security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

See ChangeLogs

This commit is contained in:
Werner Koch 2006-08-29 16:18:30 +00:00
parent 6870dcf05d
commit d8602648b8
12 changed files with 146 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -9,6 +9,9 @@ Noteworthy changes in version 1.9.23
gpg part. For production use of OpenPGP the gpg version 1.4.5 is
still recommended.
* API change in gpg-agent's pkdecrypt command. Thus an older gpgsm
may not be used with the current gpg-agent.
Noteworthy changes in version 1.9.22 (2006-07-27)
-------------------------------------------------

7
TODO
View File

@ -6,8 +6,6 @@ Currently we don't cope with overlong lines in the best way.
** Check that we really release the ksba reader/writer objects.
* sm/call-agent.c
** The protocol uses an incomplete S-expression
We should always use valid S-Exp and not just parts.
** Some code should go into import.c
** When we allow concurrent service request in gpgsm, we
might want to have an agent context for each service request
@ -23,7 +21,6 @@ might want to have an agent context for each service request
** replace leading zero in integer hack by a cleaner solution
* sm/gpgsm.c
** Support --output for all commands
** mark all unimplemented commands and options.
** Implement --default-key
** support the anyPolicy semantic
@ -109,10 +106,8 @@ might want to have an agent context for each service request
** issue a NO_SECKEY xxxx if a -u key was not found.
** Replace DIGEST_ALGO_SHA224
We can't do that right now because it is only defined by newer
versions of libgcrypt. Changes this if we require libgcrypt 1.3
versions of libgcrypt. Change this if we require libgcrypt 1.3
anyway.
** skclist.c:random_is_faked
Remove the whole stuff?
** qbits
We pass a new qbit parameter to genkey - implement this in libgcrypt.
** skclist.c

22
agent/pkdecrypt.c
View File

@ -90,15 +90,14 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text,
log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc));
goto leave;
}
/* FIXME: Change the protocol to return a complete S-expression
and not just a part. */
{
char tmpbuf[50];
sprintf (tmpbuf, "%u:", (unsigned int)len);
{
char tmpbuf[60];
sprintf (tmpbuf, "(5:value%u:", (unsigned int)len);
put_membuf (outbuf, tmpbuf, strlen (tmpbuf));
put_membuf (outbuf, buf, len);
put_membuf (outbuf, "", 1);
put_membuf (outbuf, ")", 2);
}
}
else
@ -126,7 +125,16 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text,
buf = xmalloc (len);
len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
put_membuf (outbuf, buf, len);
if (*buf == '(')
put_membuf (outbuf, buf, len);
else
{
/* Old style libgcrypt: This is only an S-expression
part. Turn it into a complete S-expression. */
put_membuf (outbuf, "(5:value", 8);
put_membuf (outbuf, buf, len);
put_membuf (outbuf, ")", 2);
}
}

2
doc/gpg-agent.texi
View File

@ -701,7 +701,7 @@ Here is an example session:
C: D (b 3F444677CA)))
C: END
S: # session key follows
S: D 1234567890ABCDEF0
S: D (value 1234567890ABCDEF0)
S: OK descryption successful
@end example

6
doc/gpgsm.texi
View File

@ -428,6 +428,12 @@ Assume the input data is binary encoded.
Set the user(s) to be used for signing. The default is the first
secret key found in the database.
@item --output @var{file}
@itemx -o @var{file}
@opindex output
Write output to @var{file}. The default is to write it to stdout.
@item --with-key-data
@opindex with-key-data
Displays extra information with the @code{--list-keys} commands. Especially

4
g10/ChangeLog
View File

@ -1,3 +1,7 @@
2006-08-22 Werner Koch <wk@g10code.com>
* mainproc.c (proc_plaintext): Fixed a #warning
2006-08-21 Werner Koch <wk@g10code.com>
* skclist.c (random_is_faked): Implemented.

9
g10/mainproc.c
View File

@ -681,13 +681,10 @@ proc_plaintext( CTX c, PACKET *pkt )
}
rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
if (rc)
log_debug ("handle_plaintext failed: err=%d\n", rc);
if( gpg_err_code (rc) == GPG_ERR_ENOENT && !c->sigs_only)
if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
{
#warning We need to change the test for the error code
/* Can't write output but we hash it anyway to
* Check the signature. */
/* Can't write output but we hash it anyway to check the
signature. */
rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
}

4
jnlib/ChangeLog
View File

@ -1,3 +1,7 @@
2006-08-29 Werner Koch <wk@g10code.com>
* logging.c (do_logv): Emit a missing LF for fatal errors.
2006-06-28 Werner Koch <wk@g10code.com>
* dotlock.c (make_dotlock, release_dotlock, read_lockfile)

12
jnlib/logging.c
View File

@ -486,9 +486,17 @@ do_logv (int level, const char *fmt, va_list arg_ptr)
}
if (level == JNLIB_LOG_FATAL)
exit(2);
{
if (missing_lf)
putc('\n', logstream );
exit(2);
}
if (level == JNLIB_LOG_BUG)
abort();
{
if (missing_lf)
putc('\n', logstream );
abort();
}
}
static void

