See ChangeLogs

NEWS

@@ -9,6 +9,9 @@ Noteworthy changes in version 1.9.23
    gpg part.  For production use of OpenPGP the gpg version 1.4.5 is
    still recommended.
 
+ * API change in gpg-agent's pkdecrypt command.  Thus an older gpgsm
+   may not be used with the current gpg-agent.
+
 
 Noteworthy changes in version 1.9.22 (2006-07-27)
 -------------------------------------------------

TODO

@@ -6,8 +6,6 @@ Currently we don't cope with overlong lines in the best way.
 ** Check that we really release the ksba reader/writer objects.
 
 * sm/call-agent.c
-** The protocol uses an incomplete S-expression
-We should always use valid S-Exp and not just parts.
 ** Some code should go into import.c
 ** When we allow concurrent service request in gpgsm, we
 might want to have an agent context for each service request
@@ -23,7 +21,6 @@ might want to have an agent context for each service request
 ** replace leading zero in integer hack by a cleaner solution
 
 * sm/gpgsm.c
-** Support --output for all commands
 ** mark all unimplemented commands and options.
 ** Implement --default-key
 ** support the anyPolicy semantic
@@ -109,10 +106,8 @@ might want to have an agent context for each service request
 ** issue a NO_SECKEY xxxx if a -u key was not found.
 ** Replace DIGEST_ALGO_SHA224
    We can't do that right now because it is only defined by newer
-   versions of libgcrypt.  Changes this if we require libgcrypt 1.3
+   versions of libgcrypt.  Change this if we require libgcrypt 1.3
    anyway.
-** skclist.c:random_is_faked
-   Remove the whole stuff?
 ** qbits
    We pass a new qbit parameter to genkey - implement this in libgcrypt.
 ** skclist.c

agent/pkdecrypt.c

@@ -90,15 +90,14 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text,
           log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc));
           goto leave;
         }
-      /* FIXME: Change the protocol to return a complete S-expression
-         and not just a part. */
-      {
-        char tmpbuf[50];
 
-        sprintf (tmpbuf, "%u:", (unsigned int)len);
+      {
+        char tmpbuf[60];
+
+        sprintf (tmpbuf, "(5:value%u:", (unsigned int)len);
         put_membuf (outbuf, tmpbuf, strlen (tmpbuf));
         put_membuf (outbuf, buf, len);
-        put_membuf (outbuf, "", 1);
+        put_membuf (outbuf, ")", 2);
       }
     }
   else
@@ -126,7 +125,16 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text,
       buf = xmalloc (len);
       len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, buf, len);
       assert (len);
-      put_membuf (outbuf, buf, len);
+      if (*buf == '(')
+        put_membuf (outbuf, buf, len);
+      else
+        {
+          /* Old style libgcrypt: This is only an S-expression
+             part. Turn it into a complete S-expression. */
+          put_membuf (outbuf, "(5:value", 8);
+          put_membuf (outbuf, buf, len);
+          put_membuf (outbuf, ")", 2);
+        }
     }      
 
 

doc/gpg-agent.texi

@@ -701,7 +701,7 @@ Here is an example session:
    C: D    (b 3F444677CA)))
    C: END
    S: # session key follows
-   S: D 1234567890ABCDEF0
+   S: D (value 1234567890ABCDEF0)
    S: OK descryption successful
 @end example         
 

doc/gpgsm.texi

@@ -428,6 +428,12 @@ Assume the input data is binary encoded.
 Set the user(s) to be used for signing.  The default is the first
 secret key found in the database.
 
+@item --output @var{file}
+@itemx -o @var{file}
+@opindex output
+Write output to @var{file}.  The default is to write it to stdout.
+
+
 @item --with-key-data
 @opindex with-key-data
 Displays extra information with the @code{--list-keys} commands.  Especially

g10/ChangeLog

@@ -1,3 +1,7 @@
+2006-08-22  Werner Koch  <wk@g10code.com>
+
+	* mainproc.c (proc_plaintext): Fixed a #warning
+
 2006-08-21  Werner Koch  <wk@g10code.com>
 
 	* skclist.c (random_is_faked): Implemented.

g10/mainproc.c

@@ -681,13 +681,10 @@ proc_plaintext( CTX c, PACKET *pkt )
     }
 
     rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
-    if (rc)
+    if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) 
-      log_debug ("handle_plaintext failed: err=%d\n", rc);
-    if( gpg_err_code (rc) == GPG_ERR_ENOENT && !c->sigs_only) 
       {
-#warning We need to change the test for the error code
+        /* Can't write output but we hash it anyway to check the
-        /* Can't write output but we hash it anyway to
+           signature. */
-         * Check the signature. */
         rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
       }
 

jnlib/ChangeLog

@@ -1,3 +1,7 @@
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* logging.c (do_logv): Emit a missing LF for fatal errors.
+
 2006-06-28  Werner Koch  <wk@g10code.com>
 
 	* dotlock.c (make_dotlock, release_dotlock, read_lockfile)

jnlib/logging.c

@@ -486,9 +486,17 @@ do_logv (int level, const char *fmt, va_list arg_ptr)
     }
 
   if (level == JNLIB_LOG_FATAL)
-    exit(2);
+    {
+      if (missing_lf)
+        putc('\n', logstream );
+      exit(2);
+    }
   if (level == JNLIB_LOG_BUG)
-    abort();
+    {
+      if (missing_lf)
+        putc('\n', logstream );
+      abort();
+    }
 }
 
 static void

sm/ChangeLog

@@ -1,3 +1,11 @@
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using
+	complete S-expressions as implemented by the current gpg-agent.
+
+	* gpgsm.c (main): Implement --output for encrypt, decrypt, sign
+	and export.
+
 2006-07-03  Werner Koch  <wk@g10code.com>
 
 	* certreqgen.c (proc_parameters): Print the component label of a

sm/call-agent.c

@@ -300,7 +300,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
   membuf_t data;
   struct cipher_parm_s cipher_parm;
   size_t n, len;
-  char *buf, *endp;
+  char *p, *buf, *endp;
   size_t ciphertextlen;
   
   if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
@@ -349,21 +349,36 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
       return map_assuan_err (rc);
     }
 
-  put_membuf (&data, "", 1); /* make sure it is 0 terminated */
+  put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
   buf = get_membuf (&data, &len);
   if (!buf)
     return gpg_error (GPG_ERR_ENOMEM);
-  /* FIXME: We would better a return a full S-exp and not just a part */
+  assert (len); /* (we forced Nul termination.)  */
-  assert (len);
+
-  len--; /* remove the terminating 0 */
+  if (*buf == '(')
-  n = strtoul (buf, &endp, 10);
+    {
+      if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
+        return gpg_error (GPG_ERR_INV_SEXP);
+      len -= 11;   /* Count only the data of the second part. */
+      p = buf + 8; /* Skip leading parenthesis and the value tag. */
+    }
+  else
+    {
+      /* For compatibility with older gpg-agents handle the old style
+         incomplete S-exps. */
+      len--;      /* Do not count the Nul. */
+      p = buf;
+    }
+
+  n = strtoul (p, &endp, 10);
   if (!n || *endp != ':')
     return gpg_error (GPG_ERR_INV_SEXP);
   endp++;
-  if (endp-buf+n > len)
+  if (endp-p+n > len)
-    return gpg_error (GPG_ERR_INV_SEXP); /* oops len does not
+    return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
-					    match internal len*/
+  
   memmove (buf, endp, n);
+
   *r_buflen = n;
   *r_buf = buf;
   return 0;

sm/gpgsm.c

@@ -1420,31 +1420,42 @@ main ( int argc, char **argv)
       run_protect_tool (argc, argv);
       break;
 
-    case aEncr: /* encrypt the given file */
+    case aEncr: /* Encrypt the given file. */
-      set_binary (stdin);
+      {
-      set_binary (stdout);
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
-      if (!argc)
+
-        gpgsm_encrypt (&ctrl, recplist, 0, stdout); /* from stdin */
+        set_binary (stdin);
-      else if (argc == 1)
+
-        gpgsm_encrypt (&ctrl, recplist, open_read (*argv), stdout); /* from file */
+        if (!argc) /* Source is stdin. */
-      else
+          gpgsm_encrypt (&ctrl, recplist, 0, fp); 
-        wrong_args ("--encrypt [datafile]");
+        else if (argc == 1)  /* Source is the given file. */
+          gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
+        else
+          wrong_args ("--encrypt [datafile]");
+
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
 
-    case aSign: /* sign the given file */
+    case aSign: /* Sign the given file. */
-      /* FIXME: We don't handle --output yet. We should also allow
+      {
-         to concatenate multiple files for signing because that is
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
-         what gpg does.*/
+
-      set_binary (stdin);
+        /* Fixme: We should also allow to concatenate multiple files for
-      set_binary (stdout);
+           signing because that is what gpg does.*/
-      if (!argc)
+        set_binary (stdin);
-        gpgsm_sign (&ctrl, signerlist,
+        if (!argc) /* Create from stdin. */
-                    0, detached_sig, stdout); /* create from stdin */
+          gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp); 
-      else if (argc == 1)
+        else if (argc == 1) /* From file. */
-        gpgsm_sign (&ctrl, signerlist,
+          gpgsm_sign (&ctrl, signerlist,
-                    open_read (*argv), detached_sig, stdout); /* from file */
+                      open_read (*argv), detached_sig, fp); 
-      else
+        else
-        wrong_args ("--sign [datafile]");
+          wrong_args ("--sign [datafile]");
+
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
         
     case aSignEncr: /* sign and encrypt the given file */
@@ -1484,14 +1495,19 @@ main ( int argc, char **argv)
       break;
 
     case aDecrypt:
-      set_binary (stdin);
+      {
-      set_binary (stdout);
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
-      if (!argc)
+
-        gpgsm_decrypt (&ctrl, 0, stdout); /* from stdin */
+        set_binary (stdin);
-      else if (argc == 1)
+        if (!argc)
-        gpgsm_decrypt (&ctrl, open_read (*argv), stdout); /* from file */
+          gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
-      else
+        else if (argc == 1)
-        wrong_args ("--decrypt [filename]");
+          gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */
+        else
+          wrong_args ("--decrypt [filename]");
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
 
     case aDeleteKey:
@@ -1556,19 +1572,29 @@ main ( int argc, char **argv)
       break;
 
     case aExport:
-      set_binary (stdout);
+      {
-      for (sl=NULL; argc; argc--, argv++)
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
-        add_to_strlist (&sl, *argv);
+
-      gpgsm_export (&ctrl, sl, stdout);
+        for (sl=NULL; argc; argc--, argv++)
-      free_strlist(sl);
+          add_to_strlist (&sl, *argv);
+        gpgsm_export (&ctrl, sl, fp);
+        free_strlist(sl);
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
 
     case aExportSecretKeyP12:
-      set_binary (stdout);
+      {
-      if (argc == 1)
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
-        gpgsm_p12_export (&ctrl, *argv, stdout);
+
-      else
+        if (argc == 1)
-        wrong_args ("--export-secret-key-p12 KEY-ID");
+          gpgsm_p12_export (&ctrl, *argv, stdout);
+        else
+          wrong_args ("--export-secret-key-p12 KEY-ID");
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
       
     case aSendKeys: