Commit 66154740 authored by Daniel Kahn Gillmor's avatar Daniel Kahn Gillmor

Imported Upstream version 2.1.0~beta834

parent 280b10ce
Program: GnuPG
Homepage: https://www.gnupg.org
Download: ftp://ftp.gnupg.org/gcrypt/gnupg/
Repository: git://git.gnupg.org/gnupg.git
Maintainer: Werner Koch <wk@gnupg.org>
Bug reports: http://bugs.gnupg.org
Security related bug reports: <security@gnupg.org>
......
2014-09-18 Werner Koch <wk@gnupg.org>
Release 2.1.0-beta834.
speedo: Distribute needed files.
* Makefile.am (EXTRA_DIST): Add speedo stuff.
build: Enable gpgtar by default.
common: Do not build maintainer modules in non-maintainer mode.
* common/Makefile.am (module_maint_tests): Use only in maintainer
mode.
(t_common_cflags): New.
common: Remove superfluous statements.
* common/exechelp-posix.c: Remove weak pragmas.
* common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
const.
g13: Avoid segv after pipe creation failure.
* g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an
early error.
(gpg_decrypt_blob): Ditto.
scd: Fix int/short mismatch in format string of app-p15.c.
* scd/app-p15.c (parse_certid): Use snprintf and cast value.
(send_certinfo): Ditto.
(send_keypairinfo): Ditto.
(do_getattr): Ditto.
agent: Init a local variable in the error case.
* agent/pksign.c (do_encode_md): Init HASH on error.
agent: Remove left over debug output.
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
output.
agent: Silence compiler warning for a debug message.
* agent/call-pinentry.c (agent_query_dump_state): Use %p for
POPUP_TID.
sm: Silence compiler warnings.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I.
* sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler
warning.
gpg: Silence a compiler warning.
* g10/parse-packet.c (enum_sig_subpkt): Replace hack.
gpg: Replace a hash algo test function.
* g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
speedo: Various fixes.
* build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org. Minor
other fixes.
2014-09-17 Werner Koch <wk@gnupg.org>
gpg: Print a warning if the subkey expiration may not be what you want.
* g10/keyedit.c (subkey_expire_warning): New.
(keyedit_menu): Call it when needed.
gpg: Improve passphrase caching.
* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.
* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
2014-09-12 Werner Koch <wk@gnupg.org>
gpg: Use algorithm id 22 for EdDSA.
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
2014-09-11 Werner Koch <wk@gnupg.org>
gpg: Stop early on bogus old style comment packets.
* g10/parse-packet.c (parse_key): Take care of too short packets for
old style commet packets.
2014-09-10 Werner Koch <wk@gnupg.org>
dirmngr: Support https for KS_FETCH.
* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
dirmngr: Fix the ks_fetch command for the http scheme.
* common/http.c (http_session_ref): Allow for NULL arg.
2014-09-08 Werner Koch <wk@gnupg.org>
gpg: Fix memory leak in ECC encryption.
* g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
handling.
2014-09-02 Werner Koch <wk@gnupg.org>
gpg: Fix export of NIST ECC keys.
* common/openpgp-oid.c (struct oidtable): New.
(openpgp_curve_to_oid): Rewrite and allow OID as input.
(openpgp_oid_to_curve): Make use of the new table.
agent: Fix import of OpenPGP EdDSA keys.
* agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(apply_protection): Handle opaque MPIs.
(do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
unpacking an opaque mpi.
2014-09-01 Kyle Butt <kylebutt@gmail.com>
gpg: Fix export of ecc secret keys by adjusting check ordering.
* g10/export.c (transfer_format_to_openpgp): Move the check against
PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of
parameters.
2014-09-01 Werner Koch <wk@gnupg.org>
agent: Allow key unprotection using AES-256.
* agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
clarity.
(do_decryption): Add args prot_cipher and prot_cipher_keylen. USe
them instead of the hardwired values.
(agent_unprotect): Change to use a table of protection algorithms.
Add AES-256 variant.
2014-08-28 Werner Koch <wk@gnupg.org>
gpg: Do not show "MD5" and triplicated "RSA" in --version.
* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.
gpg: Do not show "MD5" and triplicated "RSA" in --version.
* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.
2014-08-26 Werner Koch <wk@gnupg.org>
gpg: Remove CAST5 from the default prefs and order SHA-1 last.
* g10/keygen.c (keygen_set_std_prefs): Update prefs.
Switch to the libgpg-error provided estream.
* configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
(GPGRT_ENABLE_ES_MACROS): Define.
(estream_INIT): Remove.
* m4/estream.m4: Remove.
* common/estream-printf.c, common/estream-printf.h: Remove.
* common/estream.c, common/estream.h: Remove.
* common/init.c (_init_common_subsystems): Call gpgrt initialization.
gpg: Allow for positional parameters in the passphrase prompt.
* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
2014-08-20 Werner Koch <wk@gnupg.org>
gpg: Fix "can't handle public key algorithm" warning.
* g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign
capabilities.
2014-08-19 Werner Koch <wk@gnupg.org>
speedo: Get version numbers from online database.
* build-aux/getswdb.sh: New.
* build-aux/speedo.mk: Get release version numbers from swdb.lst.
build: Create VERSION file via autoconf.
* Makefile.am (dist-hook): Remove creation of VERSION.
(EXTRA_DIST): Add VERSION.
* configure.ac: Let autoconf create VERSION.
2014-08-18 Werner Koch <wk@gnupg.org>
gpg: Install the current release signing pubkey.
* g10/distsigkey.gpg: New.
agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
* agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
* agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
kbx: Make user id and signature data optional for OpenPGP.
* kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction.
gpg: Change default cipher for --symmetric from CAST5 to AES-128.
* g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
depending on configure option.
* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
yat2m: Support @set and @value.
* doc/yat2m.c (variablelist): New.
(set_variable): New.
(macro_set_p): Also check the variables.
(proc_texi_cmd): Support the @value command.
(parse_file): Support the @set command.
(top_parse_file): Release variablelist.
yat2m: Support the $* command for man page rendering.
2014-08-17 Werner Koch <wk@gnupg.org>
estream: Change license from GPL to LPGL.
* common/estream-printf.c, common/estream-printf.h: Change license.
* common/estream.c, common/estream.h: Ditto.
2014-08-14 Werner Koch <wk@gnupg.org>
Release 2.1.0-beta783.
......
This diff is collapsed.
......@@ -23,11 +23,27 @@ DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-gpgtar
GITLOG_TO_CHANGELOG=gitlog-to-changelog
EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc
EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \
ChangeLog-2011 po/ChangeLog-2011 build-aux/ChangeLog-2011 \
build-aux/gitlog-to-changelog \
VERSION README.GIT build-aux/gitlog-to-changelog \
build-aux/git-log-fix build-aux/git-log-footer \
build-aux/speedo.mk README.GIT
build-aux/getswdb.sh \
build-aux/speedo.mk \
build-aux/speedo/zlib.pc \
build-aux/speedo/w32 \
build-aux/speedo/w32/inst-options.ini \
build-aux/speedo/w32/inst.nsi \
build-aux/speedo/w32/pkg-copyright.txt \
build-aux/speedo/w32/g4wihelp.c \
build-aux/speedo/w32/pango.modules \
build-aux/speedo/w32/gdk-pixbuf-loaders.cache \
build-aux/speedo/w32/exdll.h \
build-aux/speedo/w32/README.txt \
build-aux/speedo/patches \
build-aux/speedo/patches/atk-1.32.0.patch \
build-aux/speedo/patches/libiconv-1.14.patch \
build-aux/speedo/patches/pango-1.29.4.patch
DISTCLEANFILES = g10defs.h
......@@ -93,7 +109,6 @@ dist_doc_DATA = README
dist-hook: gen-ChangeLog
echo "$(VERSION)" > $(distdir)/VERSION
if HAVE_W32_SYSTEM
install-data-hook:
......
......@@ -87,20 +87,19 @@ am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
$(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
$(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
$(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gpg-error.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/isc-posix.m4 \
$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
$(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
$(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/socklen.m4 \
$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/m4/tar-ustar.m4 \
$(top_srcdir)/m4/xsize.m4 $(top_srcdir)/acinclude.m4 \
$(top_srcdir)/configure.ac
$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/longdouble.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
......@@ -409,7 +408,27 @@ top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4 -I gl/m4
DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-gpgtar
GITLOG_TO_CHANGELOG = gitlog-to-changelog
EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc
EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \
ChangeLog-2011 po/ChangeLog-2011 build-aux/ChangeLog-2011 \
VERSION README.GIT build-aux/gitlog-to-changelog \
build-aux/git-log-fix build-aux/git-log-footer \
build-aux/getswdb.sh \
build-aux/speedo.mk \
build-aux/speedo/zlib.pc \
build-aux/speedo/w32 \
build-aux/speedo/w32/inst-options.ini \
build-aux/speedo/w32/inst.nsi \
build-aux/speedo/w32/pkg-copyright.txt \
build-aux/speedo/w32/g4wihelp.c \
build-aux/speedo/w32/pango.modules \
build-aux/speedo/w32/gdk-pixbuf-loaders.cache \
build-aux/speedo/w32/exdll.h \
build-aux/speedo/w32/README.txt \
build-aux/speedo/patches \
build-aux/speedo/patches/atk-1.32.0.patch \
build-aux/speedo/patches/libiconv-1.14.patch \
build-aux/speedo/patches/pango-1.29.4.patch
DISTCLEANFILES = g10defs.h
@BUILD_GPGSM_FALSE@kbx =
@BUILD_GPGSM_TRUE@kbx = kbx
......@@ -967,13 +986,8 @@ uninstall-am: uninstall-dist_docDATA
pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
uninstall-dist_docDATA
ChangeLog-2011 po/ChangeLog-2011 build-aux/ChangeLog-2011 \
build-aux/gitlog-to-changelog \
build-aux/git-log-fix build-aux/git-log-footer \
build-aux/speedo.mk README.GIT
dist-hook: gen-ChangeLog
echo "$(VERSION)" > $(distdir)/VERSION
@HAVE_W32_SYSTEM_TRUE@install-data-hook:
@HAVE_W32_SYSTEM_TRUE@ set -e; \
......
Noteworthy changes in version 2.1.0-beta834 (2014-09-18)
--------------------------------------------------------
* gpg: Improved passphrase caching.
* gpg: Switched to algorithm number 22 for EdDSA.
* gpg: Removed CAST5 from the default preferences.
* gpg: Order SHA-1 last in the hash preferences.
* gpg: Changed default cipher for --symmetric to AES-128.
* gpg: Fixed export of ECC keys and import of EdDSA keys.
* dirmngr: Fixed the KS_FETCH command.
* speedo: Downloads related packages and works for non-Windows.
Noteworthy changes in version 2.1.0-beta783 (2014-08-14)
--------------------------------------------------------
......@@ -5,7 +25,7 @@ Noteworthy changes in version 2.1.0-beta783 (2014-08-14)
* gpg: Make --quick-sign-key promote local key signatures.
* gpg: Add "show-usage" sub-option to --list-options.
* gpg: Added "show-usage" sub-option to --list-options.
* gpg: Screen keyserver responses to avoid importing unwanted keys
from rogue servers.
......
......@@ -85,6 +85,15 @@ You may run
to view the default directories used by GnuPG.
To quickly build all required software without installing it, the
Speedo method may be used:
make -f build-aux/speedo.mk native
This method downloads all required libraries and does a native build
of GnuPG to PLAY/inst/. GNU make is required and you need to set
LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib.
MIGRATION FROM 1.4 or 2.0 to 2.1
================================
......
If you are building from GIT, run the script
./autogen.sh
first, to make sure that you have all the necessary maintainer tools
are installed and to build the actual configuration files. If you
have just checked out from GIT, you should add the option "--force" to
autogen.sh so that meta data is noticed by autom4te.cache. Then run
./configure --enable-maintainer-mode
followed by the usual make.
If autogen.sh complains about insufficient versions of the required
tools, or the tools are not installed, you may use environment
variables to override the default tool names:
AUTOMAKE_SUFFIX is used as a suffix for all tools from the automake
package. For example
AUTOMAKE_SUFFIX="-1.7" ./autogen.sh
uses "automake-1.7" and "aclocal-1.7.
AUTOMAKE_PREFIX is used as a prefix for all tools from the automake
page and may be combined with AUTOMAKE_SUFFIX. e.g.:
AUTOMAKE_PREFIX=/usr/foo/bin ./autogen.sh
uses "automake" and "aclocal" in the /usr/foo/bin
directory.
AUTOCONF_SUFFIX is used as a suffix for all tools from the automake
package
AUTOCONF_PREFIX is used as a prefix for all tools from the automake
package
GETTEXT_SUFFIX is used as a suffix for all tools from the gettext
package
GETTEXT_PREFIX is used as a prefix for all tools from the gettext
package
It is also possible to use the variable name AUTOMAKE, AUTOCONF,
ACLOCAL, AUTOHEADER, GETTEXT and MSGMERGE to directly specify the name
of the programs to run. It is however better to use the suffix and
prefix forms as described above because that does not require
knowledge about the actual tools used by autogen.sh.
Please don't use autopoint, libtoolize or autoreconf unless you are
the current maintainer and want to update the standard configuration
files. All those files should be in GIT and only updated manually
if the maintainer decides that newer versions are required. The
maintainer should also make sure that the required version of automake
et al. are properly indicated at the top of configure.ac and take care
to copy the files and not merely use symlinks.
2.1.0-beta783
2.1.0-beta834
......@@ -1433,7 +1433,6 @@ m4_include([gl/m4/strpbrk.m4])
m4_include([gl/m4/unistd_h.m4])
m4_include([m4/autobuild.m4])
m4_include([m4/codeset.m4])
m4_include([m4/estream.m4])
m4_include([m4/gettext.m4])
m4_include([m4/gpg-error.m4])
m4_include([m4/iconv.m4])
......
......@@ -122,20 +122,19 @@ am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
$(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
$(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
$(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gpg-error.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/isc-posix.m4 \
$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
$(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
$(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/socklen.m4 \
$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/m4/tar-ustar.m4 \
$(top_srcdir)/m4/xsize.m4 $(top_srcdir)/acinclude.m4 \
$(top_srcdir)/configure.ac
$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/longdouble.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
......
......@@ -364,6 +364,7 @@ void agent_flush_cache (void);
int agent_put_cache (const char *key, cache_mode_t cache_mode,
const char *data, int ttl);
char *agent_get_cache (const char *key, cache_mode_t cache_mode);
void agent_store_cache_hit (const char *key);
/*-- pksign.c --*/
......
......@@ -65,6 +65,9 @@ struct cache_item_s {
/* The cache himself. */
static ITEM thecache;
/* NULL or the last cache key stored by agent_store_cache_hit. */
static char *last_stored_cache_key;
/* This function must be called once to initialize this module. It
has to be done before a second thread is spawned. */
......@@ -388,12 +391,24 @@ agent_get_cache (const char *key, cache_mode_t cache_mode)
ITEM r;
char *value = NULL;
int res;
int last_stored = 0;
if (cache_mode == CACHE_MODE_IGNORE)
return NULL;
if (!key)
{
key = last_stored_cache_key;
if (!key)
return NULL;
last_stored = 1;
}
if (DBG_CACHE)
log_debug ("agent_get_cache '%s' (mode %d) ...\n", key, cache_mode);
log_debug ("agent_get_cache '%s' (mode %d)%s ...\n",
key, cache_mode,
last_stored? " (stored cache key)":"");
housekeeping ();
for (r=thecache; r; r = r->next)
......@@ -404,6 +419,7 @@ agent_get_cache (const char *key, cache_mode_t cache_mode)
|| r->cache_mode == cache_mode)
&& !strcmp (r->key, key))
{
/* Note: To avoid races KEY may not be accessed anymore below. */
r->accessed = gnupg_get_time ();
if (DBG_CACHE)
log_debug ("... hit\n");
......@@ -442,3 +458,14 @@ agent_get_cache (const char *key, cache_mode_t cache_mode)
return NULL;
}
/* Store the key for the last successful cache hit. That value is
used by agent_get_cache if the requested KEY is given as NULL.
NULL may be used to remove that key. */
void
agent_store_cache_hit (const char *key)
{
xfree (last_stored_cache_key);
last_stored_cache_key = key? xtrystrdup (key) : NULL;
}
......@@ -107,8 +107,8 @@ initialize_module_call_pinentry (void)
void
agent_query_dump_state (void)
{
log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld popup_tid=%lx\n",
entry_ctx, (long)assuan_get_pid (entry_ctx), popup_tid);
log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld popup_tid=%p\n",
entry_ctx, (long)assuan_get_pid (entry_ctx), (void*)popup_tid);
}
/* Called to make sure that a popup window owned by the current
......
......@@ -1665,14 +1665,12 @@ ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec,
if (err)
goto out;
gcry_log_debug (" out: len=%zu\n", totallen);
err = stream_write_uint32 (stream, totallen);
if (err)
goto out;
for (i = 0; i < DIM(data); i++)
{
gcry_log_debughex (" out", data[i], data_n[i]);
err = stream_write_data (stream, data[i], data_n[i]);
if (err)
goto out;
......
......@@ -81,9 +81,16 @@ get_keygrip (int pubkey_algo, const char *curve, gcry_mpi_t *pkey,
break;
case GCRY_PK_ECC:
err = gcry_sexp_build (&s_pkey, NULL,
"(public-key(ecc(curve %s)(q%m)))",
curve, pkey[0]);
if (!curve)
err = gpg_error (GPG_ERR_BAD_SECKEY);
else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
err = gcry_sexp_build (&s_pkey, NULL,
"(public-key(ecc(curve %s)(flags eddsa)(q%m)))",
"Ed25519", pkey[0]);
else
err = gcry_sexp_build (&s_pkey, NULL,
"(public-key(ecc(curve %s)(q%m)))",
curve, pkey[0]);
break;
default:
......@@ -139,6 +146,15 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
case GCRY_PK_ECC:
if (!curve)
err = gpg_error (GPG_ERR_BAD_SECKEY);
else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
{
/* Do not store the OID as name but the real name and the
EdDSA flag. */
err = gcry_sexp_build (&s_skey, NULL,
"(private-key(ecc(curve%s)(flags eddsa)"
"(q%m)(d%m)))",
"Ed25519", skey[0], skey[1]);
}
else
err = gcry_sexp_build (&s_skey, NULL,
"(private-key(ecc(curve%s)(q%m)(d%m)))",
......@@ -198,11 +214,24 @@ convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
break;
case GCRY_PK_ECC:
err = gcry_sexp_build
(&s_skey, NULL,
"(protected-private-key(ecc(curve%s)(q%m)"
"(protected openpgp-native%S)))",
curve, skey[0], transfer_key);
if (!curve)
err = gpg_error (GPG_ERR_BAD_SECKEY);
else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
{
/* Do not store the OID as name but the real name and the
EdDSA flag. */
err = gcry_sexp_build
(&s_skey, NULL,
"(protected-private-key(ecc(curve%s)(flags eddsa)(q%m)"
"(protected openpgp-native%S)))",
"Ed25519", skey[0], transfer_key);
}
else
err = gcry_sexp_build
(&s_skey, NULL,
"(protected-private-key(ecc(curve%s)(q%m)"
"(protected openpgp-native%S)))",
curve, skey[0], transfer_key);
break;
default:
......@@ -373,7 +402,7 @@ do_unprotect (const char *passphrase,
if (!skey[i] || gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_USER1))
return gpg_error (GPG_ERR_BAD_SECKEY);
if (gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_USER1))
if (gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_OPAQUE))
{
unsigned int nbits;
const unsigned char *buffer;
......@@ -1064,15 +1093,36 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey,
ndata = 20; /* Space for the SHA-1 checksum. */
for (i = npkey, j = 0; i < nskey; i++, j++ )
{
err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]);
if (err)
if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE))
{
err = gpg_error_from_syserror ();
for (i = 0; i < j; i++)
xfree (bufarr[i]);
return err;
const void *s;
unsigned int n;
s = gcry_mpi_get_opaque (array[i], &n);
nbits[j] = n;
n = (n+7)/8;
narr[j] = n;
bufarr[j] = gcry_is_secure (s)? xtrymalloc_secure (n):xtrymalloc (n);
if (!bufarr[j])
{
err = gpg_error_from_syserror ();
for (i = 0; i < j; i++)
xfree (bufarr[i]);
return err;
}
memcpy (bufarr[j], s, n);
}
else
{
err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]);
if (err)
{
for (i = 0; i < j; i++)
xfree (bufarr[i]);
return err;
}
nbits[j] = gcry_mpi_get_nbits (array[i]);
}
nbits[j] = gcry_mpi_get_nbits (array[i]);
ndata += 2 + narr[j];
}
......@@ -1218,8 +1268,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
assert (iob.len < sizeof iobbuf -1);
iobbuf[iob.len] = 0;
err = gcry_sexp_build (&curve, NULL, "(curve %s)", iobbuf);
gcry_log_debugsxp ("at 1", curve);
}