8
sm/ChangeLog
View File

@ -1,3 +1,11 @@
2006-08-29 Werner Koch <wk@g10code.com>
* call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using
complete S-expressions as implemented by the current gpg-agent.
* gpgsm.c (main): Implement --output for encrypt, decrypt, sign
and export.
2006-07-03 Werner Koch <wk@g10code.com>
* certreqgen.c (proc_parameters): Print the component label of a

33
sm/call-agent.c
View File

@ -300,7 +300,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
membuf_t data;
struct cipher_parm_s cipher_parm;
size_t n, len;
char *buf, *endp;
char *p, *buf, *endp;
size_t ciphertextlen;
if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
@ -349,21 +349,36 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
return map_assuan_err (rc);
}
put_membuf (&data, "", 1); /* make sure it is 0 terminated */
put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
buf = get_membuf (&data, &len);
if (!buf)
return gpg_error (GPG_ERR_ENOMEM);
/* FIXME: We would better a return a full S-exp and not just a part */
assert (len);
len--; /* remove the terminating 0 */
n = strtoul (buf, &endp, 10);
assert (len); /* (we forced Nul termination.) */
if (*buf == '(')
{
if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
return gpg_error (GPG_ERR_INV_SEXP);
len -= 11; /* Count only the data of the second part. */
p = buf + 8; /* Skip leading parenthesis and the value tag. */
}
else
{
/* For compatibility with older gpg-agents handle the old style
incomplete S-exps. */
len--; /* Do not count the Nul. */
p = buf;
}
n = strtoul (p, &endp, 10);
if (!n || *endp != ':')
return gpg_error (GPG_ERR_INV_SEXP);
endp++;
if (endp-buf+n > len)
return gpg_error (GPG_ERR_INV_SEXP); /* oops len does not
match internal len*/
if (endp-p+n > len)
return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
memmove (buf, endp, n);
*r_buflen = n;
*r_buf = buf;
return 0;

108
sm/gpgsm.c
View File

@ -1420,31 +1420,42 @@ main ( int argc, char **argv)
run_protect_tool (argc, argv);
break;
case aEncr: /* encrypt the given file */
set_binary (stdin);
set_binary (stdout);
if (!argc)
gpgsm_encrypt (&ctrl, recplist, 0, stdout); /* from stdin */
else if (argc == 1)
gpgsm_encrypt (&ctrl, recplist, open_read (*argv), stdout); /* from file */
else
wrong_args ("--encrypt [datafile]");
case aEncr: /* Encrypt the given file. */
{
FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
set_binary (stdin);
if (!argc) /* Source is stdin. */
gpgsm_encrypt (&ctrl, recplist, 0, fp);
else if (argc == 1) /* Source is the given file. */
gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
else
wrong_args ("--encrypt [datafile]");
if (fp != stdout)
fclose (fp);
}
break;
case aSign: /* sign the given file */
/* FIXME: We don't handle --output yet. We should also allow
to concatenate multiple files for signing because that is
what gpg does.*/
set_binary (stdin);
set_binary (stdout);
if (!argc)
gpgsm_sign (&ctrl, signerlist,
0, detached_sig, stdout); /* create from stdin */
else if (argc == 1)
gpgsm_sign (&ctrl, signerlist,
open_read (*argv), detached_sig, stdout); /* from file */
else
wrong_args ("--sign [datafile]");
case aSign: /* Sign the given file. */
{
FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
/* Fixme: We should also allow to concatenate multiple files for
signing because that is what gpg does.*/
set_binary (stdin);
if (!argc) /* Create from stdin. */
gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
else if (argc == 1) /* From file. */
gpgsm_sign (&ctrl, signerlist,
open_read (*argv), detached_sig, fp);
else
wrong_args ("--sign [datafile]");
if (fp != stdout)
fclose (fp);
}
break;
case aSignEncr: /* sign and encrypt the given file */
@ -1484,14 +1495,19 @@ main ( int argc, char **argv)
break;
case aDecrypt:
set_binary (stdin);
set_binary (stdout);
if (!argc)
gpgsm_decrypt (&ctrl, 0, stdout); /* from stdin */
else if (argc == 1)
gpgsm_decrypt (&ctrl, open_read (*argv), stdout); /* from file */
else
wrong_args ("--decrypt [filename]");
{
FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
set_binary (stdin);
if (!argc)
gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
else if (argc == 1)
gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */
else
wrong_args ("--decrypt [filename]");
if (fp != stdout)
fclose (fp);
}
break;
case aDeleteKey:
@ -1556,19 +1572,29 @@ main ( int argc, char **argv)
break;
case aExport:
set_binary (stdout);
for (sl=NULL; argc; argc--, argv++)
add_to_strlist (&sl, *argv);
gpgsm_export (&ctrl, sl, stdout);
free_strlist(sl);
{
FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
for (sl=NULL; argc; argc--, argv++)
add_to_strlist (&sl, *argv);
gpgsm_export (&ctrl, sl, fp);
free_strlist(sl);
if (fp != stdout)
fclose (fp);
}
break;
case aExportSecretKeyP12:
set_binary (stdout);
if (argc == 1)
gpgsm_p12_export (&ctrl, *argv, stdout);
else
wrong_args ("--export-secret-key-p12 KEY-ID");
{
FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
if (argc == 1)
gpgsm_p12_export (&ctrl, *argv, stdout);
else
wrong_args ("--export-secret-key-p12 KEY-ID");
if (fp != stdout)
fclose (fp);
}
break;
case aSendKeys: