(* marks recurring donations) ----------------------------------------------------------------------- Summary of changes: web/donate/kudos-2011.org | 5 +++-- web/donate/kudos-2012.org | 5 +++-- web/donate/kudos-2013.org | 4 ++-- web/donate/kudos-2014.org | 4 ++-- web/donate/kudos-2015.org | 4 ++-- web/donate/kudos-2016.org | 5 +++-- web/donate/kudos-2017.org | 4 ++-- 7 files changed, 17 insertions(+), 14 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 07:55:38 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 11 Jun 2018 07:55:38 +0200 Subject: [git] GnuPG - branch, gniibe/decryption-key, updated. gnupg-2.2.7-139-gc03a3eb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, gniibe/decryption-key has been updated via c03a3eb01d2d26bd69e6d7c7d2a5f72229e189e0 (commit) from fed3e10121a76cf270e72ff0bcf31a4ed40068e8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c03a3eb01d2d26bd69e6d7c7d2a5f72229e189e0 Author: NIIBE Yutaka Date: Mon Jun 11 11:48:14 2018 +0900 g10: Enumerated keys for decryption should be unique. * g10/getkey.c (enum_secret_keys): Collecting keys in the context, check duplicate to make sure returning only unique keys. * g10/pubkey-enc.c (get_session_key): Now, it's the responsibility of enum_secret_keys to free keys. -- Signed-off-by: NIIBE Yutaka diff --git a/g10/getkey.c b/g10/getkey.c index b111376..670dc1d 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3950,6 +3950,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) kbnode_t keyblock; kbnode_t node; getkey_ctx_t ctx; + pubkey_t results; } *c = *context; if (!c) @@ -3964,6 +3965,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) if (!sk) { /* Free the context. */ + pubkeys_free (c->results); release_kbnode (c->keyblock); getkey_end (ctrl, c->ctx); xfree (c); @@ -4066,8 +4068,31 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) if (c->node->pkt->pkttype == PKT_PUBLIC_KEY || c->node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { + pubkey_t r; + + /* Skip this candidate if it's already enumerated. */ + for (r = c->results; r; r = r->next) + if (!cmp_public_keys (r->pk, c->node->pkt->pkt.public_key)) + break; + if (r) + continue; + copy_public_key (sk, c->node->pkt->pkt.public_key); c->node = c->node->next; + + r = xtrycalloc (1, sizeof (*r)); + if (!r) + { + err = gpg_error_from_syserror (); + free_public_key (sk); + return err; + } + + r->pk = sk; + r->keyblock = NULL; + r->next = c->results; + c->results = r; + return 0; /* Found. */ } } diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 8540e03..32b1ed0 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -87,7 +87,6 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek) { struct pubkey_enc_list *k; - free_public_key (sk); sk = xmalloc_clear (sizeof *sk); rc = enum_secret_keys (ctrl, &enum_context, sk); if (rc) @@ -156,7 +155,6 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek) } } enum_secret_keys (ctrl, &enum_context, NULL); /* free context */ - free_public_key (sk); if (DBG_CLOCK) log_clock ("get_session_key leave"); ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 25 +++++++++++++++++++++++++ g10/pubkey-enc.c | 2 -- 2 files changed, 25 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 08:56:55 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Jun 2018 08:56:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.7-145-gd2bc66f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d2bc66f241a66cc95140cbb3a07555f6301290ed (commit) from 13f135c7a252cc46cff96e75968d92b6dc8dce1b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d2bc66f241a66cc95140cbb3a07555f6301290ed Author: Werner Koch Date: Mon Jun 11 08:46:37 2018 +0200 gpg: Set some list options with --show-keys * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 9db2365..5f114c5 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -356,9 +356,11 @@ be used to locate a key. Only public keys are listed. @item --show-keys @opindex show-keys This commands takes OpenPGP keys as input and prints information about -them in the same way the command @option{--list-keys} does for -imported key. No internal state is changed. For automated processing -this command should be combined with the option +them in the same way the command @option{--list-keys} does for locally +stored key. In addition the list options @code{show-unusable-uids}, + at code{show-unusable-subkeys}, @code{show-notations} and + at code{show-policy-urls} are also enabled. As usual for automated +processing, this command should be combined with the option @option{--with-colons}. @item --fingerprint diff --git a/g10/gpg.c b/g10/gpg.c index 499c005..8effc53 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2650,6 +2650,10 @@ main (int argc, char **argv) opt.import_options |= IMPORT_SHOW; opt.import_options |= IMPORT_DRY_RUN; opt.import_options &= ~IMPORT_REPAIR_KEYS; + opt.list_options |= LIST_SHOW_UNUSABLE_UIDS; + opt.list_options |= LIST_SHOW_UNUSABLE_SUBKEYS; + opt.list_options |= LIST_SHOW_NOTATIONS; + opt.list_options |= LIST_SHOW_POLICY_URLS; break; case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break; ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 8 +++++--- g10/gpg.c | 4 ++++ 2 files changed, 9 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 08:58:31 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Jun 2018 08:58:31 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.8-3-gcbb84b3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via cbb84b3361263504dcb958208bc20177cb97cebd (commit) from 18274db32b5dea7fe8db67043a787578c975de4d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cbb84b3361263504dcb958208bc20177cb97cebd Author: Werner Koch Date: Mon Jun 11 08:46:37 2018 +0200 gpg: Set some list options with --show-keys * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch (cherry picked from commit d2bc66f241a66cc95140cbb3a07555f6301290ed) diff --git a/doc/gpg.texi b/doc/gpg.texi index ca13047..2915d25 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -356,9 +356,11 @@ be used to locate a key. Only public keys are listed. @item --show-keys @opindex show-keys This commands takes OpenPGP keys as input and prints information about -them in the same way the command @option{--list-keys} does for -imported key. No internal state is changed. For automated processing -this command should be combined with the option +them in the same way the command @option{--list-keys} does for locally +stored key. In addition the list options @code{show-unusable-uids}, + at code{show-unusable-subkeys}, @code{show-notations} and + at code{show-policy-urls} are also enabled. As usual for automated +processing, this command should be combined with the option @option{--with-colons}. @item --fingerprint diff --git a/g10/gpg.c b/g10/gpg.c index b76a039..c117de3 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2610,6 +2610,10 @@ main (int argc, char **argv) opt.import_options |= IMPORT_SHOW; opt.import_options |= IMPORT_DRY_RUN; opt.import_options &= ~IMPORT_REPAIR_KEYS; + opt.list_options |= LIST_SHOW_UNUSABLE_UIDS; + opt.list_options |= LIST_SHOW_UNUSABLE_SUBKEYS; + opt.list_options |= LIST_SHOW_NOTATIONS; + opt.list_options |= LIST_SHOW_POLICY_URLS; break; case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break; ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 8 +++++--- g10/gpg.c | 4 ++++ 2 files changed, 9 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 09:03:53 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Jun 2018 09:03:53 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.8-4-gdc96fd8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via dc96fd883571a975cfea0882fd38d7b0dd78775b (commit) from cbb84b3361263504dcb958208bc20177cb97cebd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dc96fd883571a975cfea0882fd38d7b0dd78775b Author: Werner Koch Date: Mon Jun 11 08:56:04 2018 +0200 doc: Mention new command --show-keys in the 2.2.7 NEWS. -- diff --git a/NEWS b/NEWS index 7b34436..03ea514 100644 --- a/NEWS +++ b/NEWS @@ -26,9 +26,13 @@ Noteworthy changes in version 2.2.8 (2018-06-08) * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc have no more effect. + * gpg: New command --show-keys. + * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the list of startup environment variables. [#3947] + See-also: gnupg-announce/2018q2/000425.html + Noteworthy changes in version 2.2.7 (2018-05-02) ------------------------------------------------ ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 09:03:57 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Jun 2018 09:03:57 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.7-146-g615b9d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 615b9d1fb779f3d5593484aa1e023b0ddff459f0 (commit) from d2bc66f241a66cc95140cbb3a07555f6301290ed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 615b9d1fb779f3d5593484aa1e023b0ddff459f0 Author: Werner Koch Date: Mon Jun 11 08:55:20 2018 +0200 doc: Include release info from 2.2.8 -- diff --git a/NEWS b/NEWS index 48f4fdb..232d8be 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,36 @@ Noteworthy changes in version 2.3.0 (unreleased) ------------------------------------------------ + Changes also found in 2.2.8: + + * gpg: Decryption of messages not using the MDC mode will now lead + to a hard failure even if a legacy cipher algorithm was used. The + option --ignore-mdc-error can be used to turn this failure into a + warning. Take care: Never use that option unconditionally or + without a prior warning. + + * gpg: The MDC encryption mode is now always used regardless of the + cipher algorithm or any preferences. For testing --rfc2440 can be + used to create a message without an MDC. + + * gpg: Sanitize the diagnostic output of the original file name in + verbose mode. [#4012,CVE-2018-12020] + + * gpg: Detect suspicious multiple plaintext packets in a more + reliable way. [#4000] + + * gpg: Fix the duplicate key signature detection code. [#3994] + + * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc, + --disable-mdc and --no-disable-mdc have no more effect. + + * gpg: New command --show-keys. + + * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the + list of startup environment variables. [#3947] + + See-also: gnupg-announce/2018q2/000425.html + Changes also found in 2.2.7: * gpg: New option --no-symkey-cache to disable the passphrase cache @@ -36,6 +66,8 @@ Noteworthy changes in version 2.3.0 (unreleased) * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease debugging. + See-also: gnupg-announce/2018q2/000424.html + Changes also found in 2.2.6: * gpg,gpgsm: New option --request-origin to pretend requests coming @@ -81,6 +113,8 @@ Noteworthy changes in version 2.3.0 (unreleased) * Allow the use of UNC directory names as homedir. [#3818] + See-also: gnupg-announce/2018q2/000421.html + Changes also found in 2.2.5: * gpg: Allow the use of the "cv25519" and "ed25519" short names in @@ -124,6 +158,8 @@ Noteworthy changes in version 2.3.0 (unreleased) with statically linked versions of the core GnuPG libraries. Also use --enable-wks-tools by default by Speedo builds for Unix. + See-also: gnupg-announce/2018q1/000420.html + Changes also found in 2.2.4: * gpg: Change default preferences to prefer SHA512. @@ -153,6 +189,8 @@ Noteworthy changes in version 2.3.0 (unreleased) * New configure option --enable-run-gnupg-user-socket to first try a socket directory which is not removed by systemd at session end. + See-also: gnupg-announce/2017q4/000419.html + Changes also found in 2.2.3: * gpgsm: Fix initial keybox creation on Windows. [#3507] @@ -172,7 +210,6 @@ Noteworthy changes in version 2.3.0 (unreleased) See-also: gnupg-announce/2017q4/000417.html - Changes also found in 2.2.2: * gpg: Avoid duplicate key imports by concurrently running gpg @@ -236,6 +273,8 @@ Noteworthy changes in version 2.3.0 (unreleased) certificates are configured. If build with GNUTLS, this was already the case. + See-also: gnupg-announce/2017q3/000415.html + Release dates of 2.2.x versions: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Version 2.2.1 (2017-09-19) @@ -245,6 +284,7 @@ Noteworthy changes in version 2.3.0 (unreleased) Version 2.2.5 (2018-02-22) Version 2.2.6 (2018-04-09) Version 2.2.7 (2018-05-02) + Version 2.2.8 (2018-06-08) Noteworthy changes in version 2.2.0 (2017-08-28) ----------------------------------------------------------------------- Summary of changes: NEWS | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 11:16:30 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Jun 2018 11:16:30 +0200 Subject: [git] gnupg-doc - branch, master, updated. 71724d3c3bafc1b8534ceb150d264db9ccf6f39a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 71724d3c3bafc1b8534ceb150d264db9ccf6f39a (commit) from 031285b8ea7debdb90c497b29a0e25894c6a76a5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 71724d3c3bafc1b8534ceb150d264db9ccf6f39a Author: Werner Koch Date: Mon Jun 11 11:08:28 2018 +0200 swdb: Release of Gnupg 1.4.23 diff --git a/web/swdb.mac b/web/swdb.mac index ece3aab..09a3730 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -37,15 +37,15 @@ # # GnuPG-1 # -#+macro: gnupg1_ver 1.4.22 -#+macro: gnupg1_date 2017-07-19 -#+macro: gnupg1_size 3658k -#+macro: gnupg1_sha1 4bad84fba712626cbbd5adf20988788028c5a5a6 -#+macro: gnupg1_sha2 9594a24bec63a21568424242e3f198b9d9828dea5ff0c335e47b06f835f930b4 -# -#+macro: gnupg1_w32cli_ver 1.4.22 -#+macro: gnupg1_w32cli_size 2372k -#+macro: gnupg1_w32cli_sha1 27b8069872d6d2b271222ffb9322dbd6197b0b89 +#+macro: gnupg1_ver 1.4.23 +#+macro: gnupg1_date 2018-06-11 +#+macro: gnupg1_size 3661k +#+macro: gnupg1_sha1 13747486ed5ff707f796f34f50f4c3085c3a6875 +#+macro: gnupg1_sha2 c9462f17e651b6507848c08c430c791287cd75491f8b5a8b50c6ed46b12678ba +# +#+macro: gnupg1_w32cli_ver 1.4.23 +#+macro: gnupg1_w32cli_size 2376k +#+macro: gnupg1_w32cli_sha1 d4c9962179d36a140be72c34f34e557b56c975b5 # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 12:14:11 2018 From: cvs at cvs.gnupg.org (by Maximilian Krambach) Date: Mon, 11 Jun 2018 12:14:11 +0200 Subject: [git] GPGME - branch, javascript-binding, updated. gpgme-1.11.1-57-ge97e6c0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, javascript-binding has been updated via e97e6c06e950cfad424e120f4f3752b594214c94 (commit) from c072675f3f2d734297a348c6de810148fb1424a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e97e6c06e950cfad424e120f4f3752b594214c94 Author: Maximilian Krambach Date: Mon Jun 11 12:08:50 2018 +0200 js: Add key creation to Keyring -- * src/Keyring.js: Added method generateKey for new Keys Still TODO: Key length and some further testing. Automated testing does not work in this case, and gpgmejs will not be able to delete test keys again. * src/permittedOperations.js Added new method's definitions according to gpgme-json diff --git a/lang/js/src/Keyring.js b/lang/js/src/Keyring.js index 7158587..0d4e3c5 100644 --- a/lang/js/src/Keyring.js +++ b/lang/js/src/Keyring.js @@ -197,5 +197,63 @@ export class GPGME_Keyring { } } - // generateKey + /** + * Generates a new Key pair directly in gpg, and returns a GPGME_Key + * representing that Key. Please note that due to security concerns, secret + * Keys can not be _deleted_ from inside gpgmejs. + * + * @param {String} userId The user Id, e.g. "Foo Bar " + * @param {*} algo (optional) algorithm to be used. See + * {@link supportedKeyAlgos } below for supported values. + * @param {Number} keyLength (optional) TODO + * @param {Date} expires (optional) Expiration date. If not set, expiration + * will be set to 'never' + * + * @returns{Promise} + */ + generateKey(userId, algo = 'default', keyLength, expires){ + if ( + typeof(userId) !== 'string' || + supportedKeyAlgos.indexOf(algo) < 0 || + (expires && !(expires instanceof Date)) + // TODO keylength + // TODO check for completeness of algos + ){ + return Promise.reject(gpgme_error('PARAM_WRONG')); + } + let me = this; + return new Promise(function(resolve, reject){ + let msg = createMessage('createkey'); + msg.setParameter('userid', userId); + msg.setParameter('algo', algo); + if (expires){ + msg.setParameter('expires', + Math.floor(expires.valueOf()/1000)); + } + // TODO append keylength to algo + msg.post().then(function(response){ + me.getKeys(response.fingerprint, true).then( + // TODO make prepare_sync (second parameter) optional here. + function(result){ + resolve(result); + }, function(error){ + reject(error); + }); + }, function(error) { + reject(error); + }); + }); + } } + +/** + * A list of algorithms supported for key generation. + */ +const supportedKeyAlgos = [ + 'default', + 'rsa', + 'dsa', + 'elg', + 'ed25519', + 'cv25519' +]; \ No newline at end of file diff --git a/lang/js/src/permittedOperations.js b/lang/js/src/permittedOperations.js index 6ac33af..91612ad 100644 --- a/lang/js/src/permittedOperations.js +++ b/lang/js/src/permittedOperations.js @@ -311,12 +311,31 @@ export const permittedOperations = { 'info': 'object' } } - } + }, + createkey: { + pinentry: true, + required: { + userid: { + allowed: ['string'] + } + }, + optional: { + algo: { + allowed: ['string'] + }, + expires: { + allowed: ['number'], + } + }, + answer: { + type: [''], + data: {'fingerprint': 'string'} + } + } /** * TBD handling of secrets * TBD key modification? - * TBD: key generation */ }; ----------------------------------------------------------------------- Summary of changes: lang/js/src/Keyring.js | 60 +++++++++++++++++++++++++++++++++++++- lang/js/src/permittedOperations.js | 23 +++++++++++++-- 2 files changed, 80 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 13:31:43 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Jun 2018 13:31:43 +0200 Subject: [git] gnupg-doc - branch, master, updated. 51549ca5dbdc01c920fcbd5956f17de439e91d86 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 51549ca5dbdc01c920fcbd5956f17de439e91d86 (commit) from 71724d3c3bafc1b8534ceb150d264db9ccf6f39a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 51549ca5dbdc01c920fcbd5956f17de439e91d86 Author: Werner Koch Date: Mon Jun 11 13:23:54 2018 +0200 web: Announce 1.4.23 diff --git a/web/index.org b/web/index.org index acb0c10..53df6f1 100644 --- a/web/index.org +++ b/web/index.org @@ -65,6 +65,12 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 1.4.23 released (2018-06-11) :important: + +Although GnuPG 1.4 is of very limited use today we did a maintenance +release to address the critical security bug {{{CVE(2017-7526)}}}. +See the [[../../download/index.org][download]] section on how to get this version. + ** GnuPG 2.2.8 released (2018-06-08) :important: This version fixes a critical security bug. Either this version or a ----------------------------------------------------------------------- Summary of changes: web/index.org | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 15:12:37 2018 From: cvs at cvs.gnupg.org (by Maximilian Krambach) Date: Mon, 11 Jun 2018 15:12:37 +0200 Subject: [git] GPGME - branch, javascript-binding, updated. gpgme-1.11.1-58-ge154554 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, javascript-binding has been updated via e154554e9a48a08219649a58be0b641c561e1748 (commit) from e97e6c06e950cfad424e120f4f3752b594214c94 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e154554e9a48a08219649a58be0b641c561e1748 Author: Maximilian Krambach Date: Mon Jun 11 15:10:43 2018 +0200 js: removed config -- * There is no use for a configuration at the moment, and it seems improbable that this use will arise. diff --git a/lang/js/BrowserTestExtension/tests/inputvalues.js b/lang/js/BrowserTestExtension/tests/inputvalues.js index 024aad2..1c70190 100644 --- a/lang/js/BrowserTestExtension/tests/inputvalues.js +++ b/lang/js/BrowserTestExtension/tests/inputvalues.js @@ -53,14 +53,6 @@ const inputvalues = {// eslint-disable-line no-unused-vars // bogus fingerprint) fingerprint: 'CDC3A2B2860625CCBFC5AAAAAC6D1B604967FC4A' } - }, - init: { - // some parameters - invalid_startups: [ - {all_passwords: true}, - 'openpgpmode', - {api_style:'frankenstein'} - ] } }; diff --git a/lang/js/BrowserTestExtension/tests/startup.js b/lang/js/BrowserTestExtension/tests/startup.js index d434b6d..dae9402 100644 --- a/lang/js/BrowserTestExtension/tests/startup.js +++ b/lang/js/BrowserTestExtension/tests/startup.js @@ -22,7 +22,6 @@ */ /* global describe, it, expect, Gpgmejs */ -/* global inputvalues */ describe('GPGME context', function(){ it('Starting a GpgME instance', function(done){ @@ -36,19 +35,3 @@ describe('GPGME context', function(){ }); }); }); - -describe('GPGME does not start with invalid parameters', function(){ - for (let i=0; i < inputvalues.init.invalid_startups.length; i++){ - it('Parameter '+ i, function(done){ - let prm = Gpgmejs.init(inputvalues.init.invalid_startups[i]); - prm.then(function(context){ - expect(context).to.be.undefined; - done(); - }, function(error){ - expect(error).to.be.an.instanceof(Error); - expect(error.code).to.equal('PARAM_WRONG'); - done(); - }); - }); - } -}); \ No newline at end of file diff --git a/lang/js/src/Config.js b/lang/js/src/Config.js deleted file mode 100644 index 8a3ef49..0000000 --- a/lang/js/src/Config.js +++ /dev/null @@ -1,34 +0,0 @@ -/* gpgme.js - Javascript integration for gpgme - * Copyright (C) 2018 Bundesamt f?r Sicherheit in der Informationstechnik - * - * This file is part of GPGME. - * - * GPGME is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * GPGME is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, see . - * SPDX-License-Identifier: LGPL-2.1+ - * - * Author(s): - * Maximilian Krambach - */ - -export const availableConf = { - null_expire_is_never: [true, false], - // cachedKeys: Some Key info will not be queried on each invocation, - // manual refresh by Key.refresh() - cachedKeys: [true, false] -}; - -export const defaultConf = { - null_expire_is_never: false, - cachedKeys: false -}; \ No newline at end of file diff --git a/lang/js/src/gpgmejs.js b/lang/js/src/gpgmejs.js index 09bca7f..7fa7643 100644 --- a/lang/js/src/gpgmejs.js +++ b/lang/js/src/gpgmejs.js @@ -30,10 +30,8 @@ import { GPGME_Keyring } from './Keyring'; export class GpgME { /** * initializes GpgME by opening a nativeMessaging port - * TODO: add configuration */ - constructor(config){ //TODO config not parsed - this._config = config; + constructor(){ } set Keyring(keyring){ diff --git a/lang/js/src/index.js b/lang/js/src/index.js index 1b13ec4..6db2873 100644 --- a/lang/js/src/index.js +++ b/lang/js/src/index.js @@ -25,24 +25,20 @@ import { GpgME } from './gpgmejs'; import { gpgme_error } from './Errors'; import { Connection } from './Connection'; -import { defaultConf, availableConf } from './Config'; /** - * Initializes a nativeMessaging Connection and returns a GPGMEjs object - * @param {Object} config Configuration. See Config.js for available parameters. - * Still TODO + * Tests nativeMessaging once and returns a GpgME object if successful. + * @returns {GpgME | Error} + * + * @async */ -function init(config){ - let _conf = parseconfiguration(config); - if (_conf instanceof Error){ - return Promise.reject(_conf); - } +function init(){ return new Promise(function(resolve, reject){ let connection = new Connection; connection.checkConnection(false).then( function(result){ if (result === true) { - resolve(new GpgME(_conf)); + resolve(new GpgME()); } else { reject(gpgme_error('CONN_NO_CONNECT')); } @@ -52,36 +48,6 @@ function init(config){ }); } -function parseconfiguration(rawconfig = {}){ - if ( typeof(rawconfig) !== 'object'){ - return gpgme_error('PARAM_WRONG'); - } - let result_config = {}; - let conf_keys = Object.keys(rawconfig); - - for (let i=0; i < conf_keys.length; i++){ - - if (availableConf.hasOwnProperty(conf_keys[i])){ - let value = rawconfig[conf_keys[i]]; - if (availableConf[conf_keys[i]].indexOf(value) < 0){ - return gpgme_error('PARAM_WRONG'); - } else { - result_config[conf_keys[i]] = value; - } - } - else { - return gpgme_error('PARAM_WRONG'); - } - } - let default_keys = Object.keys(defaultConf); - for (let j=0; j < default_keys.length; j++){ - if (!result_config.hasOwnProperty(default_keys[j])){ - result_config[default_keys[j]] = defaultConf[default_keys[j]]; - } - } - return result_config; -} - export default { init: init }; \ No newline at end of file ----------------------------------------------------------------------- Summary of changes: lang/js/BrowserTestExtension/tests/inputvalues.js | 8 ---- lang/js/BrowserTestExtension/tests/startup.js | 17 --------- lang/js/src/Config.js | 34 ----------------- lang/js/src/gpgmejs.js | 4 +- lang/js/src/index.js | 46 +++-------------------- 5 files changed, 7 insertions(+), 102 deletions(-) delete mode 100644 lang/js/src/Config.js hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 18:24:12 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 11 Jun 2018 18:24:12 +0200 Subject: [git] GpgOL - branch, master, updated. outlook-2007-removal-18-gc9a1737 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via c9a173782e33b9709aae8f57c52db32538e1f852 (commit) via a1a0f0aa53b0be2da786c8cfbdf10d03d1d4b1bf (commit) via 49cc27fd092d8a7cb83a78c715a52764a1605652 (commit) via 5a2f1ac5880d0ce481026034c02e851fab67d48a (commit) from 75e02a5985d3a57668ce7ea8b0057ca919850b1a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c9a173782e33b9709aae8f57c52db32538e1f852 Author: Andre Heinecke Date: Mon Jun 11 18:19:48 2018 +0200 Clean reply / forwards of unsigned S/MIME Mails * src/mailitem-events.cpp (EVENT_SINK_INVOKE): Improve reply / forward handling and check for HTML Blocked Mails to clean them. * src/windowmessages.cpp, src/windowmessages.h (do_in_ui_thread_async): Extend to take delay as opt. param. (CLEAR_REPLY_FORWARD): New message. (gpgol_window_proc): Handle it. -- This is ugly ugly ugly. As we don't have a reliable way to detect when a reply / forward is filled with data we just wait a second before wiping the reply if necessary. The change in the write event to not invalidate the last mail also poses a regression risk. GnuPG-Bug-Id: T3986 diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp index e4dd961..9effeb1 100644 --- a/src/mailitem-events.cpp +++ b/src/mailitem-events.cpp @@ -135,6 +135,8 @@ EVENT_SINK_INVOKE(MailItemEvents) return S_OK; } } + + bool is_reply = false; switch(dispid) { case Open: @@ -592,7 +594,10 @@ EVENT_SINK_INVOKE(MailItemEvents) " Pass but schedule revert.", SRCNAME, __func__); - Mail::invalidate_last_mail (); + /* This might be a forward. So don't invalidate yet. */ + + // Mail::invalidate_last_mail (); + do_in_ui_thread_async (REVERT_MAIL, m_mail); return S_OK; } @@ -719,10 +724,16 @@ EVENT_SINK_INVOKE(MailItemEvents) SRCNAME, __func__); return S_OK; } + /* Fallthrough */ + case ReplyAll: + case Reply: + { + is_reply = true; + } case Forward: { - log_oom_extra ("%s:%s: Forward: %p", - SRCNAME, __func__, m_mail); + log_oom_extra ("%s:%s: %s : %p", + SRCNAME, __func__, is_reply ? "reply" : "forward", m_mail); if (!m_mail->is_crypto_mail ()) { /* Non crypto mails do not interest us.*/ @@ -746,18 +757,52 @@ EVENT_SINK_INVOKE(MailItemEvents) if (!lastSize && !lastEntryStr.size ()) { - log_debug ("%s:%s: Forward in the same loop as empty load." - " Marking %p (item %p) as forwarded.", - SRCNAME, __func__, last_mail, last_mail->item ()); + if (!is_reply) + { + log_debug ("%s:%s: Forward in the same loop as empty " + "load Marking %p (item %p) as forwarded.", + SRCNAME, __func__, last_mail, + last_mail->item ()); - last_mail->set_is_forwarded_crypto_mail (true); + last_mail->set_is_forwarded_crypto_mail (true); + } + else + { + log_debug ("%s:%s: Reply in the same loop as empty " + "load Marking %p (item %p) as reply.", + SRCNAME, __func__, last_mail, + last_mail->item ()); + } + if (m_mail->is_block_html()) + { + std::string caption = _("GpgOL") + std::string (": "); + caption += is_reply ? _("Dangerous reply") : + _("Dangerous forward"); + std::string buf = _("Unsigned S/MIME mails are not integrity " + "protected."); + buf += "\n\n"; + + if (is_reply) + { + buf += _("For security reasons no decrypted contents" + " are included in this reply."); + } + else + { + buf += _("For security reasons no decrypted contents" + " are included in the forwarded mail."); + } + + gpgol_message_box (get_active_hwnd (), buf.c_str(), + _("GpgOL"), MB_OK); + + do_in_ui_thread_async (CLEAR_REPLY_FORWARD, last_mail, 1000); + } } + // We can now invalidate the last mail + Mail::invalidate_last_mail (); } - } - /* Fallthrough */ - case Reply: - case ReplyAll: - { + log_oom_extra ("%s:%s: Reply Forward ReplyAll: %p", SRCNAME, __func__, m_mail); if (!opt.reply_crypt) diff --git a/src/windowmessages.cpp b/src/windowmessages.cpp index 73292d1..36c0631 100644 --- a/src/windowmessages.cpp +++ b/src/windowmessages.cpp @@ -182,6 +182,19 @@ gpgol_window_proc (HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) xfree (ctx->data); break; } + case (CLEAR_REPLY_FORWARD): + { + auto mail = (Mail*) ctx->data; + if (!Mail::is_valid_ptr (mail)) + { + log_debug ("%s:%s: Clear reply forward for mail which is gone.", + SRCNAME, __func__); + break; + } + mail->wipe (true); + mail->remove_all_attachments (); + break; + } default: log_debug ("%s:%s: Unknown msg %x", SRCNAME, __func__, ctx->wmsg_type); @@ -242,7 +255,7 @@ send_msg_to_ui_thread (wm_ctx_t *ctx) int do_in_ui_thread (gpgol_wmsg_type type, void *data) { - wm_ctx_t ctx = {NULL, UNKNOWN, 0}; + wm_ctx_t ctx = {NULL, UNKNOWN, 0, 0}; ctx.wmsg_type = type; ctx.data = data; if (send_msg_to_ui_thread (&ctx)) @@ -256,19 +269,25 @@ static DWORD WINAPI do_async (LPVOID arg) { wm_ctx_t *ctx = (wm_ctx_t*) arg; - log_debug ("%s:%s: Do async with type %i", - SRCNAME, __func__, ctx ? ctx->wmsg_type : -1); + log_debug ("%s:%s: Do async with type %i after %i ms", + SRCNAME, __func__, ctx ? ctx->wmsg_type : -1, + ctx->delay); + if (ctx->delay) + { + Sleep (ctx->delay); + } send_msg_to_ui_thread (ctx); xfree (ctx); return 0; } void -do_in_ui_thread_async (gpgol_wmsg_type type, void *data) +do_in_ui_thread_async (gpgol_wmsg_type type, void *data, int delay) { wm_ctx_t *ctx = (wm_ctx_t *) calloc (1, sizeof (wm_ctx_t)); ctx->wmsg_type = type; ctx->data = data; + ctx->delay = delay; CloseHandle (CreateThread (NULL, 0, do_async, (LPVOID) ctx, 0, NULL)); } diff --git a/src/windowmessages.h b/src/windowmessages.h index 56d9db8..dcc372c 100644 --- a/src/windowmessages.h +++ b/src/windowmessages.h @@ -52,6 +52,7 @@ typedef enum _gpgol_wmsg_type BRING_TO_FRONT, /* Bring the active Outlook window to the front. */ INVALIDATE_LAST_MAIL, REVERT_MAIL, + CLEAR_REPLY_FORWARD, } gpgol_wmsg_type; typedef struct @@ -59,6 +60,7 @@ typedef struct void *data; /* Pointer to arbitrary data depending on msg type */ gpgol_wmsg_type wmsg_type; /* Type of the msg. */ int err; /* Set to true on error */ + int delay; } wm_ctx_t; /** Create and register the responder window. @@ -77,9 +79,12 @@ int do_in_ui_thread (gpgol_wmsg_type type, void *data); /** Send a message to the UI thread but returns - immediately without waiting for the execution. */ + immediately without waiting for the execution. + + The delay is used in the detached thread to delay + the sending of the actual message. */ void -do_in_ui_thread_async (gpgol_wmsg_type type, void *data); +do_in_ui_thread_async (gpgol_wmsg_type type, void *data, int delay = 0); /** Create our filter before outlook Window Messages. */ HHOOK commit a1a0f0aa53b0be2da786c8cfbdf10d03d1d4b1bf Author: Andre Heinecke Date: Mon Jun 11 18:17:03 2018 +0200 Extend mail class for better reply/forward handling * src/mail.cpp, src/mail.h (Mail::set_is_reply_crypto_mail), (Maill::is_reply_crypto_mail, m_is_reply_crypto_mail): New flag for replies. (Mail::remove_all_attachements): New helper. (Mail::is_block_html): Expose the flag. -- This helps with: GnuPG-Bug-Id: T3986 diff --git a/src/mail.cpp b/src/mail.cpp index e5c2b3a..47d7367 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -92,6 +92,7 @@ Mail::Mail (LPDISPATCH mailitem) : m_window(nullptr), m_async_crypt_disabled(false), m_is_forwarded_crypto_mail(false), + m_is_reply_crypto_mail(false), m_is_send_again(false), m_disable_att_remove_warning(false) { @@ -2976,6 +2977,51 @@ Mail::locate_all_crypto_recipients() } int +Mail::remove_all_attachments () +{ + int ret = 0; + LPDISPATCH attachments = get_oom_object (m_mailitem, "Attachments"); + if (!attachments) + { + TRACEPOINT; + return 0; + } + int count = get_oom_int (attachments, "Count"); + LPDISPATCH to_delete[count]; + + /* Populate the array so that we don't get in an index mess */ + for (int i = 1; i <= count; i++) + { + auto item_str = std::string("Item(") + std::to_string (i) + ")"; + to_delete[i-1] = get_oom_object (attachments, item_str.c_str()); + } + gpgol_release (attachments); + + /* Now delete all attachments */ + for (int i = 0; i < count; i++) + { + LPDISPATCH attachment = to_delete[i]; + + if (!attachment) + { + log_error ("%s:%s: No such attachment %i", + SRCNAME, __func__, i); + ret = -1; + } + + /* Delete the attachments that are marked to delete */ + if (invoke_oom_method (attachment, "Delete", NULL)) + { + log_error ("%s:%s: Deleting attachment %i", + SRCNAME, __func__, i); + ret = -1; + } + gpgol_release (attachment); + } + return ret; +} + +int Mail::remove_our_attachments () { LPDISPATCH attachments = get_oom_object (m_mailitem, "Attachments"); diff --git a/src/mail.h b/src/mail.h index 20e737a..7f4ed7b 100644 --- a/src/mail.h +++ b/src/mail.h @@ -455,11 +455,20 @@ public: void set_is_forwarded_crypto_mail (bool value) { m_is_forwarded_crypto_mail = value; } bool is_forwarded_crypto_mail () { return m_is_forwarded_crypto_mail; } + /** Set if this is a reply of a crypto mail. */ + void set_is_reply_crypto_mail (bool value) { m_is_reply_crypto_mail = value; } + bool is_reply_crypto_mail () { return m_is_reply_crypto_mail; } + /** Remove the hidden GpgOL attachments. This is needed when forwarding without encryption so that our attachments are not included in the forward. Returns 0 on success. Works in OOM. */ int remove_our_attachments (); + /** Remove all attachments. Including our own. This is needed for + forwarding of unsigned S/MIME mails (Efail). + Returns 0 on success. Works in OOM. */ + int remove_all_attachments (); + /** Check both OOM and MAPI if the body is either empty or encrypted. Won't abort on OOM or MAPI errors, so it can be used in both states. But will return false if a body @@ -490,6 +499,7 @@ public: /* Block loading HTML content */ void set_block_html (bool value); + bool is_block_html () const { return m_block_html; } /* Remove automatic loading of HTML references setting. */ void set_block_status (); @@ -534,6 +544,7 @@ private: bool m_async_crypt_disabled; std::string m_mime_data; bool m_is_forwarded_crypto_mail; /* Is this a forward of a crypto mail */ + bool m_is_reply_crypto_mail; /* Is this a reply to a crypto mail */ bool m_is_send_again; /* Is this a send again of a crypto mail */ bool m_disable_att_remove_warning; /* Should not warn about attachment removal. */ bool m_block_html; /* Force blocking of html content. e.g for unsigned S/MIME mails. */ commit 49cc27fd092d8a7cb83a78c715a52764a1605652 Author: Andre Heinecke Date: Mon Jun 11 18:15:14 2018 +0200 Improve unsigned S/MIME HTML handling * src/mail.cpp (update_body): Improve handling and messages. -- GnuPG-Bug-Id: T3986 diff --git a/src/mail.cpp b/src/mail.cpp index b2d0fbe..e5c2b3a 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -1082,35 +1082,63 @@ Mail::update_body() // No need to carry body anymore m_orig_body = std::string(); auto html = m_parser->get_html_body (); + auto body = m_parser->get_body (); /** Outlook does not show newlines if \r\r\n is a newline. We replace these as apparently some other buggy MUA sends this. */ find_and_replace (html, "\r\r\n", "\r\n"); - if (opt.prefer_html && !html.empty() && !m_block_html) + if (opt.prefer_html && !html.empty()) { - const auto charset = m_parser->get_html_charset(); - - int codepage = 0; - if (charset.empty()) + if (!m_block_html) { - codepage = get_oom_int (m_mailitem, "InternetCodepage"); - log_debug ("%s:%s: Did not find html charset." - " Using internet Codepage %i.", - SRCNAME, __func__, codepage); - } + const auto charset = m_parser->get_html_charset(); - char *converted = ansi_charset_to_utf8 (charset.c_str(), html.c_str(), - html.size(), codepage); - int ret = put_oom_string (m_mailitem, "HTMLBody", converted ? converted : ""); - xfree (converted); - if (ret) + int codepage = 0; + if (charset.empty()) + { + codepage = get_oom_int (m_mailitem, "InternetCodepage"); + log_debug ("%s:%s: Did not find html charset." + " Using internet Codepage %i.", + SRCNAME, __func__, codepage); + } + + char *converted = ansi_charset_to_utf8 (charset.c_str(), html.c_str(), + html.size(), codepage); + int ret = put_oom_string (m_mailitem, "HTMLBody", converted ? + converted : ""); + xfree (converted); + if (ret) + { + log_error ("%s:%s: Failed to modify html body of item.", + SRCNAME, __func__); + } + + return; + } + else if (!body.empty()) { - log_error ("%s:%s: Failed to modify html body of item.", - SRCNAME, __func__); + /* We had a multipart/alternative mail but html should be + blocked. So we prefer the text/plain part and warn + once about this so that we hopefully don't get too + many bugreports about this. */ + if (!opt.smime_html_warn_shown) + { + std::string caption = _("GpgOL") + std::string (": ") + + std::string (_("HTML display disabled.")); + std::string buf = _("HTML content in unsigned S/MIME mails " + "is insecure."); + buf += "\n"; + buf += _("GpgOL will only show such mails as text."); + + buf += "\n\n"; + buf += _("This message is shown only once."); + + gpgol_message_box (get_window(), buf.c_str(), caption.c_str(), + MB_OK); + opt.smime_html_warn_shown = true; + write_options (); + } } - - return; } - auto body = m_parser->get_body (); if (body.empty () && m_block_html && !html.empty()) { @@ -1163,13 +1191,19 @@ Mail::update_body() } #endif body = html; - std::string buf = _("HTML display disabled."); + std::string caption = _("GpgOL") + std::string (": ") + + std::string (_("HTML display disabled.")); + std::string buf = _("HTML content in unsigned S/MIME mails " + "is insecure."); + buf += "\n"; + buf += _("GpgOL will only show such mails as text."); + buf += "\n\n"; - buf += _("For security reasons HTML content in unsigned, encrypted\n" - "S/MIME mails cannot be displayed.\n\n" - "Please ask the sender to sign the message or to send it as plain text."); + buf += _("Please ask the sender to sign the message or\n" + "to send it with a plain text alternative."); - gpgol_message_box (get_window(), buf.c_str() , _("GpgOL"), MB_OK); + gpgol_message_box (get_window(), buf.c_str(), caption.c_str(), + MB_OK); } find_and_replace (body, "\r\r\n", "\r\n"); commit 5a2f1ac5880d0ce481026034c02e851fab67d48a Author: Andre Heinecke Date: Mon Jun 11 18:12:17 2018 +0200 Cleanup unused options and add a warning shown opt * src/common_indep.h: Update option struct. * src/main.c (init_options): Removed. (write_options, read_options): Update accordingly. * src/mapihelp.cpp (mapi_get_gpgol_body_attachment): Remove obsolete handling to show body as attachment. -- This removes obsolete OL < 2010 Options and adds a new smime_html_warn_shown flag. diff --git a/src/common_indep.h b/src/common_indep.h index 7332dbd..f1805a9 100644 --- a/src/common_indep.h +++ b/src/common_indep.h @@ -186,20 +186,14 @@ struct larger than 1 increases the debug log verbosity. */ int enable_smime; /* Enable S/MIME support. */ - int passwd_ttl; /* Time in seconds the passphrase is stored. */ - protocol_t default_protocol;/* The default protocol. */ int encrypt_default; /* Encrypt by default. */ int sign_default; /* Sign by default. */ - int enc_format; /* Encryption format for attachments. */ char *default_key; /* The key we want to always encrypt to. */ - int enable_default_key; /* Enable the use of DEFAULT_KEY. */ - int preview_decrypt; /* Decrypt in preview window. */ int prefer_html; /* Prefer html in html/text alternatives. */ - int body_as_attachment; /* Present encrypted message as attachment. */ int inline_pgp; /* Only for Addin. Use Inline PGP by default. */ int autoresolve; /* Autresolve keys with --locate-keys. */ int reply_crypt; /* Only for Addin. Encrypt / Sign based on cryptostatus. */ - int deprecation_shown; /* Flag to save if deprecation warning was shown */ + int smime_html_warn_shown; /* Flag to save if unsigned smime warning was shown */ /* The compatibility flags. */ struct diff --git a/src/main.c b/src/main.c index 186620e..02c53df 100644 --- a/src/main.c +++ b/src/main.c @@ -39,16 +39,6 @@ static void drop_locale_dir (char *locale_dir); int g_ol_version_major; - -/* Initialization of gloabl options. These are merely the defaults - and will get updated later from the Registry. That is done later - at the time Outlook calls its entry point the first time. */ -static void -init_options (void) -{ - opt.enc_format = GPG_FMT_CLASSIC; -} - /* For certain operations we need to acquire a log on the logging functions. This lock is controlled by this Mutex. */ HANDLE log_mutex; @@ -169,7 +159,6 @@ DllMain (HINSTANCE hinst, DWORD reason, LPVOID reserved) if (initialize_main ()) return FALSE; i18n_init (); - init_options (); } else if (reason == DLL_PROCESS_DETACH) { @@ -306,17 +295,6 @@ read_options (void) opt.enable_smime = !val ? 0 : atoi (val); xfree (val); val = NULL; -/* load_extension_value ("defaultProtocol", &val); */ -/* switch ((!val || *val == '0')? 0 : atol (val)) */ -/* { */ -/* case 1: opt.default_protocol = PROTOCOL_OPENPGP; break; */ -/* case 2: opt.default_protocol = PROTOCOL_SMIME; break; */ -/* case 0: */ -/* default: opt.default_protocol = PROTOCOL_UNKNOWN /\*(auto*)*\/; break; */ -/* } */ -/* xfree (val); val = NULL; */ - opt.default_protocol = PROTOCOL_UNKNOWN; /* (auto)*/ - load_extension_value ("encryptDefault", &val); opt.encrypt_default = val == NULL || *val != '1'? 0 : 1; xfree (val); val = NULL; @@ -325,18 +303,6 @@ read_options (void) opt.sign_default = val == NULL || *val != '1'? 0 : 1; xfree (val); val = NULL; - load_extension_value ("previewDecrypt", &val); - opt.preview_decrypt = val == NULL || *val != '1'? 0 : 1; - xfree (val); val = NULL; - - load_extension_value ("enableDefaultKey", &val); - opt.enable_default_key = val == NULL || *val != '1' ? 0 : 1; - xfree (val); val = NULL; - - load_extension_value ("encodingFormat", &val); - opt.enc_format = val == NULL? GPG_FMT_CLASSIC : atol (val); - xfree (val); val = NULL; - load_extension_value ("defaultKey", &val); set_default_key (val); xfree (val); val = NULL; @@ -353,10 +319,6 @@ read_options (void) opt.announce_number = val? atol (val) : 0; xfree (val); val = NULL; - load_extension_value ("bodyAsAttachment", &val); - opt.body_as_attachment = val == NULL || *val != '1'? 0 : 1; - xfree (val); val = NULL; - load_extension_value ("inlinePGP", &val); opt.inline_pgp = val == NULL || *val != '1'? 0 : 1; xfree (val); val = NULL; @@ -366,8 +328,8 @@ read_options (void) load_extension_value ("replyCrypt", &val); opt.reply_crypt = val == NULL ? 1 : *val != '1' ? 0 : 1; xfree (val); val = NULL; - load_extension_value ("deprecationShown", &val); - opt.deprecation_shown = val == NULL || *val != '1'? 0 : 1; + load_extension_value ("smimeHtmlWarnShown", &val); + opt.smime_html_warn_shown = val == NULL || *val != '1'? 0 : 1; xfree (val); val = NULL; /* Note, that on purpose these flags are only Registry changeable. The format of the entry is a string of of "0" and "1" digits; see @@ -426,22 +388,16 @@ write_options (void) char *s_val; } table[] = { {"enableSmime", 0, opt.enable_smime, NULL}, -/* {"defaultProtocol", 3, opt.default_protocol}, */ {"encryptDefault", 0, opt.encrypt_default, NULL}, {"signDefault", 0, opt.sign_default, NULL}, - {"previewDecrypt", 0, opt.preview_decrypt, NULL}, - {"encodingFormat", 1, opt.enc_format, NULL}, {"logFile", 2, 0, (char*) get_log_file ()}, - {"defaultKey", 2, 0, opt.default_key}, - {"enableDefaultKey", 0, opt.enable_default_key, NULL}, {"gitCommit", 4, opt.git_commit, NULL}, {"formsRevision", 1, opt.forms_revision, NULL}, {"announceNumber", 1, opt.announce_number, NULL}, - {"bodyAsAttachment", 0, opt.body_as_attachment, NULL}, {"inlinePGP", 0, opt.inline_pgp, NULL}, {"autoresolve", 0, opt.autoresolve, NULL}, {"replyCrypt", 0, opt.reply_crypt, NULL}, - {"deprecationShown", 0, opt.deprecation_shown, NULL}, + {"smimeHtmlWarnShown", 0, opt.smime_html_warn_shown, NULL}, {NULL, 0, 0, NULL} }; char buf[32]; diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index a4774cb..6d2c04f 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -3330,17 +3330,6 @@ mapi_get_gpgol_body_attachment (LPMESSAGE message, found = 1; if (!r_body) ; /* Body content has not been requested. */ - else if (opt.body_as_attachment && !mapi_test_attach_hidden (att)) - { - /* The body is to be shown as an attachment. */ - body = native_to_utf8 - (bodytype == 2 - ? ("[Open the attachment \"gpgol000.htm\"" - " to view the message.]") - : ("[Open the attachment \"gpgol000.txt\"" - " to view the message.]")); - found = 1; - } else { char *charset; ----------------------------------------------------------------------- Summary of changes: src/common_indep.h | 8 +-- src/mail.cpp | 130 ++++++++++++++++++++++++++++++++++++++---------- src/mail.h | 11 ++++ src/mailitem-events.cpp | 69 ++++++++++++++++++++----- src/main.c | 50 ++----------------- src/mapihelp.cpp | 11 ---- src/windowmessages.cpp | 27 ++++++++-- src/windowmessages.h | 9 +++- 8 files changed, 207 insertions(+), 108 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 11 18:49:58 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Jun 2018 18:49:58 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1.8-BRANCH, updated. libgcrypt-1.8.2-15-g846f8fe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1.8-BRANCH has been updated via 846f8fe8b3be6d235592db184361df1bc2b07a8a (commit) via 54620a27f4503e703e219e6e11c4be14ce4e3d35 (commit) from 1a0289daa408773e1a6cefb2562288245f49651c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 846f8fe8b3be6d235592db184361df1bc2b07a8a Author: Werner Koch Date: Tue Jun 5 14:33:01 2018 +0200 ecc: Improve gcry_mpi_ec_curve_point * mpi/ec.c (_gcry_mpi_ec_curve_point): Check range of coordinates. * tests/t-mpi-point.c (point_on_curve): New. -- Due to the conversion to affine coordinates we didn't detected points with values >= P. The solution here might not be the best according to the NIST standard (it is done there at an earlier opportunity) but it reliably detects points we do not expect to receive. The new test vectors have been compared against gnutls/nettle. Reported-by: Stephan M?ller Signed-off-by: Werner Koch (cherry picked from commit 7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf) diff --git a/mpi/ec.c b/mpi/ec.c index 4c16603..89077cd 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1518,6 +1518,15 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx) y = mpi_new (0); w = mpi_new (0); + /* Check that the point is in range. This needs to be done here and + * not after conversion to affine coordinates. */ + if (mpi_cmpabs (point->x, ctx->p) >= 0) + goto leave; + if (mpi_cmpabs (point->y, ctx->p) >= 0) + goto leave; + if (mpi_cmpabs (point->z, ctx->p) >= 0) + goto leave; + switch (ctx->model) { case MPI_EC_WEIERSTRASS: diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c index 1eaa08a..f2378bf 100644 --- a/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -1045,6 +1045,271 @@ twistededwards_math (void) } +/* Check the point on curve function. */ +static void +point_on_curve (void) +{ + static struct { + const char *curve; + int oncurve; /* Point below is on the curve. */ + const char *qx; + const char *qy; + } t[] = { + { + "NIST P-256", 0, + "015B4F6775D68D4D2E2192C6B8027FC5A3D49957E453CB251155AA3FF5D3EC9974", + "4BC4C87B57A25E1056831208AB5B8F091142F891E9FF19F1E090B030DF1087B3" + }, { + "NIST P-256", 0, + "D22C316E7EBE7B293BD66808E000806F0754398A5D72A4F9BBC21C26EAC0A651", + "3C8DB80CC3CDE5E530D040536E6A58AAB41C33FA70B30896943513FF3690132D" + }, { + "NIST P-256", 0, + "0130F7E7BC52854CA493A0DE87DC4AB3B4343758F2B634F15B10D70DBC0A5A5291", + "86F9CA73C25CE86D54CB21C181AECBB52A5971334FF5040F76CAE9845ED46023" + }, { + "NIST P-256", 1, + "14957B602C7849F28858C7407696F014BC091D6D68C449560B7A38147D6E6A9B", + "A8E09EFEECFE00C797A0848F38B61992D30C61FAB13021E88C8BD3545B3A6C63" + }, { + "NIST P-256", 0, + "923DE4957241DD97780841C76294DB0D4F5DC04C3045081174764D2D32AD2D53", + "01B4B1A2027C02F0F520A3B01E4CE3C668BF481346A74499C5D1044A53E210B600" + }, { + "NIST P-256", 1, + "9021DFAB8B4DAEAADA634AAA26D6E5FFDF8C0476FF5CA31606C870A1B933FB36", + "9AFC65EEB24E46C7B75712EF29A981CB09FAC56E2B81D3ED024748CCAB1CB77E" + }, { + "NIST P-256", 0, + "011529F0B26DE5E0EB2DA4BFB6C149C802CB52EE479DD666553286928A4005E990", + "0EBC63DB2104884456DC0AA81A3F4E99D93B7AE2CD4B1489655EA9BE6289CF9E" + }, { + "NIST P-256", 1, + "216EC5DE8CA989199D31F0DFCD381DCC9270A0785365EC3E34CA347C070A87BE", + "87A88897BA763509ECC1DBE28D9D37F6F4E70E3B99B1CD3C0B934D4190968A6D" + }, { + "NIST P-256", 1, + "7ABAA44ACBC6016FDB52A6F45F6178E65CBFC35F9920D99149CA9999612CE945", + "88F7684BDCDA31EAFB6CAD859F8AB29B5D921D7DB2B34DF7E40CE36235F45B63" + }, { + "NIST P-256", 0, + "E765B4272D211DD0064189B55421FB76BB3A7756364A6CB1627FAED848157A84", + "C13171CFFB243E06B203F0996BBDD16F52292AD11F2DA81106E9C2FD87F4FA0F" + }, { + "NIST P-256", 0, + "EE4999DFC3A1871EE7A592BE26A09BEC9D9B561613EE9EFB6ED42F17985C9CDC", + "8399E967338A7A618336AF70DA67D9CAC1C19267809652F5C5183C8B129E0902" + }, { + "NIST P-256", 0, + "F755D0CF2642A2C7FBACCC8E9E442B8B047A99C6E052B2FA5AB0544B36B4D51C", + "AA080F17657B6565D9A4D94BD260B54D92FEE8DC4A78C4FC9C19209933AF39B0" + } , { + "NIST P-384", 0, + "CBFC7DBEBF15BEAD682549757F9BBA0E3F67669DF13FCE0EBE8024B725B38B00" + "83EC46A8F2FF3203C5C7F8C7E722A5EF", + "0548FE281BEAB18FD1AB86F59B0CA524479A4A81373C83B78AFFD801FAC75922" + "96470753DCF46173C9AA4A8A4C2FBE51" + }, { + "NIST P-384", 0, + "1DC8E054A883DB81EAEDE6C487B26816C927B8196780525A6CA8F675D2557752" + "02CE06CCBE705EA8A38AA2894D4BEEE6", + "010191050E867AFAA96A199FE9C591CF8B853D81486786DA889124881FB39D2F" + "8E0875F4C4BB1E3D0F8535C7A52306FB82" + }, { + "NIST P-384", 1, + "2539FC368CE1D5E464B6C0FBB12D557B712327DB086975255AD7D17F7E7E4F23" + "D719ED4116E2CC907AEB92CF22331A60", + "8843FDBA742CB64323E49CEBE8DD74908CFC9C3AA0015662DFBB7219E92CF32E" + "9FC63F61EF19DE9B3CEA98D163ABF254" + }, { + "NIST P-384", 0, + "0B786DACF400D43575394349EDD9F9CD145FC7EF737A3C5F69B253BE7639DB24" + "EC2F0CA62FF1F90B6515DE356EC2A404", + "225D6B2939CC7F7133F43353946A682C68DAC6BB75EE9CF6BD9A1609FA915692" + "72F4D3A87E88529754E109BB9B61B03B" + }, { + "NIST P-384", 0, + "76C660C9F58CF2051F9F8B06049694AB6FE418009DE6F0A0833BC690CEC06CC2" + "9A440AD51C94CF5BC28817C8C6E2D302", + "012974E5D9E55304ED294AB6C7A3C65B663E67ABC5E6F6C0F6498B519F2F6CA1" + "8306976291F3ADC0B5ABA42DED376EA9A5" + }, { + "NIST P-384", 0, + "23D758B1EDB8E12E9E707C53C131A19D9464B20EE05C99766F5ABDF9F906AD03" + "B958BF28B022E54E320672C4BAD4EEC0", + "01E9E72870C88F4C82A5AB3CC8A3398E8F006BF3EC05FFBB1EFF8AEE88020FEA" + "9E558E9F58ED1D324C9DCBCB4E8F2A5970" + }, { + "NIST P-384", 0, + "D062B96D5A10F715ACF361F99262ABF0F7693A8BB60ECB1DF459CF95750E4293" + "18BCB9FC60499D009F949298F3F9F47B", + "9089C6328E4B39A73D7EE6FAE1A77E48CE354B83BBCE432082C32C8FD6784B86" + "CFE9C552E2E720F5DA5806503D3784CD" + }, { + "NIST P-384", 0, + "2A951D4D6EB35C43D94866280D37365B82441BC84D62CBFF3365CAB1FD0A3E20" + "823CA8F84D2BBF4EA687885437DE7839", + "01CC7D762AFE613F7B5568BC516568A421159C40599E8D52DE10E8F9488931E1" + "69F3656C322DE45C4A70DC6DB9A661E599" + }, { + "NIST P-384", 1, + "A4BAEE6CDAF3AEB69032B3FBA811707C54F5753670DA5173D891547E8CBAEEF3" + "89B92C9A55573A596123415FBFA26991", + "3241EA716583C11C71BB30AF6C5E3A6637956F17ADBBE641BAB52E8539F9FC7B" + "F3B04F46DBFFE08151E0F0950CC70081" + }, { + "NIST P-384", 0, + "5C0E18B0DE3261BCBCFC7B702C2D75CF481336BFBADF420BADC616235C1966AB" + "4C0F876575DDEC1BDB3F3F04061C9AE4", + "E90C78550D1C922F1D8161D8C9C0576E29BD09CA665376FA887D13FA8DF48352" + "D7BBEEFB803F6CC8FC7895E47F348D33" + }, { + "NIST P-384", 1, + "2015864CD50F0A1A50E6401F44191665C19E4AD4B4903EA9EB464E95D1070E36" + "F1D8325E45734D5A0FDD103F4DF6F83E", + "5FB3E9A5C59DD5C5262A8176CB7032A00AE33AED08485884A3E5D68D9EEB990B" + "F26E8D87EC175577E782AD51A6A12C02" + }, { + "NIST P-384", 1, + "56EBF5310EEF5A5D8D001F570A18625383ECD4882B3FC738A69874E7C9D8F89C" + "187BECA23369DFD6C15CC0DA0629958F", + "C1230B349FB662CB762563DB8F9FCB32D5CCA16120681C474D67D279CCA6F6DB" + "73DE6AA96140B5C457B7486E06D318CE" + }, { + "NIST P-521", 0, + "01E4D82EE5CD6DA37080252295EFA273BBBA6952012D0120EAF131E73F1E5024" + "36E3324624471040030E1C345D65490ECEE9B64E03B15B6C7EB69A39C618BAFEED70", + "03EE3A3C88A6933B7B16016BE4CC4E3BF5EA0625CB3DB2604CDCBBD02CABBC90" + "8904D9DB42998F6C5101D4D4318ACFC9643C9CD641F636D1810ED86F1840EA74F3C0" + }, { + "NIST P-521", 0, + "01F3DFCB5433387B6B2E3F74177F4F3D7300F05E1AD49DE112630E27B1C8A437" + "1E742CB020E0039B5477FC897D17332034F9660B3066764EFF5FB440EB8856E782E3", + "02D337616C9D202DC5E290C486F5855CBD6A8470AE62CA96245834CF49257D8D" + "96D4041B15007650DEE668C00DDBF749054256C571F60980AC74D0DBCA7FB96C2F48" + }, { + "NIST P-521", 1, + "822A846606DC9E96452CAC373567A8B57D9ACA15B177F75DD7EF10C635F52CE4" + "EF6ABEEDB90D3F48F50A0C9015A95C955A25C45DE8413DE3BF899B6B1E62CF7CB8", + "0102771B5F3EC8C36838CEC04DCBC28AD1E38C37DAB0EA89B5EE92D21F7A35CE" + "ABC8B155EDC70154D6DFA2E77EC1D8C4A3406A6BD0ECF8F1EE2AC33A02464CB70C97" + }, { + "NIST P-521", 0, + "F733D48467912D1FFE46CF442F27FDD218D190E7B8A829D822DA3B6BAF9B987E" + "5B4BCCE34499248F59EEAF74F63ED15FF73F243C6FC3FD5E5842F6A3BA34C2022D", + "0281AAAD1B7EEBABEB6EC67932CB7E95717AFA3B4CF7A2DB151CD537C419C3A5" + "156ED9160758190B47696CDC15E81BBAD12975283907A571604DB23F702AEA4B38FF" + }, { + "NIST P-521", 0, + "03B1B274175AAEB5907152E5114CCAEADA28A7ADD4A2B1831C3D8302E8596489" + "E2C98B9B8D0CAE98C03BB11E28CE66D4736449758AF58BAFE40EF5A5FA22C9A43117", + "94C5951F81D544E959EDFC5DC1D5F42FE427871D4FB91A43A0B4A6BEA6B35B9E" + "BC5FB444C70BE4FD47B4ED16704F8C86EF019FC47C7FF2271F8B0DDEA9E2D3BCDD" + }, { + "NIST P-521", 1, + "F2248C318055DE37CD706D4FCAF7E7D96737A4A7B6B8067A66DCD58B6B8DFC55" + "90ECE67F6AA67F9C51B57E7B023075F2F42909BF47361CB6881C10F55FB7215B56", + "0162F735CE6A2ADA54CAF96A12D6888C02DE0A74638CF34CE39DABBACA4D651B" + "7E6ED1A65B551B36BAE7BE474BB6E6905ED0E33C7BA2021885027C7C6E40C5613004" + }, { + "NIST P-521", 0, + "9F08E97FEADCF0A391CA1EA4D97B5FE62D3B164593E12027EB967BD6E1FA841A" + "9831158DF164BCAD0BF3ADA96127745E25F349BDDD52EEA1654892B35960C9C023", + "AE2A25F5440F258AFACA6925C4C9F7AEAD3CB67153C4FACB31AC33F58B43A78C" + "B14F682FF726CEE2A6B6F6B481AEEB29A9B3150F02D1CFB764672BA8294C477291" + }, { + "NIST P-521", 0, + "01047B52014748C904980716953206A93F0D01B34CA94A997407FA93FE304F86" + "17BB6E402B2BB8B434C2671ECE953ABE7BADB75713CD9DF950943A33A9A19ACCDABE", + "7433533F098037DEA616337986887D01C5CC8DEC3DC1FDB9CDF7287EF27CC125" + "54FCF3A5E212DF9DAD9F8A3A7173B23FC6E15930704F3AEE1B074BDDB0ED6823E4" + }, { + "NIST P-521", 0, + "01C2A9EBF51592FE6589F618EAADA1697D9B2EC7CE5D48C9E80FC597642B23F1" + "F0EBE953449762BD3F094F57791D9850AFE98BBDA9872BE399B7BDD617860076BB03", + "0B822E27692F63DB8E12C59BB3CCA172B9BBF613CAE5F9D1474186E45E8B26FF" + "962084E1C6BE74821EDBB60941A3B75516F603719563433383812BFEA89EC14B89" + }, { + "NIST P-521", 0, + "99390F342C3F0D46E80C5B65C61E8AA8ACA0B6D4E1352404586364A05D8398E9" + "2BC71A644E8663F0A9B87D0B3ACAEE32F2AB9B321317AD23059D045EBAB91C5D93", + "82FCF93AE4467EB57766F2B150E736636727E7282500CD482DA70D153D195F2B" + "DF9B96D689A0DC1BB9137B41557A33F202F1B71840544CBEFF03072E77E4BB6F0B" + }, { + "NIST P-521", 1, + "018E48E80594FF5496D8CC7DF8A19D6AA18805A4EF4490038AED6A1E9AA18056" + "D0244A97DCF6D132C6804E3F4F369922119544B4C057D783C848FB798B48730A382C", + "01AF510B4F5E1C40BC9C110216D35E7C6D7A2BEE52914FC98258676288449901" + "F27A07EE91DF2D5D79259712906C3E18A990CBF35BCAC41A952820CE2BA8D0220080" + }, { + "NIST P-521", 1, + "ADCEF3539B4BC831DC0AFD173137A4426152058AFBAE06A17FCB89F4DB6E48B5" + "335CB88F8E4DB475A1E390E5656072F06605BFB84CBF9795B7992ECA04A8E10CA1", + "01BCB985AFD6404B9EDA49B6190AAA346BF7D5909CA440C0F7E505C62FAC8635" + "31D3EB7B2AC4DD4F4404E4B12E9D6D3C596179587F3724B1EFFF684CFDB4B21826B9" + } + }; + gpg_error_t err; + int tidx; + const char *lastcurve = NULL; + gcry_ctx_t ctx = NULL; + gcry_mpi_t qx = NULL; + gcry_mpi_t qy = NULL; + gcry_mpi_point_t Q; + int oncurve; + + wherestr = "point_on_curve"; + for (tidx=0; tidx < DIM (t); tidx++) + { + if (!t[tidx].curve) + { + if (!lastcurve || !ctx) + die ("invalid test vectors at idx %d\n", tidx); + } + else if (!ctx || !lastcurve || strcmp (t[tidx].curve, lastcurve)) + { + lastcurve = t[tidx].curve; + gcry_ctx_release (ctx); + err = gcry_mpi_ec_new (&ctx, NULL, lastcurve); + if (err) + die ("error creating context for curve %s at idx %d: %s\n", + lastcurve, tidx, gpg_strerror (err)); + + info ("checking points on curve %s\n", lastcurve); + } + + gcry_mpi_release (qx); + gcry_mpi_release (qy); + qx = hex2mpi (t[tidx].qx); + qy = hex2mpi (t[tidx].qy); + + Q = gcry_mpi_point_set (NULL, qx, qy, GCRYMPI_CONST_ONE); + if (!Q) + die ("gcry_mpi_point_set(Q) failed at idx %d\n", tidx); + + oncurve = gcry_mpi_ec_curve_point (Q, ctx); + + if (t[tidx].oncurve && !oncurve) + { + fail ("point expected on curve but not identified as such (i=%d):\n", + tidx); + print_point (" Q", Q); + } + else if (!t[tidx].oncurve && oncurve) + { + fail ("point not expected on curve but identified as such (i=%d):\n", + tidx); + print_point (" Q", Q); + } + gcry_mpi_point_release (Q); + } + + gcry_mpi_release (qx); + gcry_mpi_release (qy); + gcry_ctx_release (ctx); +} + + int main (int argc, char **argv) { @@ -1067,6 +1332,7 @@ main (int argc, char **argv) context_alloc (); context_param (); basic_ec_math (); + point_on_curve (); /* The tests are for P-192 and ed25519 which are not supported in FIPS mode. */ commit 54620a27f4503e703e219e6e11c4be14ce4e3d35 Author: Werner Koch Date: Tue Jun 5 14:29:53 2018 +0200 mpi: New internal function _gcry_mpi_cmpabs. * mpi/mpi-cmp.c (_gcry_mpi_cmp): Factor out to ... (do_mpi_cmp): New. Add arg absmode. (_gcry_mpi_cmpabs): New. * src/gcrypt-int.h (mpi_cmpabs): New macro. Signed-off-by: Werner Koch (cherry picked from commit 6606ae44e0de1069b29dd4215ee9748280940e1b) diff --git a/mpi/mpi-cmp.c b/mpi/mpi-cmp.c index 838a7c9..66e0961 100644 --- a/mpi/mpi-cmp.c +++ b/mpi/mpi-cmp.c @@ -54,15 +54,19 @@ _gcry_mpi_cmp_ui (gcry_mpi_t u, unsigned long v) } -int -_gcry_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v) +/* Helper for _gcry_mpi_cmp and _gcry_mpi_cmpabs. */ +static int +do_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v, int absmode) { mpi_size_t usize; mpi_size_t vsize; + int usign; + int vsign; int cmp; if (mpi_is_opaque (u) || mpi_is_opaque (v)) { + /* We have no signan and thus ABSMODE has no efeect here. */ if (mpi_is_opaque (u) && !mpi_is_opaque (v)) return -1; if (!mpi_is_opaque (u) && mpi_is_opaque (v)) @@ -82,26 +86,42 @@ _gcry_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v) usize = u->nlimbs; vsize = v->nlimbs; + usign = absmode? 0 : u->sign; + vsign = absmode? 0 : v->sign; /* Compare sign bits. */ - if (!u->sign && v->sign) + if (!usign && vsign) return 1; - if (u->sign && !v->sign) + if (usign && !vsign) return -1; /* U and V are either both positive or both negative. */ - if (usize != vsize && !u->sign && !v->sign) + if (usize != vsize && !usign && !vsign) return usize - vsize; - if (usize != vsize && u->sign && v->sign) + if (usize != vsize && usign && vsign) return vsize + usize; if (!usize ) return 0; if (!(cmp = _gcry_mpih_cmp (u->d, v->d, usize))) return 0; - if ((cmp < 0?1:0) == (u->sign?1:0)) + if ((cmp < 0?1:0) == (usign?1:0)) return 1; } return -1; } + + +int +_gcry_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v) +{ + return do_mpi_cmp (u, v, 0); +} + +/* Compare only the absolute values. */ +int +_gcry_mpi_cmpabs (gcry_mpi_t u, gcry_mpi_t v) +{ + return do_mpi_cmp (u, v, 1); +} diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index ad719be..a69618c 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -368,6 +368,7 @@ int _gcry_mpi_is_neg (gcry_mpi_t a); void _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u); void _gcry_mpi_abs (gcry_mpi_t w); int _gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v); +int _gcry_mpi_cmpabs (const gcry_mpi_t u, const gcry_mpi_t v); int _gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v); gpg_err_code_t _gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format, const void *buffer, size_t buflen, @@ -469,6 +470,7 @@ int _gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); #define mpi_abs( w ) _gcry_mpi_abs( (w) ) #define mpi_neg( w, u) _gcry_mpi_neg( (w), (u) ) #define mpi_cmp( u, v ) _gcry_mpi_cmp( (u), (v) ) +#define mpi_cmpabs( u, v ) _gcry_mpi_cmpabs( (u), (v) ) #define mpi_cmp_ui( u, v ) _gcry_mpi_cmp_ui( (u), (v) ) #define mpi_is_neg( a ) _gcry_mpi_is_neg ((a)) ----------------------------------------------------------------------- Summary of changes: mpi/ec.c | 9 ++ mpi/mpi-cmp.c | 34 +++++-- src/gcrypt-int.h | 2 + tests/t-mpi-point.c | 266 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 304 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 01:01:55 2018 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 12 Jun 2018 01:01:55 +0200 Subject: [git] GnuPG - branch, fix-T4017, created. gnupg-2.2.8-5-ge051c27 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, fix-T4017 has been created at e051c279216ecd4ec9a48e13ccc695f5ab667b2a (commit) - Log ----------------------------------------------------------------- commit e051c279216ecd4ec9a48e13ccc695f5ab667b2a Author: Daniel Kahn Gillmor Date: Mon Jun 11 18:33:26 2018 -0400 gpg: set full --dry-run when used with --show-keys * g10/gpg.c (main): ensure that opt.dry_run matches opt.import_options[IMPORT_DRY_RUN]. -- It seems that the import_options IMPORT_DRY_RUN bit doesn't have the same power as the opt.dry_run bit itself. When one is set or cleared by command-line options or other option parsing, we should ensure that the other is also set or cleared. It would probably be cleaner to have just a single bit, stored in a single place, but that kind of overhaul is beyond the scope of this bugfix. GnuPG-Bug-id: 4017 Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/gpg.c b/g10/gpg.c index c117de3..4f4aae7 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2609,6 +2609,7 @@ main (int argc, char **argv) set_cmd (&cmd, pargs.r_opt); opt.import_options |= IMPORT_SHOW; opt.import_options |= IMPORT_DRY_RUN; + opt.dry_run = 1; opt.import_options &= ~IMPORT_REPAIR_KEYS; opt.list_options |= LIST_SHOW_UNUSABLE_UIDS; opt.list_options |= LIST_SHOW_UNUSABLE_SUBKEYS; @@ -2647,7 +2648,10 @@ main (int argc, char **argv) case oQuiet: opt.quiet = 1; break; case oNoTTY: tty_no_terminal(1); break; - case oDryRun: opt.dry_run = 1; break; + case oDryRun: + opt.dry_run = 1; + opt.import_options |= IMPORT_DRY_RUN; + break; case oInteractive: opt.interactive = 1; break; case oVerbose: opt.verbose++; @@ -3208,14 +3212,19 @@ main (int argc, char **argv) } break; case oImportOptions: - if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1)) - { - if(configname) - log_error(_("%s:%d: invalid import options\n"), - configname,configlineno); - else - log_error(_("invalid import options\n")); - } + { + unsigned int old_import_options = opt.import_options; + if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1)) + { + if(configname) + log_error(_("%s:%d: invalid import options\n"), + configname,configlineno); + else + log_error(_("invalid import options\n")); + } + if ((old_import_options & IMPORT_DRY_RUN) != (opt.import_options & IMPORT_DRY_RUN)) + opt.dry_run = !!(opt.import_options & IMPORT_DRY_RUN); + } break; case oImportFilter: rc = parse_and_set_import_filter (pargs.r.ret_str); ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 06:01:37 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 12 Jun 2018 06:01:37 +0200 Subject: [git] GnuPG - branch, gniibe/decryption-key, updated. gnupg-2.2.7-142-ged9030c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, gniibe/decryption-key has been updated via ed9030cb2a67148dfafa7f2c0d5a0be67a818397 (commit) via ba7e934945a50aa37e3e971067dbfff724fe9696 (commit) via b0c00ce0af1b1ac140ae675299214af34e4e0c1f (commit) from c03a3eb01d2d26bd69e6d7c7d2a5f72229e189e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ed9030cb2a67148dfafa7f2c0d5a0be67a818397 Author: NIIBE Yutaka Date: Tue Jun 12 10:42:24 2018 +0900 g10: Prefer to available card keys for decryption. * g10/skclist.c (enum_secret_keys): Add logic to prefer decryption keys on cards. Signed-off-by: NIIBE Yutaka diff --git a/g10/skclist.c b/g10/skclist.c index f8c8cad..d40fe6d 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -329,6 +329,9 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) int eof; int state; strlist_t sl; + strlist_t card_list; + char *serialno; + struct agent_card_info_s info; kbnode_t keyblock; kbnode_t node; getkey_ctx_t ctx; @@ -347,6 +350,9 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) if (!sk) { /* Free the context. */ + agent_release_card_info (&c->info); + xfree (c->serialno); + free_strlist (c->card_list); pubkeys_free (c->results); release_kbnode (c->keyblock); getkey_end (ctrl, c->ctx); @@ -390,7 +396,49 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) c->state++; break; - case 3: /* Init search context to enum all secret keys. */ + case 3: /* Init list of card keys to try. */ + err = agent_scd_cardlist (&c->card_list); + if (!err) + agent_scd_serialno (&c->serialno, NULL); + c->sl = c->card_list; + c->state++; + break; + + case 4: /* Get next item from card list. */ + if (c->sl) + { + char *serialno; + + err = agent_scd_serialno (&serialno, c->sl->d); + if (err) + { + if (opt.verbose) + log_info (_("error getting serial number of card: %s\n"), + gpg_strerror (err)); + continue; + } + + xfree (serialno); + agent_release_card_info (&c->info); + err = agent_scd_getattr ("KEY-FPR", &c->info); + if (err) + log_error ("error retrieving key fingerprint from card: %s\n", + gpg_strerror (err)); + + if (c->info.fpr2valid) + name = c->info.fpr2; + c->sl = c->sl->next; + } + else + { + if (c->serialno) + /* Select the original card again. */ + agent_scd_serialno (&c->serialno, c->serialno); + c->state++; + } + break; + + case 5: /* Init search context to enum all secret keys. */ err = getkey_bynames (ctrl, &c->ctx, NULL, NULL, 1, &keyblock); if (err) @@ -403,7 +451,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) c->state++; break; - case 4: /* Get next item from the context. */ + case 6: /* Get next item from the context. */ if (c->ctx) { err = getkey_next (ctrl, c->ctx, NULL, &keyblock); @@ -446,10 +494,10 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) /* Get the next key from the current keyblock. */ for (; c->node; c->node = c->node->next) - { - if (c->node->pkt->pkttype == PKT_PUBLIC_KEY + { + if (c->node->pkt->pkttype == PKT_PUBLIC_KEY || c->node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - { + { pubkey_t r; /* Skip this candidate if it's already enumerated. */ @@ -459,8 +507,8 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) if (r) continue; - copy_public_key (sk, c->node->pkt->pkt.public_key); - c->node = c->node->next; + copy_public_key (sk, c->node->pkt->pkt.public_key); + c->node = c->node->next; r = xtrycalloc (1, sizeof (*r)); if (!r) @@ -475,8 +523,8 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) r->next = c->results; c->results = r; - return 0; /* Found. */ - } + return 0; /* Found. */ + } } /* Dispose the keyblock and continue. */ commit ba7e934945a50aa37e3e971067dbfff724fe9696 Author: NIIBE Yutaka Date: Tue Jun 12 10:36:59 2018 +0900 g10: Move enum_secret_keys to skclist.c. * g10/getkey.c (enum_secret_keys): Move to... * g10/skclist.c (enum_secret_keys): ... here. -- The function enum_secret_keys is not used by gpgv.c, but it is in getkey.c. Extending enum_secret_keys will require change of gpgv.c, so moving the function to the file for gpg is better. Signed-off-by: NIIBE Yutaka diff --git a/g10/getkey.c b/g10/getkey.c index 470bab6..55c8628 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3904,203 +3904,6 @@ lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret, } -/* Enumerate some secret keys (specifically, those specified with - * --default-key and --try-secret-key). Use the following procedure: - * - * 1) Initialize a void pointer to NULL - * 2) Pass a reference to this pointer to this function (content) - * and provide space for the secret key (sk) - * 3) Call this function as long as it does not return an error (or - * until you are done). The error code GPG_ERR_EOF indicates the - * end of the listing. - * 4) Call this function a last time with SK set to NULL, - * so that can free it's context. - * - * In pseudo-code: - * - * void *ctx = NULL; - * PKT_public_key *sk = xmalloc_clear (sizeof (*sk)); - * - * while ((err = enum_secret_keys (&ctx, sk))) - * { // Process SK. - * if (done) - * break; - * sk = xmalloc_clear (sizeof (*sk)); - * } - * - * // Release any resources used by CTX. - * enum_secret_keys (&ctx, NULL); - * - * if (gpg_err_code (err) != GPG_ERR_EOF) - * ; // An error occurred. - */ -gpg_error_t -enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) -{ - gpg_error_t err = 0; - const char *name; - kbnode_t keyblock; - struct - { - int eof; - int state; - strlist_t sl; - kbnode_t keyblock; - kbnode_t node; - getkey_ctx_t ctx; - pubkey_t results; - } *c = *context; - - if (!c) - { - /* Make a new context. */ - c = xtrycalloc (1, sizeof *c); - if (!c) - return gpg_error_from_syserror (); - *context = c; - } - - if (!sk) - { - /* Free the context. */ - pubkeys_free (c->results); - release_kbnode (c->keyblock); - getkey_end (ctrl, c->ctx); - xfree (c); - *context = NULL; - return 0; - } - - if (c->eof) - return gpg_error (GPG_ERR_EOF); - - for (;;) - { - /* Loop until we have a keyblock. */ - while (!c->keyblock) - { - /* Loop over the list of secret keys. */ - do - { - name = NULL; - keyblock = NULL; - switch (c->state) - { - case 0: /* First try to use the --default-key. */ - name = parse_def_secret_key (ctrl); - c->state = 1; - break; - - case 1: /* Init list of keys to try. */ - c->sl = opt.secret_keys_to_try; - c->state++; - break; - - case 2: /* Get next item from list. */ - if (c->sl) - { - name = c->sl->d; - c->sl = c->sl->next; - } - else - c->state++; - break; - - case 3: /* Init search context to enum all secret keys. */ - err = getkey_bynames (ctrl, &c->ctx, NULL, NULL, 1, - &keyblock); - if (err) - { - release_kbnode (keyblock); - keyblock = NULL; - getkey_end (ctrl, c->ctx); - c->ctx = NULL; - } - c->state++; - break; - - case 4: /* Get next item from the context. */ - if (c->ctx) - { - err = getkey_next (ctrl, c->ctx, NULL, &keyblock); - if (err) - { - release_kbnode (keyblock); - keyblock = NULL; - getkey_end (ctrl, c->ctx); - c->ctx = NULL; - } - } - else - c->state++; - break; - - default: /* No more names to check - stop. */ - c->eof = 1; - return gpg_error (GPG_ERR_EOF); - } - } - while ((!name || !*name) && !keyblock); - - if (keyblock) - c->node = c->keyblock = keyblock; - else - { - err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); - if (err) - { - /* getkey_byname might return a keyblock even in the - error case - I have not checked. Thus better release - it. */ - release_kbnode (c->keyblock); - c->keyblock = NULL; - } - else - c->node = c->keyblock; - } - } - - /* Get the next key from the current keyblock. */ - for (; c->node; c->node = c->node->next) - { - if (c->node->pkt->pkttype == PKT_PUBLIC_KEY - || c->node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - { - pubkey_t r; - - /* Skip this candidate if it's already enumerated. */ - for (r = c->results; r; r = r->next) - if (!cmp_public_keys (r->pk, c->node->pkt->pkt.public_key)) - break; - if (r) - continue; - - copy_public_key (sk, c->node->pkt->pkt.public_key); - c->node = c->node->next; - - r = xtrycalloc (1, sizeof (*r)); - if (!r) - { - err = gpg_error_from_syserror (); - free_public_key (sk); - return err; - } - - r->pk = sk; - r->keyblock = NULL; - r->next = c->results; - c->results = r; - - return 0; /* Found. */ - } - } - - /* Dispose the keyblock and continue. */ - release_kbnode (c->keyblock); - c->keyblock = NULL; - } -} - gpg_error_t get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk, const byte *fpr_card, size_t fpr_len) diff --git a/g10/skclist.c b/g10/skclist.c index 78890dc..f8c8cad 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -286,3 +286,201 @@ build_sk_list (ctrl_t ctrl, *ret_sk_list = sk_list; return err; } + + +/* Enumerate some secret keys (specifically, those specified with + * --default-key and --try-secret-key). Use the following procedure: + * + * 1) Initialize a void pointer to NULL + * 2) Pass a reference to this pointer to this function (content) + * and provide space for the secret key (sk) + * 3) Call this function as long as it does not return an error (or + * until you are done). The error code GPG_ERR_EOF indicates the + * end of the listing. + * 4) Call this function a last time with SK set to NULL, + * so that can free it's context. + * + * In pseudo-code: + * + * void *ctx = NULL; + * PKT_public_key *sk = xmalloc_clear (sizeof (*sk)); + * + * while ((err = enum_secret_keys (&ctx, sk))) + * { // Process SK. + * if (done) + * break; + * sk = xmalloc_clear (sizeof (*sk)); + * } + * + * // Release any resources used by CTX. + * enum_secret_keys (&ctx, NULL); + * + * if (gpg_err_code (err) != GPG_ERR_EOF) + * ; // An error occurred. + */ +gpg_error_t +enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) +{ + gpg_error_t err = 0; + const char *name; + kbnode_t keyblock; + struct + { + int eof; + int state; + strlist_t sl; + kbnode_t keyblock; + kbnode_t node; + getkey_ctx_t ctx; + pubkey_t results; + } *c = *context; + + if (!c) + { + /* Make a new context. */ + c = xtrycalloc (1, sizeof *c); + if (!c) + return gpg_error_from_syserror (); + *context = c; + } + + if (!sk) + { + /* Free the context. */ + pubkeys_free (c->results); + release_kbnode (c->keyblock); + getkey_end (ctrl, c->ctx); + xfree (c); + *context = NULL; + return 0; + } + + if (c->eof) + return gpg_error (GPG_ERR_EOF); + + for (;;) + { + /* Loop until we have a keyblock. */ + while (!c->keyblock) + { + /* Loop over the list of secret keys. */ + do + { + name = NULL; + keyblock = NULL; + switch (c->state) + { + case 0: /* First try to use the --default-key. */ + name = parse_def_secret_key (ctrl); + c->state = 1; + break; + + case 1: /* Init list of keys to try. */ + c->sl = opt.secret_keys_to_try; + c->state++; + break; + + case 2: /* Get next item from list. */ + if (c->sl) + { + name = c->sl->d; + c->sl = c->sl->next; + } + else + c->state++; + break; + + case 3: /* Init search context to enum all secret keys. */ + err = getkey_bynames (ctrl, &c->ctx, NULL, NULL, 1, + &keyblock); + if (err) + { + release_kbnode (keyblock); + keyblock = NULL; + getkey_end (ctrl, c->ctx); + c->ctx = NULL; + } + c->state++; + break; + + case 4: /* Get next item from the context. */ + if (c->ctx) + { + err = getkey_next (ctrl, c->ctx, NULL, &keyblock); + if (err) + { + release_kbnode (keyblock); + keyblock = NULL; + getkey_end (ctrl, c->ctx); + c->ctx = NULL; + } + } + else + c->state++; + break; + + default: /* No more names to check - stop. */ + c->eof = 1; + return gpg_error (GPG_ERR_EOF); + } + } + while ((!name || !*name) && !keyblock); + + if (keyblock) + c->node = c->keyblock = keyblock; + else + { + err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); + if (err) + { + /* getkey_byname might return a keyblock even in the + error case - I have not checked. Thus better release + it. */ + release_kbnode (c->keyblock); + c->keyblock = NULL; + } + else + c->node = c->keyblock; + } + } + + /* Get the next key from the current keyblock. */ + for (; c->node; c->node = c->node->next) + { + if (c->node->pkt->pkttype == PKT_PUBLIC_KEY + || c->node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + pubkey_t r; + + /* Skip this candidate if it's already enumerated. */ + for (r = c->results; r; r = r->next) + if (!cmp_public_keys (r->pk, c->node->pkt->pkt.public_key)) + break; + if (r) + continue; + + copy_public_key (sk, c->node->pkt->pkt.public_key); + c->node = c->node->next; + + r = xtrycalloc (1, sizeof (*r)); + if (!r) + { + err = gpg_error_from_syserror (); + free_public_key (sk); + return err; + } + + r->pk = sk; + r->keyblock = NULL; + r->next = c->results; + c->results = r; + + return 0; /* Found. */ + } + } + + /* Dispose the keyblock and continue. */ + release_kbnode (c->keyblock); + c->keyblock = NULL; + } +} commit b0c00ce0af1b1ac140ae675299214af34e4e0c1f Author: NIIBE Yutaka Date: Mon Jun 11 15:02:57 2018 +0900 g10: Fix comment of enum_secret_keys. * g10/getkey.c (enum_secret_keys): Fix comment for usage of enum_secret_keys, following the previous change. -- Signed-off-by: NIIBE Yutaka diff --git a/g10/getkey.c b/g10/getkey.c index 670dc1d..470bab6 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3925,13 +3925,11 @@ lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret, * { // Process SK. * if (done) * break; - * free_public_key (sk); * sk = xmalloc_clear (sizeof (*sk)); * } * * // Release any resources used by CTX. * enum_secret_keys (&ctx, NULL); - * free_public_key (sk); * * if (gpg_err_code (err) != GPG_ERR_EOF) * ; // An error occurred. ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 199 ----------------------------------------------- g10/skclist.c | 246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 246 insertions(+), 199 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 06:48:47 2018 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 12 Jun 2018 06:48:47 +0200 Subject: [git] GnuPG - branch, fix-T4019, created. gnupg-2.2.8-5-ge037657 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, fix-T4019 has been created at e037657edaf0b3ee9d2e30f6fe3edf6879976472 (commit) - Log ----------------------------------------------------------------- commit e037657edaf0b3ee9d2e30f6fe3edf6879976472 Author: Daniel Kahn Gillmor Date: Tue Jun 12 00:41:59 2018 -0400 gpg: Add new usage option for drop-subkey filters. * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/gpg.texi b/doc/gpg.texi index 2915d25..d0aa010 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2418,6 +2418,11 @@ The available properties are: Boolean indicating whether a key or subkey is a secret one. (drop-subkey) + @item usage + A string indicating the usage flags for the subkey, from the + sequence ``ecsa?''. For example, a subkey capable of just signing + and authentication would be an exact match for ``sa''. (drop-subkey) + @item sig_created @itemx sig_created_d The first is the timestamp a signature packet was created. The diff --git a/g10/import.c b/g10/import.c index 6d2beaf..b609660 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1296,6 +1296,16 @@ impex_filter_getval (void *cookie, const char *propname) { result = pk_is_disabled (pk)? "1":"0"; } + else if (!strcmp (propname, "usage")) + { + snprintf (numbuf, sizeof numbuf, "%s%s%s%s%s", + (pk->pubkey_usage & PUBKEY_USAGE_ENC)?"e":"", + (pk->pubkey_usage & PUBKEY_USAGE_SIG)?"s":"", + (pk->pubkey_usage & PUBKEY_USAGE_CERT)?"c":"", + (pk->pubkey_usage & PUBKEY_USAGE_AUTH)?"a":"", + (pk->pubkey_usage & PUBKEY_USAGE_UNKNOWN)?"?":""); + result = numbuf; + } else result = NULL; } ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 08:19:49 2018 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 12 Jun 2018 08:19:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.7-147-g2ddfb5b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2ddfb5bef920919443309ece9fa2930282bbce85 (commit) from 615b9d1fb779f3d5593484aa1e023b0ddff459f0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2ddfb5bef920919443309ece9fa2930282bbce85 Author: Daniel Kahn Gillmor Date: Tue Jun 12 00:41:59 2018 -0400 gpg: Add new usage option for drop-subkey filters. * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/gpg.texi b/doc/gpg.texi index 5f114c5..4cfd000 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2428,6 +2428,11 @@ The available properties are: Boolean indicating whether a key or subkey is a secret one. (drop-subkey) + @item usage + A string indicating the usage flags for the subkey, from the + sequence ``ecsa?''. For example, a subkey capable of just signing + and authentication would be an exact match for ``sa''. (drop-subkey) + @item sig_created @itemx sig_created_d The first is the timestamp a signature packet was created. The diff --git a/g10/import.c b/g10/import.c index 1a98e2a..2803997 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1314,6 +1314,16 @@ impex_filter_getval (void *cookie, const char *propname) { result = pk_is_disabled (pk)? "1":"0"; } + else if (!strcmp (propname, "usage")) + { + snprintf (numbuf, sizeof numbuf, "%s%s%s%s%s", + (pk->pubkey_usage & PUBKEY_USAGE_ENC)?"e":"", + (pk->pubkey_usage & PUBKEY_USAGE_SIG)?"s":"", + (pk->pubkey_usage & PUBKEY_USAGE_CERT)?"c":"", + (pk->pubkey_usage & PUBKEY_USAGE_AUTH)?"a":"", + (pk->pubkey_usage & PUBKEY_USAGE_UNKNOWN)?"?":""); + result = numbuf; + } else result = NULL; } ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 5 +++++ g10/import.c | 10 ++++++++++ 2 files changed, 15 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 08:48:35 2018 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 12 Jun 2018 08:48:35 +0200 Subject: [git] GnuPG - branch, fix-T4018, created. gnupg-2.2.8-5-gee1fc42 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, fix-T4018 has been created at ee1fc420fb9741b2cfaea6fa820a00be2923f514 (commit) - Log ----------------------------------------------------------------- commit ee1fc420fb9741b2cfaea6fa820a00be2923f514 Author: Daniel Kahn Gillmor Date: Tue Jun 12 02:41:30 2018 -0400 gpg: Print revocation certificate details when showing with-colons. * g10/import.c (import_revoke_cert): add options argument, and print colon-delimited output for revocation certificate as requested. -- I looked into trying to make this work with one of the functions in g10/keylist.c, but i saw nothing that will accept a revocation certificate on its own, so i'm replicating the functionality directly in g10/import.c. This is a bit unfortunate because the code for describing a revocation cert now exists in two separate places, but refactoring both list_keyblock_print() and list_keyblock_colon() in g10/keylist.c seems like a much heavier lift. GnuPG-Bug-id: 4018 Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/import.c b/g10/import.c index 6d2beaf..ae32973 100644 --- a/g10/import.c +++ b/g10/import.c @@ -114,7 +114,8 @@ static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock, unsigned int options, int for_migration, import_screener_t screener, void *screener_arg); static int import_revoke_cert (ctrl_t ctrl, - kbnode_t node, struct import_stats_s *stats); + kbnode_t node, unsigned int options, + struct import_stats_s *stats); static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self); static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock, @@ -590,7 +591,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, screener, screener_arg); else if (keyblock->pkt->pkttype == PKT_SIGNATURE && IS_KEY_REV (keyblock->pkt->pkt.signature) ) - rc = import_revoke_cert (ctrl, keyblock, stats); + rc = import_revoke_cert (ctrl, keyblock, options, stats); else { log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype); @@ -2607,7 +2608,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, * Import a revocation certificate; this is a single signature packet. */ static int -import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats) +import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options, struct import_stats_s *stats) { PKT_public_key *pk = NULL; kbnode_t onode; @@ -2623,6 +2624,24 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats) keyid[0] = node->pkt->pkt.signature->keyid[0]; keyid[1] = node->pkt->pkt.signature->keyid[1]; + if ((options & IMPORT_SHOW) && + (opt.with_colons)) + { + PKT_signature *sig = node->pkt->pkt.signature; + char *issuer_fpr = issuer_fpr = issuer_fpr_string (sig); + + es_fprintf (es_stdout, "rev::%d:%08lX%08lX:%s:%s:::::::%s:::%d:\n", + sig->pubkey_algo, + (ulong) sig->keyid[0], (ulong) sig->keyid[1], + colon_datestr_from_sig (sig), + colon_expirestr_from_sig (sig), + issuer_fpr ? issuer_fpr : "", + sig->digest_algo); + + xfree (issuer_fpr); + es_fflush (es_stdout); + } + pk = xmalloc_clear( sizeof *pk ); rc = get_pubkey (ctrl, pk, keyid ); if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY ) ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 08:55:40 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 12 Jun 2018 08:55:40 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.7-148-g8f99299 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8f99299a54a0ac09f9c90c1085b704db78973fda (commit) from 2ddfb5bef920919443309ece9fa2930282bbce85 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8f99299a54a0ac09f9c90c1085b704db78973fda Author: NIIBE Yutaka Date: Tue Jun 12 15:54:18 2018 +0900 card: Fix memory leak for fetch-url sub command. * g10/card-util.c (fetch_url): Release INFO. Signed-off-by: NIIBE Yutaka diff --git a/g10/card-util.c b/g10/card-util.c index 587f181..b7eedc0 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -851,6 +851,7 @@ fetch_url (ctrl_t ctrl) } } + agent_release_card_info (&info); return rc; } ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 09:05:21 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Jun 2018 09:05:21 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.8-6-ge8f439e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via e8f439e0547463c24f3c10008fee73e6c4259f52 (commit) via 86b64876bef0d8c4be8e309fcf3e2ce21e65a947 (commit) from dc96fd883571a975cfea0882fd38d7b0dd78775b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e8f439e0547463c24f3c10008fee73e6c4259f52 Author: Werner Koch Date: Tue Jun 12 08:44:55 2018 +0200 gpg: Do not import revocations with --show-keys. * g10/import.c (import_revoke_cert): Add arg 'options'. Take care of IMPORT_DRY_RUN. -- GnuPG-bug-id: 4017 Signed-off-by: Werner Koch (cherry picked from commit 6c9e37b2e541e96e7c65e1679982a614b4863fdb) diff --git a/g10/import.c b/g10/import.c index b609660..ed3ada5 100644 --- a/g10/import.c +++ b/g10/import.c @@ -113,8 +113,8 @@ static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, int batch, unsigned int options, int for_migration, import_screener_t screener, void *screener_arg); -static int import_revoke_cert (ctrl_t ctrl, - kbnode_t node, struct import_stats_s *stats); +static int import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options, + struct import_stats_s *stats); static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self); static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock, @@ -590,7 +590,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, screener, screener_arg); else if (keyblock->pkt->pkttype == PKT_SIGNATURE && IS_KEY_REV (keyblock->pkt->pkt.signature) ) - rc = import_revoke_cert (ctrl, keyblock, stats); + rc = import_revoke_cert (ctrl, keyblock, options, stats); else { log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype); @@ -2617,7 +2617,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, * Import a revocation certificate; this is a single signature packet. */ static int -import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats) +import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options, + struct import_stats_s *stats) { PKT_public_key *pk = NULL; kbnode_t onode; @@ -2707,31 +2708,34 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats) /* insert it */ insert_kbnode( keyblock, clone_kbnode(node), 0 ); - /* and write the keyblock back */ - rc = keydb_update_keyblock (ctrl, hd, keyblock ); - if (rc) - log_error (_("error writing keyring '%s': %s\n"), - keydb_get_resource_name (hd), gpg_strerror (rc) ); - keydb_release (hd); - hd = NULL; - - /* we are ready */ - if (!opt.quiet ) + /* and write the keyblock back unless in dry run mode. */ + if (!(opt.dry_run || (options & IMPORT_DRY_RUN))) { - char *p=get_user_id_native (ctrl, keyid); - log_info( _("key %s: \"%s\" revocation certificate imported\n"), - keystr(keyid),p); - xfree(p); - } - stats->n_revoc++; + rc = keydb_update_keyblock (ctrl, hd, keyblock ); + if (rc) + log_error (_("error writing keyring '%s': %s\n"), + keydb_get_resource_name (hd), gpg_strerror (rc) ); + keydb_release (hd); + hd = NULL; - /* If the key we just revoked was ultimately trusted, remove its - ultimate trust. This doesn't stop the user from putting the - ultimate trust back, but is a reasonable solution for now. */ - if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE) - clear_ownertrusts (ctrl, pk); + /* we are ready */ + if (!opt.quiet ) + { + char *p=get_user_id_native (ctrl, keyid); + log_info( _("key %s: \"%s\" revocation certificate imported\n"), + keystr(keyid),p); + xfree(p); + } - revalidation_mark (ctrl); + /* If the key we just revoked was ultimately trusted, remove its + * ultimate trust. This doesn't stop the user from putting the + * ultimate trust back, but is a reasonable solution for now. */ + if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE) + clear_ownertrusts (ctrl, pk); + + revalidation_mark (ctrl); + } + stats->n_revoc++; leave: keydb_release (hd); commit 86b64876bef0d8c4be8e309fcf3e2ce21e65a947 Author: Daniel Kahn Gillmor Date: Tue Jun 12 00:41:59 2018 -0400 gpg: Add new usage option for drop-subkey filters. * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor (cherry picked from commit 2ddfb5bef920919443309ece9fa2930282bbce85) diff --git a/doc/gpg.texi b/doc/gpg.texi index 2915d25..d0aa010 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2418,6 +2418,11 @@ The available properties are: Boolean indicating whether a key or subkey is a secret one. (drop-subkey) + @item usage + A string indicating the usage flags for the subkey, from the + sequence ``ecsa?''. For example, a subkey capable of just signing + and authentication would be an exact match for ``sa''. (drop-subkey) + @item sig_created @itemx sig_created_d The first is the timestamp a signature packet was created. The diff --git a/g10/import.c b/g10/import.c index 6d2beaf..b609660 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1296,6 +1296,16 @@ impex_filter_getval (void *cookie, const char *propname) { result = pk_is_disabled (pk)? "1":"0"; } + else if (!strcmp (propname, "usage")) + { + snprintf (numbuf, sizeof numbuf, "%s%s%s%s%s", + (pk->pubkey_usage & PUBKEY_USAGE_ENC)?"e":"", + (pk->pubkey_usage & PUBKEY_USAGE_SIG)?"s":"", + (pk->pubkey_usage & PUBKEY_USAGE_CERT)?"c":"", + (pk->pubkey_usage & PUBKEY_USAGE_AUTH)?"a":"", + (pk->pubkey_usage & PUBKEY_USAGE_UNKNOWN)?"?":""); + result = numbuf; + } else result = NULL; } ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 5 +++++ g10/import.c | 66 ++++++++++++++++++++++++++++++++++++------------------------ 2 files changed, 45 insertions(+), 26 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 09:06:54 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Jun 2018 09:06:54 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.7-149-gfe621cc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fe621cc64b13b00914633630f28b4b417892d629 (commit) from 8f99299a54a0ac09f9c90c1085b704db78973fda (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe621cc64b13b00914633630f28b4b417892d629 Author: Werner Koch Date: Tue Jun 12 08:44:55 2018 +0200 gpg: Do not import revocations with --show-keys. * g10/import.c (import_revoke_cert): Add arg 'options'. Take care of IMPORT_DRY_RUN. -- GnuPG-bug-id: 4017 Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index 2803997..9b693e9 100644 --- a/g10/import.c +++ b/g10/import.c @@ -113,8 +113,8 @@ static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, int batch, unsigned int options, int for_migration, import_screener_t screener, void *screener_arg); -static int import_revoke_cert (ctrl_t ctrl, - kbnode_t node, struct import_stats_s *stats); +static int import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options, + struct import_stats_s *stats); static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self); static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock, @@ -590,7 +590,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, screener, screener_arg); else if (keyblock->pkt->pkttype == PKT_SIGNATURE && IS_KEY_REV (keyblock->pkt->pkt.signature) ) - rc = import_revoke_cert (ctrl, keyblock, stats); + rc = import_revoke_cert (ctrl, keyblock, options, stats); else { log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype); @@ -2636,7 +2636,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, * Import a revocation certificate; this is a single signature packet. */ static int -import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats) +import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options, + struct import_stats_s *stats) { PKT_public_key *pk = NULL; kbnode_t onode; @@ -2726,31 +2727,34 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats) /* insert it */ insert_kbnode( keyblock, clone_kbnode(node), 0 ); - /* and write the keyblock back */ - rc = keydb_update_keyblock (ctrl, hd, keyblock ); - if (rc) - log_error (_("error writing keyring '%s': %s\n"), - keydb_get_resource_name (hd), gpg_strerror (rc) ); - keydb_release (hd); - hd = NULL; - - /* we are ready */ - if (!opt.quiet ) + /* and write the keyblock back unless in dry run mode. */ + if (!(opt.dry_run || (options & IMPORT_DRY_RUN))) { - char *p=get_user_id_native (ctrl, keyid); - log_info( _("key %s: \"%s\" revocation certificate imported\n"), - keystr(keyid),p); - xfree(p); - } - stats->n_revoc++; + rc = keydb_update_keyblock (ctrl, hd, keyblock ); + if (rc) + log_error (_("error writing keyring '%s': %s\n"), + keydb_get_resource_name (hd), gpg_strerror (rc) ); + keydb_release (hd); + hd = NULL; - /* If the key we just revoked was ultimately trusted, remove its - ultimate trust. This doesn't stop the user from putting the - ultimate trust back, but is a reasonable solution for now. */ - if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE) - clear_ownertrusts (ctrl, pk); + /* we are ready */ + if (!opt.quiet ) + { + char *p=get_user_id_native (ctrl, keyid); + log_info( _("key %s: \"%s\" revocation certificate imported\n"), + keystr(keyid),p); + xfree(p); + } - revalidation_mark (ctrl); + /* If the key we just revoked was ultimately trusted, remove its + * ultimate trust. This doesn't stop the user from putting the + * ultimate trust back, but is a reasonable solution for now. */ + if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE) + clear_ownertrusts (ctrl, pk); + + revalidation_mark (ctrl); + } + stats->n_revoc++; leave: keydb_release (hd); ----------------------------------------------------------------------- Summary of changes: g10/import.c | 56 ++++++++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 26 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 09:22:35 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 12 Jun 2018 09:22:35 +0200 Subject: [git] GnuPG - branch, gniibe/decryption-key, updated. gnupg-2.2.7-143-g92d3dc9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, gniibe/decryption-key has been updated via 92d3dc9e1933cb877fe61942a68a76dcc4aab759 (commit) from ed9030cb2a67148dfafa7f2c0d5a0be67a818397 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 92d3dc9e1933cb877fe61942a68a76dcc4aab759 Author: NIIBE Yutaka Date: Tue Jun 12 16:20:21 2018 +0900 g10: Fix enum_secret_keys for card keys. * g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns fingerprint in binary, change it to hex string. Signed-off-by: NIIBE Yutaka diff --git a/g10/skclist.c b/g10/skclist.c index d40fe6d..fe24b4a 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -331,6 +331,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) strlist_t sl; strlist_t card_list; char *serialno; + char fpr2[43]; struct agent_card_info_s info; kbnode_t keyblock; kbnode_t node; @@ -350,7 +351,6 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) if (!sk) { /* Free the context. */ - agent_release_card_info (&c->info); xfree (c->serialno); free_strlist (c->card_list); pubkeys_free (c->results); @@ -419,14 +419,19 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) } xfree (serialno); - agent_release_card_info (&c->info); + c->info.fpr2valid = 0; err = agent_scd_getattr ("KEY-FPR", &c->info); if (err) log_error ("error retrieving key fingerprint from card: %s\n", gpg_strerror (err)); if (c->info.fpr2valid) - name = c->info.fpr2; + { + c->fpr2[0] = '0'; + c->fpr2[1] = 'x'; + bin2hex (c->info.fpr2, 20, c->fpr2+2); + name = c->fpr2; + } c->sl = c->sl->next; } else ----------------------------------------------------------------------- Summary of changes: g10/skclist.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 13:41:06 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 12 Jun 2018 13:41:06 +0200 Subject: [git] GpgOL - branch, master, updated. outlook-2007-removal-22-g2d63f58 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 2d63f583988753c5c9aae756f8e7c7f7e478a504 (commit) from c02b9f60f970cde1556d3ab82f6df6794e1d8a47 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2d63f583988753c5c9aae756f8e7c7f7e478a504 Author: Andre Heinecke Date: Tue Jun 12 13:40:43 2018 +0200 po: Update german translation -- diff --git a/po/de.po b/po/de.po index 95fca73..f58d282 100644 --- a/po/de.po +++ b/po/de.po @@ -4,14 +4,15 @@ # # Werner Koch , 2005, 2007. # Andre Heinecke , 2016, 2017, 2018. +# aheinecke , 2018. msgid "" msgstr "" "Project-Id-Version: GpgOL 1.0.0\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" "POT-Creation-Date: 2018-06-12 11:16+0200\n" -"PO-Revision-Date: 2018-04-24 10:59+0100\n" -"Last-Translator: Andre Heinecke \n" -"Language-Team: English \n" +"PO-Revision-Date: 2018-06-12 13:40+0100\n" +"Last-Translator: aheinecke \n" +"Language-Team: English \n" "Language: en_US\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -230,26 +231,27 @@ msgstr "Bitte warten Sie w?hrend die Nachricht entschl?sselt / gepr?ft wird.. #: src/mail.cpp:1127 src/mail.cpp:1196 msgid "HTML display disabled." -msgstr "" +msgstr "HTML Anzeige deaktiviert." #: src/mail.cpp:1128 src/mail.cpp:1197 msgid "HTML content in unsigned S/MIME mails is insecure." -msgstr "" +msgstr "HTML Inhalte in unsignierten S/MIME Mails sind unsicher." #: src/mail.cpp:1131 src/mail.cpp:1200 msgid "GpgOL will only show such mails as text." -msgstr "" +msgstr "GpgOL zeigt solche Mails nur als Text an." #: src/mail.cpp:1134 -#, fuzzy msgid "This message is shown only once." -msgstr "Diese Nachricht ist nicht verschl?sselt." +msgstr "Diese Meldung wird nur einmal angezeigt." #: src/mail.cpp:1203 msgid "" "Please ask the sender to sign the message or\n" "to send it with a plain text alternative." msgstr "" +"Bitten Sie den Absender die Nachrichten zu signieren oder\n" +"sie mit einem alternativen Text Teil zu senden." #: src/mail.cpp:1374 msgid "GpgOL: Oops, G Suite Sync account detected" @@ -566,25 +568,28 @@ msgstr "" #: src/mailitem-events.cpp:779 msgid "Dangerous reply" -msgstr "" +msgstr "Gef?hrliche Antwort" #: src/mailitem-events.cpp:780 msgid "Dangerous forward" -msgstr "" +msgstr "Gef?hrliche Weiterleitung" #: src/mailitem-events.cpp:781 msgid "Unsigned S/MIME mails are not integrity protected." -msgstr "" +msgstr "Unsignierte S/MIME Mails sind nicht integrit?tsgesch?tzt." #: src/mailitem-events.cpp:787 msgid "For security reasons no decrypted contents are included in this reply." msgstr "" +"Aus Sicherheitsgr?nden werden keine entschl?sselte Inhalte in die Antwort" +" aufgenommen." #: src/mailitem-events.cpp:792 msgid "" "For security reasons no decrypted contents are included in the forwarded " "mail." msgstr "" +"Aus Sicherheitsgr?nden werden keine entschl?sselte Inhalte weitergeleitet." #: src/mailitem-events.cpp:847 msgid "" @@ -642,6 +647,8 @@ msgid "" "Data is not integrity protected. Decrypting it could be a security problem. " "(no MDC)" msgstr "" +"Daten sind nicht integrit?tsgesch?tzt. Das Entschl?sseln k?nnte ein" +" Sicherheitsproblem sein. (Kein MDC)" #: src/parsecontroller.cpp:219 src/parsecontroller.cpp:295 msgid "Encrypted message (decryption not possible)" ----------------------------------------------------------------------- Summary of changes: po/de.po | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 13:45:41 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Jun 2018 13:45:41 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.7-150-g4404726 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 440472663d608660343c54f09172c851f5127c9c (commit) from fe621cc64b13b00914633630f28b4b417892d629 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 440472663d608660343c54f09172c851f5127c9c Author: Werner Koch Date: Tue Jun 12 13:46:00 2018 +0200 Require libgpg-error 1.29 and remove internal logging functions. * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.29 * common/util.h: Remove replacement error codes. * common/logging.h: Remove fallback to internal logging functions. * common/logging.c: Remove. * common/Makefile.am (common_sources): Remove logging.c Signed-off-by: Werner Koch diff --git a/common/Makefile.am b/common/Makefile.am index 94318da..d288fa3 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -49,7 +49,7 @@ common_sources = \ strlist.c strlist.h \ utf8conv.c utf8conv.h \ argparse.c argparse.h \ - logging.c logging.h \ + logging.h \ dotlock.c dotlock.h \ mischelp.c mischelp.h \ status.c status.h\ diff --git a/common/logging.c b/common/logging.c deleted file mode 100644 index 88860e7..0000000 --- a/common/logging.c +++ /dev/null @@ -1,1121 +0,0 @@ -/* logging.c - Useful logging functions - * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, - * 2009, 2010 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute and/or modify this - * part of GnuPG under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * GnuPG is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copies of the GNU General Public License - * and the GNU Lesser General Public License along with this program; - * if not, see . - */ - - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef HAVE_W32_SYSTEM -# ifdef HAVE_WINSOCK2_H -# include -# endif -# include -#else /*!HAVE_W32_SYSTEM*/ -# include -# include -# include -# include -#endif /*!HAVE_W32_SYSTEM*/ -#include -#include -#include -/* #include */ - -#define GNUPG_COMMON_NEED_AFLOCAL 1 -#include "util.h" -#include "i18n.h" -#include "common-defs.h" -#include "logging.h" -#include "sysutils.h" - -#if defined(GPGRT_ENABLE_LOG_MACROS) && defined(log_debug_string) - /* Nothing to do; the libgpgrt functions are used. */ -#else /* Use our own logging functions. */ - -#ifdef HAVE_W32_SYSTEM -# ifndef S_IRWXG -# define S_IRGRP S_IRUSR -# define S_IWGRP S_IWUSR -# endif -# ifndef S_IRWXO -# define S_IROTH S_IRUSR -# define S_IWOTH S_IWUSR -# endif -#endif - - -#ifdef HAVE_W32CE_SYSTEM -# define isatty(a) (0) -#endif - -#undef WITH_IPV6 -#if defined (AF_INET6) && defined(PF_INET) \ - && defined (INET6_ADDRSTRLEN) && defined(HAVE_INET_PTON) -# define WITH_IPV6 1 -#endif - -#ifndef EAFNOSUPPORT -# define EAFNOSUPPORT EINVAL -#endif -#ifndef INADDR_NONE /* Slowaris is missing that. */ -#define INADDR_NONE ((unsigned long)(-1)) -#endif /*INADDR_NONE*/ - -#ifdef HAVE_W32_SYSTEM -#define sock_close(a) closesocket(a) -#else -#define sock_close(a) close(a) -#endif - - -static estream_t logstream; -static int log_socket = -1; -static char prefix_buffer[80]; -static int with_time; -static int with_prefix; -static int with_pid; -#ifdef HAVE_W32_SYSTEM -static int no_registry; -#endif -static int (*get_pid_suffix_cb)(unsigned long *r_value); -static const char * (*socket_dir_cb)(void); -static int running_detached; -static int force_prefixes; - -static int missing_lf; -static int errorcount; - - -int -log_get_errorcount (int clear) -{ - int n = errorcount; - if( clear ) - errorcount = 0; - return n; -} - -void -log_inc_errorcount (void) -{ - errorcount++; -} - - -/* The following 3 functions are used by es_fopencookie to write logs - to a socket. */ -struct fun_cookie_s -{ - int fd; - int quiet; - int want_socket; - int is_socket; -#ifdef HAVE_W32CE_SYSTEM - int use_writefile; -#endif - char name[1]; -}; - - -/* Write NBYTES of BUFFER to file descriptor FD. */ -static int -writen (int fd, const void *buffer, size_t nbytes, int is_socket) -{ - const char *buf = buffer; - size_t nleft = nbytes; - int nwritten; -#ifndef HAVE_W32_SYSTEM - (void)is_socket; /* Not required. */ -#endif - - while (nleft > 0) - { -#ifdef HAVE_W32_SYSTEM - if (is_socket) - nwritten = send (fd, buf, nleft, 0); - else -#endif - nwritten = write (fd, buf, nleft); - - if (nwritten < 0 && errno == EINTR) - continue; - if (nwritten < 0) - return -1; - nleft -= nwritten; - buf = buf + nwritten; - } - - return 0; -} - - -/* Returns true if STR represents a valid port number in decimal - notation and no garbage is following. */ -static int -parse_portno (const char *str, unsigned short *r_port) -{ - unsigned int value; - - for (value=0; *str && (*str >= '0' && *str <= '9'); str++) - { - value = value * 10 + (*str - '0'); - if (value > 65535) - return 0; - } - if (*str || !value) - return 0; - - *r_port = value; - return 1; -} - - -static gpgrt_ssize_t -fun_writer (void *cookie_arg, const void *buffer, size_t size) -{ - struct fun_cookie_s *cookie = cookie_arg; - - /* FIXME: Use only estream with a callback for socket writing. This - avoids the ugly mix of fd and estream code. */ - - /* Note that we always try to reconnect to the socket but print - error messages only the first time an error occurred. If - RUNNING_DETACHED is set we don't fall back to stderr and even do - not print any error messages. This is needed because detached - processes often close stderr and by writing to file descriptor 2 - we might send the log message to a file not intended for logging - (e.g. a pipe or network connection). */ - if (cookie->want_socket && cookie->fd == -1) - { -#ifdef WITH_IPV6 - struct sockaddr_in6 srvr_addr_in6; -#endif - struct sockaddr_in srvr_addr_in; -#ifndef HAVE_W32_SYSTEM - struct sockaddr_un srvr_addr_un; -#endif - const char *name_for_err = ""; - size_t addrlen; - struct sockaddr *srvr_addr = NULL; - unsigned short port = 0; - int af = AF_LOCAL; - int pf = PF_LOCAL; - const char *name = cookie->name; - - /* Not yet open or meanwhile closed due to an error. */ - cookie->is_socket = 0; - - /* Check whether this is a TCP socket or a local socket. */ - if (!strncmp (name, "tcp://", 6) && name[6]) - { - name += 6; - af = AF_INET; - pf = PF_INET; - } -#ifndef HAVE_W32_SYSTEM - else if (!strncmp (name, "socket://", 9)) - name += 9; -#endif - - if (af == AF_LOCAL) - { - addrlen = 0; -#ifndef HAVE_W32_SYSTEM - memset (&srvr_addr, 0, sizeof srvr_addr); - srvr_addr_un.sun_family = af; - if (!*name && (name = socket_dir_cb ()) && *name) - { - if (strlen (name) + 7 < sizeof (srvr_addr_un.sun_path)-1) - { - strncpy (srvr_addr_un.sun_path, - name, sizeof (srvr_addr_un.sun_path)-1); - strcat (srvr_addr_un.sun_path, "/S.log"); - srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0; - srvr_addr = (struct sockaddr *)&srvr_addr_un; - addrlen = SUN_LEN (&srvr_addr_un); - name_for_err = srvr_addr_un.sun_path; - } - } - else - { - if (*name && strlen (name) < sizeof (srvr_addr_un.sun_path)-1) - { - strncpy (srvr_addr_un.sun_path, - name, sizeof (srvr_addr_un.sun_path)-1); - srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0; - srvr_addr = (struct sockaddr *)&srvr_addr_un; - addrlen = SUN_LEN (&srvr_addr_un); - } - } -#endif /*!HAVE_W32SYSTEM*/ - } - else - { - char *addrstr, *p; -#ifdef HAVE_INET_PTON - void *addrbuf = NULL; -#endif /*HAVE_INET_PTON*/ - - addrstr = xtrymalloc (strlen (name) + 1); - if (!addrstr) - addrlen = 0; /* This indicates an error. */ - else if (*name == '[') - { - /* Check for IPv6 literal address. */ - strcpy (addrstr, name+1); - p = strchr (addrstr, ']'); - if (!p || p[1] != ':' || !parse_portno (p+2, &port)) - { - gpg_err_set_errno (EINVAL); - addrlen = 0; - } - else - { - *p = 0; -#ifdef WITH_IPV6 - af = AF_INET6; - pf = PF_INET6; - memset (&srvr_addr_in6, 0, sizeof srvr_addr_in6); - srvr_addr_in6.sin6_family = af; - srvr_addr_in6.sin6_port = htons (port); -#ifdef HAVE_INET_PTON - addrbuf = &srvr_addr_in6.sin6_addr; -#endif /*HAVE_INET_PTON*/ - srvr_addr = (struct sockaddr *)&srvr_addr_in6; - addrlen = sizeof srvr_addr_in6; -#else - gpg_err_set_errno (EAFNOSUPPORT); - addrlen = 0; -#endif - } - } - else - { - /* Check for IPv4 literal address. */ - strcpy (addrstr, name); - p = strchr (addrstr, ':'); - if (!p || !parse_portno (p+1, &port)) - { - gpg_err_set_errno (EINVAL); - addrlen = 0; - } - else - { - *p = 0; - memset (&srvr_addr_in, 0, sizeof srvr_addr_in); - srvr_addr_in.sin_family = af; - srvr_addr_in.sin_port = htons (port); -#ifdef HAVE_INET_PTON - addrbuf = &srvr_addr_in.sin_addr; -#endif /*HAVE_INET_PTON*/ - srvr_addr = (struct sockaddr *)&srvr_addr_in; - addrlen = sizeof srvr_addr_in; - } - } - - if (addrlen) - { -#ifdef HAVE_INET_PTON - if (inet_pton (af, addrstr, addrbuf) != 1) - addrlen = 0; -#else /*!HAVE_INET_PTON*/ - /* We need to use the old function. If we are here v6 - support isn't enabled anyway and thus we can do fine - without. Note that Windows has a compatible inet_pton - function named inetPton, but only since Vista. */ - srvr_addr_in.sin_addr.s_addr = inet_addr (addrstr); - if (srvr_addr_in.sin_addr.s_addr == INADDR_NONE) - addrlen = 0; -#endif /*!HAVE_INET_PTON*/ - } - - xfree (addrstr); - } - - cookie->fd = addrlen? socket (pf, SOCK_STREAM, 0) : -1; - if (cookie->fd == -1) - { - if (!cookie->quiet && !running_detached - && isatty (es_fileno (es_stderr))) - es_fprintf (es_stderr, "failed to create socket for logging: %s\n", - strerror(errno)); - } - else - { - if (connect (cookie->fd, srvr_addr, addrlen) == -1) - { - if (!cookie->quiet && !running_detached - && isatty (es_fileno (es_stderr))) - es_fprintf (es_stderr, "can't connect to '%s%s': %s\n", - cookie->name, name_for_err, strerror(errno)); - sock_close (cookie->fd); - cookie->fd = -1; - } - } - - if (cookie->fd == -1) - { - if (!running_detached) - { - /* Due to all the problems with apps not running - detached but being called with stderr closed or used - for a different purposes, it does not make sense to - switch to stderr. We therefore disable it. */ - if (!cookie->quiet) - { - /* fputs ("switching logging to stderr\n", stderr);*/ - cookie->quiet = 1; - } - cookie->fd = -1; /*fileno (stderr);*/ - } - } - else /* Connection has been established. */ - { - cookie->quiet = 0; - cookie->is_socket = 1; - } - } - - log_socket = cookie->fd; - if (cookie->fd != -1) - { -#ifdef HAVE_W32CE_SYSTEM - if (cookie->use_writefile) - { - DWORD nwritten; - - WriteFile ((HANDLE)cookie->fd, buffer, size, &nwritten, NULL); - return (gpgrt_ssize_t)size; /* Okay. */ - } -#endif - if (!writen (cookie->fd, buffer, size, cookie->is_socket)) - return (gpgrt_ssize_t)size; /* Okay. */ - } - - if (!running_detached && cookie->fd != -1 - && isatty (es_fileno (es_stderr))) - { - if (*cookie->name) - es_fprintf (es_stderr, "error writing to '%s': %s\n", - cookie->name, strerror(errno)); - else - es_fprintf (es_stderr, "error writing to file descriptor %d: %s\n", - cookie->fd, strerror(errno)); - } - if (cookie->is_socket && cookie->fd != -1) - { - sock_close (cookie->fd); - cookie->fd = -1; - log_socket = -1; - } - - return (gpgrt_ssize_t)size; -} - - -static int -fun_closer (void *cookie_arg) -{ - struct fun_cookie_s *cookie = cookie_arg; - - if (cookie->fd != -1 && cookie->fd != 2) - sock_close (cookie->fd); - xfree (cookie); - log_socket = -1; - return 0; -} - - -/* Common function to either set the logging to a file or a file - descriptor. */ -static void -set_file_fd (const char *name, int fd) -{ - estream_t fp; - int want_socket; -#ifdef HAVE_W32CE_SYSTEM - int use_writefile = 0; -#endif - struct fun_cookie_s *cookie; - - /* Close an open log stream. */ - if (logstream) - { - if (logstream != es_stderr) - es_fclose (logstream); - logstream = NULL; - } - - /* Figure out what kind of logging we want. */ - if (name && !strcmp (name, "-")) - { - name = NULL; - fd = es_fileno (es_stderr); - } - - want_socket = 0; - if (name && !strncmp (name, "tcp://", 6) && name[6]) - want_socket = 1; -#ifndef HAVE_W32_SYSTEM - else if (name && !strncmp (name, "socket://", 9)) - want_socket = 2; -#endif /*HAVE_W32_SYSTEM*/ -#ifdef HAVE_W32CE_SYSTEM - else if (name && !strcmp (name, "GPG2:")) - { - HANDLE hd; - - ActivateDevice (L"Drivers\\"GNUPG_NAME"_Log", 0); - /* Ignore a filename and write the debug output to the GPG2: - device. */ - hd = CreateFile (L"GPG2:", GENERIC_WRITE, - FILE_SHARE_READ | FILE_SHARE_WRITE, - NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - fd = (hd == INVALID_HANDLE_VALUE)? -1 : (int)hd; - name = NULL; - force_prefixes = 1; - use_writefile = 1; - } -#endif /*HAVE_W32CE_SYSTEM*/ - - /* Setup a new stream. */ - - /* The xmalloc below is justified because we can expect that this - function is called only during initialization and there is no - easy way out of this error condition. */ - cookie = xmalloc (sizeof *cookie + (name? strlen (name):0)); - strcpy (cookie->name, name? name:""); - cookie->quiet = 0; - cookie->is_socket = 0; - cookie->want_socket = want_socket; -#ifdef HAVE_W32CE_SYSTEM - cookie->use_writefile = use_writefile; -#endif - if (!name) - cookie->fd = fd; - else if (want_socket) - cookie->fd = -1; - else - { - do - cookie->fd = open (name, O_WRONLY|O_APPEND|O_CREAT, - (S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR|S_IWGRP|S_IWOTH)); - while (cookie->fd == -1 && errno == EINTR); - } - log_socket = cookie->fd; - - { - es_cookie_io_functions_t io = { NULL }; - io.func_write = fun_writer; - io.func_close = fun_closer; - - fp = es_fopencookie (cookie, "w", io); - } - - /* On error default to a stderr based estream. */ - if (!fp) - fp = es_stderr; - - es_setvbuf (fp, NULL, _IOLBF, 0); - - logstream = fp; - - /* We always need to print the prefix and the pid for socket mode, - so that the server reading the socket can do something - meaningful. */ - force_prefixes = want_socket; - - missing_lf = 0; -} - - -/* Set the file to write log to. The special names NULL and "-" may - be used to select stderr and names formatted like - "socket:///home/foo/mylogs" may be used to write the logging to the - socket "/home/foo/mylogs". If the connection to the socket fails - or a write error is detected, the function writes to stderr and - tries the next time again to connect the socket. - */ -void -log_set_file (const char *name) -{ - set_file_fd (name? name: "-", -1); -} - -void -log_set_fd (int fd) -{ - if (! gnupg_fd_valid (fd)) - log_fatal ("logger-fd is invalid: %s\n", strerror (errno)); - - set_file_fd (NULL, fd); -} - - -/* Set a function to retrieve the directory name of a socket if - * only "socket://" has been given to log_set_file. */ -void -log_set_socket_dir_cb (const char *(*fnc)(void)) -{ - socket_dir_cb = fnc; -} - - -void -log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value)) -{ - get_pid_suffix_cb = cb; -} - - -void -log_set_prefix (const char *text, unsigned int flags) -{ - if (text) - { - strncpy (prefix_buffer, text, sizeof (prefix_buffer)-1); - prefix_buffer[sizeof (prefix_buffer)-1] = 0; - } - - with_prefix = (flags & GPGRT_LOG_WITH_PREFIX); - with_time = (flags & GPGRT_LOG_WITH_TIME); - with_pid = (flags & GPGRT_LOG_WITH_PID); - running_detached = (flags & GPGRT_LOG_RUN_DETACHED); -#ifdef HAVE_W32_SYSTEM - no_registry = (flags & GPGRT_LOG_NO_REGISTRY); -#endif -} - - -const char * -log_get_prefix (unsigned int *flags) -{ - if (flags) - { - *flags = 0; - if (with_prefix) - *flags |= GPGRT_LOG_WITH_PREFIX; - if (with_time) - *flags |= GPGRT_LOG_WITH_TIME; - if (with_pid) - *flags |= GPGRT_LOG_WITH_PID; - if (running_detached) - *flags |= GPGRT_LOG_RUN_DETACHED; -#ifdef HAVE_W32_SYSTEM - if (no_registry) - *flags |= GPGRT_LOG_NO_REGISTRY; -#endif - } - return prefix_buffer; -} - -/* This function returns true if the file descriptor FD is in use for - logging. This is preferable over a test using log_get_fd in that - it allows the logging code to use more then one file descriptor. */ -int -log_test_fd (int fd) -{ - if (logstream) - { - int tmp = es_fileno (logstream); - if ( tmp != -1 && tmp == fd) - return 1; - } - if (log_socket != -1 && log_socket == fd) - return 1; - return 0; -} - -int -log_get_fd () -{ - return logstream? es_fileno(logstream) : -1; -} - -estream_t -log_get_stream () -{ - if (!logstream) - { - log_set_file (NULL); /* Make sure a log stream has been set. */ - assert (logstream); - } - return logstream; -} - - -static void -print_prefix (int level, int leading_backspace) -{ - if (level != GPGRT_LOG_CONT) - { /* Note this does not work for multiple line logging as we would - * need to print to a buffer first */ - if (with_time && !force_prefixes) - { - struct tm *tp; - time_t atime = time (NULL); - - tp = localtime (&atime); - es_fprintf_unlocked (logstream, "%04d-%02d-%02d %02d:%02d:%02d ", - 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, - tp->tm_hour, tp->tm_min, tp->tm_sec ); - } - if (with_prefix || force_prefixes) - es_fputs_unlocked (prefix_buffer, logstream); - if (with_pid || force_prefixes) - { - unsigned long pidsuf; - int pidfmt; - - if (get_pid_suffix_cb && (pidfmt=get_pid_suffix_cb (&pidsuf))) - es_fprintf_unlocked (logstream, pidfmt == 1? "[%u.%lu]":"[%u.%lx]", - (unsigned int)getpid (), pidsuf); - else - es_fprintf_unlocked (logstream, "[%u]", (unsigned int)getpid ()); - } - if ((!with_time && (with_prefix || with_pid)) || force_prefixes) - es_putc_unlocked (':', logstream); - /* A leading backspace suppresses the extra space so that we can - correctly output, programname, filename and linenumber. */ - if (!leading_backspace - && (with_time || with_prefix || with_pid || force_prefixes)) - es_putc_unlocked (' ', logstream); - } - - switch (level) - { - case GPGRT_LOG_BEGIN: break; - case GPGRT_LOG_CONT: break; - case GPGRT_LOG_INFO: break; - case GPGRT_LOG_WARN: break; - case GPGRT_LOG_ERROR: break; - case GPGRT_LOG_FATAL: es_fputs_unlocked ("Fatal: ",logstream ); break; - case GPGRT_LOG_BUG: es_fputs_unlocked ("Ohhhh jeeee: ", logstream); break; - case GPGRT_LOG_DEBUG: es_fputs_unlocked ("DBG: ", logstream ); break; - default: - es_fprintf_unlocked (logstream,"[Unknown log level %d]: ", level); - break; - } -} - - -static void -do_logv (int level, int ignore_arg_ptr, const char *extrastring, - const char *prefmt, const char *fmt, va_list arg_ptr) -{ - int leading_backspace = (fmt && *fmt == '\b'); - - if (!logstream) - { -#ifdef HAVE_W32_SYSTEM - char *tmp; - - tmp = (no_registry - ? NULL - : read_w32_registry_string (NULL, GNUPG_REGISTRY_DIR, - "DefaultLogFile")); - log_set_file (tmp && *tmp? tmp : NULL); - xfree (tmp); -#else - log_set_file (NULL); /* Make sure a log stream has been set. */ -#endif - assert (logstream); - } - - es_flockfile (logstream); - if (missing_lf && level != GPGRT_LOG_CONT) - es_putc_unlocked ('\n', logstream ); - missing_lf = 0; - - print_prefix (level, leading_backspace); - if (leading_backspace) - fmt++; - - if (fmt) - { - if (prefmt) - es_fputs_unlocked (prefmt, logstream); - - if (ignore_arg_ptr) - { /* This is used by log_string and comes with the extra - * feature that after a LF the next line is indent at the - * length of the prefix. Note that we do not yet include - * the length of the timestamp and pid in the indent - * computation. */ - const char *p, *pend; - - for (p = fmt; (pend = strchr (p, '\n')); p = pend+1) - es_fprintf_unlocked (logstream, "%*s%.*s", - (int)((p != fmt - && (with_prefix || force_prefixes)) - ?strlen (prefix_buffer)+2:0), "", - (int)(pend - p)+1, p); - es_fputs_unlocked (p, logstream); - } - else - es_vfprintf_unlocked (logstream, fmt, arg_ptr); - if (*fmt && fmt[strlen(fmt)-1] != '\n') - missing_lf = 1; - } - - /* If we have an EXTRASTRING print it now while we still hold the - * lock on the logstream. */ - if (extrastring) - { - int c; - - if (missing_lf) - { - es_putc_unlocked ('\n', logstream); - missing_lf = 0; - } - print_prefix (level, leading_backspace); - es_fputs_unlocked (">> ", logstream); - missing_lf = 1; - while ((c = *extrastring++)) - { - missing_lf = 1; - if (c == '\\') - es_fputs_unlocked ("\\\\", logstream); - else if (c == '\r') - es_fputs_unlocked ("\\r", logstream); - else if (c == '\n') - { - es_fputs_unlocked ("\\n\n", logstream); - if (*extrastring) - { - print_prefix (level, leading_backspace); - es_fputs_unlocked (">> ", logstream); - } - else - missing_lf = 0; - } - else - es_putc_unlocked (c, logstream); - } - if (missing_lf) - { - es_putc_unlocked ('\n', logstream); - missing_lf = 0; - } - } - - if (level == GPGRT_LOG_FATAL) - { - if (missing_lf) - es_putc_unlocked ('\n', logstream); - es_funlockfile (logstream); - exit (2); - } - else if (level == GPGRT_LOG_BUG) - { - if (missing_lf) - es_putc_unlocked ('\n', logstream ); - es_funlockfile (logstream); - /* Using backtrace requires a configure test and to pass - * -rdynamic to gcc. Thus we do not enable it now. */ - /* { */ - /* void *btbuf[20]; */ - /* int btidx, btlen; */ - /* char **btstr; */ - - /* btlen = backtrace (btbuf, DIM (btbuf)); */ - /* btstr = backtrace_symbols (btbuf, btlen); */ - /* if (btstr) */ - /* for (btidx=0; btidx < btlen; btidx++) */ - /* log_debug ("[%d] %s\n", btidx, btstr[btidx]); */ - /* } */ - abort (); - } - else - es_funlockfile (logstream); -} - - -void -log_log (int level, const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt) ; - do_logv (level, 0, NULL, NULL, fmt, arg_ptr); - va_end (arg_ptr); -} - - -void -log_logv (int level, const char *fmt, va_list arg_ptr) -{ - do_logv (level, 0, NULL, NULL, fmt, arg_ptr); -} - - -/* Same as log_logv but PREFIX is printed immediately before FMT. - * Note that PREFIX is an additional string and independent of the - * prefix set by log_set_prefix. */ -void -log_logv_prefix (int level, const char *prefix, - const char *fmt, va_list arg_ptr) -{ - do_logv (level, 0, NULL, prefix, fmt, arg_ptr); -} - - -static void -do_log_ignore_arg (int level, const char *str, ...) -{ - va_list arg_ptr; - va_start (arg_ptr, str); - do_logv (level, 1, NULL, NULL, str, arg_ptr); - va_end (arg_ptr); -} - - -/* Log STRING at LEVEL but indent from the second line on by the - * length of the prefix. */ -void -log_string (int level, const char *string) -{ - /* We need a dummy arg_ptr, but there is no portable way to create - * one. So we call the do_logv function through a variadic wrapper. */ - do_log_ignore_arg (level, string); -} - - -void -log_info (const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt); - do_logv (GPGRT_LOG_INFO, 0, NULL, NULL, fmt, arg_ptr); - va_end (arg_ptr); -} - - -void -log_error (const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt); - do_logv (GPGRT_LOG_ERROR, 0, NULL, NULL, fmt, arg_ptr); - va_end (arg_ptr); - /* Protect against counter overflow. */ - if (errorcount < 30000) - errorcount++; -} - - -void -log_fatal (const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt); - do_logv (GPGRT_LOG_FATAL, 0, NULL, NULL, fmt, arg_ptr); - va_end (arg_ptr); - abort (); /* Never called; just to make the compiler happy. */ -} - - -void -log_bug (const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt); - do_logv (GPGRT_LOG_BUG, 0, NULL, NULL, fmt, arg_ptr); - va_end (arg_ptr); - abort (); /* Never called; just to make the compiler happy. */ -} - - -void -log_debug (const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt); - do_logv (GPGRT_LOG_DEBUG, 0, NULL, NULL, fmt, arg_ptr); - va_end (arg_ptr); -} - - -/* The same as log_debug but at the end of the output STRING is - * printed with LFs expanded to include the prefix and a final --end-- - * marker. */ -void -log_debug_string (const char *string, const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt); - do_logv (GPGRT_LOG_DEBUG, 0, string, NULL, fmt, arg_ptr); - va_end (arg_ptr); -} - - -void -log_printf (const char *fmt, ...) -{ - va_list arg_ptr; - - va_start (arg_ptr, fmt); - do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, NULL, NULL, fmt, arg_ptr); - va_end (arg_ptr); -} - - -/* Flush the log - this is useful to make sure that the trailing - linefeed has been printed. */ -void -log_flush (void) -{ - do_log_ignore_arg (GPGRT_LOG_CONT, NULL); -} - - -/* Print a hexdump of BUFFER. With TEXT of NULL print just the raw - dump, with TEXT just an empty string, print a trailing linefeed, - otherwise print an entire debug line. */ -void -log_printhex (const void *buffer, size_t length, const char *text) -{ - if (text && *text) - log_debug ("%s ", text); - if (length) - { - const unsigned char *p = buffer; - log_printf ("%02X", *p); - for (length--, p++; length--; p++) - log_printf (" %02X", *p); - } - if (text) - log_printf ("\n"); -} - - -/* -void -log_printcanon () {} -is found in sexputils.c -*/ - -/* -void -log_printsexp () {} -is found in sexputils.c -*/ - -/* Print a microsecond timestamp followed by a FORMAT. */ -void -log_clock (const char *fmt, ...) -{ -#if ENABLE_LOG_CLOCK - static unsigned long long initial; - struct timespec tv; - unsigned long long now; - char clockbuf[50]; - va_list arg_ptr; - - if (clock_gettime (CLOCK_REALTIME, &tv)) - { - log_debug ("error getting the realtime clock value\n"); - return; - } - now = tv.tv_sec * 1000000000ull; - now += tv.tv_nsec; - - if (!initial) - initial = now; - - snprintf (clockbuf, sizeof clockbuf, "[%6llu] ", (now - initial)/1000); - va_start (arg_ptr, fmt); - do_logv (GPGRT_LOG_DEBUG, 0, NULL, clockbuf, fmt, arg_ptr); - va_end (arg_ptr); - -#else /*!ENABLE_LOG_CLOCK*/ - - /* You may need to link with -ltr to use the above code. */ - va_list arg_ptr; - - va_start (arg_ptr, fmt); - do_logv (GPGRT_LOG_DEBUG, 0, NULL, "[no clock] ", fmt, arg_ptr); - va_end (arg_ptr); - -#endif /*!ENABLE_LOG_CLOCK*/ -} - - -#ifdef GPGRT_HAVE_MACRO_FUNCTION -void -bug_at( const char *file, int line, const char *func ) -{ - log_log (GPGRT_LOG_BUG, "... this is a bug (%s:%d:%s)\n", file, line, func); - abort (); /* Never called; just to make the compiler happy. */ -} -#else /*!GPGRT_HAVE_MACRO_FUNCTION*/ -void -bug_at( const char *file, int line ) -{ - log_log (GPGRT_LOG_BUG, "you found a bug ... (%s:%d)\n", file, line); - abort (); /* Never called; just to make the compiler happy. */ -} -#endif /*!GPGRT_HAVE_MACRO_FUNCTION*/ - - -#ifdef GPGRT_HAVE_MACRO_FUNCTION -void -_log_assert (const char *expr, const char *file, int line, const char *func) -{ - log_log (GPGRT_LOG_BUG, "Assertion \"%s\" in %s failed (%s:%d)\n", - expr, func, file, line); - abort (); /* Never called; just to make the compiler happy. */ -} -#else /*!GPGRT_HAVE_MACRO_FUNCTION*/ -void -_log_assert (const char *expr, const char *file, int line) -{ - log_log (GPGRT_LOG_BUG, "Assertion \"%s\" failed (%s:%d)\n", - expr, file, line); - abort (); /* Never called; just to make the compiler happy. */ -} -#endif /*!GPGRT_HAVE_MACRO_FUNCTION*/ - -#endif /* Use our own logging functions. */ diff --git a/common/logging.h b/common/logging.h index a20b8f8..a5800cb 100644 --- a/common/logging.h +++ b/common/logging.h @@ -38,10 +38,9 @@ #include "mischelp.h" #include "w32help.h" -#if defined(GPGRT_ENABLE_LOG_MACROS) && defined(log_debug_string) - /* We use the libgpg-error provided log functions. but we need one - * more function: */ -# ifdef GPGRT_HAVE_MACRO_FUNCTION +/* We use the libgpg-error provided log functions. but we need one + * more function: */ +#ifdef GPGRT_HAVE_MACRO_FUNCTION # define BUG() bug_at ( __FILE__, __LINE__, __FUNCTION__) static inline void bug_at (const char *file, int line, const char *func) GPGRT_ATTR_NORETURN; @@ -52,7 +51,7 @@ bug_at (const char *file, int line, const char *func) file, line, func); abort (); } -# else +#else # define BUG() bug_at ( __FILE__, __LINE__) static inline void bug_at (const char *file, int line) GPGRT_ATTR_NORETURN; @@ -62,94 +61,9 @@ bug_at (const char *file, int line) gpgrt_log (GPGRT_LOGLVL_BUG, "there is a bug at %s:%d\n", file, line); abort (); } -# endif /*!GPGRT_HAVE_MACRO_FUNCTION*/ - - -#else /* Use gnupg internal logging functions. */ - -int log_get_errorcount (int clear); -void log_inc_errorcount (void); -void log_set_file( const char *name ); -void log_set_fd (int fd); -void log_set_socket_dir_cb (const char *(*fnc)(void)); -void log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value)); -void log_set_prefix (const char *text, unsigned int flags); -const char *log_get_prefix (unsigned int *flags); -int log_test_fd (int fd); -int log_get_fd(void); -estream_t log_get_stream (void); - -#ifdef GPGRT_HAVE_MACRO_FUNCTION - void bug_at (const char *file, int line, const char *func) - GPGRT_ATTR_NORETURN; - void _log_assert (const char *expr, const char *file, int line, - const char *func) GPGRT_ATTR_NORETURN; -# define BUG() bug_at( __FILE__ , __LINE__, __FUNCTION__) -# define log_assert(expr) \ - ((expr) \ - ? (void) 0 \ - : _log_assert (#expr, __FILE__, __LINE__, __FUNCTION__)) -#else /*!GPGRT_HAVE_MACRO_FUNCTION*/ - void bug_at (const char *file, int line); - void _log_assert (const char *expr, const char *file, int line); -# define BUG() bug_at( __FILE__ , __LINE__ ) -# define log_assert(expr) \ - ((expr) \ - ? (void) 0 \ - : _log_assert (#expr, __FILE__, __LINE__)) #endif /*!GPGRT_HAVE_MACRO_FUNCTION*/ -/* Flag values for log_set_prefix. */ -#define GPGRT_LOG_WITH_PREFIX 1 -#define GPGRT_LOG_WITH_TIME 2 -#define GPGRT_LOG_WITH_PID 4 -#define GPGRT_LOG_RUN_DETACHED 256 -#define GPGRT_LOG_NO_REGISTRY 512 - -/* Log levels as used by log_log. */ -enum jnlib_log_levels { - GPGRT_LOG_BEGIN, - GPGRT_LOG_CONT, - GPGRT_LOG_INFO, - GPGRT_LOG_WARN, - GPGRT_LOG_ERROR, - GPGRT_LOG_FATAL, - GPGRT_LOG_BUG, - GPGRT_LOG_DEBUG -}; -#define GPGRT_LOGLVL_BEGIN GPGRT_LOG_BEGIN -#define GPGRT_LOGLVL_CONT GPGRT_LOG_CONT -#define GPGRT_LOGLVL_INFO GPGRT_LOG_INFO -#define GPGRT_LOGLVL_WARN GPGRT_LOG_WARN -#define GPGRT_LOGLVL_ERROR GPGRT_LOG_ERROR -#define GPGRT_LOGLVL_FATAL GPGRT_LOG_FATAL -#define GPGRT_LOGLVL_BUG GPGRT_LOG_BUG -#define GPGRT_LOGLVL_DEBUG GPGRT_LOG_DEBUG - -void log_log (int level, const char *fmt, ...) GPGRT_ATTR_PRINTF(2,3); -void log_logv (int level, const char *fmt, va_list arg_ptr); -void log_logv_prefix (int level, const char *prefix, - const char *fmt, va_list arg_ptr); -void log_string (int level, const char *string); -void log_bug (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2); -void log_fatal (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2); -void log_error (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); -void log_info (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); -void log_debug (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); -void log_debug_string (const char *string, const char *fmt, - ...) GPGRT_ATTR_PRINTF(2,3); -void log_printf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); -void log_flush (void); - -/* Print a hexdump of BUFFER. With TEXT passes as NULL print just the - raw dump, with TEXT being an empty string, print a trailing - linefeed, otherwise print an entire debug line with TEXT followed - by the hexdump and a final LF. */ -void log_printhex (const void *buffer, size_t length, const char *text); - -void log_clock (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); -#endif /* Use gnupg internal logging functions. */ /* Some handy assertion macros which don't abort. */ diff --git a/common/util.h b/common/util.h index f372281..123d880 100644 --- a/common/util.h +++ b/common/util.h @@ -39,21 +39,6 @@ * libgpg-error version. Define them here. * Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21) */ -#if GPG_ERROR_VERSION_NUMBER < 0x011a00 /* 1.26 */ -# define GPG_ERR_UNKNOWN_FLAG 309 -# define GPG_ERR_INV_ORDER 310 -# define GPG_ERR_ALREADY_FETCHED 311 -# define GPG_ERR_TRY_LATER 312 -# define GPG_ERR_SYSTEM_BUG 666 -# define GPG_ERR_DNS_UNKNOWN 711 -# define GPG_ERR_DNS_SECTION 712 -# define GPG_ERR_DNS_ADDRESS 713 -# define GPG_ERR_DNS_NO_QUERY 714 -# define GPG_ERR_DNS_NO_ANSWER 715 -# define GPG_ERR_DNS_CLOSED 716 -# define GPG_ERR_DNS_VERIFY 717 -# define GPG_ERR_DNS_TIMEOUT 718 -#endif /* Hash function used with libksba. */ diff --git a/configure.ac b/configure.ac index 0665115..4916a5c 100644 --- a/configure.ac +++ b/configure.ac @@ -53,7 +53,7 @@ AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org]) # build-aux/speedo.mk and Makefile.am AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg24", [swdb tag for this branch]) -NEED_GPG_ERROR_VERSION=1.24 +NEED_GPG_ERROR_VERSION=1.29 NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.7.0 ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 2 +- common/logging.c | 1121 ---------------------------------------------------- common/logging.h | 94 +---- common/util.h | 15 - configure.ac | 2 +- 5 files changed, 6 insertions(+), 1228 deletions(-) delete mode 100644 common/logging.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 14:15:28 2018 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 12 Jun 2018 14:15:28 +0200 Subject: [git] GpgOL - branch, master, updated. outlook-2007-removal-23-ge9839be Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via e9839bebf32222804e986e422fbfc03fbdc266ba (commit) from 2d63f583988753c5c9aae756f8e7c7f7e478a504 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e9839bebf32222804e986e422fbfc03fbdc266ba Author: Andre Heinecke Date: Tue Jun 12 14:14:49 2018 +0200 po: Update portugese translation * po/pt.po: Update translations. -- Translations provided by Marco A.G. Pinto. Thanks! diff --git a/po/pt.po b/po/pt.po index a14281e..a34bd3c 100644 --- a/po/pt.po +++ b/po/pt.po @@ -1,22 +1,24 @@ # pt.po - Portuguese translation for GpgOL # Copyright (C) 2017 g10 Code GmbH # This file is distributed under the same license as the GpgOL package. -# Werner Koch , 2005, 2007. # +# Werner Koch , 2005, 2007. +# aheinecke , 2018. msgid "" msgstr "" "Project-Id-Version: GpgOL 1.1.1\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" "POT-Creation-Date: 2018-06-12 11:16+0200\n" -"PO-Revision-Date: 2018-03-09 11:00+0000\n" -"Last-Translator: Marco A.G.Pinto \n" +"PO-Revision-Date: 2018-06-12 14:14+0100\n" +"Last-Translator: aheinecke \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-SourceCharset: UTF-8\n" -"X-Generator: Poedit 2.0.6\n" +"X-Generator: Lokalize 2.0\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/addin-options.cpp:41 msgid "General" @@ -235,26 +237,27 @@ msgstr "" #: src/mail.cpp:1127 src/mail.cpp:1196 msgid "HTML display disabled." -msgstr "" +msgstr "Mostrar HTML desativado." #: src/mail.cpp:1128 src/mail.cpp:1197 msgid "HTML content in unsigned S/MIME mails is insecure." -msgstr "" +msgstr "O conte?do HTML em e-mails S/MIME n?o assinados ? inseguro." #: src/mail.cpp:1131 src/mail.cpp:1200 msgid "GpgOL will only show such mails as text." -msgstr "" +msgstr "O GpgOL apenas mostrar? esses e-mails como texto." #: src/mail.cpp:1134 -#, fuzzy msgid "This message is shown only once." -msgstr "Esta mensagem n?o est? encriptada." +msgstr "Esta mensagem ? apenas mostrada uma vez." #: src/mail.cpp:1203 msgid "" "Please ask the sender to sign the message or\n" "to send it with a plain text alternative." msgstr "" +"Por favor, pede ao remetente para assinar a mensagem ou\n" +"para envi?-la com a alternativa de texto simples." #: src/mail.cpp:1374 msgid "GpgOL: Oops, G Suite Sync account detected" @@ -560,25 +563,29 @@ msgstr "" #: src/mailitem-events.cpp:779 msgid "Dangerous reply" -msgstr "" +msgstr "Resposta perigosa" #: src/mailitem-events.cpp:780 msgid "Dangerous forward" -msgstr "" +msgstr "Encaminhamento perigoso" #: src/mailitem-events.cpp:781 msgid "Unsigned S/MIME mails are not integrity protected." -msgstr "" +msgstr "Os e-mails S/MIME n?o assinados n?o t?m a integridade protegida." #: src/mailitem-events.cpp:787 msgid "For security reasons no decrypted contents are included in this reply." msgstr "" +"Por raz?es de seguran?a, os conte?dos desencriptados n?o s?o inclu?dos nesta" +" resposta." #: src/mailitem-events.cpp:792 msgid "" "For security reasons no decrypted contents are included in the forwarded " "mail." msgstr "" +"Por raz?es de seguran?a, os conte?dos desencriptados n?o s?o inclu?dos no" +" e-mail encaminhado." #: src/mailitem-events.cpp:847 msgid "" @@ -633,6 +640,8 @@ msgid "" "Data is not integrity protected. Decrypting it could be a security problem. " "(no MDC)" msgstr "" +"Os dados n?o t?m a integridade protegida. Desencriptar poder? ser um problema" +" de seguran?a. (sem MDC)" #: src/parsecontroller.cpp:219 src/parsecontroller.cpp:295 msgid "Encrypted message (decryption not possible)" ----------------------------------------------------------------------- Summary of changes: po/pt.po | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 12 16:13:01 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Jun 2018 16:13:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.7-151-gcb52eb7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cb52eb76b3ba0269742c5322e10a2b5151dafaf2 (commit) from 440472663d608660343c54f09172c851f5127c9c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cb52eb76b3ba0269742c5322e10a2b5151dafaf2 Author: Werner Koch Date: Tue Jun 12 16:11:19 2018 +0200 Some preparations to eventuallt use gpgrt_argparse. * configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New. * tools/watchgnupg.c (print_version): USe this macro. * common/init.c (_init_common_subsystems): Register argparse functions. Signed-off-by: Werner Koch diff --git a/common/init.c b/common/init.c index 86b71e5..f62c5cd 100644 --- a/common/init.c +++ b/common/init.c @@ -210,7 +210,11 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp) } /* --version et al shall use estream as well. */ - argparse_register_outfnc (writestring_via_estream); + argparse_register_outfnc (writestring_via_estream); /* legacy. */ + gpgrt_set_usage_outfnc (writestring_via_estream); + + /* Register our string mapper with gpgrt. */ + gpgrt_set_fixed_string_mapper (map_static_macro_string); /* Logging shall use the standard socket directory as fallback. */ log_set_socket_dir_cb (gnupg_socketdir); diff --git a/configure.ac b/configure.ac index 4916a5c..0d270a4 100644 --- a/configure.ac +++ b/configure.ac @@ -507,6 +507,9 @@ AH_BOTTOM([ #define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d" #define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d" +#define GNUPG_DEF_COPYRIGHT_LINE \ + "Copyright (C) 2018 Free Software Foundation, Inc." + /* For some systems (DOS currently), we hardcode the path here. For POSIX systems the values are constructed by the Makefiles, so that the values may be overridden by the make invocations; this is to diff --git a/g10/gpg.c b/g10/gpg.c index 8effc53..600f844 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3625,7 +3625,7 @@ main (int argc, char **argv) else { pargs.err = ARGPARSE_PRINT_ERROR; - /* The argparse fucntion calls a plain exit and thus + /* The argparse function calls a plain exit and thus * we need to print a status here. */ write_status_failure ("option-parser", gpg_error(GPG_ERR_GENERAL)); diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c index fc58d14..1db1c78 100644 --- a/tools/watchgnupg.c +++ b/tools/watchgnupg.c @@ -253,7 +253,7 @@ static void print_version (int with_help) { fputs (MYVERSION_LINE "\n" - "Copyright (C) 2017 Free Software Foundation, Inc.\n" + GNUPG_DEF_COPYRIGHT_LINE "\n" "License GPLv3+: " "GNU GPL version 3 or later \n" "This is free software: you are free to change and redistribute it.\n" ----------------------------------------------------------------------- Summary of changes: common/init.c | 6 +++++- configure.ac | 3 +++ g10/gpg.c | 2 +- tools/watchgnupg.c | 2 +- 4 files changed, 10 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 09:00:15 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 13 Jun 2018 09:00:15 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-71-g9010d15 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9010d1576e278a4274ad3f4aa15776c28f6ba965 (commit) from 7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9010d1576e278a4274ad3f4aa15776c28f6ba965 Author: NIIBE Yutaka Date: Wed Jun 13 15:28:58 2018 +0900 ecc: Add blinding for ECDSA. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with randomized nonce B. -- Reported-by: Keegan Ryan CVE-id: CVE-2018-0495 Signed-off-by: NIIBE Yutaka diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c index 1484830..140e8c0 100644 --- a/cipher/ecc-ecdsa.c +++ b/cipher/ecc-ecdsa.c @@ -50,6 +50,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, const void *abuf; unsigned int abits, qbits; mpi_ec_t ctx; + gcry_mpi_t b; /* Random number needed for blinding. */ + gcry_mpi_t bi; /* multiplicative inverse of B. */ if (DBG_CIPHER) log_mpidump ("ecdsa sign hash ", input ); @@ -61,6 +63,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, if (rc) return rc; + b = mpi_snew (qbits); + bi = mpi_snew (qbits); + do + { + _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM); + mpi_mod (b, b, skey->E.n); + } + while (!mpi_invm (bi, b, skey->E.n)); + k = NULL; dr = mpi_alloc (0); sum = mpi_alloc (0); @@ -115,8 +126,11 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, } while (!mpi_cmp_ui (r, 0)); - mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */ - mpi_addm (sum, hash, dr, skey->E.n); /* sum = hash + (d*r) mod n */ + mpi_mulm (dr, b, skey->d, skey->E.n); + mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n (blinded with b) */ + mpi_mulm (sum, b, hash, skey->E.n); + mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n (blinded with b) */ + mpi_mulm (sum, bi, sum, skey->E.n); /* undo blinding by b^-1 */ mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */ mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */ } @@ -129,6 +143,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, } leave: + mpi_free (b); + mpi_free (bi); _gcry_mpi_ec_free (ctx); point_free (&I); mpi_free (x); ----------------------------------------------------------------------- Summary of changes: cipher/ecc-ecdsa.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 09:00:29 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 13 Jun 2018 09:00:29 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1.8-BRANCH, updated. libgcrypt-1.8.2-16-g9be06c6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1.8-BRANCH has been updated via 9be06c6b2e5c96edf40e566bbf51d44c4d46fb07 (commit) from 846f8fe8b3be6d235592db184361df1bc2b07a8a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9be06c6b2e5c96edf40e566bbf51d44c4d46fb07 Author: NIIBE Yutaka Date: Wed Jun 13 15:28:58 2018 +0900 ecc: Add blinding for ECDSA. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with randomized nonce B. -- (cherry picked from commit 9010d1576e278a4274ad3f4aa15776c28f6ba965) Reported-by: Keegan Ryan CVE-id: CVE-2018-0495 Signed-off-by: NIIBE Yutaka diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c index 1484830..140e8c0 100644 --- a/cipher/ecc-ecdsa.c +++ b/cipher/ecc-ecdsa.c @@ -50,6 +50,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, const void *abuf; unsigned int abits, qbits; mpi_ec_t ctx; + gcry_mpi_t b; /* Random number needed for blinding. */ + gcry_mpi_t bi; /* multiplicative inverse of B. */ if (DBG_CIPHER) log_mpidump ("ecdsa sign hash ", input ); @@ -61,6 +63,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, if (rc) return rc; + b = mpi_snew (qbits); + bi = mpi_snew (qbits); + do + { + _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM); + mpi_mod (b, b, skey->E.n); + } + while (!mpi_invm (bi, b, skey->E.n)); + k = NULL; dr = mpi_alloc (0); sum = mpi_alloc (0); @@ -115,8 +126,11 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, } while (!mpi_cmp_ui (r, 0)); - mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */ - mpi_addm (sum, hash, dr, skey->E.n); /* sum = hash + (d*r) mod n */ + mpi_mulm (dr, b, skey->d, skey->E.n); + mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n (blinded with b) */ + mpi_mulm (sum, b, hash, skey->E.n); + mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n (blinded with b) */ + mpi_mulm (sum, bi, sum, skey->E.n); /* undo blinding by b^-1 */ mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */ mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */ } @@ -129,6 +143,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, } leave: + mpi_free (b); + mpi_free (bi); _gcry_mpi_ec_free (ctx); point_free (&I); mpi_free (x); ----------------------------------------------------------------------- Summary of changes: cipher/ecc-ecdsa.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 09:00:48 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 13 Jun 2018 09:00:48 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.9-2-g325ab0b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via 325ab0b312e624cc581111e1f6ad38b20e5c18c7 (commit) from e16a71c777b7c4ea62be06de5b3cecd3a701a10b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 325ab0b312e624cc581111e1f6ad38b20e5c18c7 Author: NIIBE Yutaka Date: Wed Jun 13 15:28:58 2018 +0900 ecc: Add blinding for ECDSA. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with randomized nonce B. -- (cherry picked from commit 9010d1576e278a4274ad3f4aa15776c28f6ba965) Reported-by: Keegan Ryan CVE-id: CVE-2018-0495 Signed-off-by: NIIBE Yutaka diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c index 1484830..140e8c0 100644 --- a/cipher/ecc-ecdsa.c +++ b/cipher/ecc-ecdsa.c @@ -50,6 +50,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, const void *abuf; unsigned int abits, qbits; mpi_ec_t ctx; + gcry_mpi_t b; /* Random number needed for blinding. */ + gcry_mpi_t bi; /* multiplicative inverse of B. */ if (DBG_CIPHER) log_mpidump ("ecdsa sign hash ", input ); @@ -61,6 +63,15 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, if (rc) return rc; + b = mpi_snew (qbits); + bi = mpi_snew (qbits); + do + { + _gcry_mpi_randomize (b, qbits, GCRY_WEAK_RANDOM); + mpi_mod (b, b, skey->E.n); + } + while (!mpi_invm (bi, b, skey->E.n)); + k = NULL; dr = mpi_alloc (0); sum = mpi_alloc (0); @@ -115,8 +126,11 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, } while (!mpi_cmp_ui (r, 0)); - mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */ - mpi_addm (sum, hash, dr, skey->E.n); /* sum = hash + (d*r) mod n */ + mpi_mulm (dr, b, skey->d, skey->E.n); + mpi_mulm (dr, dr, r, skey->E.n); /* dr = d*r mod n (blinded with b) */ + mpi_mulm (sum, b, hash, skey->E.n); + mpi_addm (sum, sum, dr, skey->E.n); /* sum = hash + (d*r) mod n (blinded with b) */ + mpi_mulm (sum, bi, sum, skey->E.n); /* undo blinding by b^-1 */ mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */ mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */ } @@ -129,6 +143,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey, } leave: + mpi_free (b); + mpi_free (bi); _gcry_mpi_ec_free (ctx); point_free (&I); mpi_free (x); ----------------------------------------------------------------------- Summary of changes: cipher/ecc-ecdsa.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 09:07:24 2018 From: cvs at cvs.gnupg.org (by Erwin Bronkhorst) Date: Wed, 13 Jun 2018 09:07:24 +0200 Subject: [git] GpgOL - branch, master, updated. outlook-2007-removal-24-g11b39fb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 11b39fb70f149afcbed8e252fe5ec56212edfc3e (commit) from e9839bebf32222804e986e422fbfc03fbdc266ba (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 11b39fb70f149afcbed8e252fe5ec56212edfc3e Author: Erwin Bronkhorst Date: Mon Jun 4 00:44:09 2018 +0200 Update Dutch translation. diff --git a/po/nl.po b/po/nl.po index bd31a92..899ab2f 100644 --- a/po/nl.po +++ b/po/nl.po @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: GpgOL 2.1.1\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" "POT-Creation-Date: 2018-06-12 11:16+0200\n" -"PO-Revision-Date: 2018-05-14 22:49+0200\n" +"PO-Revision-Date: 2018-06-12 21:28+0200\n" "Last-Translator: Erwin Bronkhorst \n" "Language-Team: \n" "Language: nl\n" @@ -231,26 +231,27 @@ msgstr "Een moment geduld voordat het bericht is ontcijferd / geverifieerd..." #: src/mail.cpp:1127 src/mail.cpp:1196 msgid "HTML display disabled." -msgstr "" +msgstr "Weergave van HTML uitgeschakeld." #: src/mail.cpp:1128 src/mail.cpp:1197 msgid "HTML content in unsigned S/MIME mails is insecure." -msgstr "" +msgstr "HTML-inhoud in niet-ondertekende S/MIME e-mail is onveilig." #: src/mail.cpp:1131 src/mail.cpp:1200 msgid "GpgOL will only show such mails as text." -msgstr "" +msgstr "GpgOL zal dergelijke e-mailberichten alleen als tekst weergeven." #: src/mail.cpp:1134 -#, fuzzy msgid "This message is shown only once." -msgstr "Dit bericht is niet versleuteld." +msgstr "Dit bericht wordt eenmalig weergegeven." #: src/mail.cpp:1203 msgid "" "Please ask the sender to sign the message or\n" "to send it with a plain text alternative." msgstr "" +"Vraag de verzender om het bericht te ondertekenen of\n" +" het als platte tekst te versturen." #: src/mail.cpp:1374 msgid "GpgOL: Oops, G Suite Sync account detected" @@ -564,25 +565,29 @@ msgstr "" #: src/mailitem-events.cpp:779 msgid "Dangerous reply" -msgstr "" +msgstr "Gevaarlijke handeling: Beantwoorden" #: src/mailitem-events.cpp:780 msgid "Dangerous forward" -msgstr "" +msgstr "Gevaarlijke handeling: Doorsturen" #: src/mailitem-events.cpp:781 msgid "Unsigned S/MIME mails are not integrity protected." -msgstr "" +msgstr "Ongetekende S/MAIL e-mailberichten zijn niet beschermd op integriteit." #: src/mailitem-events.cpp:787 msgid "For security reasons no decrypted contents are included in this reply." msgstr "" +"Uit veiligheidsoverwegingen wordt er geen ontsleutelde inhoud ingevoegd in " +"dit antwoord." #: src/mailitem-events.cpp:792 msgid "" "For security reasons no decrypted contents are included in the forwarded " "mail." msgstr "" +"Uit veiligheidsoverwegingen wordt er geen ontsleutelde inhoud ingevoegd in " +"deze doorgestuurde e-mail." #: src/mailitem-events.cpp:847 msgid "" @@ -640,6 +645,8 @@ msgid "" "Data is not integrity protected. Decrypting it could be a security problem. " "(no MDC)" msgstr "" +"Gegevens-integriteit is niet beschermd. Ontcijferen kan een " +"beveiligingsprobleem zijn. (geen MDC)" #: src/parsecontroller.cpp:219 src/parsecontroller.cpp:295 msgid "Encrypted message (decryption not possible)" ----------------------------------------------------------------------- Summary of changes: po/nl.po | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 10:01:37 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jun 2018 10:01:37 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1.8-BRANCH, updated. libgcrypt-1.8.2-18-g6ca6344 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1.8-BRANCH has been updated via 6ca6344429e5ee1657e164509c6b50a717ebec68 (commit) via 5600d2d6b23640b0114655214f18959ee81fe58e (commit) from 9be06c6b2e5c96edf40e566bbf51d44c4d46fb07 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6ca6344429e5ee1657e164509c6b50a717ebec68 Author: Werner Koch Date: Wed Jun 13 10:01:57 2018 +0200 Post release updates -- diff --git a/NEWS b/NEWS index b77980c..b368d76 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.8.4 (unreleased) [C22/A2/R4] +------------------------------------------------ + + Noteworthy changes in version 1.8.3 (2018-06-13) [C22/A2/R3] ------------------------------------------------ @@ -16,6 +20,8 @@ Noteworthy changes in version 1.8.3 (2018-06-13) [C22/A2/R3] - Fix rare assertion failure in gcry_prime_check. + Release info at . + Noteworthy changes in version 1.8.2 (2017-12-13) [C22/A2/R2] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index dfcd4ef..ce11162 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.14" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [8]) -m4_define(mym4_version_micro, [3]) +m4_define(mym4_version_micro, [4]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag @@ -56,7 +56,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=22 LIBGCRYPT_LT_AGE=2 -LIBGCRYPT_LT_REVISION=3 +LIBGCRYPT_LT_REVISION=4 # If the API is changed in an incompatible way: increment the next counter. commit 5600d2d6b23640b0114655214f18959ee81fe58e Author: Werner Koch Date: Wed Jun 13 09:37:25 2018 +0200 Release 1.8.3 diff --git a/AUTHORS b/AUTHORS index 0d1da12..ab7a525 100644 --- a/AUTHORS +++ b/AUTHORS @@ -21,7 +21,7 @@ year that would otherwise be listed individually. List of Copyright holders ========================= - Copyright (C) 1989,1991-2017 Free Software Foundation, Inc. + Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. Copyright (C) 1994 X Consortium Copyright (C) 1996 L. Peter Deutsch Copyright (C) 1997 Werner Koch @@ -30,7 +30,7 @@ List of Copyright holders Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett Copyright (C) 2003 Nikos Mavroyanopoulos Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation) - Copyright (C) 2012-2017 g10 Code GmbH + Copyright (C) 2012-2018 g10 Code GmbH Copyright (C) 2012 Simon Josefsson, Niels M??ller Copyright (c) 2012 Intel Corporation Copyright (C) 2013 Christian Grothoff diff --git a/NEWS b/NEWS index 204ca66..b77980c 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,21 @@ -Noteworthy changes in version 1.8.3 (unreleased) [C22/A2/R3] +Noteworthy changes in version 1.8.3 (2018-06-13) [C22/A2/R3] ------------------------------------------------ + * Bug fixes: + + - Use blinding for ECDSA signing to mitigate a novel side-channel + attack. [#4011,CVE-2018-0495] + + - Fix incorrect counter overflow handling for GCM when using an IV + size other than 96 bit. [#3764] + + - Fix incorrect output of AES-keywrap mode for in-place encryption + on some platforms. + + - Fix the gcry_mpi_ec_curve_point point validation function. + + - Fix rare assertion failure in gcry_prime_check. + Noteworthy changes in version 1.8.2 (2017-12-13) [C22/A2/R2] ------------------------------------------------ diff --git a/README b/README index c14181a..7ac8e4a 100644 --- a/README +++ b/README @@ -1,10 +1,10 @@ Libgcrypt - The GNU Crypto Library ------------------------------------ - Version 1.7 + Version 1.8 - Copyright (C) 1989,1991-2017 Free Software Foundation, Inc. - Copyright (C) 2012-2017 g10 Code GmbH - Copyright (C) 2013-2017 Jussi Kivilinna + Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. + Copyright (C) 2012-2018 g10 Code GmbH + Copyright (C) 2013-2018 Jussi Kivilinna Libgcrypt is free software. See the file AUTHORS for full copying notices, and LICENSES for notices about contributions that require diff --git a/compat/compat.c b/compat/compat.c index b835293..8b001de 100644 --- a/compat/compat.c +++ b/compat/compat.c @@ -30,9 +30,9 @@ _gcry_compat_identification (void) static const char blurb[] = "\n\n" "This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n" - "Copyright (C) 2000-2017 Free Software Foundation, Inc.\n" - "Copyright (C) 2012-2017 g10 Code GmbH\n" - "Copyright (C) 2013-2017 Jussi Kivilinna\n" + "Copyright (C) 2000-2018 Free Software Foundation, Inc.\n" + "Copyright (C) 2012-2018 g10 Code GmbH\n" + "Copyright (C) 2013-2018 Jussi Kivilinna\n" "\n" "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n" "\n\n"; diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index d2e6293..c18b498 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2651,10 +2651,10 @@ S-expression returned is: Where @var{r-mpi} and @var{s-mpi} are the result of the DSA sign operation. -For Elgamal signing (which is slow, yields large numbers and probably -is not as secure as the other algorithms), the same format is used -with "elg" replacing "dsa"; for ECDSA signing, the same format is used -with "ecdsa" replacing "dsa". +For Elgamal signing (which is slow, yields large numbers, hard to use +correctly and probably is not as secure as the other algorithms), the +same format is used with "elg" replacing "dsa"; for ECDSA signing, the +same format is used with "ecdsa" replacing "dsa". For the EdDSA algorithm (cf. Ed25515) the required input parameters are: diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index b85d494..ea06612 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0" VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT at .@LIBGCRYPT_LT_AGE at .@LIBGCRYPT_LT_REVISION at .@BUILD_REVISION@\0" VALUE "InternalName", "libgcrypt\0" - VALUE "LegalCopyright", "Copyright ? 2017 Free Software Foundation, Inc.\0" + VALUE "LegalCopyright", "Copyright ? 2018 Free Software Foundation, Inc.\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libgcrypt.dll\0" VALUE "PrivateBuild", "\0" ----------------------------------------------------------------------- Summary of changes: AUTHORS | 4 ++-- NEWS | 23 ++++++++++++++++++++++- README | 8 ++++---- compat/compat.c | 6 +++--- configure.ac | 4 ++-- doc/gcrypt.texi | 8 ++++---- src/versioninfo.rc.in | 2 +- 7 files changed, 38 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 10:03:59 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jun 2018 10:03:59 +0200 Subject: [git] gnupg-doc - branch, master, updated. 823e9076f87a86ea258f6cf5cb0699b033365f11 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 823e9076f87a86ea258f6cf5cb0699b033365f11 (commit) from 51549ca5dbdc01c920fcbd5956f17de439e91d86 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 823e9076f87a86ea258f6cf5cb0699b033365f11 Author: Werner Koch Date: Wed Jun 13 10:04:28 2018 +0200 swdb: Libgcrypt 1.8.3 diff --git a/web/swdb.mac b/web/swdb.mac index 09a3730..4b6cb19 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -97,11 +97,11 @@ # # LIBGCRYPT # -#+macro: libgcrypt_ver 1.8.2 -#+macro: libgcrypt_date 2017-12-13 -#+macro: libgcrypt_size 2897k -#+macro: libgcrypt_sha1 ab8aae5d7a68f8e0988f90e11e7f6a4805af5c8d -#+macro: libgcrypt_sha2 c8064cae7558144b13ef0eb87093412380efa16c4ee30ad12ecb54886a524c07 +#+macro: libgcrypt_ver 1.8.3 +#+macro: libgcrypt_date 2018-06-13 +#+macro: libgcrypt_size 2919k +#+macro: libgcrypt_sha1 13bd2ce69e59ab538e959911dfae80ea309636e3 +#+macro: libgcrypt_sha2 66ec90be036747602f2b48f98312361a9180c97c68a690a5f376fa0f67d0af7c # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 10:17:02 2018 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 13 Jun 2018 10:17:02 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.9-6-g3caf35a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via 3caf35a49cb62fb59834b5027ff299e2363a03c4 (commit) via 6dd0cf0744db29ef0d86830dd70f14381f0a5f56 (commit) via 3600e1224f6c89b3e637bdf1cf527ecc9a69afeb (commit) via 528a06b48389c9f10a1b10ff34cdc87bd3723a22 (commit) from 325ab0b312e624cc581111e1f6ad38b20e5c18c7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3caf35a49cb62fb59834b5027ff299e2363a03c4 Author: Jussi Kivilinna Date: Wed Jan 31 20:02:48 2018 +0200 Fix incorrect counter overflow handling for GCM * cipher/cipher-gcm.c (gcm_ctr_encrypt): New function to handle 32-bit CTR increment for GCM. (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Do not use generic CTR implementation directly, use gcm_ctr_encrypt instead. * tests/basic.c (_check_gcm_cipher): Add test-vectors for 32-bit CTR overflow. (check_gcm_cipher): Add 'split input to 15 bytes and 17 bytes' test-runs. -- Reported-by: Clemens Lang # ------------------------ >8 ------------------------ > I believe we have found what seems to be a bug in counter overflow > handling in AES-GCM in libgcrypt's implementation. This leads to > incorrect results when using a non-12-byte IV and decrypting payloads > encrypted with other AES-GCM implementations, such as OpenSSL. > > According to the NIST Special Publication 800-38D "Recommendation for > Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC", > section 7.1, algorithm 4, step 3 [NIST38D], the counter increment is > defined as inc_32. Section 6.2 of the same document defines the > incrementing function inc_s for positive integers s as follows: > > | the function increments the right-most s bits of the string, regarded > | as the binary representation of an integer, modulo 2^s; the remaining, > | left-most len(X) - s bits remain unchanged > > (X is the complete counter value in this case) > > This problem does not occur when using a 12-byte IV, because AES-GCM has > a special case for the inital counter value with 12-byte IVs: > > | If len(IV)=96, then J_0 = IV || 0^31 || 1 > > i.e., one would have to encrypt (UINT_MAX - 1) * blocksize of data to > hit an overflow. However, for non-12-byte IVs, the initial counter value > is the output of a hash function, which makes hitting an overflow much > more likely. > > In practice, we have found that using > > iv = 9e 79 18 8c ff 09 56 1e c9 90 99 cc 6d 5d f6 d3 > key = 26 56 e5 73 76 03 c6 95 0d 22 07 31 5d 32 5c 6b a5 54 5f 40 23 98 60 f6 f7 06 6f 7a 4f c2 ca 40 > > will reliably trigger an overflow when encrypting 10 MiB of data. It > seems that this is caused by re-using the AES-CTR implementation for > incrementing the counter. # ------------------------ 8< ------------------------ Bug was introduced by commit bd4bd23a2511a4bce63c3217cca0d4ecf0c79532 "GCM: Use counter mode code for speed-up". GnuPG-bug-id: 3764 Signed-off-by: Jussi Kivilinna (cherry picked from commit ffdc6f3623a0bcb41324d562340b2cd1c288e387) Resolved conflicts: tests/basic.c - use new constified version of TV. Added scissor lines to the original commit messages. Signed-off-by: Werner Koch (cherry picked from commit 0a391b259adcd7ea734dc03c2048a135e018166d) diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index 2b8b454..6169d14 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -1,6 +1,6 @@ /* cipher-gcm.c - Generic Galois Counter Mode implementation * Copyright (C) 2013 Dmitry Eremin-Solenikov - * Copyright (C) 2013 Jussi Kivilinna + * Copyright (C) 2013, 2018 Jussi Kivilinna * * This file is part of Libgcrypt. * @@ -556,6 +556,77 @@ do_ghash_buf(gcry_cipher_hd_t c, byte *hash, const byte *buf, } +static gcry_err_code_t +gcm_ctr_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, + const byte *inbuf, size_t inbuflen) +{ + gcry_err_code_t err = 0; + + while (inbuflen) + { + u32 nblocks_to_overflow; + u32 num_ctr_increments; + u32 curr_ctr_low; + size_t currlen = inbuflen; + byte ctr_copy[GCRY_GCM_BLOCK_LEN]; + int fix_ctr = 0; + + /* GCM CTR increments only least significant 32-bits, without carry + * to upper 96-bits of counter. Using generic CTR implementation + * directly would carry 32-bit overflow to upper 96-bit. Detect + * if input length is long enough to cause overflow, and limit + * input length so that CTR overflow happen but updated CTR value is + * not used to encrypt further input. After overflow, upper 96 bits + * of CTR are restored to cancel out modification done by generic CTR + * encryption. */ + + if (inbuflen > c->unused) + { + curr_ctr_low = gcm_add32_be128 (c->u_ctr.ctr, 0); + + /* Number of CTR increments this inbuflen would cause. */ + num_ctr_increments = (inbuflen - c->unused) / GCRY_GCM_BLOCK_LEN + + !!((inbuflen - c->unused) % GCRY_GCM_BLOCK_LEN); + + if ((u32)(num_ctr_increments + curr_ctr_low) < curr_ctr_low) + { + nblocks_to_overflow = 0xffffffffU - curr_ctr_low + 1; + currlen = nblocks_to_overflow * GCRY_GCM_BLOCK_LEN + c->unused; + if (currlen > inbuflen) + { + currlen = inbuflen; + } + + fix_ctr = 1; + buf_cpy(ctr_copy, c->u_ctr.ctr, GCRY_GCM_BLOCK_LEN); + } + } + + err = _gcry_cipher_ctr_encrypt(c, outbuf, outbuflen, inbuf, currlen); + if (err != 0) + return err; + + if (fix_ctr) + { + /* Lower 32-bits of CTR should now be zero. */ + gcry_assert(gcm_add32_be128 (c->u_ctr.ctr, 0) == 0); + + /* Restore upper part of CTR. */ + buf_cpy(c->u_ctr.ctr, ctr_copy, GCRY_GCM_BLOCK_LEN - sizeof(u32)); + + wipememory(ctr_copy, sizeof(ctr_copy)); + } + + inbuflen -= currlen; + inbuf += currlen; + outbuflen -= currlen; + outbuf += currlen; + } + + return err; +} + + gcry_err_code_t _gcry_cipher_gcm_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, @@ -595,7 +666,7 @@ _gcry_cipher_gcm_encrypt (gcry_cipher_hd_t c, return GPG_ERR_INV_LENGTH; } - err = _gcry_cipher_ctr_encrypt(c, outbuf, outbuflen, inbuf, inbuflen); + err = gcm_ctr_encrypt(c, outbuf, outbuflen, inbuf, inbuflen); if (err != 0) return err; @@ -642,7 +713,7 @@ _gcry_cipher_gcm_decrypt (gcry_cipher_hd_t c, do_ghash_buf(c, c->u_mode.gcm.u_tag.tag, inbuf, inbuflen, 0); - return _gcry_cipher_ctr_encrypt(c, outbuf, outbuflen, inbuf, inbuflen); + return gcm_ctr_encrypt(c, outbuf, outbuflen, inbuf, inbuflen); } diff --git a/tests/basic.c b/tests/basic.c index ffb4397..a416095 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -1295,7 +1295,8 @@ check_ofb_cipher (void) static void _check_gcm_cipher (unsigned int step) { - struct tv +#define MAX_GCM_DATA_LEN (256 + 32) + static const struct tv { int algo; char key[MAX_DATA_LEN]; @@ -1303,9 +1304,9 @@ _check_gcm_cipher (unsigned int step) int ivlen; unsigned char aad[MAX_DATA_LEN]; int aadlen; - unsigned char plaintext[MAX_DATA_LEN]; + unsigned char plaintext[MAX_GCM_DATA_LEN]; int inlen; - char out[MAX_DATA_LEN]; + char out[MAX_GCM_DATA_LEN]; char tag[MAX_DATA_LEN]; int taglen; int should_fail; @@ -1499,11 +1500,687 @@ _check_gcm_cipher (unsigned int step) "\xee\xb2\xb2\x2a\xaf\xde\x64\x19\xa0\x58\xab\x4f\x6f\x74\x6b\xf4" "\x0f\xc0\xc3\xb7\x80\xf2\x44\x45\x2d\xa3\xeb\xf1\xc5\xd8\x2c\xde" "\xa2\x41\x89\x97\x20\x0e\xf8\x2e\x44\xae\x7e\x3f", - "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a" } + "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a" }, + /* Test vectors for overflowing CTR. */ + /* After setiv, ctr_low: 0xffffffff */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x86\xdd\x40\xe7", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x7d\x6e\x38\xfd\xd0\x04\x9d\x28\xdf\x4a\x10\x3f\xa3\x9e\xf8\xf8" + "\x6c\x2c\x10\xa7\x91\xab\xc0\x86\xd4\x6d\x69\xea\x58\xc4\xf9\xc0" + "\xd4\xee\xc2\xb0\x9d\x36\xae\xe7\xc9\xa9\x1f\x71\xa8\xee\xa2\x1d" + "\x20\xfd\x79\xc7\xd9\xc4\x90\x51\x38\x97\xb6\x9f\x55\xea\xf3\xf0" + "\x78\xb4\xd3\x8c\xa9\x9b\x32\x7d\x19\x36\x96\xbc\x8e\xab\x80\x9f" + "\x61\x56\xcc\xbd\x3a\x80\xc6\x69\x37\x0a\x89\x89\x21\x82\xb7\x79" + "\x6d\xe9\xb4\x34\xc4\x31\xe0\xbe\x71\xad\xf3\x50\x05\xb2\x61\xab" + "\xb3\x1a\x80\x57\xcf\xe1\x11\x26\xcb\xa9\xd1\xf6\x58\x46\xf1\x69" + "\xa2\xb8\x42\x3c\xe8\x28\x13\xca\x58\xd9\x28\x99\xf8\xc8\x17\x32" + "\x4a\xf9\xb3\x4c\x7a\x47\xad\xe4\x77\x64\xec\x70\xa1\x01\x0b\x88" + "\xe7\x30\x0b\xbd\x66\x25\x39\x1e\x51\x67\xee\xec\xdf\xb8\x24\x5d" + "\x7f\xcb\xee\x7a\x4e\xa9\x93\xf0\xa1\x84\x7b\xfe\x5a\xe3\x86\xb2" + "\xfb\xcd\x39\xe7\x1e\x5e\x48\x65\x4b\x50\x2b\x4a\x99\x46\x3f\x6f" + "\xdb\xd9\x97\xdb\xe5\x6d\xa4\xdd\x6c\x18\x64\x5e\xae\x7e\x2c\xd3" + "\xb4\xf3\x57\x5c\xb5\xf8\x7f\xe5\x87\xb5\x35\xdb\x80\x38\x6e\x2c" + "\x5c\xdd\xeb\x7c\x63\xac\xe4\xb5\x5a\x6a\x40\x6d\x72\x69\x9a\xa9" + "\x8f\x5e\x93\x91\x4d\xce\xeb\x87\xf5\x25\xed\x75\x6b\x3b\x1a\xf2" + "\x0c\xd2\xa4\x10\x45\xd2\x87\xae\x29\x6d\xeb\xea\x66\x5f\xa0\xc2", + "\x8c\x22\xe3\xda\x9d\x94\x8a\xbe\x8a\xbc\x55\x2c\x94\x63\x44\x40" }, + /* After setiv, ctr_low: 0xfffffffe */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8d\xd1\xc1\xdf", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\xac\x6a\x10\x3f\xe2\x8d\xed\x27\x55\x14\xca\x1f\x03\x67\x0a\xa8" + "\xa1\x07\xbf\x00\x73\x5b\x64\xef\xac\x30\x83\x81\x48\x4c\xaa\xd5" + "\xff\xca\xef\x2f\x77\xbe\xfe\x1b\x20\x5c\x86\x19\xc7\xf9\x11\x99" + "\x27\xc5\x57\xa7\x0a\xc2\xa8\x05\xd9\x07\x2b\xb9\x38\xa4\xef\x58" + "\x92\x74\xcf\x89\xc7\xba\xfc\xb9\x70\xac\x86\xe2\x31\xba\x7c\xf9" + "\xc4\xe2\xe0\x4c\x1b\xe4\x3f\x75\x83\x5c\x40\x0e\xa4\x13\x8b\x04" + "\x60\x78\x57\x29\xbb\xe6\x61\x93\xe3\x16\xf9\x58\x07\x75\xd0\x96" + "\xfb\x8f\x6d\x1e\x49\x0f\xd5\x31\x9e\xee\x31\xe6\x0a\x85\x93\x49" + "\x22\xcf\xd6\x1b\x40\x44\x63\x9c\x95\xaf\xf0\x44\x23\x51\x37\x92" + "\x0d\xa0\x22\x37\xb9\x6d\x13\xf9\x78\xba\x27\x27\xed\x08\x7e\x35" + "\xe4\xe2\x28\xeb\x0e\xbe\x3d\xce\x89\x93\x35\x84\x0f\xa0\xf9\x8d" + "\x94\xe9\x5a\xec\xd4\x0d\x1f\x5c\xbe\x6f\x8e\x6a\x4d\x10\x65\xbb" + "\xc7\x0b\xa0\xd5\x5c\x20\x80\x0b\x4a\x43\xa6\xe1\xb0\xe0\x56\x6a" + "\xde\x90\xe0\x6a\x45\xe7\xc2\xd2\x69\x9b\xc6\x62\x11\xe3\x2b\xa5" + "\x45\x98\xb0\x80\xd3\x57\x4d\x1f\x09\x83\x58\xd4\x4d\xa6\xc5\x95" + "\x87\x59\xb0\x58\x6c\x81\x49\xc5\x95\x18\x23\x1b\x6f\x10\x86\xa2" + "\xd9\x56\x19\x30\xec\xd3\x4a\x4b\xe8\x1c\x11\x37\xfb\x31\x60\x4d" + "\x4f\x9b\xc4\x95\xba\xda\x49\x43\x6c\xc7\x3d\x5b\x13\xf9\x91\xf8", + "\xcd\x2b\x83\xd5\x5b\x5a\x8e\x0b\x2e\x77\x0d\x97\xbf\xf7\xaa\xab" }, + /* After setiv, ctr_low: 0xfffffffd */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x76\x8c\x18\x92", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x3d\x6f\x4e\xf6\xd2\x6f\x4e\xce\xa6\xb4\x4a\x9e\xcb\x57\x13\x90" + "\x51\x3b\xf6\xb2\x40\x55\x0c\x2c\xa2\x85\x44\x72\xf2\x90\xaf\x6b" + "\x86\x8c\x75\x2a\x9c\xd6\x52\x50\xee\xc6\x5f\x59\xbc\x8d\x18\xd7" + "\x87\xa5\x7f\xa0\x13\xd1\x5d\x54\x77\x30\xe2\x5d\x1b\x4f\x87\x9f" + "\x3a\x41\xcb\x6a\xdf\x44\x4f\xa2\x1a\xbc\xfb\x4b\x16\x67\xed\x59" + "\x65\xf0\x77\x48\xca\xfd\xf0\xb6\x90\x65\xca\x23\x09\xca\x83\x43" + "\x8f\xf0\x78\xb4\x5f\x96\x2a\xfd\x29\xae\xda\x62\x85\xc5\x87\x4b" + "\x2a\x3f\xba\xbe\x15\x5e\xb0\x4e\x8e\xe7\x66\xae\xb4\x80\x66\x90" + "\x10\x9d\x81\xb9\x64\xd3\x36\x00\xb2\x95\xa8\x7d\xaf\x54\xf8\xbd" + "\x8f\x7a\xb1\xa1\xde\x09\x0d\x10\xc8\x8e\x1e\x18\x2c\x1e\x73\x71" + "\x2f\x1e\xfd\x16\x6e\xbe\xe1\x3e\xe5\xb4\xb5\xbf\x03\x63\xf4\x5a" + "\x0d\xeb\xff\xe0\x61\x80\x67\x51\xb4\xa3\x1f\x18\xa5\xa9\xf1\x9a" + "\xeb\x2a\x7f\x56\xb6\x01\x88\x82\x78\xdb\xec\xb7\x92\xfd\xef\x56" + "\x55\xd3\x72\x35\xcd\xa4\x0d\x19\x6a\xb6\x79\x91\xd5\xcb\x0e\x3b" + "\xfb\xea\xa3\x55\x9f\x77\xfb\x75\xc2\x3e\x09\x02\x73\x7a\xff\x0e" + "\xa5\xf0\x83\x11\xeb\xe7\xff\x3b\xd0\xfd\x7a\x07\x53\x63\x43\x89" + "\xf5\x7b\xc4\x7d\x3b\x2c\x9b\xca\x1c\xf6\xb2\xab\x13\xf5\xc4\x2a" + "\xbf\x46\x77\x3b\x09\xdd\xd1\x80\xef\x55\x11\x3e\xd8\xe4\x42\x22", + "\xa3\x86\xa1\x5f\xe3\x4f\x3b\xed\x12\x23\xeb\x5c\xb8\x0c\xad\x4a" }, + /* After setiv, ctr_low: 0xfffffffc */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9b\xc8\xc3\xaf", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x33\x5f\xdc\x8d\x5d\x77\x7b\x78\xc1\x5b\x7b\xb3\xd9\x08\x9a\x0c" + "\xce\x63\x4e\xef\x19\xf8\x8c\x7a\xcb\x31\x39\x93\x69\x7a\x2c\x97" + "\x3a\xb4\x52\x45\x9e\x7b\x78\xbc\xa9\xad\x54\x7f\x88\xa6\xae\xd5" + "\xc0\x8b\x7a\xe4\x23\x6b\xb2\x29\x98\xea\x25\x7a\xae\x11\x0c\xc9" + "\xf3\x77\xa1\x74\x82\xde\x0c\xec\x68\xce\x94\xfd\xb0\xa0\xc5\x32" + "\xd6\xbb\xc3\xe7\xed\x3c\x6f\x0b\x53\x9d\xf3\xc8\xeb\x4e\xee\x99" + "\x19\xc7\x16\xd1\xa5\x59\x1d\xa9\xd3\xe6\x43\x52\x74\x61\x28\xe6" + "\xac\xd8\x47\x63\xc2\xb7\x53\x39\xc1\x9a\xb0\xa3\xa4\x26\x14\xd0" + "\x88\xa9\x8c\xc5\x6d\xe9\x21\x7c\xb9\xa5\xab\x67\xe3\x8d\xe9\x1d" + "\xe3\x1c\x7b\xcd\xa4\x12\x0c\xd7\xa6\x5d\x41\xcf\xdd\x3d\xfc\xbc" + "\x2a\xbb\xa2\x7a\x9c\x4b\x3a\x42\x6c\x98\x1d\x50\x99\x9c\xfb\xda" + "\x21\x09\x2a\x31\xff\x05\xeb\xa5\xf1\xba\x65\x78\xbe\x15\x8e\x84" + "\x35\xdd\x45\x29\xcc\xcd\x32\x2d\x27\xe9\xa8\x94\x4b\x16\x16\xcc" + "\xab\xf2\xec\xfb\xa0\xb5\x9d\x39\x81\x3e\xec\x5e\x3d\x13\xd1\x83" + "\x04\x79\x2d\xbb\x2c\x76\x76\x93\x28\x77\x27\x13\xdd\x1d\x3e\x89" + "\x3e\x37\x46\x4c\xb8\x34\xbe\xbf\x9f\x4f\x9f\x37\xff\x0c\xe6\x14" + "\x14\x66\x52\x41\x18\xa9\x39\x2b\x0c\xe5\x44\x04\xb0\x93\x06\x64" + "\x67\xf7\xa0\x19\xa7\x61\xcf\x03\x7b\xcb\xc8\xb3\x88\x28\xe4\xe7", + "\xe6\xe8\x0a\xe3\x72\xfc\xe0\x07\x69\x09\xf2\xeb\xbc\xc8\x6a\xf0" }, + /* After setiv, ctr_low: 0xfffffffb */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x60\x95\x1a\xe2", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\xd8\x32\x5a\xe3\x55\x8e\xb3\xc2\x51\x84\x2b\x09\x01\x5e\x6c\xfb" + "\x4a\xc4\x88\xa0\x33\xe7\x3e\xbf\xe5\x7c\xd2\x00\x4c\x1a\x85\x32" + "\x34\xec\x38\x9d\x18\x5f\xf1\x50\x61\x82\xee\xf3\x84\x5a\x84\x4e" + "\xeb\x29\x08\x4c\x7b\xb5\x27\xec\x7d\x79\x77\xd7\xa1\x68\x91\x32" + "\x2d\xf3\x38\xa9\xd6\x27\x16\xfb\x7d\x8b\x09\x5e\xcf\x1b\x74\x6d" + "\xcf\x51\x91\x91\xa1\xe7\x40\x19\x43\x7b\x0d\xa5\xa9\xa5\xf4\x2e" + "\x7f\x1c\xc7\xba\xa2\xea\x00\xdd\x24\x01\xa8\x66\x1e\x88\xf1\xf6" + "\x0c\x9a\xd6\x2b\xda\x3f\x3e\xb2\x98\xea\x89\xc7\xc6\x63\x27\xb7" + "\x6a\x48\x9a\xee\x1e\x70\xa0\xc8\xec\x3d\xc3\x3e\xb5\xf0\xc2\xb1" + "\xb9\x71\x1a\x69\x9d\xdd\x72\x1e\xfe\x72\xa0\x21\xb8\x9f\x18\x96" + "\x26\xcf\x89\x2e\x92\xf1\x02\x65\xa5\xb4\x2e\xb7\x4e\x12\xbd\xa0" + "\x48\xbe\xf6\x5c\xef\x7e\xf3\x0a\xcf\x9d\x1f\x1e\x14\x70\x3e\xa0" + "\x01\x0f\x14\xbf\x38\x10\x3a\x3f\x3f\xc2\x76\xe0\xb0\xe0\x7c\xc6" + "\x77\x6d\x7f\x69\x8e\xa0\x4b\x00\xc3\x9d\xf9\x0b\x7f\x8a\x8e\xd3" + "\x17\x58\x40\xfe\xaf\xf4\x16\x3a\x65\xff\xce\x85\xbb\x80\xfa\xb8" + "\x34\xc9\xef\x3a\xdd\x04\x46\xca\x8f\x70\x48\xbc\x1c\x71\x4d\x6a" + "\x17\x30\x32\x87\x2e\x2e\x54\x9e\x3f\x15\xed\x17\xd7\xa1\xcf\x6c" + "\x5d\x0f\x3c\xee\xf5\x96\xf1\x8f\x68\x1c\xbc\x27\xdc\x10\x3c\x3c", + "\x8c\x31\x06\xbb\xf8\x18\x2d\x9d\xd1\x0d\x03\x56\x2b\x28\x25\x9b" }, + /* After setiv, ctr_low: 0xfffffffa */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6b\x99\x9b\xda", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x7a\x74\x57\xe7\xc1\xb8\x7e\xcf\x91\x98\xf4\x1a\xa4\xdb\x4d\x2c" + "\x6e\xdc\x05\x0b\xd1\x16\xdf\x25\xa8\x1e\x42\xa6\xf9\x09\x36\xfb" + "\x02\x8a\x10\x7d\xa1\x07\x88\x40\xb7\x41\xfd\x64\xf6\xe3\x92\x20" + "\xfd\xc9\xde\xbd\x88\x46\xd3\x1f\x20\x14\x73\x86\x09\xb6\x68\x61" + "\x64\x90\xda\x24\xa8\x0f\x6a\x10\xc5\x01\xbf\x52\x8a\xee\x23\x44" + "\xd5\xb0\xd8\x68\x5e\x77\xc3\x62\xed\xcb\x3c\x1b\x0c\x1f\x13\x92" + "\x2c\x74\x6d\xee\x40\x1b\x6b\xfe\xbe\x3c\xb8\x02\xdd\x24\x9d\xd3" + "\x3d\x4e\xd3\x9b\x18\xfd\xd6\x8f\x95\xef\xa3\xbf\xa9\x2f\x33\xa8" + "\xc2\x37\x69\x58\x92\x42\x3a\x30\x46\x12\x1b\x2c\x04\xf0\xbf\xa9" + "\x79\x55\xcd\xac\x45\x36\x79\xc0\xb4\xb2\x5f\x82\x88\x49\xe8\xa3" + "\xbf\x33\x41\x7a\xcb\xc4\x11\x0e\xcc\x61\xed\xd1\x6b\x59\x5f\x9d" + "\x20\x6f\x85\x01\xd0\x16\x2a\x51\x1b\x79\x35\x42\x5e\x49\xdf\x6f" + "\x64\x68\x31\xac\x49\x34\xfb\x2b\xbd\xb1\xd9\x12\x4e\x4b\x16\xc5" + "\xa6\xfe\x15\xd3\xaf\xac\x51\x08\x95\x1f\x8c\xd2\x52\x37\x8b\x88" + "\xf3\x20\xe2\xf7\x09\x55\x82\x83\x1c\x38\x5f\x17\xfc\x37\x26\x21" + "\xb8\xf1\xfe\xa9\xac\x54\x1e\x53\x83\x53\x3f\x43\xe4\x67\x22\xd5" + "\x86\xec\xf2\xb6\x4a\x8b\x8a\x66\xea\xe0\x92\x50\x3b\x51\xe4\x00" + "\x25\x2a\x7a\x64\x14\xd6\x09\xe1\x6c\x75\x32\x28\x53\x5e\xb3\xab", + "\x5d\x4b\xb2\x8f\xfe\xa5\x7f\x01\x6d\x78\x6c\x13\x58\x08\xe4\x94" }, + /* After setiv, ctr_low: 0xfffffff9 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90\xc4\x42\x97", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\xf5\xc1\xed\xb8\x7f\x55\x7b\xb5\x47\xed\xaa\x42\xd2\xda\x33\x41" + "\x4a\xe0\x36\x6d\x51\x28\x40\x9c\x35\xfb\x11\x65\x18\x83\x9c\xb5" + "\x02\xb2\xa7\xe5\x52\x27\xa4\xe8\x57\x3d\xb3\xf5\xea\xcb\x21\x07" + "\x67\xbe\xbe\x0f\xf6\xaa\x32\xa1\x4b\x5e\x79\x4f\x50\x67\xcd\x80" + "\xfc\xf1\x65\xf2\x6c\xd0\xdb\x17\xcc\xf9\x52\x93\xfd\x5e\xa6\xb9" + "\x5c\x9f\xa8\xc6\x36\xb7\x80\x80\x6a\xea\x62\xdc\x61\x13\x45\xbe" + "\xab\x8f\xd8\x99\x17\x51\x9b\x29\x04\x6e\xdb\x3e\x9f\x83\xc6\x35" + "\xb3\x90\xce\xcc\x74\xec\xcb\x04\x41\xac\xb1\x92\xde\x20\xb1\x67" + "\xb0\x38\x14\xaa\x7d\xee\x3c\xb2\xd3\xbb\x2f\x88\x0b\x73\xcf\x7b" + "\x69\xc1\x55\x5b\x2b\xf2\xd4\x38\x2b\x3c\xef\x04\xc9\x14\x7c\x31" + "\xd6\x61\x88\xa8\xb3\x8c\x69\xb4\xbc\xaa\x0d\x15\xd2\xd5\x27\x63" + "\xc4\xa4\x80\xe9\x2b\xe9\xd2\x34\xc9\x0e\x3f\x7b\xd3\x43\x0d\x47" + "\x5d\x37\x8e\x42\xa4\x4e\xef\xcd\xbb\x3a\x5b\xa4\xe1\xb0\x8d\x64" + "\xb7\x0b\x58\x52\xec\x55\xd0\xef\x23\xfe\xf2\x8d\xe0\xd1\x6a\x2c" + "\xaa\x1c\x03\xc7\x3e\x58\x4c\x61\x72\x07\xc6\xfd\x0e\xbc\xd4\x6b" + "\x99\x4f\x91\xda\xff\x6f\xea\x81\x0c\x76\x85\x5d\x0c\x7f\x1c\xb8" + "\x84\x8c\x2f\xe1\x36\x3e\x68\xa0\x57\xf5\xdf\x13\x0a\xd6\xe1\xcd" + "\xae\x23\x99\x4e\xed\x7a\x72\x1b\x7c\xe5\x65\xd1\xb7\xcf\x2f\x73", + "\x1e\x2f\xcf\x3c\x95\x9a\x29\xec\xd3\x37\x90\x8c\x84\x8a\xfb\x95" }, + /* After setiv, ctr_low: 0xfffffff8 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xfa\xc7\x4f", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x14\x33\xc6\x9d\x04\xd3\x48\x29\x0c\x6a\x24\x27\xdf\x5f\x0a\xd2" + "\x71\xd6\xd0\x18\x04\xc0\x9f\x72\x0a\x60\xb7\x10\x52\x56\xf7\xae" + "\x64\xb0\x28\xd4\xfd\x25\x93\x8e\x67\x7e\xac\xc2\x93\xc7\x54\x2e" + "\x82\x93\x88\x6a\xb9\x8b\x73\xbc\x88\xec\x27\xdd\x4f\x9b\x21\x9e" + "\x77\x98\x70\x0b\xf4\xd8\x55\xfe\xf4\xc3\x3a\xcb\xca\x3a\xfb\xd4" + "\x52\x72\x2f\xf8\xac\xa9\x6a\xf5\x13\xab\x7a\x2e\x9f\x52\x41\xbd" + "\x87\x90\x68\xad\x17\xbd\x5a\xff\xc3\xc6\x10\x4d\xc1\xfe\xfc\x72" + "\x21\xb5\x53\x4a\x3f\xe0\x15\x9f\x29\x36\x23\xc0\x9a\x31\xb2\x0f" + "\xcd\x2f\xa6\xd0\xfc\xe6\x4d\xed\x68\xb3\x3d\x26\x67\xab\x40\xf0" + "\xab\xcf\x72\xc0\x50\xb1\x1e\x86\x38\xe2\xe0\x46\x3a\x2e\x3e\x1d" + "\x07\xd6\x9d\xe8\xfc\xa3\xe7\xac\xc9\xa0\xb3\x22\x05\xbc\xbf\xd2" + "\x63\x44\x66\xfc\xb4\x7b\xb4\x70\x7e\x96\xa9\x16\x1b\xb2\x7d\x93" + "\x44\x92\x5e\xbd\x16\x34\xa7\x11\xd0\xdf\x52\xad\x6f\xbd\x23\x3c" + "\x3d\x58\x16\xaf\x99\x8b\xbb\xa0\xdc\x3a\xff\x17\xda\x56\xba\x77" + "\xae\xc4\xb1\x51\xe2\x61\x4f\xf0\x66\x1b\x4c\xac\x79\x34\x1c\xfd" + "\x6c\x5f\x9a\x2c\x60\xfc\x47\x00\x5f\x2d\x81\xcc\xa9\xdd\x2b\xf4" + "\x5b\x53\x44\x61\xd4\x13\x5a\xf3\x93\xf0\xc9\x24\xd4\xe6\x60\x6f" + "\x78\x02\x0c\x75\x9d\x0d\x23\x97\x35\xe2\x06\x8a\x49\x5e\xe5\xbe", + "\x23\xc0\x4a\x2f\x98\x93\xca\xbd\x2e\x44\xde\x05\xcc\xe7\xf1\xf5" }, + /* After setiv, ctr_low: 0xfffffff7 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4c\xa7\x1e\x02", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x51\x51\x64\x89\xeb\x9f\xf9\xd6\xb1\xa6\x73\x5f\xf1\x62\xb5\xe4" + "\x00\x80\xdb\x4c\x1c\xce\xe5\x00\xeb\xea\x6c\x57\xe4\x27\xfc\x71" + "\x08\x8c\xa1\xfc\x59\x1d\x07\x45\x3c\xc9\x4e\x0f\xb6\xea\x96\x90" + "\xae\xf7\x81\x1e\x7e\x6c\x5e\x50\xaf\x34\x3e\xa0\x55\x59\x8e\xe7" + "\xc1\xba\x48\xfa\x9e\x07\xf6\x6a\x24\x54\x3e\x9b\xa5\xfe\x31\x16" + "\x3d\x4d\x9c\xc4\xe1\xec\x26\xa0\x8b\x59\xa6\xf3\x94\xf8\x88\xda" + "\x1f\x88\x23\x5f\xfb\xfd\x79\xa2\xd3\x62\x30\x66\x69\xd9\x0d\x05" + "\xc0\x75\x4c\xb8\x48\x34\x1d\x97\xcf\x29\x6a\x12\x1c\x26\x54\x1d" + "\x80\xa9\x06\x74\x86\xff\xc6\xb4\x72\xee\x34\xe2\x56\x06\x6c\xf5" + "\x11\xe7\x26\x71\x47\x6b\x05\xbd\xe4\x0b\x40\x78\x84\x3c\xf9\xf2" + "\x78\x34\x2b\x3c\x5f\x0e\x4c\xfb\x17\x39\xdc\x59\x6b\xd1\x56\xac" + "\xe4\x1f\xb9\x19\xbc\xec\xb1\xd0\x6d\x47\x3b\x37\x4d\x0d\x6b\x65" + "\x7c\x70\xe9\xec\x58\xcc\x09\xd4\xd9\xbf\x9f\xe0\x6c\x7f\x60\x28" + "\xd8\xdf\x8e\xd1\x6a\x73\x42\xf3\x50\x01\x79\x68\x41\xc3\xba\x19" + "\x1e\x2d\x30\xc2\x81\x2c\x9f\x11\x8b\xd0\xdc\x31\x3b\x01\xfe\x53" + "\xa5\x11\x13\x22\x89\x40\xb9\x1b\x12\x89\xef\x9a\xcb\xa8\x03\x4f" + "\x54\x1a\x15\x6d\x11\xba\x05\x09\xd3\xdb\xbf\x05\x42\x3a\x5a\x27" + "\x3b\x34\x5c\x58\x8a\x5c\xa4\xc2\x28\xdc\xb2\x3a\xe9\x99\x01\xd6", + "\x30\xb2\xb5\x11\x8a\x3a\x8d\x70\x67\x71\x14\xde\xed\xa7\x43\xb5" }, + /* After setiv, ctr_low: 0xfffffff6 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x47\xab\x9f\x3a", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x05\x72\x44\xa0\x99\x11\x1d\x2c\x4b\x03\x4f\x20\x92\x88\xbe\x55" + "\xee\x31\x2c\xd9\xc0\xc1\x64\x77\x79\xd7\x3e\xfa\x5a\x7d\xf0\x48" + "\xf8\xc8\xfe\x81\x8f\x89\x92\xa6\xc2\x07\xdc\x9f\x3f\xb2\xc8\xf2" + "\xf3\xe9\xe1\xd3\xed\x55\xb4\xab\xc3\x22\xed\x8f\x00\xde\x32\x95" + "\x91\xc0\xc5\xf3\xd3\x93\xf0\xee\x56\x14\x8f\x96\xff\xd0\x6a\xbd" + "\xfc\x57\xc2\xc3\x7b\xc1\x1d\x56\x48\x3f\xa6\xc7\x92\x47\xf7\x2f" + "\x0b\x85\x1c\xff\x87\x29\xe1\xbb\x9b\x14\x6c\xac\x51\x0a\xc0\x7b" + "\x22\x25\xb0\x48\x92\xad\x09\x09\x6e\x39\x8e\x96\x13\x05\x55\x92" + "\xbd\xd7\x5d\x95\x35\xdd\x8a\x9d\x05\x59\x60\xae\xbb\xc0\x85\x92" + "\x4c\x8b\xa0\x3f\xa2\x4a\xe5\x2e\xde\x85\x1a\x39\x10\x22\x11\x1b" + "\xdd\xcc\x96\xf4\x93\x97\xf5\x81\x85\xf3\x33\xda\xa1\x9a\xba\xfd" + "\xb8\xaf\x60\x81\x37\xf1\x02\x88\x54\x15\xeb\x21\xd1\x19\x1a\x1f" + "\x28\x9f\x02\x27\xca\xce\x97\xda\xdc\xd2\x0f\xc5\x0e\x2e\xdd\x4f" + "\x1d\x24\x62\xe4\x6e\x4a\xbe\x96\x95\x38\x0c\xe9\x26\x14\xf3\xf0" + "\x92\xbc\x97\xdc\x38\xeb\x64\xc3\x04\xc1\xa2\x6c\xad\xbd\xf8\x03" + "\xa0\xa4\x68\xaa\x9d\x1f\x09\xe6\x62\x95\xa2\x1c\x32\xef\x62\x28" + "\x7e\x54\x6d\x4b\x6a\xcc\x4a\xd0\x82\x47\x46\x0d\x45\x3c\x36\x03" + "\x86\x90\x44\x65\x18\xac\x19\x75\xe6\xba\xb1\x9a\xb4\x5d\x84\x9b", + "\x31\x22\x2b\x11\x6e\x2b\x94\x56\x37\x9d\xc3\xa5\xde\xe7\x6e\xc9" }, + /* After setiv, ctr_low: 0xfffffff5 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbc\xf6\x46\x77", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x6e\x32\xdb\x04\x32\x57\x15\x78\x0e\x4c\x70\x66\x5c\x91\x43\x0c" + "\x63\x73\xb8\x86\xad\xb0\xf1\x34\x0f\x0c\x7e\xd3\x4e\xcb\xc9\xea" + "\x19\x3c\xb8\x14\xd0\xab\x9e\x9b\x22\xda\x7a\x96\xa7\xf5\xa2\x99" + "\x58\xe3\xd6\x72\x0f\xf5\xdf\x88\xd1\x33\xb1\xe5\x03\x72\x62\x1c" + "\xa7\xf2\x67\x50\x0e\x70\xc3\x7a\x6c\x4a\x90\xba\x78\x9e\xd2\x0b" + "\x29\xd4\xc8\xa7\x57\x06\xf2\xf4\x01\x4b\x30\x53\xea\xf7\xde\xbf" + "\x1c\x12\x03\xcf\x9f\xcf\x80\x8b\x77\xfd\x73\x48\x79\x19\xbe\x38" + "\x75\x0b\x6d\x78\x7d\x79\x05\x98\x65\x3b\x35\x8f\x68\xff\x30\x7a" + "\x6e\xf7\x10\x9e\x11\x25\xc4\x95\x97\x7d\x92\x0f\xbf\x38\x95\xbd" + "\x5d\x2a\xf2\x06\x2c\xd9\x5a\x80\x91\x4e\x22\x7d\x5f\x69\x85\x03" + "\xa7\x5d\xda\x22\x09\x2b\x8d\x29\x67\x7c\x8c\xf6\xb6\x49\x20\x63" + "\xb9\xb6\x4d\xb6\x37\xa3\x7b\x19\xa4\x28\x90\x83\x55\x3d\x4e\x18" + "\xc8\x65\xbc\xd1\xe7\xb5\xcf\x65\x28\xea\x19\x11\x5c\xea\x83\x8c" + "\x44\x1f\xac\xc5\xf5\x3a\x4b\x1c\x2b\xbf\x76\xd8\x98\xdb\x50\xeb" + "\x64\x45\xae\xa5\x39\xb7\xc8\xdf\x5a\x73\x6d\x2d\x0f\x4a\x5a\x17" + "\x37\x66\x1c\x3d\x27\xd5\xd6\x7d\xe1\x08\x7f\xba\x4d\x43\xc2\x29" + "\xf7\xbe\x83\xec\xd0\x3b\x2e\x19\x9e\xf7\xbf\x1b\x16\x34\xd8\xfa" + "\x32\x17\x2a\x90\x55\x93\xd5\x3e\x14\x8d\xd6\xa1\x40\x45\x09\x52", + "\x89\xf2\xae\x78\x38\x8e\xf2\xd2\x52\xa8\xba\xb6\xf2\x5d\x7c\xfc" }, + /* After setiv, ctr_low: 0xfffffff4 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x51\xb2\x9d\x4a", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x1d\xb8\x77\xcd\xcd\xfe\xde\x07\x97\xcb\x97\x3a\x4f\xa0\xd0\xe6" + "\xcc\xcf\x8b\x71\xd5\x65\x3d\xc4\x17\x52\xe7\x1d\x6a\x68\x4a\x77" + "\xca\x04\x4a\xef\x8e\x7e\xce\x79\xa1\x80\x0d\x9e\xd5\xf4\xce\x66" + "\x4d\x54\xb1\x09\xd1\xb6\xb0\x43\x28\xe8\x53\xe2\x24\x9c\x76\xc5" + "\x4d\x22\xf3\x6e\x13\xf3\xd7\xe0\x85\xb8\x9e\x0b\x17\x22\xc0\x79" + "\x2b\x72\x57\xaa\xbd\x43\xc3\xf7\xde\xce\x22\x41\x3c\x7e\x37\x1a" + "\x55\x2e\x36\x0e\x7e\xdc\xb3\xde\xd7\x33\x36\xc9\xc8\x56\x93\x51" + "\x68\x77\x9a\xb0\x08\x5c\x22\x35\xef\x5c\x9b\xbf\x3e\x20\x8a\x84" + "\x3d\xb3\x60\x10\xe1\x97\x30\xd7\xb3\x6f\x40\x5a\x2c\xe0\xe5\x52" + "\x19\xb6\x2b\xed\x6e\x8e\x18\xb4\x8d\x78\xbd\xc4\x9f\x4f\xbd\x82" + "\x98\xd6\x71\x3d\x71\x5b\x78\x73\xee\x8e\x4b\x37\x88\x9e\x21\xca" + "\x00\x6c\xc2\x96\x8d\xf0\xcd\x09\x58\x54\x5a\x58\x59\x8e\x9b\xf8" + "\x72\x93\xd7\xa0\xf9\xc4\xdc\x48\x89\xaa\x31\x95\xda\x4e\x2f\x79" + "\x1e\x37\x49\x92\x2e\x32\x2e\x76\x54\x2a\x64\xa8\x96\x67\xe9\x75" + "\x10\xa6\xeb\xad\xc6\xa8\xec\xb7\x18\x0a\x32\x26\x8d\x6e\x03\x74" + "\x0e\x1f\xfc\xde\x76\xff\x6e\x96\x42\x2d\x80\x0a\xc6\x78\x70\xc4" + "\xd8\x56\x7b\xa6\x38\x2f\xf6\xc0\x9b\xd7\x21\x6e\x88\x5d\xc8\xe5" + "\x02\x6a\x09\x1e\xb3\x46\x44\x80\x82\x5b\xd1\x66\x06\x61\x4f\xb8", + "\x16\x0e\x73\xa3\x14\x43\xdb\x15\x9c\xb0\x0d\x30\x6d\x9b\xe1\xb1" }, + /* After setiv, ctr_low: 0xfffffff3 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xef\x44\x07", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x42\x71\x54\xe2\xdb\x50\x5d\x3c\x10\xbd\xf8\x60\xbd\xdb\x26\x14" + "\x7d\x13\x59\x98\x28\xfb\x43\x42\xca\x72\xe6\xd8\x58\x00\xa2\x1b" + "\x6a\x61\xb4\x3a\x80\x6b\x9e\x14\xbd\x11\x33\xab\xe9\xb9\x91\x95" + "\xd7\x5d\xc3\x98\x1f\x7f\xcb\xa8\xf0\xec\x31\x26\x51\xea\x2e\xdf" + "\xd9\xde\x70\xf5\x84\x27\x3a\xac\x22\x05\xb9\xce\x2a\xfb\x2a\x83" + "\x1e\xce\x0e\xb2\x31\x35\xc6\xe6\xc0\xd7\xb0\x5f\xf5\xca\xdb\x13" + "\xa7\xfe\x4f\x85\xa3\x4f\x94\x5c\xc1\x04\x12\xde\x6f\xa1\xdb\x41" + "\x59\x82\x22\x22\x65\x97\x6d\xc8\x67\xab\xf3\x90\xeb\xa4\x00\xb3" + "\x7d\x94\x3d\x7b\x2a\xe2\x85\x36\x87\x16\xb8\x19\x92\x02\xe0\x43" + "\x42\x85\xa1\xe6\xb8\x11\x30\xcc\x2c\xd8\x63\x09\x0e\x53\x5f\xa3" + "\xe0\xd4\xee\x0e\x04\xee\x65\x61\x96\x84\x42\x0c\x68\x8d\xb7\x48" + "\xa3\x02\xb4\x82\x69\xf2\x35\xe4\xce\x3b\xe3\x44\xce\xad\x49\x32" + "\xab\xda\x04\xea\x06\x60\xa6\x2a\x7d\xee\x0f\xb8\x95\x90\x22\x62" + "\x9c\x78\x59\xd3\x7b\x61\x02\x65\x63\x96\x9f\x67\x50\xa0\x61\x43" + "\x53\xb2\x3f\x22\xed\x8c\x42\x39\x97\xd9\xbc\x6e\x81\xb9\x21\x97" + "\xc6\x5b\x68\xd7\x7f\xd0\xc5\x4a\xfb\x74\xc4\xfd\x9a\x2a\xb8\x9b" + "\x48\xe0\x00\xea\x6d\xf5\x30\x26\x61\x8f\xa5\x45\x70\xc9\x3a\xea" + "\x6d\x19\x11\x57\x0f\x21\xe6\x0a\x53\x94\xe3\x0c\x99\xb0\x2f\xc5", + "\x92\x92\x89\xcd\x4f\x3c\x6d\xbc\xe8\xb3\x70\x14\x5b\x3c\x12\xe4" }, + /* After setiv, ctr_low: 0xfffffff2 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa1\xe3\xc5\x3f", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\x41\xc3\xcb\xd7\x6e\xde\x2a\xc6\x15\x05\xc6\xba\x27\xae\xcd\x37" + "\xc0\xe5\xbf\xb9\x5c\xdc\xd6\xad\x1a\xe1\x35\x7c\xc0\x85\x85\x51" + "\x8c\x98\x06\xc0\x72\x43\x71\x7a\x2d\x7c\x81\x3c\xe7\xd6\x32\x8e" + "\x22\x2b\x46\x95\x6a\xde\x45\x40\x56\xe9\x63\x32\x68\xbf\xb6\x78" + "\xb7\x86\x00\x9d\x2c\x9e\xed\x67\xc1\x9b\x09\x9e\xd9\x0a\x56\xcb" + "\x57\xc9\x48\x14\x23\x4e\x97\x04\xb5\x85\x25\x1d\xcb\x1a\x79\x9b" + "\x54\x06\x95\xad\x16\x81\x84\x3a\x38\xec\x41\x90\x2a\xfa\x50\xe0" + "\xb9\x20\xa6\xeb\xfe\x2e\x5c\xa1\xf6\x3c\x69\x4c\xce\xf8\x30\xe0" + "\x87\x68\xa2\x3a\x9d\xad\x75\xd4\xa5\x6b\x0a\x90\x65\xa2\x27\x64" + "\x9d\xf5\xa0\x6f\xd0\xd3\x62\xa5\x2d\xae\x02\x89\xb4\x1a\xfa\x32" + "\x9b\xa0\x44\xdd\x50\xde\xaf\x41\xa9\x89\x1e\xb0\x41\xbc\x9c\x41" + "\xb0\x35\x5e\xf1\x9a\xd9\xab\x57\x53\x21\xca\x39\xfc\x8b\xb4\xd4" + "\xb2\x19\x8a\xe9\xb2\x24\x1e\xce\x2e\x19\xb0\xd2\x93\x30\xc4\x70" + "\xe2\xf8\x6a\x8a\x99\x3b\xed\x71\x7e\x9e\x98\x99\x2a\xc6\xdd\xcf" + "\x43\x32\xdb\xfb\x27\x22\x89\xa4\xc5\xe0\xa2\x94\xe9\xcf\x9d\x48" + "\xab\x3f\xfa\x4f\x75\x63\x46\xdd\xfe\xfa\xf0\xbf\x6e\xa1\xf9\xca" + "\xb1\x77\x79\x35\x6c\x33\xe1\x57\x68\x50\xe9\x78\x4e\xe4\xe2\xf0" + "\xcf\xe4\x23\xde\xf4\xa7\x34\xb3\x44\x97\x38\xd2\xbd\x27\x44\x0e", + "\x75\x0a\x41\x3b\x87\xe3\xc7\xf6\xd6\xe3\xab\xfa\x4b\xbe\x2e\x56" }, + /* After setiv, ctr_low: 0xfffffff1 */ + { GCRY_CIPHER_AES256, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5a\xbe\x1c\x72", + 16, + "", 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + 288, + "\xf1\x3c\x7a\xa4\xa9\xaf\xe7\x49\x19\x7d\xad\x50\xc1\x6a\x84\x87" + "\xf5\x69\xe4\xe5\xc2\x0a\x90\x33\xc3\xeb\x76\x63\x5f\x9b\x1d\xf9" + "\x53\x4a\x2a\x6d\x6b\x61\xe0\x5d\xed\xcb\x98\x0d\xf2\x57\x33\x12" + "\xd1\x44\xaa\x7a\x7e\x4e\x41\x0e\xe6\xa7\x9f\x17\x92\x28\x91\xad" + "\xca\xce\xf2\xa8\x73\x4a\xad\x89\x62\x73\x0b\x9a\x68\x91\xa8\x11" + "\x44\x01\xfd\x57\xe4\xf8\x84\x55\x2b\x66\xdb\xb9\xd6\xee\x83\xe5" + "\x57\xea\x5c\x6a\x23\x87\xdd\x0a\x45\x63\xb4\x0c\x8f\xc5\x9f\x22" + "\xf3\x4f\x4e\x6f\x7b\x14\x62\xf7\x80\x59\x4a\xc5\xc8\xae\x8a\x6f" + "\x5e\xe3\x1e\xe6\xae\xec\x99\x77\x6b\x88\x14\xe3\x58\x88\x61\x74" + "\x38\x91\xa1\x32\xb8\xd2\x39\x6b\xe2\xcb\x8e\x77\xde\x92\x36\x78" + "\xad\x50\xcf\x08\xb8\xfa\x29\x59\xb4\x68\x1b\x23\x10\x57\x32\x92" + "\xf8\xec\xe1\x97\xdb\x30\x85\x22\xb5\x68\x2f\xf2\x98\xda\x06\xee" + "\x65\x02\xe7\xf9\xc8\xc1\xca\x8f\xd3\xed\x4a\x3c\x09\xdd\xde\x64" + "\xd9\x85\x17\x2c\x62\x41\x35\x24\xed\x6b\x87\x78\x1e\xb5\x7a\x9b" + "\xa3\x90\xa3\x99\xc7\x39\x51\x10\xb7\x6a\x12\x3b\x64\xfe\x32\x3c" + "\xb6\x84\x9a\x3f\x95\xd3\xcb\x22\x69\x9c\xf9\xb7\xc2\x8b\xf4\x55" + "\x68\x60\x11\x20\xc5\x3e\x0a\xc0\xba\x00\x0e\x88\x96\x66\xfa\xf0" + "\x75\xbc\x2b\x9c\xff\xc5\x33\x7b\xaf\xb2\xa6\x34\x78\x44\x9c\xa7", + "\x01\x24\x0e\x17\x17\xe5\xfc\x90\x07\xfa\x78\xd5\x5d\x66\xa3\xf5" }, }; gcry_cipher_hd_t hde, hdd; - unsigned char out[MAX_DATA_LEN]; + unsigned char out[MAX_GCM_DATA_LEN]; unsigned char tag[GCRY_GCM_BLOCK_LEN]; int i, keylen; gcry_error_t err = 0; @@ -1833,8 +2510,12 @@ check_gcm_cipher (void) _check_gcm_cipher(1); /* Split input to 7 byte buffers. */ _check_gcm_cipher(7); + /* Split input to 15 byte buffers. */ + _check_gcm_cipher(15); /* Split input to 16 byte buffers. */ _check_gcm_cipher(16); + /* Split input to 17 byte buffers. */ + _check_gcm_cipher(17); } commit 6dd0cf0744db29ef0d86830dd70f14381f0a5f56 Author: Werner Koch Date: Wed Jun 13 10:14:27 2018 +0200 ecc: Improve gcry_mpi_ec_curve_point * mpi/ec.c (_gcry_mpi_ec_curve_point): Check range of coordinates. * tests/t-mpi-point.c (point_on_curve): New. -- Due to the conversion to affine coordinates we didn't detected points with values >= P. The solution here might not be the best according to the NIST standard (it is done there at an earlier opportunity) but it reliably detects points we do not expect to receive. The new test vectors have been compared against gnutls/nettle. Reported-by: Stephan M?ller Signed-off-by: Werner Koch (cherry picked from commit 7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf) (cherry picked from commit 846f8fe8b3be6d235592db184361df1bc2b07a8a) Solved two minor merge conflicts in t-mpi-point diff --git a/mpi/ec.c b/mpi/ec.c index 1469339..a7ab3a0 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1504,6 +1504,15 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx) y = mpi_new (0); w = mpi_new (0); + /* Check that the point is in range. This needs to be done here and + * not after conversion to affine coordinates. */ + if (mpi_cmpabs (point->x, ctx->p) >= 0) + goto leave; + if (mpi_cmpabs (point->y, ctx->p) >= 0) + goto leave; + if (mpi_cmpabs (point->z, ctx->p) >= 0) + goto leave; + switch (ctx->model) { case MPI_EC_WEIERSTRASS: diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c index 84da7cc..79c9aca 100644 --- a/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -30,6 +30,10 @@ #define PGM "t-mpi-point" +#ifndef DIM +# define DIM(v) (sizeof(v)/sizeof((v)[0])) +#endif + static const char *wherestr; static int verbose; static int debug; @@ -1095,6 +1099,271 @@ twistededwards_math (void) } +/* Check the point on curve function. */ +static void +point_on_curve (void) +{ + static struct { + const char *curve; + int oncurve; /* Point below is on the curve. */ + const char *qx; + const char *qy; + } t[] = { + { + "NIST P-256", 0, + "015B4F6775D68D4D2E2192C6B8027FC5A3D49957E453CB251155AA3FF5D3EC9974", + "4BC4C87B57A25E1056831208AB5B8F091142F891E9FF19F1E090B030DF1087B3" + }, { + "NIST P-256", 0, + "D22C316E7EBE7B293BD66808E000806F0754398A5D72A4F9BBC21C26EAC0A651", + "3C8DB80CC3CDE5E530D040536E6A58AAB41C33FA70B30896943513FF3690132D" + }, { + "NIST P-256", 0, + "0130F7E7BC52854CA493A0DE87DC4AB3B4343758F2B634F15B10D70DBC0A5A5291", + "86F9CA73C25CE86D54CB21C181AECBB52A5971334FF5040F76CAE9845ED46023" + }, { + "NIST P-256", 1, + "14957B602C7849F28858C7407696F014BC091D6D68C449560B7A38147D6E6A9B", + "A8E09EFEECFE00C797A0848F38B61992D30C61FAB13021E88C8BD3545B3A6C63" + }, { + "NIST P-256", 0, + "923DE4957241DD97780841C76294DB0D4F5DC04C3045081174764D2D32AD2D53", + "01B4B1A2027C02F0F520A3B01E4CE3C668BF481346A74499C5D1044A53E210B600" + }, { + "NIST P-256", 1, + "9021DFAB8B4DAEAADA634AAA26D6E5FFDF8C0476FF5CA31606C870A1B933FB36", + "9AFC65EEB24E46C7B75712EF29A981CB09FAC56E2B81D3ED024748CCAB1CB77E" + }, { + "NIST P-256", 0, + "011529F0B26DE5E0EB2DA4BFB6C149C802CB52EE479DD666553286928A4005E990", + "0EBC63DB2104884456DC0AA81A3F4E99D93B7AE2CD4B1489655EA9BE6289CF9E" + }, { + "NIST P-256", 1, + "216EC5DE8CA989199D31F0DFCD381DCC9270A0785365EC3E34CA347C070A87BE", + "87A88897BA763509ECC1DBE28D9D37F6F4E70E3B99B1CD3C0B934D4190968A6D" + }, { + "NIST P-256", 1, + "7ABAA44ACBC6016FDB52A6F45F6178E65CBFC35F9920D99149CA9999612CE945", + "88F7684BDCDA31EAFB6CAD859F8AB29B5D921D7DB2B34DF7E40CE36235F45B63" + }, { + "NIST P-256", 0, + "E765B4272D211DD0064189B55421FB76BB3A7756364A6CB1627FAED848157A84", + "C13171CFFB243E06B203F0996BBDD16F52292AD11F2DA81106E9C2FD87F4FA0F" + }, { + "NIST P-256", 0, + "EE4999DFC3A1871EE7A592BE26A09BEC9D9B561613EE9EFB6ED42F17985C9CDC", + "8399E967338A7A618336AF70DA67D9CAC1C19267809652F5C5183C8B129E0902" + }, { + "NIST P-256", 0, + "F755D0CF2642A2C7FBACCC8E9E442B8B047A99C6E052B2FA5AB0544B36B4D51C", + "AA080F17657B6565D9A4D94BD260B54D92FEE8DC4A78C4FC9C19209933AF39B0" + } , { + "NIST P-384", 0, + "CBFC7DBEBF15BEAD682549757F9BBA0E3F67669DF13FCE0EBE8024B725B38B00" + "83EC46A8F2FF3203C5C7F8C7E722A5EF", + "0548FE281BEAB18FD1AB86F59B0CA524479A4A81373C83B78AFFD801FAC75922" + "96470753DCF46173C9AA4A8A4C2FBE51" + }, { + "NIST P-384", 0, + "1DC8E054A883DB81EAEDE6C487B26816C927B8196780525A6CA8F675D2557752" + "02CE06CCBE705EA8A38AA2894D4BEEE6", + "010191050E867AFAA96A199FE9C591CF8B853D81486786DA889124881FB39D2F" + "8E0875F4C4BB1E3D0F8535C7A52306FB82" + }, { + "NIST P-384", 1, + "2539FC368CE1D5E464B6C0FBB12D557B712327DB086975255AD7D17F7E7E4F23" + "D719ED4116E2CC907AEB92CF22331A60", + "8843FDBA742CB64323E49CEBE8DD74908CFC9C3AA0015662DFBB7219E92CF32E" + "9FC63F61EF19DE9B3CEA98D163ABF254" + }, { + "NIST P-384", 0, + "0B786DACF400D43575394349EDD9F9CD145FC7EF737A3C5F69B253BE7639DB24" + "EC2F0CA62FF1F90B6515DE356EC2A404", + "225D6B2939CC7F7133F43353946A682C68DAC6BB75EE9CF6BD9A1609FA915692" + "72F4D3A87E88529754E109BB9B61B03B" + }, { + "NIST P-384", 0, + "76C660C9F58CF2051F9F8B06049694AB6FE418009DE6F0A0833BC690CEC06CC2" + "9A440AD51C94CF5BC28817C8C6E2D302", + "012974E5D9E55304ED294AB6C7A3C65B663E67ABC5E6F6C0F6498B519F2F6CA1" + "8306976291F3ADC0B5ABA42DED376EA9A5" + }, { + "NIST P-384", 0, + "23D758B1EDB8E12E9E707C53C131A19D9464B20EE05C99766F5ABDF9F906AD03" + "B958BF28B022E54E320672C4BAD4EEC0", + "01E9E72870C88F4C82A5AB3CC8A3398E8F006BF3EC05FFBB1EFF8AEE88020FEA" + "9E558E9F58ED1D324C9DCBCB4E8F2A5970" + }, { + "NIST P-384", 0, + "D062B96D5A10F715ACF361F99262ABF0F7693A8BB60ECB1DF459CF95750E4293" + "18BCB9FC60499D009F949298F3F9F47B", + "9089C6328E4B39A73D7EE6FAE1A77E48CE354B83BBCE432082C32C8FD6784B86" + "CFE9C552E2E720F5DA5806503D3784CD" + }, { + "NIST P-384", 0, + "2A951D4D6EB35C43D94866280D37365B82441BC84D62CBFF3365CAB1FD0A3E20" + "823CA8F84D2BBF4EA687885437DE7839", + "01CC7D762AFE613F7B5568BC516568A421159C40599E8D52DE10E8F9488931E1" + "69F3656C322DE45C4A70DC6DB9A661E599" + }, { + "NIST P-384", 1, + "A4BAEE6CDAF3AEB69032B3FBA811707C54F5753670DA5173D891547E8CBAEEF3" + "89B92C9A55573A596123415FBFA26991", + "3241EA716583C11C71BB30AF6C5E3A6637956F17ADBBE641BAB52E8539F9FC7B" + "F3B04F46DBFFE08151E0F0950CC70081" + }, { + "NIST P-384", 0, + "5C0E18B0DE3261BCBCFC7B702C2D75CF481336BFBADF420BADC616235C1966AB" + "4C0F876575DDEC1BDB3F3F04061C9AE4", + "E90C78550D1C922F1D8161D8C9C0576E29BD09CA665376FA887D13FA8DF48352" + "D7BBEEFB803F6CC8FC7895E47F348D33" + }, { + "NIST P-384", 1, + "2015864CD50F0A1A50E6401F44191665C19E4AD4B4903EA9EB464E95D1070E36" + "F1D8325E45734D5A0FDD103F4DF6F83E", + "5FB3E9A5C59DD5C5262A8176CB7032A00AE33AED08485884A3E5D68D9EEB990B" + "F26E8D87EC175577E782AD51A6A12C02" + }, { + "NIST P-384", 1, + "56EBF5310EEF5A5D8D001F570A18625383ECD4882B3FC738A69874E7C9D8F89C" + "187BECA23369DFD6C15CC0DA0629958F", + "C1230B349FB662CB762563DB8F9FCB32D5CCA16120681C474D67D279CCA6F6DB" + "73DE6AA96140B5C457B7486E06D318CE" + }, { + "NIST P-521", 0, + "01E4D82EE5CD6DA37080252295EFA273BBBA6952012D0120EAF131E73F1E5024" + "36E3324624471040030E1C345D65490ECEE9B64E03B15B6C7EB69A39C618BAFEED70", + "03EE3A3C88A6933B7B16016BE4CC4E3BF5EA0625CB3DB2604CDCBBD02CABBC90" + "8904D9DB42998F6C5101D4D4318ACFC9643C9CD641F636D1810ED86F1840EA74F3C0" + }, { + "NIST P-521", 0, + "01F3DFCB5433387B6B2E3F74177F4F3D7300F05E1AD49DE112630E27B1C8A437" + "1E742CB020E0039B5477FC897D17332034F9660B3066764EFF5FB440EB8856E782E3", + "02D337616C9D202DC5E290C486F5855CBD6A8470AE62CA96245834CF49257D8D" + "96D4041B15007650DEE668C00DDBF749054256C571F60980AC74D0DBCA7FB96C2F48" + }, { + "NIST P-521", 1, + "822A846606DC9E96452CAC373567A8B57D9ACA15B177F75DD7EF10C635F52CE4" + "EF6ABEEDB90D3F48F50A0C9015A95C955A25C45DE8413DE3BF899B6B1E62CF7CB8", + "0102771B5F3EC8C36838CEC04DCBC28AD1E38C37DAB0EA89B5EE92D21F7A35CE" + "ABC8B155EDC70154D6DFA2E77EC1D8C4A3406A6BD0ECF8F1EE2AC33A02464CB70C97" + }, { + "NIST P-521", 0, + "F733D48467912D1FFE46CF442F27FDD218D190E7B8A829D822DA3B6BAF9B987E" + "5B4BCCE34499248F59EEAF74F63ED15FF73F243C6FC3FD5E5842F6A3BA34C2022D", + "0281AAAD1B7EEBABEB6EC67932CB7E95717AFA3B4CF7A2DB151CD537C419C3A5" + "156ED9160758190B47696CDC15E81BBAD12975283907A571604DB23F702AEA4B38FF" + }, { + "NIST P-521", 0, + "03B1B274175AAEB5907152E5114CCAEADA28A7ADD4A2B1831C3D8302E8596489" + "E2C98B9B8D0CAE98C03BB11E28CE66D4736449758AF58BAFE40EF5A5FA22C9A43117", + "94C5951F81D544E959EDFC5DC1D5F42FE427871D4FB91A43A0B4A6BEA6B35B9E" + "BC5FB444C70BE4FD47B4ED16704F8C86EF019FC47C7FF2271F8B0DDEA9E2D3BCDD" + }, { + "NIST P-521", 1, + "F2248C318055DE37CD706D4FCAF7E7D96737A4A7B6B8067A66DCD58B6B8DFC55" + "90ECE67F6AA67F9C51B57E7B023075F2F42909BF47361CB6881C10F55FB7215B56", + "0162F735CE6A2ADA54CAF96A12D6888C02DE0A74638CF34CE39DABBACA4D651B" + "7E6ED1A65B551B36BAE7BE474BB6E6905ED0E33C7BA2021885027C7C6E40C5613004" + }, { + "NIST P-521", 0, + "9F08E97FEADCF0A391CA1EA4D97B5FE62D3B164593E12027EB967BD6E1FA841A" + "9831158DF164BCAD0BF3ADA96127745E25F349BDDD52EEA1654892B35960C9C023", + "AE2A25F5440F258AFACA6925C4C9F7AEAD3CB67153C4FACB31AC33F58B43A78C" + "B14F682FF726CEE2A6B6F6B481AEEB29A9B3150F02D1CFB764672BA8294C477291" + }, { + "NIST P-521", 0, + "01047B52014748C904980716953206A93F0D01B34CA94A997407FA93FE304F86" + "17BB6E402B2BB8B434C2671ECE953ABE7BADB75713CD9DF950943A33A9A19ACCDABE", + "7433533F098037DEA616337986887D01C5CC8DEC3DC1FDB9CDF7287EF27CC125" + "54FCF3A5E212DF9DAD9F8A3A7173B23FC6E15930704F3AEE1B074BDDB0ED6823E4" + }, { + "NIST P-521", 0, + "01C2A9EBF51592FE6589F618EAADA1697D9B2EC7CE5D48C9E80FC597642B23F1" + "F0EBE953449762BD3F094F57791D9850AFE98BBDA9872BE399B7BDD617860076BB03", + "0B822E27692F63DB8E12C59BB3CCA172B9BBF613CAE5F9D1474186E45E8B26FF" + "962084E1C6BE74821EDBB60941A3B75516F603719563433383812BFEA89EC14B89" + }, { + "NIST P-521", 0, + "99390F342C3F0D46E80C5B65C61E8AA8ACA0B6D4E1352404586364A05D8398E9" + "2BC71A644E8663F0A9B87D0B3ACAEE32F2AB9B321317AD23059D045EBAB91C5D93", + "82FCF93AE4467EB57766F2B150E736636727E7282500CD482DA70D153D195F2B" + "DF9B96D689A0DC1BB9137B41557A33F202F1B71840544CBEFF03072E77E4BB6F0B" + }, { + "NIST P-521", 1, + "018E48E80594FF5496D8CC7DF8A19D6AA18805A4EF4490038AED6A1E9AA18056" + "D0244A97DCF6D132C6804E3F4F369922119544B4C057D783C848FB798B48730A382C", + "01AF510B4F5E1C40BC9C110216D35E7C6D7A2BEE52914FC98258676288449901" + "F27A07EE91DF2D5D79259712906C3E18A990CBF35BCAC41A952820CE2BA8D0220080" + }, { + "NIST P-521", 1, + "ADCEF3539B4BC831DC0AFD173137A4426152058AFBAE06A17FCB89F4DB6E48B5" + "335CB88F8E4DB475A1E390E5656072F06605BFB84CBF9795B7992ECA04A8E10CA1", + "01BCB985AFD6404B9EDA49B6190AAA346BF7D5909CA440C0F7E505C62FAC8635" + "31D3EB7B2AC4DD4F4404E4B12E9D6D3C596179587F3724B1EFFF684CFDB4B21826B9" + } + }; + gpg_error_t err; + int tidx; + const char *lastcurve = NULL; + gcry_ctx_t ctx = NULL; + gcry_mpi_t qx = NULL; + gcry_mpi_t qy = NULL; + gcry_mpi_point_t Q; + int oncurve; + + wherestr = "point_on_curve"; + for (tidx=0; tidx < DIM (t); tidx++) + { + if (!t[tidx].curve) + { + if (!lastcurve || !ctx) + die ("invalid test vectors at idx %d\n", tidx); + } + else if (!ctx || !lastcurve || strcmp (t[tidx].curve, lastcurve)) + { + lastcurve = t[tidx].curve; + gcry_ctx_release (ctx); + err = gcry_mpi_ec_new (&ctx, NULL, lastcurve); + if (err) + die ("error creating context for curve %s at idx %d: %s\n", + lastcurve, tidx, gpg_strerror (err)); + + /*info ("checking points on curve %s\n", lastcurve);*/ + } + + gcry_mpi_release (qx); + gcry_mpi_release (qy); + qx = hex2mpi (t[tidx].qx); + qy = hex2mpi (t[tidx].qy); + + Q = gcry_mpi_point_set (NULL, qx, qy, GCRYMPI_CONST_ONE); + if (!Q) + die ("gcry_mpi_point_set(Q) failed at idx %d\n", tidx); + + oncurve = gcry_mpi_ec_curve_point (Q, ctx); + + if (t[tidx].oncurve && !oncurve) + { + fail ("point expected on curve but not identified as such (i=%d):\n", + tidx); + print_point (" Q", Q); + } + else if (!t[tidx].oncurve && oncurve) + { + fail ("point not expected on curve but identified as such (i=%d):\n", + tidx); + print_point (" Q", Q); + } + gcry_mpi_point_release (Q); + } + + gcry_mpi_release (qx); + gcry_mpi_release (qy); + gcry_ctx_release (ctx); +} + + int main (int argc, char **argv) { @@ -1117,6 +1386,7 @@ main (int argc, char **argv) context_alloc (); context_param (); basic_ec_math (); + point_on_curve (); /* The tests are for P-192 and ed25519 which are not supported in FIPS mode. */ commit 3600e1224f6c89b3e637bdf1cf527ecc9a69afeb Author: Werner Koch Date: Tue Jun 5 14:29:53 2018 +0200 mpi: New internal function _gcry_mpi_cmpabs. * mpi/mpi-cmp.c (_gcry_mpi_cmp): Factor out to ... (do_mpi_cmp): New. Add arg absmode. (_gcry_mpi_cmpabs): New. * src/gcrypt-int.h (mpi_cmpabs): New macro. Signed-off-by: Werner Koch (cherry picked from commit 6606ae44e0de1069b29dd4215ee9748280940e1b) (cherry picked from commit 54620a27f4503e703e219e6e11c4be14ce4e3d35) diff --git a/mpi/mpi-cmp.c b/mpi/mpi-cmp.c index 838a7c9..66e0961 100644 --- a/mpi/mpi-cmp.c +++ b/mpi/mpi-cmp.c @@ -54,15 +54,19 @@ _gcry_mpi_cmp_ui (gcry_mpi_t u, unsigned long v) } -int -_gcry_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v) +/* Helper for _gcry_mpi_cmp and _gcry_mpi_cmpabs. */ +static int +do_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v, int absmode) { mpi_size_t usize; mpi_size_t vsize; + int usign; + int vsign; int cmp; if (mpi_is_opaque (u) || mpi_is_opaque (v)) { + /* We have no signan and thus ABSMODE has no efeect here. */ if (mpi_is_opaque (u) && !mpi_is_opaque (v)) return -1; if (!mpi_is_opaque (u) && mpi_is_opaque (v)) @@ -82,26 +86,42 @@ _gcry_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v) usize = u->nlimbs; vsize = v->nlimbs; + usign = absmode? 0 : u->sign; + vsign = absmode? 0 : v->sign; /* Compare sign bits. */ - if (!u->sign && v->sign) + if (!usign && vsign) return 1; - if (u->sign && !v->sign) + if (usign && !vsign) return -1; /* U and V are either both positive or both negative. */ - if (usize != vsize && !u->sign && !v->sign) + if (usize != vsize && !usign && !vsign) return usize - vsize; - if (usize != vsize && u->sign && v->sign) + if (usize != vsize && usign && vsign) return vsize + usize; if (!usize ) return 0; if (!(cmp = _gcry_mpih_cmp (u->d, v->d, usize))) return 0; - if ((cmp < 0?1:0) == (u->sign?1:0)) + if ((cmp < 0?1:0) == (usign?1:0)) return 1; } return -1; } + + +int +_gcry_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v) +{ + return do_mpi_cmp (u, v, 0); +} + +/* Compare only the absolute values. */ +int +_gcry_mpi_cmpabs (gcry_mpi_t u, gcry_mpi_t v) +{ + return do_mpi_cmp (u, v, 1); +} diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index 549605b..3f89b72 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -379,6 +379,7 @@ int _gcry_mpi_is_neg (gcry_mpi_t a); void _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u); void _gcry_mpi_abs (gcry_mpi_t w); int _gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v); +int _gcry_mpi_cmpabs (const gcry_mpi_t u, const gcry_mpi_t v); int _gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v); gpg_err_code_t _gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format, const void *buffer, size_t buflen, @@ -479,6 +480,7 @@ int _gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); #define mpi_abs( w ) _gcry_mpi_abs( (w) ) #define mpi_neg( w, u) _gcry_mpi_neg( (w), (u) ) #define mpi_cmp( u, v ) _gcry_mpi_cmp( (u), (v) ) +#define mpi_cmpabs( u, v ) _gcry_mpi_cmpabs( (u), (v) ) #define mpi_cmp_ui( u, v ) _gcry_mpi_cmp_ui( (u), (v) ) #define mpi_is_neg( a ) _gcry_mpi_is_neg ((a)) commit 528a06b48389c9f10a1b10ff34cdc87bd3723a22 Author: Stephan Mueller Date: Mon Mar 12 22:24:37 2018 +0100 AES-KW: fix in-place encryption * cipher/cipher-aeswrap.c: move memmove call before KW IV setting -- In case AES-KW in-place encryption is performed, the plaintext must be moved to the correct destination location before the first semiblock of the destination buffer is modified. Without the patch, the first semiblock of the plaintext is overwritten with a6a6a6a6a6a6a6a6. Signed-off-by: Stephan Mueller (cherry picked from commit 330ec66e0babdabb658dc7d6db78f37b2a1b996e) (cherry picked from commit bbf88f0e9d481486ceca079e2611e84db8d039c7) diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c index 698742d..a8d0e03 100644 --- a/cipher/cipher-aeswrap.c +++ b/cipher/cipher-aeswrap.c @@ -70,6 +70,9 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c, a = outbuf; /* We store A directly in OUTBUF. */ b = c->u_ctr.ctr; /* B is also used to concatenate stuff. */ + /* Copy the inbuf to the outbuf. */ + memmove (r+8, inbuf, inbuflen); + /* If an IV has been set we use that IV as the Alternative Initial Value; if it has not been set we use the standard value. */ if (c->marks.iv) @@ -77,9 +80,6 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c, else memset (a, 0xa6, 8); - /* Copy the inbuf to the outbuf. */ - memmove (r+8, inbuf, inbuflen); - memset (t, 0, sizeof t); /* t := 0. */ for (j = 0; j <= 5; j++) ----------------------------------------------------------------------- Summary of changes: cipher/cipher-aeswrap.c | 6 +- cipher/cipher-gcm.c | 77 +++++- mpi/ec.c | 9 + mpi/mpi-cmp.c | 34 ++- src/gcrypt-int.h | 2 + tests/basic.c | 691 +++++++++++++++++++++++++++++++++++++++++++++++- tests/t-mpi-point.c | 270 +++++++++++++++++++ 7 files changed, 1071 insertions(+), 18 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 10:25:17 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jun 2018 10:25:17 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.9-8-g2ace21b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via 2ace21b1a8e4c512b8539a2eedf9ce2ab2ebc534 (commit) via ff8f7e53ce6b8a5681667595c6287323652ae157 (commit) from 3caf35a49cb62fb59834b5027ff299e2363a03c4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2ace21b1a8e4c512b8539a2eedf9ce2ab2ebc534 Author: Werner Koch Date: Wed Jun 13 10:25:34 2018 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index 8ea5bc5..3125539 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.7.11 (unreleased) [C21/A1/R11] +------------------------------------------------- + + Noteworthy changes in version 1.7.10 (2018-06-13) [C21/A1/R10] ------------------------------------------------- diff --git a/configure.ac b/configure.ac index 76e25d6..e6217da 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.14" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [7]) -m4_define(mym4_version_micro, [10]) +m4_define(mym4_version_micro, [11]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag @@ -56,7 +56,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=21 LIBGCRYPT_LT_AGE=1 -LIBGCRYPT_LT_REVISION=10 +LIBGCRYPT_LT_REVISION=11 # If the API is changed in an incompatible way: increment the next counter. commit ff8f7e53ce6b8a5681667595c6287323652ae157 Author: Werner Koch Date: Wed Jun 13 10:18:08 2018 +0200 Release 1.7.10 diff --git a/NEWS b/NEWS index 14c5ee8..8ea5bc5 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,19 @@ -Noteworthy changes in version 1.7.10 (unreleased) [C21/A1/R10] +Noteworthy changes in version 1.7.10 (2018-06-13) [C21/A1/R10] ------------------------------------------------- + * Bug fixes: + + - Use blinding for ECDSA signing to mitigate a novel side-channel + attack. [#4011,CVE-2018-0495] + + - Fix incorrect counter overflow handling for GCM when using an IV + size other than 96 bit. [#3764] + + - Fix incorrect output of AES-keywrap mode for in-place encryption + on some platforms. + + - Fix the gcry_mpi_ec_curve_point point validation function. + Noteworthy changes in version 1.7.9 (2017-08-27) [C21/A1/R9] ------------------------------------------------ ----------------------------------------------------------------------- Summary of changes: NEWS | 19 ++++++++++++++++++- configure.ac | 4 ++-- 2 files changed, 20 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 10:37:37 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jun 2018 10:37:37 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-72-g0d51ea9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0d51ea9b88b618368a7b916f26ebfe61bdf70503 (commit) from 9010d1576e278a4274ad3f4aa15776c28f6ba965 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0d51ea9b88b618368a7b916f26ebfe61bdf70503 Author: Werner Koch Date: Wed Jun 13 10:37:59 2018 +0200 Add NEWS from the 1.8 and 1.7 branches. -- diff --git a/AUTHORS b/AUTHORS index 49ab941..eb24236 100644 --- a/AUTHORS +++ b/AUTHORS @@ -21,7 +21,7 @@ year that would otherwise be listed individually. List of Copyright holders ========================= - Copyright (C) 1989,1991-2017 Free Software Foundation, Inc. + Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. Copyright (C) 1994 X Consortium Copyright (C) 1996 L. Peter Deutsch Copyright (C) 1997 Werner Koch @@ -30,14 +30,14 @@ List of Copyright holders Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett Copyright (C) 2003 Nikos Mavroyanopoulos Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation) - Copyright (C) 2012-2017 g10 Code GmbH + Copyright (C) 2012-2018 g10 Code GmbH Copyright (C) 2012 Simon Josefsson, Niels M?ller Copyright (c) 2012 Intel Corporation Copyright (C) 2013 Christian Grothoff Copyright (C) 2013-2017 Jussi Kivilinna Copyright (C) 2013-2014 Dmitry Eremin-Solenikov Copyright (C) 2014 Stephan Mueller - Copyright (C) 2017 Bundesamt f?r Sicherheit in der Informationstechnik + Copyright (C) 2018 Bundesamt f?r Sicherheit in der Informationstechnik Authors with a FSF copyright assignment diff --git a/NEWS b/NEWS index 8049d7d..a4841b3 100644 --- a/NEWS +++ b/NEWS @@ -1,12 +1,42 @@ Noteworthy changes in version 1.9.0 (unreleased) [C22/A3/R0] ------------------------------------------------ + * Bug fixes + + - Use blinding for ECDSA signing to mitigate a novel side-channel + attack. [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10] + + - Fix incorrect counter overflow handling for GCM when using an IV + size other than 96 bit. [#3764] [also in 1.8.3, 1.7.10] + + - Fix incorrect output of AES-keywrap mode for in-place encryption + on some platforms. [also in 1.8.3, 1.7.10] + + - Fix the gcry_mpi_ec_curve_point point validation function. + [also in 1.8.3, 1.7.10] + + - Fix rare assertion failure in gcry_prime_check. [also in 1.8.3] + + - Do not use /dev/srandom on OpenBSD. [also in 1.8.2] + + - Fix test suite failure on systems with large pages. [#3351] + [also in 1.8.2] + + - Fix test suite to not use mmap on Windows. [also in 1.8.2] + + - Fix fatal out of secure memory status in the s-expression parser + on heavy loaded systems. [also in 1.8.2] * Interface changes relative to the 1.8.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_mpi_get_ui NEW function. GCRYCTL_AUTO_EXPAND_SECMEM NEW control code. + * Release dates of 1.8.x versions: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Version 1.8.2 (2017-12-13) + Version 1.8.3 (2018-06-13) + Noteworthy changes in version 1.8.1 (2017-08-27) [C22/A2/R1] ------------------------------------------------ @@ -129,11 +159,13 @@ Noteworthy changes in version 1.8.0 (2017-07-18) [C22/A2/R0] * Release dates of 1.7.x versions: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Version 1.7.8 (2017-06-29) [C21/A1/R8] - Version 1.7.7 (2017-06-02) [C21/A1/R7] - Version 1.7.6 (2017-01-18) [C21/A1/R6] - Version 1.7.5 (2016-12-15) [C21/A1/R5] - Version 1.7.4 (2016-12-09) [C21/A1/R4] + Version 1.7.10 (2018-06-13) [C21/A1/R10] + Version 1.7.9 (2017-08-27) [C21/A1/R9] + Version 1.7.8 (2017-06-29) [C21/A1/R8] + Version 1.7.7 (2017-06-02) [C21/A1/R7] + Version 1.7.6 (2017-01-18) [C21/A1/R6] + Version 1.7.5 (2016-12-15) [C21/A1/R5] + Version 1.7.4 (2016-12-09) [C21/A1/R4] Noteworthy changes in version 1.7.3 (2016-08-17) [C21/A1/R3] diff --git a/README b/README index c14181a..7ac8e4a 100644 --- a/README +++ b/README @@ -1,10 +1,10 @@ Libgcrypt - The GNU Crypto Library ------------------------------------ - Version 1.7 + Version 1.8 - Copyright (C) 1989,1991-2017 Free Software Foundation, Inc. - Copyright (C) 2012-2017 g10 Code GmbH - Copyright (C) 2013-2017 Jussi Kivilinna + Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. + Copyright (C) 2012-2018 g10 Code GmbH + Copyright (C) 2013-2018 Jussi Kivilinna Libgcrypt is free software. See the file AUTHORS for full copying notices, and LICENSES for notices about contributions that require diff --git a/compat/compat.c b/compat/compat.c index b835293..8b001de 100644 --- a/compat/compat.c +++ b/compat/compat.c @@ -30,9 +30,9 @@ _gcry_compat_identification (void) static const char blurb[] = "\n\n" "This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n" - "Copyright (C) 2000-2017 Free Software Foundation, Inc.\n" - "Copyright (C) 2012-2017 g10 Code GmbH\n" - "Copyright (C) 2013-2017 Jussi Kivilinna\n" + "Copyright (C) 2000-2018 Free Software Foundation, Inc.\n" + "Copyright (C) 2012-2018 g10 Code GmbH\n" + "Copyright (C) 2013-2018 Jussi Kivilinna\n" "\n" "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n" "\n\n"; diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index a1cb15a..d2dfe80 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1,6 +1,6 @@ /* gcrypt.h - GNU Cryptographic Library Interface -*- c -*- - * Copyright (C) 1998-2017 Free Software Foundation, Inc. - * Copyright (C) 2012-2017 g10 Code GmbH + * Copyright (C) 1998-2018 Free Software Foundation, Inc. + * Copyright (C) 2012-2018 g10 Code GmbH * * This file is part of Libgcrypt. * ----------------------------------------------------------------------- Summary of changes: AUTHORS | 6 +++--- NEWS | 42 +++++++++++++++++++++++++++++++++++++----- README | 8 ++++---- compat/compat.c | 6 +++--- src/gcrypt.h.in | 4 ++-- 5 files changed, 49 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 12:25:34 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jun 2018 12:25:34 +0200 Subject: [git] gnupg-doc - branch, master, updated. 9689413979faa7ebe03616c5bea0181d7b13ba85 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 9689413979faa7ebe03616c5bea0181d7b13ba85 (commit) from 823e9076f87a86ea258f6cf5cb0699b033365f11 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9689413979faa7ebe03616c5bea0181d7b13ba85 Author: Werner Koch Date: Wed Jun 13 12:25:38 2018 +0200 swdb: New gnupg w32 installer with latest Libgcrypt diff --git a/web/swdb.mac b/web/swdb.mac index 4b6cb19..6b9f46b 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -16,11 +16,11 @@ #+macro: gnupg22_sha1 d87553a125832ea90e8aeb3ceeecf24f88de56fb #+macro: gnupg22_sha2 777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcd #+macro: gnupg22_branch STABLE-BRANCH-2-2 -#+macro: gnupg22_w32_ver 2.2.8_20180608 -#+macro: gnupg22_w32_date 2018-06-08 -#+macro: gnupg22_w32_size 3916k -#+macro: gnupg22_w32_sha1 231b29631647328934a35f8c6baa483e7594e26a -#+macro: gnupg22_w32_sha2 21d4123d1455c925f8a570f94bc7e87a205edbff1ad78fabe8b7b5a3614b1aa2 +#+macro: gnupg22_w32_ver 2.2.8_20180613 +#+macro: gnupg22_w32_date 2018-06-13 +#+macro: gnupg22_w32_size 3915k +#+macro: gnupg22_w32_sha1 c91b0132319e2b9811901e453f6cb20c06cd73e2 +#+macro: gnupg22_w32_sha2 6d2b9269cc808d3dceffe3d7f368738402e7faed49cd823799bcfbdaedc57d3f # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 15:21:12 2018 From: cvs at cvs.gnupg.org (by Maximilian Krambach) Date: Wed, 13 Jun 2018 15:21:12 +0200 Subject: [git] GPGME - branch, javascript-binding, updated. gpgme-1.11.1-60-gaed402c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, javascript-binding has been updated via aed402c5d572b60246f1f8e57ae269f8c91b0b7c (commit) via d0fc4ded58f4a6a86c5ee0a36a3d3c669e244d0d (commit) from e154554e9a48a08219649a58be0b641c561e1748 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit aed402c5d572b60246f1f8e57ae269f8c91b0b7c Author: Maximilian Krambach Date: Wed Jun 13 15:22:03 2018 +0200 js: getDefaultKey and verify fix -- * DemoExtension/maindemo.js - added a Demo for retrieving the default signing key * src/Errors.js - add a new Error if no default key can be determined * src/Key.js added documentation and a TODO marker for hasSecret. * src/Keyring.js implemented getDefaultKey * src/permittedOperations.js: Added missing entry for verify, added config_opt diff --git a/lang/js/CHECKLIST b/lang/js/CHECKLIST index fe26018..2e70dff 100644 --- a/lang/js/CHECKLIST +++ b/lang/js/CHECKLIST @@ -13,10 +13,11 @@ receiving an answer [*] Key handling (import/export, modifying, status queries) [x] Import (not importing secret) [x] Export (not exporting secret) - [x] status queries + [*] status queries + [ ] getHasSecret [ ] key generation [ ] modification - [*] Configuration handling + [x] Configuration handling [ ] check for completeness Communication with other implementations diff --git a/lang/js/DemoExtension/maindemo.js b/lang/js/DemoExtension/maindemo.js index 5cde1ce..67b811f 100644 --- a/lang/js/DemoExtension/maindemo.js +++ b/lang/js/DemoExtension/maindemo.js @@ -36,7 +36,7 @@ document.addEventListener('DOMContentLoaded', function() { 'answer').value = answer.data; } }, function(errormsg){ - alert( errormsg.code + ' ' + errormsg.msg); + alert( errormsg.message); }); }); @@ -50,8 +50,18 @@ document.addEventListener('DOMContentLoaded', function() { 'answer').value = answer.data; } }, function(errormsg){ - alert( errormsg.code + ' ' + errormsg.msg); + alert(errormsg.message); }); }); + + document.getElementById('getdefaultkey').addEventListener('click', + function(){ + gpgmejs.Keyring.getDefaultKey().then(function(answer){ + document.getElementById('defaultkey').innerHtml = + answer.fingerprint; + }, function(errormsg){ + alert(errormsg.message); + }); + }); }); }); diff --git a/lang/js/DemoExtension/mainui.html b/lang/js/DemoExtension/mainui.html index 76b8a22..91be7bb 100644 --- a/lang/js/DemoExtension/mainui.html +++ b/lang/js/DemoExtension/mainui.html @@ -29,5 +29,16 @@

Result data:

+ +

+ Default Key: +
+ +

diff --git a/lang/js/src/Errors.js b/lang/js/src/Errors.js index dabf6a5..73e7438 100644 --- a/lang/js/src/Errors.js +++ b/lang/js/src/Errors.js @@ -78,6 +78,11 @@ const err_list = { msg:'This property has not been retrieved yet from GPG', type: 'error' }, + 'KEY_NO_DEFAULT': { + msg:'A default key could not be established. Please check yout gpg ' + + 'configuration', + type: 'error' + }, // generic 'PARAM_WRONG':{ msg: 'Invalid parameter was found', diff --git a/lang/js/src/Key.js b/lang/js/src/Key.js index 5986254..3e4f1c7 100644 --- a/lang/js/src/Key.js +++ b/lang/js/src/Key.js @@ -192,6 +192,7 @@ export class GPGME_Key { * Query the armored block of the non- secret parts of the Key directly * from gpg. * @returns {Promise} + * @async */ getArmor(){ let me = this; @@ -211,6 +212,13 @@ export class GPGME_Key { }); } + /** + * Find out if the Key includes a secret part + * @returns {Promise} + * + * @async + */ + // TODO: Does not work yet, result is always false getHasSecret(){ let me = this; return new Promise(function(resolve, reject) { diff --git a/lang/js/src/Keyring.js b/lang/js/src/Keyring.js index 0d4e3c5..e07a593 100644 --- a/lang/js/src/Keyring.js +++ b/lang/js/src/Keyring.js @@ -99,7 +99,61 @@ export class GPGME_Keyring { }); } - // getDefaultKey() Big TODO + /** + * Returns the Key to be used by default for signing operations, + * looking up the gpg configuration, or returning the first key that + * contains a secret key. + * @returns {Promise} + * + * @async + * TODO: getHasSecret always returns false at this moment, so this fucntion + * still does not fully work as intended. + * + */ + getDefaultKey() { + let me = this; + return new Promise(function(resolve, reject){ + let msg = createMessage('config_opt'); + msg.setParameter('component', 'gpg'); + msg.setParameter('option', 'default-key'); + msg.post().then(function(response){ + if (response.value !== undefined + && response.value.hasOwnProperty('string') + && typeof(response.value.string) === 'string' + ){ + me.getKeys(response.value.string,true).then(function(keys){ + if(keys.length === 1){ + resolve(keys[0]); + } else { + reject(gpgme_error('KEY_NO_DEFAULT')); + } + }, function(error){ + reject(error); + }); + } else { + // TODO: this is overly 'expensive' in communication + // and probably performance, too + me.getKeys(null,true).then(function(keys){ + for (let i=0; i < keys.length; i++){ + console.log(keys[i]); + console.log(keys[i].get('hasSecret')); + if (keys[i].get('hasSecret') === true){ + resolve(keys[i]); + break; + } + if (i === keys.length -1){ + reject(gpgme_error('KEY_NO_DEFAULT')); + } + } + }, function(error){ + reject(error); + }); + } + }, function(error){ + reject(error); + }); + }); + } /** * diff --git a/lang/js/src/permittedOperations.js b/lang/js/src/permittedOperations.js index 91612ad..044ae4a 100644 --- a/lang/js/src/permittedOperations.js +++ b/lang/js/src/permittedOperations.js @@ -314,7 +314,7 @@ export const permittedOperations = { }, createkey: { - pinentry: true, + pinentry: true, required: { userid: { allowed: ['string'] @@ -332,7 +332,59 @@ export const permittedOperations = { type: [''], data: {'fingerprint': 'string'} } + }, + + verify: { + required: { + data: { + allowed: ['string'] + } + }, + optional: { + 'protocol': { + allowed: ['string'], + allowed_data: ['cms', 'openpgp'] + }, + 'signature': { + allowed: ['string'] + }, + 'base64':{ + allowed: ['boolean'] + } + }, + answer: { + type: ['plaintext'], + data:{ + data: 'string', + base64:'boolean', + info: 'object' + // file_name: Optional string of the plaintext file name. + // is_mime: Boolean if the messages claims it is MIME. + // signatures: Array of signatures + } + } + }, + + config_opt: { + required: { + 'component':{ + allowed: ['string'], + // allowed_data: ['gpg'] // TODO check all available + }, + 'option': { + allowed: ['string'], + // allowed_data: ['default-key'] // TODO check all available + } + }, + optional: {}, + answer: { + type: [], + data: { + option: 'object' + } + } } + /** * TBD handling of secrets * TBD key modification? commit d0fc4ded58f4a6a86c5ee0a36a3d3c669e244d0d Author: Maximilian Krambach Date: Wed Jun 13 11:49:37 2018 +0200 js: less confusing icons for test/Demo extension -- * The current test icon was just a generic pin. Changed that by the gnupg lock symbol with 'Demo'/'Tests' written on it. Original taken from gnupg artwork/icons/lock-wing.svg. diff --git a/lang/js/BrowserTestExtension/testicon.png b/lang/js/BrowserTestExtension/testicon.png index 12c3f5d..a98463d 100644 Binary files a/lang/js/BrowserTestExtension/testicon.png and b/lang/js/BrowserTestExtension/testicon.png differ diff --git a/lang/js/DemoExtension/testicon.png b/lang/js/DemoExtension/testicon.png index 12c3f5d..84284e0 100644 Binary files a/lang/js/DemoExtension/testicon.png and b/lang/js/DemoExtension/testicon.png differ ----------------------------------------------------------------------- Summary of changes: lang/js/BrowserTestExtension/testicon.png | Bin 16192 -> 2697 bytes lang/js/CHECKLIST | 5 +-- lang/js/DemoExtension/maindemo.js | 14 ++++++-- lang/js/DemoExtension/mainui.html | 11 ++++++ lang/js/DemoExtension/testicon.png | Bin 16192 -> 2670 bytes lang/js/src/Errors.js | 5 +++ lang/js/src/Key.js | 8 +++++ lang/js/src/Keyring.js | 56 +++++++++++++++++++++++++++++- lang/js/src/permittedOperations.js | 54 +++++++++++++++++++++++++++- 9 files changed, 147 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 16:11:46 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jun 2018 16:11:46 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-1.1.0-7-g779b8e6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 779b8e6df7d2678d40bc61ba9e9ff35324a40d03 (commit) from 948105b7a34ec9a9e5479d376b7c86bafee50a01 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 779b8e6df7d2678d40bc61ba9e9ff35324a40d03 Author: Werner Koch Date: Wed Jun 13 16:10:53 2018 +0200 core: Add info about tty mode etc to 'getinfo ttyinfo' * configure.ac: Check for 'stat'. * pinentry/pinentry.c: Include types.h and stat.h. (device_stat_string): New. (cmd_getinfo): Print more info. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index e305e44..51a2313 100644 --- a/configure.ac +++ b/configure.ac @@ -221,7 +221,7 @@ AC_HEADER_STDC AC_CHECK_HEADERS(string.h unistd.h langinfo.h termio.h locale.h utime.h wchar.h) dnl Checks for library functions. -AC_CHECK_FUNCS(seteuid stpcpy mmap) +AC_CHECK_FUNCS(seteuid stpcpy mmap stat) GNUPG_CHECK_MLOCK dnl Checks for standard types. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 30c333b..cd813d8 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -27,6 +27,8 @@ #endif #include #include +#include +#include #include #include #ifndef HAVE_W32_SYSTEM @@ -1706,6 +1708,33 @@ cmd_message (assuan_context_t ctx, char *line) return cmd_confirm (ctx, "--one-button"); } + +/* Return a staically allocated string with information on the mode, + * uid, and gid of DEVICE. On error "?" is returned if DEVICE is + * NULL, "-" is returned. */ +static const char * +device_stat_string (const char *device) +{ +#ifdef HAVE_STAT + static char buf[40]; + struct stat st; + + if (!device || !*device) + return "-"; + + if (stat (device, &st)) + return "?"; /* Error */ + snprintf (buf, sizeof buf, "%lo/%lu/%lu", + (unsigned long)st.st_mode, + (unsigned long)st.st_uid, + (unsigned long)st.st_gid); + return buf; +#else + return "-"; +#endif +} + + /* GETINFO Multipurpose function to return a variety of information. @@ -1721,7 +1750,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) { int rc; const char *s; - char buffer[100]; + char buffer[150]; if (!strcmp (line, "version")) { @@ -1753,10 +1782,17 @@ cmd_getinfo (assuan_context_t ctx, char *line) } else if (!strcmp (line, "ttyinfo")) { - snprintf (buffer, sizeof buffer, "%s %s %s", + snprintf (buffer, sizeof buffer, "%s %s %s %s %lu/%lu", pinentry.ttyname? pinentry.ttyname : "-", pinentry.ttytype? pinentry.ttytype : "-", - pinentry.display? pinentry.display : "-" ); + pinentry.display? pinentry.display : "-", + device_stat_string (pinentry.ttyname), +#ifdef HAVE_DOSISH_SYSTEM + 0l, 0l +#else + (unsigned long)geteuid (), (unsigned long)getegid () +#endif + ); buffer[sizeof buffer -1] = 0; rc = assuan_send_data (ctx, buffer, strlen (buffer)); } ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- pinentry/pinentry.c | 42 +++++++++++++++++++++++++++++++++++++++--- 2 files changed, 40 insertions(+), 4 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 13 18:38:35 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 13 Jun 2018 18:38:35 +0200 Subject: [git] gnupg-doc - branch, master, updated. 969e129dbd6b94a71433f12333a166fd2fbe9e8b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 969e129dbd6b94a71433f12333a166fd2fbe9e8b (commit) from 9689413979faa7ebe03616c5bea0181d7b13ba85 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 969e129dbd6b94a71433f12333a166fd2fbe9e8b Author: Werner Koch Date: Wed Jun 13 18:39:03 2018 +0200 web: Release info for libgcrypt 1.8.3 diff --git a/web/index.org b/web/index.org index 53df6f1..872a068 100644 --- a/web/index.org +++ b/web/index.org @@ -65,6 +65,13 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** Libgcrypt 1.8.3 released (2018-06-13) + +We are pleased to announce the availability of [[file:software/libgcrypt/index.org][Libgcrypt]] version 1.8.3 +and 1.7.10. These releases fix a local side-channel attack on ECDSA +signature as described in the white pager "Return of the Hidden Number +Proble" and got assigned {{{CVE(2018-0495)}}}. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html][more]]} + ** GnuPG 1.4.23 released (2018-06-11) :important: Although GnuPG 1.4 is of very limited use today we did a maintenance ----------------------------------------------------------------------- Summary of changes: web/index.org | 7 +++++++ 1 file changed, 7 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 14 06:16:37 2018 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 14 Jun 2018 06:16:37 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.7-153-g3e6ad30 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3e6ad302eaf3a4a9f3e60379133b3dfdbe0e1b2d (commit) via 5b40338f12762cd74238c2d2b3101c33dd2d0ed3 (commit) from cb52eb76b3ba0269742c5322e10a2b5151dafaf2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3e6ad302eaf3a4a9f3e60379133b3dfdbe0e1b2d Author: NIIBE Yutaka Date: Thu Jun 14 13:10:57 2018 +0900 libdns: Sync to upstream. * dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark. -- Reverting local change, merge upstream's debug-tracing branch. (commit 21281fc1b63bb74d51762b8e363c49b1a258783d) Fixes-commit: d4c0187dd93163f12e9f953366adef81ecf526a6 Signed-off-by: NIIBE Yutaka diff --git a/dirmngr/dns.c b/dirmngr/dns.c index 8e8b6db..13ef4b8 100644 --- a/dirmngr/dns.c +++ b/dirmngr/dns.c @@ -6096,17 +6096,9 @@ int dns_nssconf_loadfile(struct dns_resolv_conf *resconf, FILE *fp) { dns_anyconf_skip(" \t", fp); if ('[' == dns_anyconf_peek(fp)) { - dns_anyconf_skip("[ \t", fp); + dns_anyconf_skip("[! \t", fp); - for (;;) { - if ('!' == dns_anyconf_peek(fp)) { - dns_anyconf_skip("! \t", fp); - /* FIXME: negating statuses; currently not implemented */ - dns_anyconf_skip("^#;]\n", fp); /* skip to end of criteria */ - break; - } - - if (!dns_anyconf_scan(&cf, "%w_", fp, &error)) break; + while (dns_anyconf_scan(&cf, "%w_", fp, &error)) { dns_anyconf_skip("= \t", fp); if (!dns_anyconf_scan(&cf, "%w_", fp, &error)) { dns_anyconf_pop(&cf); /* discard status */ commit 5b40338f12762cd74238c2d2b3101c33dd2d0ed3 Author: NIIBE Yutaka Date: Thu Jun 14 13:01:45 2018 +0900 dirmngr: Fix recursive resolver mode. * dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse. -- To reproduce an error, run: ./t-dns-stuff --debug --recursive-resolver www.gnupg.org Then, it returns "No name" error. That's because there was only setup for root servers, and no setup for recursive query in fact. Signed-off-by: NIIBE Yutaka diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 7324aae..ffac816 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -612,6 +612,8 @@ libdns_init (void) } } + ld.resolv_conf->options.recurse = recursive_resolver_p (); + /* dns_hints_local for stub mode, dns_hints_root for recursive. */ ld.hints = (recursive_resolver ? dns_hints_root (ld.resolv_conf, &derr) ----------------------------------------------------------------------- Summary of changes: dirmngr/dns-stuff.c | 2 ++ dirmngr/dns.c | 12 ++---------- 2 files changed, 4 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 14 10:26:01 2018 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 14 Jun 2018 10:26:01 +0200 Subject: [git] gnupg-doc - branch, master, updated. 73c278e7b09fa18bc35fce117a9e05e37d791fe1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 73c278e7b09fa18bc35fce117a9e05e37d791fe1 (commit) from 969e129dbd6b94a71433f12333a166fd2fbe9e8b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 73c278e7b09fa18bc35fce117a9e05e37d791fe1 Author: Werner Koch Date: Thu Jun 14 10:26:30 2018 +0200 web: typo fix diff --git a/web/index.org b/web/index.org index 872a068..1e82ba3 100644 --- a/web/index.org +++ b/web/index.org @@ -69,8 +69,8 @@ The latest release news:\\ We are pleased to announce the availability of [[file:software/libgcrypt/index.org][Libgcrypt]] version 1.8.3 and 1.7.10. These releases fix a local side-channel attack on ECDSA -signature as described in the white pager "Return of the Hidden Number -Proble" and got assigned {{{CVE(2018-0495)}}}. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html][more]]} +signature as described in the white pager ?Return of the Hidden Number +Problem? and got assigned {{{CVE(2018-0495)}}}. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html][more]]} ** GnuPG 1.4.23 released (2018-06-11) :important: ----------------------------------------------------------------------- Summary of changes: web/index.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 14 12:15:42 2018 From: cvs at cvs.gnupg.org (by Maximilian Krambach) Date: Thu, 14 Jun 2018 12:15:42 +0200 Subject: [git] GPGME - branch, javascript-binding, updated. gpgme-1.11.1-61-g3c783bd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, javascript-binding has been updated via 3c783bd09ce54b0d50dc3bea201e70e4fcbbf6a3 (commit) from aed402c5d572b60246f1f8e57ae269f8c91b0b7c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3c783bd09ce54b0d50dc3bea201e70e4fcbbf6a3 Author: Maximilian Krambach Date: Thu Jun 14 12:15:51 2018 +0200 js: add verify and signature parsing -- * src/gpgmejs.js: - Added verify method - Added verification results in decrypt (if signatures are present in the message) - Added a base64 option to decrypt * src/Signature.js: Convenience class for verification results. Used for e.g. converting timestamps to javascript time, quick overall validity checks * src/Keyring.js: removed debug code * src/Errors.js add two new Signature errors diff --git a/lang/js/src/Errors.js b/lang/js/src/Errors.js index 73e7438..a8cd8b5 100644 --- a/lang/js/src/Errors.js +++ b/lang/js/src/Errors.js @@ -83,6 +83,14 @@ const err_list = { 'configuration', type: 'error' }, + 'SIG_WRONG': { + msg:'A malformed signature was created', + type: 'error' + }, + 'SIG_NO_SIGS': { + msg:'There were no signatures found', + type: 'error' + }, // generic 'PARAM_WRONG':{ msg: 'Invalid parameter was found', diff --git a/lang/js/src/Keyring.js b/lang/js/src/Keyring.js index e07a593..451f936 100644 --- a/lang/js/src/Keyring.js +++ b/lang/js/src/Keyring.js @@ -135,8 +135,6 @@ export class GPGME_Keyring { // and probably performance, too me.getKeys(null,true).then(function(keys){ for (let i=0; i < keys.length; i++){ - console.log(keys[i]); - console.log(keys[i].get('hasSecret')); if (keys[i].get('hasSecret') === true){ resolve(keys[i]); break; diff --git a/lang/js/src/Signature.js b/lang/js/src/Signature.js new file mode 100644 index 0000000..d7d0598 --- /dev/null +++ b/lang/js/src/Signature.js @@ -0,0 +1,193 @@ +/* gpgme.js - Javascript integration for gpgme + * Copyright (C) 2018 Bundesamt f?r Sicherheit in der Informationstechnik + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * SPDX-License-Identifier: LGPL-2.1+ + * + * Author(s): + * Maximilian Krambach + */ + +/** + * Validates a signature object and returns + * @param {Object} sigObject Object as returned by gpgme-json. The definition + * of the expected values are to be found in the constants 'expKeys', 'expSum', + * 'expNote' in this file. + * @returns {GPGME_Signature} Signature Object + */ + +import { gpgme_error } from './Errors'; + +export function createSignature(sigObject){ + if ( + typeof(sigObject) !=='object' || + !sigObject.hasOwnProperty('summary') || + !sigObject.hasOwnProperty('fingerpprint') || + !sigObject.hasOwnProperty('timestamp') + //TODO check if timestamp is mandatory in specification + ){ + return gpgme_error('SIG_WRONG'); + } + let keys = Object.keys(sigObject); + for (let i=0; i< keys.length; i++){ + if ( typeof(sigObject[keys[i]]) !== expKeys[keys[i]] ){ + return gpgme_error('SIG_WRONG'); + } + } + let sumkeys = Object.keys(sigObject.summary); + for (let i=0; i< sumkeys.length; i++){ + if ( typeof(sigObject.summary[sumkeys[i]]) !== expSum[sumkeys[i]] ){ + return gpgme_error('SIG_WRONG'); + } + } + if (sigObject.hasOwnProperty('notations')){ + if (!Array.isArray(sigObject.notations)){ + return gpgme_error('SIG_WRONG'); + } + for (let i=0; i < sigObject.notations.length; i++){ + let notation = sigObject.notations[i]; + let notekeys = Object.keys(notation); + for (let j=0; j < notekeys.length; j++){ + if ( typeof(notation[notekeys[j]]) !== expNote[notekeys[j]] ){ + return gpgme_error('SIG_WRONG'); + } + } + } + } + return new GPGME_Signature(sigObject); +} + + +/** + * Representing the details of a signature. It is supposed to be read-only. The + * full details as given by gpgme-json can be accessed from the _rawSigObject. + * ) + */ +class GPGME_Signature { + constructor(sigObject){ + this._rawSigObject = sigObject; + } + + /** + * The signatures' fingerprint + */ + get fingerprint(){ + return this._rawSigObject.fingerprint; + } + + /** + * The expiration of this Signature as Javascript date, or null if + * signature does not expire + * @returns {Date | null} + */ + get expiration(){ + if (!this._rawSigObject.exp_timestamp){ + return null; + } + return new Date(this._rawSigObject.exp_timestamp* 1000); + } + + /** + * The creation date of this Signature in Javascript Date + * @returns {Date} + */ + get timestamp(){ + return new Date(this._rawSigObject.timestamp* 1000); + } + + /** + * The overall validity of the key. If false, errorDetails may contain + * additional information + */ + get valid() { + if (this._rawSigObject.valid === true){ + return true; + } else { + return false; + } + } + + /** + * gives more information on non-valid signatures. Refer to the gpgme docs + * https://www.gnupg.org/documentation/manuals/gpgme/Verify.html for + * details on the values + * @returns {Object} Object with boolean properties + */ + get errorDetails(){ + let properties = ['revoked', 'key-expired', 'sig-expired', + 'key-missing', 'crl-missing', 'crl-too-old', 'bad-policy', + 'sys-error']; + let result = {}; + for (let i=0; i< properties.length; i++){ + if ( this._rawSigObject.hasOwnProperty(properties[i]) ){ + result[properties[i]] = this._rawSigObject[properties[i]]; + } + } + return result; + } + +} + +/** + * Keys and their value's type for the signature Object + */ +const expKeys = { + 'wrong_key_usage': 'boolean', + 'chain_model': 'boolean', + 'summary': 'object', + 'is_de_vs': 'boolean', + 'status_string':'string', + 'fingerprint':'string', + 'validity_string': 'string', + 'pubkey_algo_name':'string', + 'hash_algo_name':'string', + 'pka_address':'string', + 'status_code':'number', + 'timestamp':'number', + 'exp_timestamp':'number', + 'pka_trust':'number', + 'validity':'number', + 'validity_reason':'number', + 'notations': 'object' +}; + +/** + * Keys and their value's type for the summary + */ +const expSum = { + 'valid': 'boolean', + 'green': 'boolean', + 'red': 'boolean', + 'revoked': 'boolean', + 'key-expired': 'boolean', + 'sig-expired': 'boolean', + 'key-missing': 'boolean', + 'crl-missing': 'boolean', + 'crl-too-old': 'boolean', + 'bad-policy': 'boolean', + 'sys-error': 'boolean' +}; + +/** + * Keys and their value's type for notations objects + */ +const expNote = { + 'human_readable': 'boolean', + 'critical':'boolean', + 'name': 'string', + 'value': 'string', + 'flags': 'number' +}; diff --git a/lang/js/src/gpgmejs.js b/lang/js/src/gpgmejs.js index 7fa7643..a0f7e96 100644 --- a/lang/js/src/gpgmejs.js +++ b/lang/js/src/gpgmejs.js @@ -26,6 +26,7 @@ import {GPGME_Message, createMessage} from './Message'; import {toKeyIdArray} from './Helpers'; import { gpgme_error } from './Errors'; import { GPGME_Keyring } from './Keyring'; +import { createSignature } from './Signature'; export class GpgME { /** @@ -107,15 +108,28 @@ export class GpgME { * Decrypt a Message * @param {String|Object} data text/data to be decrypted. Accepts Strings * and Objects with a getText method - * @returns {Promise