2017102014511105be2aed00002fc6-perske at message-id.uni-muenster.de: + Stefan Tomanek 2014-01-30:20140129234449.GY30808 at zirkel.wertarbyte.de: @@ -208,16 +221,6 @@ William L. Thomson Jr. Yann E. MORIN 2016-07-10:20160710093202.GA3688 at free.fr: -Arnaud Fontaine -2016-10-17:580484F4.8040806 at ssi.gouv.fr: - -Phil Pennock -Phil Pennock -2017-01-19:20170119061225.GA26207 at breadbox.private.spodhuis.org: - -Rainer Perske -2017-10-24:permail-2017102014511105be2aed00002fc6-perske at message-id.uni-muenster.de: - Other authors ============= ----------------------------------------------------------------------- Summary of changes: AUTHORS | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 15:01:10 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 14 Feb 2018 15:01:10 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-24-g8071961 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 80719612b7e92aff5887f2a68d550a24f350722c (commit) via 29aac7798085ee38da5107698618890ae7593c96 (commit) from f19ff78f0fbfc2793d8a9ab0173486bf712871ac (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 80719612b7e92aff5887f2a68d550a24f350722c Author: Werner Koch Date: Wed Feb 14 14:54:51 2018 +0100 sm: Fix minor memory leak in --export-p12. * sm/export.c (gpgsm_p12_export): Free KEYGRIP. Signed-off-by: Werner Koch diff --git a/sm/export.c b/sm/export.c index a8c9a4a..7bea9cc 100644 --- a/sm/export.c +++ b/sm/export.c @@ -479,6 +479,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode) leave: gnupg_ksba_destroy_writer (b64writer); ksba_cert_release (cert); + xfree (keygrip); xfree (desc); keydb_release (hd); } commit 29aac7798085ee38da5107698618890ae7593c96 Author: Katsuhiro Ueno Date: Wed Feb 7 18:46:54 2018 +0900 sm: Fix a wrong key parameter in an exported private key file * sm/export.c (sexp_to_kparms): Fix the computation of array[6], which must be 'd mod (q-1)' but was 'p mod (q-1)'. -- This bug is not serious but makes some consistency checks fail. For example, 'openssl rsa -check' reports the following error: $ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX $ openssl rsa -check -noout -inform DER -in my.key RSA key error: dmq1 not congruent to d -- Let me(wk) add this: This bug was introduced with Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d right at the start of GnuPG 2.1 in July 2010. Before that (in 2.0) we used gpg-protect-tool which got it right. We probably never noticed this because gpgsm, and maybe other tools too, fix things up during import. Signed-off-by: Werner Koch diff --git a/sm/export.c b/sm/export.c index 29a5ac3..a8c9a4a 100644 --- a/sm/export.c +++ b/sm/export.c @@ -603,7 +603,7 @@ sexp_to_kparms (gcry_sexp_t sexp) array[6] = gcry_mpi_snew (0); /* compute d mod (p-1) */ gcry_mpi_sub_ui (array[6], array[4], 1); - gcry_mpi_mod (array[6], array[3], array[6]); + gcry_mpi_mod (array[6], array[2], array[6]); return array; } ----------------------------------------------------------------------- Summary of changes: sm/export.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 17:30:10 2018 From: cvs at cvs.gnupg.org (by Katsuhiro Ueno) Date: Wed, 14 Feb 2018 17:30:10 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-25-gdf97fe2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via df97fe24807826ddc2af0e45e416fb81c5666f88 (commit) from 80719612b7e92aff5887f2a68d550a24f350722c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit df97fe24807826ddc2af0e45e416fb81c5666f88 Author: Katsuhiro Ueno Date: Wed Feb 7 18:52:37 2018 +0900 agent: Avoid appending a '\0' byte to the response of READKEY * agent/command.c (cmd_readkey): Set pkbuflen to the length of the output without an extra '\0' byte. diff --git a/agent/command.c b/agent/command.c index 3a547ff..f9bc6ca 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1031,7 +1031,8 @@ cmd_readkey (assuan_context_t ctx, char *line) rc = gpg_error_from_syserror (); else { - gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, pkbuf, pkbuflen); + pkbuflen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, + pkbuf, pkbuflen); rc = assuan_send_data (ctx, pkbuf, pkbuflen); } } ----------------------------------------------------------------------- Summary of changes: agent/command.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 14 19:58:32 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 14 Feb 2018 19:58:32 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-30-gab69aab Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via ab69aab5ea815d377236f02f207ebb0aaaf6406a (commit) from 594b9eadcc1539e01e5539f51834c085fb477a19 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ab69aab5ea815d377236f02f207ebb0aaaf6406a Author: Andre Heinecke Date: Wed Feb 14 19:55:01 2018 +0100 Use overlayer tool for "encrypting..." overlay * src/cryptcontroller.cpp (CryptController::~CryptController): Ensure overlay is stopped. (vector_to_charArray): New helper. (CryptController::lookup_fingerprints): User helper. (CryptController::resolve_keys): Start crypto overlay. (CryptController::stop_crypto_overlay), (CryptController::start_crypto_overlay): New. * src/cryptcontroller.h: Update accordingly. * src/mail.cpp (Mail::reset_crypter): New. (do_crypt): Reset crypter on error. * src/mail.h: Update accordingly. -- This is basically nice. If spawning takes a long time the mail window is not overlayed for a bit. But that should be ok. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index c018f10..2920544 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -77,6 +77,7 @@ CryptController::CryptController (Mail *mail, bool encrypt, bool sign, CryptController::~CryptController() { + stop_crypto_overlay(); log_debug ("%s:%s:%p", SRCNAME, __func__, m_mail); } @@ -180,6 +181,18 @@ rtrim(std::string &s) { }).base(), s.end()); } +char ** +vector_to_charArray(const std::vector &vec) +{ + char ** ret = (char**) xmalloc (sizeof (char*) * (vec.size() + 1)); + for (size_t i = 0; i < vec.size(); i++) + { + ret[i] = strdup (vec[i].c_str()); + } + ret[vec.size()] = NULL; + return ret; +} + int CryptController::lookup_fingerprints (const std::string &sigFpr, const std::vector recpFprs) @@ -219,12 +232,7 @@ CryptController::lookup_fingerprints (const std::string &sigFpr, } // Convert recipient fingerprints - char **cRecps = (char**) xmalloc (sizeof (char*) * (recpFprs.size() + 1)); - for (size_t i = 0; i < recpFprs.size(); i++) - { - cRecps[i] = strdup (recpFprs[i].c_str()); - } - cRecps[recpFprs.size()] = NULL; + char **cRecps = vector_to_charArray (recpFprs); err = ctx->startKeyListing (const_cast (cRecps)); @@ -400,12 +408,7 @@ CryptController::resolve_keys () // Convert our collected vector to c strings // It's a bit overhead but should be quick for such small // data. - char **cargs = (char**) xmalloc (sizeof (char*) * (args.size() + 1)); - for (size_t i = 0; i < args.size(); i++) - { - cargs[i] = strdup (args[i].c_str()); - } - cargs[args.size()] = NULL; + char **cargs = vector_to_charArray (args); // Args are prepared. Spawn the resolver. auto ctx = GpgME::Context::createForEngine (GpgME::SpawnEngine); @@ -437,6 +440,9 @@ CryptController::resolve_keys () // So we do it manually. bring_to_front (wnd); + // We need to create an overlay while encrypting as pinentry can take a while + start_crypto_overlay(); + #ifdef DEBUG_RESOLVER log_debug ("Resolver stdout:\n'%s'", mystdout.toString ().c_str ()); log_debug ("Resolver stderr:\n'%s'", mystderr.toString ().c_str ()); @@ -630,6 +636,7 @@ CryptController::do_crypto () log_debug ("%s:%s: Crypto done sucessfuly.", SRCNAME, __func__); m_crypto_success = true; + return 0; } @@ -934,3 +941,77 @@ CryptController::parse_micalg (const GpgME::SigningResult &result) log_debug ("%s:%s: micalg is: '%s'.", SRCNAME, __func__, m_micalg.c_str ()); } + +void +CryptController::stop_crypto_overlay () +{ + if (m_overlayCtx) + { + log_debug ("%s:%s: Stopping crypto overlay.", + SRCNAME, __func__); + m_overlayStdin.write ("quit\n", 5); + m_overlayCtx = nullptr; + } +} + +void +CryptController::start_crypto_overlay () +{ + std::vector args; + + // Collect the arguments + char *gpg4win_dir = get_gpg4win_dir (); + if (!gpg4win_dir) + { + TRACEPOINT; + return; + } + const auto overlayer = std::string (gpg4win_dir) + "\\bin\\overlayer.exe"; + args.push_back (overlayer); + + auto wnd = m_mail->get_window (); + if (wnd) + { + // Pass the handle of the active window for raise / overlay. + args.push_back (std::string ("--hwnd")); + args.push_back (std::to_string ((int) wnd)); + } + + args.push_back (std::string ("--overlayText")); + if (m_encrypt) + { + args.push_back (std::string (_("Encrypting..."))); + } + else if (m_sign) + { + args.push_back (std::string (_("Signing..."))); + } + char **cargs = vector_to_charArray (args); + + m_overlayCtx = GpgME::Context::createForEngine (GpgME::SpawnEngine); + + if (!m_overlayCtx) + { + // can't happen + release_carray (cargs); + TRACEPOINT; + return; + } + + GpgME::Data mystderr(GpgME::Data::null); + GpgME::Data mystdout(GpgME::Data::null); + + GpgME::Error err = m_overlayCtx->spawnAsync (cargs[0], const_cast (cargs), + m_overlayStdin, mystdout, mystderr, + (GpgME::Context::SpawnFlags) ( + GpgME::Context::SpawnAllowSetFg | + GpgME::Context::SpawnShowWindow)); +#ifdef DEBUG_RESOLVER + log_debug ("Overlayer args:"); + for (size_t i = 0; cargs && cargs[i]; i++) + { + log_debug ("%i: '%s'", i, cargs[i]); + } +#endif + release_carray (cargs); +} diff --git a/src/cryptcontroller.h b/src/cryptcontroller.h index 1540978..4178a2c 100644 --- a/src/cryptcontroller.h +++ b/src/cryptcontroller.h @@ -71,14 +71,19 @@ private: void parse_micalg (const GpgME::SigningResult &sResult); + void start_crypto_overlay (); + void stop_crypto_overlay (); + private: Mail *m_mail; GpgME::Data m_input, m_bodyInput, m_signedData, m_output; + GpgME::Data m_overlayStdin; std::string m_micalg; bool m_encrypt, m_sign, m_inline, m_crypto_success; GpgME::Protocol m_proto; GpgME::Key m_signer_key; std::vector m_recipients; + std::unique_ptr m_overlayCtx; }; #endif diff --git a/src/mail.cpp b/src/mail.cpp index c5e6946..c86eac5 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -789,6 +789,7 @@ do_crypt (LPVOID arg) log_debug ("%s:%s: crypto failed for: %p with: %i", SRCNAME, __func__, arg, rc); mail->set_crypt_state (Mail::NoCryptMail); + mail->reset_crypter (); gpgrt_lock_unlock (&dtor_lock); return rc; } @@ -2577,7 +2578,7 @@ Mail::update_crypt_mapi() m_crypt_state = WantsSendMIME; } // We don't need the crypter anymore. - m_crypter = nullptr; + reset_crypter (); } void diff --git a/src/mail.h b/src/mail.h index 08450d9..acc783b 100644 --- a/src/mail.h +++ b/src/mail.h @@ -417,6 +417,10 @@ public: */ HWND get_window () { return m_window; } + /** Cleanup any attached crypter object. Useful + on error. */ + void reset_crypter () { m_crypter = nullptr; } + private: void update_categories (); void update_body (); ----------------------------------------------------------------------- Summary of changes: src/cryptcontroller.cpp | 105 ++++++++++++++++++++++++++++++++++++++++++------ src/cryptcontroller.h | 5 +++ src/mail.cpp | 3 +- src/mail.h | 4 ++ 4 files changed, 104 insertions(+), 13 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 15 02:28:43 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 15 Feb 2018 02:28:43 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-13-gc9a351f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c9a351f5af289c8f6919854c40f235c781b76ec7 (commit) from f1d8a7975b0a166f55aef06eb25d50230781b96f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c9a351f5af289c8f6919854c40f235c781b76ec7 Author: NIIBE Yutaka Date: Thu Feb 15 10:27:59 2018 +0900 build: More Makefile fix. * lang/python/tests/Makefile.am: Avoid target with '/'. Signed-off-by: NIIBE Yutaka diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 25b15f2..6224e5a 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -79,7 +79,7 @@ xcheck: all CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ gpg.conf pubring.gpg~ \ random_seed .gpg-v21-migrated tofu.db \ - pubring-stamp private-keys-v1.d/gpg-sample.stamp + pubring-stamp gpg-sample.stamp private_keys = \ $(test_srcdir)/13CD0F3BDF24BE53FE192D62F18737256FF6E4FD \ @@ -94,18 +94,17 @@ clean-local: BUILT_SOURCES = gpg.conf gpg-agent.conf pubring-stamp \ - private-keys-v1.d/gpg-sample.stamp + gpg-sample.stamp -private-keys-v1.d/gpg-sample.stamp: $(private_keys) +gpg-sample.stamp: $(private_keys) -gpgconf --kill all $(MKDIR_P) ./private-keys-v1.d for k in $(private_keys); do \ cp $$k private-keys-v1.d/$${k#$(test_srcdir)/}.key; \ done - echo x > ./private-keys-v1.d/gpg-sample.stamp + echo x > ./gpg-sample.stamp -pubring-stamp: $(test_srcdir)/pubdemo.asc \ - ./private-keys-v1.d/gpg-sample.stamp +pubring-stamp: $(test_srcdir)/pubdemo.asc gpg-sample.stamp $(GPG) --batch --no-permission-warning \ --import $(test_srcdir)/pubdemo.asc -$(GPG) --batch --no-permission-warning \ ----------------------------------------------------------------------- Summary of changes: lang/python/tests/Makefile.am | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 15 03:15:13 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 15 Feb 2018 03:15:13 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-14-gb5ec21b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via b5ec21b9baf017b4cee88c9ef3cc1a638547cd20 (commit) from c9a351f5af289c8f6919854c40f235c781b76ec7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b5ec21b9baf017b4cee88c9ef3cc1a638547cd20 Author: NIIBE Yutaka Date: Thu Feb 15 11:14:49 2018 +0900 tests: Makefile portability. * tests/gpg/Makefile.am: Don't use "export" directive. * tests/gpgsm/Makefile.am: Ditto. * lang/qt/tests/Makefile.am: Ditto. * lang/python/tests/Makefile.am: Ditto. -- GnuPG-bug-id: 3056 Signed-off-by: NIIBE Yutaka diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 6224e5a..3864f8b 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -18,8 +18,6 @@ GPG = gpg GPG_AGENT = gpg-agent -export GNUPGHOME := $(abs_builddir) -export GPG_AGENT_INFO := test_srcdir = $(top_srcdir)/tests/gpg @@ -89,7 +87,7 @@ private_keys = \ $(test_srcdir)/7A030357C0F253A5BBCD282FFC4E521B37558F5C clean-local: - -$(top_srcdir)/tests/start-stop-agent --stop + -$(TESTS_ENVIRONMENT) $(top_srcdir)/tests/start-stop-agent --stop -rm -fR -- private-keys-v1.d openpgp-revocs.d S.gpg-agent sshcontrol @@ -97,7 +95,7 @@ BUILT_SOURCES = gpg.conf gpg-agent.conf pubring-stamp \ gpg-sample.stamp gpg-sample.stamp: $(private_keys) - -gpgconf --kill all + -$(TESTS_ENVIRONMENT) gpgconf --kill all $(MKDIR_P) ./private-keys-v1.d for k in $(private_keys); do \ cp $$k private-keys-v1.d/$${k#$(test_srcdir)/}.key; \ @@ -105,9 +103,9 @@ gpg-sample.stamp: $(private_keys) echo x > ./gpg-sample.stamp pubring-stamp: $(test_srcdir)/pubdemo.asc gpg-sample.stamp - $(GPG) --batch --no-permission-warning \ + $(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \ --import $(test_srcdir)/pubdemo.asc - -$(GPG) --batch --no-permission-warning \ + -$(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \ --import $(test_srcdir)/secdemo.asc echo x > ./pubring-stamp diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index a662b4c..104672e 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -70,21 +70,19 @@ CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg.conf tofu.db clean-local: - -$(top_srcdir)/tests/start-stop-agent --stop + -$(TESTS_ENVIRONMENT) $(top_srcdir)/tests/start-stop-agent --stop -rm -fR private-keys-v1.d crls.d -export GNUPGHOME := $(abs_builddir) - pubring-stamp: $(top_srcdir)/tests/gpg/pubdemo.asc \ $(top_srcdir)/tests/gpg/secdemo.asc - -gpgconf --kill all + -$(TESTS_ENVIRONMENT) gpgconf --kill all echo "ignore-invalid-option allow-loopback-pinentry" > $(abs_builddir)/gpg-agent.conf echo "allow-loopback-pinentry" >> gpg-agent.conf echo "ignore-invalid-option pinentry-mode" > gpg.conf echo "pinentry-mode loopback" >> gpg.conf - $(GPG) --no-permission-warning \ + $(TESTS_ENVIRONMENT) $(GPG) --no-permission-warning \ --import $(top_srcdir)/tests/gpg/pubdemo.asc - $(GPG) --no-permission-warning \ + $(TESTS_ENVIRONMENT) $(GPG) --no-permission-warning \ --passphrase "abc" \ --import $(top_srcdir)/tests/gpg/secdemo.asc touch pubring-stamp diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index 034bb5e..1d73d02 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -81,15 +81,11 @@ noinst_PROGRAMS = $(c_tests) $(tests_skipped) clean-local: - -$(top_srcdir)/tests/start-stop-agent --stop + -$(TESTS_ENVIRONMENT) $(top_srcdir)/tests/start-stop-agent --stop -rm -fR private-keys-v1.d -export GNUPGHOME := $(abs_builddir) - -export GPG_AGENT_INFO := - gpg-sample.stamp: $(srcdir)/$(private_keys) - -gpgconf --kill all + -$(TESTS_ENVIRONMENT) gpgconf --kill all $(MKDIR_P) ./private-keys-v1.d for k in $(private_keys); do \ cp $(srcdir)/$$k private-keys-v1.d/$$k.key; \ diff --git a/tests/gpgsm/Makefile.am b/tests/gpgsm/Makefile.am index 3b8eb72..d2acd05 100644 --- a/tests/gpgsm/Makefile.am +++ b/tests/gpgsm/Makefile.am @@ -49,18 +49,14 @@ CLEANFILES = pubring-stamp pubring.kbx pubring.kbx~ gpgsm.conf trustlist.txt \ random_seed S.gpg-agent gpg-sample.stamp clean-local: - -$(top_srcdir)/tests/start-stop-agent --stop + -$(TESTS_ENVIRONMENT) $(top_srcdir)/tests/start-stop-agent --stop -rm -fR private-keys-v1.d -export GNUPGHOME := $(abs_builddir) - -export GPG_AGENT_INFO := - BUILT_SOURCES = gpgsm.conf trustlist.txt pubring-stamp \ gpg-sample.stamp pubring-stamp: $(srcdir)/cert_g10code_test1.der gpg-sample.stamp - $(GPGSM) --import $(srcdir)/cert_g10code_test1.der + $(TESTS_ENVIRONMENT) $(GPGSM) --import $(srcdir)/cert_g10code_test1.der touch pubring-stamp gpgsm.conf: @@ -69,7 +65,7 @@ gpgsm.conf: echo "agent-program `which $(GPG_AGENT)`|--debug-quick-random" >> ./gpgsm.conf gpg-sample.stamp: $(srcdir)/$(key_id) - -gpgconf --kill all + -$(TESTS_ENVIRONMENT) gpgconf --kill all $(MKDIR_P) ./private-keys-v1.d cp $(srcdir)/$(key_id) private-keys-v1.d/$(key_id).key echo x > ./gpg-sample.stamp ----------------------------------------------------------------------- Summary of changes: lang/python/tests/Makefile.am | 10 ++++------ lang/qt/tests/Makefile.am | 10 ++++------ tests/gpg/Makefile.am | 8 ++------ tests/gpgsm/Makefile.am | 10 +++------- 4 files changed, 13 insertions(+), 25 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 15 03:25:16 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 15 Feb 2018 03:25:16 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-15-gba6e610 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ba6e610baa138ba9b43be303df2c5981dd04de5a (commit) from b5ec21b9baf017b4cee88c9ef3cc1a638547cd20 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ba6e610baa138ba9b43be303df2c5981dd04de5a Author: NIIBE Yutaka Date: Thu Feb 15 11:24:33 2018 +0900 tests: More Makefile portability. * tests/gpg/Makefile.am: Invoke GPG with TESTS_ENVIRONMENT. Signed-off-by: NIIBE Yutaka diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index 1d73d02..6a95e59 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -93,9 +93,9 @@ gpg-sample.stamp: $(srcdir)/$(private_keys) echo x > ./gpg-sample.stamp pubring-stamp: $(srcdir)/pubdemo.asc gpg-sample.stamp - $(GPG) --batch --no-permission-warning \ + $(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \ --import $(srcdir)/pubdemo.asc - -$(GPG) --batch --no-permission-warning \ + $(TESTS_ENVIRONMENT) -$(GPG) --batch --no-permission-warning \ --import $(srcdir)/secdemo.asc echo x > ./pubring-stamp ----------------------------------------------------------------------- Summary of changes: tests/gpg/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 15 03:32:20 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 15 Feb 2018 03:32:20 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-16-g3224d7f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 3224d7f0ea83a3c2baaa9f97846c4a5b392d2c59 (commit) from ba6e610baa138ba9b43be303df2c5981dd04de5a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3224d7f0ea83a3c2baaa9f97846c4a5b392d2c59 Author: NIIBE Yutaka Date: Thu Feb 15 11:31:57 2018 +0900 tests: Fix previous commit Signed-off-by: NIIBE Yutaka diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index 6a95e59..b50f4b0 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -95,7 +95,7 @@ gpg-sample.stamp: $(srcdir)/$(private_keys) pubring-stamp: $(srcdir)/pubdemo.asc gpg-sample.stamp $(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \ --import $(srcdir)/pubdemo.asc - $(TESTS_ENVIRONMENT) -$(GPG) --batch --no-permission-warning \ + -$(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \ --import $(srcdir)/secdemo.asc echo x > ./pubring-stamp ----------------------------------------------------------------------- Summary of changes: tests/gpg/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 15 06:23:57 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 15 Feb 2018 06:23:57 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-26-gca138d5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via ca138d5bf36accde2fd755249b470a8dc8743c95 (commit) from df97fe24807826ddc2af0e45e416fb81c5666f88 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ca138d5bf36accde2fd755249b470a8dc8743c95 Author: NIIBE Yutaka Date: Thu Feb 15 14:22:06 2018 +0900 gpg: Fix reversed messages for --only-sign-text-ids. * g10/keyedit.c (keyedit_menu): Fix messages. -- GnuPG-bug-id: 3787 Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a Signed-off-by: NIIBE Yutaka diff --git a/g10/keyedit.c b/g10/keyedit.c index 4acb2de..17cf7d6 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1664,11 +1664,11 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, if (opt.only_sign_text_ids) result = cpr_get_answer_is_yes ("keyedit.sign_all.okay", - _("Really sign all user IDs? (y/N) ")); + _("Really sign all text user IDs? (y/N) ")); else result = cpr_get_answer_is_yes ("keyedit.sign_all.okay", - _("Really sign all text user IDs? (y/N) ")); + _("Really sign all user IDs? (y/N) ")); if (! result) { ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 15 11:47:51 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 15 Feb 2018 11:47:51 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-27-g5e3679a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 5e3679ae395e7a7e44f218f07bbe487429f1b279 (commit) from ca138d5bf36accde2fd755249b470a8dc8743c95 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e3679ae395e7a7e44f218f07bbe487429f1b279 Author: Werner Koch Date: Thu Feb 15 11:17:28 2018 +0100 kbx: Fix detection of corrupted keyblocks on 32 bit systems. * kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN checking. (blob_cmp_fpr_part): Ditto. (blob_cmp_name): Ditto. (blob_cmp_mail): Ditto. (blob_x509_has_grip): Ditto. (keybox_get_keyblock): Check OFF and LEN using a 64 bit var. (keybox_get_cert): Ditto. -- On most 32 bit systems size_t is 32 bit and thus the check size_t cert_off = get32 (buffer+8); size_t cert_len = get32 (buffer+12); if (cert_off+cert_len > length) return gpg_error (GPG_ERR_TOO_SHORT); does not work as intended for all supplied values. The simplest solution here is to cast them to 64 bit. In general it will be better to avoid size_t at all and work with uint64_t. We did not do this in the past because uint64_t was not universally available. GnuPG-bug-id: 3770 Signed-off-by: Werner Koch diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index a5fc7fa..e309cce 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -247,7 +247,7 @@ blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr) if (keyinfolen < 28) return 0; /* invalid blob */ pos = 20; - if (pos + keyinfolen*nkeys > length) + if (pos + (uint64_t)keyinfolen*nkeys > (uint64_t)length) return 0; /* out of bounds */ for (idx=0; idx < nkeys; idx++) @@ -279,7 +279,7 @@ blob_cmp_fpr_part (KEYBOXBLOB blob, const unsigned char *fpr, if (keyinfolen < 28) return 0; /* invalid blob */ pos = 20; - if (pos + keyinfolen*nkeys > length) + if (pos + (uint64_t)keyinfolen*nkeys > (uint64_t)length) return 0; /* out of bounds */ for (idx=0; idx < nkeys; idx++) @@ -313,7 +313,7 @@ blob_cmp_name (KEYBOXBLOB blob, int idx, if (keyinfolen < 28) return 0; /* invalid blob */ pos = 20 + keyinfolen*nkeys; - if (pos+2 > length) + if ((uint64_t)pos+2 > (uint64_t)length) return 0; /* out of bounds */ /*serial*/ @@ -340,7 +340,7 @@ blob_cmp_name (KEYBOXBLOB blob, int idx, mypos += idx*uidinfolen; off = get32 (buffer+mypos); len = get32 (buffer+mypos+4); - if (off+len > length) + if ((uint64_t)off+(uint64_t)len > (uint64_t)length) return 0; /* error: better stop here out of bounds */ if (len < 1) continue; /* empty name */ @@ -439,7 +439,7 @@ blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr, mypos += idx*uidinfolen; off = get32 (buffer+mypos); len = get32 (buffer+mypos+4); - if (off+len > length) + if ((uint64_t)off+(uint64_t)len > (uint64_t)length) return 0; /* error: better stop here - out of bounds */ if (x509) { @@ -522,7 +522,7 @@ blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip) return 0; /* Too short. */ cert_off = get32 (buffer+8); cert_len = get32 (buffer+12); - if (cert_off+cert_len > length) + if ((uint64_t)cert_off+(uint64_t)cert_len > (uint64_t)length) return 0; /* Too short. */ rc = ksba_reader_new (&reader); @@ -1097,7 +1097,7 @@ keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf, return gpg_error (GPG_ERR_TOO_SHORT); image_off = get32 (buffer+8); image_len = get32 (buffer+12); - if (image_off+image_len > length) + if ((uint64_t)image_off+(uint64_t)image_len > (uint64_t)length) return gpg_error (GPG_ERR_TOO_SHORT); err = _keybox_get_flag_location (buffer, length, KEYBOX_FLAG_SIG_INFO, @@ -1139,7 +1139,7 @@ keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert) return gpg_error (GPG_ERR_TOO_SHORT); cert_off = get32 (buffer+8); cert_len = get32 (buffer+12); - if (cert_off+cert_len > length) + if ((uint64_t)cert_off+(uint64_t)cert_len > (uint64_t)length) return gpg_error (GPG_ERR_TOO_SHORT); rc = ksba_reader_new (&reader); ----------------------------------------------------------------------- Summary of changes: kbx/keybox-search.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 15 15:31:14 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Thu, 15 Feb 2018 15:31:14 +0100 Subject: [git] GPGME - branch, ben/python-docs-01, created. gpgme-1.10.0-23-g6f15d82 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, ben/python-docs-01 has been created at 6f15d821404742ac2683f54ca4102ee4aaedacf2 (commit) - Log ----------------------------------------------------------------- commit 6f15d821404742ac2683f54ca4102ee4aaedacf2 Author: Ben McGinnes Date: Fri Feb 16 01:26:20 2018 +1100 LaTeX margins * Added LaTeX header for 1 inch margins in the quite likely event that all PDF output ultimately uses LaTeX. diff --git a/lang/python/docs/Short_History.org b/lang/python/docs/Short_History.org index e0cd877..89bb21e 100644 --- a/lang/python/docs/Short_History.org +++ b/lang/python/docs/Short_History.org @@ -1,4 +1,6 @@ #+TITLE: A Short History of the GPGME bindings for Python +#+LATEX_CLASS: article +#+LATEX_HEADER: \usepackage[margin=1in]{geometry} * Overview :PROPERTIES: diff --git a/lang/python/docs/TODO.org b/lang/python/docs/TODO.org index 1ddd394..10324e6 100644 --- a/lang/python/docs/TODO.org +++ b/lang/python/docs/TODO.org @@ -1,6 +1,11 @@ #+TITLE: Stuff To Do +#+LATEX_CLASS: article +#+LATEX_HEADER: \usepackage[margin=1in]{geometry} * Project Task List + :PROPERTIES: + :CUSTOM_ID: task-list + :END: ** DONE Documentation default format CLOSED: [2018-02-15 Thu 21:29] @@ -19,6 +24,25 @@ to produce reST versions via Pandoc and DITA XML can be reached through converting to either Markdown or XHTML first. +** TODO Documentation HOWTO + :PROPERTIES: + :CUSTOM_ID: todo-docs-howto + :END: + + Write a HOWTO style guide for the current Python bindings. + +** TODO Documentation SWIG + :PROPERTIES: + :CUSTOM_ID: todo-docs-swig + :END: + + Write documentation for the complete SWIG bindings demonstrating + the correspondence with GPGME itself. + + Note: it is likely that this will be more in the nature of + something to be used in conjunction with the existing GPGME + documentation which makes it easier for Python developers to use. + ** TODO GUI examples :PROPERTIES: :CUSTOM_ID: todo-gui-examples @@ -28,7 +52,48 @@ to either match or be similar to the old GTK2 examples available with PyME. +** TODO Replace SWIG + :PROPERTIES: + :CUSTOM_ID: todo-replace-swig + :END: + + Selecting SWIG for this project in 2002 was understandable and + effectively the only viable option. The options available now, + however, are significantly improved and some of those would resolve + a number of existing problems with using SWIG, particularly when + running code on both POSIX compliant and Windows platforms. + + The long term goal is to replace SWIG by reimplementing the Python + bindings using a more suitable means of interfacing with the GPGME + C source code. + +*** TODO Replacement for SWIG + :PROPERTIES: + :CUSTOM_ID: todo-replace-swig-replacement + :END: + + Decide on a replacement for SWIG. Currently CFFI is looking like + the most viable candidate, but some additional testing and checks + are yet to be completed. + +** TODO API for an API + :PROPERTIES: + :CUSTOM_ID: todo-api-squared + :END: + + A C API like GPGME is not what most modern developers think of when + they hear the term API. Normally they think of something they can + interact with like a RESTful web API. Though RESTful is unlikely + given the nature of GPGME and the process of encryption, it may be + possible to provide a more familiar interface which can be utilised + by developers of other languages for which bindings are not + available or for which it is too difficult to create proper + bindings. + * Project Task Details + :PROPERTIES: + :CUSTOM_ID: detailed-tasks + :END: ** Working examples :PROPERTIES: commit 235d899a5fc24cdf9c856adbc021a69c43985c99 Author: Ben McGinnes Date: Thu Feb 15 21:30:32 2018 +1100 TODO Documentation * Checked off the decision to stick with Org Mode. diff --git a/lang/python/docs/TODO.org b/lang/python/docs/TODO.org index c0ec556..1ddd394 100644 --- a/lang/python/docs/TODO.org +++ b/lang/python/docs/TODO.org @@ -2,7 +2,8 @@ * Project Task List -** TODO Documentation default format +** DONE Documentation default format + CLOSED: [2018-02-15 Thu 21:29] :PROPERTIES: :CUSTOM_ID: todo-docs-default :END: commit 40da5022922172ed898172956a8ccf5622e5638d Author: Ben McGinnes Date: Thu Feb 15 21:28:07 2018 +1100 TODO * Beginning to turn the first part of this into something kind of like an actual TODO list as Org Mode uses it (maybe). diff --git a/lang/python/docs/TODO.org b/lang/python/docs/TODO.org index 74b478d..c0ec556 100644 --- a/lang/python/docs/TODO.org +++ b/lang/python/docs/TODO.org @@ -1,6 +1,33 @@ #+TITLE: Stuff To Do -* TODO +* Project Task List + +** TODO Documentation default format + :PROPERTIES: + :CUSTOM_ID: todo-docs-default + :END: + + Decide on a default file format for documentation. The two main + contenders being Org Mode, the default for the GnuPG Project and + reStructuredText, the default for Python projects. A third option + of DITA XML was considered due to a number of beneficial features + it provides. + + The decision was made to use Org Mode in order to fully integrate + with the rest of the GPGME and GnuPG documentation. It is possible + to produce reST versions via Pandoc and DITA XML can be reached + through converting to either Markdown or XHTML first. + +** TODO GUI examples + :PROPERTIES: + :CUSTOM_ID: todo-gui-examples + :END: + + Create some examples of using Python bindings in a GUI application + to either match or be similar to the old GTK2 examples available + with PyME. + +* Project Task Details ** Working examples :PROPERTIES: @@ -27,12 +54,12 @@ bindings has been removed. Current and future documentation will adhere to the GnuPG standard - of using Org Mode and not use the reST more commonly associated - with Python documentation. The reasons for this are that this - project is best served as shipping with the rest of GPGME and the - documentation ought to match that. Furthermore, there are aspects - of Org Mode's publishing features which are superior to the - defaults of reST, including the capacity to generate fully + of using Org Mode and not use the reStructuredText (reST) format + more commonly associated with Python documentation. The reasons + for this are that this project is best served as shipping with the + rest of GPGME and the documentation ought to match that. There are + also aspects of Org Mode's publishing features which are superior + to the defaults of reST, including the capacity to generate fully validating strict XHTML output. If reST files are required at a later point for future inclusion commit 3c3b149996036e7ff4cc4c77ef2d97062d880409 Author: Ben McGinnes Date: Thu Feb 15 04:19:15 2018 +1100 Short History * Fixed or updated the most fundamental errors. * Also included some details on which modules are available on PyPI, as well as what happened to the PyME commit log. diff --git a/lang/python/docs/Short_History.org b/lang/python/docs/Short_History.org index 2295499..e0cd877 100644 --- a/lang/python/docs/Short_History.org +++ b/lang/python/docs/Short_History.org @@ -50,13 +50,30 @@ return to the source. This is a short explanation of that journey. In 2015 Ben McGinnes approached Martin about a Python 3 version, while investigating how complex a task this would be the task ended - up being completed. A subsequent discussion with Werner Koch led to - the decision to fold the Python 3 port back into the original GPGME - release in the languages subdirectory for non-C bindings. Ben is - the maintainer of the Python 3 port within GPGME. + up being completed. A subsequent discussion with Werner Koch led + to the decision to fold the Python 3 port back into the original + GPGME release in the languages subdirectory for non-C bindings + under the module name of =pyme3=. - In 2016 PyME was renamed to "gpg" and adopted by the upstream GnuPG - team. + In 2016 this PyME module was integrated back into the GPGME project + by Justus Winter. During the course of this work Justus adjusted + the port to restore limited support for Python 2, but not as many + minor point releases as the original PyME package supports. During + the course of this integration the package was renamed to more + accurately reflect its status as a component of GPGME. The =pyme3= + module was renamed to =gpg= and adopted by the upstream GnuPG team. + + In 2017 Justus departed G10code and the GnuPG team. Following this + Ben returned to maintain of gpgme Python bindings and continue + building them from that point. + +* Relics of the past + :PROPERTIES: + :CUSTOM_ID: relics-past + :END: + +There are a few things, in addition to code specific factors, such as +SWIG itself, which are worth noting here. ** The Annoyances of Git :PROPERTIES: @@ -65,23 +82,82 @@ return to the source. This is a short explanation of that journey. As anyone who has ever worked with git knows, submodules are horrible way to deal with pretty much anything. In the interests - of avoiding migraines, that is being skipped with addition of PyME - to GPGME. Instead the files will be added to the subdirectory, - along with a copy of the entire git log up to that point as a - separate file within the docs directory (old-commits.log). As the - log for PyME is nearly 100KB and the log for GPGME is approximately - 1MB, this would cause considerable bloat, as well as some - confusion, should the two be merged. Hence the unfortunate, but - necessary, step to simply move the files. A regular repository - version will be maintained should it be possible to implement this - better in the future. + of avoiding migraines, that was skipped with addition of the PyME + code to GPGME. + + Instead the files were added to a subdirectory of the =lang/= + directory, along with a copy of the entire git log up to that point + as a separate file within the =lang/python/docs/= directory.[fn:1] + As the log for PyME is nearly 100KB and the log for GPGME is + approximately 1MB, this would cause considerable bloat, as well as + some confusion, should the two be merged. + + Hence the unfortunate, but necessary, step to simply move the + files. A regular repository version has been maintained should it + be possible to implement this better in the future. ** The Perils of PyPI :PROPERTIES: :CUSTOM_ID: the-perils-of-pypi :END: - At the current time the Python 3 fork is not available via PyPI and - the pip installer. The recommended installation method is to follow - the instructions in lang/py3-pyme/INSTALL. This will build the - necessary SWIG portions against the installed version of GPGME. + The early port of the Python 2 =pyme= module as =pyme3= was never + added to PyPI while the focus remained on development and testing + during 2015 and early 2016. Later in 2016, however, when Justus + completed his major integration work and subsequently renamed the + module from =pyme3= to =gpg=, some prior releases were also + provided through PyPI. + + Since these bindings require a matching release of the GPGME + libraries in order to function, it was determined that there was + little benefit in also providing a copy through PyPI since anyone + obtaining the GPGME source code would obtain the Python bindings + source code at the same time. Whereas there was the potential to + sew confusion amongst Python users installing the module from PyPI, + only to discover that without the relevant C files, header files or + SWIG compiled binaries, the Python module did them little good. + + There are only two files on PyPI which might turn up in a search + for this module or a sample of its content: + + 1. gpg (1.8.0) - Python bindings for GPGME GnuPG cryptography library + 2. pyme (0.9.0) - Python support for GPGME GnuPG cryptography library + +*** GPG 1.8.0 - Python bindings for GPGME GnuPG cryptography library + :PROPERTIES: + :CUSTOM_ID: pypi-gpgme-180 + :END: + + This is the most recent version to reach PyPI and is the version + of the official Pyhon bindings which shipped with GPGME 1.8.0. If + you have GPGME 1.8.0 installed and /only/ 1.8.0 installed, then it + is probably safe to use this copy from PyPI. + + As there have been a lot of changes since the release of GPGME + 1.8.0, the GnuPG Project recommends not using this version of the + module and instead installing the current version of GPGME along + with the Python bindings included with that package. + +*** PyME 0.9.0 - Python support for GPGME GnuPG cryptography library + :PROPERTIES: + :CUSTOM_ID: pypi-gpgme-90 + :END: + + This is the last release of the PyME bindings maintained by Martin + Albrecht and is only compatible with Python 2, it will not work + with Python 3. This is the version of the software from which the + port from Python 2 to Python 3 code was made in 2015. + + Users of the more recent Python bindings will recognise numerous + points of similarity, but also significant differences. It is + likely that the more recent official bindings will feel "more + pythonic." + + For those using Python 2, there is essentially no harm in using + this module, but it may lack a number of more recent features + added to GPGME. + +* Footnotes + +[fn:1] The entire PyME git log and other preceding VCS logs are +located in the =gpgme/lanf/python/docs/old-commits.log= file. commit 7c662d22a8f7d2e6ad6532014f2ecc1769de16fb Author: Ben McGinnes Date: Thu Feb 15 01:03:12 2018 +1100 Subsectioned history * Split the main parts down into subsections. * Still need to cull the incorrect stuff towards the end and add more recent changes. diff --git a/lang/python/docs/Short_History.org b/lang/python/docs/Short_History.org index 11a87c6..2295499 100644 --- a/lang/python/docs/Short_History.org +++ b/lang/python/docs/Short_History.org @@ -20,12 +20,22 @@ return to the source. This is a short explanation of that journey. ensuring it worked he stopped supporting it, though he left his work available on his Gopher site. +** Keeping the flame alive + :PROPERTIES: + :CUSTOM_ID: keeping-the-flame-alive + :END: + A couple of years later the project was picked up by Igor Belyi and actively developed and maintained by him from 2004 to 2008. Igor's whereabouts at the time of this document's creation are unknown, but the current authors do hope he is well. We're assuming (or hoping) that life did what life does and made continuing untenable. +** Passing the torch + :PROPERTIES: + :CUSTOM_ID: passing-the-torch + :END: + In 2014 Martin Albrecht wanted to patch a bug in the PyME code and discovered the absence of Igor. Following a discussion on the PyME mailing list he became the new maintainer for PyME, releasing @@ -33,6 +43,11 @@ return to the source. This is a short explanation of that journey. the original PyME release in Python 2.6 and 2.7 (available via PyPI). +** Coming full circle + :PROPERTIES: + :CUSTOM_ID: ouroboros + :END: + In 2015 Ben McGinnes approached Martin about a Python 3 version, while investigating how complex a task this would be the task ended up being completed. A subsequent discussion with Werner Koch led to commit a1bc710c5fb7a7d2253434c1443e33e019020a55 Author: Ben McGinnes Date: Wed Feb 14 22:44:27 2018 +1100 History * Reshaping the history file to fit Org Mode's structuring for docs. * Also said history needs to be a bit more clear (it was kind of unfinished). diff --git a/lang/python/docs/Short_History.org b/lang/python/docs/Short_History.org index fa40d6e..11a87c6 100644 --- a/lang/python/docs/Short_History.org +++ b/lang/python/docs/Short_History.org @@ -1,56 +1,72 @@ -#+TITLE: A Short History of gpg bindings for Python - -In 2002 John Goerzen released PyME; Python bindings for the GPGME module -which utilised the current release of Python of the time (Python 2.2 or -2.3) and SWIG. Shortly after creating it and ensuring it worked he -stopped supporting it, though left his work available on his Gopher -site. - -A couple of years later the project was picked up by Igor Belyi and -actively developed and maintained by him from 2004 to 2008. Igor's -whereabouts at the time of this document's creation are unknown, but the -current authors do hope he is well. We're assuming (or hoping) that life -did what life does and made continuing untenable. - -In 2014 Martin Albrecht wanted to patch a bug in the PyME code and -discovered the absence of Igor. Following a discussion on the PyME -mailing list he became the new maintainer for PyME, releasing version -0.9.0 in May of that year. He remains the maintainer of the original -PyME release in Python 2.6 and 2.7 (available via PyPI). - -In 2015 Ben McGinnes approached Martin about a Python 3 version, while -investigating how complex a task this would be the task ended up being -completed. A subsequent discussion with Werner Koch led to the decision -to fold the Python 3 port back into the original GPGME release in the -languages subdirectory for non-C bindings. Ben is the maintainer of the -Python 3 port within GPGME. - -In 2016 PyME was renamed to "gpg" and adopted by the upstream GnuPG -team. - -* The Annoyances of Git - :PROPERTIES: - :CUSTOM_ID: the-annoyances-of-git - :END: +#+TITLE: A Short History of the GPGME bindings for Python -As anyone who has ever worked with git knows, submodules are horrible -way to deal with pretty much anything. In the interests of avoiding -migraines, that is being skipped with addition of PyME to GPGME. Instead -the files will be added to the subdirectory, along with a copy of the -entire git log up to that point as a separate file within the docs -directory (old-commits.log). As the log for PyME is nearly 100KB and the -log for GPGME is approximately 1MB, this would cause considerable bloat, -as well as some confusion, should the two be merged. Hence the -unfortunate, but necessary, step to simply move the files. A regular -repository version will be maintained should it be possible to implement -this better in the future. - -* The Perils of PyPI +* Overview :PROPERTIES: - :CUSTOM_ID: the-perils-of-pypi + :CUSTOM_ID: overview :END: -At the current time the Python 3 fork is not available via PyPI and the -pip installer. The recommended installation method is to follow the -instructions in lang/py3-pyme/INSTALL. This will build the necessary -SWIG portions against the installed version of GPGME. +The GPGME Python bindings passed through many hands and numerous +phases before, after a fifteen year journey, coming full circle to +return to the source. This is a short explanation of that journey. + +** In the beginning + :PROPERTIES: + :CUSTOM_ID: in-the-begining + :END: + + In 2002 John Goerzen released PyME; Python bindings for the GPGME + module which utilised the current release of Python of the time + (Python 2.2 or 2.3) and SWIG. Shortly after creating it and + ensuring it worked he stopped supporting it, though he left his + work available on his Gopher site. + + A couple of years later the project was picked up by Igor Belyi and + actively developed and maintained by him from 2004 to 2008. Igor's + whereabouts at the time of this document's creation are unknown, + but the current authors do hope he is well. We're assuming (or + hoping) that life did what life does and made continuing untenable. + + In 2014 Martin Albrecht wanted to patch a bug in the PyME code and + discovered the absence of Igor. Following a discussion on the PyME + mailing list he became the new maintainer for PyME, releasing + version 0.9.0 in May of that year. He remains the maintainer of + the original PyME release in Python 2.6 and 2.7 (available via + PyPI). + + In 2015 Ben McGinnes approached Martin about a Python 3 version, + while investigating how complex a task this would be the task ended + up being completed. A subsequent discussion with Werner Koch led to + the decision to fold the Python 3 port back into the original GPGME + release in the languages subdirectory for non-C bindings. Ben is + the maintainer of the Python 3 port within GPGME. + + In 2016 PyME was renamed to "gpg" and adopted by the upstream GnuPG + team. + +** The Annoyances of Git + :PROPERTIES: + :CUSTOM_ID: the-annoyances-of-git + :END: + + As anyone who has ever worked with git knows, submodules are + horrible way to deal with pretty much anything. In the interests + of avoiding migraines, that is being skipped with addition of PyME + to GPGME. Instead the files will be added to the subdirectory, + along with a copy of the entire git log up to that point as a + separate file within the docs directory (old-commits.log). As the + log for PyME is nearly 100KB and the log for GPGME is approximately + 1MB, this would cause considerable bloat, as well as some + confusion, should the two be merged. Hence the unfortunate, but + necessary, step to simply move the files. A regular repository + version will be maintained should it be possible to implement this + better in the future. + +** The Perils of PyPI + :PROPERTIES: + :CUSTOM_ID: the-perils-of-pypi + :END: + + At the current time the Python 3 fork is not available via PyPI and + the pip installer. The recommended installation method is to follow + the instructions in lang/py3-pyme/INSTALL. This will build the + necessary SWIG portions against the installed version of GPGME. commit fccd2ea3871f5d63fb038db0733a34f9c5d550c3 Author: Ben McGinnes Date: Wed Feb 14 22:28:50 2018 +1100 TODO * Updated TODO. * The entirety of the old TODO has been replaced with either more relevant tasks or goals for the examples and a more measured approach to the docs and why, in this project, Org Mode trumps reST, even though it's Python through and through. diff --git a/lang/python/docs/TODO.org b/lang/python/docs/TODO.org index 8930b80..74b478d 100644 --- a/lang/python/docs/TODO.org +++ b/lang/python/docs/TODO.org @@ -1,22 +1,47 @@ #+TITLE: Stuff To Do -* Working examples - :PROPERTIES: - :CUSTOM_ID: working-examples - :END: - -The examples from the Python 2 code base do not work and it appears that -they don't under Python 2 either. These ought to be replaced or updated -with examples from the GPGME documentation. - -* Documentation - :PROPERTIES: - :CUSTOM_ID: documentation - :END: - -Currently this appears to be buried in the debian/ directory for some -unknown reason, probably pertaining to one of the other developers. -Documentation is to be moved to a more appropriate docs/ directory and -produced using reST in preparation for inevitable publication by way of -Sphinx and the existing infrastructure at readthedocs.org or the -projects new home at gnupg.org. +* TODO + +** Working examples + :PROPERTIES: + :CUSTOM_ID: working-examples + :END: + + The old GUI examples were unable to be retained since they depended + on GTK2 and Python 2's integration with GTK2. + + Current GPGME examples so far only include command line tools or + basic Python code for use with either Python 2.7 or Python 3.4 and + above. + + Future GUI examples ought to utilise available GUI modules and + libraries supported by Python 3. This may include Qt frameworks, + Tkinter, GTK3 or something else entirely. + +** Documentation + :PROPERTIES: + :CUSTOM_ID: documentation + :END: + + The legacy documentation which no longer applies to the Python + bindings has been removed. + + Current and future documentation will adhere to the GnuPG standard + of using Org Mode and not use the reST more commonly associated + with Python documentation. The reasons for this are that this + project is best served as shipping with the rest of GPGME and the + documentation ought to match that. Furthermore, there are aspects + of Org Mode's publishing features which are superior to the + defaults of reST, including the capacity to generate fully + validating strict XHTML output. + + If reST files are required at a later point for future inclusion + with other Python packages, then that format can be generated from + the .org files with Pandoc before being leveraged by either + Docutils, Sphinx or something else. + + While there are some advanced typesetting features of reST which + are not directly available to Org Mode, more often than not those + features are best implemented with either HTML and CSS, with LaTeX + to produce a PDF or via a number of XML solutions. Both reST and + Org Mode have multiple paths by which to achieve all of these. commit 487ed9337e8e07d1c63e53b785cc39e3bd35ff6e Author: Ben McGinnes Date: Wed Feb 14 21:25:45 2018 +1100 TODO * Removed reST version of file. diff --git a/lang/python/docs/TODO.rst b/lang/python/docs/TODO.rst deleted file mode 100644 index a398ccd..0000000 --- a/lang/python/docs/TODO.rst +++ /dev/null @@ -1,23 +0,0 @@ -=========== -Stuff To Do -=========== - ----------------- -Working examples ----------------- - -The examples from the Python 2 code base do not work and it appears -that they don't under Python 2 either. These ought to be replaced or -updated with examples from the GPGME documentation. - - -------------- -Documentation -------------- - -Currently this appears to be buried in the debian/ directory for some -unknown reason, probably pertaining to one of the other developers. -Documentation is to be moved to a more appropriate docs/ directory and -produced using reST in preparation for inevitable publication by way -of Sphinx and the existing infrastructure at readthedocs.org or the -projects new home at gnupg.org. commit c4fa4216199b16c1f169725c0a1e0a40764b1ebb Author: Ben McGinnes Date: Wed Feb 14 21:24:54 2018 +1100 TODO * Converted document from reST to org-mode. diff --git a/lang/python/docs/TODO.org b/lang/python/docs/TODO.org new file mode 100644 index 0000000..8930b80 --- /dev/null +++ b/lang/python/docs/TODO.org @@ -0,0 +1,22 @@ +#+TITLE: Stuff To Do + +* Working examples + :PROPERTIES: + :CUSTOM_ID: working-examples + :END: + +The examples from the Python 2 code base do not work and it appears that +they don't under Python 2 either. These ought to be replaced or updated +with examples from the GPGME documentation. + +* Documentation + :PROPERTIES: + :CUSTOM_ID: documentation + :END: + +Currently this appears to be buried in the debian/ directory for some +unknown reason, probably pertaining to one of the other developers. +Documentation is to be moved to a more appropriate docs/ directory and +produced using reST in preparation for inevitable publication by way of +Sphinx and the existing infrastructure at readthedocs.org or the +projects new home at gnupg.org. commit 1d48b04cfb3d1de654f3995578e9434a6b7b2fed Author: Ben McGinnes Date: Wed Feb 14 21:23:04 2018 +1100 Short History * Removed reST version. diff --git a/lang/python/docs/Short_History.rst b/lang/python/docs/Short_History.rst deleted file mode 100644 index 8f60927..0000000 --- a/lang/python/docs/Short_History.rst +++ /dev/null @@ -1,57 +0,0 @@ -========================================== -A Short History of gpg bindings for Python -========================================== - -In 2002 John Goerzen released PyME; Python bindings for the GPGME -module which utilised the current release of Python of the time -(Python 2.2 or 2.3) and SWIG. Shortly after creating it and ensuring -it worked he stopped supporting it, though left his work available on -his Gopher site. - -A couple of years later the project was picked up by Igor Belyi and -actively developed and maintained by him from 2004 to 2008. Igor's -whereabouts at the time of this document's creation are unknown, but -the current authors do hope he is well. We're assuming (or hoping) -that life did what life does and made continuing untenable. - -In 2014 Martin Albrecht wanted to patch a bug in the PyME code and -discovered the absence of Igor. Following a discussion on the PyME -mailing list he became the new maintainer for PyME, releasing version -0.9.0 in May of that year. He remains the maintainer of the original -PyME release in Python 2.6 and 2.7 (available via PyPI). - -In 2015 Ben McGinnes approached Martin about a Python 3 version, while -investigating how complex a task this would be the task ended up being -completed. A subsequent discussion with Werner Koch led to the -decision to fold the Python 3 port back into the original GPGME -release in the languages subdirectory for non-C bindings. Ben is the -maintainer of the Python 3 port within GPGME. - -In 2016 PyME was renamed to "gpg" and adopted by the upstream GnuPG -team. - ---------------------- -The Annoyances of Git ---------------------- - -As anyone who has ever worked with git knows, submodules are horrible -way to deal with pretty much anything. In the interests of avoiding -migraines, that is being skipped with addition of PyME to GPGME. -Instead the files will be added to the subdirectory, along with a copy -of the entire git log up to that point as a separate file within the -docs directory (old-commits.log). As the log for PyME is nearly 100KB -and the log for GPGME is approximately 1MB, this would cause -considerable bloat, as well as some confusion, should the two be -merged. Hence the unfortunate, but necessary, step to simply move the -files. A regular repository version will be maintained should it be -possible to implement this better in the future. - - ------------------- -The Perils of PyPI ------------------- - -At the current time the Python 3 fork is not available via PyPI and -the pip installer. The recommended installation method is to follow -the instructions in lang/py3-pyme/INSTALL. This will build the -necessary SWIG portions against the installed version of GPGME. commit d86fd7c54c462ef23c70370624e07fcc1bc15121 Author: Ben McGinnes Date: Wed Feb 14 21:21:58 2018 +1100 Short History * Converted document from reST to org-mode. diff --git a/lang/python/docs/Short_History.org b/lang/python/docs/Short_History.org new file mode 100644 index 0000000..fa40d6e --- /dev/null +++ b/lang/python/docs/Short_History.org @@ -0,0 +1,56 @@ +#+TITLE: A Short History of gpg bindings for Python + +In 2002 John Goerzen released PyME; Python bindings for the GPGME module +which utilised the current release of Python of the time (Python 2.2 or +2.3) and SWIG. Shortly after creating it and ensuring it worked he +stopped supporting it, though left his work available on his Gopher +site. + +A couple of years later the project was picked up by Igor Belyi and +actively developed and maintained by him from 2004 to 2008. Igor's +whereabouts at the time of this document's creation are unknown, but the +current authors do hope he is well. We're assuming (or hoping) that life +did what life does and made continuing untenable. + +In 2014 Martin Albrecht wanted to patch a bug in the PyME code and +discovered the absence of Igor. Following a discussion on the PyME +mailing list he became the new maintainer for PyME, releasing version +0.9.0 in May of that year. He remains the maintainer of the original +PyME release in Python 2.6 and 2.7 (available via PyPI). + +In 2015 Ben McGinnes approached Martin about a Python 3 version, while +investigating how complex a task this would be the task ended up being +completed. A subsequent discussion with Werner Koch led to the decision +to fold the Python 3 port back into the original GPGME release in the +languages subdirectory for non-C bindings. Ben is the maintainer of the +Python 3 port within GPGME. + +In 2016 PyME was renamed to "gpg" and adopted by the upstream GnuPG +team. + +* The Annoyances of Git + :PROPERTIES: + :CUSTOM_ID: the-annoyances-of-git + :END: + +As anyone who has ever worked with git knows, submodules are horrible +way to deal with pretty much anything. In the interests of avoiding +migraines, that is being skipped with addition of PyME to GPGME. Instead +the files will be added to the subdirectory, along with a copy of the +entire git log up to that point as a separate file within the docs +directory (old-commits.log). As the log for PyME is nearly 100KB and the +log for GPGME is approximately 1MB, this would cause considerable bloat, +as well as some confusion, should the two be merged. Hence the +unfortunate, but necessary, step to simply move the files. A regular +repository version will be maintained should it be possible to implement +this better in the future. + +* The Perils of PyPI + :PROPERTIES: + :CUSTOM_ID: the-perils-of-pypi + :END: + +At the current time the Python 3 fork is not available via PyPI and the +pip installer. The recommended installation method is to follow the +instructions in lang/py3-pyme/INSTALL. This will build the necessary +SWIG portions against the installed version of GPGME. ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 16 09:20:09 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Fri, 16 Feb 2018 09:20:09 +0100 Subject: [git] GPGME - branch, ben/python-docs-01, updated. gpgme-1.10.0-29-gfb16eaa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, ben/python-docs-01 has been updated via fb16eaa685fe488f12f4df9b59d1f3689c813034 (commit) via 2b092bf235160e04c10480c47c0fd6dce4e770c4 (commit) via 3224d7f0ea83a3c2baaa9f97846c4a5b392d2c59 (commit) via ba6e610baa138ba9b43be303df2c5981dd04de5a (commit) via b5ec21b9baf017b4cee88c9ef3cc1a638547cd20 (commit) via c9a351f5af289c8f6919854c40f235c781b76ec7 (commit) from 6f15d821404742ac2683f54ca4102ee4aaedacf2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb16eaa685fe488f12f4df9b59d1f3689c813034 Author: Ben McGinnes Date: Fri Feb 16 19:15:32 2018 +1100 History path * Fixed a typo in a filepath reference. * Moved conjecture regarding the first version of Python used to a footnote. diff --git a/lang/python/docs/Short_History.org b/lang/python/docs/Short_History.org index 89bb21e..3ce3480 100644 --- a/lang/python/docs/Short_History.org +++ b/lang/python/docs/Short_History.org @@ -17,10 +17,10 @@ return to the source. This is a short explanation of that journey. :END: In 2002 John Goerzen released PyME; Python bindings for the GPGME - module which utilised the current release of Python of the time - (Python 2.2 or 2.3) and SWIG. Shortly after creating it and - ensuring it worked he stopped supporting it, though he left his - work available on his Gopher site. + module which utilised the current release of Python of the time and + SWIG.[fn:1] Shortly after creating it and ensuring it worked he stopped + supporting it, though he left his work available on his Gopher + site. ** Keeping the flame alive :PROPERTIES: @@ -89,7 +89,7 @@ SWIG itself, which are worth noting here. Instead the files were added to a subdirectory of the =lang/= directory, along with a copy of the entire git log up to that point - as a separate file within the =lang/python/docs/= directory.[fn:1] + as a separate file within the =lang/python/docs/= directory.[fn:2] As the log for PyME is nearly 100KB and the log for GPGME is approximately 1MB, this would cause considerable bloat, as well as some confusion, should the two be merged. @@ -161,5 +161,8 @@ SWIG itself, which are worth noting here. * Footnotes -[fn:1] The entire PyME git log and other preceding VCS logs are -located in the =gpgme/lanf/python/docs/old-commits.log= file. +[fn:1] In all likelihood thos would have been Python 2.2 or possibly +Python 2.3. + +[fn:2] The entire PyME git log and other preceding VCS logs are +located in the =gpgme/lang/python/docs/old-commits.log= file. commit 2b092bf235160e04c10480c47c0fd6dce4e770c4 Merge: 6f15d82 3224d7f Author: Ben McGinnes Date: Fri Feb 16 02:04:57 2018 +1100 Merge branch 'master' of /Users/ben/dev/hgit/mine/gnupg/gpgme/master into ben/python-docs-01 ----------------------------------------------------------------------- Summary of changes: lang/python/docs/Short_History.org | 17 ++++++++++------- lang/python/tests/Makefile.am | 21 +++++++++------------ lang/qt/tests/Makefile.am | 10 ++++------ tests/gpg/Makefile.am | 12 ++++-------- tests/gpgsm/Makefile.am | 10 +++------- 5 files changed, 30 insertions(+), 40 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 16 13:00:52 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 16 Feb 2018 13:00:52 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-17-g7f9d5c6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7f9d5c6cd204bfd84ea477b284df795b1dadb1af (commit) from 3224d7f0ea83a3c2baaa9f97846c4a5b392d2c59 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7f9d5c6cd204bfd84ea477b284df795b1dadb1af Author: Andre Heinecke Date: Fri Feb 16 12:58:54 2018 +0100 cpp: Add shorthand for key locate * lang/cpp/src/key.cpp (Key::locate): New static helper. * lang/cpp/src/key.h: Update accordingly. diff --git a/NEWS b/NEWS index 40d5b53..1a342b1 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ Noteworthy changes in version 1.10.1 (unreleased) ------------------------------------------------- + * Interface changes relative to the 1.10.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + cpp: Key::locate NEW. + cpp: Data::toString NEW. + + Noteworthy changes in version 1.10.0 (2017-12-12) ------------------------------------------------- diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 66fdea9..0e86a19 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -371,6 +371,27 @@ void Key::update() return; } +// static +Key Key::locate(const char *mbox) +{ + if (!mbox) { + return Key(); + } + + auto ctx = Context::createForProtocol(OpenPGP); + if (!ctx) { + return Key(); + } + + ctx->setKeyListMode (Extern | Local); + + Error e = ctx->startKeyListing (mbox); + auto ret = ctx->nextKey (e); + delete ctx; + + return ret; +} + // // // class Subkey diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index 829bd26..c3c711c 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -164,6 +164,20 @@ public: * @returns a possible error. **/ Error addUid(const char *uid); + + /** + * @brief try to locate the best pgp key for a given mailbox. + * + * Boils down to gpg --locate-key + * This may take some time if remote sources are also + * used. + * + * @param mbox should be a mail address does not need to be normalized. + * + * @returns The best key for a mailbox or a null key. + */ + static Key locate(const char *mbox); + private: gpgme_key_t impl() const { ----------------------------------------------------------------------- Summary of changes: NEWS | 6 ++++++ lang/cpp/src/key.cpp | 21 +++++++++++++++++++++ lang/cpp/src/key.h | 14 ++++++++++++++ 3 files changed, 41 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 16 13:07:02 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 16 Feb 2018 13:07:02 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-37-g573661d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 573661d09c07b67680be17418e13fcfa960c4a2d (commit) via 6436349496e052cddbebef7394fb88db60bb4846 (commit) via 7c611426da261b67dd422ada7ae5b85bd8265649 (commit) via e59a0ab7032ad219d1ed727831034ee51d12649f (commit) via acf089c3376a1e097ebc6d4cc1dde8ac124df8a8 (commit) via cc08ea5d290c279fcd69a7f6b712e20f9f8f5900 (commit) via e25a51950583d0ae051b38f0aed17522fb8f77b5 (commit) from ab69aab5ea815d377236f02f207ebb0aaaf6406a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 573661d09c07b67680be17418e13fcfa960c4a2d Author: Andre Heinecke Date: Fri Feb 16 13:05:09 2018 +0100 Add notification handling to WKS Helper * src/windowmessages.cpp, src/windowmessages.h (WKS_NOTIFY): New. * src/wks-helper.cpp, src/wks-helper.h: Add more code. -- After an encrypt / sign we send a notification some time later that a MessageBox for WKS Publishing can be opened back in the UI thread. diff --git a/src/windowmessages.cpp b/src/windowmessages.cpp index bfed366..9bb0f5c 100644 --- a/src/windowmessages.cpp +++ b/src/windowmessages.cpp @@ -25,6 +25,7 @@ #include "oomhelp.h" #include "mail.h" #include "gpgoladdin.h" +#include "wks-helper.h" #include @@ -113,6 +114,15 @@ gpgol_window_proc (HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) } // Finaly this should pass. invoke_oom_method (mail->item (), "Send", NULL); + // Allow the WKS helper to queue a notification. + WKSHelper::instance()->allow_notify (); + break; + } + case (WKS_NOTIFY): + { + WKSHelper::instance ()->notify ((const char *) ctx->data); + xfree (ctx->data); + break; } default: log_debug ("%s:%s: Unknown msg %x", diff --git a/src/windowmessages.h b/src/windowmessages.h index fba7088..69762af 100644 --- a/src/windowmessages.h +++ b/src/windowmessages.h @@ -48,6 +48,7 @@ typedef enum _gpgol_wmsg_type to mail */ CLOSE, /* Close the message in the next event loop. */ CRYPTO_DONE, /* Sign / Encrypt done. */ + WKS_NOTIFY, /* Show a WKS Notification. */ } gpgol_wmsg_type; typedef struct diff --git a/src/wks-helper.cpp b/src/wks-helper.cpp index efe3bce..49e6dbe 100644 --- a/src/wks-helper.cpp +++ b/src/wks-helper.cpp @@ -21,6 +21,9 @@ #include "common.h" #include "cpphelp.h" +#include "oomhelp.h" +#include "windowmessages.h" +#include "overlay.h" #include @@ -33,6 +36,9 @@ #define CHECK_MIN_INTERVAL (60 * 60 * 24 * 7) +#undef _ +#define _(a) utf8_gettext (a) + static std::map s_states; static std::map s_last_checked; @@ -162,27 +168,17 @@ do_check (LPVOID arg) rtrim (data); bool success = data == "[GNUPG:] SUCCESS"; - const auto state = success ? WKSHelper::Supported : WKSHelper::NotSupported; - - gpgrt_lock_lock (&wks_lock); - - auto it = s_states.find(mbox); - - // TODO figure out if it was published. + // TODO Figure out NeedsPublish state. + const auto state = success ? WKSHelper::NeedsPublish : WKSHelper::NotSupported; if (success) { log_debug ("%s:%s: WKS client: '%s' is supported", SRCNAME, __func__, mbox.c_str ()); } - if (it != s_states.end()) - { - it->second = state; - } - else - { - s_states.insert (std::make_pair (mbox, state)); - } + WKSHelper::instance()->update_state (mbox, state); + + gpgrt_lock_lock (&wks_lock); auto tit = s_last_checked.find(mbox); auto now = time (0); if (tit != s_last_checked.end()) @@ -193,11 +189,13 @@ do_check (LPVOID arg) { s_last_checked.insert (std::make_pair (mbox, now)); } - gpgrt_lock_unlock (&wks_lock); + + WKSHelper::instance()->save (); return 0; } + void WKSHelper::start_check (const std::string &mbox, bool forced) const { @@ -234,3 +232,158 @@ WKSHelper::save () const { // TODO } + +static DWORD WINAPI +do_notify (LPVOID arg) +{ + /** Wait till a message was sent */ + //Sleep (5000); + do_in_ui_thread (WKS_NOTIFY, arg); + + return 0; +} + +void +WKSHelper::allow_notify () const +{ + gpgrt_lock_lock (&wks_lock); + for (auto &pair: s_states) + { + if (pair.second == NeedsPublish) + { + CloseHandle (CreateThread (NULL, 0, do_notify, + strdup (pair.first.c_str ()), 0, + NULL)); + break; + } + } + gpgrt_lock_unlock (&wks_lock); +} + +void +WKSHelper::notify (const char *cBox) const +{ + std::string mbox = cBox; + + const auto state = get_state (mbox); + + if (state == NeedsPublish) + { + wchar_t * w_title = utf8_to_wchar (_("GpgOL: Key directory available!")); + wchar_t * w_desc = utf8_to_wchar (_("Your mail provider supports a key directory.\n\n" + "Register your key in that directory to make\n" + "it easier for others to send you encrypted mail.\n\n\n" + "Register Key?")); + if (MessageBoxW (get_active_hwnd (), + w_desc, w_title, MB_ICONINFORMATION | MB_YESNO) == IDYES) + { + start_publish (mbox); + } + else + { + update_state (mbox, PublishDenied); + } + + xfree (w_desc); + xfree (w_title); + return; + } + else + { + log_debug ("%s:%s: Unhandled notify state: %i for '%s'", + SRCNAME, __func__, state, cBox); + return; + } +} + +void +WKSHelper::start_publish (const std::string &mbox) const +{ + Overlay (get_active_hwnd (), + std::string (_("Creating registration request..."))); + + log_debug ("%s:%s: Start publish for '%s'", + SRCNAME, __func__, mbox.c_str ()); + + const auto key = GpgME::Key::locate (mbox.c_str ()); + + if (key.isNull ()) + { + MessageBox (get_active_hwnd (), + "WKS publish failed to find key for mail address.", + _("GpgOL"), + MB_ICONINFORMATION|MB_OK); + return; + } + + const auto wksPath = get_wks_client_path (); + + if (wksPath.empty()) + { + TRACEPOINT; + return; + } + + std::vector args; + + args.push_back (wksPath); + args.push_back (std::string ("--create")); + args.push_back (std::string (key.primaryFingerprint ())); + args.push_back (mbox); + + // Spawn the process + auto ctx = GpgME::Context::createForEngine (GpgME::SpawnEngine); + if (!ctx) + { + TRACEPOINT; + return; + } + + GpgME::Data mystdin, mystdout, mystderr; + + char **cargs = vector_to_cArray (args); + + GpgME::Error err = ctx->spawn (cargs[0], const_cast (cargs), + mystdin, mystdout, mystderr, + GpgME::Context::SpawnNone); + release_cArray (cargs); + + if (err) + { + log_debug ("%s:%s: WKS client spawn code: %i asString: %s", + SRCNAME, __func__, err.code(), err.asString()); + return; + } + auto data = mystdout.toString (); + + if (data.empty ()) + { + MessageBox (get_active_hwnd (), + "WKS client failed to create publishing request.", + _("GpgOL"), + MB_ICONINFORMATION|MB_OK); + return; + } + + log_debug ("%s:%s: WKS client: returned '%s'", + SRCNAME, __func__, data.c_str ()); + return; +} + + +void +WKSHelper::update_state (const std::string &mbox, WKSState state) const +{ + gpgrt_lock_lock (&wks_lock); + auto it = s_states.find(mbox); + + if (it != s_states.end()) + { + it->second = state; + } + else + { + s_states.insert (std::make_pair (mbox, state)); + } + gpgrt_lock_unlock (&wks_lock); +} diff --git a/src/wks-helper.h b/src/wks-helper.h index 29af516..2f55a3f 100644 --- a/src/wks-helper.h +++ b/src/wks-helper.h @@ -41,6 +41,7 @@ public: NeedsPublish, /* <-- There was no key published for this address */ NeedsUpdate, /* <-- Not yet implemeted. */ RequestSent, /* <-- A publishing request has been sent. */ + PublishDenied, /* <-- A user denied publishing. */ }; ~WKSHelper (); @@ -72,9 +73,23 @@ public: */ void start_check (const std::string &mbox, bool force = false) const; + /** Starts gpg-wks-client --create */ + void start_publish (const std::string &mbox) const; + + /** Allow queueing a notification. */ + void allow_notify () const; + + /** Send a notification and start publishing accordingly */ + void notify (const char *mbox) const; + + /** Store the current static maps. */ + void save () const; + + /** Update or insert a state in the static maps. */ + void update_state (const std::string &mbox, WKSState state) const; + private: time_t get_check_time (const std::string &mbox) const; - void save() const; - void load() const;; + void load() const; }; commit 6436349496e052cddbebef7394fb88db60bb4846 Author: Andre Heinecke Date: Fri Feb 16 13:03:06 2018 +0100 Fix detection of unencrypted mails in send * src/mailitem-events.cpp (EVENT_SINK_INVOKE): Check state before passing send. -- This has not lead to bugs because no needs_crypto mails went to update_crypt_mapi but it's the wrong branch anyhow and the mails should pass through our hacks in send. diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp index dc667be..2360789 100644 --- a/src/mailitem-events.cpp +++ b/src/mailitem-events.cpp @@ -335,7 +335,7 @@ EVENT_SINK_INVOKE(MailItemEvents) */ log_oom_extra ("%s:%s: Send : %p", SRCNAME, __func__, m_mail); - if (!m_mail->needs_crypto ()) + if (!m_mail->needs_crypto () && m_mail->crypt_state () == Mail::NoCryptMail) { log_debug ("%s:%s: No crypto neccessary. Passing send for %p obj %p", SRCNAME, __func__, m_mail, m_object); commit 7c611426da261b67dd422ada7ae5b85bd8265649 Author: Andre Heinecke Date: Fri Feb 16 13:01:49 2018 +0100 Add EnableWindow functionality to Overlay * src/overlay.cpp (Overlay::~Overlay): Enable window. (Overlay::Overlay): Disable window. * src/overlay.h (m_wid): New member. diff --git a/src/overlay.cpp b/src/overlay.cpp index a53bc14..f1467b9 100644 --- a/src/overlay.cpp +++ b/src/overlay.cpp @@ -27,8 +27,10 @@ #include -Overlay::Overlay (HWND wid, const std::string &text) +Overlay::Overlay (HWND wid, const std::string &text): m_wid (wid) { + // Disable the window early to avoid it beeing closed. + EnableWindow (m_wid, FALSE); std::vector args; // Collect the arguments @@ -36,6 +38,7 @@ Overlay::Overlay (HWND wid, const std::string &text) if (!gpg4win_dir) { TRACEPOINT; + EnableWindow (m_wid, TRUE); return; } const auto overlayer = std::string (gpg4win_dir) + "\\bin\\overlayer.exe"; @@ -56,6 +59,7 @@ Overlay::Overlay (HWND wid, const std::string &text) // can't happen release_cArray (cargs); TRACEPOINT; + EnableWindow (m_wid, TRUE); return; } @@ -68,7 +72,6 @@ Overlay::Overlay (HWND wid, const std::string &text) GpgME::Context::SpawnAllowSetFg | GpgME::Context::SpawnShowWindow)); release_cArray (cargs); - TRACEPOINT; log_debug ("%s:%s: Created overlay window over %p", SRCNAME, __func__, wid); @@ -78,5 +81,8 @@ Overlay::~Overlay() { log_debug ("%s:%s: Stopping overlay.", SRCNAME, __func__); + m_overlayCtx->wait (); m_overlayStdin.write ("quit\n", 5); + m_overlayStdin.write (nullptr, 0); + EnableWindow (m_wid, TRUE); } diff --git a/src/overlay.h b/src/overlay.h index 9f8ed62..3e9c634 100644 --- a/src/overlay.h +++ b/src/overlay.h @@ -41,6 +41,7 @@ public: private: std::unique_ptr m_overlayCtx; GpgME::Data m_overlayStdin; + HWND m_wid; }; #endif // OVERLAY_H commit e59a0ab7032ad219d1ed727831034ee51d12649f Author: Andre Heinecke Date: Fri Feb 16 10:53:54 2018 +0100 Put overlayer calls in a simple RAII class * src/Makefile.am: Add overlay. * src/cryptocontroller.cpp (start_crypto_overlay): Move code into seperate class. (stop_crypto_overlay): Removed. Unique ptr takes care of that. * src/cryptocontroller.h: Update accordingly. * src/overlay.cpp, src/overlay.h: New. diff --git a/src/Makefile.am b/src/Makefile.am index 026f031..7ef1edd 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -87,7 +87,8 @@ gpgol_SOURCES = \ explorer-events.cpp explorers-events.cpp \ cryptcontroller.cpp cryptcontroller.h \ cpphelp.cpp cpphelp.h \ - wks-helper.cpp wks-helper.h + wks-helper.cpp wks-helper.h \ + overlay.cpp overlay.h #treeview_SOURCES = treeview.c diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index c45102a..a510978 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -27,6 +27,7 @@ #include "mapihelp.h" #include "mimemaker.h" #include "wks-helper.h" +#include "overlay.h" #include #include @@ -79,7 +80,6 @@ CryptController::CryptController (Mail *mail, bool encrypt, bool sign, CryptController::~CryptController() { - stop_crypto_overlay(); log_debug ("%s:%s:%p", SRCNAME, __func__, m_mail); } @@ -916,76 +916,19 @@ CryptController::parse_micalg (const GpgME::SigningResult &result) } void -CryptController::stop_crypto_overlay () -{ - if (m_overlayCtx) - { - log_debug ("%s:%s: Stopping crypto overlay.", - SRCNAME, __func__); - m_overlayStdin.write ("quit\n", 5); - m_overlayCtx = nullptr; - } -} - -void CryptController::start_crypto_overlay () { - std::vector args; + auto wid = m_mail->get_window (); - // Collect the arguments - char *gpg4win_dir = get_gpg4win_dir (); - if (!gpg4win_dir) - { - TRACEPOINT; - return; - } - const auto overlayer = std::string (gpg4win_dir) + "\\bin\\overlayer.exe"; - xfree (gpg4win_dir); - args.push_back (overlayer); - - auto wnd = m_mail->get_window (); - if (wnd) - { - // Pass the handle of the active window for raise / overlay. - args.push_back (std::string ("--hwnd")); - args.push_back (std::to_string ((int) wnd)); - } + std::string text; - args.push_back (std::string ("--overlayText")); if (m_encrypt) { - args.push_back (std::string (_("Encrypting..."))); + text = _("Encrypting..."); } else if (m_sign) { - args.push_back (std::string (_("Signing..."))); + text =_("Signing..."); } - char **cargs = vector_to_cArray (args); - - m_overlayCtx = GpgME::Context::createForEngine (GpgME::SpawnEngine); - - if (!m_overlayCtx) - { - // can't happen - release_cArray (cargs); - TRACEPOINT; - return; - } - - GpgME::Data mystderr(GpgME::Data::null); - GpgME::Data mystdout(GpgME::Data::null); - - GpgME::Error err = m_overlayCtx->spawnAsync (cargs[0], const_cast (cargs), - m_overlayStdin, mystdout, mystderr, - (GpgME::Context::SpawnFlags) ( - GpgME::Context::SpawnAllowSetFg | - GpgME::Context::SpawnShowWindow)); -#ifdef DEBUG_RESOLVER - log_debug ("Overlayer args:"); - for (size_t i = 0; cargs && cargs[i]; i++) - { - log_debug ("%i: '%s'", i, cargs[i]); - } -#endif - release_cArray (cargs); + m_overlay = std::unique_ptr (new Overlay (wid, text)); } diff --git a/src/cryptcontroller.h b/src/cryptcontroller.h index 4178a2c..ebcd4e0 100644 --- a/src/cryptcontroller.h +++ b/src/cryptcontroller.h @@ -28,6 +28,7 @@ #include class Mail; +class Overlay; namespace GpgME { @@ -72,18 +73,16 @@ private: void parse_micalg (const GpgME::SigningResult &sResult); void start_crypto_overlay (); - void stop_crypto_overlay (); private: Mail *m_mail; GpgME::Data m_input, m_bodyInput, m_signedData, m_output; - GpgME::Data m_overlayStdin; std::string m_micalg; bool m_encrypt, m_sign, m_inline, m_crypto_success; GpgME::Protocol m_proto; GpgME::Key m_signer_key; std::vector m_recipients; - std::unique_ptr m_overlayCtx; + std::unique_ptr m_overlay; }; #endif diff --git a/src/overlay.cpp b/src/overlay.cpp new file mode 100644 index 0000000..a53bc14 --- /dev/null +++ b/src/overlay.cpp @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2018 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ +#include "config.h" + +#include "overlay.h" + +#include "common.h" +#include "cpphelp.h" + +#include + +#include + +Overlay::Overlay (HWND wid, const std::string &text) +{ + std::vector args; + + // Collect the arguments + char *gpg4win_dir = get_gpg4win_dir (); + if (!gpg4win_dir) + { + TRACEPOINT; + return; + } + const auto overlayer = std::string (gpg4win_dir) + "\\bin\\overlayer.exe"; + xfree (gpg4win_dir); + args.push_back (overlayer); + + args.push_back (std::string ("--hwnd")); + args.push_back (std::to_string ((int) wid)); + + args.push_back (std::string ("--overlayText")); + args.push_back (text); + char **cargs = vector_to_cArray (args); + + m_overlayCtx = GpgME::Context::createForEngine (GpgME::SpawnEngine); + + if (!m_overlayCtx) + { + // can't happen + release_cArray (cargs); + TRACEPOINT; + return; + } + + GpgME::Data mystderr(GpgME::Data::null); + GpgME::Data mystdout(GpgME::Data::null); + + GpgME::Error err = m_overlayCtx->spawnAsync (cargs[0], const_cast (cargs), + m_overlayStdin, mystdout, mystderr, + (GpgME::Context::SpawnFlags) ( + GpgME::Context::SpawnAllowSetFg | + GpgME::Context::SpawnShowWindow)); + release_cArray (cargs); + TRACEPOINT; + + log_debug ("%s:%s: Created overlay window over %p", + SRCNAME, __func__, wid); +} + +Overlay::~Overlay() +{ + log_debug ("%s:%s: Stopping overlay.", + SRCNAME, __func__); + m_overlayStdin.write ("quit\n", 5); +} diff --git a/src/overlay.h b/src/overlay.h new file mode 100644 index 0000000..9f8ed62 --- /dev/null +++ b/src/overlay.h @@ -0,0 +1,46 @@ +#ifndef OVERLAY_H +#define OVERLAY_H +/* @file overlay.h + * @brief Overlay something through WinAPI. + * + * Copyright (C) 2018 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ +#include + +#include + +#include + +namespace GpgME +{ + class Context; +} // namespace GpgME + +class Overlay +{ +public: + /* Create an overlay over a foreign window */ + Overlay(HWND handle, const std::string &text); + ~Overlay(); + +private: + std::unique_ptr m_overlayCtx; + GpgME::Data m_overlayStdin; +}; + +#endif // OVERLAY_H commit acf089c3376a1e097ebc6d4cc1dde8ac124df8a8 Author: Andre Heinecke Date: Fri Feb 16 09:40:23 2018 +0100 Implement WKS Supported check * src/Makefile.am: Add wks-helper * src/wks-helper.cpp: New. * src/wks-helper.h: New. * src/cryptcontroller.cpp (CryptController::do_crypto): Trigger WKS Check when doing crypto. diff --git a/src/Makefile.am b/src/Makefile.am index d605c20..026f031 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -86,7 +86,8 @@ gpgol_SOURCES = \ mimedataprovider.cpp mimedataprovider.h \ explorer-events.cpp explorers-events.cpp \ cryptcontroller.cpp cryptcontroller.h \ - cpphelp.cpp cpphelp.h + cpphelp.cpp cpphelp.h \ + wks-helper.cpp wks-helper.h #treeview_SOURCES = treeview.c diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index eee123d..c45102a 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -26,6 +26,7 @@ #include "mail.h" #include "mapihelp.h" #include "mimemaker.h" +#include "wks-helper.h" #include #include @@ -443,6 +444,9 @@ CryptController::do_crypto () log_debug ("%s:%s", SRCNAME, __func__); + /* Start a WKS check if necessary. */ + WKSHelper::instance()->start_check (m_mail->get_cached_sender ()); + if (resolve_keys ()) { log_debug ("%s:%s: Failure to resolve keys.", diff --git a/src/wks-helper.cpp b/src/wks-helper.cpp new file mode 100644 index 0000000..efe3bce --- /dev/null +++ b/src/wks-helper.cpp @@ -0,0 +1,236 @@ +/* wks-helper.cpp - Web Key Services for GpgOL + * Copyright (C) 2018 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#include "wks-helper.h" + +#include "common.h" +#include "cpphelp.h" + +#include + +#include + +#include +#include +#include +#include + +#define CHECK_MIN_INTERVAL (60 * 60 * 24 * 7) + +static std::map s_states; +static std::map s_last_checked; + +static WKSHelper* singleton = NULL; + +GPGRT_LOCK_DEFINE (wks_lock); + +WKSHelper::WKSHelper() +{ + load (); +} + +WKSHelper::~WKSHelper () +{ + // Ensure that we are not destroyed while + // worker is running. + gpgrt_lock_lock (&wks_lock); + gpgrt_lock_unlock (&wks_lock); +} + +const WKSHelper* +WKSHelper::instance () +{ + if (!singleton) + { + singleton = new WKSHelper (); + } + return singleton; +} + +WKSHelper::WKSState +WKSHelper::get_state (const std::string &mbox) const +{ + gpgrt_lock_lock (&wks_lock); + const auto it = s_states.find(mbox); + const auto dataEnd = s_states.end(); + gpgrt_lock_unlock (&wks_lock); + if (it == dataEnd) + { + return NotChecked; + } + return it->second; +} + +time_t +WKSHelper::get_check_time (const std::string &mbox) const +{ + gpgrt_lock_lock (&wks_lock); + const auto it = s_last_checked.find(mbox); + const auto dataEnd = s_last_checked.end(); + gpgrt_lock_unlock (&wks_lock); + if (it == dataEnd) + { + return 0; + } + return it->second; +} + +static std::string +get_wks_client_path () +{ + char *gpg4win_dir = get_gpg4win_dir (); + if (!gpg4win_dir) + { + TRACEPOINT; + return std::string (); + } + const auto ret = std::string (gpg4win_dir) + + "\\..\\GnuPG\\bin\\gpg-wks-client.exe"; + xfree (gpg4win_dir); + + if (!access (ret.c_str (), F_OK)) + { + return ret; + } + log_debug ("%s:%s: Failed to find wks-client in '%s'", + SRCNAME, __func__, ret.c_str ()); + return std::string (); +} + +static DWORD WINAPI +do_check (LPVOID arg) +{ + const auto wksPath = get_wks_client_path (); + + if (wksPath.empty()) + { + return 0; + } + + std::vector args; + const auto mbox = std::string ((char *) arg); + xfree (arg); + + args.push_back (wksPath); + args.push_back (std::string ("--status-fd")); + args.push_back (std::string ("1")); + args.push_back (std::string ("--supported")); + args.push_back (mbox); + + // Spawn the process + auto ctx = GpgME::Context::createForEngine (GpgME::SpawnEngine); + + if (!ctx) + { + TRACEPOINT; + return 0; + } + + GpgME::Data mystdin, mystdout, mystderr; + + char **cargs = vector_to_cArray (args); + + GpgME::Error err = ctx->spawn (cargs[0], const_cast (cargs), + mystdin, mystdout, mystderr, + GpgME::Context::SpawnNone); + release_cArray (cargs); + + if (err) + { + log_debug ("%s:%s: WKS client spawn code: %i asString: %s", + SRCNAME, __func__, err.code(), err.asString()); + return 0; + } + + auto data = mystdout.toString (); + rtrim (data); + + bool success = data == "[GNUPG:] SUCCESS"; + const auto state = success ? WKSHelper::Supported : WKSHelper::NotSupported; + + gpgrt_lock_lock (&wks_lock); + + auto it = s_states.find(mbox); + + // TODO figure out if it was published. + if (success) + { + log_debug ("%s:%s: WKS client: '%s' is supported", + SRCNAME, __func__, mbox.c_str ()); + } + if (it != s_states.end()) + { + it->second = state; + } + else + { + s_states.insert (std::make_pair (mbox, state)); + } + + auto tit = s_last_checked.find(mbox); + auto now = time (0); + if (tit != s_last_checked.end()) + { + tit->second = now; + } + else + { + s_last_checked.insert (std::make_pair (mbox, now)); + } + + gpgrt_lock_unlock (&wks_lock); + return 0; +} + +void +WKSHelper::start_check (const std::string &mbox, bool forced) const +{ + auto lastTime = get_check_time (mbox); + auto now = time (0); + if (!forced && lastTime && difftime (lastTime, now) < CHECK_MIN_INTERVAL) + { + /* Data is new enough */ + return; + } + + if (mbox.empty()) + { + log_debug ("%s:%s: start check called without mbox", + SRCNAME, __func__); + } + + log_debug ("%s:%s: WKSHelper starting check", + SRCNAME, __func__); + /* Start the actual work that can be done in a background thread. */ + CloseHandle (CreateThread (NULL, 0, do_check, strdup (mbox.c_str ()), 0, + NULL)); + return; +} + +void +WKSHelper::load () const +{ + // TODO +} + +void +WKSHelper::save () const +{ + // TODO +} diff --git a/src/wks-helper.h b/src/wks-helper.h new file mode 100644 index 0000000..29af516 --- /dev/null +++ b/src/wks-helper.h @@ -0,0 +1,80 @@ +/* @file wks-helper.cpp + * @brief Helper to work with a web-key-service + * + * Copyright (C) 2018 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ +#include "config.h" + +#include + +/** @brief Helper for web key services. + * + * Everything is public to make it easy to access data + * members from another windows thread. Don't mess with them. + */ +class WKSHelper +{ +protected: + /** Loads the list of checked keys */ + explicit WKSHelper (); +public: + enum WKSState + { + NotChecked, /*<-- Supported state was not checked */ + NotSupported, /* <-- WKS is not supported for this address */ + Supported, /* <-- WKS is supported for this address */ + NeedsPublish, /* <-- There was no key published for this address */ + NeedsUpdate, /* <-- Not yet implemeted. */ + RequestSent, /* <-- A publishing request has been sent. */ + }; + + ~WKSHelper (); + + /** Get the WKSHelper + + On the initial request: + Ensure that the OOM is available. + Will load all account addresses from OOM and then return. + + Starts a background thread to load info from a file + and run checks if necessary. + + When the thread is finished initialized will be true. + */ + static const WKSHelper* instance (); + + /** If the key for the address @address should be published */ + WKSState get_state (const std::string &mbox) const; + + /** Start a supported check for a given mbox. + + If force is true the check will be run. Otherwise + the state will only be updated if the last check + was more then 7 days ago. + + Returns immediately as the check is run in a background + thread. + */ + void start_check (const std::string &mbox, bool force = false) const; + +private: + time_t get_check_time (const std::string &mbox) const; + + void save() const; + void load() const;; +}; commit cc08ea5d290c279fcd69a7f6b712e20f9f8f5900 Author: Andre Heinecke Date: Fri Feb 16 09:39:53 2018 +0100 Fix minor memleak * src/cryptcontroller.cpp (CryptController::do_crypto): Free gpg4win_dir. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 2f74294..eee123d 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -936,6 +936,7 @@ CryptController::start_crypto_overlay () return; } const auto overlayer = std::string (gpg4win_dir) + "\\bin\\overlayer.exe"; + xfree (gpg4win_dir); args.push_back (overlayer); auto wnd = m_mail->get_window (); commit e25a51950583d0ae051b38f0aed17522fb8f77b5 Author: Andre Heinecke Date: Fri Feb 16 08:09:03 2018 +0100 Factor out common cpp helper to cpphelp * src/cryptcontroller.cpp (release_carray, vector_to_charArray) (rtrim): Move into cpphelp. * src/cpphelp.cpp, src/cpphelp.h: New. * src/Makefile.am: Add it. diff --git a/src/Makefile.am b/src/Makefile.am index 90091cb..d605c20 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -85,7 +85,8 @@ gpgol_SOURCES = \ parsecontroller.cpp parsecontroller.h \ mimedataprovider.cpp mimedataprovider.h \ explorer-events.cpp explorers-events.cpp \ - cryptcontroller.cpp cryptcontroller.h + cryptcontroller.cpp cryptcontroller.h \ + cpphelp.cpp cpphelp.h #treeview_SOURCES = treeview.c diff --git a/src/cpphelp.cpp b/src/cpphelp.cpp new file mode 100644 index 0000000..20b91d3 --- /dev/null +++ b/src/cpphelp.cpp @@ -0,0 +1,57 @@ +/* @file cpphelp.h + * @brief Common cpp helper stuff + * + * Copyright (C) 2018 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#include "config.h" + +#include +#include "cpphelp.h" + +#include "common.h" + +void +release_cArray (char **carray) +{ + if (carray) + { + for (int idx = 0; carray[idx]; idx++) + xfree (carray[idx]); + xfree (carray); + } +} + +void +rtrim(std::string &s) { + s.erase(std::find_if(s.rbegin(), s.rend(), [](int ch) { + return !std::isspace(ch); + }).base(), s.end()); +} + +char ** +vector_to_cArray(const std::vector &vec) +{ + char ** ret = (char**) xmalloc (sizeof (char*) * (vec.size() + 1)); + for (size_t i = 0; i < vec.size(); i++) + { + ret[i] = strdup (vec[i].c_str()); + } + ret[vec.size()] = NULL; + return ret; +} diff --git a/src/cpphelp.h b/src/cpphelp.h new file mode 100644 index 0000000..0b60170 --- /dev/null +++ b/src/cpphelp.h @@ -0,0 +1,39 @@ +#ifndef CPPHELP_H +#define CPPHELP_H +/* @file cpphelp.h + * @brief Common cpp helper stuff + * + * Copyright (C) 2018 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#include +#include + +/* Stuff that should be in common but is c++ so it does not fit in there. */ + + +/* Release a null terminated char* array */ +void release_cArray (char **carray); + +/* Trim whitespace from a string. */ +void rtrim(std::string &s); + +/* Convert a string vector to a null terminated char array */ +char **vector_to_cArray (const std::vector &vec); + +#endif // CPPHELP_H diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index 2920544..2f74294 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -21,6 +21,7 @@ #include "config.h" #include "common.h" +#include "cpphelp.h" #include "cryptcontroller.h" #include "mail.h" #include "mapihelp.h" @@ -161,38 +162,6 @@ CryptController::collect_data () return 0; } -static void -release_carray (char **recipients) -{ - int idx; - - if (recipients) - { - for (idx=0; recipients[idx]; idx++) - xfree (recipients[idx]); - xfree (recipients); - } -} - -static inline void -rtrim(std::string &s) { - s.erase(std::find_if(s.rbegin(), s.rend(), [](int ch) { - return !std::isspace(ch); - }).base(), s.end()); -} - -char ** -vector_to_charArray(const std::vector &vec) -{ - char ** ret = (char**) xmalloc (sizeof (char*) * (vec.size() + 1)); - for (size_t i = 0; i < vec.size(); i++) - { - ret[i] = strdup (vec[i].c_str()); - } - ret[vec.size()] = NULL; - return ret; -} - int CryptController::lookup_fingerprints (const std::string &sigFpr, const std::vector recpFprs) @@ -232,7 +201,7 @@ CryptController::lookup_fingerprints (const std::string &sigFpr, } // Convert recipient fingerprints - char **cRecps = vector_to_charArray (recpFprs); + char **cRecps = vector_to_cArray (recpFprs); err = ctx->startKeyListing (const_cast (cRecps)); @@ -248,7 +217,7 @@ CryptController::lookup_fingerprints (const std::string &sigFpr, m_recipients.pop_back(); - release_carray (cRecps); + release_cArray (cRecps); return 0; } @@ -402,13 +371,13 @@ CryptController::resolve_keys () args.push_back (GpgME::UserID::addrSpecFromString (recipients[i])); } - release_carray (recipients); + release_cArray (recipients); } // Convert our collected vector to c strings // It's a bit overhead but should be quick for such small // data. - char **cargs = vector_to_charArray (args); + char **cargs = vector_to_cArray (args); // Args are prepared. Spawn the resolver. auto ctx = GpgME::Context::createForEngine (GpgME::SpawnEngine); @@ -416,7 +385,7 @@ CryptController::resolve_keys () if (!ctx) { // can't happen - release_carray (cargs); + release_cArray (cargs); TRACEPOINT; return -1; } @@ -448,7 +417,7 @@ CryptController::resolve_keys () log_debug ("Resolver stderr:\n'%s'", mystderr.toString ().c_str ()); #endif - release_carray (cargs); + release_cArray (cargs); if (err) { @@ -986,14 +955,14 @@ CryptController::start_crypto_overlay () { args.push_back (std::string (_("Signing..."))); } - char **cargs = vector_to_charArray (args); + char **cargs = vector_to_cArray (args); m_overlayCtx = GpgME::Context::createForEngine (GpgME::SpawnEngine); if (!m_overlayCtx) { // can't happen - release_carray (cargs); + release_cArray (cargs); TRACEPOINT; return; } @@ -1013,5 +982,5 @@ CryptController::start_crypto_overlay () log_debug ("%i: '%s'", i, cargs[i]); } #endif - release_carray (cargs); + release_cArray (cargs); } ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 5 +- src/cpphelp.cpp | 57 ++++++ src/{addin-options.h => cpphelp.h} | 29 ++- src/cryptcontroller.cpp | 117 ++--------- src/cryptcontroller.h | 5 +- src/mailitem-events.cpp | 2 +- src/overlay.cpp | 88 +++++++++ src/{addin-options.h => overlay.h} | 37 +++- src/windowmessages.cpp | 10 + src/windowmessages.h | 1 + src/wks-helper.cpp | 389 +++++++++++++++++++++++++++++++++++++ src/wks-helper.h | 95 +++++++++ 12 files changed, 714 insertions(+), 121 deletions(-) create mode 100644 src/cpphelp.cpp copy src/{addin-options.h => cpphelp.h} (56%) create mode 100644 src/overlay.cpp copy src/{addin-options.h => overlay.h} (57%) create mode 100644 src/wks-helper.cpp create mode 100644 src/wks-helper.h hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 16 16:31:39 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 16 Feb 2018 16:31:39 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-41-gc513358 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via c5133586929626685ac6ceef57e775ac7761cdb0 (commit) via d483d0d02d99cd4b5b76213e17876e00bd6d6268 (commit) via 087562b5f4f6f72143efa59b9aea4582b1a10028 (commit) via 5c188d6a800675dc7b9017c257a0f2b757b9eb71 (commit) from 573661d09c07b67680be17418e13fcfa960c4a2d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c5133586929626685ac6ceef57e775ac7761cdb0 Author: Andre Heinecke Date: Fri Feb 16 16:30:25 2018 +0100 Implement WKS-Client request sending * src/wks-helper.cpp (WKSHelper::send_mail): New. * src/wks-helper.h: Update accordingly. -- This basically works. But there is a big issue. Somehow the SendUsingAccount setting does not work so it always sends out the mails with the default account. diff --git a/src/wks-helper.cpp b/src/wks-helper.cpp index 49e6dbe..3dbc31d 100644 --- a/src/wks-helper.cpp +++ b/src/wks-helper.cpp @@ -24,8 +24,10 @@ #include "oomhelp.h" #include "windowmessages.h" #include "overlay.h" +#include "mail.h" #include +#include #include @@ -299,8 +301,8 @@ WKSHelper::notify (const char *cBox) const void WKSHelper::start_publish (const std::string &mbox) const { - Overlay (get_active_hwnd (), - std::string (_("Creating registration request..."))); +// Overlay (get_active_hwnd (), +// std::string (_("Creating registration request..."))); log_debug ("%s:%s: Start publish for '%s'", SRCNAME, __func__, mbox.c_str ()); @@ -354,7 +356,7 @@ WKSHelper::start_publish (const std::string &mbox) const SRCNAME, __func__, err.code(), err.asString()); return; } - auto data = mystdout.toString (); + const auto data = mystdout.toString (); if (data.empty ()) { @@ -367,6 +369,9 @@ WKSHelper::start_publish (const std::string &mbox) const log_debug ("%s:%s: WKS client: returned '%s'", SRCNAME, __func__, data.c_str ()); + + send_mail (data); + return; } @@ -387,3 +392,82 @@ WKSHelper::update_state (const std::string &mbox, WKSState state) const } gpgrt_lock_unlock (&wks_lock); } + +void +WKSHelper::send_mail (const std::string &mimeData) const +{ + std::istringstream ss(mimeData); + + std::string from; + std::string to; + std::string subject; + std::string withoutHeaders; + + std::getline (ss, from); + std::getline (ss, to); + std::getline (ss, subject); + + if (from.compare (0, 6, "From: ") || to.compare (0, 4, "To: "), + subject.compare (0, 9, "Subject: ")) + { + log_error ("%s:%s: Invalid mime data..", + SRCNAME, __func__); + return; + } + + std::getline (ss, withoutHeaders, '\0'); + + from.erase (0, 6); + to.erase (0, 4); + subject.erase (0, 9); + + rtrim (from); + rtrim (to); + rtrim (subject); + + LPDISPATCH mail = create_mail (); + + if (!mail) + { + log_error ("%s:%s: Failed to create mail for request.", + SRCNAME, __func__); + return; + } + + if (put_oom_string (mail, "Subject", subject.c_str ())) + { + TRACEPOINT; + gpgol_release (mail); + return; + } + + if (put_oom_string (mail, "To", to.c_str ())) + { + TRACEPOINT; + gpgol_release (mail); + return; + } + + LPDISPATCH account = get_account_for_mail (from.c_str ()); + if (account) + { + log_debug ("%s:%s: Changing account.", + SRCNAME, __func__); + put_oom_disp (mail, "SendUsingAccount", account); + } + + /* Now we have a problem. The created LPDISPATCH pointer has + a different value then the one with which we saw the ItemLoad + event. But we want to get the mail object. So,.. surpise + a Hack! :-) */ + auto last_mail = Mail::get_last_mail (); + + last_mail->set_override_mime_data (mimeData); + last_mail->set_crypt_state (Mail::NeedsSecondAfterWrite); + + invoke_oom_method (mail, "Save", NULL); + invoke_oom_method (mail, "Send", NULL); + + log_debug ("%s:%s: Publish successful", + SRCNAME, __func__); +} diff --git a/src/wks-helper.h b/src/wks-helper.h index 2f55a3f..efd36f5 100644 --- a/src/wks-helper.h +++ b/src/wks-helper.h @@ -88,6 +88,9 @@ public: /** Update or insert a state in the static maps. */ void update_state (const std::string &mbox, WKSState state) const; + /** Create / Build Mail */ + void send_mail (const std::string &mimeData) const; + private: time_t get_check_time (const std::string &mbox) const; commit d483d0d02d99cd4b5b76213e17876e00bd6d6268 Author: Andre Heinecke Date: Fri Feb 16 16:29:11 2018 +0100 Add oom helper to create mail and handle accounts * src/oomhelp.cpp (create_mail): Create a new mail. (get_account_for_mail): Get an account for a mail address. (put_oom_disp): New. * src/oomhelp.h: Update accordingly. diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp index ce444d7..a72bace 100644 --- a/src/oomhelp.cpp +++ b/src/oomhelp.cpp @@ -533,6 +533,40 @@ put_oom_string (LPDISPATCH pDisp, const char *name, const char *string) return 0; } +/* Set the property NAME to DISP. */ +int +put_oom_disp (LPDISPATCH pDisp, const char *name, LPDISPATCH disp) +{ + HRESULT hr; + DISPID dispid_put = DISPID_PROPERTYPUT; + DISPID dispid; + DISPPARAMS dispparams; + VARIANT aVariant[1]; + EXCEPINFO execpinfo; + + init_excepinfo (&execpinfo); + dispid = lookup_oom_dispid (pDisp, name); + if (dispid == DISPID_UNKNOWN) + return -1; + + dispparams.rgvarg = aVariant; + dispparams.rgvarg[0].vt = VT_DISPATCH | VT_BYREF; + dispparams.rgvarg[0].pdispVal = disp; + dispparams.cArgs = 1; + dispparams.rgdispidNamedArgs = &dispid_put; + dispparams.cNamedArgs = 1; + hr = pDisp->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT, + DISPATCH_PROPERTYPUT, &dispparams, + NULL, &execpinfo, NULL); + if (hr != S_OK) + { + log_debug ("%s:%s: Putting '%s' failed: %#lx", + SRCNAME, __func__, name, hr); + dump_excepinfo (execpinfo); + return -1; + } + return 0; +} /* Get the boolean property NAME of the object PDISP. Returns False if not found or if it is not a boolean property. */ @@ -1777,3 +1811,92 @@ get_active_hwnd () return hwnd; } + +LPDISPATCH +create_mail () +{ + LPDISPATCH app = GpgolAddin::get_instance ()->get_application (); + + if (!app) + { + TRACEPOINT; + return nullptr; + } + + VARIANT var; + VariantInit (&var); + VARIANT argvars[1]; + DISPPARAMS args; + VariantInit (&argvars[0]); + argvars[0].vt = VT_I2; + argvars[0].intVal = 0; + args.cArgs = 1; + args.cNamedArgs = 0; + args.rgvarg = argvars; + + LPDISPATCH ret = nullptr; + + if (invoke_oom_method_with_parms (app, "CreateItem", &var, &args)) + { + log_error ("%s:%s: Failed to create mailitem.", + SRCNAME, __func__); + return ret; + } + + ret = var.pdispVal; + return ret; +} + +LPDISPATCH +get_account_for_mail (const char *mbox) +{ + LPDISPATCH app = GpgolAddin::get_instance ()->get_application (); + + if (!app) + { + TRACEPOINT; + return nullptr; + } + + LPDISPATCH accounts = get_oom_object (app, "Session.Accounts"); + + if (!accounts) + { + TRACEPOINT; + return nullptr; + } + + int count = get_oom_int (accounts, "Count"); + for (int i = 1; i <= count; i++) + { + std::string item = std::string ("Item(") + std::to_string (i) + ")"; + + LPDISPATCH account = get_oom_object (accounts, item.c_str ()); + + if (!account) + { + TRACEPOINT; + continue; + } + char *smtpAddr = get_oom_string (account, "SmtpAddress"); + + if (!smtpAddr) + { + TRACEPOINT; + continue; + } + if (!stricmp (mbox, smtpAddr)) + { + gpgol_release (accounts); + xfree (smtpAddr); + return account; + } + xfree (smtpAddr); + } + gpgol_release (accounts); + + log_error ("%s:%s: Failed to find account for '%s'.", + SRCNAME, __func__, mbox); + + return nullptr; +} diff --git a/src/oomhelp.h b/src/oomhelp.h index 1008860..0c8789c 100644 --- a/src/oomhelp.h +++ b/src/oomhelp.h @@ -141,6 +141,9 @@ int put_oom_int (LPDISPATCH pDisp, const char *name, int value); /* Set the property NAME to STRING. */ int put_oom_string (LPDISPATCH pDisp, const char *name, const char *string); +/* Set the property NAME to DISP. */ +int put_oom_disp (LPDISPATCH pDisp, const char *name, LPDISPATCH value); + /* Get the boolean property NAME of the object PDISP. */ int get_oom_bool (LPDISPATCH pDisp, const char *name); @@ -320,6 +323,11 @@ get_unique_id (LPDISPATCH mail, int create, const char* uuid); through FindWindow and the caption. Does not use IOleWindow because that was unreliable somhow. */ HWND get_active_hwnd (void); + +/* Create a new mailitem and return it */ +LPDISPATCH create_mail (void); + +LPDISPATCH get_account_for_mail (const char *mbox); #ifdef __cplusplus } #endif commit 087562b5f4f6f72143efa59b9aea4582b1a10028 Author: Andre Heinecke Date: Fri Feb 16 16:27:38 2018 +0100 Make it possible to get the last created mail * src/mail.cpp (Mail::get_last_mail): New. * src/mail.h: Update accordingly. -- This makes it easy to get a reference to our internal Mail object for example if a mail was created programatically as the returned DISPATCH pointer differ. diff --git a/src/mail.cpp b/src/mail.cpp index 6d8a0f4..00b42d3 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -62,6 +62,8 @@ static std::map g_mail_map; static std::map g_uid_map; static std::set uids_searched; +static Mail *s_last_mail; + static bool in_de_vs_mode() { @@ -159,6 +161,7 @@ Mail::Mail (LPDISPATCH mailitem) : return; } g_mail_map.insert (std::pair (mailitem, this)); + s_last_mail = this; } GPGRT_LOCK_DEFINE(dtor_lock); @@ -2701,3 +2704,14 @@ Mail::check_inline_response () return m_is_inline_response; } + +// static +Mail * +Mail::get_last_mail () +{ + if (!s_last_mail || !is_valid_ptr (s_last_mail)) + { + s_last_mail = nullptr; + } + return s_last_mail; +} diff --git a/src/mail.h b/src/mail.h index 929c509..53c0e23 100644 --- a/src/mail.h +++ b/src/mail.h @@ -86,6 +86,12 @@ public: */ static Mail* get_mail_for_uuid (const char *uuid); + /** @brief Get the last created mail. + + @returns A reference to the last created mail or null. + */ + static Mail* get_last_mail (); + /** @brief looks for existing Mail objects. @returns A reference to an existing mailitem or NULL in case none commit 5c188d6a800675dc7b9017c257a0f2b757b9eb71 Author: Andre Heinecke Date: Fri Feb 16 16:25:32 2018 +0100 Add possibility to override mime struct for mail * src/cryptcontroller.cpp (update_mail_mapi): Prefer override mime. * src/mail.cpp (Mail::set_override_mime, Mail::get_override_mime): New. (Mail::update_crypt_mapi): Create dummy crypter for overidden mime. diff --git a/src/cryptcontroller.cpp b/src/cryptcontroller.cpp index a510978..e2e4570 100644 --- a/src/cryptcontroller.cpp +++ b/src/cryptcontroller.cpp @@ -822,7 +822,13 @@ CryptController::update_mail_mapi () PROTOCOL_SMIME : PROTOCOL_OPENPGP; int rc = 0; - if (m_sign && m_encrypt) + /* Do we have override MIME ? */ + const auto overrideMime = m_mail->get_override_mime_data (); + if (!overrideMime.empty()) + { + rc = write_string (sink, overrideMime.c_str ()); + } + else if (m_sign && m_encrypt) { rc = create_encrypt_attach (sink, protocol, m_output); } diff --git a/src/mail.cpp b/src/mail.cpp index c86eac5..6d8a0f4 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -2561,10 +2561,21 @@ Mail::update_crypt_mapi() } if (!m_crypter) { - log_error ("%s:%s: No crypter.", - SRCNAME, __func__); - m_crypt_state = NoCryptMail; - return; + if (!m_mime_data.empty()) + { + log_debug ("%s:%s: Have override mime data creating dummy crypter", + SRCNAME, __func__); + m_crypter = std::shared_ptr (new CryptController (this, false, + false, + false, GpgME::UnknownProtocol)); + } + else + { + log_error ("%s:%s: No crypter.", + SRCNAME, __func__); + m_crypt_state = NoCryptMail; + return; + } } if (m_crypter->update_mail_mapi ()) diff --git a/src/mail.h b/src/mail.h index acc783b..929c509 100644 --- a/src/mail.h +++ b/src/mail.h @@ -421,6 +421,13 @@ public: on error. */ void reset_crypter () { m_crypter = nullptr; } + /** Set special crypto mime data that should be used as the + mime structure when sending. */ + void set_override_mime_data (const std::string &data) {m_mime_data = data;} + + /** Get the mime data that should be used when sending. */ + std::string get_override_mime_data () const { return m_mime_data; } + private: void update_categories (); void update_body (); @@ -460,5 +467,6 @@ private: CryptState m_crypt_state; HWND m_window; bool m_is_inline_response; + std::string m_mime_data; }; #endif // MAIL_H ----------------------------------------------------------------------- Summary of changes: src/cryptcontroller.cpp | 8 +++- src/mail.cpp | 33 +++++++++++-- src/mail.h | 14 ++++++ src/oomhelp.cpp | 123 ++++++++++++++++++++++++++++++++++++++++++++++++ src/oomhelp.h | 8 ++++ src/wks-helper.cpp | 90 +++++++++++++++++++++++++++++++++-- src/wks-helper.h | 3 ++ 7 files changed, 271 insertions(+), 8 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Sun Feb 18 16:12:58 2018 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 18 Feb 2018 16:12:58 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-45-g0b3ec35 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0b3ec359e2279c3b46b171372b1b7733bba20cd7 (commit) via d02958bd300d2c80bc92b1e072103e95e256b297 (commit) via da58a62ac1b7a8d97b0895dcb41d15af531e45e5 (commit) via af7fc732f9a7af7a70276f1e8364d2132db314f1 (commit) from ffdc6f3623a0bcb41324d562340b2cd1c288e387 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0b3ec359e2279c3b46b171372b1b7733bba20cd7 Author: Jussi Kivilinna Date: Thu Feb 15 22:13:28 2018 +0200 Add Intel SHA Extensions accelerated SHA256 implementation * cipher/Makefile.am: Add 'sha256-intel-shaext.c'. * cipher/sha256-intel-shaext.c: New. * cipher/sha256.c (USE_SHAEXT) (_gcry_sha256_transform_intel_shaext): New. (SHA256_CONTEXT): Add 'use_shaext'. (sha256_init, sha224_init) [USE_SHAEXT]: Use shaext if supported. (transform) [USE_SHAEXT]: Use shaext if enabled. (transform): Only add ASM_EXTRA_STACK if returned burn length is not zero. * configure.ac: Add 'sha256-intel-shaext.lo'. -- Benchmark on Intel Celeron J3455 (1500 Mhz, no turbo): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 10.07 ns/B 94.72 MiB/s 15.10 c/B After (3.7x faster): | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 2.70 ns/B 353.8 MiB/s 4.04 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 110a48b..599e3c1 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -94,7 +94,7 @@ sha1.c sha1-ssse3-amd64.S sha1-avx-amd64.S sha1-avx-bmi2-amd64.S \ sha1-armv7-neon.S sha1-armv8-aarch32-ce.S sha1-armv8-aarch64-ce.S \ sha1-intel-shaext.c \ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ - sha256-armv8-aarch32-ce.S sha256-armv8-aarch64-ce.S \ + sha256-armv8-aarch32-ce.S sha256-armv8-aarch64-ce.S sha256-intel-shaext.c \ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \ sha512-armv7-neon.S sha512-arm.S \ sm3.c \ diff --git a/cipher/sha256-intel-shaext.c b/cipher/sha256-intel-shaext.c new file mode 100644 index 0000000..0c107bb --- /dev/null +++ b/cipher/sha256-intel-shaext.c @@ -0,0 +1,352 @@ +/* sha256-intel-shaext.S - SHAEXT accelerated SHA-256 transform function + * Copyright (C) 2018 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include + +#include "types.h" + +#if defined(HAVE_GCC_INLINE_ASM_SHAEXT) && \ + defined(HAVE_GCC_INLINE_ASM_SSE41) && defined(USE_SHA256) && \ + defined(ENABLE_SHAEXT_SUPPORT) + +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + +/* Two macros to be called prior and after the use of SHA-EXT + instructions. There should be no external function calls between + the use of these macros. There purpose is to make sure that the + SSE regsiters are cleared and won't reveal any information about + the key or the data. */ +#ifdef __WIN64__ +/* XMM6-XMM15 are callee-saved registers on WIN64. */ +# define shaext_prepare_variable char win64tmp[2*16] +# define shaext_prepare_variable_size sizeof(win64tmp) +# define shaext_prepare() \ + do { asm volatile ("movdqu %%xmm6, (%0)\n" \ + "movdqu %%xmm7, (%1)\n" \ + : \ + : "r" (&win64tmp[0]), "r" (&win64tmp[16]) \ + : "memory"); \ + } while (0) +# define shaext_cleanup(tmp0,tmp1) \ + do { asm volatile ("movdqu (%0), %%xmm6\n" \ + "movdqu (%1), %%xmm7\n" \ + "pxor %%xmm0, %%xmm0\n" \ + "pxor %%xmm1, %%xmm1\n" \ + "pxor %%xmm2, %%xmm2\n" \ + "pxor %%xmm3, %%xmm3\n" \ + "pxor %%xmm4, %%xmm4\n" \ + "pxor %%xmm5, %%xmm5\n" \ + "movdqa %%xmm0, (%2)\n\t" \ + "movdqa %%xmm0, (%3)\n\t" \ + : \ + : "r" (&win64tmp[0]), "r" (&win64tmp[16]), \ + "r" (tmp0), "r" (tmp1) \ + : "memory"); \ + } while (0) +#else +# define shaext_prepare_variable +# define shaext_prepare_variable_size 0 +# define shaext_prepare() do { } while (0) +# define shaext_cleanup(tmp0,tmp1) \ + do { asm volatile ("pxor %%xmm0, %%xmm0\n" \ + "pxor %%xmm1, %%xmm1\n" \ + "pxor %%xmm2, %%xmm2\n" \ + "pxor %%xmm3, %%xmm3\n" \ + "pxor %%xmm4, %%xmm4\n" \ + "pxor %%xmm5, %%xmm5\n" \ + "pxor %%xmm6, %%xmm6\n" \ + "pxor %%xmm7, %%xmm7\n" \ + "movdqa %%xmm0, (%0)\n\t" \ + "movdqa %%xmm0, (%1)\n\t" \ + : \ + : "r" (tmp0), "r" (tmp1) \ + : "memory"); \ + } while (0) +#endif + +typedef struct u128_s +{ + u32 a, b, c, d; +} u128_t; + +/* + * Transform nblks*64 bytes (nblks*16 32-bit words) at DATA. + */ +unsigned int +_gcry_sha256_transform_intel_shaext(u32 state[8], const unsigned char *data, + size_t nblks) +{ + static const unsigned char bshuf_mask[16] __attribute__ ((aligned (16))) = + { 3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12 }; + static const u128_t K[16] __attribute__ ((aligned (16))) = + { + { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 }, + { 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 }, + { 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 }, + { 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 }, + { 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc }, + { 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da }, + { 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 }, + { 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 }, + { 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 }, + { 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 }, + { 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 }, + { 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 }, + { 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 }, + { 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 }, + { 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 }, + { 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 } + }; + char save_buf[2 * 16 + 15]; + char *abef_save; + char *cdgh_save; + shaext_prepare_variable; + + if (nblks == 0) + return 0; + + shaext_prepare (); + + asm volatile ("" : "=r" (abef_save) : "0" (save_buf) : "memory"); + abef_save = abef_save + (-(uintptr_t)abef_save & 15); + cdgh_save = abef_save + 16; + + /* byteswap mask => XMM7 */ + asm volatile ("movdqa %[mask], %%xmm7\n\t" /* Preload mask */ + : + : [mask] "m" (*bshuf_mask) + : "memory"); + + /* Load state.. ABEF_SAVE => STATE0 XMM1, CDGH_STATE => STATE1 XMM2 */ + asm volatile ("movups 16(%[state]), %%xmm1\n\t" /* HGFE (xmm=EFGH) */ + "movups 0(%[state]), %%xmm0\n\t" /* DCBA (xmm=ABCD) */ + "movaps %%xmm1, %%xmm2\n\t" + "shufps $0x11, %%xmm0, %%xmm1\n\t" /* ABEF (xmm=FEBA) */ + "shufps $0xbb, %%xmm0, %%xmm2\n\t" /* CDGH (xmm=HGDC) */ + : + : [state] "r" (state) + : "memory" ); + + /* Load message */ + asm volatile ("movdqu 0*16(%[data]), %%xmm3\n\t" + "movdqu 1*16(%[data]), %%xmm4\n\t" + "movdqu 2*16(%[data]), %%xmm5\n\t" + "movdqu 3*16(%[data]), %%xmm6\n\t" + "pshufb %%xmm7, %%xmm3\n\t" + "pshufb %%xmm7, %%xmm4\n\t" + "pshufb %%xmm7, %%xmm5\n\t" + "pshufb %%xmm7, %%xmm6\n\t" + : + : [data] "r" (data) + : "memory" ); + data += 64; + + do + { + /* Save state */ + asm volatile ("movdqa %%xmm1, (%[abef_save])\n\t" + "movdqa %%xmm2, (%[cdgh_save])\n\t" + : + : [abef_save] "r" (abef_save), [cdgh_save] "r" (cdgh_save) + : "memory" ); + + /* Round 0..3 */ + asm volatile ("movdqa %%xmm3, %%xmm0\n\t" + "paddd %[constants], %%xmm0\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "psrldq $8, %%xmm0\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + : + : [constants] "m" (K[0].a) + : "memory" ); + + /* Round 4..7 */ + asm volatile ("movdqa %%xmm4, %%xmm0\n\t" + "paddd %[constants], %%xmm0\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "psrldq $8, %%xmm0\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + "sha256msg1 %%xmm4, %%xmm3\n\t" + : + : [constants] "m" (K[1].a) + : "memory" ); + + /* Round 8..11 */ + asm volatile ("movdqa %%xmm5, %%xmm0\n\t" + "paddd %[constants], %%xmm0\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "psrldq $8, %%xmm0\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + "sha256msg1 %%xmm5, %%xmm4\n\t" + : + : [constants] "m" (K[2].a) + : "memory" ); + +#define ROUND(k, MSG0, MSG1, MSG2, MSG3) \ + asm volatile ("movdqa %%"MSG0", %%xmm0\n\t" \ + "paddd %[constants], %%xmm0\n\t" \ + "sha256rnds2 %%xmm1, %%xmm2\n\t" \ + "movdqa %%"MSG0", %%xmm7\n\t" \ + "palignr $4, %%"MSG3", %%xmm7\n\t" \ + "paddd %%xmm7, %%"MSG1"\n\t" \ + "sha256msg2 %%"MSG0", %%"MSG1"\n\t" \ + "psrldq $8, %%xmm0\n\t" \ + "sha256rnds2 %%xmm2, %%xmm1\n\t" \ + "sha256msg1 %%"MSG0", %%"MSG3"\n\t" \ + : \ + : [constants] "m" (K[k].a) \ + : "memory" ) + + /* Rounds 12..15 to 48..51 */ + ROUND(3, "xmm6", "xmm3", "xmm4", "xmm5"); + ROUND(4, "xmm3", "xmm4", "xmm5", "xmm6"); + ROUND(5, "xmm4", "xmm5", "xmm6", "xmm3"); + ROUND(6, "xmm5", "xmm6", "xmm3", "xmm4"); + ROUND(7, "xmm6", "xmm3", "xmm4", "xmm5"); + ROUND(8, "xmm3", "xmm4", "xmm5", "xmm6"); + ROUND(9, "xmm4", "xmm5", "xmm6", "xmm3"); + ROUND(10, "xmm5", "xmm6", "xmm3", "xmm4"); + ROUND(11, "xmm6", "xmm3", "xmm4", "xmm5"); + ROUND(12, "xmm3", "xmm4", "xmm5", "xmm6"); + + if (--nblks == 0) + break; + + /* Round 52..55 */ + asm volatile ("movdqa %%xmm4, %%xmm0\n\t" + "paddd %[constants], %%xmm0\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "movdqa %%xmm4, %%xmm7\n\t" + "palignr $4, %%xmm3, %%xmm7\n\t" + "movdqu 0*16(%[data]), %%xmm3\n\t" + "paddd %%xmm7, %%xmm5\n\t" + "sha256msg2 %%xmm4, %%xmm5\n\t" + "psrldq $8, %%xmm0\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + : + : [constants] "m" (K[13].a), [data] "r" (data) + : "memory" ); + + /* Round 56..59 */ + asm volatile ("movdqa %%xmm5, %%xmm0\n\t" + "paddd %[constants], %%xmm0\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "movdqa %%xmm5, %%xmm7\n\t" + "palignr $4, %%xmm4, %%xmm7\n\t" + "movdqu 1*16(%[data]), %%xmm4\n\t" + "paddd %%xmm7, %%xmm6\n\t" + "movdqa %[mask], %%xmm7\n\t" /* Reload mask */ + "sha256msg2 %%xmm5, %%xmm6\n\t" + "movdqu 2*16(%[data]), %%xmm5\n\t" + "psrldq $8, %%xmm0\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + : + : [constants] "m" (K[14].a), [mask] "m" (*bshuf_mask), + [data] "r" (data) + : "memory" ); + + /* Round 60..63 */ + asm volatile ("movdqa %%xmm6, %%xmm0\n\t" + "pshufb %%xmm7, %%xmm3\n\t" + "movdqu 3*16(%[data]), %%xmm6\n\t" + "paddd %[constants], %%xmm0\n\t" + "pshufb %%xmm7, %%xmm4\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "psrldq $8, %%xmm0\n\t" + "pshufb %%xmm7, %%xmm5\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + : + : [constants] "m" (K[15].a), [data] "r" (data) + : "memory" ); + data += 64; + + /* Merge states */ + asm volatile ("paddd (%[abef_save]), %%xmm1\n\t" + "paddd (%[cdgh_save]), %%xmm2\n\t" + "pshufb %%xmm7, %%xmm6\n\t" + : + : [abef_save] "r" (abef_save), [cdgh_save] "r" (cdgh_save) + : "memory" ); + } + while (1); + + /* Round 52..55 */ + asm volatile ("movdqa %%xmm4, %%xmm0\n\t" + "paddd %[constants], %%xmm0\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "movdqa %%xmm4, %%xmm7\n\t" + "palignr $4, %%xmm3, %%xmm7\n\t" + "paddd %%xmm7, %%xmm5\n\t" + "sha256msg2 %%xmm4, %%xmm5\n\t" + "psrldq $8, %%xmm0\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + : + : [constants] "m" (K[13].a) + : "memory" ); + + /* Round 56..59 */ + asm volatile ("movdqa %%xmm5, %%xmm0\n\t" + "paddd %[constants], %%xmm0\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "movdqa %%xmm5, %%xmm7\n\t" + "palignr $4, %%xmm4, %%xmm7\n\t" + "paddd %%xmm7, %%xmm6\n\t" + "movdqa %[mask], %%xmm7\n\t" /* Reload mask */ + "sha256msg2 %%xmm5, %%xmm6\n\t" + "psrldq $8, %%xmm0\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + : + : [constants] "m" (K[14].a), [mask] "m" (*bshuf_mask) + : "memory" ); + + /* Round 60..63 */ + asm volatile ("movdqa %%xmm6, %%xmm0\n\t" + "paddd %[constants], %%xmm0\n\t" + "sha256rnds2 %%xmm1, %%xmm2\n\t" + "psrldq $8, %%xmm0\n\t" + "sha256rnds2 %%xmm2, %%xmm1\n\t" + : + : [constants] "m" (K[15].a) + : "memory" ); + + /* Merge states */ + asm volatile ("paddd (%[abef_save]), %%xmm1\n\t" + "paddd (%[cdgh_save]), %%xmm2\n\t" + : + : [abef_save] "r" (abef_save), [cdgh_save] "r" (cdgh_save) + : "memory" ); + + /* Save state (XMM1=FEBA, XMM2=HGDC) */ + asm volatile ("movaps %%xmm1, %%xmm0\n\t" + "shufps $0x11, %%xmm2, %%xmm1\n\t" /* xmm=ABCD */ + "shufps $0xbb, %%xmm2, %%xmm0\n\t" /* xmm=EFGH */ + "movups %%xmm1, 16(%[state])\n\t" + "movups %%xmm0, 0(%[state])\n\t" + : + : [state] "r" (state) + : "memory" ); + + shaext_cleanup (abef_save, cdgh_save); + return 0; +} + +#endif /* HAVE_GCC_INLINE_ASM_SHA_EXT */ diff --git a/cipher/sha256.c b/cipher/sha256.c index d174321..cb6a860 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -75,6 +75,14 @@ # define USE_AVX2 1 #endif +/* USE_SHAEXT indicates whether to compile with Intel SHA Extension code. */ +#undef USE_SHAEXT +#if defined(HAVE_GCC_INLINE_ASM_SHAEXT) && \ + defined(HAVE_GCC_INLINE_ASM_SSE41) && \ + defined(ENABLE_SHAEXT_SUPPORT) +# define USE_SHAEXT 1 +#endif + /* USE_ARM_CE indicates whether to enable ARMv8 Crypto Extension assembly * code. */ #undef USE_ARM_CE @@ -103,6 +111,9 @@ typedef struct { #ifdef USE_AVX2 unsigned int use_avx2:1; #endif +#ifdef USE_SHAEXT + unsigned int use_shaext:1; +#endif #ifdef USE_ARM_CE unsigned int use_arm_ce:1; #endif @@ -147,6 +158,10 @@ sha256_init (void *context, unsigned int flags) #ifdef USE_AVX2 hd->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2); #endif +#ifdef USE_SHAEXT + hd->use_shaext = (features & HWF_INTEL_SHAEXT) + && (features & HWF_INTEL_SSE4_1); +#endif #ifdef USE_ARM_CE hd->use_arm_ce = (features & HWF_ARM_SHA2) != 0; #endif @@ -188,6 +203,10 @@ sha224_init (void *context, unsigned int flags) #ifdef USE_AVX2 hd->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2); #endif +#ifdef USE_SHAEXT + hd->use_shaext = (features & HWF_INTEL_SHAEXT) + && (features & HWF_INTEL_SSE4_1); +#endif #ifdef USE_ARM_CE hd->use_arm_ce = (features & HWF_ARM_SHA2) != 0; #endif @@ -350,7 +369,8 @@ transform_blk (void *ctx, const unsigned char *data) * stack to store XMM6-XMM15 needed on Win64. */ #undef ASM_FUNC_ABI #undef ASM_EXTRA_STACK -#if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_AVX2) +#if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_AVX2) || \ + defined(USE_SHAEXT) # ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS # define ASM_FUNC_ABI __attribute__((sysv_abi)) # define ASM_EXTRA_STACK (10 * 16) @@ -379,6 +399,14 @@ unsigned int _gcry_sha256_transform_amd64_avx2(const void *input_data, size_t num_blks) ASM_FUNC_ABI; #endif +#ifdef USE_SHAEXT +/* Does not need ASM_FUNC_ABI */ +unsigned int +_gcry_sha256_transform_intel_shaext(u32 state[8], + const unsigned char *input_data, + size_t num_blks); +#endif + #ifdef USE_ARM_CE unsigned int _gcry_sha256_transform_armv8_ce(u32 state[8], const void *input_data, @@ -391,27 +419,49 @@ transform (void *ctx, const unsigned char *data, size_t nblks) SHA256_CONTEXT *hd = ctx; unsigned int burn; +#ifdef USE_SHAEXT + if (hd->use_shaext) + { + burn = _gcry_sha256_transform_intel_shaext (&hd->h0, data, nblks); + burn += burn ? 4 * sizeof(void*) + ASM_EXTRA_STACK : 0; + return burn; + } +#endif + #ifdef USE_AVX2 if (hd->use_avx2) - return _gcry_sha256_transform_amd64_avx2 (data, &hd->h0, nblks) - + 4 * sizeof(void*) + ASM_EXTRA_STACK; + { + burn = _gcry_sha256_transform_amd64_avx2 (data, &hd->h0, nblks); + burn += burn ? 4 * sizeof(void*) + ASM_EXTRA_STACK : 0; + return burn; + } #endif #ifdef USE_AVX if (hd->use_avx) - return _gcry_sha256_transform_amd64_avx (data, &hd->h0, nblks) - + 4 * sizeof(void*) + ASM_EXTRA_STACK; + { + burn = _gcry_sha256_transform_amd64_avx (data, &hd->h0, nblks); + burn += burn ? 4 * sizeof(void*) + ASM_EXTRA_STACK : 0; + return burn; + } #endif #ifdef USE_SSSE3 if (hd->use_ssse3) - return _gcry_sha256_transform_amd64_ssse3 (data, &hd->h0, nblks) - + 4 * sizeof(void*) + ASM_EXTRA_STACK; + { + burn = _gcry_sha256_transform_amd64_ssse3 (data, &hd->h0, nblks); + burn += burn ? 4 * sizeof(void*) + ASM_EXTRA_STACK : 0; + return burn; + } #endif #ifdef USE_ARM_CE if (hd->use_arm_ce) - return _gcry_sha256_transform_armv8_ce (&hd->h0, data, nblks); + { + burn = _gcry_sha256_transform_armv8_ce (&hd->h0, data, nblks); + burn += burn ? 4 * sizeof(void*) : 0; + return burn; + } #endif do diff --git a/configure.ac b/configure.ac index 4ae7667..b5d7211 100644 --- a/configure.ac +++ b/configure.ac @@ -2395,6 +2395,13 @@ if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-armv8-aarch64-ce.lo" ;; esac + + case "$mpi_cpu_arch" in + x86) + # Build with the SHAEXT implementation + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha256-intel-shaext.lo" + ;; + esac fi LIST_MEMBER(sha512, $enabled_digests) commit d02958bd300d2c80bc92b1e072103e95e256b297 Author: Jussi Kivilinna Date: Tue Feb 13 20:22:41 2018 +0200 Add Intel SHA Extensions accelerated SHA1 implementation * cipher/Makefile.am: Add 'sha1-intel-shaext.c'. * cipher/sha1-intel-shaext.c: New. * cipher/sha1.c (USE_SHAEXT, _gcry_sha1_transform_intel_shaext): New. (sha1_init) [USE_SHAEXT]: Use shaext implementation is supported. (transform) [USE_SHAEXT]: Use shaext if enabled. (transform): Only add ASM_EXTRA_STACK if returned burn length is not zero. * cipher/sha1.h (SHA1_CONTEXT): Add 'use_shaext'. * configure.ac: Add 'sha1-intel-shaext.lo'. (shaextsupport, gcry_cv_gcc_inline_asm_shaext): New. * src/g10lib.h: Add HWF_INTEL_SHAEXT and reorder HWF flags. * src/hwf-x86.c (detect_x86_gnuc): Detect SHA Extensions. * src/hwfeatures.c (hwflist): Add 'intel-shaext'. -- Benchmark on Intel Celeron J3455 (1500 Mhz, no turbo): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA1 | 4.50 ns/B 211.7 MiB/s 6.76 c/B After (4.0x faster): | nanosecs/byte mebibytes/sec cycles/byte SHA1 | 1.11 ns/B 858.1 MiB/s 1.67 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 625a0ef..110a48b 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -92,6 +92,7 @@ seed.c \ serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S serpent-armv7-neon.S \ sha1.c sha1-ssse3-amd64.S sha1-avx-amd64.S sha1-avx-bmi2-amd64.S \ sha1-armv7-neon.S sha1-armv8-aarch32-ce.S sha1-armv8-aarch64-ce.S \ + sha1-intel-shaext.c \ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha256-armv8-aarch32-ce.S sha256-armv8-aarch64-ce.S \ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \ diff --git a/cipher/sha1-intel-shaext.c b/cipher/sha1-intel-shaext.c new file mode 100644 index 0000000..5a2349e --- /dev/null +++ b/cipher/sha1-intel-shaext.c @@ -0,0 +1,281 @@ +/* sha1-intel-shaext.S - SHAEXT accelerated SHA-1 transform function + * Copyright (C) 2018 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include + +#include "types.h" + +#if defined(HAVE_GCC_INLINE_ASM_SHAEXT) && \ + defined(HAVE_GCC_INLINE_ASM_SSE41) && defined(USE_SHA1) && \ + defined(ENABLE_SHAEXT_SUPPORT) + +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + +/* Two macros to be called prior and after the use of SHA-EXT + instructions. There should be no external function calls between + the use of these macros. There purpose is to make sure that the + SSE regsiters are cleared and won't reveal any information about + the key or the data. */ +#ifdef __WIN64__ +/* XMM6-XMM15 are callee-saved registers on WIN64. */ +# define shaext_prepare_variable char win64tmp[2*16] +# define shaext_prepare_variable_size sizeof(win64tmp) +# define shaext_prepare() \ + do { asm volatile ("movdqu %%xmm6, (%0)\n" \ + "movdqu %%xmm7, (%1)\n" \ + : \ + : "r" (&win64tmp[0]), "r" (&win64tmp[16]) \ + : "memory"); \ + } while (0) +# define shaext_cleanup(tmp0,tmp1) \ + do { asm volatile ("movdqu (%0), %%xmm6\n" \ + "movdqu (%1), %%xmm7\n" \ + "pxor %%xmm0, %%xmm0\n" \ + "pxor %%xmm1, %%xmm1\n" \ + "pxor %%xmm2, %%xmm2\n" \ + "pxor %%xmm3, %%xmm3\n" \ + "pxor %%xmm4, %%xmm4\n" \ + "pxor %%xmm5, %%xmm5\n" \ + "movdqa %%xmm0, (%2)\n\t" \ + "movdqa %%xmm0, (%3)\n\t" \ + : \ + : "r" (&win64tmp[0]), "r" (&win64tmp[16]), \ + "r" (tmp0), "r" (tmp1) \ + : "memory"); \ + } while (0) +#else +# define shaext_prepare_variable +# define shaext_prepare_variable_size 0 +# define shaext_prepare() do { } while (0) +# define shaext_cleanup(tmp0,tmp1) \ + do { asm volatile ("pxor %%xmm0, %%xmm0\n" \ + "pxor %%xmm1, %%xmm1\n" \ + "pxor %%xmm2, %%xmm2\n" \ + "pxor %%xmm3, %%xmm3\n" \ + "pxor %%xmm4, %%xmm4\n" \ + "pxor %%xmm5, %%xmm5\n" \ + "pxor %%xmm6, %%xmm6\n" \ + "pxor %%xmm7, %%xmm7\n" \ + "movdqa %%xmm0, (%0)\n\t" \ + "movdqa %%xmm0, (%1)\n\t" \ + : \ + : "r" (tmp0), "r" (tmp1) \ + : "memory"); \ + } while (0) +#endif + +/* + * Transform nblks*64 bytes (nblks*16 32-bit words) at DATA. + */ +unsigned int +_gcry_sha1_transform_intel_shaext(void *state, const unsigned char *data, + size_t nblks) +{ + static const unsigned char be_mask[16] __attribute__ ((aligned (16))) = + { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + char save_buf[2 * 16 + 15]; + char *abcd_save; + char *e_save; + shaext_prepare_variable; + + if (nblks == 0) + return 0; + + shaext_prepare (); + + asm volatile ("" : "=r" (abcd_save) : "0" (save_buf) : "memory"); + abcd_save = abcd_save + (-(uintptr_t)abcd_save & 15); + e_save = abcd_save + 16; + + /* byteswap mask => XMM7 */ + asm volatile ("movdqa %[mask], %%xmm7\n\t" /* Preload mask */ + : + : [mask] "m" (*be_mask) + : "memory"); + + /* Load state.. ABCD => XMM4, E => XMM5 */ + asm volatile ("movd 16(%[state]), %%xmm5\n\t" + "movdqu (%[state]), %%xmm4\n\t" + "pslldq $12, %%xmm5\n\t" + "pshufd $0x1b, %%xmm4, %%xmm4\n\t" + "movdqa %%xmm5, (%[e_save])\n\t" + "movdqa %%xmm4, (%[abcd_save])\n\t" + : + : [state] "r" (state), [abcd_save] "r" (abcd_save), + [e_save] "r" (e_save) + : "memory" ); + + /* DATA => XMM[0..4] */ + asm volatile ("movdqu 0(%[data]), %%xmm0\n\t" + "movdqu 16(%[data]), %%xmm1\n\t" + "movdqu 32(%[data]), %%xmm2\n\t" + "movdqu 48(%[data]), %%xmm3\n\t" + "pshufb %%xmm7, %%xmm0\n\t" + "pshufb %%xmm7, %%xmm1\n\t" + "pshufb %%xmm7, %%xmm2\n\t" + "pshufb %%xmm7, %%xmm3\n\t" + : + : [data] "r" (data) + : "memory" ); + data += 64; + + while (1) + { + /* Round 0..3 */ + asm volatile ("paddd %%xmm0, %%xmm5\n\t" + "movdqa %%xmm4, %%xmm6\n\t" /* ABCD => E1 */ + "sha1rnds4 $0, %%xmm5, %%xmm4\n\t" + ::: "memory" ); + + /* Round 4..7 */ + asm volatile ("sha1nexte %%xmm1, %%xmm6\n\t" + "movdqa %%xmm4, %%xmm5\n\t" + "sha1rnds4 $0, %%xmm6, %%xmm4\n\t" + "sha1msg1 %%xmm1, %%xmm0\n\t" + ::: "memory" ); + + /* Round 8..11 */ + asm volatile ("sha1nexte %%xmm2, %%xmm5\n\t" + "movdqa %%xmm4, %%xmm6\n\t" + "sha1rnds4 $0, %%xmm5, %%xmm4\n\t" + "sha1msg1 %%xmm2, %%xmm1\n\t" + "pxor %%xmm2, %%xmm0\n\t" + ::: "memory" ); + +#define ROUND(imm, E0, E1, MSG0, MSG1, MSG2, MSG3) \ + asm volatile ("sha1nexte %%"MSG0", %%"E0"\n\t" \ + "movdqa %%xmm4, %%"E1"\n\t" \ + "sha1msg2 %%"MSG0", %%"MSG1"\n\t" \ + "sha1rnds4 $"imm", %%"E0", %%xmm4\n\t" \ + "sha1msg1 %%"MSG0", %%"MSG3"\n\t" \ + "pxor %%"MSG0", %%"MSG2"\n\t" \ + ::: "memory" ) + + /* Rounds 12..15 to 64..67 */ + ROUND("0", "xmm6", "xmm5", "xmm3", "xmm0", "xmm1", "xmm2"); + ROUND("0", "xmm5", "xmm6", "xmm0", "xmm1", "xmm2", "xmm3"); + ROUND("1", "xmm6", "xmm5", "xmm1", "xmm2", "xmm3", "xmm0"); + ROUND("1", "xmm5", "xmm6", "xmm2", "xmm3", "xmm0", "xmm1"); + ROUND("1", "xmm6", "xmm5", "xmm3", "xmm0", "xmm1", "xmm2"); + ROUND("1", "xmm5", "xmm6", "xmm0", "xmm1", "xmm2", "xmm3"); + ROUND("1", "xmm6", "xmm5", "xmm1", "xmm2", "xmm3", "xmm0"); + ROUND("2", "xmm5", "xmm6", "xmm2", "xmm3", "xmm0", "xmm1"); + ROUND("2", "xmm6", "xmm5", "xmm3", "xmm0", "xmm1", "xmm2"); + ROUND("2", "xmm5", "xmm6", "xmm0", "xmm1", "xmm2", "xmm3"); + ROUND("2", "xmm6", "xmm5", "xmm1", "xmm2", "xmm3", "xmm0"); + ROUND("2", "xmm5", "xmm6", "xmm2", "xmm3", "xmm0", "xmm1"); + ROUND("3", "xmm6", "xmm5", "xmm3", "xmm0", "xmm1", "xmm2"); + ROUND("3", "xmm5", "xmm6", "xmm0", "xmm1", "xmm2", "xmm3"); + + if (--nblks == 0) + break; + + /* Round 68..71 */ + asm volatile ("movdqu 0(%[data]), %%xmm0\n\t" + "sha1nexte %%xmm1, %%xmm6\n\t" + "movdqa %%xmm4, %%xmm5\n\t" + "sha1msg2 %%xmm1, %%xmm2\n\t" + "sha1rnds4 $3, %%xmm6, %%xmm4\n\t" + "pxor %%xmm1, %%xmm3\n\t" + "pshufb %%xmm7, %%xmm0\n\t" + : + : [data] "r" (data) + : "memory" ); + + /* Round 72..75 */ + asm volatile ("movdqu 16(%[data]), %%xmm1\n\t" + "sha1nexte %%xmm2, %%xmm5\n\t" + "movdqa %%xmm4, %%xmm6\n\t" + "sha1msg2 %%xmm2, %%xmm3\n\t" + "sha1rnds4 $3, %%xmm5, %%xmm4\n\t" + "pshufb %%xmm7, %%xmm1\n\t" + : + : [data] "r" (data) + : "memory" ); + + /* Round 76..79 */ + asm volatile ("movdqu 32(%[data]), %%xmm2\n\t" + "sha1nexte %%xmm3, %%xmm6\n\t" + "movdqa %%xmm4, %%xmm5\n\t" + "sha1rnds4 $3, %%xmm6, %%xmm4\n\t" + "pshufb %%xmm7, %%xmm2\n\t" + : + : [data] "r" (data) + : "memory" ); + + /* Merge states, store current. */ + asm volatile ("movdqu 48(%[data]), %%xmm3\n\t" + "sha1nexte (%[e_save]), %%xmm5\n\t" + "paddd (%[abcd_save]), %%xmm4\n\t" + "pshufb %%xmm7, %%xmm3\n\t" + "movdqa %%xmm5, (%[e_save])\n\t" + "movdqa %%xmm4, (%[abcd_save])\n\t" + : + : [abcd_save] "r" (abcd_save), [e_save] "r" (e_save), + [data] "r" (data) + : "memory" ); + + data += 64; + } + + /* Round 68..71 */ + asm volatile ("sha1nexte %%xmm1, %%xmm6\n\t" + "movdqa %%xmm4, %%xmm5\n\t" + "sha1msg2 %%xmm1, %%xmm2\n\t" + "sha1rnds4 $3, %%xmm6, %%xmm4\n\t" + "pxor %%xmm1, %%xmm3\n\t" + ::: "memory" ); + + /* Round 72..75 */ + asm volatile ("sha1nexte %%xmm2, %%xmm5\n\t" + "movdqa %%xmm4, %%xmm6\n\t" + "sha1msg2 %%xmm2, %%xmm3\n\t" + "sha1rnds4 $3, %%xmm5, %%xmm4\n\t" + ::: "memory" ); + + /* Round 76..79 */ + asm volatile ("sha1nexte %%xmm3, %%xmm6\n\t" + "movdqa %%xmm4, %%xmm5\n\t" + "sha1rnds4 $3, %%xmm6, %%xmm4\n\t" + ::: "memory" ); + + /* Merge states. */ + asm volatile ("sha1nexte (%[e_save]), %%xmm5\n\t" + "paddd (%[abcd_save]), %%xmm4\n\t" + : + : [abcd_save] "r" (abcd_save), [e_save] "r" (e_save) + : "memory" ); + + /* Save state */ + asm volatile ("pshufd $0x1b, %%xmm4, %%xmm4\n\t" + "psrldq $12, %%xmm5\n\t" + "movdqu %%xmm4, (%[state])\n\t" + "movd %%xmm5, 16(%[state])\n\t" + : + : [state] "r" (state) + : "memory" ); + + shaext_cleanup (abcd_save, e_save); + return 0; +} + +#endif /* HAVE_GCC_INLINE_ASM_SHA_EXT */ diff --git a/cipher/sha1.c b/cipher/sha1.c index 78b172f..09868aa 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -68,6 +68,14 @@ # define USE_BMI2 1 #endif +/* USE_SHAEXT indicates whether to compile with Intel SHA Extension code. */ +#undef USE_SHAEXT +#if defined(HAVE_GCC_INLINE_ASM_SHAEXT) && \ + defined(HAVE_GCC_INLINE_ASM_SSE41) && \ + defined(ENABLE_SHAEXT_SUPPORT) +# define USE_SHAEXT 1 +#endif + /* USE_NEON indicates whether to enable ARM NEON assembly code. */ #undef USE_NEON #ifdef ENABLE_NEON_SUPPORT @@ -138,6 +146,10 @@ sha1_init (void *context, unsigned int flags) #ifdef USE_BMI2 hd->use_bmi2 = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_BMI2); #endif +#ifdef USE_SHAEXT + hd->use_shaext = (features & HWF_INTEL_SHAEXT) + && (features & HWF_INTEL_SSE4_1); +#endif #ifdef USE_NEON hd->use_neon = (features & HWF_ARM_NEON) != 0; #endif @@ -311,7 +323,8 @@ transform_blk (void *ctx, const unsigned char *data) * stack to store XMM6-XMM15 needed on Win64. */ #undef ASM_FUNC_ABI #undef ASM_EXTRA_STACK -#if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_BMI2) +#if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_BMI2) || \ + defined(USE_SHAEXT) # ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS # define ASM_FUNC_ABI __attribute__((sysv_abi)) # define ASM_EXTRA_STACK (10 * 16) @@ -340,6 +353,13 @@ _gcry_sha1_transform_amd64_avx_bmi2 (void *state, const unsigned char *data, size_t nblks) ASM_FUNC_ABI; #endif +#ifdef USE_SHAEXT +/* Does not need ASM_FUNC_ABI */ +unsigned int +_gcry_sha1_transform_intel_shaext (void *state, const unsigned char *data, + size_t nblks); +#endif + static unsigned int transform (void *ctx, const unsigned char *data, size_t nblks) @@ -347,29 +367,53 @@ transform (void *ctx, const unsigned char *data, size_t nblks) SHA1_CONTEXT *hd = ctx; unsigned int burn; +#ifdef USE_SHAEXT + if (hd->use_shaext) + { + burn = _gcry_sha1_transform_intel_shaext (&hd->h0, data, nblks); + burn += burn ? 4 * sizeof(void*) + ASM_EXTRA_STACK : 0; + return burn; + } +#endif #ifdef USE_BMI2 if (hd->use_bmi2) - return _gcry_sha1_transform_amd64_avx_bmi2 (&hd->h0, data, nblks) - + 4 * sizeof(void*) + ASM_EXTRA_STACK; + { + burn = _gcry_sha1_transform_amd64_avx_bmi2 (&hd->h0, data, nblks); + burn += burn ? 4 * sizeof(void*) + ASM_EXTRA_STACK : 0; + return burn; + } #endif #ifdef USE_AVX if (hd->use_avx) - return _gcry_sha1_transform_amd64_avx (&hd->h0, data, nblks) - + 4 * sizeof(void*) + ASM_EXTRA_STACK; + { + burn = _gcry_sha1_transform_amd64_avx (&hd->h0, data, nblks); + burn += burn ? 4 * sizeof(void*) + ASM_EXTRA_STACK : 0; + return burn; + } #endif #ifdef USE_SSSE3 if (hd->use_ssse3) - return _gcry_sha1_transform_amd64_ssse3 (&hd->h0, data, nblks) - + 4 * sizeof(void*) + ASM_EXTRA_STACK; + { + burn = _gcry_sha1_transform_amd64_ssse3 (&hd->h0, data, nblks); + burn += burn ? 4 * sizeof(void*) + ASM_EXTRA_STACK : 0; + return burn; + } #endif #ifdef USE_ARM_CE if (hd->use_arm_ce) - return _gcry_sha1_transform_armv8_ce (&hd->h0, data, nblks); + { + burn = _gcry_sha1_transform_armv8_ce (&hd->h0, data, nblks); + burn += burn ? 4 * sizeof(void*) : 0; + return burn; + } #endif #ifdef USE_NEON if (hd->use_neon) - return _gcry_sha1_transform_armv7_neon (&hd->h0, data, nblks) - + 4 * sizeof(void*); + { + burn = _gcry_sha1_transform_armv7_neon (&hd->h0, data, nblks); + burn += burn ? 4 * sizeof(void*) : 0; + return burn; + } #endif do diff --git a/cipher/sha1.h b/cipher/sha1.h index d448fca..93ce79b 100644 --- a/cipher/sha1.h +++ b/cipher/sha1.h @@ -29,6 +29,7 @@ typedef struct unsigned int use_ssse3:1; unsigned int use_avx:1; unsigned int use_bmi2:1; + unsigned int use_shaext:1; unsigned int use_neon:1; unsigned int use_arm_ce:1; } SHA1_CONTEXT; diff --git a/configure.ac b/configure.ac index 305b19f..4ae7667 100644 --- a/configure.ac +++ b/configure.ac @@ -588,6 +588,14 @@ AC_ARG_ENABLE(aesni-support, aesnisupport=$enableval,aesnisupport=yes) AC_MSG_RESULT($aesnisupport) +# Implementation of the --disable-shaext-support switch. +AC_MSG_CHECKING([whether SHAEXT support is requested]) +AC_ARG_ENABLE(shaext-support, + AC_HELP_STRING([--disable-shaext-support], + [Disable support for the Intel SHAEXT instructions]), + shaextsupport=$enableval,shaextsupport=yes) +AC_MSG_RESULT($shaextsupport) + # Implementation of the --disable-pclmul-support switch. AC_MSG_CHECKING([whether PCLMUL support is requested]) AC_ARG_ENABLE(pclmul-support, @@ -1175,6 +1183,7 @@ AM_CONDITIONAL(MPI_MOD_C_UDIV_QRNND, test "$mpi_mod_c_udiv_qrnnd" = yes) # Reset non applicable feature flags. if test "$mpi_cpu_arch" != "x86" ; then aesnisupport="n/a" + shaextsupport="n/a" pclmulsupport="n/a" sse41support="n/a" avxsupport="n/a" @@ -1329,6 +1338,34 @@ if test "$gcry_cv_gcc_inline_asm_pclmul" = "yes" ; then [Defined if inline assembler supports PCLMUL instructions]) fi + +# +# Check whether GCC inline assembler supports SHA Extensions instructions. +# +AC_CACHE_CHECK([whether GCC inline assembler supports SHA Extensions instructions], + [gcry_cv_gcc_inline_asm_shaext], + [if test "$mpi_cpu_arch" != "x86" ; then + gcry_cv_gcc_inline_asm_shaext="n/a" + else + gcry_cv_gcc_inline_asm_shaext=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[void a(void) { + __asm__("sha1rnds4 \$0, %%xmm1, %%xmm3\n\t":::"cc"); + __asm__("sha1nexte %%xmm1, %%xmm3\n\t":::"cc"); + __asm__("sha1msg1 %%xmm1, %%xmm3\n\t":::"cc"); + __asm__("sha1msg2 %%xmm1, %%xmm3\n\t":::"cc"); + __asm__("sha256rnds2 %%xmm0, %%xmm1, %%xmm3\n\t":::"cc"); + __asm__("sha256msg1 %%xmm1, %%xmm3\n\t":::"cc"); + __asm__("sha256msg2 %%xmm1, %%xmm3\n\t":::"cc"); + }]])], + [gcry_cv_gcc_inline_asm_shaext=yes]) + fi]) +if test "$gcry_cv_gcc_inline_asm_shaext" = "yes" ; then + AC_DEFINE(HAVE_GCC_INLINE_ASM_SHAEXT,1, + [Defined if inline assembler supports SHA Extensions instructions]) +fi + + # # Check whether GCC inline assembler supports SSE4.1 instructions. # @@ -1921,6 +1958,11 @@ if test x"$aesnisupport" = xyes ; then aesnisupport="no (unsupported by compiler)" fi fi +if test x"$shaextsupport" = xyes ; then + if test "$gcry_cv_gcc_inline_asm_shaext" != "yes" ; then + shaextsupport="no (unsupported by compiler)" + fi +fi if test x"$pclmulsupport" = xyes ; then if test "$gcry_cv_gcc_inline_asm_pclmul" != "yes" ; then pclmulsupport="no (unsupported by compiler)" @@ -1960,6 +2002,10 @@ if test x"$aesnisupport" = xyes ; then AC_DEFINE(ENABLE_AESNI_SUPPORT, 1, [Enable support for Intel AES-NI instructions.]) fi +if test x"$shaextsupport" = xyes ; then + AC_DEFINE(ENABLE_SHAEXT_SUPPORT, 1, + [Enable support for Intel SHAEXT instructions.]) +fi if test x"$pclmulsupport" = xyes ; then AC_DEFINE(ENABLE_PCLMUL_SUPPORT, 1, [Enable support for Intel PCLMUL instructions.]) @@ -2449,6 +2495,13 @@ case "${host}" in ;; esac +case "$mpi_cpu_arch" in + x86) + # Build with the SHAEXT implementation + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha1-intel-shaext.lo" + ;; +esac + LIST_MEMBER(sm3, $enabled_digests) if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS sm3.lo" @@ -2634,6 +2687,7 @@ GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport]) GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities]) GCRY_MSG_SHOW([Try using Padlock crypto: ],[$padlocksupport]) GCRY_MSG_SHOW([Try using AES-NI crypto: ],[$aesnisupport]) +GCRY_MSG_SHOW([Try using Intel SHAEXT: ],[$shaextsupport]) GCRY_MSG_SHOW([Try using Intel PCLMUL: ],[$pclmulsupport]) GCRY_MSG_SHOW([Try using Intel SSE4.1: ],[$sse41support]) GCRY_MSG_SHOW([Try using DRNG (RDRAND): ],[$drngsupport]) diff --git a/src/g10lib.h b/src/g10lib.h index 961b515..d41fa0c 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -224,14 +224,14 @@ char **_gcry_strtokenize (const char *string, const char *delim); #define HWF_INTEL_AVX (1 << 12) #define HWF_INTEL_AVX2 (1 << 13) #define HWF_INTEL_FAST_VPGATHER (1 << 14) - -#define HWF_ARM_NEON (1 << 15) -#define HWF_ARM_AES (1 << 16) -#define HWF_ARM_SHA1 (1 << 17) -#define HWF_ARM_SHA2 (1 << 18) -#define HWF_ARM_PMULL (1 << 19) - -#define HWF_INTEL_RDTSC (1 << 20) +#define HWF_INTEL_RDTSC (1 << 15) +#define HWF_INTEL_SHAEXT (1 << 16) + +#define HWF_ARM_NEON (1 << 17) +#define HWF_ARM_AES (1 << 18) +#define HWF_ARM_SHA1 (1 << 19) +#define HWF_ARM_SHA2 (1 << 20) +#define HWF_ARM_PMULL (1 << 21) diff --git a/src/hwf-x86.c b/src/hwf-x86.c index 0d3a1f4..b644eda 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -357,6 +357,10 @@ detect_x86_gnuc (void) if ((result & HWF_INTEL_AVX2) && !avoid_vpgather) result |= HWF_INTEL_FAST_VPGATHER; #endif /*ENABLE_AVX_SUPPORT*/ + + /* Test bit 29 for SHA Extensions. */ + if (features & (1 << 29)) + result |= HWF_INTEL_SHAEXT; } return result; diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 1cad546..e081669 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -58,6 +58,7 @@ static struct { HWF_INTEL_AVX2, "intel-avx2" }, { HWF_INTEL_FAST_VPGATHER, "intel-fast-vpgather" }, { HWF_INTEL_RDTSC, "intel-rdtsc" }, + { HWF_INTEL_SHAEXT, "intel-shaext" }, { HWF_ARM_NEON, "arm-neon" }, { HWF_ARM_AES, "arm-aes" }, { HWF_ARM_SHA1, "arm-sha1" }, commit da58a62ac1b7a8d97b0895dcb41d15af531e45e5 Author: Jussi Kivilinna Date: Thu Feb 8 19:45:10 2018 +0200 AVX implementation of BLAKE2s * cipher/Makefile.am: Add 'blake2s-amd64-avx.S'. * cipher/blake2.c (USE_AVX, _gry_blake2s_transform_amd64_avx): New. (BLAKE2S_CONTEXT) [USE_AVX]: Add 'use_avx'. (blake2s_transform): Rename to ... (blake2s_transform_generic): ... this. (blake2s_transform): New. (blake2s_final): Pass 'ctx' pointer to transform function instead of 'S'. (blake2s_init_ctx): Check HW features and enable AVX implementation if supported. * cipher/blake2s-amd64-avx.S: New. * configure.ac: Add 'blake2s-amd64-avx.lo'. -- Benchmark on Intel Core i7-4790K (4.0 Ghz, no turbo): Before: | nanosecs/byte mebibytes/sec cycles/byte BLAKE2S_256 | 1.77 ns/B 538.2 MiB/s 7.09 c/B After (~1.3x faster): | nanosecs/byte mebibytes/sec cycles/byte BLAKE2S_256 | 1.34 ns/B 711.4 MiB/s 5.36 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index b0ee158..625a0ef 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -107,7 +107,7 @@ rfc2268.c \ camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \ camellia-aesni-avx2-amd64.S camellia-arm.S camellia-aarch64.S \ blake2.c \ - blake2b-amd64-avx2.S + blake2b-amd64-avx2.S blake2s-amd64-avx.S gost28147.lo: gost-sb.h gost-sb.h: gost-s-box diff --git a/cipher/blake2.c b/cipher/blake2.c index f830c79..0f7494f 100644 --- a/cipher/blake2.c +++ b/cipher/blake2.c @@ -30,6 +30,14 @@ #include "cipher.h" #include "hash-common.h" +/* USE_AVX indicates whether to compile with Intel AVX code. */ +#undef USE_AVX +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) +# define USE_AVX 1 +#endif + /* USE_AVX2 indicates whether to compile with Intel AVX2 code. */ #undef USE_AVX2 #if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX2) && \ @@ -121,6 +129,9 @@ typedef struct BLAKE2S_CONTEXT_S byte buf[BLAKE2S_BLOCKBYTES]; size_t buflen; size_t outlen; +#ifdef USE_AVX + unsigned int use_avx:1; +#endif } BLAKE2S_CONTEXT; typedef unsigned int (*blake2_transform_t)(void *S, const void *inblk, @@ -479,8 +490,9 @@ static inline void blake2s_increment_counter(BLAKE2S_STATE *S, const int inc) S->t[1] += (S->t[0] < (u32)inc) - (inc < 0); } -static unsigned int blake2s_transform(void *vS, const void *inblks, - size_t nblks) +static unsigned int blake2s_transform_generic(BLAKE2S_STATE *S, + const void *inblks, + size_t nblks) { static const byte blake2s_sigma[10][16] = { @@ -495,7 +507,6 @@ static unsigned int blake2s_transform(void *vS, const void *inblks, { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 }, }; - BLAKE2S_STATE *S = vS; unsigned int burn = 0; const byte* in = inblks; u32 m[16]; @@ -594,6 +605,33 @@ static unsigned int blake2s_transform(void *vS, const void *inblks, return burn; } +#ifdef USE_AVX +unsigned int _gcry_blake2s_transform_amd64_avx(BLAKE2S_STATE *S, + const void *inblks, + size_t nblks) ASM_FUNC_ABI; +#endif + +static unsigned int blake2s_transform(void *ctx, const void *inblks, + size_t nblks) +{ + BLAKE2S_CONTEXT *c = ctx; + unsigned int nburn; + + if (0) + {} +#ifdef USE_AVX + if (c->use_avx) + nburn = _gcry_blake2s_transform_amd64_avx(&c->state, inblks, nblks); +#endif + else + nburn = blake2s_transform_generic(&c->state, inblks, nblks); + + if (nburn) + nburn += ASM_EXTRA_STACK; + + return nburn; +} + static void blake2s_final(void *ctx) { BLAKE2S_CONTEXT *c = ctx; @@ -609,7 +647,7 @@ static void blake2s_final(void *ctx) memset (c->buf + c->buflen, 0, BLAKE2S_BLOCKBYTES - c->buflen); /* Padding */ blake2s_set_lastblock (S); blake2s_increment_counter (S, (int)c->buflen - BLAKE2S_BLOCKBYTES); - burn = blake2s_transform (S, c->buf, 1); + burn = blake2s_transform (ctx, c->buf, 1); /* Output full hash to buffer */ for (i = 0; i < 8; ++i) @@ -685,11 +723,17 @@ static gcry_err_code_t blake2s_init_ctx(void *ctx, unsigned int flags, unsigned int dbits) { BLAKE2S_CONTEXT *c = ctx; + unsigned int features = _gcry_get_hw_features (); + (void)features; (void)flags; memset (c, 0, sizeof (*c)); +#ifdef USE_AVX + c->use_avx = !!(features & HWF_INTEL_AVX); +#endif + c->outlen = dbits / 8; c->buflen = 0; return blake2s_init(c, key, keylen); diff --git a/cipher/blake2s-amd64-avx.S b/cipher/blake2s-amd64-avx.S new file mode 100644 index 0000000..f7312db --- /dev/null +++ b/cipher/blake2s-amd64-avx.S @@ -0,0 +1,276 @@ +/* blake2s-amd64-avx.S - AVX implementation of BLAKE2s + * + * Copyright (C) 2018 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* The code is based on public-domain/CC0 BLAKE2 reference implementation + * by Samual Neves, at https://github.com/BLAKE2/BLAKE2/tree/master/sse + * Copyright 2012, Samuel Neves + */ + +#ifdef __x86_64 +#include +#if defined(HAVE_GCC_INLINE_ASM_AVX) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) + +#include "asm-common-amd64.h" + +.text + +/* register macros */ +#define RSTATE %rdi +#define RINBLKS %rsi +#define RNBLKS %rdx +#define RIV %rcx + +/* state structure */ +#define STATE_H 0 +#define STATE_T (STATE_H + 8 * 4) +#define STATE_F (STATE_T + 2 * 4) + +/* vector registers */ +#define ROW1 %xmm0 +#define ROW2 %xmm1 +#define ROW3 %xmm2 +#define ROW4 %xmm3 +#define TMP1 %xmm4 +#define TMP1x %xmm4 +#define R16 %xmm5 +#define R8 %xmm6 + +#define MA1 %xmm8 +#define MA2 %xmm9 +#define MA3 %xmm10 +#define MA4 %xmm11 + +#define MB1 %xmm12 +#define MB2 %xmm13 +#define MB3 %xmm14 +#define MB4 %xmm15 + +/********************************************************************** + blake2s/AVX + **********************************************************************/ + +#define GATHER_MSG(m1, m2, m3, m4, \ + s0, s1, s2, s3, s4, s5, s6, s7, s8, \ + s9, s10, s11, s12, s13, s14, s15) \ + vmovd (s0)*4(RINBLKS), m1; \ + vmovd (s1)*4(RINBLKS), m2; \ + vmovd (s8)*4(RINBLKS), m3; \ + vmovd (s9)*4(RINBLKS), m4; \ + vpinsrd $1, (s2)*4(RINBLKS), m1, m1; \ + vpinsrd $1, (s3)*4(RINBLKS), m2, m2; \ + vpinsrd $1, (s10)*4(RINBLKS), m3, m3; \ + vpinsrd $1, (s11)*4(RINBLKS), m4, m4; \ + vpinsrd $2, (s4)*4(RINBLKS), m1, m1; \ + vpinsrd $2, (s5)*4(RINBLKS), m2, m2; \ + vpinsrd $2, (s12)*4(RINBLKS), m3, m3; \ + vpinsrd $2, (s13)*4(RINBLKS), m4, m4; \ + vpinsrd $3, (s6)*4(RINBLKS), m1, m1; \ + vpinsrd $3, (s7)*4(RINBLKS), m2, m2; \ + vpinsrd $3, (s14)*4(RINBLKS), m3, m3; \ + vpinsrd $3, (s15)*4(RINBLKS), m4, m4; + +#define LOAD_MSG_0(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15) +#define LOAD_MSG_1(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3) +#define LOAD_MSG_2(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4) +#define LOAD_MSG_3(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8) +#define LOAD_MSG_4(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13) +#define LOAD_MSG_5(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9) +#define LOAD_MSG_6(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11) +#define LOAD_MSG_7(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10) +#define LOAD_MSG_8(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5) +#define LOAD_MSG_9(m1, m2, m3, m4) \ + GATHER_MSG(m1, m2, m3, m4, \ + 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0) + +#define LOAD_MSG(r, m1, m2, m3, m4) LOAD_MSG_##r(m1, m2, m3, m4) + +#define ROR_16(in, out) vpshufb R16, in, out; + +#define ROR_8(in, out) vpshufb R8, in, out; + +#define ROR_12(in, out) \ + vpsrld $12, in, TMP1; \ + vpslld $(32 - 12), in, out; \ + vpxor TMP1, out, out; + +#define ROR_7(in, out) \ + vpsrld $7, in, TMP1; \ + vpslld $(32 - 7), in, out; \ + vpxor TMP1, out, out; + +#define G(r1, r2, r3, r4, m, ROR_A, ROR_B) \ + vpaddd m, r1, r1; \ + vpaddd r2, r1, r1; \ + vpxor r1, r4, r4; \ + ROR_A(r4, r4); \ + vpaddd r4, r3, r3; \ + vpxor r3, r2, r2; \ + ROR_B(r2, r2); + +#define G1(r1, r2, r3, r4, m) \ + G(r1, r2, r3, r4, m, ROR_16, ROR_12); + +#define G2(r1, r2, r3, r4, m) \ + G(r1, r2, r3, r4, m, ROR_8, ROR_7); + +#define MM_SHUFFLE(z,y,x,w) \ + (((z) << 6) | ((y) << 4) | ((x) << 2) | (w)) + +#define DIAGONALIZE(r1, r2, r3, r4) \ + vpshufd $MM_SHUFFLE(0,3,2,1), r2, r2; \ + vpshufd $MM_SHUFFLE(1,0,3,2), r3, r3; \ + vpshufd $MM_SHUFFLE(2,1,0,3), r4, r4; + +#define UNDIAGONALIZE(r1, r2, r3, r4) \ + vpshufd $MM_SHUFFLE(2,1,0,3), r2, r2; \ + vpshufd $MM_SHUFFLE(1,0,3,2), r3, r3; \ + vpshufd $MM_SHUFFLE(0,3,2,1), r4, r4; + +#define ROUND(r, m1, m2, m3, m4) \ + G1(ROW1, ROW2, ROW3, ROW4, m1); \ + G2(ROW1, ROW2, ROW3, ROW4, m2); \ + DIAGONALIZE(ROW1, ROW2, ROW3, ROW4); \ + G1(ROW1, ROW2, ROW3, ROW4, m3); \ + G2(ROW1, ROW2, ROW3, ROW4, m4); \ + UNDIAGONALIZE(ROW1, ROW2, ROW3, ROW4); + +blake2s_data: +.align 16 +.Liv: + .long 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A + .long 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 +.Lshuf_ror16: + .byte 2,3,0,1,6,7,4,5,10,11,8,9,14,15,12,13 +.Lshuf_ror8: + .byte 1,2,3,0,5,6,7,4,9,10,11,8,13,14,15,12 + +.align 64 +.globl _gcry_blake2s_transform_amd64_avx +ELF(.type _gcry_blake2s_transform_amd64_avx, at function;) + +_gcry_blake2s_transform_amd64_avx: + /* input: + * %rdi: state + * %rsi: blks + * %rdx: num_blks + */ + + vzeroupper; + + addq $64, (STATE_T + 0)(RSTATE); + + vmovdqa .Lshuf_ror16 (RIP), R16; + vmovdqa .Lshuf_ror8 (RIP), R8; + + vmovdqa .Liv+(0 * 4) (RIP), ROW3; + vmovdqa .Liv+(4 * 4) (RIP), ROW4; + + vmovdqu (STATE_H + 0 * 4)(RSTATE), ROW1; + vmovdqu (STATE_H + 4 * 4)(RSTATE), ROW2; + + vpxor (STATE_T)(RSTATE), ROW4, ROW4; + + LOAD_MSG(0, MA1, MA2, MA3, MA4); + LOAD_MSG(1, MB1, MB2, MB3, MB4); + +.Loop: + ROUND(0, MA1, MA2, MA3, MA4); + LOAD_MSG(2, MA1, MA2, MA3, MA4); + ROUND(1, MB1, MB2, MB3, MB4); + LOAD_MSG(3, MB1, MB2, MB3, MB4); + ROUND(2, MA1, MA2, MA3, MA4); + LOAD_MSG(4, MA1, MA2, MA3, MA4); + ROUND(3, MB1, MB2, MB3, MB4); + LOAD_MSG(5, MB1, MB2, MB3, MB4); + ROUND(4, MA1, MA2, MA3, MA4); + LOAD_MSG(6, MA1, MA2, MA3, MA4); + ROUND(5, MB1, MB2, MB3, MB4); + LOAD_MSG(7, MB1, MB2, MB3, MB4); + ROUND(6, MA1, MA2, MA3, MA4); + LOAD_MSG(8, MA1, MA2, MA3, MA4); + ROUND(7, MB1, MB2, MB3, MB4); + LOAD_MSG(9, MB1, MB2, MB3, MB4); + sub $1, RNBLKS; + jz .Loop_end; + + lea 64(RINBLKS), RINBLKS; + addq $64, (STATE_T + 0)(RSTATE); + + ROUND(8, MA1, MA2, MA3, MA4); + LOAD_MSG(0, MA1, MA2, MA3, MA4); + ROUND(9, MB1, MB2, MB3, MB4); + LOAD_MSG(1, MB1, MB2, MB3, MB4); + + vpxor ROW3, ROW1, ROW1; + vpxor ROW4, ROW2, ROW2; + + vmovdqa .Liv+(0 * 4) (RIP), ROW3; + vmovdqa .Liv+(4 * 4) (RIP), ROW4; + + vpxor (STATE_H + 0 * 4)(RSTATE), ROW1, ROW1; + vpxor (STATE_H + 4 * 4)(RSTATE), ROW2, ROW2; + + vmovdqu ROW1, (STATE_H + 0 * 4)(RSTATE); + vmovdqu ROW2, (STATE_H + 4 * 4)(RSTATE); + + vpxor (STATE_T)(RSTATE), ROW4, ROW4; + + jmp .Loop; + +.Loop_end: + ROUND(8, MA1, MA2, MA3, MA4); + ROUND(9, MB1, MB2, MB3, MB4); + + vpxor ROW3, ROW1, ROW1; + vpxor ROW4, ROW2, ROW2; + vpxor (STATE_H + 0 * 4)(RSTATE), ROW1, ROW1; + vpxor (STATE_H + 4 * 4)(RSTATE), ROW2, ROW2; + + vmovdqu ROW1, (STATE_H + 0 * 4)(RSTATE); + vmovdqu ROW2, (STATE_H + 4 * 4)(RSTATE); + + xor %eax, %eax; + vzeroall; + ret; +ELF(.size _gcry_blake2s_transform_amd64_avx, + .-_gcry_blake2s_transform_amd64_avx;) + +#endif /*defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS)*/ +#endif /*__x86_64*/ diff --git a/configure.ac b/configure.ac index 300c520..305b19f 100644 --- a/configure.ac +++ b/configure.ac @@ -2421,6 +2421,7 @@ if test "$found" = "1" ; then x86_64-*-*) # Build with the assembly implementation GCRYPT_DIGESTS="$GCRYPT_DIGESTS blake2b-amd64-avx2.lo" + GCRYPT_DIGESTS="$GCRYPT_DIGESTS blake2s-amd64-avx.lo" ;; esac fi commit af7fc732f9a7af7a70276f1e8364d2132db314f1 Author: Jussi Kivilinna Date: Sun Jan 14 16:48:17 2018 +0200 AVX2 implementation of BLAKE2b * cipher/Makefile.am: Add 'blake2b-amd64-avx2.S'. * cipher/blake2.c (USE_AVX2, ASM_FUNC_ABI, ASM_EXTRA_STACK) (_gry_blake2b_transform_amd64_avx2): New. (BLAKE2B_CONTEXT) [USE_AVX2]: Add 'use_avx2'. (blake2b_transform): Rename to ... (blake2b_transform_generic): ... this. (blake2b_transform): New. (blake2b_final): Pass 'ctx' pointer to transform function instead of 'S'. (blake2b_init_ctx): Check HW features and enable AVX2 implementation if supported. * cipher/blake2b-amd64-avx2.S: New. * configure.ac: Add 'blake2b-amd64-avx2.lo'. -- Benchmark on Intel Core i7-4790K (4.0 Ghz, no turbo): Before: | nanosecs/byte mebibytes/sec cycles/byte BLAKE2B_512 | 1.07 ns/B 887.8 MiB/s 4.30 c/B After (~1.4x faster): | nanosecs/byte mebibytes/sec cycles/byte BLAKE2B_512 | 0.771 ns/B 1236.8 MiB/s 3.08 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 6e6c5ac..b0ee158 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -106,7 +106,8 @@ twofish.c twofish-amd64.S twofish-arm.S twofish-aarch64.S \ rfc2268.c \ camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \ camellia-aesni-avx2-amd64.S camellia-arm.S camellia-aarch64.S \ -blake2.c +blake2.c \ + blake2b-amd64-avx2.S gost28147.lo: gost-sb.h gost-sb.h: gost-s-box diff --git a/cipher/blake2.c b/cipher/blake2.c index 0e4cf9b..f830c79 100644 --- a/cipher/blake2.c +++ b/cipher/blake2.c @@ -30,6 +30,26 @@ #include "cipher.h" #include "hash-common.h" +/* USE_AVX2 indicates whether to compile with Intel AVX2 code. */ +#undef USE_AVX2 +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX2) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) +# define USE_AVX2 1 +#endif + +/* AMD64 assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#undef ASM_FUNC_ABI +#undef ASM_EXTRA_STACK +#if defined(USE_AVX2) && defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS) +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# define ASM_EXTRA_STACK (10 * 16) +#else +# define ASM_FUNC_ABI +# define ASM_EXTRA_STACK 0 +#endif + #define BLAKE2B_BLOCKBYTES 128 #define BLAKE2B_OUTBYTES 64 #define BLAKE2B_KEYBYTES 64 @@ -67,6 +87,9 @@ typedef struct BLAKE2B_CONTEXT_S byte buf[BLAKE2B_BLOCKBYTES]; size_t buflen; size_t outlen; +#ifdef USE_AVX2 + unsigned int use_avx2:1; +#endif } BLAKE2B_CONTEXT; typedef struct @@ -188,8 +211,9 @@ static inline u64 rotr64(u64 x, u64 n) return ((x >> (n & 63)) | (x << ((64 - n) & 63))); } -static unsigned int blake2b_transform(void *vS, const void *inblks, - size_t nblks) +static unsigned int blake2b_transform_generic(BLAKE2B_STATE *S, + const void *inblks, + size_t nblks) { static const byte blake2b_sigma[12][16] = { @@ -206,7 +230,6 @@ static unsigned int blake2b_transform(void *vS, const void *inblks, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } }; - BLAKE2B_STATE *S = vS; const byte* in = inblks; u64 m[16]; u64 v[16]; @@ -306,6 +329,33 @@ static unsigned int blake2b_transform(void *vS, const void *inblks, return sizeof(void *) * 4 + sizeof(u64) * 16 * 2; } +#ifdef USE_AVX2 +unsigned int _gcry_blake2b_transform_amd64_avx2(BLAKE2B_STATE *S, + const void *inblks, + size_t nblks) ASM_FUNC_ABI; +#endif + +static unsigned int blake2b_transform(void *ctx, const void *inblks, + size_t nblks) +{ + BLAKE2B_CONTEXT *c = ctx; + unsigned int nburn; + + if (0) + {} +#ifdef USE_AVX2 + if (c->use_avx2) + nburn = _gcry_blake2b_transform_amd64_avx2(&c->state, inblks, nblks); +#endif + else + nburn = blake2b_transform_generic(&c->state, inblks, nblks); + + if (nburn) + nburn += ASM_EXTRA_STACK; + + return nburn; +} + static void blake2b_final(void *ctx) { BLAKE2B_CONTEXT *c = ctx; @@ -321,7 +371,7 @@ static void blake2b_final(void *ctx) memset (c->buf + c->buflen, 0, BLAKE2B_BLOCKBYTES - c->buflen); /* Padding */ blake2b_set_lastblock (S); blake2b_increment_counter (S, (int)c->buflen - BLAKE2B_BLOCKBYTES); - burn = blake2b_transform (S, c->buf, 1); + burn = blake2b_transform (ctx, c->buf, 1); /* Output full hash to buffer */ for (i = 0; i < 8; ++i) @@ -397,11 +447,17 @@ static gcry_err_code_t blake2b_init_ctx(void *ctx, unsigned int flags, unsigned int dbits) { BLAKE2B_CONTEXT *c = ctx; + unsigned int features = _gcry_get_hw_features (); + (void)features; (void)flags; memset (c, 0, sizeof (*c)); +#ifdef USE_AVX2 + c->use_avx2 = !!(features & HWF_INTEL_AVX2); +#endif + c->outlen = dbits / 8; c->buflen = 0; return blake2b_init(c, key, keylen); diff --git a/cipher/blake2b-amd64-avx2.S b/cipher/blake2b-amd64-avx2.S new file mode 100644 index 0000000..6bcc565 --- /dev/null +++ b/cipher/blake2b-amd64-avx2.S @@ -0,0 +1,298 @@ +/* blake2b-amd64-avx2.S - AVX2 implementation of BLAKE2b + * + * Copyright (C) 2018 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +/* The code is based on public-domain/CC0 BLAKE2 reference implementation + * by Samual Neves, at https://github.com/BLAKE2/BLAKE2/tree/master/sse + * Copyright 2012, Samuel Neves + */ + +#ifdef __x86_64 +#include +#if defined(HAVE_GCC_INLINE_ASM_AVX2) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) + +#include "asm-common-amd64.h" + +.text + +/* register macros */ +#define RSTATE %rdi +#define RINBLKS %rsi +#define RNBLKS %rdx +#define RIV %rcx + +/* state structure */ +#define STATE_H 0 +#define STATE_T (STATE_H + 8 * 8) +#define STATE_F (STATE_T + 2 * 8) + +/* vector registers */ +#define ROW1 %ymm0 +#define ROW2 %ymm1 +#define ROW3 %ymm2 +#define ROW4 %ymm3 +#define TMP1 %ymm4 +#define TMP1x %xmm4 +#define R16 %ymm5 +#define R24 %ymm6 + +#define MA1 %ymm8 +#define MA2 %ymm9 +#define MA3 %ymm10 +#define MA4 %ymm11 +#define MA1x %xmm8 +#define MA2x %xmm9 +#define MA3x %xmm10 +#define MA4x %xmm11 + +#define MB1 %ymm12 +#define MB2 %ymm13 +#define MB3 %ymm14 +#define MB4 %ymm15 +#define MB1x %xmm12 +#define MB2x %xmm13 +#define MB3x %xmm14 +#define MB4x %xmm15 + +/********************************************************************** + blake2b/AVX2 + **********************************************************************/ + +#define GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + s0, s1, s2, s3, s4, s5, s6, s7, s8, \ + s9, s10, s11, s12, s13, s14, s15) \ + vmovq (s0)*8(RINBLKS), m1x; \ + vmovq (s4)*8(RINBLKS), TMP1x; \ + vpinsrq $1, (s2)*8(RINBLKS), m1x, m1x; \ + vpinsrq $1, (s6)*8(RINBLKS), TMP1x, TMP1x; \ + vinserti128 $1, TMP1x, m1, m1; \ + vmovq (s1)*8(RINBLKS), m2x; \ + vmovq (s5)*8(RINBLKS), TMP1x; \ + vpinsrq $1, (s3)*8(RINBLKS), m2x, m2x; \ + vpinsrq $1, (s7)*8(RINBLKS), TMP1x, TMP1x; \ + vinserti128 $1, TMP1x, m2, m2; \ + vmovq (s8)*8(RINBLKS), m3x; \ + vmovq (s12)*8(RINBLKS), TMP1x; \ + vpinsrq $1, (s10)*8(RINBLKS), m3x, m3x; \ + vpinsrq $1, (s14)*8(RINBLKS), TMP1x, TMP1x; \ + vinserti128 $1, TMP1x, m3, m3; \ + vmovq (s9)*8(RINBLKS), m4x; \ + vmovq (s13)*8(RINBLKS), TMP1x; \ + vpinsrq $1, (s11)*8(RINBLKS), m4x, m4x; \ + vpinsrq $1, (s15)*8(RINBLKS), TMP1x, TMP1x; \ + vinserti128 $1, TMP1x, m4, m4; + +#define LOAD_MSG_0(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15) +#define LOAD_MSG_1(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3) +#define LOAD_MSG_2(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4) +#define LOAD_MSG_3(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8) +#define LOAD_MSG_4(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13) +#define LOAD_MSG_5(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9) +#define LOAD_MSG_6(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11) +#define LOAD_MSG_7(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10) +#define LOAD_MSG_8(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5) +#define LOAD_MSG_9(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + GATHER_MSG(m1, m2, m3, m4, m1x, m2x, m3x, m4x, \ + 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0) +#define LOAD_MSG_10(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + LOAD_MSG_0(m1, m2, m3, m4, m1x, m2x, m3x, m4x) +#define LOAD_MSG_11(m1, m2, m3, m4, m1x, m2x, m3x, m4x) \ + LOAD_MSG_1(m1, m2, m3, m4, m1x, m2x, m3x, m4x) + +#define LOAD_MSG(r, m1, m2, m3, m4) \ + LOAD_MSG_##r(m1, m2, m3, m4, m1##x, m2##x, m3##x, m4##x) + +#define ROR_32(in, out) vpshufd $0xb1, in, out; + +#define ROR_24(in, out) vpshufb R24, in, out; + +#define ROR_16(in, out) vpshufb R16, in, out; + +#define ROR_63(in, out) \ + vpsrlq $63, in, TMP1; \ + vpaddq in, in, out; \ + vpxor TMP1, out, out; + +#define G(r1, r2, r3, r4, m, ROR_A, ROR_B) \ + vpaddq m, r1, r1; \ + vpaddq r2, r1, r1; \ + vpxor r1, r4, r4; \ + ROR_A(r4, r4); \ + vpaddq r4, r3, r3; \ + vpxor r3, r2, r2; \ + ROR_B(r2, r2); + +#define G1(r1, r2, r3, r4, m) \ + G(r1, r2, r3, r4, m, ROR_32, ROR_24); + +#define G2(r1, r2, r3, r4, m) \ + G(r1, r2, r3, r4, m, ROR_16, ROR_63); + +#define MM_SHUFFLE(z,y,x,w) \ + (((z) << 6) | ((y) << 4) | ((x) << 2) | (w)) + +#define DIAGONALIZE(r1, r2, r3, r4) \ + vpermq $MM_SHUFFLE(0,3,2,1), r2, r2; \ + vpermq $MM_SHUFFLE(1,0,3,2), r3, r3; \ + vpermq $MM_SHUFFLE(2,1,0,3), r4, r4; + +#define UNDIAGONALIZE(r1, r2, r3, r4) \ + vpermq $MM_SHUFFLE(2,1,0,3), r2, r2; \ + vpermq $MM_SHUFFLE(1,0,3,2), r3, r3; \ + vpermq $MM_SHUFFLE(0,3,2,1), r4, r4; + +#define ROUND(r, m1, m2, m3, m4) \ + G1(ROW1, ROW2, ROW3, ROW4, m1); \ + G2(ROW1, ROW2, ROW3, ROW4, m2); \ + DIAGONALIZE(ROW1, ROW2, ROW3, ROW4); \ + G1(ROW1, ROW2, ROW3, ROW4, m3); \ + G2(ROW1, ROW2, ROW3, ROW4, m4); \ + UNDIAGONALIZE(ROW1, ROW2, ROW3, ROW4); + +blake2b_data: +.align 32 +.Liv: + .quad 0x6a09e667f3bcc908, 0xbb67ae8584caa73b + .quad 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1 + .quad 0x510e527fade682d1, 0x9b05688c2b3e6c1f + .quad 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179 +.Lshuf_ror16: + .byte 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9 +.Lshuf_ror24: + .byte 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10 + +.align 64 +.globl _gcry_blake2b_transform_amd64_avx2 +ELF(.type _gcry_blake2b_transform_amd64_avx2, at function;) + +_gcry_blake2b_transform_amd64_avx2: + /* input: + * %rdi: state + * %rsi: blks + * %rdx: num_blks + */ + + vzeroupper; + + addq $128, (STATE_T + 0)(RSTATE); + adcq $0, (STATE_T + 8)(RSTATE); + + vbroadcasti128 .Lshuf_ror16 (RIP), R16; + vbroadcasti128 .Lshuf_ror24 (RIP), R24; + + vmovdqa .Liv+(0 * 8) (RIP), ROW3; + vmovdqa .Liv+(4 * 8) (RIP), ROW4; + + vmovdqu (STATE_H + 0 * 8)(RSTATE), ROW1; + vmovdqu (STATE_H + 4 * 8)(RSTATE), ROW2; + + vpxor (STATE_T)(RSTATE), ROW4, ROW4; + + LOAD_MSG(0, MA1, MA2, MA3, MA4); + LOAD_MSG(1, MB1, MB2, MB3, MB4); + +.Loop: + ROUND(0, MA1, MA2, MA3, MA4); + LOAD_MSG(2, MA1, MA2, MA3, MA4); + ROUND(1, MB1, MB2, MB3, MB4); + LOAD_MSG(3, MB1, MB2, MB3, MB4); + ROUND(2, MA1, MA2, MA3, MA4); + LOAD_MSG(4, MA1, MA2, MA3, MA4); + ROUND(3, MB1, MB2, MB3, MB4); + LOAD_MSG(5, MB1, MB2, MB3, MB4); + ROUND(4, MA1, MA2, MA3, MA4); + LOAD_MSG(6, MA1, MA2, MA3, MA4); + ROUND(5, MB1, MB2, MB3, MB4); + LOAD_MSG(7, MB1, MB2, MB3, MB4); + ROUND(6, MA1, MA2, MA3, MA4); + LOAD_MSG(8, MA1, MA2, MA3, MA4); + ROUND(7, MB1, MB2, MB3, MB4); + LOAD_MSG(9, MB1, MB2, MB3, MB4); + ROUND(8, MA1, MA2, MA3, MA4); + LOAD_MSG(10, MA1, MA2, MA3, MA4); + ROUND(9, MB1, MB2, MB3, MB4); + LOAD_MSG(11, MB1, MB2, MB3, MB4); + sub $1, RNBLKS; + jz .Loop_end; + + lea 128(RINBLKS), RINBLKS; + addq $128, (STATE_T + 0)(RSTATE); + adcq $0, (STATE_T + 8)(RSTATE); + + ROUND(10, MA1, MA2, MA3, MA4); + LOAD_MSG(0, MA1, MA2, MA3, MA4); + ROUND(11, MB1, MB2, MB3, MB4); + LOAD_MSG(1, MB1, MB2, MB3, MB4); + + vpxor ROW3, ROW1, ROW1; + vpxor ROW4, ROW2, ROW2; + + vmovdqa .Liv+(0 * 8) (RIP), ROW3; + vmovdqa .Liv+(4 * 8) (RIP), ROW4; + + vpxor (STATE_H + 0 * 8)(RSTATE), ROW1, ROW1; + vpxor (STATE_H + 4 * 8)(RSTATE), ROW2, ROW2; + + vmovdqu ROW1, (STATE_H + 0 * 8)(RSTATE); + vmovdqu ROW2, (STATE_H + 4 * 8)(RSTATE); + + vpxor (STATE_T)(RSTATE), ROW4, ROW4; + + jmp .Loop; + +.Loop_end: + ROUND(10, MA1, MA2, MA3, MA4); + ROUND(11, MB1, MB2, MB3, MB4); + + vpxor ROW3, ROW1, ROW1; + vpxor ROW4, ROW2, ROW2; + vpxor (STATE_H + 0 * 8)(RSTATE), ROW1, ROW1; + vpxor (STATE_H + 4 * 8)(RSTATE), ROW2, ROW2; + + vmovdqu ROW1, (STATE_H + 0 * 8)(RSTATE); + vmovdqu ROW2, (STATE_H + 4 * 8)(RSTATE); + + xor %eax, %eax; + vzeroall; + ret; +ELF(.size _gcry_blake2b_transform_amd64_avx2, + .-_gcry_blake2b_transform_amd64_avx2;) + +#endif /*defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS)*/ +#endif /*__x86_64*/ diff --git a/configure.ac b/configure.ac index aaf3c82..300c520 100644 --- a/configure.ac +++ b/configure.ac @@ -2416,6 +2416,13 @@ LIST_MEMBER(blake2, $enabled_digests) if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS blake2.lo" AC_DEFINE(USE_BLAKE2, 1, [Defined if this module should be included]) + + case "${host}" in + x86_64-*-*) + # Build with the assembly implementation + GCRYPT_DIGESTS="$GCRYPT_DIGESTS blake2b-amd64-avx2.lo" + ;; + esac fi # SHA-1 needs to be included always for example because it is used by ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 6 +- cipher/blake2.c | 116 +++++++++++++- cipher/blake2b-amd64-avx2.S | 298 ++++++++++++++++++++++++++++++++++++ cipher/blake2s-amd64-avx.S | 276 +++++++++++++++++++++++++++++++++ cipher/sha1-intel-shaext.c | 281 ++++++++++++++++++++++++++++++++++ cipher/sha1.c | 64 ++++++-- cipher/sha1.h | 1 + cipher/sha256-intel-shaext.c | 352 +++++++++++++++++++++++++++++++++++++++++++ cipher/sha256.c | 66 +++++++- configure.ac | 69 +++++++++ src/g10lib.h | 16 +- src/hwf-x86.c | 4 + src/hwfeatures.c | 1 + 13 files changed, 1514 insertions(+), 36 deletions(-) create mode 100644 cipher/blake2b-amd64-avx2.S create mode 100644 cipher/blake2s-amd64-avx.S create mode 100644 cipher/sha1-intel-shaext.c create mode 100644 cipher/sha256-intel-shaext.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 19 10:57:18 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 19 Feb 2018 10:57:18 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-28-g7b928c2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 7b928c256426c4ff3d2d883c163a9ff2afa221a6 (commit) from 5e3679ae395e7a7e44f218f07bbe487429f1b279 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7b928c256426c4ff3d2d883c163a9ff2afa221a6 Author: Werner Koch Date: Mon Feb 19 10:51:27 2018 +0100 speedo: Add new option STATIC=1 -- This can be used to build GnuPG with static versions of the core gnupg libraries. For example: make -f build-aux/speedo.mk STATIC=1 SELFCHECK=0 \ INSTALL_PREFIX=/somewhere/gnupg22 native The SELFCHECK=0 is only needed to build from a non-released version. You don't need it with a released tarball. Signed-off-by: Werner Koch diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 2b3b72b..ce338dd 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -63,6 +63,7 @@ help: @echo 'You may append INSTALL_PREFIX=

for native builds.' @echo 'Prepend TARGET with "git-" to build from GIT repos.' @echo 'Prepend TARGET with "this-" to build from the source tarball.' + @echo 'Use STATIC=1 to build with statically linked libraries.' @echo 'Use SELFCHECK=0 for a non-released version.' @echo 'Use CUSTOM_SWDB=1 for an already downloaded swdb.lst.' @@ -140,6 +141,9 @@ UPD_SWDB=0 # Set to 0 to skip the GnuPG version self-check SELFCHECK=1 +# Set to 1 to build with statically linked libraries. +STATIC=0 + # Set to the location of the directory with tarballs of # external packages. TARBALLS=$(shell pwd)/../tarballs @@ -208,8 +212,10 @@ speedo_spkgs += \ endif endif +ifeq ($(STATIC),0) speedo_spkgs += \ gpgme +endif ifeq ($(TARGETOS),w32) ifeq ($(WITH_GUI),1) @@ -461,6 +467,8 @@ speedo_pkg_gtk__tar = $(pkg2rep)/gtk+-$(gtk__ver).tar.xz # Package build options # +speedo_pkg_npth_configure = --enable-static + speedo_pkg_libgpg_error_configure = --enable-static speedo_pkg_w64_libgpg_error_configure = --enable-static @@ -471,8 +479,23 @@ speedo_pkg_libgcrypt_configure = --disable-static speedo_pkg_libksba_configure = --disable-static +speedo_pkg_ntbtls_configure = --enable-static + + +ifeq ($(STATIC),1) +speedo_pkg_npth_configure += --disable-shared + +speedo_pkg_libgpg_error_configure += --disable-shared + +speedo_pkg_libassuan_configure += --disable-shared + +speedo_pkg_libgcrypt_configure += --disable-shared + +speedo_pkg_libksba_configure += --disable-shared +endif + # For now we build ntbtls only static -speedo_pkg_ntbtls_configure = --enable-static --disable-shared +speedo_pkg_ntbtls_configure = --disable-shared ifeq ($(TARGETOS),w32) speedo_pkg_gnupg_configure = \ ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 19 17:15:26 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Mon, 19 Feb 2018 17:15:26 +0100 Subject: [git] GPGME - branch, ben/python-docs-01, updated. gpgme-1.10.0-34-g272a8e7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, ben/python-docs-01 has been updated via 272a8e778a959cb24298f488e77fce9bffd23b7a (commit) via c82b17c6ce490738efb07186532e752e6f70ea07 (commit) via ea481d4bb9e6197fbc195187d1362b844e2cba2e (commit) via 1ae3ead2cd854258954e784bf51f03822321aefe (commit) via fe4f3edd70949329cb992dd963de2de3c86dcd81 (commit) from fb16eaa685fe488f12f4df9b59d1f3689c813034 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 272a8e778a959cb24298f488e77fce9bffd23b7a Author: Ben McGinnes Date: Tue Feb 20 03:13:42 2018 +1100 Renaming ad infinitum ... * Dropped the .txt from the end of the file ... diff --git a/lang/python/README.txt b/lang/python/README similarity index 100% rename from lang/python/README.txt rename to lang/python/README commit c82b17c6ce490738efb07186532e752e6f70ea07 Author: Ben McGinnes Date: Tue Feb 20 03:11:50 2018 +1100 Text conversion * Exported from Org Mode to UTF-8 text. * Removed my name from just under the title. diff --git a/lang/python/README.txt b/lang/python/README.txt new file mode 100644 index 0000000..49e8820 --- /dev/null +++ b/lang/python/README.txt @@ -0,0 +1,77 @@ + ????????????????????????????????? + GPG - GPGME BINDINGS FOR PYTHON + ????????????????????????????????? + + +Table of Contents +????????????????? + +1 Mailing List +2 Bugs +3 Authors +4 History + + +The "gpg" module is a python interface to the GPGME library: +[https://www.gnupg.org/related_software/gpgme/] + +"gpg" offers two interfaces, one is a high-level, curated, and idiomatic +interface that is implemented as a shim on top of the low-level +interface automatically created using SWIG. + +This way we make simple things easy, while still providing the entire +functionality of the underlying library. + + +1 Mailing List +?????????????? + + For general discussion and help see the gnupg-users mailing list: + [https://lists.gnupg.org/mailman/listinfo/gnupg-users] + + For development see the gnupg-devel mailing list: + [https://lists.gnupg.org/mailman/listinfo/gnupg-devel] + + +2 Bugs +?????? + + Please report bugs using our bug tracker using the category 'gpgme', + and topic 'python': [https://bugs.gnupg.org/gnupg/] + + +3 Authors +????????? + + PyME was created by John Goerzen, and maintained, developed, and + cherished by Igor Belyi, Martin Albrecht, Ben McGinnes, and everyone + who contributed to it in any way. + + In 2016 we merged a port of PyME to into the GPGME repository, and + development will continue there. Please see the VCS history for the + list of contributors, and if you do find bugs, or want to contribute, + please get in touch and help maintain the python gpg bindings. + + Please see the section 'History' further down this document for + references to previous versions. + + +4 History +????????? + + ? The python bindings were renamed from PyME to "gpg" in 2016. + + ? The bindings have been merged into the GPGME repository in 2016. + + ? The latest version of PyME for Python 3.2 and above (as of May, + 2015) is v0.9.1. [https://git.gnupg.org/gpgme.git/lang/py3-pyme] + + ? The latest version of PyME for Python 2.6 and 2.7 (as of this + writing) is v0.9.0. [https://bitbucket.org/malb/pyme] + + ? A previous version of PyME v0.8.0 can be found on sourceforge: + [http://pyme.sourceforge.net/] + + ? A previous version of PyME v0.5.1 which works with GPGME v0.3.15 can + be found on John Goerzen's PyME page: [http://quux.org/devel/pyme/] + [http://www.complete.org/JohnGoerzen] commit ea481d4bb9e6197fbc195187d1362b844e2cba2e Author: Ben McGinnes Date: Tue Feb 20 03:11:02 2018 +1100 Title fix * Fixed title. diff --git a/lang/python/README.org b/lang/python/README.org index 9339bf8..22e7d1f 100644 --- a/lang/python/README.org +++ b/lang/python/README.org @@ -1,4 +1,4 @@ -#+TITLE gpg - GPGME bindings for Python +#+TITLE: gpg - GPGME bindings for Python The "gpg" module is a python interface to the GPGME library: commit 1ae3ead2cd854258954e784bf51f03822321aefe Author: Ben McGinnes Date: Tue Feb 20 02:51:02 2018 +1100 Conflict with Phabricator files * The developers of Phabricator, the web front-end on dev.gnupg.org have not implemented renderers for Markdown, Org-Mode or any other common markdown like language. * They also refuse to do so. * Instead they re-invented the wheel and implemented their own version of Markdown-like thing which is incompatible with everything else. It is called Remarkup. * The developers of Phabricator and Remarkup have refused to provide conversion tools to move files to/from any format to/from Remarkup. * They expect everyone to learn their new favourite pet project. * Remarkup may or may not display Org Mode files, but if so then it is likely to only want to do so as plain text. * There is an unaffiliated and unofficial project to convert Github Markdown to Remarkup via Pandoc. This might be adapted for our use, but requires testing. * Until then exporting from Org Mode to UTF-8 text is likely the least worst plan. * Which means renaming this file to README.org first. diff --git a/lang/python/README b/lang/python/README.org similarity index 100% rename from lang/python/README rename to lang/python/README.org commit fe4f3edd70949329cb992dd963de2de3c86dcd81 Author: Ben McGinnes Date: Tue Feb 20 02:45:44 2018 +1100 Schizophrenic file types * Removed Markdown style heading underlining. * Removed in-line file type declaration (which is not correctly parsed by the web interface on dev.gnupg.org). diff --git a/lang/python/README b/lang/python/README index 6a2e8b8..9339bf8 100644 --- a/lang/python/README +++ b/lang/python/README @@ -1,5 +1,5 @@ -gpg - GPGME bindings for Python -*- org -*- -======================= +#+TITLE gpg - GPGME bindings for Python + The "gpg" module is a python interface to the GPGME library: https://www.gnupg.org/related_software/gpgme/ ----------------------------------------------------------------------- Summary of changes: lang/python/README | 94 ++++++++++++++++++++++---------------- lang/python/{README => README.org} | 4 +- 2 files changed, 57 insertions(+), 41 deletions(-) copy lang/python/{README => README.org} (95%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 20 02:59:48 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 20 Feb 2018 02:59:48 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.5.1-2-g0ad3aaf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 0ad3aafe2c02cdff21e10a59de56b8a2f9532be3 (commit) from 9d7ac1e7deb750cf70d78b9298db9a8a60b62a43 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0ad3aafe2c02cdff21e10a59de56b8a2f9532be3 Author: NIIBE Yutaka Date: Tue Feb 20 10:48:52 2018 +0900 Better credential support for other OSes. * configure.ac (HAVE_UCRED_H, HAVE_SYS_UCRED_H): Check these headers unconditionally. (HAVE_SO_PEERCRED, HAVE_LOCAL_PEEREID): Remove. (HAVE_STRUCT_SOCKPEERCRED_PID): New. (HAVE_GETPEEREID): New. * src/assuan-socket-server.c (accept_connection_bottom): Add support for OpenBSD, macOS, and FreeBSD. -- Code in gpg-agent/command-ssh.c are integrated. Signed-off-by: NIIBE Yutaka diff --git a/configure.ac b/configure.ac index e824b39..d37f07f 100644 --- a/configure.ac +++ b/configure.ac @@ -319,7 +319,7 @@ AC_SUBST(LIBASSUAN_CONFIG_EXTRA_LIBS) AC_HEADER_STDC AC_CHECK_HEADERS([string.h locale.h sys/uio.h stdint.h inttypes.h \ sys/types.h sys/stat.h unistd.h sys/time.h fcntl.h \ - sys/select.h ]) + sys/select.h ucred.h sys/ucred.h]) AC_TYPE_UINTPTR_T AC_TYPE_UINT16_T @@ -421,48 +421,16 @@ AC_REPLACE_FUNCS(setenv) # -# Check for the getsockopt SO_PEERCRED +# Check for the getsockopt SO_PEERCRED, etc. # -AC_MSG_CHECKING(for SO_PEERCRED) -AC_CACHE_VAL(assuan_cv_sys_so_peercred, - [AC_TRY_COMPILE([#include ], - [struct ucred cr; - int cl = sizeof cr; - getsockopt (1, SOL_SOCKET, SO_PEERCRED, &cr, &cl);], - assuan_cv_sys_so_peercred=yes, - assuan_cv_sys_so_peercred=no) - ]) -AC_MSG_RESULT($assuan_cv_sys_so_peercred) +AC_CHECK_MEMBER(struct sockpeercred.pid, [], [], [#include +#include ]) -if test $assuan_cv_sys_so_peercred = yes; then - AC_DEFINE(HAVE_SO_PEERCRED, 1, - [Defined if SO_PEERCRED is supported (Linux specific)]) -else - # Check for the getsockopt LOCAL_PEEREID (NetBSD) - AC_MSG_CHECKING(for LOCAL_PEEREID) - AC_CACHE_VAL(assuan_cv_sys_so_local_peereid, - [AC_TRY_COMPILE([#include - #include ], - [struct unpcbid unp; - int unpl = sizeof unp; - getsockopt (1, SOL_SOCKET, LOCAL_PEEREID, &unp, &unpl);], - assuan_cv_sys_so_local_peereid=yes, - assuan_cv_sys_so_local_peereid=no) - ]) - AC_MSG_RESULT($assuan_cv_sys_so_local_peereid) - - if test $assuan_cv_sys_so_local_peereid = yes; then - AC_DEFINE(HAVE_LOCAL_PEEREID, 1, - [Defined if LOCAL_PEEREID is supported (NetBSD specific)]) - else - # (Open)Solaris - AC_CHECK_FUNCS([getpeerucred], AC_CHECK_HEADERS([ucred.h])) - if test $ac_cv_func_getpeerucred != yes; then - # FreeBSD - AC_CHECK_FUNCS([getpeereid]) - fi - fi -fi +# (Open)Solaris +AC_CHECK_FUNCS([getpeerucred]) + +# FreeBSD +AC_CHECK_FUNCS([getpeereid]) # diff --git a/src/assuan-socket-server.c b/src/assuan-socket-server.c index a5b7fd7..4e255c2 100644 --- a/src/assuan-socket-server.c +++ b/src/assuan-socket-server.c @@ -31,9 +31,6 @@ #ifdef HAVE_SYS_TYPES_H # include #endif -#ifdef HAVE_UCRED_H -#include -#endif #ifdef HAVE_W32_SYSTEM # ifdef HAVE_WINSOCK2_H # include @@ -48,6 +45,12 @@ # include # include #endif +#ifdef HAVE_SYS_UCRED_H +#include +#endif +#ifdef HAVE_UCRED_H +#include +#endif #include "debug.h" #include "assuan-defs.h" @@ -60,60 +63,87 @@ accept_connection_bottom (assuan_context_t ctx) TRACE (ctx, ASSUAN_LOG_SYSIO, "accept_connection_bottom", ctx); ctx->peercred_valid = 0; -#ifdef HAVE_SO_PEERCRED +#ifdef SO_PEERCRED { - struct ucred cr; +#ifdef HAVE_STRUCT_SOCKPEERCRED_PID + struct sockpeercred cr; /* OpenBSD */ +#else + struct ucred cr; /* GNU/Linux */ +#endif socklen_t cl = sizeof cr; - if ( !getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl)) + if (!getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl)) { - ctx->peercred.pid = cr.pid; - ctx->peercred.uid = cr.uid; - ctx->peercred.gid = cr.gid; - ctx->peercred_valid = 1; - - /* This overrides any already set PID if the function returns - a valid one. */ - if (cr.pid != ASSUAN_INVALID_PID && cr.pid) - ctx->pid = cr.pid; + ctx->peercred_valid = 1; + ctx->peercred.pid = cr.pid; + ctx->peercred.uid = cr.uid; + ctx->peercred.gid = cr.gid; } } -#elif defined (HAVE_GETPEERUCRED) - { - ucred_t *ucred = NULL; +#elif defined (LOCAL_PEERPID) + { /* macOS */ + socklen_t len = sizeof (pid_t); - if (getpeerucred (fd, &ucred) != -1) + if (!getsockopt (fd, SOL_LOCAL, LOCAL_PEERPID, &ctx->peercred.pid, &len)) { - ctx->peercred.uid = ucred_geteuid (ucred); - ctx->peercred.gid = ucred_getegid (ucred); - ctx->peercred.pid = ucred_getpid (ucred); - ctx->peercred_valid = 1; - ucred_free (ucred); + ctx->peercred_valid = 1; + +#if defined (LOCAL_PEERCRED) + { + struct xucred cr; + len = sizeof (struct xucred); + + if (!getsockopt (fd, SOL_LOCAL, LOCAL_PEERCRED, &cr, &len)) + { + ctx->peercred.uid = cr.cr_uid; + ctx->peercred.gid = cr.cr_gid; + } + } +#endif } } -#elif defined (HAVE_LOCAL_PEEREID) - { +#elif defined (LOCAL_PEEREID) + { /* NetBSD */ struct unpcbid unp; socklen_t unpl = sizeof unp; if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1) + { + ctx->peercred_valid = 1; + ctx->peercred.pid = unp.unp_pid; + ctx->peercred.uid = unp.unp_euid; + ctx->peercred.gid = unp.unp_egid; + } + } +#elif defined (HAVE_GETPEERUCRED) + { /* Solaris */ + ucred_t *ucred = NULL; + + if (getpeerucred (fd, &ucred) != -1) { - ctx->peercred.pid = unp.unp_pid; - ctx->peercred.uid = unp.unp_euid; - ctx->peercred.gid = unp.unp_egid; - ctx->peercred_valid = 1; + ctx->peercred_valid = 1; + ctx->peercred.pid = ucred_getpid (ucred); + ctx->peercred.uid = ucred_geteuid (ucred); + ctx->peercred.gid = ucred_getegid (ucred); + + ucred_free (ucred); } } #elif defined(HAVE_GETPEEREID) - { + { /* FreeBSD */ if (getpeereid (fd, &ctx->peercred.uid, &ctx->peercred.gid) != -1) { - ctx->peercred.pid = ASSUAN_INVALID_PID; - ctx->peercred_valid = 1; + ctx->peercred_valid = 1; + ctx->peercred.pid = ASSUAN_INVALID_PID; } } #endif + /* This overrides any already set PID if the function returns + a valid one. */ + if (ctx->peercred_valid && ctx->peercred.pid != ASSUAN_INVALID_PID) + ctx->pid = ctx->peercred.pid; + ctx->inbound.fd = fd; ctx->inbound.eof = 0; ctx->inbound.linelen = 0; ----------------------------------------------------------------------- Summary of changes: configure.ac | 50 +++++------------------- src/assuan-socket-server.c | 96 ++++++++++++++++++++++++++++++---------------- 2 files changed, 72 insertions(+), 74 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 20 09:05:53 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 20 Feb 2018 09:05:53 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-30-g1877603 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 1877603761911ea5b1c15f4aef11a2cf86a8682c (commit) via fffefd3c98dfcd2c75c7572c4e6fb32b73de5978 (commit) from 7b928c256426c4ff3d2d883c163a9ff2afa221a6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1877603761911ea5b1c15f4aef11a2cf86a8682c Author: Werner Koch Date: Tue Feb 20 09:00:00 2018 +0100 wks: Support alternative submission address. * tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'. * tools/wks-util.c (wks_parse_policy): Parse that field. (wks_free_policy): New. * tools/gpg-wks-client.c (command_send): Also try to take the submission-address from the policy file. Free POLICY. * tools/gpg-wks-server.c (process_new_key): Free POLICYBUF. (command_list_domains): Free POLICY. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 73a8a1f..b86491e 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -782,27 +782,19 @@ command_send (const char *fingerprint, const char *userid) err = 0; } else - err = wkd_get_submission_address (addrspec, &submission_to); - if (err) - { - log_error (_("error looking up submission address for domain '%s': %s\n"), - domain, gpg_strerror (err)); - if (gpg_err_code (err) == GPG_ERR_NO_DATA) - log_error (_("this domain probably doesn't support WKS.\n")); - goto leave; - } - log_info ("submitting request to '%s'\n", submission_to); - - /* Get the policy flags. */ - if (!fake_submission_addr) { + /* We first try to get the submission address from the policy + * file (this is the new method). If both are available we + * check that they match and print a warning if not. In the + * latter case we keep on using the one from the + * submission-address file. */ estream_t mbuf; err = wkd_get_policy_flags (addrspec, &mbuf); if (err && gpg_err_code (err) != GPG_ERR_NO_DATA) { log_error ("error reading policy flags for '%s': %s\n", - submission_to, gpg_strerror (err)); + domain, gpg_strerror (err)); goto leave; } if (mbuf) @@ -812,8 +804,35 @@ command_send (const char *fingerprint, const char *userid) if (err) goto leave; } + + err = wkd_get_submission_address (addrspec, &submission_to); + if (err && !policy.submission_address) + { + log_error (_("error looking up submission address for domain '%s'" + ": %s\n"), domain, gpg_strerror (err)); + if (gpg_err_code (err) == GPG_ERR_NO_DATA) + log_error (_("this domain probably doesn't support WKS.\n")); + goto leave; + } + + if (submission_to && policy.submission_address + && ascii_strcasecmp (submission_to, policy.submission_address)) + log_info ("Warning: different submission addresses (sa=%s, po=%s)\n", + submission_to, policy.submission_address); + + if (!submission_to) + { + submission_to = xtrystrdup (policy.submission_address); + if (!submission_to) + { + err = gpg_error_from_syserror (); + goto leave; + } + } } + log_info ("submitting request to '%s'\n", submission_to); + if (policy.auth_submit) log_info ("no confirmation required for '%s'\n", addrspec); @@ -1002,6 +1021,7 @@ command_send (const char *fingerprint, const char *userid) free_uidinfo_list (uidlist); es_fclose (keyenc); es_fclose (key); + wks_free_policy (&policy); xfree (addrspec); return err; } diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 0b1d642..008c266 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -1135,6 +1135,8 @@ process_new_key (server_ctx_t ctx, estream_t key) char *fname = NULL; struct policy_flags_s policybuf; + memset (&policybuf, 0, sizeof policybuf); + /* First figure out the user id from the key. */ xfree (ctx->fpr); free_uidinfo_list (ctx->mboxes); @@ -1206,6 +1208,7 @@ process_new_key (server_ctx_t ctx, estream_t key) xfree (nonce); xfree (fname); xfree (dname); + wks_free_policy (&policybuf); return err; } @@ -1897,6 +1900,7 @@ command_list_domains (void) if (!memcmp (&empty_policy, &policy, sizeof policy)) log_error ("domain %s: empty policy file\n", domain); } + wks_free_policy (&policy); } diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h index ece7add..1522b72 100644 --- a/tools/gpg-wks.h +++ b/tools/gpg-wks.h @@ -60,6 +60,7 @@ struct /* The parsed policy flags. */ struct policy_flags_s { + char *submission_address; unsigned int mailbox_only : 1; unsigned int dane_only : 1; unsigned int auth_submit : 1; @@ -92,6 +93,7 @@ gpg_error_t wks_filter_uid (estream_t *r_newkey, estream_t key, gpg_error_t wks_send_mime (mime_maker_t mime); gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown); +void wks_free_policy (policy_flags_t policy); /*-- wks-receive.c --*/ diff --git a/tools/wks-util.c b/tools/wks-util.c index 889ca36..9c0f489 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -443,6 +443,7 @@ gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown) { enum tokens { + TOK_SUBMISSION_ADDRESS, TOK_MAILBOX_ONLY, TOK_DANE_ONLY, TOK_AUTH_SUBMIT, @@ -453,6 +454,7 @@ wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown) const char *name; enum tokens token; } keywords[] = { + { "submission-address", TOK_SUBMISSION_ADDRESS }, { "mailbox-only", TOK_MAILBOX_ONLY }, { "dane-only", TOK_DANE_ONLY }, { "auth-submit", TOK_AUTH_SUBMIT }, @@ -519,6 +521,20 @@ wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown) switch (keywords[i].token) { + case TOK_SUBMISSION_ADDRESS: + if (!value || !*value) + { + err = gpg_error (GPG_ERR_SYNTAX); + goto leave; + } + xfree (flags->submission_address); + flags->submission_address = xtrystrdup (value); + if (!flags->submission_address) + { + err = gpg_error_from_syserror (); + goto leave; + } + break; case TOK_MAILBOX_ONLY: flags->mailbox_only = 1; break; case TOK_DANE_ONLY: flags->dane_only = 1; break; case TOK_AUTH_SUBMIT: flags->auth_submit = 1; break; @@ -553,3 +569,14 @@ wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown) return err; } + + +void +wks_free_policy (policy_flags_t policy) +{ + if (policy) + { + xfree (policy->submission_address); + memset (policy, 0, sizeof *policy); + } +} commit fffefd3c98dfcd2c75c7572c4e6fb32b73de5978 Author: Werner Koch Date: Tue Feb 20 08:57:28 2018 +0100 speedo: Use --enable-wks-tools for non-W32 builds. -- Signed-off-by: Werner Koch diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index ce338dd..320d440 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -502,7 +502,7 @@ speedo_pkg_gnupg_configure = \ --disable-g13 --enable-ntbtls \ --enable-build-timestamp else -speedo_pkg_gnupg_configure = --disable-g13 +speedo_pkg_gnupg_configure = --disable-g13 --enable-wks-tools endif speedo_pkg_gnupg_extracflags = -g ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 2 +- tools/gpg-wks-client.c | 48 ++++++++++++++++++++++++++++++++++-------------- tools/gpg-wks-server.c | 4 ++++ tools/gpg-wks.h | 2 ++ tools/wks-util.c | 27 +++++++++++++++++++++++++++ 5 files changed, 68 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 20 09:07:14 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 20 Feb 2018 09:07:14 +0100 Subject: [git] gnupg-doc - branch, master, updated. d63d03e1289246239448dfcac77218d5e38439f4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d63d03e1289246239448dfcac77218d5e38439f4 (commit) from 2a64c8aae45257527c6c838f8e5e9737f1414fd8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d63d03e1289246239448dfcac77218d5e38439f4 Author: Werner Koch Date: Tue Feb 20 09:01:17 2018 +0100 drafts,openpgp-webkey-service: Add alternative submission-address. Signed-off-by: Werner Koch diff --git a/misc/id/openpgp-webkey-service/draft.org b/misc/id/openpgp-webkey-service/draft.org index 7d3c740..a57ddfc 100644 --- a/misc/id/openpgp-webkey-service/draft.org +++ b/misc/id/openpgp-webkey-service/draft.org @@ -456,6 +456,11 @@ Currently defined keywords are: the workaround. The value is an integer corresponding to the respective draft revision number. +- submission-address :: An alternative way to specify the submission + address. The value is the addr-spec part of the address to send + requests to this server. If this keyword is used in addition to + the =submission-address= file, both MUST have the same value. + # Fixme: Add a protocol-version value for the final RFC. ----------------------------------------------------------------------- Summary of changes: misc/id/openpgp-webkey-service/draft.org | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 20 11:52:00 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 20 Feb 2018 11:52:00 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-31-gee47485 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via ee474856ec16ff11d922d8503fb3ede77129c4aa (commit) from 1877603761911ea5b1c15f4aef11a2cf86a8682c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ee474856ec16ff11d922d8503fb3ede77129c4aa Author: Werner Koch Date: Tue Feb 20 11:45:58 2018 +0100 wks: Implement server command --install-key. * tools/wks-util.c (wks_filter_uid): Add arg 'binary'. * tools/gpg-wks-server.c (main): Expect 2 args for --install-key. (write_to_file): New. (check_and_publish): Factor some code out to ... (compute_hu_fname): ... new. (command_install_key): Implement. Signed-off-by: Werner Koch diff --git a/doc/wks.texi b/doc/wks.texi index 7f7d515..2960c67 100644 --- a/doc/wks.texi +++ b/doc/wks.texi @@ -181,6 +181,7 @@ Display a brief help page and exit. .RI [ options ] .B \-\-install-key .I file +.I user-id .br .B gpg-wks-server .RI [ options ] @@ -221,14 +222,17 @@ the process returns failure; to suppress the diagnostic, use option @option{-q}. More than one user-id can be given; see also option @option{with-file}. +The command @option{--install-key} manually installs a key into the +WKD. The arguments are a file with the keyblock and the user-id to +install. + The command @option{--remove-key} uninstalls a key from the WKD. The -process return success in this case; to also print a diagnostic, use -option @option{-v}. If the key is not installed a diagnostics is +process returns success in this case; to also print a diagnostic, use +option @option{-v}. If the key is not installed a diagnostic is printed and the process returns failure; to suppress the diagnostic, use option @option{-q}. -The commands @option{--install-key} and @option{--revoke-key} are not -yet functional. +The command @option{--revoke-key} is not yet functional. @mansect options diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index b86491e..3b19c76 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -872,7 +872,7 @@ command_send (const char *fingerprint, const char *userid) estream_t newkey; es_rewind (key); - err = wks_filter_uid (&newkey, key, thisuid->uid); + err = wks_filter_uid (&newkey, key, thisuid->uid, 0); if (err) { log_error ("error filtering key: %s\n", gpg_strerror (err)); diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 008c266..e2b8306 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -1,5 +1,5 @@ /* gpg-wks-server.c - A server for the Web Key Service protocols. - * Copyright (C) 2016 Werner Koch + * Copyright (C) 2016, 2018 Werner Koch * Copyright (C) 2016 Bundesamt f?r Sicherheit in der Informationstechnik * * This file is part of GnuPG. @@ -20,7 +20,7 @@ /* The Web Key Service I-D defines an update protocol to store a * public key in the Web Key Directory. The current specification is - * draft-koch-openpgp-webkey-service-01.txt. + * draft-koch-openpgp-webkey-service-05.txt. */ #include @@ -154,7 +154,7 @@ static gpg_error_t command_receive_cb (void *opaque, const char *mediatype, estream_t fp, unsigned int flags); static gpg_error_t command_list_domains (void); -static gpg_error_t command_install_key (const char *fname); +static gpg_error_t command_install_key (const char *fname, const char *userid); static gpg_error_t command_remove_key (const char *mailaddr); static gpg_error_t command_revoke_key (const char *mailaddr); static gpg_error_t command_check_key (const char *mailaddr); @@ -376,9 +376,9 @@ main (int argc, char **argv) break; case aInstallKey: - if (argc != 1) - wrong_args ("--install-key FILE"); - err = command_install_key (*argv); + if (argc != 2) + wrong_args ("--install-key FILE USER-ID"); + err = command_install_key (*argv, argv[1]); break; case aRemoveKey: @@ -1339,6 +1339,81 @@ send_congratulation_message (const char *mbox, const char *keyfile) } +/* Write the content of SRC to the new file FNAME. */ +static gpg_error_t +write_to_file (estream_t src, const char *fname) +{ + gpg_error_t err; + estream_t dst; + char buffer[4096]; + size_t nread, written; + + dst = es_fopen (fname, "wb"); + if (!dst) + return gpg_error_from_syserror (); + + do + { + nread = es_fread (buffer, 1, sizeof buffer, src); + if (!nread) + break; + written = es_fwrite (buffer, 1, nread, dst); + if (written != nread) + break; + } + while (!es_feof (src) && !es_ferror (src) && !es_ferror (dst)); + if (!es_feof (src) || es_ferror (src) || es_ferror (dst)) + { + err = gpg_error_from_syserror (); + es_fclose (dst); + gnupg_remove (fname); + return err; + } + + if (es_fclose (dst)) + { + err = gpg_error_from_syserror (); + log_error ("error closing '%s': %s\n", fname, gpg_strerror (err)); + return err; + } + + return 0; +} + + +/* Compute the the full file name for the key with ADDRSPEC and return + * it at R_FNAME. */ +static gpg_error_t +compute_hu_fname (char **r_fname, const char *addrspec) +{ + gpg_error_t err; + char *hash; + const char *domain; + char sha1buf[20]; + + *r_fname = NULL; + + domain = strchr (addrspec, '@'); + if (!domain || !domain[1] || domain == addrspec) + return gpg_error (GPG_ERR_INV_ARG); + domain++; + + gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, addrspec, domain - addrspec - 1); + hash = zb32_encode (sha1buf, 8*20); + if (!hash) + return gpg_error_from_syserror (); + + *r_fname = make_filename_try (opt.directory, domain, "hu", hash, NULL); + if (!*r_fname) + err = gpg_error_from_syserror (); + else + err = 0; + + xfree (hash); + return err; +} + + /* Check that we have send a request with NONCE and publish the key. */ static gpg_error_t check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) @@ -1412,24 +1487,10 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) goto leave; } - /* Hash user ID and create filename. */ - s = strchr (address, '@'); - log_assert (s); - gcry_md_hash_buffer (GCRY_MD_SHA1, shaxbuf, address, s - address); - hash = zb32_encode (shaxbuf, 8*20); - if (!hash) - { - err = gpg_error_from_syserror (); - goto leave; - } - - fnewname = make_filename_try (opt.directory, domain, "hu", hash, NULL); - if (!fnewname) - { - err = gpg_error_from_syserror (); - goto leave; - } + err = compute_hu_fname (&fnewname, address); + if (err) + goto leave; /* Publish. */ err = copy_key_as_binary (fname, fnewname, address); @@ -1935,16 +1996,122 @@ command_cron (void) } -/* Install a single key into the WKD by reading FNAME. */ +/* Install a single key into the WKD by reading FNAME and extracting + * USERID. */ static gpg_error_t -command_install_key (const char *fname) +command_install_key (const char *fname, const char *userid) { - (void)fname; - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + gpg_error_t err; + estream_t fp; + char *addrspec = NULL; + char *fpr = NULL; + uidinfo_list_t uidlist = NULL; + uidinfo_list_t uid, thisuid; + time_t thistime; + char *huname = NULL; + int any; + + fp = es_fopen (fname, "rb"); + if (!fp) + { + err = gpg_error_from_syserror (); + log_error ("error reading '%s': %s\n", fname, gpg_strerror (err)); + goto leave; + } + + addrspec = mailbox_from_userid (userid); + if (!addrspec) + { + log_error ("\"%s\" is not a proper mail address\n", userid); + err = gpg_error (GPG_ERR_INV_USER_ID); + goto leave; + } + + /* List the key so that we can figure out the newest UID with the + * requested addrspec. */ + err = wks_list_key (fp, &fpr, &uidlist); + if (err) + { + log_error ("error parsing key: %s\n", gpg_strerror (err)); + err = gpg_error (GPG_ERR_NO_PUBKEY); + goto leave; + } + thistime = 0; + thisuid = NULL; + any = 0; + for (uid = uidlist; uid; uid = uid->next) + { + if (!uid->mbox) + continue; /* Should not happen anyway. */ + if (ascii_strcasecmp (uid->mbox, addrspec)) + continue; /* Not the requested addrspec. */ + any = 1; + if (uid->created > thistime) + { + thistime = uid->created; + thisuid = uid; + } + } + if (!thisuid) + thisuid = uidlist; /* This is the case for a missing timestamp. */ + if (!any) + { + log_error ("public key in '%s' has no mail address '%s'\n", + fname, addrspec); + err = gpg_error (GPG_ERR_INV_USER_ID); + goto leave; + } + + if (opt.verbose) + log_info ("using key with user id '%s'\n", thisuid->uid); + + { + estream_t fp2; + + es_rewind (fp); + err = wks_filter_uid (&fp2, fp, thisuid->uid, 1); + if (err) + { + log_error ("error filtering key: %s\n", gpg_strerror (err)); + err = gpg_error (GPG_ERR_NO_PUBKEY); + goto leave; + } + es_fclose (fp); + fp = fp2; + } + + /* Hash user ID and create filename. */ + err = compute_hu_fname (&huname, addrspec); + if (err) + goto leave; + + /* Publish. */ + err = write_to_file (fp, huname); + if (err) + { + log_error ("copying key to '%s' failed: %s\n", huname,gpg_strerror (err)); + goto leave; + } + + /* Make sure it is world readable. */ + if (gnupg_chmod (huname, "-rwxr--r--")) + log_error ("can't set permissions of '%s': %s\n", + huname, gpg_strerror (gpg_err_code_from_syserror())); + + if (!opt.quiet) + log_info ("key %s published for '%s'\n", fpr, addrspec); + + leave: + xfree (huname); + free_uidinfo_list (uidlist); + xfree (fpr); + xfree (addrspec); + es_fclose (fp); + return err; } -/* Return the filename and optioanlly the addrspec for USERID at +/* Return the filename and optionally the addrspec for USERID at * R_FNAME and R_ADDRSPEC. R_ADDRSPEC might also be set on error. */ static gpg_error_t fname_from_userid (const char *userid, char **r_fname, char **r_addrspec) diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h index 1522b72..a5a73c5 100644 --- a/tools/gpg-wks.h +++ b/tools/gpg-wks.h @@ -89,7 +89,7 @@ void free_uidinfo_list (uidinfo_list_t list); gpg_error_t wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes); gpg_error_t wks_filter_uid (estream_t *r_newkey, estream_t key, - const char *uid); + const char *uid, int binary); gpg_error_t wks_send_mime (mime_maker_t mime); gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown); diff --git a/tools/wks-util.c b/tools/wks-util.c index 9c0f489..33f1ae7 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -317,10 +317,13 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes) /* Run gpg as a filter on KEY and write the output to a new stream - * stored at R_NEWKEY. The new key will containn only the user id - * UID. Returns 0 on success. Only one key is expected in KEY. */ + * stored at R_NEWKEY. The new key will contain only the user id UID. + * Returns 0 on success. Only one key is expected in KEY. If BINARY + * is set the resulting key is returned as a binary (non-armored) + * keyblock. */ gpg_error_t -wks_filter_uid (estream_t *r_newkey, estream_t key, const char *uid) +wks_filter_uid (estream_t *r_newkey, estream_t key, const char *uid, + int binary) { gpg_error_t err; ccparray_t ccp; @@ -340,8 +343,9 @@ wks_filter_uid (estream_t *r_newkey, estream_t key, const char *uid) } /* Prefix the key with the MIME content type. */ - es_fputs ("Content-Type: application/pgp-keys\n" - "\n", newkey); + if (!binary) + es_fputs ("Content-Type: application/pgp-keys\n" + "\n", newkey); filterexp = es_bsprintf ("keep-uid=uid=%s", uid); if (!filterexp) @@ -361,7 +365,8 @@ wks_filter_uid (estream_t *r_newkey, estream_t key, const char *uid) ccparray_put (&ccp, "--batch"); ccparray_put (&ccp, "--status-fd=2"); ccparray_put (&ccp, "--always-trust"); - ccparray_put (&ccp, "--armor"); + if (!binary) + ccparray_put (&ccp, "--armor"); ccparray_put (&ccp, "--import-options=import-export"); ccparray_put (&ccp, "--import-filter"); ccparray_put (&ccp, filterexp); ----------------------------------------------------------------------- Summary of changes: doc/wks.texi | 12 ++- tools/gpg-wks-client.c | 2 +- tools/gpg-wks-server.c | 223 ++++++++++++++++++++++++++++++++++++++++++------- tools/gpg-wks.h | 2 +- tools/wks-util.c | 17 ++-- 5 files changed, 216 insertions(+), 40 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 20 14:46:04 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 20 Feb 2018 14:46:04 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-42-g1a1c949 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 1a1c949670faf05f1f1ea1b1f66ca808e9c026dd (commit) from c5133586929626685ac6ceef57e775ac7761cdb0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1a1c949670faf05f1f1ea1b1f66ca808e9c026dd Author: Andre Heinecke Date: Tue Feb 20 14:41:47 2018 +0100 Fix setting the account for WKS Mails * src/oomhelp.cpp (put_oom_disp): For VT_DISPATCH it is DISPID_PROPERTYPUTREF and not DISPID_PROPERTYPUT. * src/wks-helper.cpp (WKSHelper::send_mail): Properly release account. diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp index a72bace..69695f1 100644 --- a/src/oomhelp.cpp +++ b/src/oomhelp.cpp @@ -550,13 +550,13 @@ put_oom_disp (LPDISPATCH pDisp, const char *name, LPDISPATCH disp) return -1; dispparams.rgvarg = aVariant; - dispparams.rgvarg[0].vt = VT_DISPATCH | VT_BYREF; + dispparams.rgvarg[0].vt = VT_DISPATCH; dispparams.rgvarg[0].pdispVal = disp; dispparams.cArgs = 1; dispparams.rgdispidNamedArgs = &dispid_put; dispparams.cNamedArgs = 1; hr = pDisp->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT, - DISPATCH_PROPERTYPUT, &dispparams, + DISPATCH_PROPERTYPUTREF, &dispparams, NULL, &execpinfo, NULL); if (hr != S_OK) { diff --git a/src/wks-helper.cpp b/src/wks-helper.cpp index 3dbc31d..d993a11 100644 --- a/src/wks-helper.cpp +++ b/src/wks-helper.cpp @@ -451,10 +451,11 @@ WKSHelper::send_mail (const std::string &mimeData) const LPDISPATCH account = get_account_for_mail (from.c_str ()); if (account) { - log_debug ("%s:%s: Changing account.", - SRCNAME, __func__); + log_debug ("%s:%s: Found account to change for '%s'.", + SRCNAME, __func__, from.c_str ()); put_oom_disp (mail, "SendUsingAccount", account); } + gpgol_release (account); /* Now we have a problem. The created LPDISPATCH pointer has a different value then the one with which we saw the ItemLoad ----------------------------------------------------------------------- Summary of changes: src/oomhelp.cpp | 4 ++-- src/wks-helper.cpp | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 20 15:15:03 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 20 Feb 2018 15:15:03 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-44-g9017cf6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 9017cf6fb9c78a83d9d5d08d886c41878444369b (commit) via 569f4065d0863ac8c44c9f9c07fcd3b89ba4f7cb (commit) from 1a1c949670faf05f1f1ea1b1f66ca808e9c026dd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9017cf6fb9c78a83d9d5d08d886c41878444369b Author: Andre Heinecke Date: Tue Feb 20 15:13:03 2018 +0100 Use gpgol_message_box in wks-helper * src/wks-helper.cpp (WKSHelper::notify), (WKSHelper::start_publish): Use gpgol_message_box. -- You eat with your eyes ;-) diff --git a/src/wks-helper.cpp b/src/wks-helper.cpp index d993a11..753de8d 100644 --- a/src/wks-helper.cpp +++ b/src/wks-helper.cpp @@ -271,13 +271,12 @@ WKSHelper::notify (const char *cBox) const if (state == NeedsPublish) { - wchar_t * w_title = utf8_to_wchar (_("GpgOL: Key directory available!")); - wchar_t * w_desc = utf8_to_wchar (_("Your mail provider supports a key directory.\n\n" + if (gpgol_message_box (get_active_hwnd (), + _("Your mail provider supports a key directory.\n\n" "Register your key in that directory to make\n" "it easier for others to send you encrypted mail.\n\n\n" - "Register Key?")); - if (MessageBoxW (get_active_hwnd (), - w_desc, w_title, MB_ICONINFORMATION | MB_YESNO) == IDYES) + "Register Key?"), + _("GpgOL: Key directory available!"), MB_YESNO) == IDYES) { start_publish (mbox); } @@ -285,9 +284,6 @@ WKSHelper::notify (const char *cBox) const { update_state (mbox, PublishDenied); } - - xfree (w_desc); - xfree (w_title); return; } else @@ -360,10 +356,10 @@ WKSHelper::start_publish (const std::string &mbox) const if (data.empty ()) { - MessageBox (get_active_hwnd (), - "WKS client failed to create publishing request.", - _("GpgOL"), - MB_ICONINFORMATION|MB_OK); + gpgol_message_box (get_active_hwnd (), + "WKS client failed to create publishing request.", + _("GpgOL"), + MB_OK); return; } @@ -469,6 +465,6 @@ WKSHelper::send_mail (const std::string &mimeData) const invoke_oom_method (mail, "Save", NULL); invoke_oom_method (mail, "Send", NULL); - log_debug ("%s:%s: Publish successful", + log_debug ("%s:%s: Done send mail.", SRCNAME, __func__); } commit 569f4065d0863ac8c44c9f9c07fcd3b89ba4f7cb Author: Andre Heinecke Date: Tue Feb 20 15:07:24 2018 +0100 Add UTF8 and Icon Message Box helper * src/common.c (gpgol_message_box): New. * src/common.h (gpgol_message_box): Declare. * src/dialogs.h, src/dialogs.rc: Add icon. * src/icons/Makefile.am (EXTRA_DIST): Add icon. * src/icons/lock.ico: New. diff --git a/src/common.c b/src/common.c index 5d4c6fb..724aebe 100644 --- a/src/common.c +++ b/src/common.c @@ -38,6 +38,8 @@ #include "common.h" +#include "dialogs.h" + HINSTANCE glob_hinst = NULL; void @@ -1028,3 +1030,30 @@ is_elevated() return ret; } + +int +gpgol_message_box (HWND parent, const char *utf8_text, + const char *utf8_caption, UINT type) +{ + wchar_t *w_text = utf8_to_wchar (utf8_text); + wchar_t *w_caption = utf8_to_wchar (utf8_caption); + int ret = 0; + + MSGBOXPARAMSW mbp; + mbp.cbSize = sizeof (MSGBOXPARAMS); + mbp.hwndOwner = parent; + mbp.hInstance = glob_hinst; + mbp.lpszText = w_text; + mbp.lpszCaption = w_caption; + mbp.dwStyle = type | MB_USERICON; + mbp.dwLanguageId = MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT); + mbp.lpfnMsgBoxCallback = NULL; + mbp.dwContextHelpId = 0; + mbp.lpszIcon = (LPCWSTR) MAKEINTRESOURCE (IDI_GPGOL_LOCK_ICON); + + ret = MessageBoxIndirectW (&mbp); + + xfree (w_text); + xfree (w_caption); + return ret; +} diff --git a/src/common.h b/src/common.h index d306d16..ed7b87a 100644 --- a/src/common.h +++ b/src/common.h @@ -141,6 +141,9 @@ void log_window_hierarchy (HWND window, const char *fmt, ...) __attribute__ ((format (printf,2,3))); void bring_to_front (HWND wid); + +int gpgol_message_box (HWND parent, const char *utf8_text, + const char *utf8_caption, UINT type); #ifdef __cplusplus } #endif diff --git a/src/dialogs.h b/src/dialogs.h index 2cce4ad..ff6466c 100644 --- a/src/dialogs.h +++ b/src/dialogs.h @@ -122,6 +122,7 @@ #define IDI_SIGN_ENCRYPT_40_PNG 0x6075 #define IDI_ENCRYPT_20_PNG 0x6076 #define IDI_SIGN_20_PNG 0x6077 +#define IDI_GPGOL_LOCK_ICON 0x6078 /* Status icons */ #define ENCRYPT_ICON_OFFSET 0x10 diff --git a/src/dialogs.rc b/src/dialogs.rc index 71409da..aab9831 100644 --- a/src/dialogs.rc +++ b/src/dialogs.rc @@ -69,6 +69,8 @@ IDI_SIGN_ENCRYPT_40_PNG RCDATA "icons/sign-enc-40.png" IDI_ENCRYPT_20_PNG RCDATA "icons/encrypt-20.png" IDI_SIGN_20_PNG RCDATA "icons/sign-20.png" +IDI_GPGOL_LOCK_ICON ICON DISCARDABLE "icons/lock.ico" + IDB_LOGO BITMAP DISCARDABLE "icons/logo.bmp" IDD_GPG_OPTIONS DIALOG DISCARDABLE 0, 0, 266, 274 diff --git a/src/icons/Makefile.am b/src/icons/Makefile.am index 71cf74c..9eaec10 100644 --- a/src/icons/Makefile.am +++ b/src/icons/Makefile.am @@ -31,4 +31,4 @@ EXTRA_DIST= \ level-2.svg level-2-enc.svg level-2.png level-2-enc.png \ level-3.svg level-3-enc.svg level-3.png level-3-enc.png \ level-4.svg level-4-enc.svg level-4.png level-4-enc.png \ - logo.svg logo.bmp + logo.svg logo.bmp lock.ico diff --git a/src/icons/lock.ico b/src/icons/lock.ico new file mode 100644 index 0000000..e721db7 Binary files /dev/null and b/src/icons/lock.ico differ ----------------------------------------------------------------------- Summary of changes: src/common.c | 29 +++++++++++++++++++++++++++++ src/common.h | 3 +++ src/dialogs.h | 1 + src/dialogs.rc | 2 ++ src/icons/Makefile.am | 2 +- src/icons/lock.ico | Bin 0 -> 101758 bytes src/wks-helper.cpp | 22 +++++++++------------- 7 files changed, 45 insertions(+), 14 deletions(-) create mode 100644 src/icons/lock.ico hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 20 15:29:19 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 20 Feb 2018 15:29:19 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-32-g685a5e1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 685a5e1558b2252ac895637fb857f6f7bb85ea7b (commit) from ee474856ec16ff11d922d8503fb3ede77129c4aa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 685a5e1558b2252ac895637fb857f6f7bb85ea7b Author: Werner Koch Date: Tue Feb 20 15:23:19 2018 +0100 wks: Add special mode to --install-key. * tools/gpg-wks-client.c (get_key_status_parm_s) (get_key_status_cb, get_key): Move to ... * tools/wks-util.c: ...here. (get_key): Rename to wks_get_key. * tools/gpg-wks-server.c: Include userids.h. (command_install_key): Allow use of a fingerprint. Signed-off-by: Werner Koch diff --git a/doc/wks.texi b/doc/wks.texi index 2960c67..6d62282 100644 --- a/doc/wks.texi +++ b/doc/wks.texi @@ -224,7 +224,9 @@ the process returns failure; to suppress the diagnostic, use option The command @option{--install-key} manually installs a key into the WKD. The arguments are a file with the keyblock and the user-id to -install. +install. If the first argument resembles a fingerprint the key is +taken from the current keyring; to force the use of a file, prefix the +first argument with "./". The command @option{--remove-key} uninstalls a key from the WKD. The process returns success in this case; to also print a diagnostic, use @@ -330,7 +332,7 @@ the submission address: @example $ gpg --batch --passphrase '' --quick-gen-key key-submission@@example.net - $ gpg --with-wkd-hash -K key-submission@@example.net + $ gpg -K key-submission@@example.net @end example The output of the last command looks similar to this: @@ -339,21 +341,16 @@ The output of the last command looks similar to this: sec rsa2048 2016-08-30 [SC] C0FCF8642D830C53246211400346653590B3795B uid [ultimate] key-submission@@example.net - bxzcxpxk8h87z1k7bzk86xn5aj47intu@@example.net ssb rsa2048 2016-08-30 [E] @end example -Take the hash of the string "key-submission", which is -"bxzcxpxk8h87z1k7bzk86xn5aj47intu" and manually publish that key: +Take the fingerprint from that output and manually publish the key: @example - $ gpg --export-options export-minimal --export \ - > -o /var/lib/gnupg/wks/example.net/hu/bxzcxpxk8h87z1k7bzk86xn5aj47intu \ - > key-submission@@example.new + $ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \ + > key-submission@@example.net @end example -Make sure that the created file is world readable. - Finally that submission address needs to be redirected to a script running @command{gpg-wks-server}. The @command{procmail} command can be used for this: Redirect the submission address to the user "webkey" diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 3b19c76..73945ff 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -325,119 +325,6 @@ main (int argc, char **argv) -struct get_key_status_parm_s -{ - const char *fpr; - int found; - int count; -}; - -static void -get_key_status_cb (void *opaque, const char *keyword, char *args) -{ - struct get_key_status_parm_s *parm = opaque; - - /*log_debug ("%s: %s\n", keyword, args);*/ - if (!strcmp (keyword, "EXPORTED")) - { - parm->count++; - if (!ascii_strcasecmp (args, parm->fpr)) - parm->found = 1; - } -} - - -/* Get a key by fingerprint from gpg's keyring and make sure that the - * mail address ADDRSPEC is included in the key. If EXACT is set the - * returned user id must match Addrspec exactly and not just in the - * addr-spec (mailbox) part. The key is returned as a new memory - * stream at R_KEY. */ -static gpg_error_t -get_key (estream_t *r_key, const char *fingerprint, const char *addrspec, - int exact) -{ - gpg_error_t err; - ccparray_t ccp; - const char **argv = NULL; - estream_t key = NULL; - struct get_key_status_parm_s parm; - char *filterexp = NULL; - - memset (&parm, 0, sizeof parm); - - *r_key = NULL; - - key = es_fopenmem (0, "w+b"); - if (!key) - { - err = gpg_error_from_syserror (); - log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); - goto leave; - } - - /* Prefix the key with the MIME content type. */ - es_fputs ("Content-Type: application/pgp-keys\n" - "\n", key); - - filterexp = es_bsprintf ("keep-uid=%s=%s", exact? "uid":"mbox", addrspec); - if (!filterexp) - { - err = gpg_error_from_syserror (); - log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); - goto leave; - } - - ccparray_init (&ccp, 0); - - ccparray_put (&ccp, "--no-options"); - if (!opt.verbose) - ccparray_put (&ccp, "--quiet"); - else if (opt.verbose > 1) - ccparray_put (&ccp, "--verbose"); - ccparray_put (&ccp, "--batch"); - ccparray_put (&ccp, "--status-fd=2"); - ccparray_put (&ccp, "--always-trust"); - ccparray_put (&ccp, "--armor"); - ccparray_put (&ccp, "--export-options=export-minimal"); - ccparray_put (&ccp, "--export-filter"); - ccparray_put (&ccp, filterexp); - ccparray_put (&ccp, "--export"); - ccparray_put (&ccp, "--"); - ccparray_put (&ccp, fingerprint); - - ccparray_put (&ccp, NULL); - argv = ccparray_get (&ccp, NULL); - if (!argv) - { - err = gpg_error_from_syserror (); - goto leave; - } - parm.fpr = fingerprint; - err = gnupg_exec_tool_stream (opt.gpg_program, argv, NULL, - NULL, key, - get_key_status_cb, &parm); - if (!err && parm.count > 1) - err = gpg_error (GPG_ERR_TOO_MANY); - else if (!err && !parm.found) - err = gpg_error (GPG_ERR_NOT_FOUND); - if (err) - { - log_error ("export failed: %s\n", gpg_strerror (err)); - goto leave; - } - - es_rewind (key); - *r_key = key; - key = NULL; - - leave: - es_fclose (key); - xfree (argv); - xfree (filterexp); - return err; -} - - /* Add the user id UID to the key identified by FINGERPRINT. */ static gpg_error_t add_user_id (const char *fingerprint, const char *uid) @@ -767,7 +654,7 @@ command_send (const char *fingerprint, const char *userid) err = gpg_error (GPG_ERR_INV_USER_ID); goto leave; } - err = get_key (&key, fingerprint, addrspec, 0); + err = wks_get_key (&key, fingerprint, addrspec, 0); if (err) goto leave; @@ -897,7 +784,7 @@ command_send (const char *fingerprint, const char *userid) * the key again. */ es_fclose (key); key = NULL; - err = get_key (&key, fingerprint, addrspec, 1); + err = wks_get_key (&key, fingerprint, addrspec, 1); if (err) goto leave; } diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index e2b8306..a588155 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -35,6 +35,7 @@ #include "../common/util.h" #include "../common/init.h" #include "../common/sysutils.h" +#include "../common/userids.h" #include "../common/ccparray.h" #include "../common/exectool.h" #include "../common/zb32.h" @@ -2002,7 +2003,8 @@ static gpg_error_t command_install_key (const char *fname, const char *userid) { gpg_error_t err; - estream_t fp; + KEYDB_SEARCH_DESC desc; + estream_t fp = NULL; char *addrspec = NULL; char *fpr = NULL; uidinfo_list_t uidlist = NULL; @@ -2011,14 +2013,6 @@ command_install_key (const char *fname, const char *userid) char *huname = NULL; int any; - fp = es_fopen (fname, "rb"); - if (!fp) - { - err = gpg_error_from_syserror (); - log_error ("error reading '%s': %s\n", fname, gpg_strerror (err)); - goto leave; - } - addrspec = mailbox_from_userid (userid); if (!addrspec) { @@ -2027,6 +2021,31 @@ command_install_key (const char *fname, const char *userid) goto leave; } + if (!classify_user_id (fname, &desc, 1) + && (desc.mode == KEYDB_SEARCH_MODE_FPR + || desc.mode == KEYDB_SEARCH_MODE_FPR20)) + { + /* FNAME looks like a fingerprint. Get the key from the + * standard keyring. */ + err = wks_get_key (&fp, fname, addrspec, 0); + if (err) + { + log_error ("error getting key '%s' (uid='%s'): %s\n", + fname, addrspec, gpg_strerror (err)); + goto leave; + } + } + else /* Take it from the file */ + { + fp = es_fopen (fname, "rb"); + if (!fp) + { + err = gpg_error_from_syserror (); + log_error ("error reading '%s': %s\n", fname, gpg_strerror (err)); + goto leave; + } + } + /* List the key so that we can figure out the newest UID with the * requested addrspec. */ err = wks_list_key (fp, &fpr, &uidlist); diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h index a5a73c5..1b91b65 100644 --- a/tools/gpg-wks.h +++ b/tools/gpg-wks.h @@ -86,6 +86,8 @@ typedef struct uidinfo_list_s *uidinfo_list_t; void wks_set_status_fd (int fd); void wks_write_status (int no, const char *format, ...) GPGRT_ATTR_PRINTF(2,3); void free_uidinfo_list (uidinfo_list_t list); +gpg_error_t wks_get_key (estream_t *r_key, const char *fingerprint, + const char *addrspec, int exact); gpg_error_t wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes); gpg_error_t wks_filter_uid (estream_t *r_newkey, estream_t key, diff --git a/tools/wks-util.c b/tools/wks-util.c index 33f1ae7..3fd824c 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -133,6 +133,120 @@ free_uidinfo_list (uidinfo_list_t list) +struct get_key_status_parm_s +{ + const char *fpr; + int found; + int count; +}; + + +static void +get_key_status_cb (void *opaque, const char *keyword, char *args) +{ + struct get_key_status_parm_s *parm = opaque; + + /*log_debug ("%s: %s\n", keyword, args);*/ + if (!strcmp (keyword, "EXPORTED")) + { + parm->count++; + if (!ascii_strcasecmp (args, parm->fpr)) + parm->found = 1; + } +} + +/* Get a key by fingerprint from gpg's keyring and make sure that the + * mail address ADDRSPEC is included in the key. If EXACT is set the + * returned user id must match Addrspec exactly and not just in the + * addr-spec (mailbox) part. The key is returned as a new memory + * stream at R_KEY. */ +gpg_error_t +wks_get_key (estream_t *r_key, const char *fingerprint, const char *addrspec, + int exact) +{ + gpg_error_t err; + ccparray_t ccp; + const char **argv = NULL; + estream_t key = NULL; + struct get_key_status_parm_s parm; + char *filterexp = NULL; + + memset (&parm, 0, sizeof parm); + + *r_key = NULL; + + key = es_fopenmem (0, "w+b"); + if (!key) + { + err = gpg_error_from_syserror (); + log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); + goto leave; + } + + /* Prefix the key with the MIME content type. */ + es_fputs ("Content-Type: application/pgp-keys\n" + "\n", key); + + filterexp = es_bsprintf ("keep-uid=%s=%s", exact? "uid":"mbox", addrspec); + if (!filterexp) + { + err = gpg_error_from_syserror (); + log_error ("error allocating memory buffer: %s\n", gpg_strerror (err)); + goto leave; + } + + ccparray_init (&ccp, 0); + + ccparray_put (&ccp, "--no-options"); + if (!opt.verbose) + ccparray_put (&ccp, "--quiet"); + else if (opt.verbose > 1) + ccparray_put (&ccp, "--verbose"); + ccparray_put (&ccp, "--batch"); + ccparray_put (&ccp, "--status-fd=2"); + ccparray_put (&ccp, "--always-trust"); + ccparray_put (&ccp, "--armor"); + ccparray_put (&ccp, "--export-options=export-minimal"); + ccparray_put (&ccp, "--export-filter"); + ccparray_put (&ccp, filterexp); + ccparray_put (&ccp, "--export"); + ccparray_put (&ccp, "--"); + ccparray_put (&ccp, fingerprint); + + ccparray_put (&ccp, NULL); + argv = ccparray_get (&ccp, NULL); + if (!argv) + { + err = gpg_error_from_syserror (); + goto leave; + } + parm.fpr = fingerprint; + err = gnupg_exec_tool_stream (opt.gpg_program, argv, NULL, + NULL, key, + get_key_status_cb, &parm); + if (!err && parm.count > 1) + err = gpg_error (GPG_ERR_TOO_MANY); + else if (!err && !parm.found) + err = gpg_error (GPG_ERR_NOT_FOUND); + if (err) + { + log_error ("export failed: %s\n", gpg_strerror (err)); + goto leave; + } + + es_rewind (key); + *r_key = key; + key = NULL; + + leave: + es_fclose (key); + xfree (argv); + xfree (filterexp); + return err; +} + + + /* Helper for wks_list_key and wks_filter_uid. */ static void key_status_cb (void *opaque, const char *keyword, char *args) ----------------------------------------------------------------------- Summary of changes: doc/wks.texi | 17 +++---- tools/gpg-wks-client.c | 117 +------------------------------------------------ tools/gpg-wks-server.c | 37 ++++++++++++---- tools/gpg-wks.h | 2 + tools/wks-util.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 153 insertions(+), 134 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 21 11:14:52 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Feb 2018 11:14:52 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-33-gc4d8efb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via c4d8efb8942fe1d5644c5b2cb8bc73a06ac500df (commit) from 685a5e1558b2252ac895637fb857f6f7bb85ea7b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c4d8efb8942fe1d5644c5b2cb8bc73a06ac500df Author: Werner Koch Date: Wed Feb 21 10:17:20 2018 +0100 doc: Add extra hint on unattended use of gpg. -- diff --git a/doc/gpg.texi b/doc/gpg.texi index 927d77d..ddebc69 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3781,6 +3781,19 @@ If you are going to verify detached signatures, make sure that the program knows about it; either give both filenames on the command line or use @samp{-} to specify STDIN. +For scripted or other unattended use of @command{gpg} make sure to use +the machine-parseable interface and not the default interface which is +intended for direct use by humans. The machine-parseable interface +provides a stable and well documented API independent of the locale or +future changes of @command{gpg}. To enable this interface use the +options @option{--with-colons} and @option{--status-fd}. For certain +operations the option @option{--command-fd} may come handy too. See +this man page and the file @file{DETAILS} for the specification of the +interface. Note that the GnuPG ``info'' pages as well as the PDF +version of the GnuPG manual features a chapter on unattended use of +GnuPG. As an alternative the library @command{GPGME} can be used as a +high-level abstraction on top of that interface. + @mansect interoperability @chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 13 +++++++++++++ 1 file changed, 13 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 21 20:56:21 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Feb 2018 20:56:21 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.27-244-g70058cd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 70058cd9f944d620764e57c838209afae8a58c78 (commit) via 887530733d0486ab68ff351c4855f5450c2d50e6 (commit) via a8cf20c47ee092da2ed6f75f104e27685764abac (commit) via db7ed21adeaadac5aaa32d23e3b30aaa9e1dfa72 (commit) from f9a33a7f7e44a644ff4e31f7e9f1c2c1ec1f8eee (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 70058cd9f944d620764e57c838209afae8a58c78 Author: Werner Koch Date: Wed Feb 21 18:23:52 2018 +0100 build: Document how to use git send-email. * autogen.rc: Add patches_to. * autogen.sh: Run git config sendemail.to. * doc/HACKING: Describe use of git send-email. -- Co-authored-by: Todd Zullinger Signed-off-by: Werner Koch diff --git a/autogen.rc b/autogen.rc index a11c62f..4e1918a 100644 --- a/autogen.rc +++ b/autogen.rc @@ -1,6 +1,7 @@ # autogen.sh configuration for libgpg-error -*- sh -*- display_name="Libgpg-error" +patches_to="gnupg-devel at gnupg.org" version_parts=2 diff --git a/autogen.sh b/autogen.sh index b238550..4b511bf 100755 --- a/autogen.sh +++ b/autogen.sh @@ -469,6 +469,7 @@ EOF chmod +x .git/hooks/commit-msg if [ x"${display_name}" != x ]; then git config format.subjectPrefix "PATCH ${display_name}" + git config sendemail.to "${patches_to}" fi fi fi diff --git a/doc/HACKING b/doc/HACKING index d379099..33b56d5 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -57,18 +57,24 @@ - if you're working from the git repo, here's a suggested workflow: + - configure git send-email defaults: + + git config format.subjectPrefix 'PATCH libgpg-error' + git config sendemail.to gnupg-devel at gnupg.org + + Note that running ./autogen.sh on a fresh clone will do this for + you. + - hack hack hack - commit your changes; group changes into easily-reviewable commit units, feel free to submit several patches at once - e.g. if you want to submit a single patch on top of master, do: - git send-email --to=gnupg-devel at gnupg.org --annotate -1 - (please put a mention of libgpg-error into the subjects, - annotate lets you do that) + git send-email --annotate -1 - e.g. if you have two commits on top of master, do: - git send-email --to=gnupg-devel at gnupg.org --annotate --cover-letter -2 + git send-email --annotate --cover-letter -2 (that prompts you for a summary mail to precede your actual patch mails) commit 887530733d0486ab68ff351c4855f5450c2d50e6 Author: Thorsten Behrens Date: Thu Feb 1 14:24:07 2018 +0100 doc: clarify patch submission workflow Signed-off-by: Thorsten Behrens diff --git a/doc/HACKING b/doc/HACKING index e30b2f8..d379099 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -2,6 +2,11 @@ #+TITLE: Various hacking notes #+STARTUP: showall +* How to contribute + + The following stuff explains some basic procedures you need to + follow if you want to contribute code or documentation. + * No more ChangeLog files Do not modify any of the ChangeLog files in Libgpg-error. Starting @@ -23,3 +28,48 @@ in a "real" ChangeLog file, but keep the maximum line length at 72 or smaller, so that the generated ChangeLog lines, each with its leading TAB, will not exceed 80 columns. + +* Commit log keywords + + - GnuPG-bug-id :: Values are comma or space delimited bug numbers + from bug.gnupg.org pertaining to this commit. + - Debian-bug-id :: Same as above but from the Debian bug tracker. + - CVE-id :: CVE id number pertaining to this commit. + - Regression-due-to :: Commit id of the regression fixed by this commit. + - Fixes-commit :: Commit id this commit fixes. + - Reported-by :: Value is a name or mail address of a bug reporte. + - Suggested-by :: Value is a name or mail address of someone how + suggested this change. + - Co-authored-by :: Name or mail address of a co-author + - Some-comments-by :: Name or mail address of the author of + additional comments (commit log or code). + - Proofread-by :: Sometimes used by translation commits. + - Signed-off-by :: Name or mail address of the developer + +* Sending patches + + - submitting patches, and subsequent discussions around them, + happens via the gnupg-devel at gnupg.org public mailing list + + - send your patches to that list, preferably PGP/MIME signed. Make + sure to include a mention of 'libgpg-error' in the subject line, + the list is used for several different projects + + - if you're working from the git repo, here's a suggested workflow: + + - hack hack hack + + - commit your changes; group changes into easily-reviewable commit + units, feel free to submit several patches at once + + - e.g. if you want to submit a single patch on top of master, do: + git send-email --to=gnupg-devel at gnupg.org --annotate -1 + (please put a mention of libgpg-error into the subjects, + annotate lets you do that) + + - e.g. if you have two commits on top of master, do: + git send-email --to=gnupg-devel at gnupg.org --annotate --cover-letter -2 + (that prompts you for a summary mail to precede your actual + patch mails) + + - use --dry-run to test your setup commit a8cf20c47ee092da2ed6f75f104e27685764abac Author: Werner Koch Date: Wed Feb 21 17:54:30 2018 +0100 doc: Typo fixes. -- diff --git a/src/estream.c b/src/estream.c index dd2b289..dcabd92 100644 --- a/src/estream.c +++ b/src/estream.c @@ -1641,7 +1641,7 @@ func_file_create (void **cookie, int *filedes, * allowed to leave out trailing dashes. If this keyword parameter * is not given the default mode for creating files is "-rw-rw-r--" * (664). Note that the system still applies the current umask to - * the mode when crating a file. Example: + * the mode when creating a file. Example: * * "wb,mode=-rw-r--" * diff --git a/src/init.c b/src/init.c index 89475d3..7b3eda3 100644 --- a/src/init.c +++ b/src/init.c @@ -228,7 +228,7 @@ _gpgrt_strdup (const char *string) } -/* Helper for _gpgrt_stdconcat and gpgrt_strconcat. */ +/* Helper for _gpgrt_strconcat and gpgrt_strconcat. */ char * _gpgrt_strconcat_core (const char *s1, va_list arg_ptr) { commit db7ed21adeaadac5aaa32d23e3b30aaa9e1dfa72 Author: Werner Koch Date: Wed Feb 21 17:53:36 2018 +0100 build: let autogen.sh set a git PATCH prefix -- Also commit the missing commit-msg hook. Signed-off-by: Werner Koch diff --git a/autogen.rc b/autogen.rc index b128361..a11c62f 100644 --- a/autogen.rc +++ b/autogen.rc @@ -1,5 +1,7 @@ # autogen.sh configuration for libgpg-error -*- sh -*- +display_name="Libgpg-error" + version_parts=2 case "$myhost:$myhostsub" in diff --git a/autogen.sh b/autogen.sh index e5ba5bf..b238550 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,6 +1,6 @@ #! /bin/sh # autogen.sh -# Copyright (C) 2003, 2014, 2017 g10 Code GmbH +# Copyright (C) 2003, 2014, 2017, 2018 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -15,7 +15,7 @@ # configure it for the respective package. It is maintained as part of # GnuPG and source copied by other packages. # -# Version: 2017-01-17 +# Version: 2018-02-21 configure_ac="configure.ac" @@ -467,6 +467,9 @@ EOF EOF $CP build-aux/git-hooks/commit-msg .git/hooks/commit-msg chmod +x .git/hooks/commit-msg + if [ x"${display_name}" != x ]; then + git config format.subjectPrefix "PATCH ${display_name}" + fi fi fi diff --git a/build-aux/git-hooks/commit-msg b/build-aux/git-hooks/commit-msg new file mode 100755 index 0000000..3ca918b --- /dev/null +++ b/build-aux/git-hooks/commit-msg @@ -0,0 +1,133 @@ +eval '(exit $?0)' && eval 'exec perl -w "$0" ${1+"$@"}' + & eval 'exec perl -w "$0" $argv:q' + if 0; + +# An hook script to check the commit log message. +# Called by "git commit" with one argument, the name of the file +# that has the commit message. The hook should exit with non-zero +# status after issuing an appropriate message if it wants to stop the +# commit. The hook is allowed to edit the commit message file. +# +# To enable this hook, copy it to "~/.git/hooks/commit-msg". +# +# This script is based on the one from GNU coreutils. + +use strict; +use warnings; +(my $ME = $0) =~ s|.*/||; + +my $editor = $ENV{EDITOR} || 'vi'; +$ENV{PATH} = '/bin:/usr/bin'; + +# Rewrite the $LOG_FILE (old contents in @$LINE_REF) with an additional +# commented diagnostic "# $ERR" line at the top. +sub rewrite($$$) +{ + my ($log_file, $err, $line_ref) = @_; + local *LOG; + open LOG, '>', $log_file + or die "$ME: $log_file: failed to open for writing: $!"; + print LOG "# $err"; + print LOG @$line_ref; + close LOG + or die "$ME: $log_file: failed to rewrite: $!\n"; +} + +sub re_edit($) +{ + my ($log_file) = @_; + + warn "Interrupt (Ctrl-C) to abort...\n"; + + system 'sh', '-c', "$editor $log_file"; + ($? & 127) || ($? >> 8) + and die "$ME: $log_file: the editor ($editor) failed, aborting\n"; +} + +# Given a $LOG_FILE name and a \@LINE buffer, +# read the contents of the file into the buffer and analyze it. +# If the log message passes muster, return the empty string. +# If not, return a diagnostic. +sub check_msg($$) +{ + my ($log_file, $line_ref) = @_; + + local *LOG; + open LOG, '<', $log_file + or return "failed to open for reading: $!"; + @$line_ref = ; + close LOG; + + my @line = @$line_ref; + chomp @line; + + # Don't filter out blank or comment lines; git does that already, + # and if we were to ignore them here, it could lead to committing + # with lines that start with "#" in the log. + + # Filter out leading blank and comment lines. + # while (@line && $line[0] =~ /^(?:#.*|[ \t]*)$/) { shift @line; } + + # Filter out blank and comment lines at EOF. + # while (@line && $line[$#line] =~ /^(?:#.*|[ \t]*)$/) { pop @line; } + + @line == 0 + and return 'no log message'; + + # The first line should not be too short + 8 < length $line[0] || return 'summary line too short'; + + # The first line should not start with an asterisk or a hash sign. + # An asterisk might indicate that a change entry was started right + # at the first line. + $line[0] =~ /^[*#]/ && return "summary line starts with an * or #"; + + # Second line should be blank or not present. + 2 <= @line && length $line[1] + and return 'second line must be empty'; + + # See git-commit(1), this is the --cleanup=scissors option. Everything + # after and including this line gets ignored. + my $marker = '# ------------------------ >8 ------------------------'; + + # Limit line length to allow for the ChangeLog's leading TAB. + foreach my $line (@line) + { + 72 < length $line && $line =~ /^[^#]/ + and return 'line longer than 72 characters'; + + last if $line eq $marker; + } + + return ''; +} + +{ + @ARGV == 1 + or die; + + my $log_file = $ARGV[0]; + + while (1) + { + my @line; + my $err = check_msg $log_file, \@line; + $err eq '' + and last; + $err = "$ME: $err\n"; + warn $err; + exit 1; + + # Insert the diagnostic as a comment on the first line of $log_file. + #rewrite $log_file, $err, \@line; + #re_edit $log_file; + # + ## Stop if our parent is killed. + #getppid() == 1 + # and last; + } +} + +# Local Variables: +# mode: perl +# End: ----------------------------------------------------------------------- Summary of changes: autogen.rc | 3 + autogen.sh | 8 ++- build-aux/git-hooks/commit-msg | 133 +++++++++++++++++++++++++++++++++++++++++ doc/HACKING | 56 +++++++++++++++++ src/estream.c | 2 +- src/init.c | 2 +- 6 files changed, 200 insertions(+), 4 deletions(-) create mode 100755 build-aux/git-hooks/commit-msg hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 21 20:56:34 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Feb 2018 20:56:34 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.4-117-g914a241 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 914a2413228e24db47d27fa2bb70a5964a1720d8 (commit) from 24ae5af102cb53bd7abfb9f25aca93debb785a2f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 914a2413228e24db47d27fa2bb70a5964a1720d8 Author: Werner Koch Date: Wed Feb 21 18:03:59 2018 +0100 build: Update autogen.sh to set a git PATCH prefix. -- Signed-off-by: Werner Koch diff --git a/autogen.rc b/autogen.rc index 6835929..aa56591 100644 --- a/autogen.rc +++ b/autogen.rc @@ -1,5 +1,7 @@ # autogen.sh configuration for GnuPG -*- sh -*- +display_name=GnuPG +patches_to=gnupg-devel at gnupg.org #version_parts=3 case "$myhost:$myhostsub" in diff --git a/autogen.sh b/autogen.sh index e5ba5bf..4b511bf 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,6 +1,6 @@ #! /bin/sh # autogen.sh -# Copyright (C) 2003, 2014, 2017 g10 Code GmbH +# Copyright (C) 2003, 2014, 2017, 2018 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -15,7 +15,7 @@ # configure it for the respective package. It is maintained as part of # GnuPG and source copied by other packages. # -# Version: 2017-01-17 +# Version: 2018-02-21 configure_ac="configure.ac" @@ -467,6 +467,10 @@ EOF EOF $CP build-aux/git-hooks/commit-msg .git/hooks/commit-msg chmod +x .git/hooks/commit-msg + if [ x"${display_name}" != x ]; then + git config format.subjectPrefix "PATCH ${display_name}" + git config sendemail.to "${patches_to}" + fi fi fi ----------------------------------------------------------------------- Summary of changes: autogen.rc | 2 ++ autogen.sh | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 21 20:56:45 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 21 Feb 2018 20:56:45 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-34-ga70502e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via a70502e93f06b394760fe671913c283018718ced (commit) from c4d8efb8942fe1d5644c5b2cb8bc73a06ac500df (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a70502e93f06b394760fe671913c283018718ced Author: Werner Koch Date: Wed Feb 21 17:56:40 2018 +0100 build: Update autogen.sh -- Now installs a git patch prefix. Signed-off-by: Werner Koch diff --git a/autogen.rc b/autogen.rc index 6835929..3ea03e0 100644 --- a/autogen.rc +++ b/autogen.rc @@ -1,5 +1,7 @@ # autogen.sh configuration for GnuPG -*- sh -*- +display_name=GnuPG + #version_parts=3 case "$myhost:$myhostsub" in diff --git a/autogen.sh b/autogen.sh index e5ba5bf..b238550 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,6 +1,6 @@ #! /bin/sh # autogen.sh -# Copyright (C) 2003, 2014, 2017 g10 Code GmbH +# Copyright (C) 2003, 2014, 2017, 2018 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -15,7 +15,7 @@ # configure it for the respective package. It is maintained as part of # GnuPG and source copied by other packages. # -# Version: 2017-01-17 +# Version: 2018-02-21 configure_ac="configure.ac" @@ -467,6 +467,9 @@ EOF EOF $CP build-aux/git-hooks/commit-msg .git/hooks/commit-msg chmod +x .git/hooks/commit-msg + if [ x"${display_name}" != x ]; then + git config format.subjectPrefix "PATCH ${display_name}" + fi fi fi ----------------------------------------------------------------------- Summary of changes: autogen.rc | 2 ++ autogen.sh | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 09:58:19 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 22 Feb 2018 09:58:19 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-45-g0853344 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 0853344d1dcf520ea657d7208661214f69b59dad (commit) from 9017cf6fb9c78a83d9d5d08d886c41878444369b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0853344d1dcf520ea657d7208661214f69b59dad Author: Andre Heinecke Date: Thu Feb 22 09:45:46 2018 +0100 Implement handling of WKS-Confirmation mails * src/common_indep.h (msgtype_t): New messagtype for WKS_Confirm mails. * src/mail.cpp (Mail::decrypt_verify): Handle new message type. (Mail::is_smime): Clarify an error message. * src/mapihelp.cpp (change_message_class_ipm_note_smime_multipartsigned), (string_to_type, mapi_change_message_class), (mapi_get_message_content_type): Handle wks confirmation mails. * src/message.cpp: Default / ignore new message type in old code. * src/wks-helper.cpp: Lots of changes. diff --git a/src/common_indep.h b/src/common_indep.h index 10b14d6..adfc8bf 100644 --- a/src/common_indep.h +++ b/src/common_indep.h @@ -98,7 +98,8 @@ typedef enum MSGTYPE_GPGOL_OPAQUE_SIGNED, MSGTYPE_GPGOL_OPAQUE_ENCRYPTED, MSGTYPE_GPGOL_CLEAR_SIGNED, - MSGTYPE_GPGOL_PGP_MESSAGE + MSGTYPE_GPGOL_PGP_MESSAGE, + MSGTYPE_GPGOL_WKS_CONFIRMATION } msgtype_t; diff --git a/src/mail.cpp b/src/mail.cpp index 00b42d3..e9a8d59 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -37,6 +37,7 @@ #include "gpgolstr.h" #include "windowmessages.h" #include "mlang-charset.h" +#include "wks-helper.h" #include #include @@ -841,9 +842,22 @@ Mail::decrypt_verify() } set_uuid (); m_processed = true; + + /* Insert placeholder */ char *placeholder_buf; - if (gpgrt_asprintf (&placeholder_buf, opt.prefer_html ? decrypt_template_html : + if (m_type == MSGTYPE_GPGOL_WKS_CONFIRMATION) + { + gpgrt_asprintf (&placeholder_buf, opt.prefer_html ? decrypt_template_html : + decrypt_template, + "OpenPGP", + _("Pubkey directory confirmation"), + _("This is a confirmation request to publish your Pubkey in the " + "directory for your domain.\n\n" + "

If you did not request to publish your Pubkey in your providers " + "directory, simply ignore this message.

\n")); + } + else if (gpgrt_asprintf (&placeholder_buf, opt.prefer_html ? decrypt_template_html : decrypt_template, is_smime() ? "S/MIME" : "OpenPGP", _("Encrypted message"), @@ -877,6 +891,12 @@ Mail::decrypt_verify() /* Do the actual parsing */ auto cipherstream = get_attachment_stream (m_mailitem, m_moss_position); + if (m_type == MSGTYPE_GPGOL_WKS_CONFIRMATION) + { + WKSHelper::instance ()->handle_confirmation_read (this, cipherstream); + return 0; + } + if (!cipherstream) { log_debug ("%s:%s: Failed to get cipherstream.", @@ -1504,7 +1524,8 @@ Mail::is_smime () } else { - log_error ("Protocol in multipart signed mail."); + log_error ("%s:%s: No protocol in multipart / signed mail.", + SRCNAME, __func__); } xfree (proto); xfree (ct); diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index a9c69c3..5ff9ad1 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -1047,7 +1047,7 @@ change_message_class_ipm_note_smime (LPMESSAGE message) if (ct) { log_debug ("%s:%s: content type is '%s'", SRCNAME, __func__, ct); - if (proto + if (proto && !strcmp (ct, "multipart/signed") && !strcmp (proto, "application/pgp-signature")) { @@ -1140,6 +1140,10 @@ change_message_class_ipm_note_smime_multipartsigned (LPMESSAGE message) { newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); } + else if (!strcmp (ct, "wks.confirmation.mail")) + { + newvalue = xstrdup ("IPM.Note.GpgOL.WKSConfirmation"); + } xfree (proto); xfree (ct); } @@ -1283,6 +1287,8 @@ string_to_type (const char *s) return MSGTYPE_GPGOL_CLEAR_SIGNED; else if (!strcmp (s, ".PGPMessage")) return MSGTYPE_GPGOL_PGP_MESSAGE; + else if (!strcmp (s, ".WKSConfirmation")) + return MSGTYPE_GPGOL_WKS_CONFIRMATION; else log_debug ("%s:%s: message class `%s' not supported", SRCNAME, __func__, s-14); @@ -1357,8 +1363,23 @@ mapi_change_message_class (LPMESSAGE message, int sync_override, keep the SMIME; we need to change the SMIME part of the class name so that Outlook does not process it as an SMIME message. */ - newvalue = (char*)xmalloc (strlen (s) + 1); - strcpy (stpcpy (newvalue, "IPM.Note.GpgOL"), s+14); + + char *tmp = change_message_class_ipm_note_smime_multipartsigned + (message); + /* This case happens even for PGP/MIME mails but that is ok + as we later fiddle out the protocol. But we have to + check if this is a WKS Mail now so that we can do the + special handling for that. */ + if (tmp && !strcmp (tmp, "IPM.Note.GpgOL.WKSConfirmation")) + { + newvalue = tmp; + } + else + { + xfree (tmp); + newvalue = (char*)xmalloc (strlen (s) + 1); + strcpy (stpcpy (newvalue, "IPM.Note.GpgOL"), s+14); + } } else if (!strcmp (s, "IPM.Note.SMIME.MultipartSigned")) { @@ -3038,6 +3059,16 @@ mapi_get_message_content_type (LPMESSAGE message, length = (s - header_lines); if (length && s[-1] == '\r') length--; + + if (!strncmp ("Wks-Phase: confirm", header_lines, length)) + { + log_debug ("%s:%s: detected wks confirmation mail", + SRCNAME, __func__); + retstr = xstrdup ("wks.confirmation.mail"); + rfc822parse_close (msg); + return retstr; + } + rfc822parse_insert (msg, (const unsigned char*)header_lines, length); header_lines = s+1; } diff --git a/src/mapihelp.h b/src/mapihelp.h index 0355618..1f2f35c 100644 --- a/src/mapihelp.h +++ b/src/mapihelp.h @@ -136,5 +136,7 @@ int mapi_body_to_attachment (LPMESSAGE message); char * mapi_get_uid (LPMESSAGE message); #ifdef __cplusplus } +#include +std::string mapi_get_header (LPMESSAGE message); #endif #endif /*MAPIHELP_H*/ diff --git a/src/message.cpp b/src/message.cpp index 8e63c0d..c33ad1b 100644 --- a/src/message.cpp +++ b/src/message.cpp @@ -135,6 +135,8 @@ message_incoming_handler (LPMESSAGE message, HWND hwnd, bool force) retval = 2; message_decrypt (message, msgtype, force, hwnd); break; + default: + break; } return retval; @@ -537,6 +539,7 @@ message_verify (LPMESSAGE message, msgtype_t msgtype, int force, HWND hwnd) "that S/MIME processing has been enabled.")); else show_message (hwnd, _("This message has no signature.")); + default: return 0; /* Nothing to do. */ } @@ -712,6 +715,7 @@ message_decrypt (LPMESSAGE message, msgtype_t msgtype, int force, HWND hwnd) is_opaque = 1; break; case MSGTYPE_GPGOL_PGP_MESSAGE: + default: break; } diff --git a/src/wks-helper.cpp b/src/wks-helper.cpp index 753de8d..6d9f9e2 100644 --- a/src/wks-helper.cpp +++ b/src/wks-helper.cpp @@ -23,8 +23,8 @@ #include "cpphelp.h" #include "oomhelp.h" #include "windowmessages.h" -#include "overlay.h" #include "mail.h" +#include "mapihelp.h" #include #include @@ -38,13 +38,16 @@ #define CHECK_MIN_INTERVAL (60 * 60 * 24 * 7) +#define DEBUG_WKS 1 + #undef _ #define _(a) utf8_gettext (a) static std::map s_states; static std::map s_last_checked; +static std::map > s_confirmation_cache; -static WKSHelper* singleton = NULL; +static WKSHelper* singleton = nullptr; GPGRT_LOCK_DEFINE (wks_lock); @@ -99,6 +102,24 @@ WKSHelper::get_check_time (const std::string &mbox) const return it->second; } +std::pair +WKSHelper::get_cached_confirmation (const std::string &mbox) const +{ + gpgrt_lock_lock (&wks_lock); + const auto it = s_confirmation_cache.find(mbox); + const auto dataEnd = s_confirmation_cache.end(); + + if (it == dataEnd) + { + gpgrt_lock_unlock (&wks_lock); + return std::make_pair (nullptr, nullptr); + } + auto ret = it->second; + s_confirmation_cache.erase (it); + gpgrt_lock_unlock (&wks_lock); + return ret; +} + static std::string get_wks_client_path () { @@ -218,8 +239,8 @@ WKSHelper::start_check (const std::string &mbox, bool forced) const log_debug ("%s:%s: WKSHelper starting check", SRCNAME, __func__); /* Start the actual work that can be done in a background thread. */ - CloseHandle (CreateThread (NULL, 0, do_check, strdup (mbox.c_str ()), 0, - NULL)); + CloseHandle (CreateThread (nullptr, 0, do_check, strdup (mbox.c_str ()), 0, + nullptr)); return; } @@ -239,23 +260,28 @@ static DWORD WINAPI do_notify (LPVOID arg) { /** Wait till a message was sent */ - //Sleep (5000); - do_in_ui_thread (WKS_NOTIFY, arg); + std::pair *args = (std::pair *) arg; + + Sleep (args->second); + do_in_ui_thread (WKS_NOTIFY, args->first); + delete args; return 0; } void -WKSHelper::allow_notify () const +WKSHelper::allow_notify (int sleepTimeMS) const { gpgrt_lock_lock (&wks_lock); for (auto &pair: s_states) { - if (pair.second == NeedsPublish) + if (pair.second == ConfirmationSeen || + pair.second == NeedsPublish) { - CloseHandle (CreateThread (NULL, 0, do_notify, - strdup (pair.first.c_str ()), 0, - NULL)); + auto *args = new std::pair (strdup (pair.first.c_str()), sleepTimeMS); + CloseHandle (CreateThread (nullptr, 0, do_notify, + args, 0, + nullptr)); break; } } @@ -272,11 +298,12 @@ WKSHelper::notify (const char *cBox) const if (state == NeedsPublish) { if (gpgol_message_box (get_active_hwnd (), - _("Your mail provider supports a key directory.\n\n" - "Register your key in that directory to make\n" - "it easier for others to send you encrypted mail.\n\n\n" - "Register Key?"), - _("GpgOL: Key directory available!"), MB_YESNO) == IDYES) + _("A Pubkey directory is available for your domain.\n\n" + "Register your Pubkey in that directory to make\n" + "it easy for others to send you encrypted mail.\n\n" + "It's secure and free!\n\n" + "Register automatically?"), + _("GpgOL: Pubkey directory available!"), MB_YESNO) == IDYES) { start_publish (mbox); } @@ -286,20 +313,20 @@ WKSHelper::notify (const char *cBox) const } return; } - else + if (state == ConfirmationSeen) { - log_debug ("%s:%s: Unhandled notify state: %i for '%s'", - SRCNAME, __func__, state, cBox); + handle_confirmation_notify (mbox); return; } + + log_debug ("%s:%s: Unhandled notify state: %i for '%s'", + SRCNAME, __func__, state, cBox); + return; } void WKSHelper::start_publish (const std::string &mbox) const { -// Overlay (get_active_hwnd (), -// std::string (_("Creating registration request..."))); - log_debug ("%s:%s: Start publish for '%s'", SRCNAME, __func__, mbox.c_str ()); @@ -357,21 +384,27 @@ WKSHelper::start_publish (const std::string &mbox) const if (data.empty ()) { gpgol_message_box (get_active_hwnd (), - "WKS client failed to create publishing request.", - _("GpgOL"), + mystderr.toString().c_str (), + _("GpgOL: Directory request failed"), MB_OK); return; } +#ifdef DEBUG_WKS log_debug ("%s:%s: WKS client: returned '%s'", SRCNAME, __func__, data.c_str ()); +#endif - send_mail (data); - + if (!send_mail (data)) + { + gpgol_message_box (get_active_hwnd (), + _("You might receive a confirmation challenge from\n" + "your provider to finish the registration."), + _("GpgOL: Registration request sent!"), MB_OK); + } return; } - void WKSHelper::update_state (const std::string &mbox, WKSState state) const { @@ -389,7 +422,7 @@ WKSHelper::update_state (const std::string &mbox, WKSState state) const gpgrt_lock_unlock (&wks_lock); } -void +int WKSHelper::send_mail (const std::string &mimeData) const { std::istringstream ss(mimeData); @@ -408,7 +441,7 @@ WKSHelper::send_mail (const std::string &mimeData) const { log_error ("%s:%s: Invalid mime data..", SRCNAME, __func__); - return; + return -1; } std::getline (ss, withoutHeaders, '\0'); @@ -427,21 +460,21 @@ WKSHelper::send_mail (const std::string &mimeData) const { log_error ("%s:%s: Failed to create mail for request.", SRCNAME, __func__); - return; + return -1; } if (put_oom_string (mail, "Subject", subject.c_str ())) { TRACEPOINT; gpgol_release (mail); - return; + return -1; } if (put_oom_string (mail, "To", to.c_str ())) { TRACEPOINT; gpgol_release (mail); - return; + return -1; } LPDISPATCH account = get_account_for_mail (from.c_str ()); @@ -462,9 +495,207 @@ WKSHelper::send_mail (const std::string &mimeData) const last_mail->set_override_mime_data (mimeData); last_mail->set_crypt_state (Mail::NeedsSecondAfterWrite); - invoke_oom_method (mail, "Save", NULL); - invoke_oom_method (mail, "Send", NULL); - + if (invoke_oom_method (mail, "Save", nullptr)) + { + // Should not happen. + log_error ("%s:%s: Failed to save mail.", + SRCNAME, __func__); + return -1; + } + if (invoke_oom_method (mail, "Send", nullptr)) + { + log_error ("%s:%s: Failed to send mail.", + SRCNAME, __func__); + return -1; + } log_debug ("%s:%s: Done send mail.", SRCNAME, __func__); + return 0; +} + +static void +copy_stream_to_data (LPSTREAM stream, GpgME::Data *data) +{ + HRESULT hr; + char buf[4096]; + ULONG bRead; + while ((hr = stream->Read (buf, 4096, &bRead)) == S_OK || + hr == S_FALSE) + { + if (!bRead) + { + // EOF + return; + } + data->write (buf, (size_t) bRead); + } +} + +void +WKSHelper::handle_confirmation_notify (const std::string &mbox) const +{ + auto pair = get_cached_confirmation (mbox); + GpgME::Data *mimeData = pair.first; + Mail *mail = pair.second; + + if (!mail) + { + log_debug ("%s:%s: Confirmation notify without cached mail.", + SRCNAME, __func__); + } + + if (!mimeData) + { + log_error ("%s:%s: Confirmation notify without cached data.", + SRCNAME, __func__); + return; + } + + /* First ask the user if he wants to confirm */ + if (gpgol_message_box (get_active_hwnd (), + _("Confirm registration?"), + _("GpgOL: Pubkey directory confirmation"), MB_YESNO) != IDYES) + { + log_debug ("%s:%s: User aborted confirmation.", + SRCNAME, __func__); + delete mimeData; + + /* Next time we read the confirmation we ask again. */ + update_state (mbox, RequestSent); + return; + } + + /* Do the confirmation */ + const auto wksPath = get_wks_client_path (); + + if (wksPath.empty()) + { + TRACEPOINT; + return; + } + + std::vector args; + + args.push_back (wksPath); + args.push_back (std::string ("--receive")); + + // Spawn the process + auto ctx = GpgME::Context::createForEngine (GpgME::SpawnEngine); + if (!ctx) + { + TRACEPOINT; + return; + } + GpgME::Data mystdout, mystderr; + + char **cargs = vector_to_cArray (args); + + GpgME::Error err = ctx->spawn (cargs[0], const_cast (cargs), + *mimeData, mystdout, mystderr, + GpgME::Context::SpawnNone); + release_cArray (cargs); + + if (err) + { + log_debug ("%s:%s: WKS client spawn code: %i asString: %s", + SRCNAME, __func__, err.code(), err.asString()); + return; + } + const auto data = mystdout.toString (); + + if (data.empty ()) + { + gpgol_message_box (get_active_hwnd (), + mystderr.toString().c_str (), + _("GpgOL: Confirmation failed"), + MB_OK); + return; + } + +#ifdef DEBUG_WKS + log_debug ("%s:%s: WKS client: returned '%s'", + SRCNAME, __func__, data.c_str ()); +#endif + if (!send_mail (data)) + { + gpgol_message_box (get_active_hwnd (), + _("Your Pubkey can soon be retrieved from your domain."), + _("GpgOL: Request confirmed!"), MB_OK); + } + + if (mail && Mail::is_valid_ptr (mail)) + { + invoke_oom_method (mail->item(), "Delete", nullptr); + } + + update_state (mbox, ConfirmationSent); +} + +void +WKSHelper::handle_confirmation_read (Mail *mail, LPSTREAM stream) const +{ + /* We get the handle_confirmation in the Read event. To do sending + etc. we have to move out of that event. For this we prepare + the data for later usage. */ + + if (!mail || !stream) + { + TRACEPOINT; + return; + } + + /* Get the recipient of the confirmation mail */ + char **recipients = mail->get_recipients (); + + /* We assert that we have one recipient as the mail should have been + sent by the wks-server. */ + if (!recipients || !recipients[0] || recipients[1]) + { + log_error ("%s:%s: invalid recipients", + SRCNAME, __func__); + release_cArray (recipients); + gpgol_release (stream); + return; + } + + std::string mbox = recipients[0]; + release_cArray (recipients); + + /* Prepare stdin for the wks-client process */ + + /* First we need to write the headers */ + LPMESSAGE message = get_oom_base_message (mail->item()); + if (!message) + { + log_error ("%s:%s: Failed to obtain message.", + SRCNAME, __func__); + gpgol_release (stream); + return; + } + + const auto headers = mapi_get_header (message); + gpgol_release (message); + + GpgME::Data *mystdin = new GpgME::Data(); + + mystdin->write (headers.c_str (), headers.size ()); + + /* Then the MIME data */ + copy_stream_to_data (stream, mystdin); + gpgol_release (stream); + + /* Then lets make sure its flushy */ + mystdin->write (nullptr, 0); + + /* And reset it to start */ + mystdin->seek (0, SEEK_SET); + + gpgrt_lock_lock (&wks_lock); + s_confirmation_cache.insert (std::make_pair (mbox, std::make_pair (mystdin, mail))); + gpgrt_lock_unlock (&wks_lock); + + update_state (mbox, ConfirmationSeen); + + /* Send the window message for notify. */ + allow_notify (5000); } diff --git a/src/wks-helper.h b/src/wks-helper.h index efd36f5..a6429f7 100644 --- a/src/wks-helper.h +++ b/src/wks-helper.h @@ -21,11 +21,22 @@ #include "config.h" #include +#include "oomhelp.h" + +#include + +class Mail; +namespace GpgME +{ + class Data; +} // namespace GpgME /** @brief Helper for web key services. * * Everything is public to make it easy to access data * members from another windows thread. Don't mess with them. + * + * This is all a bit weird, don't look at it too much as it works ;-) */ class WKSHelper { @@ -39,9 +50,11 @@ public: NotSupported, /* <-- WKS is not supported for this address */ Supported, /* <-- WKS is supported for this address */ NeedsPublish, /* <-- There was no key published for this address */ + ConfirmationSeen, /* A confirmation request was seen for this mail addres. */ NeedsUpdate, /* <-- Not yet implemeted. */ RequestSent, /* <-- A publishing request has been sent. */ PublishDenied, /* <-- A user denied publishing. */ + ConfirmationSent, /* <-- The confirmation response was sent. */ }; ~WKSHelper (); @@ -76,8 +89,8 @@ public: /** Starts gpg-wks-client --create */ void start_publish (const std::string &mbox) const; - /** Allow queueing a notification. */ - void allow_notify () const; + /** Allow queueing a notification after a sleepTime */ + void allow_notify (int sleepTimeMS = 0) const; /** Send a notification and start publishing accordingly */ void notify (const char *mbox) const; @@ -88,9 +101,20 @@ public: /** Update or insert a state in the static maps. */ void update_state (const std::string &mbox, WKSState state) const; - /** Create / Build Mail */ - void send_mail (const std::string &mimeData) const; + /** Create / Build / Send Mail + returns 0 on success. + */ + int send_mail (const std::string &mimeData) const; + + /** Handle a confirmation mail read event */ + void handle_confirmation_read (Mail *mail, LPSTREAM msgstream) const; + + /** Handle the notifcation following the read. */ + void handle_confirmation_notify (const std::string &mbox) const; + /** Get the cached confirmation data. Caller takes ownership of + the data object and has to delete it. It is removed from the cache. */ + std::pair get_cached_confirmation (const std::string &mbox) const; private: time_t get_check_time (const std::string &mbox) const; ----------------------------------------------------------------------- Summary of changes: src/common_indep.h | 3 +- src/mail.cpp | 25 ++++- src/mapihelp.cpp | 37 ++++++- src/mapihelp.h | 2 + src/message.cpp | 4 + src/wks-helper.cpp | 301 ++++++++++++++++++++++++++++++++++++++++++++++------- src/wks-helper.h | 32 +++++- 7 files changed, 359 insertions(+), 45 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 09:58:20 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 22 Feb 2018 09:58:20 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-2.0.6-8-gdc2f742 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via dc2f7424d081c1de0b639b3ab52aaa8092077c27 (commit) via 13ec7979aaff33e2d3112bc397ab0a291ffade2f (commit) from 153616194d2562c1aabda8b61d787d8f6cf5b3b6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dc2f7424d081c1de0b639b3ab52aaa8092077c27 Author: Andre Heinecke Date: Thu Feb 22 09:53:19 2018 +0100 Print error when decryptresult is null * src/parsecontroller.cpp (format_error): Print an error when decrypt is requested but the result is null. This means that parsing failed. diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index 3754001..860c215 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -194,7 +194,15 @@ format_error(GpgME::DecryptionResult result, Protocol protocol) else { msg = _("Could not decrypt the data: "); - msg += result.error().asString(); + + if (result.isNull ()) + { + msg += _("Failed to parse the mail."); + } + else + { + msg += result.error().asString(); + } } if (gpgrt_asprintf (&buf, opt.prefer_html ? decrypt_template_html : @@ -310,7 +318,7 @@ ParseController::parse() { verify = false; } - if (m_decrypt_result.error()) + if (m_decrypt_result.error () || m_decrypt_result.isNull ()) { m_error = format_error (m_decrypt_result, protocol); } commit 13ec7979aaff33e2d3112bc397ab0a291ffade2f Author: Andre Heinecke Date: Thu Feb 22 09:50:28 2018 +0100 Handle MS-TNEF PGP/MIME Mails * src/mapihelp.cpp (get_first_attach_mime_tag): Work with more then one attachment. (change_message_class_ipm_note): More ms-tnef handling. -- Apparently Office365 converts mails from some to ms-tnef attachments. We still won't work for S/MIME ms-tnef attachments as I would need an example, but PGP/MIME should work now additionally to PGP/Inline. GnuPG-Bug-Id: T3802 diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index a9c69c3..01aaf67 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -931,11 +931,11 @@ get_first_attach_mime_tag (LPMESSAGE message) return NULL; } n_attach = mapirows->cRows > 0? mapirows->cRows : 0; - if (n_attach != 1) + if (n_attach < 1) { FreeProws (mapirows); gpgol_release (mapitable); - log_debug ("%s:%s: not just one attachment", SRCNAME, __func__); + log_debug ("%s:%s: less then one attachment", SRCNAME, __func__); return NULL; } pos = 0; @@ -1013,12 +1013,38 @@ change_message_class_ipm_note (LPMESSAGE message) } xfree (proto); } + else if (ct && !strcmp (ct, "application/ms-tnef")) + { + /* ms-tnef can either be inline PGP or PGP/MIME. First check + for inline and then look at the attachments if they look + like PGP /MIME .*/ + newvalue = get_msgcls_from_pgp_lines (message); + if (!newvalue) + { + /* So no PGP Inline. Lets look at the attachment. */ + char *attach_mime = get_first_attach_mime_tag (message); + if (!attach_mime) + { + xfree (ct); + return nullptr; + } + if (!strcmp (attach_mime, "application/pgp-encrypted")) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartEncrypted"); + xfree (attach_mime); + } + else if (!strcmp (attach_mime, "application/pgp-signature")) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + xfree (attach_mime); + } + } + } else if (!ct || !strcmp (ct, "text/plain") || !strcmp (ct, "multipart/mixed") || !strcmp (ct, "multipart/alternative") || !strcmp (ct, "multipart/related") || - !strcmp (ct, "text/html") || - !strcmp (ct, "application/ms-tnef")) + !strcmp (ct, "text/html")) { /* It is quite common to have a multipart/mixed or alternative mail with separate encrypted PGP parts. Look at the body to ----------------------------------------------------------------------- Summary of changes: src/mapihelp.cpp | 34 ++++++++++++++++++++++++++++++---- src/parsecontroller.cpp | 12 ++++++++++-- 2 files changed, 40 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 10:30:26 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Feb 2018 10:30:26 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-35-gcf006cb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via cf006cbf733889c20ee313ff93fce838ca77229e (commit) from a70502e93f06b394760fe671913c283018718ced (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cf006cbf733889c20ee313ff93fce838ca77229e Author: Werner Koch Date: Thu Feb 22 10:24:24 2018 +0100 doc: Clarify -export-secret-key-p12 -- GnuPG-bug-id: 3788 Signed-off-by: Werner Koch diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 5d79ce5..cd2a741 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -257,10 +257,10 @@ fingerprints or keygrips. @item --export-secret-key-p12 @var{key-id} @opindex export-secret-key-p12 Export the private key and the certificate identified by @var{key-id} in -a PKCS#12 format. When used with the @code{--armor} option a few +using the PKCS#12 format. When used with the @code{--armor} option a few informational lines are prepended to the output. Note, that the PKCS#12 -format is not very secure and this command is only provided if there is -no other way to exchange the private key. (@xref{option --p12-charset}.) +format is not very secure and proper transport security should be used +to convey the exported key. (@xref{option --p12-charset}.) @item --export-secret-key-p8 @var{key-id} @itemx --export-secret-key-raw @var{key-id} ----------------------------------------------------------------------- Summary of changes: doc/gpgsm.texi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 10:41:43 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 22 Feb 2018 10:41:43 +0100 Subject: [git] GpgOL - branch, async-enc, updated. gpgol-2.0.6-46-g325b905 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, async-enc has been updated via 325b90573a184b65bf1d66e5f6f0eebeb9f0d6ea (commit) from 0853344d1dcf520ea657d7208661214f69b59dad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 325b90573a184b65bf1d66e5f6f0eebeb9f0d6ea Author: Andre Heinecke Date: Thu Feb 22 10:40:58 2018 +0100 Fix WKS-Confirm mail detection * src/mapihelp.cpp (mapi_get_message_content_type): Comparing an empty line would result in wks confirm detection. diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index 5ff9ad1..4647ee1 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -3060,7 +3060,8 @@ mapi_get_message_content_type (LPMESSAGE message, if (length && s[-1] == '\r') length--; - if (!strncmp ("Wks-Phase: confirm", header_lines, length)) + if (!strncmp ("Wks-Phase: confirm", header_lines, + std::max (18, (int) length))) { log_debug ("%s:%s: detected wks confirmation mail", SRCNAME, __func__); ----------------------------------------------------------------------- Summary of changes: src/mapihelp.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 10:52:21 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 22 Feb 2018 10:52:21 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-36-g88e766d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 88e766d3915c2919e9968148ebb30463d4a673e4 (commit) from cf006cbf733889c20ee313ff93fce838ca77229e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 88e766d3915c2919e9968148ebb30463d4a673e4 Author: NIIBE Yutaka Date: Tue Sep 26 11:02:05 2017 +0900 g10: Select a secret key by checking availability under gpg-agent. * g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm by agent_probe_secret_key. (get_pubkey_fromfile, lookup): Supply WANT_SECRET argument. -- GnuPG-bug-id: 1967 Signed-off-by: NIIBE Yutaka (cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6) diff --git a/g10/getkey.c b/g10/getkey.c index e31e023..dabd052 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -144,7 +144,7 @@ static int lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret, kbnode_t *ret_keyblock, kbnode_t *ret_found_key); static kbnode_t finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, - unsigned int *r_flags); + int want_secret, unsigned int *r_flags); static void print_status_key_considered (kbnode_t keyblock, unsigned int flags); @@ -1743,7 +1743,7 @@ get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname) /* Warning: node flag bits 0 and 1 should be preserved by * merge_selfsigs. FIXME: Check whether this still holds. */ merge_selfsigs (ctrl, keyblock); - found_key = finish_lookup (keyblock, pk->req_usage, 0, &infoflags); + found_key = finish_lookup (keyblock, pk->req_usage, 0, 0, &infoflags); print_status_key_considered (keyblock, infoflags); if (found_key) pk_from_block (pk, keyblock, found_key); @@ -3494,7 +3494,7 @@ merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock) */ static kbnode_t finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, - unsigned int *r_flags) + int want_secret, unsigned int *r_flags) { kbnode_t k; @@ -3636,6 +3636,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, continue; } + if (want_secret && agent_probe_secret_key (NULL, pk)) + { + if (DBG_LOOKUP) + log_debug ("\tno secret key\n"); + continue; + } + if (DBG_LOOKUP) log_debug ("\tsubkey might be fine\n"); /* In case a key has a timestamp of 0 set, we make sure @@ -3823,7 +3830,7 @@ lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret, * merge_selfsigs. */ merge_selfsigs (ctrl, keyblock); found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact, - &infoflags); + want_secret, &infoflags); print_status_key_considered (keyblock, infoflags); if (found_key) { ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 14:28:59 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Feb 2018 14:28:59 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-37-gb375d50 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via b375d50ee4ce52c9b0f0855ec155be027642fb05 (commit) from 88e766d3915c2919e9968148ebb30463d4a673e4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b375d50ee4ce52c9b0f0855ec155be027642fb05 Author: Werner Koch Date: Thu Feb 22 14:23:01 2018 +0100 gpg: Don't let gpg return failure on an invalid packet in a keyblock. * g10/keydb.c (parse_keyblock_image): Use log_info instead of log_error for skipped packets. * g10/keyring.c (keyring_get_keyblock): Ditto. -- log_info should be sufficient and makes this more robust. Some tools (e.g. Enigmail) are too picky on return codes from gpg. Signed-off-by: Werner Koch diff --git a/g10/keydb.c b/g10/keydb.c index 58a14a8..03fadfd 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1269,10 +1269,7 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, break; /* Allowed per RFC. */ default: - /* Note that can't allow ring trust packets here and some of - the other GPG specific packets don't make sense either. */ - log_error ("skipped packet of type %d in keybox\n", - (int)pkt->pkttype); + log_info ("skipped packet of type %d in keybox\n", (int)pkt->pkttype); free_packet(pkt, &parsectx); init_packet(pkt); continue; diff --git a/g10/keyring.c b/g10/keyring.c index 50f1b82..25ef507 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -459,8 +459,8 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) break; /* Allowed by us. */ default: - log_error ("skipped packet of type %d in keyring\n", - (int)pkt->pkttype); + log_info ("skipped packet of type %d in keyring\n", + (int)pkt->pkttype); free_packet(pkt, &parsectx); init_packet(pkt); continue; ----------------------------------------------------------------------- Summary of changes: g10/keydb.c | 5 +---- g10/keyring.c | 4 ++-- 2 files changed, 3 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 16:16:51 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Feb 2018 16:16:51 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.4-39-g59ee87a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 59ee87aae8743dd99690b6026566e104de6e24d6 (commit) via 9581a65ccc10daededc05c55391a04022f794a4a (commit) from b375d50ee4ce52c9b0f0855ec155be027642fb05 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 59ee87aae8743dd99690b6026566e104de6e24d6 Author: Werner Koch Date: Thu Feb 22 16:10:20 2018 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index 5c8b499..4a4f87e 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.2.6 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.2.5 (2018-02-22) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index e249361..8252db9 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [2]) -m4_define([mym4_micro], [5]) +m4_define([mym4_micro], [6]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit 9581a65ccc10daededc05c55391a04022f794a4a Author: Werner Koch Date: Thu Feb 22 15:32:36 2018 +0100 Release 2.2.5 Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index d27dfb6..473b94c 100644 --- a/AUTHORS +++ b/AUTHORS @@ -15,9 +15,9 @@ copyrightable year that would otherwise be listed individually. List of Copyright holders ========================= - Copyright (C) 1997-2017 Werner Koch - Copyright (C) 1994-2017 Free Software Foundation, Inc. - Copyright (C) 2003-2013,2015-2017 g10 Code GmbH + Copyright (C) 1997-2018 Werner Koch + Copyright (C) 1994-2018 Free Software Foundation, Inc. + Copyright (C) 2003-2013,2015-2018 g10 Code GmbH Copyright (C) 2002 Klar?lvdalens Datakonsult AB Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper Copyright (C) 1994 X Consortium @@ -91,8 +91,8 @@ domain. ========= - Copyright 1998-2017 Free Software Foundation, Inc. - Copyright 1997-2017 Werner Koch + Copyright 1998-2018 Free Software Foundation, Inc. + Copyright 1997-2018 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/NEWS b/NEWS index f924176..5c8b499 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,47 @@ -Noteworthy changes in version 2.2.5 (unreleased) +Noteworthy changes in version 2.2.5 (2018-02-22) ------------------------------------------------ + * gpg: Allow the use of the "cv25519" and "ed25519" short names in + addition to the canonical curve names in --batch --gen-key. + + * gpg: Make sure to print all secret keys with option --list-only + and --decrypt. [#3718] + + * gpg: Fix the use of future-default with --quick-add-key for + signing keys. [#3747] + + * gpg: Select a secret key by checking availability under gpg-agent. + [#1967] + + * gpg: Fix reversed prompt texts for --only-sign-text-ids. [#3787] + + * gpg,gpgsm: Fix detection of bogus keybox blobs on 32 bit systems. + [#3770] + + * gpgsm: Fix regression since 2.1 in --export-secret-key-raw which + got $d mod (q-1)$ wrong. Note that most tools automatically fixup + that parameter anyway. + + * ssh: Fix a regression in getting the client'd PID on *BSD and + macOS. + + * scd: Support the KDF Data Object of the OpenPGP card 3.3. [#3152] + + * scd: Fix a regression in the internal CCID driver for certain card + readers. [#3508] + + * scd: Fix a problem on NetBSD killing scdaemon on gpg-agent + shutdown. [#3778] + + * dirmngr: Improve returned error description on failure of DNS + resolving. [#3756] + + * wks: Implement command --install-key for gpg-wks-server. + + * Add option STATIC=1 to the Speedo build system to allow a build + with statically linked versions of the core GnuPG libraries. Also + use --enable-wks-tools by default by Speedo builds for Unix. + Noteworthy changes in version 2.2.4 (2017-12-20) ------------------------------------------------ @@ -32,6 +73,8 @@ Noteworthy changes in version 2.2.4 (2017-12-20) * New configure option --enable-run-gnupg-user-socket to first try a socket directory which is not removed by systemd at session end. + See-also: gnupg-announce/2017q4/000419.html + Noteworthy changes in version 2.2.3 (2017-11-20) ------------------------------------------------ diff --git a/README b/README index 23f705a..d46efd9 100644 --- a/README +++ b/README @@ -2,8 +2,8 @@ ========================= Version 2.2 - Copyright 1997-2017 Werner Koch - Copyright 1998-2017 Free Software Foundation, Inc. + Copyright 1997-2018 Werner Koch + Copyright 1998-2018 Free Software Foundation, Inc. * INTRODUCTION diff --git a/common/argparse.c b/common/argparse.c index f5e4ceb..90d0ff7 100644 --- a/common/argparse.c +++ b/common/argparse.c @@ -71,7 +71,7 @@ #else /* Used by GnuPG */ # define ARGPARSE_GPL_VERSION 3 -# define ARGPARSE_CRIGHT_STR "Copyright (C) 2017 Free Software Foundation, Inc." +# define ARGPARSE_CRIGHT_STR "Copyright (C) 2018 Free Software Foundation, Inc." #endif /*GNUPG_MAJOR_VERSION*/ diff --git a/common/w32info-rc.h.in b/common/w32info-rc.h.in index 4e46b97..2ff6863 100644 --- a/common/w32info-rc.h.in +++ b/common/w32info-rc.h.in @@ -29,4 +29,4 @@ built on @BUILD_HOSTNAME@ at @BUILD_TIMESTAMP@\0" #define W32INFO_PRODUCTVERSION "@VERSION@\0" #define W32INFO_LEGALCOPYRIGHT "Copyright \xa9 \ -2017 Free Software Foundation, Inc.\0" +2018 Free Software Foundation, Inc.\0" diff --git a/configure.ac b/configure.ac index bdb6146..e249361 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac - for GnuPG 2.1 -# Copyright (C) 1998-2017 Free Software Foundation, Inc. -# Copyright (C) 1998-2017 Werner Koch +# Copyright (C) 1998-2018 Free Software Foundation, Inc. +# Copyright (C) 1998-2018 Werner Koch # # This file is part of GnuPG. # ----------------------------------------------------------------------- Summary of changes: AUTHORS | 10 +++++----- NEWS | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- README | 4 ++-- common/argparse.c | 2 +- common/w32info-rc.h.in | 2 +- configure.ac | 6 +++--- 6 files changed, 60 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 16:22:52 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Feb 2018 16:22:52 +0100 Subject: [git] gnupg-doc - branch, master, updated. d658ab86b59ab9264dcab3f3d4ac00e645aec949 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d658ab86b59ab9264dcab3f3d4ac00e645aec949 (commit) from d63d03e1289246239448dfcac77218d5e38439f4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d658ab86b59ab9264dcab3f3d4ac00e645aec949 Author: Werner Koch Date: Thu Feb 22 16:17:00 2018 +0100 swdb: Release gnupg 2.2.5 diff --git a/web/swdb.mac b/web/swdb.mac index 1ae47f2..afb3207 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -10,32 +10,32 @@ # # GnuPG-2.2 # -#+macro: gnupg22_ver 2.2.4 -#+macro: gnupg22_date 2017-12-20 -#+macro: gnupg22_size 6417k -#+macro: gnupg22_sha1 732266e8888c6f41c084d043c7a0058332ff3580 -#+macro: gnupg22_sha2 401a3e64780fdfa6d7670de0880aa5c9d589b3db7a7098979d7606cec546f2ec +#+macro: gnupg22_ver 2.2.5 +#+macro: gnupg22_date 2018-02-22 +#+macro: gnupg22_size 6430k +#+macro: gnupg22_sha1 9dec110397e460b3950943e18f5873a4f277f216 +#+macro: gnupg22_sha2 3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57 #+macro: gnupg22_branch STABLE-BRANCH-2-2 -#+macro: gnupg22_w32_ver 2.2.4_20171220 -#+macro: gnupg22_w32_date 2017-12-20 -#+macro: gnupg22_w32_size 3817k -#+macro: gnupg22_w32_sha1 d06a1413fd901c51eba14164ddb28d99ab9f84df -#+macro: gnupg22_w32_sha2 2030f00548ec175cac4996a8128ed71393c156429d95f3e6c2f53194b2f4d885 +#+macro: gnupg22_w32_ver 2.2.5_20180222 +#+macro: gnupg22_w32_date 2018-02-22 +#+macro: gnupg22_w32_size 3819k +#+macro: gnupg22_w32_sha1 080f801e833c7a9e0441d55cd19d4bdb5bb261f9 +#+macro: gnupg22_w32_sha2 9fea4add738a373b3c1a304f74eec2d24a8f5fe7ccdf1d8ee090d99de8f51257 # temporary keep it as "gnupg21". In the future we will use the name of # the stable branch even for the development versions. -#+macro: gnupg21_ver 2.2.4 -#+macro: gnupg21_date 2017-12-20 -#+macro: gnupg21_size 6417k -#+macro: gnupg21_sha1 732266e8888c6f41c084d043c7a0058332ff3580 -#+macro: gnupg21_sha2 401a3e64780fdfa6d7670de0880aa5c9d589b3db7a7098979d7606cec546f2ec +#+macro: gnupg21_ver 2.2.5 +#+macro: gnupg21_date 2018-02-22 +#+macro: gnupg21_size 6430k +#+macro: gnupg21_sha1 9dec110397e460b3950943e18f5873a4f277f216 +#+macro: gnupg21_sha2 3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57 #+macro: gnupg21_branch STABLE-BRANCH-2-2 -#+macro: gnupg21_w32_ver 2.2.4_20171220 -#+macro: gnupg21_w32_date 2017-12-20 -#+macro: gnupg21_w32_size 3817k -#+macro: gnupg21_w32_sha1 d06a1413fd901c51eba14164ddb28d99ab9f84df -#+macro: gnupg21_w32_sha2 2030f00548ec175cac4996a8128ed71393c156429d95f3e6c2f53194b2f4d885 +#+macro: gnupg21_w32_ver 2.2.5_20180222 +#+macro: gnupg21_w32_date 2018-02-22 +#+macro: gnupg21_w32_size 3819k +#+macro: gnupg21_w32_sha1 080f801e833c7a9e0441d55cd19d4bdb5bb261f9 +#+macro: gnupg21_w32_sha2 9fea4add738a373b3c1a304f74eec2d24a8f5fe7ccdf1d8ee090d99de8f51257 # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 16:43:13 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Feb 2018 16:43:13 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.5-106-g7853190 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7853190cfe2953fdac066b4f3256edc206896144 (commit) via 20539ea5cad1903352e01ef95aecdda4d5cd999b (commit) via 59ee87aae8743dd99690b6026566e104de6e24d6 (commit) via 9581a65ccc10daededc05c55391a04022f794a4a (commit) via b375d50ee4ce52c9b0f0855ec155be027642fb05 (commit) via 88e766d3915c2919e9968148ebb30463d4a673e4 (commit) via cf006cbf733889c20ee313ff93fce838ca77229e (commit) via a70502e93f06b394760fe671913c283018718ced (commit) via c4d8efb8942fe1d5644c5b2cb8bc73a06ac500df (commit) via 685a5e1558b2252ac895637fb857f6f7bb85ea7b (commit) via ee474856ec16ff11d922d8503fb3ede77129c4aa (commit) via 1877603761911ea5b1c15f4aef11a2cf86a8682c (commit) via fffefd3c98dfcd2c75c7572c4e6fb32b73de5978 (commit) via 7b928c256426c4ff3d2d883c163a9ff2afa221a6 (commit) via 5e3679ae395e7a7e44f218f07bbe487429f1b279 (commit) via ca138d5bf36accde2fd755249b470a8dc8743c95 (commit) via df97fe24807826ddc2af0e45e416fb81c5666f88 (commit) via 80719612b7e92aff5887f2a68d550a24f350722c (commit) via 29aac7798085ee38da5107698618890ae7593c96 (commit) via f19ff78f0fbfc2793d8a9ab0173486bf712871ac (commit) via 25f3b69129015c54392636818c8846e236f5cb2c (commit) via 0a3bec2c2525935362f87dce93d7df2c8d498498 (commit) via e0658b19d93b38ed9ebd07734c4678acdde1607d (commit) via 015fe1c47b91da340e9df6bed908e0747ae8c60b (commit) via f98e193c84250bbc49d5d1c625f54f2c14501ae3 (commit) via 64aa98c8a05513d9c00f53a2b880d80f9035333e (commit) via f8e868d9dfb6fc1390e421e7993a1d076309ed83 (commit) from 914a2413228e24db47d27fa2bb70a5964a1720d8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7853190cfe2953fdac066b4f3256edc206896144 Author: Werner Koch Date: Thu Feb 22 16:34:36 2018 +0100 build: Update swdb tags and include release info from 2.2.5 diff --git a/NEWS b/NEWS index 4fa20b2..6f5137d 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,49 @@ Noteworthy changes in version 2.3.0 (unreleased) ------------------------------------------------ + Changes also found in 2.2.5: + + * gpg: Allow the use of the "cv25519" and "ed25519" short names in + addition to the canonical curve names in --batch --gen-key. + + * gpg: Make sure to print all secret keys with option --list-only + and --decrypt. [#3718] + + * gpg: Fix the use of future-default with --quick-add-key for + signing keys. [#3747] + + * gpg: Select a secret key by checking availability under gpg-agent. + [#1967] + + * gpg: Fix reversed prompt texts for --only-sign-text-ids. [#3787] + + * gpg,gpgsm: Fix detection of bogus keybox blobs on 32 bit systems. + [#3770] + + * gpgsm: Fix regression since 2.1 in --export-secret-key-raw which + got $d mod (q-1)$ wrong. Note that most tools automatically fixup + that parameter anyway. + + * ssh: Fix a regression in getting the client'd PID on *BSD and + macOS. + + * scd: Support the KDF Data Object of the OpenPGP card 3.3. [#3152] + + * scd: Fix a regression in the internal CCID driver for certain card + readers. [#3508] + + * scd: Fix a problem on NetBSD killing scdaemon on gpg-agent + shutdown. [#3778] + + * dirmngr: Improve returned error description on failure of DNS + resolving. [#3756] + + * wks: Implement command --install-key for gpg-wks-server. + + * Add option STATIC=1 to the Speedo build system to allow a build + with statically linked versions of the core GnuPG libraries. Also + use --enable-wks-tools by default by Speedo builds for Unix. + Changes also found in 2.2.4: * gpg: Change default preferences to prefer SHA512. diff --git a/README b/README index 39ccc4d..3d8505e 100644 --- a/README +++ b/README @@ -1,6 +1,6 @@ The GNU Privacy Guard 2 ========================= - Version 2.2 + Version 2.3 (devel) Copyright 1997-2018 Werner Koch Copyright 1998-2018 Free Software Foundation, Inc. diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 320d440..d9b4a75 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -282,7 +282,7 @@ endif # Version numbers of the released packages gnupg_ver_this = $(shell cat $(topsrc)/VERSION) -gnupg_ver := $(shell awk '$$1=="gnupg22_ver" {print $$2}' swdb.lst) +gnupg_ver := $(shell awk '$$1=="gnupg24_ver" {print $$2}' swdb.lst) libgpg_error_ver := $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst) libgpg_error_sha1:= $(shell awk '$$1=="libgpg_error_sha1" {print $$2}' swdb.lst) @@ -1227,7 +1227,7 @@ installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt define MKSWDB_commands - ( pref="#+macro: gnupg22_w32_" ;\ + ( pref="#+macro: gnupg24_w32_" ;\ echo "$${pref}ver $(INST_VERSION)_$(BUILD_DATESTR)" ;\ echo "$${pref}date $(2)" ;\ echo "$${pref}size $$(wc -c <$(1)|awk '{print int($$1/1024)}')k";\ diff --git a/configure.ac b/configure.ac index f680658..7522b69 100644 --- a/configure.ac +++ b/configure.ac @@ -51,7 +51,7 @@ AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org]) # When changing the SWDB tag please also adjust the hard coded tags in # build-aux/speedo.mk and Makefile.am -AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg22", [swdb tag for this branch]) +AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg24", [swdb tag for this branch]) NEED_GPG_ERROR_VERSION=1.24 commit 20539ea5cad1903352e01ef95aecdda4d5cd999b Merge: 914a241 59ee87a Author: Werner Koch Date: Thu Feb 22 16:19:56 2018 +0100 Merge branch 'STABLE-BRANCH-2-2' diff --cc doc/wks.texi index 131a4c2,6d62282..4508ae2 --- a/doc/wks.texi +++ b/doc/wks.texi @@@ -332,24 -338,19 +338,20 @@@ the submission address The output of the last command looks similar to this: @example - sec rsa2048 2016-08-30 [SC] + sec rsa3072 2016-08-30 [SC] C0FCF8642D830C53246211400346653590B3795B uid [ultimate] key-submission@@example.net - ssb rsa2048 2016-08-30 [E] + bxzcxpxk8h87z1k7bzk86xn5aj47intu@@example.net + ssb rsa3072 2016-08-30 [E] @end example - Take the hash of the string "key-submission", which is - "bxzcxpxk8h87z1k7bzk86xn5aj47intu" and manually publish that key: + Take the fingerprint from that output and manually publish the key: @example - $ gpg --export-options export-minimal --export \ - > -o /var/lib/gnupg/wks/example.net/hu/bxzcxpxk8h87z1k7bzk86xn5aj47intu \ - > key-submission@@example.new + $ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \ + > key-submission@@example.net @end example - Make sure that the created file is world readable. - Finally that submission address needs to be redirected to a script running @command{gpg-wks-server}. The @command{procmail} command can be used for this: Redirect the submission address to the user "webkey" ----------------------------------------------------------------------- Summary of changes: AUTHORS | 10 +- NEWS | 43 +++++++++ README | 6 +- agent/command.c | 46 ++------- build-aux/speedo.mk | 31 ++++++- common/argparse.c | 2 +- common/asshelp.h | 7 ++ common/asshelp2.c | 63 +++++++++++++ common/w32info-rc.h.in | 2 +- configure.ac | 22 ++++- dirmngr/server.c | 28 ++---- doc/examples/vsnfd.prf | 1 + doc/gpg.texi | 13 +++ doc/gpgsm.texi | 6 +- doc/wks.texi | 26 +++--- g10/keydb.c | 5 +- g10/keyedit.c | 4 +- g10/keyring.c | 4 +- g13/server.c | 21 +---- g13/sh-cmd.c | 28 +----- kbx/keybox-search.c | 16 ++-- scd/app-openpgp.c | 11 ++- scd/command.c | 4 +- scd/scdaemon.c | 39 +++++++- sm/export.c | 3 +- sm/server.c | 21 +---- tests/asschk.c | 2 +- tools/gpg-wks-client.c | 167 ++++++++------------------------- tools/gpg-wks-server.c | 246 +++++++++++++++++++++++++++++++++++++++++++------ tools/gpg-wks.h | 6 +- tools/wks-util.c | 158 +++++++++++++++++++++++++++++-- 31 files changed, 701 insertions(+), 340 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 16:45:44 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Feb 2018 16:45:44 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.5-2-g641aae7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 641aae783e46af9eb47994dd598df4e51fb8296c (commit) from 59ee87aae8743dd99690b6026566e104de6e24d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 641aae783e46af9eb47994dd598df4e51fb8296c Author: Werner Koch Date: Thu Feb 22 16:39:52 2018 +0100 doc: Fix recently introduced typo in gpgsm.texi. -- diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index cd2a741..7c6c315 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -256,7 +256,7 @@ fingerprints or keygrips. @item --export-secret-key-p12 @var{key-id} @opindex export-secret-key-p12 -Export the private key and the certificate identified by @var{key-id} in +Export the private key and the certificate identified by @var{key-id} using the PKCS#12 format. When used with the @code{--armor} option a few informational lines are prepended to the output. Note, that the PKCS#12 format is not very secure and proper transport security should be used ----------------------------------------------------------------------- Summary of changes: doc/gpgsm.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 19:15:53 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 22 Feb 2018 19:15:53 +0100 Subject: [git] gnupg-doc - branch, master, updated. 94c69b9eee9d51c2e8c36b3ac9c16a113055c682 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 94c69b9eee9d51c2e8c36b3ac9c16a113055c682 (commit) from d658ab86b59ab9264dcab3f3d4ac00e645aec949 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 94c69b9eee9d51c2e8c36b3ac9c16a113055c682 Author: Werner Koch Date: Thu Feb 22 19:09:53 2018 +0100 web: Release info for 2.2.5 and move old news entries Also removed the special thank you section. diff --git a/web/index.org b/web/index.org index db0271e..695c3ab 100644 --- a/web/index.org +++ b/web/index.org @@ -65,6 +65,11 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.2.5 released (2018-02-22) + +We are pleased to announce the availability of GnuPG version 2.2.5. +This is a maintenance release fixing a few problems. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2018q1/000420.html][more]]} + ** 20 Years of GnuPG (2017-12-20) Exactly 20 years ago the first public version of GnuPG was released @@ -110,160 +115,6 @@ This release marks the start of a new long term support series to replace the 2.0.x series which will reach end-of-life on 2017-12-31. -** GnuPG 2.1.23 released (2017-08-09) - -A new version of GnuPG has been released. Please read the full -[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000412.html][announcement mail]] for details. This version is intended as a release -candidate for 2.2.0 which will mark a new long term stable branch. - -** GnuPG 2.1.22 released (2017-07-28) - -A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000411.html][announcement -mail]] for details. - -Update 2017-07-31: We fixed a problem with keyserver access in the -Windows versions. A fixed installer has been uploaded; the [[../../download/index.org::binary][download]] -section has the links. - -** GnuPG 1.4.22 released (2017-07-19) - -Although GnuPG 1.4 is of limited use today we did a maintenance -release to address the recently published local side channel attack -CVE-2017-7526. See the [[../../download/index.org][download]] section on how to get this version. - -** Libgcrypt 1.8.0 released (2017-07-18) - -We are pleased to announce the availability of [[file:software/libgcrypt/index.org][Libgcrypt]] version -1.8.0. This is a new stable version with full API and ABI -compatibility to the 1.7 series. Its main features are support for -the hash algorithm [[https://en.wikipedia.org/wiki/BLAKE_(hash_function)][Blake-2]], the addition of [[https://en.wikipedia.org/wiki/Disk_encryption_theory][XTS]] mode, an improved -random number generator, and performance improvements for the [[https://en.wikipedia.org/wiki/ARM_architecture][ARM]] -architecture. See the [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000410.html][announcement mail]] for details. - -** Scute 1.5.0 released (2017-07-14) - -Scute is a PKCS#11 module built around the GnuPG Agent and the GnuPG -Smart Card Daemon. It allows you to use your OpenPGP smart card for TLS -client authentication and S/MIME mail and document signing. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000409.html][announcement mail]] for details. - -** Libgcrypt 1.7.8 released (2017-06-29) :important: - -We are pleased to announce the availability of [[file:software/libgcrypt/index.org][Libgcrypt]] version -1.7.8. This release fixes a local side-channel attack -(CVE-2017-7526). See the [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html][announcement mail]] for details. - -** GnuPG 2.1.21 released (2017-05-15) :important: - -A new version of GnuPG has been released. This release fixes a -pubring.gpg corruption bug introduced with 2.1.20. Read the full -[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000405.html][announcement mail]] for details. - -** GnuPG 2.1.20 released (2017-04-03) - -A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000404.html][announcement -mail]] for details. - -** New installer for GnuPG 2.1.19 (2017-03-28) - -An updated Windows [[https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.19_20170328.exe][installer]] for GnuPG 2.1.19 is now available. This -installer fixes problems retrieving keys for [[https://posteo.de][Posteo]] accounts and other -servers with limited set of TLS algorithms. - -** GnuPG Made Easy 1.9.0 released (2017-03-28) - -[[file:software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a -program. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000403.html][more]]} - - -** GnuPG 2.1.19 released (2017-03-01) - -A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000402.html][announcement -mail]] for details. - -** GnuPG 2.1.18 released (2017-01-23) - -A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000401.html][announcement -mail]] for details. - -** Libgcrypt 1.7.6 released (2017-01-18) - -We are pleased to announce the availability of Libgcrypt version -1.7.6. This is a maintenance release for the stable version of -[[file:software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. - -** GnuPG 2.1.17 released (2016-12-20) - -A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000400.html][announcement -mail]] for details. - -** Libgcrypt 1.7.5 released (2016-12-15) - -We are pleased to announce the availability of Libgcrypt version -1.7.5. This is a maintenance release for the stable version of -[[file:software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000399.html][{more}]] - -** Pinentry 1.0.0 released (2016-11-22) - -After 14 years is was time to bump up the version of [[file:software/pinentry/index.org][Pinentry]] to 1.0. -This new release fixes a couple of minor bugs and introduces features -to better diagnose problems. See the [[../../download/index.org::pinentry][download]] section on how to get -Pinentry. - -** GPA 0.9.10 released (2016-11-19) - -A maintenance release of the [[file:software/gpa/index.org][GNU Privacy Assistant]] is now available. -Note that some of the changes are only available when build with the -latest [[file:software/gpgme/index.org][GPGME]] version and used with GnuPG 2.1.16 or later. - -** GnuPG 2.1.16 released (2016-11-18) - -It has been 3 months since the last GnuPG /modern/ release and thus it -was time for a new one: Version 2.1.16 is now available. Read the -full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000398.html][announcement mail]] for details. - -** GnuPG Made Easy (GPGME) 1.7.0 released (2016-09-21) - -[[file:software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a -program. Highlights in this release are Python and C++ language -bindings as well as support for GnuPG 2.1 features. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000397.html][more]]} - -** GnuPG 2.1.15 released (2016-08-18) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000396.html][announcement mail]] for details. - -** Security fixes for Libgcrypt and GnuPG 1.4 (2016-08-17) :important: - -A bug in the random number generator of Libgcrypt and in GnuPG 1.4 has -been found. Updating the software is highly suggested. Please read -this [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html][mail]] for details. Note that the CVE id in that mail is not -correct, the correct one is CVE-2016-6313. - - -* A big Thanks to all supporters - -Due to this [[http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke][ProPublica article]] we received more than 120,000 \euro of -individual donations on a single day. There was even more: The [[https://www.linuxfoundation.org/programs/core-infrastructure-initiative][Core -Infrastructure Initiative]] granted 60,000 $ for 2015. Our payment -service [[https://twitter.com/stripe/status/563449352635432960][Stripe]] and [[https://www.facebook.com/notes/protect-the-graph/supporting-gnu-privacy-guard/1564591893780956][Facebook]] will each give 50,000 $ to the project. -And finally the [[https://www.wauland.de/en/donation.html#61][Wau Holland Stiftung]] is collecting tax deductible -funds for GnuPG (19000 \euro plus 57 BTC). - -As the main author of GnuPG, I like to thank everyone for supporting -the project, be it small or large individual donations, helping users, -providing corporate sponsorship, working on the software, and for all -the encouraging words. - -GnuPG does not stand alone: there are many other projects, often -unknown to most people, which are essential to keep the free Internet -running. Many of them are run by volunteers who spend a lot of unpaid -time on them. They need our support as well. - -/--- Werner, 2015-02-06/ - -(see also this [[https://gnupg.org/blog/20150310-gnupg-in-february.html][blog]] entry) - * COMMENT This is the publishing info used for the GnuPG pages #+begin_src emacs-lisp diff --git a/web/news.org b/web/news.org index 5f85932..b78040c 100644 --- a/web/news.org +++ b/web/news.org @@ -7,6 +7,137 @@ On this page you'll find all the news of previous years in reverse chronological order. News for the current year are found at the [[index][main page]]. + +** GnuPG 2.1.23 released (2017-08-09) + +A new version of GnuPG has been released. Please read the full +[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000412.html][announcement mail]] for details. This version is intended as a release +candidate for 2.2.0 which will mark a new long term stable branch. + +** GnuPG 2.1.22 released (2017-07-28) + +A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000411.html][announcement +mail]] for details. + +Update 2017-07-31: We fixed a problem with keyserver access in the +Windows versions. A fixed installer has been uploaded; the [[../../download/index.org::binary][download]] +section has the links. + +** GnuPG 1.4.22 released (2017-07-19) + +Although GnuPG 1.4 is of limited use today we did a maintenance +release to address the recently published local side channel attack +CVE-2017-7526. See the [[../../download/index.org][download]] section on how to get this version. + +** Libgcrypt 1.8.0 released (2017-07-18) + +We are pleased to announce the availability of [[file:software/libgcrypt/index.org][Libgcrypt]] version +1.8.0. This is a new stable version with full API and ABI +compatibility to the 1.7 series. Its main features are support for +the hash algorithm [[https://en.wikipedia.org/wiki/BLAKE_(hash_function)][Blake-2]], the addition of [[https://en.wikipedia.org/wiki/Disk_encryption_theory][XTS]] mode, an improved +random number generator, and performance improvements for the [[https://en.wikipedia.org/wiki/ARM_architecture][ARM]] +architecture. See the [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000410.html][announcement mail]] for details. + +** Scute 1.5.0 released (2017-07-14) + +Scute is a PKCS#11 module built around the GnuPG Agent and the GnuPG +Smart Card Daemon. It allows you to use your OpenPGP smart card for TLS +client authentication and S/MIME mail and document signing. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000409.html][announcement mail]] for details. + +** Libgcrypt 1.7.8 released (2017-06-29) :important: + +We are pleased to announce the availability of [[file:software/libgcrypt/index.org][Libgcrypt]] version +1.7.8. This release fixes a local side-channel attack +(CVE-2017-7526). See the [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html][announcement mail]] for details. + +** GnuPG 2.1.21 released (2017-05-15) :important: + +A new version of GnuPG has been released. This release fixes a +pubring.gpg corruption bug introduced with 2.1.20. Read the full +[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000405.html][announcement mail]] for details. + +** GnuPG 2.1.20 released (2017-04-03) + +A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000404.html][announcement +mail]] for details. + +** New installer for GnuPG 2.1.19 (2017-03-28) + +An updated Windows [[https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.19_20170328.exe][installer]] for GnuPG 2.1.19 is now available. This +installer fixes problems retrieving keys for [[https://posteo.de][Posteo]] accounts and other +servers with limited set of TLS algorithms. + +** GnuPG Made Easy 1.9.0 released (2017-03-28) + +[[file:software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a +program. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000403.html][more]]} + + +** GnuPG 2.1.19 released (2017-03-01) + +A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000402.html][announcement +mail]] for details. + +** GnuPG 2.1.18 released (2017-01-23) + +A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000401.html][announcement +mail]] for details. + +** Libgcrypt 1.7.6 released (2017-01-18) + +We are pleased to announce the availability of Libgcrypt version +1.7.6. This is a maintenance release for the stable version of +[[file:software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. + +** GnuPG 2.1.17 released (2016-12-20) + +A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000400.html][announcement +mail]] for details. + +** Libgcrypt 1.7.5 released (2016-12-15) + +We are pleased to announce the availability of Libgcrypt version +1.7.5. This is a maintenance release for the stable version of +[[file:software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000399.html][{more}]] + +** Pinentry 1.0.0 released (2016-11-22) + +After 14 years is was time to bump up the version of [[file:software/pinentry/index.org][Pinentry]] to 1.0. +This new release fixes a couple of minor bugs and introduces features +to better diagnose problems. See the [[../../download/index.org::pinentry][download]] section on how to get +Pinentry. + +** GPA 0.9.10 released (2016-11-19) + +A maintenance release of the [[file:software/gpa/index.org][GNU Privacy Assistant]] is now available. +Note that some of the changes are only available when build with the +latest [[file:software/gpgme/index.org][GPGME]] version and used with GnuPG 2.1.16 or later. + +** GnuPG 2.1.16 released (2016-11-18) + +It has been 3 months since the last GnuPG /modern/ release and thus it +was time for a new one: Version 2.1.16 is now available. Read the +full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000398.html][announcement mail]] for details. + +** GnuPG Made Easy (GPGME) 1.7.0 released (2016-09-21) + +[[file:software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a +program. Highlights in this release are Python and C++ language +bindings as well as support for GnuPG 2.1 features. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000397.html][more]]} + +** GnuPG 2.1.15 released (2016-08-18) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000396.html][announcement mail]] for details. + +** Security fixes for Libgcrypt and GnuPG 1.4 (2016-08-17) :important: + +A bug in the random number generator of Libgcrypt and in GnuPG 1.4 has +been found. Updating the software is highly suggested. Please read +this [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html][mail]] for details. Note that the CVE id in that mail is not +correct, the correct one is CVE-2016-6313. + ** GnuPG 2.1.14 released (2016-07-14) A new version of the /modern/ branch of GnuPG has been released. ----------------------------------------------------------------------- Summary of changes: web/index.org | 159 ++-------------------------------------------------------- web/news.org | 131 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+), 154 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 22 20:54:32 2018 From: cvs at cvs.gnupg.org (by Michał Górny) Date: Thu, 22 Feb 2018 20:54:32 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.5-3-gecfc4db Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via ecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec (commit) from 641aae783e46af9eb47994dd598df4e51fb8296c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec Author: Micha? G?rny Date: Wed Jan 31 16:57:19 2018 +0100 dirmngr: Handle failures related to missing IPv6 gracefully * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more error codes. -- Handle the two possible connect failures related to missing IPv6 support gracefully by marking the host dead and retrying with another one. If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL. If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT. This makes it possible to use dual-stack hkp servers on hosts not having IPv6 without random connection failures. GnuPG-bug-id: 3331 -- The above description seems to be for Linux, so it is possible that other systems might behave different. However, it is worth to try this patch. Signed-off-by: Werner Koch diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 4a0b08f..a9bb936 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -1353,6 +1353,8 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request, case GPG_ERR_UNKNOWN_HOST: case GPG_ERR_NETWORK: case GPG_ERR_EIO: /* Sometimes used by estream cookie functions. */ + case GPG_ERR_EADDRNOTAVAIL: /* e.g. when IPv6 is disabled */ + case GPG_ERR_EAFNOSUPPORT: /* e.g. when IPv6 is not compiled in */ if (mark_host_dead (request) && *tries_left) retry = 1; break; ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-hkp.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 23 01:48:51 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 23 Feb 2018 01:48:51 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.5.1-3-g35aad6b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 35aad6b5d53b292e8e7c52c4eb90535be0580cd2 (commit) from 0ad3aafe2c02cdff21e10a59de56b8a2f9532be3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 35aad6b5d53b292e8e7c52c4eb90535be0580cd2 Author: NIIBE Yutaka Date: Fri Feb 23 09:48:34 2018 +0900 Fix previous commit. Signed-off-by: NIIBE Yutaka diff --git a/src/assuan.h.in b/src/assuan.h.in index f9899d8..4e04a9b 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -382,8 +382,8 @@ pid_t assuan_get_pid (assuan_context_t ctx); struct _assuan_peercred { #ifdef _WIN32 - /* Empty struct not allowed on some compilers. */ - unsigned int _dummy; + /* Empty struct not allowed on some compilers, so, put this (not valid). */ + pid_t pid; #else pid_t pid; uid_t uid; ----------------------------------------------------------------------- Summary of changes: src/assuan.h.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 23 10:55:29 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 23 Feb 2018 10:55:29 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.5-107-gcbc7bac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cbc7bacf2ff95aebb427bb244c719143a9001f3c (commit) from 7853190cfe2953fdac066b4f3256edc206896144 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cbc7bacf2ff95aebb427bb244c719143a9001f3c Author: Werner Koch Date: Fri Feb 23 10:49:19 2018 +0100 gpg: Try to mitigate the problem of wrong CFB symkey passphrases. * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo. -- GnuPG-bug-id: 3795 Signed-off-by: Werner Koch diff --git a/g10/mainproc.c b/g10/mainproc.c index f2a28df..1af89c5 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -315,6 +315,21 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen) else { gcry_cipher_decrypt (hd, seskey, slen, NULL, 0 ); + /* Here we can only test whether the algo given in decrypted + * session key is a valid OpenPGP algo. With 11 defined + * symmetric algorithms we will miss 4.3% of wrong passphrases + * here. The actual checking is done later during bulk + * decryption; we can't bring this check forward easily. We + * need to use the GPG_ERR_CHECKSUM so that we won't run into + * the gnupg < 2.2 bug compatible case which would terminate the + * process on GPG_ERR_CIPHER_ALGO. Note that with AEAD (above) + * we will have a reliable test here. */ + if (openpgp_cipher_test_algo (seskey[0])) + { + err = gpg_error (GPG_ERR_CHECKSUM); + goto leave; + } + /* Now we replace the dek components with the real session key to * decrypt the contents of the sequencing packet. */ keylen = slen-1; ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Feb 25 07:52:13 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Sun, 25 Feb 2018 07:52:13 +0100 Subject: [git] gnupg-doc - branch, master, updated. da754fde9eb98da8ef28b33315f50057f5540785 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via da754fde9eb98da8ef28b33315f50057f5540785 (commit) via b276fa44402fa3e80bfc5b65229cd2a219f5195a (commit) from 94c69b9eee9d51c2e8c36b3ac9c16a113055c682 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit da754fde9eb98da8ef28b33315f50057f5540785 Merge: b276fa4 94c69b9 Author: Ben McGinnes Date: Sun Feb 25 17:50:57 2018 +1100 Merge branch 'master' of ssh+git://playfair.gnupg.org/git/gnupg-doc commit b276fa44402fa3e80bfc5b65229cd2a219f5195a Author: Ben McGinnes Date: Sun Feb 25 17:48:49 2018 +1100 Oops ... * Why is it that we only notice our own grammatical errors when showing something to a friend? diff --git a/web/people/index.org b/web/people/index.org index 5eb6667..0438a17 100644 --- a/web/people/index.org +++ b/web/people/index.org @@ -157,7 +157,7 @@ Melbourne, Australia, a founding member of Pirate Party Australia and actively advocating for civil and human rights since the '90s. Ben can sometimes be found on freenode IRC using the handle - =Hasimir= name and, of course, on the GnuPG mailing lists. + =Hasimir= and, of course, on the GnuPG mailing lists. [[https://sks-keyservers.net/pks/lookup?op=get&search=0xDB4724E6FA4286C92B4E55C4321E4E2373590E5D][GPG key DB4724E6FA4286C92B4E55C4321E4E2373590E5D]] ----------------------------------------------------------------------- Summary of changes: web/people/index.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Feb 25 20:31:53 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 25 Feb 2018 20:31:53 +0100 Subject: [git] gnupg-doc - branch, master, updated. 14956d3f716f04ae455ab020641e168f3b20b1a2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 14956d3f716f04ae455ab020641e168f3b20b1a2 (commit) from da754fde9eb98da8ef28b33315f50057f5540785 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 14956d3f716f04ae455ab020641e168f3b20b1a2 Author: Werner Koch Date: Sun Feb 25 20:25:48 2018 +0100 verein: Make the frontpage more serious and link the beitragsordnung. diff --git a/web/verein/index.org b/web/verein/index.org index ba128b5..8569107 100644 --- a/web/verein/index.org +++ b/web/verein/index.org @@ -5,22 +5,19 @@ * The GnuPG e.V. -In February 2017 several GnuPG developers came together for a 3 day -hackathon. While having some beer in the [[http://www.bilkinfo.de/kneipen/tigges.html][Tigges]] one evening, the -lingering plan for setting up a legal entity was finally agreed upon. -Work on the constitution commenced immediately and the founding assembly -commenced the following day at 13:37. - -The 7 founding members are: Andre Heinecke, Justus Winter, Kai -Michaelis, Marcus Brinkmann, Neal Walfied, Werner Koch and Yutaka -Niibe. The elected chair is Werner, the vice Andre, and the cashier -Marcus. Marcus resigned on 2017-08-02; a new cashier needs to be -elected soon. - -The rules on how to apply for membership will soon be posted. The -registration number is /VR11482/ at /Amtsgericht D?sseldorf/. The tax -office D?sseldorf-Altstadt confirmed our charitable state on -2017-04-03. +The GnuPG e.V. is a charitable legal person (a German ?Verein?) to +improve data protection, data sovereignty and customer protection in +in our supranational networked society. To achieve these goals the +Verein seeks for international cooperation with people and +organizations and supports the development and distribution of Free +and Open Source software. + +The Verein was founded on February 8, 2017 by 7 active GnuPG +developers. Its registration number is /VR11482/ at /Amtsgericht +D?sseldorf/. The tax office D?sseldorf-Altstadt has confirmed the +charitable state. As of 2018-02-02 the Verein has 15 regular members +represented by its board: Werner Koch (chairperson), Martin +Gollowitzer (vice-chair) and Andre Heinecke (treasurer). ** Menu @@ -30,7 +27,6 @@ office D?sseldorf-Altstadt confirmed our charitable state on - {{{atgit(legal/constitution.en.pdf,constitution)}}} [English translation] - {{{atgit(legal/founding-protocol-20170208.txt,Founding protocol)}}} [German] - - +- [[https://gnupg.org/ftp/verein/beitragsordnung.en.pdf][Membership fee regulations (English)]] [[https://gnupg.org/ftp/verein/beitragsordnung.de.pdf][(German)]] # eof diff --git a/web/verein/members.org b/web/verein/members.org index 6ccdc45..4d88133 100644 --- a/web/verein/members.org +++ b/web/verein/members.org @@ -4,9 +4,13 @@ * List of GnuPG e.V Members. -To apply for membership please write to board at . We expect that you -have a more than average interest in GnuPG or OpenPGP and that you are -active in development or in evangelizing end-to-end encryption. +To apply for membership please write to board at gnupg dot org. For +regular members we expect that you have a more than average interest +in GnuPG and that you are active in development or in evangelizing +end-to-end encryption. It is also possible to support the Verein by +applying as a supporting member. See the membership regulations +([[https://gnupg.org/ftp/verein/beitragsordnung.en.pdf][English]], [[https://gnupg.org/ftp/verein/beitragsordnung.de.pdf][German]]) for details. + ** The regular members @@ -32,4 +36,4 @@ active in development or in evangelizing end-to-end encryption. ** The supporting members - /none so far - we still need to setup rules/ + /none so far/ ----------------------------------------------------------------------- Summary of changes: web/verein/index.org | 32 ++++++++++++++------------------ web/verein/members.org | 12 ++++++++---- 2 files changed, 22 insertions(+), 22 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 26 02:30:03 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Mon, 26 Feb 2018 02:30:03 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-19-g8a2d7b8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8a2d7b8c24126cd16a9d93bbb7cc3e4d4c0182b5 (commit) via 1b5719cd57d80dcd9577141491a0860912e74cd4 (commit) from 7f9d5c6cd204bfd84ea477b284df795b1dadb1af (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8a2d7b8c24126cd16a9d93bbb7cc3e4d4c0182b5 Merge: 7f9d5c6 1b5719c Author: Ben McGinnes Date: Mon Feb 26 12:15:01 2018 +1100 Merge branch 'ben/gitsettings' of ben/gitignored Signed-off-by: Ben McGinnes ----------------------------------------------------------------------- Summary of changes: .gitignore | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 26 03:35:20 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 26 Feb 2018 03:35:20 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.5.1-4-g6c73632 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 6c736325c028647dc3283bf723e2e28199e7f45b (commit) from 35aad6b5d53b292e8e7c52c4eb90535be0580cd2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6c736325c028647dc3283bf723e2e28199e7f45b Author: NIIBE Yutaka Date: Mon Feb 26 11:33:44 2018 +0900 Silence two minor warning on Windows. * src/assuan-defs.h [HAVE_W64_SYSTEM] (SOCKET2HANDLE): Care for size of integer. * src/stpcpy.c: No K&R anymore. Signed-off-by: NIIBE Yutaka diff --git a/src/assuan-defs.h b/src/assuan-defs.h index 6688198..e56d7b1 100644 --- a/src/assuan-defs.h +++ b/src/assuan-defs.h @@ -410,7 +410,7 @@ int putc_unlocked (int c, FILE *stream); #if HAVE_W64_SYSTEM -# define SOCKET2HANDLE(s) ((void *)(s)) +# define SOCKET2HANDLE(s) ((void *)(uintptr_t)(s)) # define HANDLE2SOCKET(h) ((uintptr_t)(h)) #elif HAVE_W32_SYSTEM # define SOCKET2HANDLE(s) ((void *)(s)) diff --git a/src/stpcpy.c b/src/stpcpy.c index 4820c7a..2e4573f 100644 --- a/src/stpcpy.c +++ b/src/stpcpy.c @@ -32,9 +32,7 @@ /* Copy SRC to DEST, returning the address of the terminating '\0' in DEST. */ char * -__stpcpy (dest, src) - char *dest; - const char *src; +__stpcpy (char *dest, const char *src) { register char *d = dest; register const char *s = src; ----------------------------------------------------------------------- Summary of changes: src/assuan-defs.h | 2 +- src/stpcpy.c | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 26 03:57:04 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Mon, 26 Feb 2018 03:57:04 +0100 Subject: [git] GPGME - branch, ben/python-docs-01, updated. gpgme-1.10.0-35-g6f2e2e0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, ben/python-docs-01 has been updated via 6f2e2e0f150d5c6d53de5bc48af137f7864d5fd9 (commit) from 272a8e778a959cb24298f488e77fce9bffd23b7a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6f2e2e0f150d5c6d53de5bc48af137f7864d5fd9 Author: Ben McGinnes Date: Mon Feb 26 13:51:23 2018 +1100 LaTeX headers * Set LaTeX headers to enable ligatures and a 12pt font by default. * Paper size left for regional defaults. * Using XeLaTeX for easier font control. * Using default LaTeX font of Latin Main, but that's easy enough to change. diff --git a/lang/python/docs/Short_History.org b/lang/python/docs/Short_History.org index 3ce3480..f684f0a 100644 --- a/lang/python/docs/Short_History.org +++ b/lang/python/docs/Short_History.org @@ -1,6 +1,10 @@ #+TITLE: A Short History of the GPGME bindings for Python +#+LATEX_COMPILER: xelatex #+LATEX_CLASS: article +#+LATEX_CLASS_OPTIONS: [12pt] +#+LATEX_HEADER: \usepackage{xltxtra} #+LATEX_HEADER: \usepackage[margin=1in]{geometry} +#+LATEX_HEADER: \setmainfont[Ligatures={Common}]{Latin Modern Roman} * Overview :PROPERTIES: diff --git a/lang/python/docs/TODO.org b/lang/python/docs/TODO.org index 10324e6..9f039d8 100644 --- a/lang/python/docs/TODO.org +++ b/lang/python/docs/TODO.org @@ -1,6 +1,10 @@ #+TITLE: Stuff To Do +#+LATEX_COMPILER: xelatex #+LATEX_CLASS: article +#+LATEX_CLASS_OPTIONS: [12pt] +#+LATEX_HEADER: \usepackage{xltxtra} #+LATEX_HEADER: \usepackage[margin=1in]{geometry} +#+LATEX_HEADER: \setmainfont[Ligatures={Common}]{Latin Modern Roman} * Project Task List :PROPERTIES: ----------------------------------------------------------------------- Summary of changes: lang/python/docs/Short_History.org | 4 ++++ lang/python/docs/TODO.org | 4 ++++ 2 files changed, 8 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 26 04:10:30 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Mon, 26 Feb 2018 04:10:30 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-40-gc58f61e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c58f61e92226c4a03f216f5d07bdc5479ce8a2d9 (commit) via 8da63fdee5e700e66c3b86271739a31cbe1ce2f5 (commit) via 6f2e2e0f150d5c6d53de5bc48af137f7864d5fd9 (commit) via 272a8e778a959cb24298f488e77fce9bffd23b7a (commit) via c82b17c6ce490738efb07186532e752e6f70ea07 (commit) via ea481d4bb9e6197fbc195187d1362b844e2cba2e (commit) via 1ae3ead2cd854258954e784bf51f03822321aefe (commit) via fe4f3edd70949329cb992dd963de2de3c86dcd81 (commit) via fb16eaa685fe488f12f4df9b59d1f3689c813034 (commit) via 2b092bf235160e04c10480c47c0fd6dce4e770c4 (commit) via 6f15d821404742ac2683f54ca4102ee4aaedacf2 (commit) via 235d899a5fc24cdf9c856adbc021a69c43985c99 (commit) via 40da5022922172ed898172956a8ccf5622e5638d (commit) via 3c3b149996036e7ff4cc4c77ef2d97062d880409 (commit) via 7c662d22a8f7d2e6ad6532014f2ecc1769de16fb (commit) via a1bc710c5fb7a7d2253434c1443e33e019020a55 (commit) via fccd2ea3871f5d63fb038db0733a34f9c5d550c3 (commit) via 487ed9337e8e07d1c63e53b785cc39e3bd35ff6e (commit) via c4fa4216199b16c1f169725c0a1e0a40764b1ebb (commit) via 1d48b04cfb3d1de654f3995578e9434a6b7b2fed (commit) via d86fd7c54c462ef23c70370624e07fcc1bc15121 (commit) from 8a2d7b8c24126cd16a9d93bbb7cc3e4d4c0182b5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c58f61e92226c4a03f216f5d07bdc5479ce8a2d9 Author: Ben McGinnes Date: Mon Feb 26 14:09:38 2018 +1100 WS removal * Whitespace removal. diff --git a/lang/python/docs/Short_History.org b/lang/python/docs/Short_History.org index f684f0a..31b7d44 100644 --- a/lang/python/docs/Short_History.org +++ b/lang/python/docs/Short_History.org @@ -51,7 +51,7 @@ return to the source. This is a short explanation of that journey. ** Coming full circle :PROPERTIES: - :CUSTOM_ID: ouroboros + :CUSTOM_ID: ouroboros :END: In 2015 Ben McGinnes approached Martin about a Python 3 version, commit 8da63fdee5e700e66c3b86271739a31cbe1ce2f5 Merge: 8a2d7b8 6f2e2e0 Author: Ben McGinnes Date: Mon Feb 26 14:04:23 2018 +1100 Merge branch 'ben/python-docs-01' * Documentation and the first brush strokes towards the future. Signed-off-by: Ben McGinnes ----------------------------------------------------------------------- Summary of changes: lang/python/README | 94 +++++++++++--------- lang/python/{README => README.org} | 4 +- lang/python/docs/Short_History.org | 172 +++++++++++++++++++++++++++++++++++++ lang/python/docs/Short_History.rst | 57 ------------ lang/python/docs/TODO.org | 144 +++++++++++++++++++++++++++++++ lang/python/docs/TODO.rst | 23 ----- 6 files changed, 373 insertions(+), 121 deletions(-) copy lang/python/{README => README.org} (95%) create mode 100644 lang/python/docs/Short_History.org delete mode 100644 lang/python/docs/Short_History.rst create mode 100644 lang/python/docs/TODO.org delete mode 100644 lang/python/docs/TODO.rst hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 26 16:48:01 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 26 Feb 2018 16:48:01 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-2.0.6-10-g14d0e2d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 14d0e2d9d1e0f058ee391363aeee67614d9a7734 (commit) via 7700f5da2744cc7aa718aaaeedc66618b4088bff (commit) from dc2f7424d081c1de0b639b3ab52aaa8092077c27 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 14d0e2d9d1e0f058ee391363aeee67614d9a7734 Author: Andre Heinecke Date: Mon Feb 26 16:45:51 2018 +0100 Fix multipart/signed detection if ms-tnef wrapped * src/mapihelp.cpp (change_message_class_ipm_note_smime), (change_message_class_ipm_note_smime_multipartsigned): Handle tnef. -- This fixes mutlipart/signed detection both when s/mime is enabled and when it's disabled. For these kind of ms-tnef wrapped mails there is actually a virtual attachment with a filename smime.p7m that contains our mimestructure. Happlily all our other code can handle this already. GnuPG-Bug-Id: T3802 diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index 01aaf67..0c1bff3 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -1079,6 +1079,22 @@ change_message_class_ipm_note_smime (LPMESSAGE message) { newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); } + else if (ct && !strcmp (ct, "application/ms-tnef")) + { + /* So no PGP Inline. Lets look at the attachment. */ + char *attach_mime = get_first_attach_mime_tag (message); + if (!attach_mime) + { + xfree (ct); + xfree (proto); + return nullptr; + } + if (!strcmp (attach_mime, "multipart/signed")) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + xfree (attach_mime); + } + } else if (!opt.enable_smime) ; /* S/MIME not enabled; thus no further checks. */ else if (smtype) @@ -1166,6 +1182,22 @@ change_message_class_ipm_note_smime_multipartsigned (LPMESSAGE message) { newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); } + else if (ct && !strcmp (ct, "application/ms-tnef")) + { + /* So no PGP Inline. Lets look at the attachment. */ + char *attach_mime = get_first_attach_mime_tag (message); + if (!attach_mime) + { + xfree (ct); + xfree (proto); + return nullptr; + } + if (!strcmp (attach_mime, "multipart/signed")) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + xfree (attach_mime); + } + } xfree (proto); xfree (ct); } commit 7700f5da2744cc7aa718aaaeedc66618b4088bff Author: Andre Heinecke Date: Mon Feb 26 16:44:35 2018 +0100 Add some more sender address lookups * src/mail.cpp (Mail::update_oom_data): Add more sender fallbacks. * src/oomhelp.h: Define new DASL's -- These properties were the only way I could find the SMTP Address in an example mail from T3802. diff --git a/src/mail.cpp b/src/mail.cpp index d86d995..445c0ef 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -1247,6 +1247,26 @@ Mail::update_oom_data () return 0; } xfree (buf); + /* We have a sender object but not yet an smtp address likely + exchange. Try some more propertys of the message. */ + buf = get_pa_string (m_mailitem, PR_TAG_SENDER_SMTP_ADDRESS); + if (buf && strlen (buf)) + { + log_debug ("%s:%s Sender fallback 3", SRCNAME, __func__); + m_sender = buf; + xfree (buf); + return 0; + } + xfree (buf); + buf = get_pa_string (m_mailitem, PR_TAG_RECEIVED_REPRESENTING_SMTP_ADDRESS); + if (buf && strlen (buf)) + { + log_debug ("%s:%s Sender fallback 4", SRCNAME, __func__); + m_sender = buf; + xfree (buf); + return 0; + } + xfree (buf); } /* We don't have s sender object or SendUsingAccount, well, in that case fall back to the current user. */ @@ -1257,7 +1277,7 @@ Mail::update_oom_data () gpgol_release (sender); if (buf && strlen (buf)) { - log_debug ("%s:%s Sender fallback 3", SRCNAME, __func__); + log_debug ("%s:%s Sender fallback 5", SRCNAME, __func__); m_sender = buf; xfree (buf); return 0; diff --git a/src/oomhelp.h b/src/oomhelp.h index 1008860..4fb2492 100644 --- a/src/oomhelp.h +++ b/src/oomhelp.h @@ -113,6 +113,11 @@ DEFINE_OLEGUID(IID_IOleWindow, 0x00000114, 0, 0); "http://schemas.microsoft.com/mapi/proptag/0x370E001F" #define PR_ATTACH_CONTENT_ID_DASL \ "http://schemas.microsoft.com/mapi/proptag/0x3712001F" +#define PR_TAG_SENDER_SMTP_ADDRESS \ + "http://schemas.microsoft.com/mapi/proptag/0x5D01001F" +#define PR_TAG_RECEIVED_REPRESENTING_SMTP_ADDRESS \ + "http://schemas.microsoft.com/mapi/proptag/0x5D08001F" + #ifdef __cplusplus extern "C" { #if 0 ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 22 +++++++++++++++++++++- src/mapihelp.cpp | 32 ++++++++++++++++++++++++++++++++ src/oomhelp.h | 5 +++++ 3 files changed, 58 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 27 07:09:02 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 27 Feb 2018 07:09:02 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-2.0.6-11-g456cdf6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 456cdf6165ef012769058507b5ef3edde729ca47 (commit) from 14d0e2d9d1e0f058ee391363aeee67614d9a7734 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 456cdf6165ef012769058507b5ef3edde729ca47 Author: Andre Heinecke Date: Tue Feb 27 07:06:32 2018 +0100 Check first for view before accessing selection * src/ribbon-callbacks.cpp (get_mail_from_control): Only access the item selection after we checked if we have a preview pane / word editor. -- The selection.Item(x) call can trigger a load / unload event cycle. This is expensive and should be avoided if not necessary. Also in the Outbox this somehow prevents sending a mail. GnuPG-Bug-Id: T3812 diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp index 8470db2..92c3e36 100644 --- a/src/ribbon-callbacks.cpp +++ b/src/ribbon-callbacks.cpp @@ -1458,29 +1458,7 @@ get_mail_from_control (LPDISPATCH ctrl, bool *none_selected) } else if (!strcmp (ctx_name.c_str(), "_Explorer")) { - LPDISPATCH selection = get_oom_object (context, "Selection"); - if (!selection) - { - log_error ("%s:%s: Failed to get selection.", - SRCNAME, __func__); - gpgol_release (context); - return NULL; - } - int count = get_oom_int (selection, "Count"); - if (count == 1) - { - // If we call this on a selection with more items - // Outlook sends an ItemLoad event for each mail - // in that selection. - mailitem = get_oom_object (selection, "Item(1)"); - } - gpgol_release (selection); - - if (!mailitem) - { - *none_selected = true; - } - else if (g_ol_version_major >= 16) + if (g_ol_version_major >= 16) { // Avoid showing wrong crypto state if we don't have a reading // pane. In that case the parser will finish for a mail which is gone @@ -1526,6 +1504,35 @@ get_mail_from_control (LPDISPATCH ctrl, bool *none_selected) } } } + if (!*none_selected) + { + /* Accessing the selection item can trigger a load event + so we only do this here if we think that there might be + something visible / selected. To avoid triggering a load + if there is no content shown. */ + LPDISPATCH selection = get_oom_object (context, "Selection"); + if (!selection) + { + log_error ("%s:%s: Failed to get selection.", + SRCNAME, __func__); + gpgol_release (context); + return NULL; + } + int count = get_oom_int (selection, "Count"); + if (count == 1) + { + // If we call this on a selection with more items + // Outlook sends an ItemLoad event for each mail + // in that selection. + mailitem = get_oom_object (selection, "Item(1)"); + } + gpgol_release (selection); + + if (!mailitem) + { + *none_selected = true; + } + } } gpgol_release (context); ----------------------------------------------------------------------- Summary of changes: src/ribbon-callbacks.cpp | 53 +++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 23 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 27 10:51:29 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 27 Feb 2018 10:51:29 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.10.0-41-g59fe3f2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 59fe3f26c1ca0fba16f76738cd05aaf80fb735ef (commit) from c58f61e92226c4a03f216f5d07bdc5479ce8a2d9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 59fe3f26c1ca0fba16f76738cd05aaf80fb735ef Author: NIIBE Yutaka Date: Tue Feb 27 18:43:40 2018 +0900 core: Support non-thread-safe getenv. * src/get-env.c (_gpgme_getenv): Use gpgrt_lock_lock and gpgrt_lock_unlock to protect call of getnev. Signed-off-by: NIIBE Yutaka diff --git a/src/get-env.c b/src/get-env.c index 1adbeee..b13706f 100644 --- a/src/get-env.c +++ b/src/get-env.c @@ -28,29 +28,11 @@ #include "util.h" -#if defined(HAVE_THREAD_SAFE_GETENV) -/* We prefer using getenv() if it is thread-safe. */ - /* Retrieve the environment variable NAME and return a copy of it in a malloc()'ed buffer in *VALUE. If the environment variable is not set, return NULL in *VALUE. */ -gpgme_error_t -_gpgme_getenv (const char *name, char **value) -{ - char *env_value; - env_value = getenv (name); - if (!env_value) - *value = NULL; - else - { - *value = strdup (env_value); - if (!*value) - return gpg_error_from_syserror (); - } - return 0; -} -#elif defined (HAVE_GETENV_R) +#ifdef HAVE_GETENV_R #define INITIAL_GETENV_SIZE 32 gpgme_error_t @@ -91,7 +73,41 @@ _gpgme_getenv (const char *name, char **value) return 0; } #else +#ifndef HAVE_THREAD_SAFE_GETENV +GPGRT_LOCK_DEFINE (environ_lock); +#endif + +gpgme_error_t +_gpgme_getenv (const char *name, char **value) +{ + char *env_value; + gpgme_error_t err = 0; -#error No thread-safe getenv nor getenv_r +#ifndef HAVE_THREAD_SAFE_GETENV + gpg_err_code_t rc; + rc= gpgrt_lock_lock (&environ_lock); + if (rc) + { + err = gpg_error (rc); + goto leave; + } +#endif + env_value = getenv (name); + if (!env_value) + *value = NULL; + else + { + *value = strdup (env_value); + if (!*value) + err = gpg_error_from_syserror (); + } +#ifndef HAVE_THREAD_SAFE_GETENV + rc = gpgrt_lock_unlock (&environ_lock); + if (rc) + err = gpg_error (rc); + leave: +#endif + return err; +} #endif ----------------------------------------------------------------------- Summary of changes: src/get-env.c | 56 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 20 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 27 14:04:29 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 27 Feb 2018 14:04:29 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.5-109-gb703ba7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b703ba725dadca8298a0c69365225f9a7ff60ae2 (commit) via ebb0fcf6e0bd6997eff4097ddda94955134212af (commit) from cbc7bacf2ff95aebb427bb244c719143a9001f3c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b703ba725dadca8298a0c69365225f9a7ff60ae2 Author: Werner Koch Date: Tue Feb 27 13:57:24 2018 +0100 gpg: Rename cipher.c to cipher-cfb.c * g10/cipher.c: Rename to ... * g10/cipher-cfb.c: this. -- Signed-off-by: Werner Koch diff --git a/g10/Makefile.am b/g10/Makefile.am index cba65b2..b8b92d7 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -131,7 +131,7 @@ gpg_sources = server.c \ passphrase.c \ decrypt.c \ decrypt-data.c \ - cipher.c \ + cipher-cfb.c \ cipher-aead.c \ encrypt.c \ sign.c \ diff --git a/g10/cipher.c b/g10/cipher-cfb.c similarity index 98% rename from g10/cipher.c rename to g10/cipher-cfb.c index ad7399d..79b21bd 100644 --- a/g10/cipher.c +++ b/g10/cipher-cfb.c @@ -1,4 +1,4 @@ -/* cipher.c - Enciphering filter for the old CFB mode. +/* cipher-cfb.c - Enciphering filter for the old CFB mode. * Copyright (C) 1998-2003, 2006, 2009 Free Software Foundation, Inc. * Copyright (C) 1998-2003, 2006, 2009, 2017 Werner koch * commit ebb0fcf6e0bd6997eff4097ddda94955134212af Author: Werner Koch Date: Tue Feb 27 13:53:52 2018 +0100 gpg: Fix corner cases in AEAD encryption. * g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk index if the previous chunk was empty. * g10/decrypt-data.c (aead_underflow): Likewise. Also handle a other corner cases. Add more debug output. -- GnuPG-bug-id: 3774 This fixes the reported case when the encrypted data is a multiple of the chunk size. Then the chunk index for the final chunk was wrongly incremented by 2. The actual fix makes use of the fact that the current dfx->CHUNKLEN is 0 in this case. There is also some other reorganizing to help with debugging. The thing seems to work now but the code is not very clean - should be reworked. Creating test files can be done with this script: --8<---------------cut here---------------start------------->8--- csize=6 for len in 0 55 56 57; do awk symenc-aead-eax-c$csize-$len.asc done --8<---------------cut here---------------end--------------->8--- A LEN of 56 triggered the bug which can be seen by looking at the "authdata:" line in the --debug=crypt,filter output. Signed-off-by: Werner Koch diff --git a/g10/cipher-aead.c b/g10/cipher-aead.c index 573bb43..cc306f9 100644 --- a/g10/cipher-aead.c +++ b/g10/cipher-aead.c @@ -244,7 +244,8 @@ write_final_chunk (cipher_filter_context_t *cfx, iobuf_t a) gpg_error_t err; char dummy[1]; - cfx->chunkindex++; + if (cfx->chunklen) + cfx->chunkindex++; err = set_nonce (cfx); if (err) diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index afdedcb..0b0051a 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -541,6 +541,7 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) size_t totallen = 0; /* The number of bytes to return on success or EOF. */ size_t off = 0; /* The offset into the buffer. */ size_t len; /* The current number of bytes in BUF+OFF. */ + int last_chunk_done = 0; /* Flag that we processed the last chunk. */ int c; log_assert (size > 48); /* Our code requires at least this size. */ @@ -551,16 +552,16 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) memcpy (buf, dfx->holdback, len); if (DBG_FILTER) - log_debug ("aead_underflow: size=%zu len=%zu%s\n", - size, len, dfx->eof_seen? " eof":""); + log_debug ("aead_underflow: size=%zu len=%zu%s%s\n", size, len, + dfx->partial? " partial":"", dfx->eof_seen? " eof":""); - /* Read and fill up BUF. We need to watchout for an EOF so that we + /* Read and fill up BUF. We need to watch out for an EOF so that we * can detect the last chunk which is commonly shorter than the * chunksize. After the last data byte from the last chunk 32 more * bytes are expected for the last chunk's tag and the following - * final chunk's tag. To detect the EOF we need to read at least + * final chunk's tag. To detect the EOF we need to try reading at least * one further byte; however we try to ready 16 extra bytes to avoid - * singel byte reads in some lower layers. The outcome is that we + * single byte reads in some lower layers. The outcome is that we * have up to 48 extra extra octets which we will later put into the * holdback buffer for the next invocation (which handles the EOF * case). */ @@ -648,56 +649,72 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) len -= n; if (DBG_FILTER) - log_debug ("bytes left: %zu at off=%zu\n", len, off); + log_debug ("ndecrypted: %zu (nchunk=%zu) bytes left: %zu at off=%zu\n", + totallen, dfx->chunklen, len, off); /* Check the tag. */ if (len < 16) { /* The tag is not entirely in the buffer. Read the rest of - * the tag from the holdback buffer. The shift the holdback + * the tag from the holdback buffer. Then shift the holdback * buffer and fill it up again. */ memcpy (tagbuf, buf+off, len); memcpy (tagbuf + len, dfx->holdback, 16 - len); dfx->holdbacklen -= 16-len; memmove (dfx->holdback, dfx->holdback + (16-len), dfx->holdbacklen); - len = dfx->holdbacklen; - if (dfx->partial) + if (dfx->eof_seen) { - for (; len < 48; len++ ) + /* We should have the last chunk's tag in TAGBUF and the + * final tag in HOLDBACKBUF. */ + if (len || dfx->holdbacklen != 16) { - if ((c = iobuf_get (a)) == -1) - { - dfx->eof_seen = 1; /* Normal EOF. */ - break; - } - dfx->holdback[len] = c; + /* Not enough data for the last two tags. */ + err = gpg_error (GPG_ERR_TRUNCATED); + goto leave; } + len = 0; + last_chunk_done = 1; } else { - for (; len < 48 && dfx->length; len++, dfx->length--) + len = dfx->holdbacklen; + if (dfx->partial) { - c = iobuf_get (a); - if (c == -1) + for (; len < 48; len++ ) { - dfx->eof_seen = 3; /* Premature EOF. */ - break; + if ((c = iobuf_get (a)) == -1) + { + dfx->eof_seen = 1; /* Normal EOF. */ + break; + } + dfx->holdback[len] = c; } - dfx->holdback[len] = c; } - if (!dfx->length) - dfx->eof_seen = 1; /* Normal EOF. */ - } - if (len < 32) - { - /* Not enough data for the last two tags. */ - err = gpg_error (GPG_ERR_TRUNCATED); - goto leave; + else + { + for (; len < 48 && dfx->length; len++, dfx->length--) + { + c = iobuf_get (a); + if (c == -1) + { + dfx->eof_seen = 3; /* Premature EOF. */ + break; + } + dfx->holdback[len] = c; + } + if (!dfx->length) + dfx->eof_seen = 1; /* Normal EOF. */ + } + if (len < 32) + { + /* Not enough data for the last two tags. */ + err = gpg_error (GPG_ERR_TRUNCATED); + goto leave; + } + dfx->holdbacklen = len; + len = 0; } - dfx->holdbacklen = len; - /* log_printhex (dfx->holdback, dfx->holdbacklen, "holdback:"); */ - len = 0; } else /* We already have the full tag. */ { @@ -716,54 +733,73 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) gpg_strerror (err)); goto leave; } + if (DBG_FILTER) + log_debug ("tag is valid\n"); /* Prepare a new chunk. */ - dfx->chunklen = 0; - dfx->chunkindex++; - err = aead_set_nonce (dfx); - if (err) - goto leave; - err = aead_set_ad (dfx, 0); - if (err) - goto leave; + if (!last_chunk_done) + { + dfx->chunklen = 0; + dfx->chunkindex++; + err = aead_set_nonce (dfx); + if (err) + goto leave; + err = aead_set_ad (dfx, 0); + if (err) + goto leave; + } continue; } - if (dfx->eof_seen) - { - /* This is the last block of the last chunk. Its length may - * not be a multiple of the block length. */ - gcry_cipher_final (dfx->cipher_hd); - } - err = gcry_cipher_decrypt (dfx->cipher_hd, buf + off, len, NULL, 0); - if (err) + if (!last_chunk_done) { - log_error ("gcry_cipher_decrypt failed (2): %s\n", gpg_strerror (err)); - goto leave; + if (dfx->eof_seen) + { + /* This is the last block of the last chunk. Its length may + * not be a multiple of the block length. */ + gcry_cipher_final (dfx->cipher_hd); + } + err = gcry_cipher_decrypt (dfx->cipher_hd, buf + off, len, NULL, 0); + if (err) + { + log_error ("gcry_cipher_decrypt failed (2): %s\n", + gpg_strerror (err)); + goto leave; + } + totallen += len; + dfx->chunklen += len; + dfx->total += len; + if (DBG_FILTER) + log_debug ("ndecrypted: %zu (nchunk=%zu)\n", totallen, dfx->chunklen); } - totallen += len; - dfx->chunklen += len; - dfx->total += len; + if (dfx->eof_seen) { if (DBG_FILTER) - log_debug ("eof seen: holdback buffer has the tags.\n"); + log_debug ("eof seen: holdback buffer has the %s.\n", + last_chunk_done? "final tag":"last and final tag"); - log_assert (dfx->holdbacklen >= 32); - - if (DBG_FILTER) - log_printhex (dfx->holdback, 16, "tag:"); - err = gcry_cipher_checktag (dfx->cipher_hd, dfx->holdback, 16); - if (err) + if (!last_chunk_done) { - log_error ("gcry_cipher_checktag failed (2): %s\n", - gpg_strerror (err)); - goto leave; + log_assert (dfx->holdbacklen >= 32); + + if (DBG_FILTER) + log_printhex (dfx->holdback, 16, "tag:"); + err = gcry_cipher_checktag (dfx->cipher_hd, dfx->holdback, 16); + if (err) + { + log_error ("gcry_cipher_checktag failed (2): %s\n", + gpg_strerror (err)); + goto leave; + } + if (DBG_FILTER) + log_debug ("tag is valid\n"); } /* Check the final chunk. */ - dfx->chunkindex++; + if (dfx->chunklen) + dfx->chunkindex++; err = aead_set_nonce (dfx); if (err) goto leave; @@ -771,7 +807,7 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) if (err) goto leave; gcry_cipher_final (dfx->cipher_hd); - /* decrypt an empty string. */ + /* Decrypt an empty string. */ err = gcry_cipher_decrypt (dfx->cipher_hd, dfx->holdback, 0, NULL, 0); if (err) { @@ -779,8 +815,10 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) gpg_strerror (err)); goto leave; } - /* log_printhex (dfx->holdback+16, 16, "tag:"); */ - err = gcry_cipher_checktag (dfx->cipher_hd, dfx->holdback+16, 16); + if (DBG_CRYPTO) + log_printhex (dfx->holdback+(last_chunk_done?0:16), 16, "tag:"); + err = gcry_cipher_checktag (dfx->cipher_hd, + dfx->holdback+(last_chunk_done?0:16), 16); if (err) { if (DBG_FILTER) @@ -788,6 +826,8 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) gpg_strerror (err)); goto leave; } + if (DBG_FILTER) + log_debug ("final tag is valid\n"); err = gpg_error (GPG_ERR_EOF); } ----------------------------------------------------------------------- Summary of changes: g10/Makefile.am | 2 +- g10/cipher-aead.c | 3 +- g10/{cipher.c => cipher-cfb.c} | 2 +- g10/decrypt-data.c | 176 +++++++++++++++++++++++++---------------- 4 files changed, 112 insertions(+), 71 deletions(-) rename g10/{cipher.c => cipher-cfb.c} (98%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 27 14:11:04 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Tue, 27 Feb 2018 14:11:04 +0100 Subject: [git] gnupg-doc - branch, master, updated. f9098f2c036f638b1ccb82ee2ba29c91dd1e98ae Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via f9098f2c036f638b1ccb82ee2ba29c91dd1e98ae (commit) from 14956d3f716f04ae455ab020641e168f3b20b1a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f9098f2c036f638b1ccb82ee2ba29c91dd1e98ae Author: Ben McGinnes Date: Wed Feb 28 00:10:01 2018 +1100 Resizing image * Reduced image size to more closely match the rest. diff --git a/web/people/ben.png b/web/people/ben.png index 3d16e31..6d8b0c1 100644 Binary files a/web/people/ben.png and b/web/people/ben.png differ ----------------------------------------------------------------------- Summary of changes: web/people/ben.png | Bin 66116 -> 37886 bytes 1 file changed, 0 insertions(+), 0 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 27 17:46:14 2018 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Tue, 27 Feb 2018 17:46:14 +0100 Subject: [git] GPGME - branch, ben/docs/2018-02, created. gpgme-1.10.0-44-g85bdca3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, ben/docs/2018-02 has been created at 85bdca3b2b095afb672f19abbffccd2bcb8bbd0a (commit) - Log ----------------------------------------------------------------- commit 85bdca3b2b095afb672f19abbffccd2bcb8bbd0a Author: Ben McGinnes Date: Wed Feb 28 03:43:59 2018 +1100 New stuff * Added the idea for alternative Emacs bindings (to extend the existing ones, not replace them outright). * Added a reference to the API Squared part of the project. diff --git a/TODO b/TODO index 6d04aad..8efa4b5 100644 --- a/TODO +++ b/TODO @@ -539,6 +539,26 @@ Hey Emacs, this is -*- org -*- mode! :CUSTOM_ID: language-bindings-and-related-stuff :END: +** TODO Emacs and elisp binding + :PROPERTIES: + :CUSTOM_ID: emacs-and-elisp + :END: + + Currently GNU Emacs uses EPA and EPG to provide GnuPG support. EPG + does this by calling the GPG executable and wrapping the commands + with elisp functions. A more preferable solution would be to + implement an epgme.el which integrated with GPGME, then if it could + not to attempt calling the gpgme-tool and only if those failed to + fall back to the current epg.el and calling the command line + binaries. + +** TODO API of an API + :PROPERTIES: + :CUSTOM_ID: api-squared + :END: + + See the more detailed notes on this in the [[lang/python/docs/TODO.org][python TODO]]. + Copyright 2004, 2005, 2018 g10 Code GmbH commit 8047e1374fe6e69e8c4502e58e6522ea86e4bef4 Author: Ben McGinnes Date: Wed Feb 28 03:30:46 2018 +1100 TODO the TODO * Added an actual TODO to fix the TODOs. * Pretty sure I know who will be completing this one ... ;) diff --git a/TODO b/TODO index a7843b3..6d04aad 100644 --- a/TODO +++ b/TODO @@ -4,6 +4,17 @@ Hey Emacs, this is -*- org -*- mode! :PROPERTIES: :CUSTOM_ID: more-docs-is-better :END: +** TODO Fix this TODO list. + :PROPERTIES: + :CUSTOM_ID: fix-todo + :END: + Clean up the current TODO list. Include properties as relevant (so + if someone does make a PDF or HTML version the TOC will work). + + Also check ans see if some of these ancient things can be removed + (e.g. do we really need to fix things that were broken in GPG + 1.3.x? I'm thinking not so much). + * Fix the remaining UI Server problems: commit 73c51bc9858de2aab25844e7e283a6334038ccc8 Author: Ben McGinnes Date: Wed Feb 28 03:21:18 2018 +1100 TODO ... the TODO * If we're going to use Org, let's actually use Org. * Added the properties tags for each point. * Some of thems still need custom ID tags assigned properly. * Probably ought to make them actual TODOs at some point, but that can wait until they can be marked as DONE anyway. * Will add a TODO for some of this stuff ... oh, the irony. diff --git a/TODO b/TODO index 0458cb5..a7843b3 100644 --- a/TODO +++ b/TODO @@ -1,58 +1,172 @@ Hey Emacs, this is -*- org -*- mode! * Document all the new stuff. + :PROPERTIES: + :CUSTOM_ID: more-docs-is-better + :END: + + * Fix the remaining UI Server problems: + :PROPERTIES: + :CUSTOM_ID: ui-server-fix + :END: ** VERIFY --silent support. + :PROPERTIES: + :CUSTOM_ID: verify-silent + :END: ** ENCRYPT/DECRYPT/VERIFY/SIGN reset the engine, shouldn't be done with UISERVER? + :PROPERTIES: + :CUSTOM_ID: reset-engine-not-ui + :END: + * IMPORTANT + :PROPERTIES: + :CUSTOM_ID: important-stuff-really + :END: ** When using descriptor passing, we need to set the fd to blocking before + :PROPERTIES: + :CUSTOM_ID: set-fd-blocking + :END: issueing simple commands, because we are mixing synchronous commands into potentially asynchronous operations. -** Might want to implement nonblock for w32 native backend! Right now, - we block reading the next line with assuan. +** Might want to implement nonblock for w32 native backend! + :PROPERTIES: + :CUSTOM_ID: nonblock-win32 + :END: + Right now we block reading the next line with assuan. * Before release: + :PROPERTIES: + :CUSTOM_ID: pre-release + :END: ** Some gpg tests fail with gpg 1.3.4-cvs (gpg/t-keylist-sig) + :PROPERTIES: + :CUSTOM_ID: gpg-1-3-4-really + :END: The test is currently disabled there and in gpg/t-import. ** When gpg supports it, write binary subpackets directly, + :PROPERTIES: + :CUSTOM_ID: binary-subpackets + :END: and parse SUBPACKET status lines. * ABI's to break: + :PROPERTIES: + :CUSTOM_ID: abi-breakage-apparently-on-purpose + :END: ** Old opassuan interface. + :PROPERTIES: + :CUSTOM_ID: old-opassuan + :END: ** Implementation: Remove support for old style error codes in + :PROPERTIES: + :CUSTOM_ID: remove-old-error-codes + :END: conversion.c::_gpgme_map_gnupg_error. ** gpgme_edit_cb_t: Add "processed" return argument + :PROPERTIES: + :CUSTOM_ID: add-processed-return + :END: (see edit.c::command_handler). ** I/O and User Data could be made extensible. But this can be done + :PROPERTIES: + :CUSTOM_ID: add-io-user-data + :END: without breaking the ABI hopefully. ** All enums should be replaced by ints and simple macros for + :PROPERTIES: + :CUSTOM_ID: enums-should-be-ints + :END: maximum compatibility. ** Compatibility interfaces that can be removed in future versions: + :PROPERTIES: + :CUSTOM_ID: compat-interfaces-to-go + :END: *** gpgme_data_new_from_filepart + :PROPERTIES: + :CUSTOM_ID: gpgme-data-new-from-filepart + :END: *** gpgme_data_new_from_file + :PROPERTIES: + :CUSTOM_ID: gpgme-data-new-from-file + :END: *** gpgme_data_new_with_read_cb + :PROPERTIES: + :CUSTOM_ID: gpgme-data-new-with-read-cb + :END: *** gpgme_data_rewind + :PROPERTIES: + :CUSTOM_ID: gpgme-data-rewind + :END: *** gpgme_op_import_ext + :PROPERTIES: + :CUSTOM_ID: gpgme-op-import-ext + :END: *** gpgme_get_sig_key + :PROPERTIES: + :CUSTOM_ID: gpgme-get-sig-key + :END: *** gpgme_get_sig_ulong_attr + :PROPERTIES: + :CUSTOM_ID: gpgme-get-sig-ulong-attr + :END: *** gpgme_get_sig_string_attr + :PROPERTIES: + :CUSTOM_ID: gpgme-get-sig-string-attr + :END: *** GPGME_SIG_STAT_* + :PROPERTIES: + :CUSTOM_ID: gpgme-sig-stat + :END: *** gpgme_get_sig_status + :PROPERTIES: + :CUSTOM_ID: gpgme-get-sig-status + :END: *** gpgme_trust_item_release + :PROPERTIES: + :CUSTOM_ID: gpgme-trust-item-release + :END: *** gpgme_trust_item_get_string_attr + :PROPERTIES: + :CUSTOM_ID: gpgme-trust-item-get-string-attr + :END: *** gpgme_trust_item_get_ulong_attr + :PROPERTIES: + :CUSTOM_ID: gpgme-trust-item-get-ulong-attr + :END: *** gpgme_attr_t + :PROPERTIES: + :CUSTOM_ID: gpgme-attr-t + :END: *** All Gpgme* typedefs. + :PROPERTIES: + :CUSTOM_ID: all-gpgme-typedefs + :END: * Thread support: + :PROPERTIES: + :CUSTOM_ID: + :END: ** When GNU Pth supports sendmsg/recvmsg, wrap them properly. + :PROPERTIES: + :CUSTOM_ID: + :END: ** Without timegm (3) support our ISO time parser is not thread safe. + :PROPERTIES: + :CUSTOM_ID: + :END: There is a configure time warning, though. * New features: + :PROPERTIES: + :CUSTOM_ID: + :END: ** Flow control for data objects. + :PROPERTIES: + :CUSTOM_ID: + :END: Currently, gpgme_data_t objects are assumed to be blocking. To break this assumption, we need either (A) a way for an user I/O callback to store the current operation in a continuation that can @@ -62,8 +176,14 @@ Hey Emacs, this is -*- org -*- mode! associated with a waitable object, that can be registered with the user event loop. Neither is particularly simple. ** Extended notation support. When gpg supports arbitrary binary + :PROPERTIES: + :CUSTOM_ID: + :END: notation data, provide a user interface for that. ** notification system + :PROPERTIES: + :CUSTOM_ID: + :END: We need a simple notification system, probably a simple callback with a string and some optional arguments. This is for example required to notify an application of a changed smartcard, The @@ -75,35 +195,82 @@ Hey Emacs, this is -*- org -*- mode! sufficient for this. ** --learn-code support + :PROPERTIES: + :CUSTOM_ID: + :END: This might be integrated with import. we still need to work out how to learn a card when gpg and gpgsm have support for smartcards. In GPA we currently invoke gpg directly. ** Might need a stat() for data objects and use it for length param to gpg. + :PROPERTIES: + :CUSTOM_ID: + :END: ** Implement support for photo ids. + :PROPERTIES: + :CUSTOM_ID: + :END: ** Allow selection of subkeys + :PROPERTIES: + :CUSTOM_ID: + :END: ** Allow to return time stamps in ISO format + :PROPERTIES: + :CUSTOM_ID: + :END: This allows us to handle years later than 2037 properly. With the time_t interface they are all mapped to 2037-12-31 ** New features requested by our dear users, but rejected or left for + :PROPERTIES: + :CUSTOM_ID: + :END: later consideration: *** Allow to export secret keys. + :PROPERTIES: + :CUSTOM_ID: + :END: Rejected because this is conceptually flawed. Secret keys on a smart card can not be exported, for example. May eventually e supproted with a keywrapping system. *** Selecting the key ring, setting the version or comment in output. + :PROPERTIES: + :CUSTOM_ID: + :END: Rejected because the naive implementation is engine specific, the configuration is part of the engine's configuration or readily worked around in a different way *** Selecting the symmetric cipher. + :PROPERTIES: + :CUSTOM_ID: + :END: *** Exchanging keys with key servers. + :PROPERTIES: + :CUSTOM_ID: + :END: + * Documentation + :PROPERTIES: + :CUSTOM_ID: + :END: ** Document validity and trust issues. + :PROPERTIES: + :CUSTOM_ID: + :END: ** In gpgme.texi: Register callbacks under the right letter in the index. + :PROPERTIES: + :CUSTOM_ID: + :END: + * Engines + :PROPERTIES: + :CUSTOM_ID: + :END: ** Do not create/destroy engines, but create engine and then reset it. + :PROPERTIES: + :CUSTOM_ID: + :END: Internally the reset operation still spawns a new engine process, but this can be replaced with a reset later. Also, be very sure to release everything properly at a reset and at an error. Think hard @@ -113,21 +280,46 @@ Hey Emacs, this is -*- org -*- mode! as RESET does not reset it, also for no_encrypt_to and probably other options. ** Optimize the case where a data object has an underlying fd we can pass + :PROPERTIES: + :CUSTOM_ID: + :END: directly to the engine. This will be automatic with socket I/O and descriptor passing. ** Move code common to all engines up from gpg to engine. + :PROPERTIES: + :CUSTOM_ID: + :END: ** engine operations can return General Error on unknown protocol + :PROPERTIES: + :CUSTOM_ID: + :END: (it's an internal error, as select_protocol checks already). ** When server mode is implemented properly, more care has to be taken to + :PROPERTIES: + :CUSTOM_ID: + :END: release all resources on error (for example to free assuan_cmd). ** op_import_keys and op_export_keys have a limit ion the number of keys. + :PROPERTIES: + :CUSTOM_ID: + :END: This is because we pass them in gpg via the command line and gpgsm via an assuan control line. We should pipe them instead and maybe change gpg/gpgsm to not put them in memory. + * GPG breakage: + :PROPERTIES: + :CUSTOM_ID: + :END: ** gpg 1.4.2 lacks error reporting if sign/encrypt with revoked key. + :PROPERTIES: + :CUSTOM_ID: + :END: ** gpg 1.4.2 does crappy error reporting (namely none at all) when + :PROPERTIES: + :CUSTOM_ID: + :END: smart card is missing for sign operation: [GNUPG:] CARDCTRL 4 gpg: selecting openpgp failed: ec=6.110 @@ -135,62 +327,157 @@ Hey Emacs, this is -*- org -*- mode! [GNUPG:] BEGIN_ENCRYPTION 2 10 gpg: test: sign+encrypt failed: general error ** Without agent and with wrong passphrase, gpg 1.4.2 enters into an + :PROPERTIES: + :CUSTOM_ID: + :END: infinite loop. ** Use correct argv[0] + :PROPERTIES: + :CUSTOM_ID: + :END: In rungpg.c:build_argv we use argv[argc] = strdup ("gpg"); /* argv[0] */ This should be changed to take the real file name used in account. * Operations + :PROPERTIES: + :CUSTOM_ID: + :END: ** Include cert values -2, -1, 0 and 1 should be defined as macros. + :PROPERTIES: + :CUSTOM_ID: + :END: ** If an operation failed, make sure that the result functions don't return + :PROPERTIES: + :CUSTOM_ID: + :END: corrupt partial information. !!! NOTE: The EOF status handler is not called in this case !!! ** Verify must not fail on NODATA premature if auto-key-retrieval failed. + :PROPERTIES: + :CUSTOM_ID: + :END: It should not fail silently if it knows there is an error. !!! ** All operations: Better error reporting. !! + :PROPERTIES: + :CUSTOM_ID: + :END: ** Export status handler need much more work. !!! + :PROPERTIES: + :CUSTOM_ID: + :END: ** Import should return a useful error when one happened. + :PROPERTIES: + :CUSTOM_ID: + :END: *** Import does not take notice of NODATA status report. + :PROPERTIES: + :CUSTOM_ID: + :END: *** When GPGSM does issue IMPORT_OK status reports, make sure to check for + :PROPERTIES: + :CUSTOM_ID: + :END: them in tests/gpgs m/t-import.c. ** Verify can include info about version/algo/class, but currently + :PROPERTIES: + :CUSTOM_ID: + :END: this is only available for gpg, not gpgsm. ** Return ENC_TO output in verify result. Again, this is not available + :PROPERTIES: + :CUSTOM_ID: + :END: for gpgsm. ** Genkey should return something more useful than General_Error. + :PROPERTIES: + :CUSTOM_ID: + :END: ** If possible, use --file-setsize to set the file size for proper progress + :PROPERTIES: + :CUSTOM_ID: + :END: callback handling. Write data interface for file size. ** Optimize the file descriptor list, so the number of open fds is + :PROPERTIES: + :CUSTOM_ID: + :END: always known easily. ** Encryption: It should be verified that the behaviour for partially untrusted + :PROPERTIES: + :CUSTOM_ID: + :END: recipients is correct. ** When GPG issues INV_something for invalid signers, catch them. + :PROPERTIES: + :CUSTOM_ID: + :END: + * Error Values + :PROPERTIES: + :CUSTOM_ID: + :END: ** Map ASSUAN/GpgSM ERR error values in a better way than is done now. !! + :PROPERTIES: + :CUSTOM_ID: + :END: ** Some error values should identify the source more correctly (mostly error + :PROPERTIES: + :CUSTOM_ID: + :END: values derived from status messages). ** In rungpg.c we need to check the version of the engine + :PROPERTIES: + :CUSTOM_ID: + :END: This requires a way to get the cached version number from the engine layer. * Tests + :PROPERTIES: + :CUSTOM_ID: + :END: ** Write a fake gpg-agent so that we can supply known passphrases to + :PROPERTIES: + :CUSTOM_ID: + :END: gpgsm and setup the configuration files to use the agent. Without this we are testing a currently running gpg-agent which is not a clever idea. ! ** t-data + :PROPERTIES: + :CUSTOM_ID: + :END: *** Test gpgme_data_release_and_get_mem. + :PROPERTIES: + :CUSTOM_ID: + :END: *** Test gpgme_data_seek for invalid types. + :PROPERTIES: + :CUSTOM_ID: + :END: ** t-keylist + :PROPERTIES: + :CUSTOM_ID: + :END: Write a test for ext_keylist. ** Test reading key signatures. + :PROPERTIES: + :CUSTOM_ID: + :END: + * Debug + :PROPERTIES: + :CUSTOM_ID: + :END: ** Tracepoints should be added at: Every public interface enter/leave, + :PROPERTIES: + :CUSTOM_ID: + :END: before and in every callback, at major decision points, at every internal data point which might easily be observed by the outside (system handles). We also trace handles and I/O support threads in @@ -203,20 +490,46 @@ Hey Emacs, this is -*- org -*- mode! genkey.c import.c key.c keylist.c passphrase.c progress.c signers.c sig-notation.c trust-item.c trustlist.c verify.c ** Handle malloc and vasprintf errors. But decide first if they should be + :PROPERTIES: + :CUSTOM_ID: + :END: ignored (and logged with 255?!), or really be assertions. ! + * Build suite + :PROPERTIES: + :CUSTOM_ID: + :END: ** Make sure everything is cleaned correctly (esp. test area). + :PROPERTIES: + :CUSTOM_ID: + :END: ** Enable AC_CONFIG_MACRO_DIR and bump up autoconf version requirement. + :PROPERTIES: + :CUSTOM_ID: + :END: (To fix "./autogen.sh; ./configure --enable-maintainer-mode; touch configure.ac; make"). Currently worked around with ACLOCAL_AMFLAGS??? + * Error checking + :PROPERTIES: + :CUSTOM_ID: + :END: ** engine-gpgsm, with-validation + :PROPERTIES: + :CUSTOM_ID: + :END: Add error checking some time after releasing a new gpgsm. -Copyright 2004, 2005 g10 Code GmbH +* Language bindings and related components + :PROPERTIES: + :CUSTOM_ID: language-bindings-and-related-stuff + :END: + + +Copyright 2004, 2005, 2018 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 27 21:17:50 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 27 Feb 2018 21:17:50 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.5-111-g618b863 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 618b86325f776f7250ad2bb09680e4bb427d7e50 (commit) via ad989373f1a46139ed0fbc4d4a91069b78617ad9 (commit) from b703ba725dadca8298a0c69365225f9a7ff60ae2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 618b86325f776f7250ad2bb09680e4bb427d7e50 Author: Werner Koch Date: Tue Feb 27 21:11:20 2018 +0100 gpg: Simplify the AEAD decryption function. * g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ... (aead_set_nonce_and_ad): new single function. Change callers. (decrypt_data): Do not set the nonce and ad here. (aead_underflow): Get rid of the LAST_CHUNK_DONE hack. -- The main change here is that we now re-init the context only right before we decrypt and not after a checktag. Signed-off-by: Werner Koch diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index b00f2bc..5594d90 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -117,11 +117,15 @@ release_dfx_context (decode_filter_ctx_t dfx) } -/* Set the nonce for AEAD. This also reset the decryption machinery - * so that the handle can be used for a new chunk. */ +/* Set the nonce and the additional data for the current chunk. This + * also reset the decryption machinery * so that the handle can be + * used for a new chunk. If FINAL is set the final AEAD chunk is + * processed. */ static gpg_error_t -aead_set_nonce (decode_filter_ctx_t dfx) +aead_set_nonce_and_ad (decode_filter_ctx_t dfx, int final) { + gpg_error_t err; + unsigned char ad[21]; unsigned char nonce[16]; int i; @@ -151,16 +155,9 @@ aead_set_nonce (decode_filter_ctx_t dfx) if (DBG_CRYPTO) log_printhex (nonce, i, "nonce:"); - return gcry_cipher_setiv (dfx->cipher_hd, nonce, i); -} - - -/* Set the additional data for the current chunk. If FINAL is set the - * final AEAD chunk is processed. */ -static gpg_error_t -aead_set_ad (decode_filter_ctx_t dfx, int final) -{ - unsigned char ad[21]; + err = gcry_cipher_setiv (dfx->cipher_hd, nonce, i); + if (err) + return err; ad[0] = (0xc0 | PKT_ENCRYPTED_AEAD); ad[1] = 1; @@ -371,14 +368,6 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) goto leave; } - rc = aead_set_nonce (dfx); - if (rc) - goto leave; - - rc = aead_set_ad (dfx, 0); - if (rc) - goto leave; - } else /* CFB encryption. */ { @@ -606,7 +595,6 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) size_t totallen = 0; /* The number of bytes to return on success or EOF. */ size_t off = 0; /* The offset into the buffer. */ size_t len; /* The current number of bytes in BUF+OFF. */ - int last_chunk_done = 0; /* Flag that we processed the last chunk. */ log_assert (size > 48); /* Our code requires at least this size. */ @@ -655,10 +643,10 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) } /* log_printhex (dfx->holdback, dfx->holdbacklen, "holdback:"); */ - /* Decrypt the buffer. This requires a loop because a chunk may end - * within the buffer. */ + /* Decrypt the buffer. This first requires a loop to handle the + * case when a chunk ends within the buffer. */ if (DBG_FILTER) - log_debug ("decrypt loop: chunklen=%ju total=%ju size=%zu len=%zu%s\n", + log_debug ("decrypt: chunklen=%ju total=%ju size=%zu len=%zu%s\n", (uintmax_t)dfx->chunklen, (uintmax_t)dfx->total, size, len, dfx->eof_seen? " eof":""); @@ -669,6 +657,15 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) if (DBG_FILTER) log_debug ("chunksize will be reached: n=%zu\n", n); + + if (!dfx->chunklen) + { + /* First data for this chunk - prepare. */ + err = aead_set_nonce_and_ad (dfx, 0); + if (err) + goto leave; + } + /* log_printhex (buf, n, "ciph:"); */ gcry_cipher_final (dfx->cipher_hd); err = gcry_cipher_decrypt (dfx->cipher_hd, buf+off, n, NULL, 0); @@ -710,7 +707,6 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) err = gpg_error (GPG_ERR_TRUNCATED); goto leave; } - last_chunk_done = 1; } else { @@ -735,25 +731,23 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) err = aead_checktag (dfx, 0, tagbuf); if (err) goto leave; + dfx->chunklen = 0; + dfx->chunkindex++; - /* Prepare a new chunk. */ - if (!last_chunk_done) + continue; + } + + /* The bulk decryption of our buffer. */ + if (len) + { + if (!dfx->chunklen) { - dfx->chunklen = 0; - dfx->chunkindex++; - err = aead_set_nonce (dfx); - if (err) - goto leave; - err = aead_set_ad (dfx, 0); + /* First data for this chunk - prepare. */ + err = aead_set_nonce_and_ad (dfx, 0); if (err) goto leave; } - continue; - } - - if (!last_chunk_done) - { if (dfx->eof_seen) { /* This is the last block of the last chunk. Its length may @@ -777,28 +771,24 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) if (dfx->eof_seen) { if (DBG_FILTER) - log_debug ("eof seen: holdback buffer has the %s.\n", - last_chunk_done? "final tag":"last and final tag"); + log_debug ("eof seen: holdback buffer has the last and final tag\n"); - if (!last_chunk_done) + log_assert (dfx->holdbacklen >= 32); + if (dfx->chunklen) { - log_assert (dfx->holdbacklen >= 32); err = aead_checktag (dfx, 0, dfx->holdback); if (err) goto leave; + dfx->chunklen = 0; + dfx->chunkindex++; } /* Check the final chunk. */ - if (dfx->chunklen) - dfx->chunkindex++; - err = aead_set_nonce (dfx); - if (err) - goto leave; - err = aead_set_ad (dfx, 1); + err = aead_set_nonce_and_ad (dfx, 1); if (err) goto leave; gcry_cipher_final (dfx->cipher_hd); - /* Decrypt an empty string. */ + /* Decrypt an empty string (using HOLDBACK as a dummy). */ err = gcry_cipher_decrypt (dfx->cipher_hd, dfx->holdback, 0, NULL, 0); if (err) { @@ -806,7 +796,7 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) gpg_strerror (err)); goto leave; } - err = aead_checktag (dfx, 1, dfx->holdback+(last_chunk_done?0:16)); + err = aead_checktag (dfx, 1, dfx->holdback+16); if (err) goto leave; err = gpg_error (GPG_ERR_EOF); commit ad989373f1a46139ed0fbc4d4a91069b78617ad9 Author: Werner Koch Date: Tue Feb 27 19:50:54 2018 +0100 gpg: Factor common code out of the AEAD decryption function. * g10/decrypt-data.c (aead_underflow): Factor reading and checking code code out to ... (fill_buffer, aead_checktag): new functions. -- Here is a simple test script to check against a set of encrypted files with naming convention like "symenc-aead-eax-c6-56.asc" # ------------------------ >8 ------------------------ set -e GPG=../g10/gpg for file in "$@"; do echo "${file##*/}" | ( IFS=- read dummy1 dummy2 mode cbyte len rest len="${len%.*}" cbyte="${cbyte#c}" [ "$dummy1" != "symenc" -o "$dummy2" != "aead" ] && continue echo "checking mode=$mode chunkbyte=$cbyte length=$len" if ! $GPG --no-options --rfc4880bis --batch --passphrase "abc" \ -d < $file >tmp.plain 2>/dev/null; then echo "Decryption failed for $file" >&2 exit 2 fi plainlen=$(wc -c &2 exit 2 fi ) done echo "all files are okay" >&2 # ------------------------ 8< ------------------------ Signed-off-by: Werner Koch diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 0b0051a..b00f2bc 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -192,6 +192,28 @@ aead_set_ad (decode_filter_ctx_t dfx, int final) } +/* Helper to check the 16 byte tag in TAGBUF. The FINAL flag is only + * for debug messages. */ +static gpg_error_t +aead_checktag (decode_filter_ctx_t dfx, int final, const void *tagbuf) +{ + gpg_error_t err; + + if (DBG_FILTER) + log_printhex (tagbuf, 16, "tag:"); + err = gcry_cipher_checktag (dfx->cipher_hd, tagbuf, 16); + if (err) + { + log_error ("gcry_cipher_checktag%s failed: %s\n", + final? " (final)":"", gpg_strerror (err)); + return err; + } + if (DBG_FILTER) + log_debug ("%stag is valid\n", final?"final ":""); + return 0; +} + + /**************** * Decrypt the data, specified by ED with the key DEK. */ @@ -531,6 +553,49 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) } +/* Fill BUFFER with up to NBYTES-OFFSET from STREAM utilizing + * information from the context DFX. Returns the new offset which is + * the number of bytes read plus the original offset. On EOF the + * respective flag in DFX is set. */ +static size_t +fill_buffer (decode_filter_ctx_t dfx, iobuf_t stream, + byte *buffer, size_t nbytes, size_t offset) +{ + size_t nread = offset; + int c; + + if (dfx->partial) + { + for (; nread < nbytes; nread++ ) + { + if ((c = iobuf_get (stream)) == -1) + { + dfx->eof_seen = 1; /* Normal EOF. */ + break; + } + buffer[nread] = c; + } + } + else + { + for (; nread < nbytes && dfx->length; nread++, dfx->length--) + { + c = iobuf_get (stream); + if (c == -1) + { + dfx->eof_seen = 3; /* Premature EOF. */ + break; + } + buffer[nread] = c; + } + if (!dfx->length) + dfx->eof_seen = 1; /* Normal EOF. */ + } + + return nread; +} + + /* The core of the AEAD decryption. This is the underflow function of * the aead_decode_filter. */ static gpg_error_t @@ -542,7 +607,6 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) size_t off = 0; /* The offset into the buffer. */ size_t len; /* The current number of bytes in BUF+OFF. */ int last_chunk_done = 0; /* Flag that we processed the last chunk. */ - int c; log_assert (size > 48); /* Our code requires at least this size. */ @@ -560,39 +624,12 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) * chunksize. After the last data byte from the last chunk 32 more * bytes are expected for the last chunk's tag and the following * final chunk's tag. To detect the EOF we need to try reading at least - * one further byte; however we try to ready 16 extra bytes to avoid + * one further byte; however we try to read 16 extra bytes to avoid * single byte reads in some lower layers. The outcome is that we * have up to 48 extra extra octets which we will later put into the * holdback buffer for the next invocation (which handles the EOF * case). */ - if (dfx->partial) - { - for (; len < size; len++ ) - { - if ((c = iobuf_get (a)) == -1) - { - dfx->eof_seen = 1; /* Normal EOF. */ - break; - } - buf[len] = c; - } - } - else - { - for (; len < size && dfx->length; len++, dfx->length--) - { - c = iobuf_get (a); - if (c == -1) - { - dfx->eof_seen = 3; /* Premature EOF. */ - break; - } - buf[len] = c; - } - if (!dfx->length) - dfx->eof_seen = 1; /* Normal EOF. */ - } - + len = fill_buffer (dfx, a, buf, size, len); if (len < 32) { /* Not enough data for the last two tags. */ @@ -673,47 +710,19 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) err = gpg_error (GPG_ERR_TRUNCATED); goto leave; } - len = 0; last_chunk_done = 1; } else { - len = dfx->holdbacklen; - if (dfx->partial) - { - for (; len < 48; len++ ) - { - if ((c = iobuf_get (a)) == -1) - { - dfx->eof_seen = 1; /* Normal EOF. */ - break; - } - dfx->holdback[len] = c; - } - } - else - { - for (; len < 48 && dfx->length; len++, dfx->length--) - { - c = iobuf_get (a); - if (c == -1) - { - dfx->eof_seen = 3; /* Premature EOF. */ - break; - } - dfx->holdback[len] = c; - } - if (!dfx->length) - dfx->eof_seen = 1; /* Normal EOF. */ - } - if (len < 32) + len = 0; + dfx->holdbacklen = fill_buffer (dfx, a, dfx->holdback, 48, + dfx->holdbacklen); + if (dfx->holdbacklen < 32) { /* Not enough data for the last two tags. */ err = gpg_error (GPG_ERR_TRUNCATED); goto leave; } - dfx->holdbacklen = len; - len = 0; } } else /* We already have the full tag. */ @@ -723,18 +732,9 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) memmove (buf + off, buf + off + 16, len - 16); len -= 16; } - if (DBG_CRYPTO) - log_printhex (tagbuf, 16, "tag:"); - err = gcry_cipher_checktag (dfx->cipher_hd, tagbuf, 16); + err = aead_checktag (dfx, 0, tagbuf); if (err) - { - if (DBG_FILTER) - log_debug ("gcry_cipher_checktag failed (1): %s\n", - gpg_strerror (err)); - goto leave; - } - if (DBG_FILTER) - log_debug ("tag is valid\n"); + goto leave; /* Prepare a new chunk. */ if (!last_chunk_done) @@ -783,18 +783,9 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) if (!last_chunk_done) { log_assert (dfx->holdbacklen >= 32); - - if (DBG_FILTER) - log_printhex (dfx->holdback, 16, "tag:"); - err = gcry_cipher_checktag (dfx->cipher_hd, dfx->holdback, 16); + err = aead_checktag (dfx, 0, dfx->holdback); if (err) - { - log_error ("gcry_cipher_checktag failed (2): %s\n", - gpg_strerror (err)); - goto leave; - } - if (DBG_FILTER) - log_debug ("tag is valid\n"); + goto leave; } /* Check the final chunk. */ @@ -815,19 +806,9 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) gpg_strerror (err)); goto leave; } - if (DBG_CRYPTO) - log_printhex (dfx->holdback+(last_chunk_done?0:16), 16, "tag:"); - err = gcry_cipher_checktag (dfx->cipher_hd, - dfx->holdback+(last_chunk_done?0:16), 16); + err = aead_checktag (dfx, 1, dfx->holdback+(last_chunk_done?0:16)); if (err) - { - if (DBG_FILTER) - log_debug ("gcry_cipher_checktag failed (final): %s\n", - gpg_strerror (err)); - goto leave; - } - if (DBG_FILTER) - log_debug ("final tag is valid\n"); + goto leave; err = gpg_error (GPG_ERR_EOF); } ----------------------------------------------------------------------- Summary of changes: g10/decrypt-data.c | 263 ++++++++++++++++++++++++----------------------------- 1 file changed, 117 insertions(+), 146 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 28 02:50:27 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 28 Feb 2018 02:50:27 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.27-245-g596c0d7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 596c0d701edeb45e0069bb74b9343e3d5b708ef0 (commit) from 70058cd9f944d620764e57c838209afae8a58c78 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 596c0d701edeb45e0069bb74b9343e3d5b708ef0 Author: NIIBE Yutaka Date: Wed Feb 28 10:47:51 2018 +0900 syscfg: Add a riscv64 architecture. * src/syscfg/lock-obj-pub.riscv64-unknown-linux-gnu.h: New. * src/Makefile.am (lock_obj_pub): Add it. -- Debian-bug-id: 891663 Co-authored-by: Karsten Merker Signed-off-by: NIIBE Yutaka diff --git a/src/Makefile.am b/src/Makefile.am index 4446612..268c2ab 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -65,6 +65,7 @@ lock_obj_pub = \ syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h \ syscfg/lock-obj-pub.powerpc64le-unknown-linux-gnu.h \ syscfg/lock-obj-pub.powerpc-unknown-linux-gnuspe.h \ + syscfg/lock-obj-pub.riscv64-unknown-linux-gnu.h \ syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h \ syscfg/lock-obj-pub.sh3-unknown-linux-gnu.h \ syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h \ diff --git a/src/syscfg/lock-obj-pub.riscv64-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.riscv64-unknown-linux-gnu.h new file mode 100644 index 0000000..8aab9d6 --- /dev/null +++ b/src/syscfg/lock-obj-pub.riscv64-unknown-linux-gnu.h @@ -0,0 +1,25 @@ +## lock-obj-pub.riscv64-unknown-linux-gnu.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[40]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 1 + ...a64-unknown-linux-gnu.h => lock-obj-pub.riscv64-unknown-linux-gnu.h} | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) copy src/syscfg/{lock-obj-pub.ia64-unknown-linux-gnu.h => lock-obj-pub.riscv64-unknown-linux-gnu.h} (92%) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 28 09:50:57 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 28 Feb 2018 09:50:57 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.5-113-gf2c0920 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f2c09203b98b83669a460dc8161283de96022536 (commit) via 047506a03d21739b5b922f6b3fd9f059b0b137c5 (commit) from 618b86325f776f7250ad2bb09680e4bb427d7e50 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f2c09203b98b83669a460dc8161283de96022536 Author: Werner Koch Date: Wed Feb 28 09:31:39 2018 +0100 gpg: Avoid writing a zero length last chunk in AEAD mode. * g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad. (write_final_chunk): Do not increase chunkindex. (do_flush): Call set_nonce_and_ad immediately before the first encryption of a chunk. Bump up the chunkindex after writing the tag. (do_free): Do not insert a zero length last chunk. * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug. -- This fixes a bug in writing a zero length last chunk right before the final chunk (which has by design a zero length). We also need to adjust the decryption part because that assumed this zero length last chunk. Note that we use the term "last chunk" for the chunk which directly precedes the "final chunk" which ends the entire encryption. GnuPG-bug-id: 3774 Signed-off-by: Werner Koch diff --git a/g10/cipher-aead.c b/g10/cipher-aead.c index 1457baa..f9a996c 100644 --- a/g10/cipher-aead.c +++ b/g10/cipher-aead.c @@ -200,9 +200,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) if (err) return err; - err = set_nonce_and_ad (cfx, 0); - if (err) - return err; cfx->wrote_header = 1; leave: @@ -238,9 +235,6 @@ write_final_chunk (cipher_filter_context_t *cfx, iobuf_t a) gpg_error_t err; char dummy[1]; - if (cfx->chunklen) - cfx->chunkindex++; - err = set_nonce_and_ad (cfx, 1); if (err) goto leave; @@ -297,8 +291,18 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) if (cfx->buflen == cfx->bufsize || finalize) { if (DBG_FILTER) - log_debug ("encrypting: buflen=%zu %s n=%zu\n", - cfx->buflen, finalize?"(finalize)":"", n); + log_debug ("encrypting: size=%zu buflen=%zu %s n=%zu\n", + size, cfx->buflen, finalize?"(finalize)":"", n); + + if (!cfx->chunklen) + { + if (DBG_FILTER) + log_debug ("start encrypting a new chunk\n"); + err = set_nonce_and_ad (cfx, 0); + if (err) + goto leave; + } + if (finalize) gcry_cipher_final (cfx->cipher_hd); if (DBG_FILTER) @@ -314,8 +318,10 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) * be called after gcry_cipher_final and before * gcry_cipher_gettag - at least with libgcrypt 1.8 and OCB * mode. */ - gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, cfx->buflen, - NULL, 0); + err = gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, cfx->buflen, + NULL, 0); + if (err) + goto leave; if (finalize && DBG_FILTER) log_printhex (cfx->buffer, cfx->buflen, "ciphr(1):"); err = my_iobuf_write (a, cfx->buffer, cfx->buflen); @@ -328,19 +334,14 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) if (finalize) { if (DBG_FILTER) - log_debug ("chunklen=%ju total=%ju\n", + log_debug ("writing tag: chunklen=%ju total=%ju\n", (uintmax_t)cfx->chunklen, (uintmax_t)cfx->total); err = write_auth_tag (cfx, a); if (err) goto leave; - if (DBG_FILTER) - log_debug ("starting a new chunk (cur size=%zu)\n", size); cfx->chunkindex++; cfx->chunklen = 0; - err = set_nonce_and_ad (cfx, 0); - if (err) - goto leave; finalize = 0; } } @@ -361,38 +362,42 @@ do_free (cipher_filter_context_t *cfx, iobuf_t a) if (DBG_FILTER) log_debug ("do_free: buflen=%zu\n", cfx->buflen); - /* FIXME: Check what happens if we just wrote the last chunk and no - * more bytes were to encrypt. We should then not call finalize and - * write the auth tag again, right? May this at all happen? */ - - /* Call finalize which will also allow us to flush out and encrypt - * the last arbitrary length buffer. */ - gcry_cipher_final (cfx->cipher_hd); - - /* Encrypt any remaining bytes. */ if (cfx->buflen) { if (DBG_FILTER) - log_debug ("processing last %zu bytes of the last chunk\n", - cfx->buflen); - gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, cfx->buflen, NULL, 0); + log_debug ("encrypting last %zu bytes of the last chunk\n",cfx->buflen); + + if (!cfx->chunklen) + { + if (DBG_FILTER) + log_debug ("start encrypting a new chunk\n"); + err = set_nonce_and_ad (cfx, 0); + if (err) + goto leave; + } + + gcry_cipher_final (cfx->cipher_hd); + err = gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, cfx->buflen, + NULL, 0); + if (err) + goto leave; err = my_iobuf_write (a, cfx->buffer, cfx->buflen); if (err) goto leave; /* log_printhex (cfx->buffer, cfx->buflen, "wrote:"); */ cfx->chunklen += cfx->buflen; cfx->total += cfx->buflen; - } - else /* Dummy encryption. */ - gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, 0, NULL, 0); - /* Get and write the authentication tag. */ - if (DBG_FILTER) - log_debug ("chunklen=%ju total=%ju\n", - (uintmax_t)cfx->chunklen, (uintmax_t)cfx->total); - err = write_auth_tag (cfx, a); - if (err) - goto leave; + /* Get and write the authentication tag. */ + if (DBG_FILTER) + log_debug ("writing tag: chunklen=%ju total=%ju\n", + (uintmax_t)cfx->chunklen, (uintmax_t)cfx->total); + err = write_auth_tag (cfx, a); + if (err) + goto leave; + cfx->chunkindex++; + cfx->chunklen = 0; + } /* Write the final chunk. */ if (DBG_FILTER) diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 5594d90..a3151b5 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -770,17 +770,25 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) if (dfx->eof_seen) { - if (DBG_FILTER) - log_debug ("eof seen: holdback buffer has the last and final tag\n"); - log_assert (dfx->holdbacklen >= 32); if (dfx->chunklen) { + if (DBG_FILTER) + log_debug ("eof seen: holdback has the last and final tag\n"); + log_assert (dfx->holdbacklen >= 32); err = aead_checktag (dfx, 0, dfx->holdback); if (err) goto leave; dfx->chunklen = 0; dfx->chunkindex++; + off = 16; + } + else + { + if (DBG_FILTER) + log_debug ("eof seen: holdback has the final tag\n"); + log_assert (dfx->holdbacklen >= 16); + off = 0; } /* Check the final chunk. */ @@ -796,7 +804,7 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) gpg_strerror (err)); goto leave; } - err = aead_checktag (dfx, 1, dfx->holdback+16); + err = aead_checktag (dfx, 1, dfx->holdback+off); if (err) goto leave; err = gpg_error (GPG_ERR_EOF); commit 047506a03d21739b5b922f6b3fd9f059b0b137c5 Author: Werner Koch Date: Wed Feb 28 08:36:46 2018 +0100 gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch diff --git a/g10/cipher-aead.c b/g10/cipher-aead.c index cc306f9..1457baa 100644 --- a/g10/cipher-aead.c +++ b/g10/cipher-aead.c @@ -55,49 +55,16 @@ my_iobuf_write (iobuf_t a, const void *buffer, size_t buflen) } -/* Set the additional data for the current chunk. If FINAL is set the - * final AEAD chunk is processed. */ +/* Set the nonce and the additional data for the current chunk. If + * FINAL is set the final AEAD chunk is processed. This also reset + * the encryption machinery so that the handle can be used for a new + * chunk. */ static gpg_error_t -set_additional_data (cipher_filter_context_t *cfx, int final) -{ - unsigned char ad[21]; - - ad[0] = (0xc0 | PKT_ENCRYPTED_AEAD); - ad[1] = 1; - ad[2] = cfx->dek->algo; - ad[3] = cfx->dek->use_aead; - ad[4] = cfx->chunkbyte; - ad[5] = cfx->chunkindex >> 56; - ad[6] = cfx->chunkindex >> 48; - ad[7] = cfx->chunkindex >> 40; - ad[8] = cfx->chunkindex >> 32; - ad[9] = cfx->chunkindex >> 24; - ad[10]= cfx->chunkindex >> 16; - ad[11]= cfx->chunkindex >> 8; - ad[12]= cfx->chunkindex; - if (final) - { - ad[13] = cfx->total >> 56; - ad[14] = cfx->total >> 48; - ad[15] = cfx->total >> 40; - ad[16] = cfx->total >> 32; - ad[17] = cfx->total >> 24; - ad[18] = cfx->total >> 16; - ad[19] = cfx->total >> 8; - ad[20] = cfx->total; - } - if (DBG_CRYPTO) - log_printhex (ad, final? 21 : 13, "authdata:"); - return gcry_cipher_authenticate (cfx->cipher_hd, ad, final? 21 : 13); -} - - -/* Set the nonce. This also reset the encryption machinery so that - * the handle can be used for a new chunk. */ -static gpg_error_t -set_nonce (cipher_filter_context_t *cfx) +set_nonce_and_ad (cipher_filter_context_t *cfx, int final) { + gpg_error_t err; unsigned char nonce[16]; + unsigned char ad[21]; int i; switch (cfx->dek->use_aead) @@ -127,7 +94,37 @@ set_nonce (cipher_filter_context_t *cfx) if (DBG_CRYPTO) log_printhex (nonce, 15, "nonce:"); - return gcry_cipher_setiv (cfx->cipher_hd, nonce, i); + err = gcry_cipher_setiv (cfx->cipher_hd, nonce, i); + if (err) + return err; + + ad[0] = (0xc0 | PKT_ENCRYPTED_AEAD); + ad[1] = 1; + ad[2] = cfx->dek->algo; + ad[3] = cfx->dek->use_aead; + ad[4] = cfx->chunkbyte; + ad[5] = cfx->chunkindex >> 56; + ad[6] = cfx->chunkindex >> 48; + ad[7] = cfx->chunkindex >> 40; + ad[8] = cfx->chunkindex >> 32; + ad[9] = cfx->chunkindex >> 24; + ad[10]= cfx->chunkindex >> 16; + ad[11]= cfx->chunkindex >> 8; + ad[12]= cfx->chunkindex; + if (final) + { + ad[13] = cfx->total >> 56; + ad[14] = cfx->total >> 48; + ad[15] = cfx->total >> 40; + ad[16] = cfx->total >> 32; + ad[17] = cfx->total >> 24; + ad[18] = cfx->total >> 16; + ad[19] = cfx->total >> 8; + ad[20] = cfx->total; + } + if (DBG_CRYPTO) + log_printhex (ad, final? 21 : 13, "authdata:"); + return gcry_cipher_authenticate (cfx->cipher_hd, ad, final? 21 : 13); } @@ -203,14 +200,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) if (err) return err; - err = set_nonce (cfx); + err = set_nonce_and_ad (cfx, 0); if (err) return err; - - err = set_additional_data (cfx, 0); - if (err) - return err; - cfx->wrote_header = 1; leave: @@ -233,6 +225,8 @@ write_auth_tag (cipher_filter_context_t *cfx, iobuf_t a) goto leave; leave: + if (err) + log_error ("write_auth_tag failed: %s\n", gpg_strerror (err)); return err; } @@ -247,10 +241,7 @@ write_final_chunk (cipher_filter_context_t *cfx, iobuf_t a) if (cfx->chunklen) cfx->chunkindex++; - err = set_nonce (cfx); - if (err) - goto leave; - err = set_additional_data (cfx, 1); + err = set_nonce_and_ad (cfx, 1); if (err) goto leave; @@ -273,7 +264,7 @@ static gpg_error_t do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) { gpg_error_t err = 0; - int newchunk = 0; + int finalize = 0; size_t n; /* Put the data into a buffer, flush and encrypt as needed. */ @@ -289,7 +280,7 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) if (cfx->chunklen + cfx->buflen + n >= cfx->chunksize) { size_t n1 = cfx->chunksize - (cfx->chunklen + cfx->buflen); - newchunk = 1; + finalize = 1; if (DBG_FILTER) log_debug ("chunksize %ju reached;" " cur buflen=%zu using %zu of %zu\n", @@ -303,20 +294,21 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) buf += n; size -= n; - if (cfx->buflen == cfx->bufsize || newchunk) + if (cfx->buflen == cfx->bufsize || finalize) { if (DBG_FILTER) log_debug ("encrypting: buflen=%zu %s n=%zu\n", - cfx->buflen, newchunk?"(newchunk)":"", n); - if (newchunk) + cfx->buflen, finalize?"(finalize)":"", n); + if (finalize) gcry_cipher_final (cfx->cipher_hd); - if (!DBG_FILTER) - ; - else if (newchunk) - log_printhex (cfx->buffer, cfx->buflen, "plain(1):"); - else if (cfx->buflen > 32) - log_printhex (cfx->buffer + cfx->buflen - 32, 32, - "plain(last 32):"); + if (DBG_FILTER) + { + if (finalize) + log_printhex (cfx->buffer, cfx->buflen, "plain(1):"); + else if (cfx->buflen > 32) + log_printhex (cfx->buffer + cfx->buflen - 32, 32, + "plain(last32):"); + } /* Take care: even with a buflen of zero an encrypt needs to * be called after gcry_cipher_final and before @@ -324,7 +316,7 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) * mode. */ gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, cfx->buflen, NULL, 0); - if (newchunk && DBG_FILTER) + if (finalize && DBG_FILTER) log_printhex (cfx->buffer, cfx->buflen, "ciphr(1):"); err = my_iobuf_write (a, cfx->buffer, cfx->buflen); if (err) @@ -333,30 +325,23 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) cfx->total += cfx->buflen; cfx->buflen = 0; - if (newchunk) + if (finalize) { if (DBG_FILTER) log_debug ("chunklen=%ju total=%ju\n", (uintmax_t)cfx->chunklen, (uintmax_t)cfx->total); err = write_auth_tag (cfx, a); if (err) - { - log_error ("gcry_cipher_gettag failed: %s\n", - gpg_strerror (err)); - goto leave; - } + goto leave; if (DBG_FILTER) log_debug ("starting a new chunk (cur size=%zu)\n", size); cfx->chunkindex++; cfx->chunklen = 0; - err = set_nonce (cfx); - if (err) - goto leave; - err = set_additional_data (cfx, 0); + err = set_nonce_and_ad (cfx, 0); if (err) goto leave; - newchunk = 0; + finalize = 0; } } } ----------------------------------------------------------------------- Summary of changes: g10/cipher-aead.c | 210 +++++++++++++++++++++++++---------------------------- g10/decrypt-data.c | 16 +++- 2 files changed, 112 insertions(+), 114 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 28 12:17:47 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 28 Feb 2018 12:17:47 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-1.1.0-3-g84d473f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 84d473f5c323a3001374b0db736af9be4e3478a3 (commit) from 822c66815b5072281563fc4faa055493d20d660d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 84d473f5c323a3001374b0db736af9be4e3478a3 Author: Andre Heinecke Date: Wed Feb 28 12:05:02 2018 +0100 qt: Clean up foreground window code * qt/main.cpp (ForeignWidget): Remove. This did nothing with Qt 5. (setup_foreground_window): New helper to set parent and window flags. (qt_cmd_handler): Use setup_foreground_window. * qt/pinentrydialog.cpp: Disable Windows API hacks. -- This should hopefully work a bit cleaner then the old code. Setting us as transient to the Desktop is the same what Gtk 2 does. diff --git a/qt/main.cpp b/qt/main.cpp index 70a009d..f236781 100644 --- a/qt/main.cpp +++ b/qt/main.cpp @@ -30,12 +30,14 @@ #include "pinentrydialog.h" #include "pinentry.h" -#include +#include +#include #include -#include -#include -#include +#include #include +#include +#include +#include #include #include @@ -61,6 +63,10 @@ #endif #endif +#ifdef Q_OS_WIN +#include +#endif + static QString escape_accel(const QString &s) { @@ -97,22 +103,6 @@ static QString escape_accel(const QString &s) return result; } -/* Hack for creating a QWidget with a "foreign" window ID */ -class ForeignWidget : public QWidget -{ -public: - explicit ForeignWidget(WId wid) : QWidget(0) - { - QWidget::destroy(); - create(wid, false, false); - } - - ~ForeignWidget() - { - destroy(false, false); - } -}; - namespace { class InvalidUtf8 : public std::invalid_argument @@ -139,17 +129,44 @@ static QString from_utf8(const char *s) return result; } +static void +setup_foreground_window(QWidget *widget, WId parentWid) +{ + /* For windows set the desktop window as the transient parent */ + QWindow *parentWindow = nullptr; + if (parentWid) { + parentWindow = QWindow::fromWinId(parentWid); + } +#ifdef Q_OS_WIN + if (!parentWindow) { + HWND desktop = GetDesktopWindow(); + if (desktop) { + parentWindow = QWindow::fromWinId((WId) desktop); + } + } +#endif + if (parentWindow) { + // Ensure that we have a native wid + widget->winId(); + QWindow *wndHandle = widget->windowHandle(); + + if (wndHandle) { + wndHandle->setTransientParent(parentWindow); + } + } + widget->setWindowFlags(Qt::Window | + Qt::CustomizeWindowHint | + Qt::WindowTitleHint | + Qt::WindowCloseButtonHint | + Qt::WindowStaysOnTopHint | + Qt::WindowMinimizeButtonHint); +} + static int qt_cmd_handler(pinentry_t pe) { - QWidget *parent = 0; char *str; - /* FIXME: Add parent window ID to pinentry and GTK. */ - if (pe->parent_wid) { - parent = new ForeignWidget((WId) pe->parent_wid); - } - int want_pass = !!pe->pin; const QString ok = @@ -184,9 +201,9 @@ qt_cmd_handler(pinentry_t pe) if (want_pass) { char *str; - PinEntryDialog pinentry(parent, 0, pe->timeout, true, !!pe->quality_bar, + PinEntryDialog pinentry(nullptr, 0, pe->timeout, true, !!pe->quality_bar, repeatString, visibilityTT, hideTT); - + setup_foreground_window(&pinentry, pe->parent_wid); pinentry.setPinentryInfo(pe); pinentry.setPrompt(escape_accel(from_utf8(pe->prompt))); pinentry.setDescription(from_utf8(pe->description)); @@ -247,7 +264,8 @@ qt_cmd_handler(pinentry_t pe) pe->notok ? QMessageBox::Yes | QMessageBox::No | QMessageBox::Cancel : /* else */ QMessageBox::Ok | QMessageBox::Cancel ; - PinentryConfirm box(QMessageBox::Information, pe->timeout, title, desc, buttons, parent); + PinentryConfirm box(QMessageBox::Information, pe->timeout, title, desc, buttons, nullptr); + setup_foreground_window(&box, pe->parent_wid); const struct { QMessageBox::StandardButton button; @@ -274,7 +292,7 @@ qt_cmd_handler(pinentry_t pe) } box.show(); - raiseWindow(&box); + box.raise(); const int rc = box.exec(); diff --git a/qt/pinentryconfirm.cpp b/qt/pinentryconfirm.cpp index 65b191c..e549e10 100644 --- a/qt/pinentryconfirm.cpp +++ b/qt/pinentryconfirm.cpp @@ -38,7 +38,7 @@ PinentryConfirm::PinentryConfirm(Icon icon, int timeout, const QString &title, setAccessibleDescription(desc); setAccessibleName(title); #endif - raiseWindow(this); + raise(); } bool PinentryConfirm::timedOut() const @@ -61,7 +61,7 @@ void PinentryConfirm::showEvent(QShowEvent *event) } QDialog::showEvent(event); - raiseWindow(this); + raise(); } void PinentryConfirm::slotTimeout() diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp index cb52d7c..9bff8d2 100644 --- a/qt/pinentrydialog.cpp +++ b/qt/pinentrydialog.cpp @@ -41,6 +41,7 @@ #include #endif +#if 0 /* I [wk] have no idea for what this code was supposed to do. Foregrounding a window is heavily restricted by modern Windows versions. This is the reason why gpg-agent employs its @@ -52,6 +53,10 @@ a Window is so restricted that it AllowSetForegroundWindow does not always work (e.g. when the ForegroundWindow timeout has not expired. + + [ah 2018-02-28] Disabled this again in favor of using + windows stays on top hint. The code that is in main + setup_foreground_window. */ #ifdef Q_OS_WIN WINBOOL SetForegroundWindowEx(HWND hWnd) @@ -103,6 +108,8 @@ void raiseWindow(QWidget *w) #endif } +#endif + QPixmap icon(QStyle::StandardPixmap which) { QPixmap pm = qApp->windowIcon().pixmap(48, 48); @@ -129,7 +136,7 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, const QString &repeatString, const QString &visibilityTT, const QString &hideTT) - : QDialog(parent, Qt::WindowStaysOnTopHint), + : QDialog(parent), mRepeat(NULL), _grabbed(false), mVisibilityTT(visibilityTT), @@ -138,7 +145,6 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, mVisiCB(NULL) { _timed_out = false; - setWindowFlags(windowFlags() & ~Qt::WindowContextHelpButtonHint); if (modal) { setWindowModality(Qt::ApplicationModal); @@ -260,7 +266,7 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, void PinEntryDialog::showEvent(QShowEvent *event) { QDialog::showEvent(event); - raiseWindow(this); + raise(); } void PinEntryDialog::setDescription(const QString &txt) ----------------------------------------------------------------------- Summary of changes: qt/main.cpp | 78 +++++++++++++++++++++++++++++++------------------- qt/pinentryconfirm.cpp | 4 +-- qt/pinentrydialog.cpp | 12 ++++++-- 3 files changed, 59 insertions(+), 35 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 28 16:34:04 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 28 Feb 2018 16:34:04 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.5-4-ge43844c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb (commit) from ecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb Author: Andre Heinecke Date: Wed Feb 28 16:29:56 2018 +0100 gpgconf, w32: Allow UNC paths * tools/gpgconf-comp.c (get_config_filename): Allow UNC paths. -- The homedir of GnuPG on Windows can be on a network share e.g. if %APPDATA% is redirected to a network share. The file API calls work and GnuPG itself works nicely with such paths so gpgconf should work with them, too. GnuPG-Bug-Id: T3818 Signed-off-by: Andre Heinecke diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index f705f3a..b10b146 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -2076,7 +2076,9 @@ get_config_filename (gc_component_t component, gc_backend_t backend) #elif defined(HAVE_DOSISH_SYSTEM) if (!(filename[0] && filename[1] == ':' - && (filename[2] == '/' || filename[2] == '\\'))) + && (filename[2] == '/' || filename[2] == '\\')) /* x:\ or x:/ */ + && !((filename[0] == '\\' && filename[1] == '\\') + || (filename[0] == '/' && filename[1] == '/'))) /* \\server */ #else if (filename[0] != '/') #endif ----------------------------------------------------------------------- Summary of changes: tools/gpgconf-comp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org