From d8602648b8c27a008dfaef981cc35cf9107976bb Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 29 Aug 2006 16:18:30 +0000 Subject: [PATCH] See ChangeLogs --- NEWS | 3 ++ TODO | 7 +-- agent/pkdecrypt.c | 22 ++++++--- doc/gpg-agent.texi | 2 +- doc/gpgsm.texi | 6 +++ g10/ChangeLog | 4 ++ g10/mainproc.c | 9 ++-- jnlib/ChangeLog | 4 ++ jnlib/logging.c | 12 ++++- sm/ChangeLog | 8 ++++ sm/call-agent.c | 33 ++++++++++---- sm/gpgsm.c | 108 ++++++++++++++++++++++++++++----------------- 12 files changed, 146 insertions(+), 72 deletions(-) diff --git a/NEWS b/NEWS index 4c3863bbc..e60c6f7a3 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,9 @@ Noteworthy changes in version 1.9.23 gpg part. For production use of OpenPGP the gpg version 1.4.5 is still recommended. + * API change in gpg-agent's pkdecrypt command. Thus an older gpgsm + may not be used with the current gpg-agent. + Noteworthy changes in version 1.9.22 (2006-07-27) ------------------------------------------------- diff --git a/TODO b/TODO index 5a5d2c6af..1b0a7b4ef 100644 --- a/TODO +++ b/TODO @@ -6,8 +6,6 @@ Currently we don't cope with overlong lines in the best way. ** Check that we really release the ksba reader/writer objects. * sm/call-agent.c -** The protocol uses an incomplete S-expression -We should always use valid S-Exp and not just parts. ** Some code should go into import.c ** When we allow concurrent service request in gpgsm, we might want to have an agent context for each service request @@ -23,7 +21,6 @@ might want to have an agent context for each service request ** replace leading zero in integer hack by a cleaner solution * sm/gpgsm.c -** Support --output for all commands ** mark all unimplemented commands and options. ** Implement --default-key ** support the anyPolicy semantic @@ -109,10 +106,8 @@ might want to have an agent context for each service request ** issue a NO_SECKEY xxxx if a -u key was not found. ** Replace DIGEST_ALGO_SHA224 We can't do that right now because it is only defined by newer - versions of libgcrypt. Changes this if we require libgcrypt 1.3 + versions of libgcrypt. Change this if we require libgcrypt 1.3 anyway. -** skclist.c:random_is_faked - Remove the whole stuff? ** qbits We pass a new qbit parameter to genkey - implement this in libgcrypt. ** skclist.c diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index f61f0f844..775fa5256 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -90,15 +90,14 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text, log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc)); goto leave; } - /* FIXME: Change the protocol to return a complete S-expression - and not just a part. */ - { - char tmpbuf[50]; - sprintf (tmpbuf, "%u:", (unsigned int)len); + { + char tmpbuf[60]; + + sprintf (tmpbuf, "(5:value%u:", (unsigned int)len); put_membuf (outbuf, tmpbuf, strlen (tmpbuf)); put_membuf (outbuf, buf, len); - put_membuf (outbuf, "", 1); + put_membuf (outbuf, ")", 2); } } else @@ -126,7 +125,16 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text, buf = xmalloc (len); len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, buf, len); assert (len); - put_membuf (outbuf, buf, len); + if (*buf == '(') + put_membuf (outbuf, buf, len); + else + { + /* Old style libgcrypt: This is only an S-expression + part. Turn it into a complete S-expression. */ + put_membuf (outbuf, "(5:value", 8); + put_membuf (outbuf, buf, len); + put_membuf (outbuf, ")", 2); + } } diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index cb5032e41..b1c40a6cc 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -701,7 +701,7 @@ Here is an example session: C: D (b 3F444677CA))) C: END S: # session key follows - S: D 1234567890ABCDEF0 + S: D (value 1234567890ABCDEF0) S: OK descryption successful @end example diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 720e3e7d8..d3cedc059 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -428,6 +428,12 @@ Assume the input data is binary encoded. Set the user(s) to be used for signing. The default is the first secret key found in the database. +@item --output @var{file} +@itemx -o @var{file} +@opindex output +Write output to @var{file}. The default is to write it to stdout. + + @item --with-key-data @opindex with-key-data Displays extra information with the @code{--list-keys} commands. Especially diff --git a/g10/ChangeLog b/g10/ChangeLog index 03a97363f..765ac770d 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,7 @@ +2006-08-22 Werner Koch + + * mainproc.c (proc_plaintext): Fixed a #warning + 2006-08-21 Werner Koch * skclist.c (random_is_faked): Implemented. diff --git a/g10/mainproc.c b/g10/mainproc.c index 45d9d34a5..af3aac70f 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -681,13 +681,10 @@ proc_plaintext( CTX c, PACKET *pkt ) } rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); - if (rc) - log_debug ("handle_plaintext failed: err=%d\n", rc); - if( gpg_err_code (rc) == GPG_ERR_ENOENT && !c->sigs_only) + if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) { -#warning We need to change the test for the error code - /* Can't write output but we hash it anyway to - * Check the signature. */ + /* Can't write output but we hash it anyway to check the + signature. */ rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); } diff --git a/jnlib/ChangeLog b/jnlib/ChangeLog index 5511dedcd..f601d9b14 100644 --- a/jnlib/ChangeLog +++ b/jnlib/ChangeLog @@ -1,3 +1,7 @@ +2006-08-29 Werner Koch + + * logging.c (do_logv): Emit a missing LF for fatal errors. + 2006-06-28 Werner Koch * dotlock.c (make_dotlock, release_dotlock, read_lockfile) diff --git a/jnlib/logging.c b/jnlib/logging.c index 20ba02ccd..568c67247 100644 --- a/jnlib/logging.c +++ b/jnlib/logging.c @@ -486,9 +486,17 @@ do_logv (int level, const char *fmt, va_list arg_ptr) } if (level == JNLIB_LOG_FATAL) - exit(2); + { + if (missing_lf) + putc('\n', logstream ); + exit(2); + } if (level == JNLIB_LOG_BUG) - abort(); + { + if (missing_lf) + putc('\n', logstream ); + abort(); + } } static void diff --git a/sm/ChangeLog b/sm/ChangeLog index 55a539ad6..149ba4786 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,11 @@ +2006-08-29 Werner Koch + + * call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using + complete S-expressions as implemented by the current gpg-agent. + + * gpgsm.c (main): Implement --output for encrypt, decrypt, sign + and export. + 2006-07-03 Werner Koch * certreqgen.c (proc_parameters): Print the component label of a diff --git a/sm/call-agent.c b/sm/call-agent.c index 85ec78c63..61332144e 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -300,7 +300,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, membuf_t data; struct cipher_parm_s cipher_parm; size_t n, len; - char *buf, *endp; + char *p, *buf, *endp; size_t ciphertextlen; if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen) @@ -349,21 +349,36 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc, return map_assuan_err (rc); } - put_membuf (&data, "", 1); /* make sure it is 0 terminated */ + put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */ buf = get_membuf (&data, &len); if (!buf) return gpg_error (GPG_ERR_ENOMEM); - /* FIXME: We would better a return a full S-exp and not just a part */ - assert (len); - len--; /* remove the terminating 0 */ - n = strtoul (buf, &endp, 10); + assert (len); /* (we forced Nul termination.) */ + + if (*buf == '(') + { + if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */ + return gpg_error (GPG_ERR_INV_SEXP); + len -= 11; /* Count only the data of the second part. */ + p = buf + 8; /* Skip leading parenthesis and the value tag. */ + } + else + { + /* For compatibility with older gpg-agents handle the old style + incomplete S-exps. */ + len--; /* Do not count the Nul. */ + p = buf; + } + + n = strtoul (p, &endp, 10); if (!n || *endp != ':') return gpg_error (GPG_ERR_INV_SEXP); endp++; - if (endp-buf+n > len) - return gpg_error (GPG_ERR_INV_SEXP); /* oops len does not - match internal len*/ + if (endp-p+n > len) + return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */ + memmove (buf, endp, n); + *r_buflen = n; *r_buf = buf; return 0; diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 5363b8ad6..0855a0062 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1420,31 +1420,42 @@ main ( int argc, char **argv) run_protect_tool (argc, argv); break; - case aEncr: /* encrypt the given file */ - set_binary (stdin); - set_binary (stdout); - if (!argc) - gpgsm_encrypt (&ctrl, recplist, 0, stdout); /* from stdin */ - else if (argc == 1) - gpgsm_encrypt (&ctrl, recplist, open_read (*argv), stdout); /* from file */ - else - wrong_args ("--encrypt [datafile]"); + case aEncr: /* Encrypt the given file. */ + { + FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-"); + + set_binary (stdin); + + if (!argc) /* Source is stdin. */ + gpgsm_encrypt (&ctrl, recplist, 0, fp); + else if (argc == 1) /* Source is the given file. */ + gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp); + else + wrong_args ("--encrypt [datafile]"); + + if (fp != stdout) + fclose (fp); + } break; - case aSign: /* sign the given file */ - /* FIXME: We don't handle --output yet. We should also allow - to concatenate multiple files for signing because that is - what gpg does.*/ - set_binary (stdin); - set_binary (stdout); - if (!argc) - gpgsm_sign (&ctrl, signerlist, - 0, detached_sig, stdout); /* create from stdin */ - else if (argc == 1) - gpgsm_sign (&ctrl, signerlist, - open_read (*argv), detached_sig, stdout); /* from file */ - else - wrong_args ("--sign [datafile]"); + case aSign: /* Sign the given file. */ + { + FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-"); + + /* Fixme: We should also allow to concatenate multiple files for + signing because that is what gpg does.*/ + set_binary (stdin); + if (!argc) /* Create from stdin. */ + gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp); + else if (argc == 1) /* From file. */ + gpgsm_sign (&ctrl, signerlist, + open_read (*argv), detached_sig, fp); + else + wrong_args ("--sign [datafile]"); + + if (fp != stdout) + fclose (fp); + } break; case aSignEncr: /* sign and encrypt the given file */ @@ -1484,14 +1495,19 @@ main ( int argc, char **argv) break; case aDecrypt: - set_binary (stdin); - set_binary (stdout); - if (!argc) - gpgsm_decrypt (&ctrl, 0, stdout); /* from stdin */ - else if (argc == 1) - gpgsm_decrypt (&ctrl, open_read (*argv), stdout); /* from file */ - else - wrong_args ("--decrypt [filename]"); + { + FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-"); + + set_binary (stdin); + if (!argc) + gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */ + else if (argc == 1) + gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */ + else + wrong_args ("--decrypt [filename]"); + if (fp != stdout) + fclose (fp); + } break; case aDeleteKey: @@ -1556,19 +1572,29 @@ main ( int argc, char **argv) break; case aExport: - set_binary (stdout); - for (sl=NULL; argc; argc--, argv++) - add_to_strlist (&sl, *argv); - gpgsm_export (&ctrl, sl, stdout); - free_strlist(sl); + { + FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-"); + + for (sl=NULL; argc; argc--, argv++) + add_to_strlist (&sl, *argv); + gpgsm_export (&ctrl, sl, fp); + free_strlist(sl); + if (fp != stdout) + fclose (fp); + } break; case aExportSecretKeyP12: - set_binary (stdout); - if (argc == 1) - gpgsm_p12_export (&ctrl, *argv, stdout); - else - wrong_args ("--export-secret-key-p12 KEY-ID"); + { + FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-"); + + if (argc == 1) + gpgsm_p12_export (&ctrl, *argv, stdout); + else + wrong_args ("--export-secret-key-p12 KEY-ID"); + if (fp != stdout) + fclose (fp); + } break; case aSendKeys: