From cvs at cvs.gnupg.org Wed Oct 1 18:17:39 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 01 Oct 2008 18:17:39 +0200 Subject: [svn] GnuPG - r4844 - in trunk: doc tools Message-ID: Author: wk Date: 2008-10-01 18:17:39 +0200 (Wed, 01 Oct 2008) New Revision: 4844 Modified: trunk/doc/ChangeLog trunk/doc/tools.texi trunk/tools/ChangeLog trunk/tools/gpg-connect-agent.c Log: Add /daatfile command to gpg-connect-agent. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2008-09-30 18:24:10 UTC (rev 4843) +++ trunk/doc/ChangeLog 2008-10-01 16:17:39 UTC (rev 4844) @@ -1,3 +1,7 @@ +2008-10-01 Werner Koch + + * tools.texi (Controlling gpg-connect-agent): Describe /datafile. + 2008-09-23 David Shaw * gpg.texi (OpenPGP Key Management): Clarify setpref a bit. Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2008-09-30 18:24:10 UTC (rev 4843) +++ trunk/tools/ChangeLog 2008-10-01 16:17:39 UTC (rev 4844) @@ -1,3 +1,8 @@ +2008-10-01 Werner Koch + + * gpg-connect-agent.c (main): New command datafile. + (read_and_print_response): Print to the defined datafile. + 2008-09-30 Werner Koch * gpgconf.c (main) : Print the bindir. Modified: trunk/doc/tools.texi =================================================================== --- trunk/doc/tools.texi 2008-09-30 18:24:10 UTC (rev 4843) +++ trunk/doc/tools.texi 2008-10-01 16:17:39 UTC (rev 4844) @@ -1280,6 +1280,14 @@ Run @var{prog} for inquiries matching @var{name} and pass the entire line to it as command line arguments. + at item /datafile @var{name} +Write all data lines from the server to the file @var{name}. The file +is opened for writing and created if it does not exists. An existsing +file is first truncated to 0. The data written to the file fully +decoded. Using a singel dash for @var{name} writes to stdout. The +file is kept open until a new file is set using this command or this +command is used without an argument. + @item /showdef Print all definitions Modified: trunk/tools/gpg-connect-agent.c =================================================================== --- trunk/tools/gpg-connect-agent.c 2008-09-30 18:24:10 UTC (rev 4843) +++ trunk/tools/gpg-connect-agent.c 2008-10-01 16:17:39 UTC (rev 4844) @@ -137,6 +137,8 @@ /* This is used to store the pid of the server. */ static pid_t server_pid = (pid_t)(-1); +/* The current datasink file or NULL. */ +static FILE *current_datasink; /* A list of open file descriptors. */ static struct @@ -1442,6 +1444,29 @@ else add_definq (p, 0, 1); } + else if (!strcmp (cmd, "datafile")) + { + const char *fname; + + if (current_datasink) + { + if (current_datasink != stdout) + fclose (current_datasink); + current_datasink = NULL; + } + tmpline = opt.enable_varsubst? substitute_line (p) : NULL; + fname = tmpline? tmpline : p; + if (fname && !strcmp (fname, "-")) + current_datasink = stdout; + else if (fname && *fname) + { + current_datasink = fopen (fname, "wb"); + if (!current_datasink) + log_error ("can't open `%s': %s\n", + fname, strerror (errno)); + } + xfree (tmpline); + } else if (!strcmp (cmd, "showdef")) { show_definq (); @@ -1669,6 +1694,7 @@ "/definq NAME VAR Use content of VAR for inquiries with NAME.\n" "/definqfile NAME FILE Use content of FILE for inquiries with NAME.\n" "/definqprog NAME PGM Run PGM for inquiries with NAME.\n" +"/datafile [NAME] Write all D line content to file NAME.\n" "/showdef Print all definitions.\n" "/cleardef Delete all definitions.\n" "/sendfd FILE MODE Open FILE and pass descriptor to server.\n" @@ -1679,7 +1705,7 @@ "/serverpid Retrieve the pid of the server.\n" "/[no]hex Enable hex dumping of received data lines.\n" "/[no]decode Enable decoding of received data lines.\n" -"/[no]subst Enable varibale substitution.\n" +"/[no]subst Enable variable substitution.\n" "/run FILE Run commands from FILE.\n" "/if VAR Begin conditional block controlled by VAR.\n" "/while VAR Begin loop controlled by VAR.\n" @@ -1872,8 +1898,26 @@ if (linelen >= 1 && line[0] == 'D' && line[1] == ' ') { - if (opt.hex) + if (current_datasink) { + const unsigned char *s; + int c = 0; + + for (j=2, s=(unsigned char*)line+2; j < linelen; j++, s++ ) + { + if (*s == '%' && j+2 < linelen) + { + s++; j++; + c = xtoi_2 ( s ); + s++; j++; + } + else + c = *s; + putc (c, current_datasink); + } + } + else if (opt.hex) + { for (i=2; i < linelen; ) { int save_i = i; @@ -1940,7 +1984,8 @@ { if (need_lf) { - putchar ('\n'); + if (!current_datasink || current_datasink != stdout) + putchar ('\n'); need_lf = 0; } @@ -1948,15 +1993,21 @@ && line[0] == 'S' && (line[1] == '\0' || line[1] == ' ')) { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); + if (!current_datasink || current_datasink != stdout) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + } } else if (linelen >= 2 && line[0] == 'O' && line[1] == 'K' && (line[2] == '\0' || line[2] == ' ')) { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); + if (!current_datasink || current_datasink != stdout) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + } set_int_var ("?", 0); return 0; } @@ -1970,8 +2021,11 @@ if (!errval) errval = -1; set_int_var ("?", errval); - fwrite (line, linelen, 1, stdout); - putchar ('\n'); + if (!current_datasink || current_datasink != stdout) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + } *r_goterr = 1; return 0; } @@ -1981,8 +2035,11 @@ && line[6] == 'E' && (line[7] == '\0' || line[7] == ' ')) { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); + if (!current_datasink || current_datasink != stdout) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + } if (!handle_inquire (ctx, line)) assuan_write_line (ctx, "CANCEL"); } @@ -1990,8 +2047,11 @@ && line[0] == 'E' && line[1] == 'N' && line[2] == 'D' && (line[3] == '\0' || line[3] == ' ')) { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); + if (!current_datasink || current_datasink != stdout) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + } /* Received from server, thus more responses are expected. */ } else From cvs at cvs.gnupg.org Thu Oct 2 20:53:32 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 02 Oct 2008 20:53:32 +0200 Subject: [svn] gcry - r1346 - in trunk: . cipher doc src tests Message-ID: Author: wk Date: 2008-10-02 20:53:31 +0200 (Thu, 02 Oct 2008) New Revision: 1346 Added: trunk/tests/cavs_tests.sh trunk/tests/fipsdrv.c Modified: trunk/AUTHORS trunk/NEWS trunk/cipher/rsa.c trunk/configure.ac trunk/doc/ChangeLog trunk/doc/announce.txt trunk/doc/fips-fsm.fig trunk/doc/gcrypt.texi trunk/src/ChangeLog trunk/src/cipher-proto.h trunk/src/cipher.h trunk/src/dumpsexp.c trunk/src/fips.c trunk/src/gcrypt-module.h trunk/src/gcrypt.h.in trunk/src/module.c trunk/tests/ChangeLog trunk/tests/Makefile.am trunk/tests/benchmark.c trunk/tests/cavs_driver.pl trunk/tests/fipsrngdrv.c Log: Add CAVS test. Various minor fixes. Sigbus fixes for AES. [The diff below has been truncated] Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/doc/ChangeLog 2008-10-02 18:53:31 UTC (rev 1346) @@ -1,5 +1,10 @@ 2008-09-18 Werner Koch + * gcrypt.texi (FIPS Mode): Add state transition Error to Error. + * fips-fsm.fig: Ditto. + +2008-09-18 Werner Koch + * gcrypt.texi: Add a couple of index items. (FIPS Mode): Reflect recent changes. (Controlling the library): Describe gcry_fips_mode_active. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/src/ChangeLog 2008-10-02 18:53:31 UTC (rev 1346) @@ -1,5 +1,22 @@ +2008-09-29 Werner Koch + + * gcrypt-module.h (GCRY_MODULE_ID_USER, GCRY_MODULE_ID_USER_LAST): + New. + * module.c (MODULE_ID_USER, MODULE_ID_USER_LAST): Define using new + macros. + +2008-09-20 Werner Koch + + * hmac256.c (finalize) [WORDS_BIGENDIAN]: Fix sigbus problem. + 2008-09-18 Werner Koch + * cipher-proto.h (pk_ext_generate_t): Add args QBITS, NAME, DOMAIN. + + * fips.c (fips_new_state): Allow Error => Error transition. + +2008-09-18 Werner Koch + * gcrypt.h.in (gcry_fips_mode_active): New. * secmem.c (_gcry_secmem_init): Factor most code out to .. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/tests/ChangeLog 2008-10-02 18:53:31 UTC (rev 1346) @@ -1,5 +1,27 @@ +2008-10-02 Werner Koch + + * fipsdrv.c (print_buffer): Add base64 printing code. + (base64_decode, read_key_file,parse_tag): New. + (run_rsa_gen, run_rsa_sign): New. + (main): Add mode rsa-gen and rsa-sign. + +2008-09-29 Werner Koch + + * fipsdrv.c: Merge code from fipsrngdrv.c + * fipsrngdrv.c: Remove. + +2008-09-26 Werner Koch + + * Makefile.am: Distribute cavs_driver.pl. + * cavs_tests.sh: New. + * fipsdrv.c: New. + 2008-09-18 Werner Koch + * benchmark.c (main): Do not disable secure memory in FIPS mode. + +2008-09-18 Werner Koch + * basic.c (main): Do not disable secure memory in FIPS mode. 2008-09-16 Werner Koch @@ -604,7 +626,7 @@ * tsexp.c: New. - Copyright 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright 2001, 2002, 2003, 2008 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/AUTHORS =================================================================== --- trunk/AUTHORS 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/AUTHORS 2008-10-02 18:53:31 UTC (rev 1346) @@ -110,7 +110,12 @@ The implementation of the Camellia cipher has been been taken from the original NTT provided GPL source. +The CAVS testing program tests/cavs_driver.pl is not to be considered +a part of libgcrypt proper. We distribute it merely for convenience. +It has a permissive license and is copyright by atsec information +security corporation. See the file for details. + Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2006, 2007, 2008 Free Software Foundation, Inc. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/NEWS 2008-10-02 18:53:31 UTC (rev 1346) @@ -1,3 +1,10 @@ +Noteworthy changes in version 1.4.4 +------------------------------------------------ + + * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants. + This functionality is in Libgcrypt since 1.3.0. + + Noteworthy changes in version 1.4.3 (2008-09-18) ------------------------------------------------ Modified: trunk/cipher/rsa.c =================================================================== --- trunk/cipher/rsa.c 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/cipher/rsa.c 2008-10-02 18:53:31 UTC (rev 1346) @@ -175,7 +175,8 @@ * USE_E = 0 let Libcgrypt decide what exponent to use. * = 1 request the use of a "secure" exponent; this is required by some * specification to be 65537. - * > 2 Try starting at this value until a working exponent is found. + * > 2 Use this public exponent. If the given exponent + * is not odd one is internally added to it. * TRANSIENT_KEY: If true, generate the primes using the standard RNG. * Returns: 2 structures filled with all needed values */ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/configure.ac 2008-10-02 18:53:31 UTC (rev 1346) @@ -26,8 +26,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.4.3]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.4.4]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) Modified: trunk/doc/announce.txt =================================================================== --- trunk/doc/announce.txt 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/doc/announce.txt 2008-10-02 18:53:31 UTC (rev 1346) @@ -39,22 +39,26 @@ listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signatures is: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2 (k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2 (1062k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz (k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz (1325k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz.sig Alternativley you may upgrade version 1.4.2 using this patch file: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2-1.4.3.diff.bz2 (k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2-1.4.3.diff.bz2 (42k) The SHA-1 checksums are: +bdc67c1fdcec464a94dca691615f2335a12db5ce libgcrypt-1.4.3.tar.bz2 +3d9d583501ce951596fa7dd3667afd357ac7d056 libgcrypt-1.4.3.tar.gz +e28b74c5824364e20ae7f147f1b89925f5426669 libgcrypt-1.4.2-1.4.3.diff.bz2 + For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. Modified: trunk/doc/fips-fsm.fig =================================================================== --- trunk/doc/fips-fsm.fig 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/doc/fips-fsm.fig 2008-10-02 18:53:31 UTC (rev 1346) @@ -24,8 +24,10 @@ 1 1 2.00 120.00 240.00 5 1 0 2 0 7 50 -1 -1 0.000 1 1 1 0 3026.138 8399.825 4185 8370 3870 7605 2925 7245 1 1 2.00 120.00 240.00 -5 1 0 2 0 7 50 -1 -1 0.000 1 1 1 0 7708.125 -2028.750 2925 5175 4815 6120 6795 6570 +5 1 0 2 0 7 50 -1 -1 0.000 1 1 1 0 7663.125 -2028.750 2880 5175 4770 6120 6750 6570 1 1 2.00 120.00 240.00 +5 1 0 2 0 7 50 -1 -1 0.000 1 1 1 0 7717.500 7211.250 7155 7470 7740 7830 8280 7470 + 1 1 2.00 120.00 240.00 6 3096 1593 3380 1877 1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 3238 1735 142 142 3238 1735 3103 1690 4 0 0 50 -1 13 12 0.0000 4 105 105 3157 1805 1\001 @@ -134,14 +136,18 @@ 1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 4192 6338 142 142 4192 6338 4057 6293 4 0 0 50 -1 13 12 0.0000 4 105 210 4066 6399 17\001 -6 -6 3188 5033 3486 5331 -1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 3337 5182 142 142 3337 5182 3202 5137 -4 0 0 50 -1 13 12 0.0000 4 105 210 3211 5243 18\001 --6 6 3053 4358 3351 4656 1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 3202 4507 142 142 3202 4507 3067 4462 4 0 0 50 -1 13 12 0.0000 4 105 210 3076 4568 19\001 -6 +6 3032 5012 3330 5310 +1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 3181 5161 142 142 3181 5161 3046 5116 +4 0 0 50 -1 13 12 0.0000 4 105 210 3055 5222 18\001 +-6 +6 7560 7847 7858 8145 +1 3 0 1 0 7 50 -1 -1 0.000 1 0.0000 7709 7996 142 142 7709 7996 7574 7951 +4 0 0 50 -1 13 12 0.0000 4 105 210 7612 8047 20\001 +-6 2 1 0 2 0 7 50 -1 -1 0.000 0 1 -1 1 0 2 1 1 2.00 120.00 240.00 3420 1395 3420 2295 Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/doc/gcrypt.texi 2008-10-02 18:53:31 UTC (rev 1346) @@ -2612,7 +2612,7 @@ @c end gcry_pk_ctl @noindent -Libgcrypt also provides a function for generating public key +Libgcrypt also provides a function to generate public key pairs: @deftypefun gcry_error_t gcry_pk_genkey (@w{gcry_sexp_t *@var{r_key}}, @w{gcry_sexp_t @var{parms}}) @@ -2624,12 +2624,12 @@ success or an error code otherwise. @noindent -Here is an example for @var{parms} for creating a 1024 bit RSA key: +Here is an example for @var{parms} to create an 2048 bit RSA key: @example (genkey (rsa - (nbits 4:1024))) + (nbits 4:2048))) @end example @noindent @@ -2660,10 +2660,12 @@ @item 0 Use a secure and fast value. This is currently the number 41. @item 1 -Use a secure value as required by some specification. This is currently +Use a value as required by some crypto policies. This is currently the number 65537. @item 2 Reserved + at item > 2 +Use the given value. @end table @noindent @@ -2696,7 +2698,27 @@ random number generator. This flag may be used for keys which are only used for a short time and do not require full cryptographic strength. + at item domain +This is only meaningful for DLP algorithms. If specified keys are +generated with domain parameters taken from this list. The exact +format of this parameter depends on the actual algorithm. It is +currently only implemented for DSA using this format: + at example +(genkey + (dsa + (domain + (p @var{p-mpi}) + (q @var{q-mpi}) + (g @var{q-mpi}) + (seed @var{seed-mpi}) + (counter @var{counter-mpi}) + (h @var{h-mpi})))) + at end example + +The @code{seed}, @code{counter} and @code{h} domain parameters are +optional and currently not used. + @end table @c end table of parameters @@ -5652,6 +5674,11 @@ Init to Fatal-Error is triggered by non-recoverable errors in the initialization code. + at item 20 +Error to Error is triggered by errors while already in the Error +state. + + @end table @end float Modified: trunk/src/cipher-proto.h =================================================================== --- trunk/src/cipher-proto.h 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/src/cipher-proto.h 2008-10-02 18:53:31 UTC (rev 1346) @@ -43,7 +43,10 @@ typedef gcry_err_code_t (*pk_ext_generate_t) (int algo, unsigned int nbits, + unsigned int qbits, unsigned long use_e, + const char *name, + gcry_sexp_t domain, unsigned int keygen_flags, gcry_mpi_t *skey, gcry_mpi_t **retfactors); Modified: trunk/src/cipher.h =================================================================== --- trunk/src/cipher.h 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/src/cipher.h 2008-10-02 18:53:31 UTC (rev 1346) @@ -56,11 +56,6 @@ /*-- dsa.c --*/ void _gcry_register_pk_dsa_progress (gcry_handler_progress_t cbc, void *cb_data); -gcry_err_code_t _gcry_dsa_generate2 (int algo, unsigned int nbits, - unsigned int qbits, - unsigned long dummy, - gcry_mpi_t *skey, - gcry_mpi_t **retfactors); /*-- elgamal.c --*/ void _gcry_register_pk_elg_progress (gcry_handler_progress_t cb, Modified: trunk/src/dumpsexp.c =================================================================== --- trunk/src/dumpsexp.c 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/src/dumpsexp.c 2008-10-02 18:53:31 UTC (rev 1346) @@ -263,11 +263,13 @@ static void printchr (int c) { + (void)c; } static void printhex (int c) { + (void)c; } Modified: trunk/src/fips.c =================================================================== --- trunk/src/fips.c 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/src/fips.c 2008-10-02 18:53:31 UTC (rev 1346) @@ -730,6 +730,7 @@ case STATE_ERROR: if (new_state == STATE_SHUTDOWN + || new_state == STATE_ERROR || new_state == STATE_FATALERROR || new_state == STATE_SELFTEST) ok = 1; Modified: trunk/src/gcrypt-module.h =================================================================== --- trunk/src/gcrypt-module.h 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/src/gcrypt-module.h 2008-10-02 18:53:31 UTC (rev 1346) @@ -32,6 +32,13 @@ #endif #endif +/* The interfaces using the module system reserve a certain range of + IDs for application use. These IDs are not valid within Libgcrypt + but Libgcrypt makes sure never to allocate such a module ID. */ +#define GCRY_MODULE_ID_USER 1024 +#define GCRY_MODULE_ID_USER_LAST 4095 + + /* This type represents a `module'. */ typedef struct gcry_module *gcry_module_t; Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/src/gcrypt.h.in 2008-10-02 18:53:31 UTC (rev 1346) @@ -479,7 +479,7 @@ size_t gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer, size_t maxlength); -/* Dumps the S-expression object A in a aformat suitable for debugging +/* Dumps the S-expression object A in a format suitable for debugging to Libgcrypt's logging stream. */ void gcry_sexp_dump (const gcry_sexp_t a); @@ -1165,7 +1165,7 @@ size_t *nbytes); /* Map the digest algorithm id ALGO to a string representation of the - algorithm name. For unknown algorithms this functions returns + algorithm name. For unknown algorithms this function returns "?". */ const char *gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE; Modified: trunk/src/module.c =================================================================== --- trunk/src/module.c 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/src/module.c 2008-10-02 18:53:31 UTC (rev 1346) @@ -25,8 +25,8 @@ numbers. */ #define MODULE_ID_MIN 600 #define MODULE_ID_LAST 65500 -#define MODULE_ID_USER 1024 -#define MODULE_ID_USER_LAST 4095 +#define MODULE_ID_USER GCRY_MODULE_ID_USER +#define MODULE_ID_USER_LAST GCRY_MODULE_ID_USER_LAST #if MODULE_ID_MIN >= MODULE_ID_USER #error Need to implement a different search strategy Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/tests/Makefile.am 2008-10-02 18:53:31 UTC (rev 1346) @@ -39,10 +39,6 @@ LDADD = ../src/libgcrypt.la $(DL_LIBS) EXTRA_PROGRAMS = testapi pkbench -noinst_PROGRAMS = $(TESTS) fipsrngdrv +noinst_PROGRAMS = $(TESTS) fipsdrv -EXTRA_DIST = README rsa-16k.key - -# Note: There is a file cavs-driver.pl in the SVN but we do not -# distribute it because we have no configure tests for Perl and thus -# we can expect that people get it from the SVN instead. +EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl Modified: trunk/tests/benchmark.c =================================================================== --- trunk/tests/benchmark.c 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/tests/benchmark.c 2008-10-02 18:53:31 UTC (rev 1346) @@ -1054,8 +1054,10 @@ fprintf (stderr, PGM ": version mismatch\n"); exit (1); } - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + if (!gcry_fips_mode_active ()) + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + if (use_random_daemon) gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1); Modified: trunk/tests/cavs_driver.pl =================================================================== --- trunk/tests/cavs_driver.pl 2008-09-30 17:58:22 UTC (rev 1345) +++ trunk/tests/cavs_driver.pl 2008-10-02 18:53:31 UTC (rev 1346) @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# $Id: cavs_driver.pl 1236 2008-09-17 13:00:06Z smueller $ +# Id: cavs_driver.pl 1236 2008-09-17 13:00:06Z smueller # # CAVS test driver (based on the OpenSSL driver) # Written by: Stephan M?ller @@ -282,12 +282,87 @@ ########################################################### ###### libgcrypt implementation ########################################################### +sub libgcrypt_encdec($$$$$) { + my $key=shift; + my $iv=shift; + my $cipher=shift; + my $enc = (shift) ? "encrypt" : "decrypt"; + my $data=shift; + + my $program="fipsdrv --no-fips --key $key --iv $iv --algo $cipher $enc"; + + return pipe_through_program($data,$program); +} + + +sub libgcrypt_rsa_sign($$$) { + my $data = shift; + my $hashalgo = shift; + my $keyfile = shift; + + die "ARCFOUR not available for RSA" if $opt{'R'}; + return pipe_through_program($data, + "fipsdrv --verbose --algo $hashalgo --key $keyfile rsa-sign"); +} + + +sub libgcrypt_rsa_verify($$$$) { + my $data = shift; + my $cipher = shift; + my $keyfile = shift; + my $sigfile = shift; + + $data = hex2bin($data); + die "ARCFOUR not available for RSA" if $opt{'R'}; + $data = pipe_through_program($data, + "fipsdrv --key $keyfile rsa-verify"); + + # Parse through the OpenSSL output information + return ($data =~ /OK/); +} + + +sub libgcrypt_gen_rsakey($$) { + my $keylen = shift; + my $file = shift; + + die "ARCFOUR not available for RSA" if $opt{'R'}; + my @args = ("fipsdrv --keysize $keylen rsa-gen > $file"); + system(@args) == 0 + or die "system @args failed: $?"; + die "system @args failed: file $file not created" if (! -f $file); +} + + +sub libgcrypt_hash($$) { + my $pt = shift; + my $hashalgo = shift; + + my $program = "fipsdrv --no-fips --algo $hashalgo digest"; + die "ARCFOUR not available for hashes" if $opt{'R'}; + + return pipe_through_program($pt, $program); +} + + +sub libgcrypt_state_cipher($$$$$) { + my $cipher = shift; + my $enc = (shift) ? "encrypt": "decrypt"; + my $bufsize = shift; + my $key = shift; + my $iv = shift; + + my $program="fipsdrv --no-fips --binary --key ".bin2hex($key)." --iv ".bin2hex($iv)." --algo '$cipher' --chunk '$bufsize' $enc"; + return $program; +} + + sub libgcrypt_state_rng($$$) { my $key = shift; my $dt = shift; my $v = shift; - return "fipsrngdrv --binary --loop $key $v $dt"; + return "fipsdrv --binary --progress --loop --key $key --iv $v --dt $dt random"; } sub libgcrypt_hmac($$$$) { @@ -296,8 +371,8 @@ my $msg = shift; my $hashtype = shift; - die "libgcrypt HMAC test not yet implemented: key $key, maclen $maclen, msg $msg, hashtype $hashtype"; - + my $program = "fipsdrv --no-fips --key $key --algo $hashtype hmac-sha"; + return pipe_through_program($msg, $program); } ######### End of libgcrypt implementation ################ @@ -941,12 +1016,12 @@ $old_calc_data = $calc_data; # $calc_data = AES($key, $calc_data); - #print STDERR "source_data=", bin2hex($source_data), "\n"; + #print STDERR "source_data=", bin2hex($source_data), "\n"; syswrite $CI, $source_data or die; my $len = sysread $CO, $calc_data, $bufsize; - #print STDERR "len=$len, bufsize=$bufsize\n"; + #print STDERR "len=$len, bufsize=$bufsize\n"; die if $len ne $bufsize; - #print STDERR "calc_data=", bin2hex($calc_data), "\n"; + #print STDERR "calc_data=", bin2hex($calc_data), "\n"; if ( (!$enc && $ciph =~ /des/) || $ciph =~ /rc4/ ) { @@ -1158,10 +1233,12 @@ sub usage() { print STDERR "Usage: -$0 [-R] +$0 [-R] [-I name] --R execution of ARCFOUR instead of OpenSSL"; - +-R execution of ARCFOUR instead of OpenSSL +-I NAME Use interface style NAME: + openssl OpenSSL (default) + libgcrypt Libgcrypt"; } # Parser of CAVS test vector file @@ -1548,22 +1625,32 @@ usage() unless @ARGV; - getopts("R", \%opt) or die "bad option"; + getopts("RI:", \%opt) or die "bad option"; ##### Set library - #print STDERR "Using OpenSSL interface functions\n"; - #$encdec = \&openssl_encdec; - #$rsa_sign = \&openssl_rsa_sign; - #$rsa_verify = \&openssl_rsa_verify; - #$gen_rsakey = \&openssl_gen_rsakey; - #$hash = \&openssl_hash; - #$state_cipher = \&openssl_state_cipher; + if ( ! defined $opt{'I'} || $opt{'I'} eq 'openssl' ) { + print STDERR "Using OpenSSL interface functions\n"; + $encdec = \&openssl_encdec; + $rsa_sign = \&openssl_rsa_sign; + $rsa_verify = \&openssl_rsa_verify; + $gen_rsakey = \&openssl_gen_rsakey; + $hash = \&openssl_hash; + $state_cipher = \&openssl_state_cipher; + } elsif ( $opt{'I'} eq 'libgcrypt' ) { + print STDERR "Using libgcrypt interface functions\n"; + $encdec = \&libgcrypt_encdec; + $rsa_sign = \&libgcrypt_rsa_sign; + $rsa_verify = \&libgcrypt_rsa_verify; + $gen_rsakey = \&libgcrypt_gen_rsakey; + $hash = \&libgcrypt_hash; + $state_cipher = \&libgcrypt_state_cipher; + $state_rng = \&libgcrypt_state_rng; + $hmac = \&libgcrypt_hmac; + } else { + die "Invalid interface option given"; + } - print STDERR "Using libgcrypt interface functions\n"; - $state_rng = \&libgcrypt_state_rng; - $hmac = \&libgcrypt_hmac; - my $infile=$ARGV[0]; die "Error: Test vector file $infile not found" if (! -f $infile); Property changes on: trunk/tests/cavs_driver.pl ___________________________________________________________________ Name: svn:executable + * Added: trunk/tests/cavs_tests.sh =================================================================== --- trunk/tests/cavs_tests.sh (rev 0) +++ trunk/tests/cavs_tests.sh 2008-10-02 18:53:31 UTC (rev 1346) @@ -0,0 +1,125 @@ +#!/bin/sh +# Run FIPS CAVS tests +# Copyright 2008 Free Software Foundation, Inc. +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Instructions: +# +# 1. Cd to the libgcrypt/tests directory +# +# 2. Unpack the test vector tarball into subdirectory named "cavs". +# An example directory layout after unpacking might be: +# libgcrypt/tests/cavs/AES/req/CBCGFSbox128.req +# libgcrypt/tests/cavs/AES/req/CFB128MCT128.req +# +# Note that below the "cavs" directory there should only be one +# directory part named "req". Further avoid directory part +# names "resp". +# +# 3. Run this script from the libgcrypt/tests directory: +# ./cavs_tests.sh +# +# 4. Send the result file cavs/CAVS_results-*.zip to the testing lab. +# + +# Stop script if something unexpected happens. +set -e + +# A global flag to keep track of errors. +errors_seen_file="$(pwd)/.#cavs_test.errors_seen.tmp" +[ -f "$errors_seen_file" ] && rm "$errors_seen_file" +continue_mode=no +[ "$1" = "--continue" ] && continue_mode=yes + + +# Function to run one test. +# The argument is the request file name. +function run_one_test () { + local reqfile="$1" + local rspfile + local tmprspfile + local respdir + + tmprspfile=$(echo "$reqfile" | sed 's,.req$,.rsp,') + rspfile=$(echo "$tmprspfile" | sed 's,/req/,/resp/,' ) + respdir=$(dirname "$rspfile") + [ -f "$tmprspfile" ] && rm "$tmprspfile" + [ -d "$respdir" ] || mkdir "$respdir" + [ -f "$rspfile" ] && rm "$rspfile" + + if ./cavs_driver.pl -I libgcrypt "$reqfile"; then + echo "failed test: $reqfile" >&2 + : >"$errors_seen_file" + elif [ -f "$tmprspfile" ]; then + mv "$tmprspfile" "$rspfile" + else + echo "failed test: $reqfile" >&2 + : >"$errors_seen_file" + fi +} + + + +# Save date and system architecure to construct the output archive name +DATE=$(date +%Y%m%d) +ARCH=$(arch || echo unknown) +result_file="CAVS_results-$ARCH-$DATE.zip" + +for f in fipsdrv fipsrngdrv cavs_driver.pl; do + if [ ! -f "./$f" ]; then + echo "required program \"$f\" missing in current directory" >&2 + exit 2 + fi +done +if [ ! -d cavs ]; then + echo "required directory \"cavs\" missing below current directory" >&2 + exit 2 +fi +if [ ! zip -h >/dev/null 2>&1 ]; then + echo "required program \"zip\" is not installed on this system" >&2 + exit 2 +fi + +# Set the PATH to this directory so that the perl script is able to +# find the test drivers. +PATH=.:$PATH + +# Check whether there are any stale response files +find cavs -type f -name "*.rsp" | ( while read f ; do + echo "Stale response file: $f" >&2 + any=yes +done +if [ "$any" = "yes" ]; then + echo "Stale response files found" >&2 + if [ "$continue_mode" != "yes" ]; then + echo "use option --continue if that is not a problem" >&2 + exit 1 + fi +fi +) || exit 1 + + +# Find all test files and run the tests. +find cavs -type f -name "*.req" | while read f ; do + echo "Running test file $f" >&2 + run_one_test "$f" +done + +if [ -f "$errors_seen_file" ]; then + rm "$errors_seen_file" + echo "Error enountered - not packing up response file" >&2 + exit 1 +fi + +echo "Packing up all response files" >&2 +cd cavs +find . -type f -name "*rsp" -print | zip -@ "$result_file" + +echo "Result file is: cavs/$result_file" >&2 Property changes on: trunk/tests/cavs_tests.sh ___________________________________________________________________ Name: svn:executable + * Added: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c (rev 0) +++ trunk/tests/fipsdrv.c 2008-10-02 18:53:31 UTC (rev 1346) @@ -0,0 +1,1458 @@ +/* fipsdrv.c - A driver to help with FIPS CAVS tests. + Copyright (C) 2008 Free Software Foundation, Inc. + + This file is part of Libgcrypt. + + Libgcrypt is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + Libgcrypt is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include +#include +#ifndef HAVE_W32_SYSTEM +# include +#endif +#include +#include + +#include + +#define PGM "fipsdrv" + +#define my_isascii(c) (!((c) & 0x80)) +#define digitp(p) (*(p) >= '0' && *(p) <= '9') +#define hexdigitp(a) (digitp (a) \ + || (*(a) >= 'A' && *(a) <= 'F') \ + || (*(a) >= 'a' && *(a) <= 'f')) +#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ + *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) +#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) +#define DIM(v) (sizeof(v)/sizeof((v)[0])) +#define DIMof(type,member) DIM(((type *)0)->member) + + +/* Verbose mode flag. */ +static int verbose; + +/* Binary input flag. */ +static int binary_input; + +/* Binary output flag. */ +static int binary_output; + +/* Base64 output flag. */ +static int base64_output; + +/* We need to know whetehr we are in loop_mode. */ +static int loop_mode; + +/* ASN.1 classes. */ +enum +{ + UNIVERSAL = 0, + APPLICATION = 1, + ASNCONTEXT = 2, + PRIVATE = 3 +}; + + +/* ASN.1 tags. */ +enum +{ + TAG_NONE = 0, + TAG_BOOLEAN = 1, + TAG_INTEGER = 2, + TAG_BIT_STRING = 3, + TAG_OCTET_STRING = 4, + TAG_NULL = 5, + TAG_OBJECT_ID = 6, + TAG_OBJECT_DESCRIPTOR = 7, + TAG_EXTERNAL = 8, + TAG_REAL = 9, + TAG_ENUMERATED = 10, + TAG_EMBEDDED_PDV = 11, + TAG_UTF8_STRING = 12, + TAG_REALTIVE_OID = 13, + TAG_SEQUENCE = 16, + TAG_SET = 17, + TAG_NUMERIC_STRING = 18, + TAG_PRINTABLE_STRING = 19, + TAG_TELETEX_STRING = 20, + TAG_VIDEOTEX_STRING = 21, + TAG_IA5_STRING = 22, + TAG_UTC_TIME = 23, + TAG_GENERALIZED_TIME = 24, + TAG_GRAPHIC_STRING = 25, + TAG_VISIBLE_STRING = 26, + TAG_GENERAL_STRING = 27, + TAG_UNIVERSAL_STRING = 28, + TAG_CHARACTER_STRING = 29, + TAG_BMP_STRING = 30 +}; + +/* ASN.1 Parser object. */ +struct tag_info +{ + int class; /* Object class. */ + unsigned long tag; /* The tag of the object. */ + unsigned long length; /* Length of the values. */ + int nhdr; /* Length of the header (TL). */ + unsigned int ndef:1; /* The object has an indefinite length. */ + unsigned int cons:1; /* This is a constructed object. */ +}; + + + +/* Print a error message and exit the process with an error code. */ +static void +die (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + fputs (PGM ": ", stderr); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + exit (1); +} + + +static void +showhex (const char *prefix, const void *buffer, size_t length) +{ + const unsigned char *p = buffer; + + if (prefix) + fprintf (stderr, PGM ": %s: ", prefix); + while (length-- ) + fprintf (stderr, "%02X", *p++); + if (prefix) + putc ('\n', stderr); +} + + +/* Convert STRING consisting of hex characters into its binary + representation and store that at BUFFER. BUFFER needs to be of + LENGTH bytes. The function checks that the STRING will convert + exactly to LENGTH bytes. The string is delimited by either end of + string or a white space character. The function returns -1 on + error or the length of the parsed string. */ +static int +hex2bin (const char *string, void *buffer, size_t length) +{ + int i; + const char *s = string; + + for (i=0; i < length; ) + { + if (!hexdigitp (s) || !hexdigitp (s+1)) + return -1; /* Invalid hex digits. */ + ((unsigned char*)buffer)[i++] = xtoi_2 (s); + s += 2; + } + if (*s && (!my_isascii (*s) || !isspace (*s)) ) + return -1; /* Not followed by Nul or white space. */ + if (i != length) + return -1; /* Not of expected length. */ + if (*s) + s++; /* Skip the delimiter. */ + return s - string; +} + + +/* Convert STRING consisting of hex characters into its binary + representation and return it as an allocated buffer. The valid + length of the buffer is returned at R_LENGTH. The string is + delimited by end of string. The function returns NULL on + error. */ +static void * +hex2buffer (const char *string, size_t *r_length) +{ + const char *s; + unsigned char *buffer; + size_t length; + + buffer = gcry_xmalloc (strlen(string)/2+1); + length = 0; + for (s=string; *s; s +=2 ) + { + if (!hexdigitp (s) || !hexdigitp (s+1)) + return NULL; /* Invalid hex digits. */ + ((unsigned char*)buffer)[length++] = xtoi_2 (s); + } + *r_length = length; + return buffer; +} + +/* Read a file from stream FP into a newly allocated buffer and return + that buffer. The valid length of the buffer is stored at R_LENGTH. + Returns NULL on failure. If decode is set, the file is assumed to + be hex encoded and the decoded content is returned. */ +static void * +read_file (FILE *fp, int decode, size_t *r_length) +{ + char *buffer; + size_t buflen; + size_t nread, bufsize = 0; + + *r_length = 0; +#define NCHUNK 8192 +#ifdef HAVE_DOSISH_SYSTEM + setmode (fileno(fp), O_BINARY); +#endif + buffer = NULL; + buflen = 0; + do + { + bufsize += NCHUNK; + if (!buffer) + buffer = gcry_xmalloc (bufsize); + else + buffer = gcry_xrealloc (buffer, bufsize); + + nread = fread (buffer + buflen, 1, NCHUNK, fp); + if (nread < NCHUNK && ferror (fp)) + { + gcry_free (buffer); + return NULL; + } + buflen += nread; + } + while (nread == NCHUNK); +#undef NCHUNK + if (decode) + { + const char *s; + char *p; + + for (s=buffer,p=buffer,nread=0; nread+1 < buflen; s += 2, nread +=2 ) + { + if (!hexdigitp (s) || !hexdigitp (s+1)) + { + gcry_free (buffer); + return NULL; /* Invalid hex digits. */ + } + *(unsigned char*)p++ = xtoi_2 (s); + } + if (nread != buflen) + { + gcry_free (buffer); + return NULL; /* Odd number of hex digits. */ + } + buflen = p - buffer; + } + + *r_length = buflen; + return buffer; +} + +/* Do in-place decoding of base-64 data of LENGTH in BUFFER. Returns + the new length of the buffer. Dies on error. */ +static size_t +base64_decode (char *buffer, size_t length) +{ + static unsigned char const asctobin[128] = + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, + 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, + 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff + }; + + int idx = 0; + unsigned char val = 0; + int c = 0; + char *d, *s; + int lfseen = 1; + + /* Find BEGIN line. */ + for (s=buffer; length; length--, s++) + { + if (lfseen && *s == '-' && length > 11 && !memcmp (s, "-----BEGIN ", 11)) + { + for (; length && *s != '\n'; length--, s++) + ; + break; + } + lfseen = (*s == '\n'); + } + + /* Decode until pad character or END line. */ + for (d=buffer; length; length--, s++) + { + if (lfseen && *s == '-' && length > 9 && !memcmp (s, "-----END ", 9)) + break; + if ((lfseen = (*s == '\n')) || *s == ' ' || *s == '\r' || *s == '\t') + continue; + if (*s == '=') + { + /* Pad character: stop */ + if (idx == 1) + *d++ = val; + break; + } + + if ( (*s & 0x80) || (c = asctobin[*(unsigned char *)s]) == 0xff) + die ("invalid base64 character %02X at pos %d detected\n", + *(unsigned char*)s, (int)(s-buffer)); + + switch (idx) + { + case 0: + val = c << 2; + break; + case 1: + val |= (c>>4)&3; + *d++ = val; + val = (c<<4)&0xf0; + break; + case 2: + val |= (c>>2)&15; + *d++ = val; + val = (c<<6)&0xc0; + break; + case 3: + val |= c&0x3f; + *d++ = val; + break; + } + idx = (idx+1) % 4; + } + + return d - buffer; +} + + +/* Parse the buffer at the address BUFFER which consists of the number + of octets as stored at BUFLEN. Return the tag and the length part + from the TLV triplet. Update BUFFER and BUFLEN on success. Checks + that the encoded length does not exhaust the length of the provided + buffer. */ +static int +parse_tag (unsigned char const **buffer, size_t *buflen, struct tag_info *ti) +{ + int c; + unsigned long tag; + const unsigned char *buf = *buffer; + size_t length = *buflen; + + ti->length = 0; + ti->ndef = 0; + ti->nhdr = 0; + + /* Get the tag */ + if (!length) + return -1; /* Premature EOF. */ + c = *buf++; length--; + ti->nhdr++; + + ti->class = (c & 0xc0) >> 6; + ti->cons = !!(c & 0x20); + tag = (c & 0x1f); + + if (tag == 0x1f) + { + tag = 0; + do + { + tag <<= 7; + if (!length) + return -1; /* Premature EOF. */ + c = *buf++; length--; + ti->nhdr++; + tag |= (c & 0x7f); + } + while ( (c & 0x80) ); + } + ti->tag = tag; + + /* Get the length */ + if (!length) + return -1; /* Premature EOF. */ + c = *buf++; length--; + ti->nhdr++; + + if ( !(c & 0x80) ) + ti->length = c; + else if (c == 0x80) + ti->ndef = 1; + else if (c == 0xff) + return -1; /* Forbidden length value. */ + else + { + unsigned long len = 0; + int count = c & 0x7f; + + for (; count; count--) + { + len <<= 8; + if (!length) + return -1; /* Premature EOF. */ + c = *buf++; length--; + ti->nhdr++; + len |= (c & 0xff); + } + ti->length = len; + } + + if (ti->class == UNIVERSAL && !ti->tag) + ti->length = 0; + + if (ti->length > length) + return -1; /* Data larger than buffer. */ + + *buffer = buf; + *buflen = length; + return 0; +} + + +/* Read the file FNAME assuming it is a PEM encoded private key file + and return an S-expression. With SHOW set, the key parameters are + printed. */ +static gcry_sexp_t +read_key_file (const char *fname, int show) +{ + gcry_error_t err; + FILE *fp; + char *buffer; + size_t buflen; + const unsigned char *der; + size_t derlen; + struct tag_info ti; + gcry_mpi_t keyparms[8]; + int idx; + gcry_sexp_t s_key; + + fp = fopen (fname, binary_input?"rb":"r"); + if (!fp) + die ("can't open `%s': %s\n", fname, strerror (errno)); + buffer = read_file (fp, 0, &buflen); + if (!buffer) + die ("error reading `%s'\n", fname); + fclose (fp); + + buflen = base64_decode (buffer, buflen); + + /* Parse the ASN.1 structure. */ + der = (const unsigned char*)buffer; + derlen = buflen; + if ( parse_tag (&der, &derlen, &ti) + || ti.tag != TAG_SEQUENCE || ti.class || !ti.cons || ti.ndef) + goto bad_asn1; + if ( parse_tag (&der, &derlen, &ti) + || ti.tag != TAG_INTEGER || ti.class || ti.cons || ti.ndef) + goto bad_asn1; + if (ti.length != 1 || *der) + goto bad_asn1; /* The value of the first integer is no 0. */ + der += ti.length; derlen += ti.length; + + for (idx=0; idx < DIM(keyparms); idx++) + { + if ( parse_tag (&der, &derlen, &ti) + || ti.tag != TAG_INTEGER || ti.class || ti.cons || ti.ndef) + goto bad_asn1; + if (show) + { + char prefix[2]; + + prefix[0] = idx < 8? "nedpq12u"[idx] : '?'; + prefix[1] = 0; + showhex (prefix, der, ti.length); + } + err = gcry_mpi_scan (keyparms+idx, GCRYMPI_FMT_USG, der, ti.length,NULL); + if (err) + die ("error scanning RSA parameter %d: %s\n", idx, gpg_strerror (err)); + der += ti.length; derlen += ti.length; + } + if (idx != DIM(keyparms)) + die ("not enough RSA key parameters\n"); + + gcry_free (buffer); + + /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* First check that p < q; if not swap p and q and recompute u. */ + if (gcry_mpi_cmp (keyparms[3], keyparms[4]) > 0) + { + gcry_mpi_swap (keyparms[3], keyparms[4]); + gcry_mpi_invm (keyparms[7], keyparms[3], keyparms[4]); + } + + /* Build the S-expression. */ + err = gcry_sexp_build (&s_key, NULL, + "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", + keyparms[0], keyparms[1], keyparms[2], + keyparms[3], keyparms[4], keyparms[7] ); + if (err) + die ("error building S-expression: %s\n", gpg_strerror (err)); + + for (idx=0; idx < DIM(keyparms); idx++) + gcry_mpi_release (keyparms[idx]); + + return s_key; + + bad_asn1: + die ("invalid ASN.1 structure in `%s'\n", fname); + return NULL; /*NOTREACHED*/ +} + + +static void +print_buffer (const void *buffer, size_t length) +{ + int writerr = 0; + + if (base64_output) + { + static const unsigned char bintoasc[64+1] = + ("ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789+/"); + const unsigned char *p; + unsigned char inbuf[4]; + char outbuf[4]; + int idx, quads; + + idx = quads = 0; + for (p = buffer; length; p++, length--) + { + inbuf[idx++] = *p; + if (idx > 2) + { + outbuf[0] = bintoasc[(*inbuf>>2)&077]; + outbuf[1] = bintoasc[(((*inbuf<<4)&060) + |((inbuf[1] >> 4)&017))&077]; + outbuf[2] = bintoasc[(((inbuf[1]<<2)&074) + |((inbuf[2]>>6)&03))&077]; + outbuf[3] = bintoasc[inbuf[2]&077]; + if (fwrite (outbuf, 4, 1, stdout) != 1) + writerr = 1; + idx = 0; + if (++quads >= (64/4)) + { + if (fwrite ("\n", 1, 1, stdout) != 1) + writerr = 1; + quads = 0; + } + } + } + if (idx) + { + outbuf[0] = bintoasc[(*inbuf>>2)&077]; + if (idx == 1) + { + outbuf[1] = bintoasc[((*inbuf<<4)&060)&077]; + outbuf[2] = outbuf[3] = '='; + } + else + { + outbuf[1] = bintoasc[(((*inbuf<<4)&060) + |((inbuf[1]>>4)&017))&077]; + outbuf[2] = bintoasc[((inbuf[1]<<2)&074)&077]; + outbuf[3] = '='; + } + if (fwrite (outbuf, 4, 1, stdout) != 1) + writerr = 1; + quads++; + } + if (quads && fwrite ("\n", 1, 1, stdout) != 1) + writerr = 1; + } + else if (binary_output) + { + if (fwrite (buffer, length, 1, stdout) != 1) + writerr++; + } + else + { + const unsigned char *p = buffer; + + while (length-- && !ferror (stdout) ) + printf ("%02X", *p++); + if (ferror (stdout)) + writerr++; + } + if (!writerr && fflush (stdout) == EOF) + writerr++; + if (writerr) + { +#ifndef HAVE_W32_SYSTEM + if (loop_mode && errno == EPIPE) + loop_mode = 0; + else +#endif + die ("writing output failed: %s\n", strerror (errno)); + } +} + + + +static gcry_error_t +init_external_rng_test (void **r_context, + unsigned int flags, + const void *key, size_t keylen, + const void *seed, size_t seedlen, + const void *dt, size_t dtlen) +{ + return gcry_control (58, + r_context, flags, + key, keylen, + seed, seedlen, + dt, dtlen); +} + +static gcry_error_t +run_external_rng_test (void *context, void *buffer, size_t buflen) +{ + return gcry_control (59, context, buffer, buflen); +} + +static void +deinit_external_rng_test (void *context) +{ + gcry_control (60, context); +} + + +/* Given an OpenSSL cipher name NAME, return the Libgcrypt algirithm + identified and store the libgcrypt mode at R_MODE. Returns 0 on + error. */ +static int +map_openssl_cipher_name (const char *name, int *r_mode) +{ + static struct { + const char *name; + int algo; + int mode; + } table[] = + { + { "bf-cbc", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC }, + { "bf", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC }, + { "bf-cfb", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB }, + { "bf-ecb", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB }, + { "bf-ofb", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB }, + + { "cast-cbc", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC }, + { "cast", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC }, + { "cast5-cbc", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC }, + { "cast5-cfb", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CFB }, + { "cast5-ecb", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_ECB }, + { "cast5-ofb", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_OFB }, + + { "des-cbc", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC }, + { "des", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC }, + { "des-cfb", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CFB }, + { "des-ofb", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_OFB }, + { "des-ecb", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB }, + + { "des-ede3-cbc", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC }, + { "des-ede3 ", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB }, + { "des3 ", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC }, + { "des-ede3-cfb", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CFB }, + { "des-ede3-ofb", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_OFB }, + + { "rc4", GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM }, + + { "aes-128-cbc", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC }, + { "aes-128", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC }, + { "aes-128-cfb", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CFB }, + { "aes-128-ecb", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_ECB }, + { "aes-128-ofb", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_OFB }, + + { "aes-192-cbc", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC }, + { "aes-192", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC }, + { "aes-192-cfb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB }, + { "aes-192-ecb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB }, + { "aes-192-ofb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB }, + + { "aes-256-cbc", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC }, + { "aes-256", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC }, + { "aes-256-cfb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB }, + { "aes-256-ecb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB }, + { "aes-256-ofb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB }, + + { NULL, 0 , 0 } + }; + int idx; + + for (idx=0; table[idx].name; idx++) + if (!strcmp (name, table[idx].name)) + { + *r_mode = table[idx].mode; + return table[idx].algo; + } + *r_mode = 0; + return 0; +} + + + +/* Run an encrypt or decryption operations. If DATA is NULL the + function reads its input in chunks of size DATALEN from fp and + processes it and writes it out until EOF. */ +static void +run_encrypt_decrypt (int encrypt_mode, + int cipher_algo, int cipher_mode, + const void *iv_buffer, size_t iv_buflen, + const void *key_buffer, size_t key_buflen, + const void *data, size_t datalen, FILE *fp) +{ + gpg_error_t err; + gcry_cipher_hd_t hd; + void *outbuf; + size_t outbuflen; + void *inbuf; + size_t inbuflen; + + err = gcry_cipher_open (&hd, cipher_algo, cipher_mode, 0); + if (err) + die ("gcry_cipher_open failed for algo %d, mode %d: %s\n", + cipher_algo, cipher_mode, gpg_strerror (err)); + + err = gcry_cipher_setkey (hd, key_buffer, key_buflen); + if (err) + die ("gcry_cipher_setkey failed with keylen %u: %s\n", + (unsigned int)key_buflen, gpg_strerror (err)); + + err = gcry_cipher_setiv (hd, iv_buffer, iv_buflen); + if (err) + die ("gcry_cipher_setiv failed with ivlen %u: %s\n", + (unsigned int)iv_buflen, gpg_strerror (err)); + + inbuf = data? NULL : gcry_xmalloc (datalen); + outbuflen = datalen; + outbuf = gcry_xmalloc (outbuflen); + + do + { + if (inbuf) + { + int nread = fread (inbuf, 1, datalen, fp); + if (nread < (int)datalen && ferror (fp)) + die ("error reading input\n"); + data = inbuf; + inbuflen = nread; + } + else + inbuflen = datalen; + + if (encrypt_mode) + err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, inbuflen); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, data, inbuflen); + if (err) + die ("gcry_cipher_%scrypt failed: %s\n", + encrypt_mode? "en":"de", gpg_strerror (err)); + print_buffer (outbuf, outbuflen); + } + while (inbuf); + + gcry_cipher_close (hd); + gcry_free (outbuf); + gcry_free (inbuf); +} + + + +/* Run a digest operation. */ From cvs at cvs.gnupg.org Thu Oct 2 21:30:08 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 02 Oct 2008 21:30:08 +0200 Subject: [svn] gcry - r1347 - trunk/tests Message-ID: Author: wk Date: 2008-10-02 21:30:08 +0200 (Thu, 02 Oct 2008) New Revision: 1347 Modified: trunk/tests/ChangeLog trunk/tests/cavs_driver.pl trunk/tests/fipsdrv.c Log: Add rsa verify function. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-02 18:53:31 UTC (rev 1346) +++ trunk/tests/ChangeLog 2008-10-02 19:30:08 UTC (rev 1347) @@ -1,9 +1,9 @@ 2008-10-02 Werner Koch * fipsdrv.c (print_buffer): Add base64 printing code. - (base64_decode, read_key_file,parse_tag): New. + (base64_decode, read_key_file, parse_tag, read_sig_file): New. (run_rsa_gen, run_rsa_sign): New. - (main): Add mode rsa-gen and rsa-sign. + (main): Add modes rsa-gen, rsa-sign and rsa-verify. 2008-09-29 Werner Koch Modified: trunk/tests/cavs_driver.pl =================================================================== --- trunk/tests/cavs_driver.pl 2008-10-02 18:53:31 UTC (rev 1346) +++ trunk/tests/cavs_driver.pl 2008-10-02 19:30:08 UTC (rev 1347) @@ -315,10 +315,10 @@ $data = hex2bin($data); die "ARCFOUR not available for RSA" if $opt{'R'}; $data = pipe_through_program($data, - "fipsdrv --key $keyfile rsa-verify"); + "fipsdrv --verbose --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify"); - # Parse through the OpenSSL output information - return ($data =~ /OK/); + # Parse through the output information + return ($data =~ /GOOD signature/); } Modified: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c 2008-10-02 18:53:31 UTC (rev 1346) +++ trunk/tests/fipsdrv.c 2008-10-02 19:30:08 UTC (rev 1347) @@ -431,11 +431,11 @@ } -/* Read the file FNAME assuming it is a PEM encoded private key file - and return an S-expression. With SHOW set, the key parameters are - printed. */ +/* Read the file FNAME assuming it is a PEM encoded private or public + key file and return an S-expression. With SHOW set, the key + parameters are printed. */ static gcry_sexp_t -read_key_file (const char *fname, int show) +read_key_file (const char *fname, int private, int show) { gcry_error_t err; FILE *fp; @@ -445,6 +445,7 @@ size_t derlen; struct tag_info ti; gcry_mpi_t keyparms[8]; + int n_keyparms = private? 8 : 2; int idx; gcry_sexp_t s_key; @@ -471,7 +472,7 @@ goto bad_asn1; /* The value of the first integer is no 0. */ der += ti.length; derlen += ti.length; - for (idx=0; idx < DIM(keyparms); idx++) + for (idx=0; idx < n_keyparms; idx++) { if ( parse_tag (&der, &derlen, &ti) || ti.tag != TAG_INTEGER || ti.class || ti.cons || ti.ndef) @@ -489,28 +490,39 @@ die ("error scanning RSA parameter %d: %s\n", idx, gpg_strerror (err)); der += ti.length; derlen += ti.length; } - if (idx != DIM(keyparms)) + if (idx != n_keyparms) die ("not enough RSA key parameters\n"); gcry_free (buffer); - /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ - /* First check that p < q; if not swap p and q and recompute u. */ - if (gcry_mpi_cmp (keyparms[3], keyparms[4]) > 0) + if (private) { - gcry_mpi_swap (keyparms[3], keyparms[4]); - gcry_mpi_invm (keyparms[7], keyparms[3], keyparms[4]); + /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* First check that p < q; if not swap p and q and recompute u. */ + if (gcry_mpi_cmp (keyparms[3], keyparms[4]) > 0) + { + gcry_mpi_swap (keyparms[3], keyparms[4]); + gcry_mpi_invm (keyparms[7], keyparms[3], keyparms[4]); + } + + /* Build the S-expression. */ + err = gcry_sexp_build (&s_key, NULL, + "(private-key(rsa(n%m)(e%m)" + /**/ "(d%m)(p%m)(q%m)(u%m)))", + keyparms[0], keyparms[1], keyparms[2], + keyparms[3], keyparms[4], keyparms[7] ); } + else + { + err = gcry_sexp_build (&s_key, NULL, + "(public-key(rsa(n%m)(e%m)))", + keyparms[0], keyparms[1]); - /* Build the S-expression. */ - err = gcry_sexp_build (&s_key, NULL, - "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", - keyparms[0], keyparms[1], keyparms[2], - keyparms[3], keyparms[4], keyparms[7] ); + } if (err) die ("error building S-expression: %s\n", gpg_strerror (err)); - - for (idx=0; idx < DIM(keyparms); idx++) + + for (idx=0; idx < n_keyparms; idx++) gcry_mpi_release (keyparms[idx]); return s_key; @@ -521,6 +533,39 @@ } +/* Read the file FNAME assuming it is a binary signature result and + return an an S-expression suitable for gcry_pk_verify. */ +static gcry_sexp_t +read_sig_file (const char *fname) +{ + gcry_error_t err; + FILE *fp; + char *buffer; + size_t buflen; + gcry_mpi_t tmpmpi; + gcry_sexp_t s_sig; + + fp = fopen (fname, "rb"); + if (!fp) + die ("can't open `%s': %s\n", fname, strerror (errno)); + buffer = read_file (fp, 0, &buflen); + if (!buffer) + die ("error reading `%s'\n", fname); + fclose (fp); + + err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, buffer, buflen, NULL); + if (!err) + err = gcry_sexp_build (&s_sig, NULL, + "(sig-val(rsa(s %m)))", tmpmpi); + if (err) + die ("error building S-expression: %s\n", gpg_strerror (err)); + gcry_mpi_release (tmpmpi); + gcry_free (buffer); + + return s_sig; +} + + static void print_buffer (const void *buffer, size_t length) { @@ -1038,12 +1083,12 @@ die ("gcry_sexp_build failed for RSA data input: %s\n", gpg_strerror (err)); - s_key = read_key_file (keyfile, 0); + s_key = read_key_file (keyfile, 1, 0); err = gcry_pk_sign (&s_sig, s_data, s_key); if (err) { - gcry_sexp_release (read_key_file (keyfile, 1)); + gcry_sexp_release (read_key_file (keyfile, 1, 1)); die ("gcry_pk_signed failed (datalen=%d,keyfile=%s): %s\n", (int)datalen, keyfile, gpg_strerror (err)); } @@ -1083,7 +1128,57 @@ } + +/* Verify DATA of length DATALEN using the public key taken from the + PEM encoded KEYFILE and the hash algorithm HASHALGO against the + binary signature in SIGFILE. */ +static void +run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1, + const char *keyfile, const char *sigfile) +{ + gpg_error_t err; + gcry_sexp_t s_data, s_key, s_sig; + + if (pkcs1) + err = gcry_sexp_build (&s_data, NULL, + "(data (flags pkcs1)(hash %s %b))", + gcry_md_algo_name (hashalgo), (int)datalen, data); + else + { + gcry_mpi_t tmp; + + err = gcry_mpi_scan (&tmp, GCRYMPI_FMT_USG, data, datalen,NULL); + if (!err) + { + err = gcry_sexp_build (&s_data, NULL, + "(data (flags raw)(value %m))", tmp); + gcry_mpi_release (tmp); + } + } + if (err) + die ("gcry_sexp_build failed for RSA data input: %s\n", + gpg_strerror (err)); + + s_key = read_key_file (keyfile, 0, 0); + + s_sig = read_sig_file (sigfile); + + err = gcry_pk_verify (s_sig, s_data, s_key); + if (!err) + puts ("GOOD signature\n"); + else if (gpg_err_code (err) == GPG_ERR_BAD_SIGNATURE) + puts ("BAD signature\n"); + else + printf ("ERROR (%s)\n", gpg_strerror (err)); + + gcry_sexp_release (s_sig); + gcry_sexp_release (s_key); + gcry_sexp_release (s_data); +} + + + static void usage (int show_help) @@ -1100,19 +1195,20 @@ "MODE:\n" " encrypt, decrypt, digest, random, hmac-sha, rsa-{gen,sign,verify}\n" "OPTIONS:\n" - " --verbose print additional information\n" - " --binary input and output is in binary form\n" - " --no-fips do not force FIPS mode\n" - " --key KEY use the hex encoded KEY\n" - " --iv IV use the hex encoded IV\n" - " --dt DT use the hex encoded DT for the RNG\n" - " --algo NAME use algorithm NAME\n" - " --keysize N use a keysize of N bits\n" - " --chunk N read in chunks of N bytes (implies --binary)\n" - " --pkcs1 use PKCS#1 encoding\n" - " --loop enable random loop mode\n" - " --progress print pogress indicators\n" - " --help print this text\n" + " --verbose print additional information\n" + " --binary input and output is in binary form\n" + " --no-fips do not force FIPS mode\n" + " --key KEY use the hex encoded KEY\n" + " --iv IV use the hex encoded IV\n" + " --dt DT use the hex encoded DT for the RNG\n" + " --algo NAME use algorithm NAME\n" + " --keysize N use a keysize of N bits\n" + " --signature NAME take signature from file NAME\n" + " --chunk N read in chunks of N bytes (implies --binary)\n" + " --pkcs1 use PKCS#1 encoding\n" + " --loop enable random loop mode\n" + " --progress print pogress indicators\n" + " --help print this text\n" "With no FILE, or when FILE is -, read standard input.\n" "Report bugs to " PACKAGE_BUGREPORT ".\n" , stdout); exit (0); @@ -1132,6 +1228,7 @@ const char *dt_string = NULL; const char *algo_string = NULL; const char *keysize_string = NULL; + const char *signature_string = NULL; FILE *input; void *data; size_t datalen; @@ -1223,6 +1320,14 @@ keysize_string = *argv; argc--; argv++; } + else if (!strcmp (*argv, "--signature")) + { + argc--; argv++; + if (!argc) + usage (0); + signature_string = *argv; + argc--; argv++; + } else if (!strcmp (*argv, "--chunk")) { argc--; argv++; @@ -1438,6 +1543,27 @@ } else if (!strcmp (mode_string, "rsa-verify")) { + int algo; + + if (!key_string) + die ("option --key is required in this mode\n"); + if (access (key_string, R_OK)) + die ("option --key needs to specify an existing keyfile\n"); + if (!algo_string) + die ("option --algo is required in this mode\n"); + algo = gcry_md_map_name (algo_string); + if (!algo) + die ("digest algorithm `%s' is not supported\n", algo_string); + if (!data) + die ("no data available (do not use --chunk)\n"); + if (!signature_string) + die ("option --signature is required in this mode\n"); + if (access (signature_string, R_OK)) + die ("option --signature needs to specify an existing file\n"); + + run_rsa_verify (data, datalen, algo, use_pkcs1, key_string, + signature_string); + } else usage (0); From cvs at cvs.gnupg.org Fri Oct 3 21:54:31 2008 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Fri, 03 Oct 2008 21:54:31 +0200 Subject: [svn] GnuPG - r4845 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2008-10-03 21:54:30 +0200 (Fri, 03 Oct 2008) New Revision: 4845 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/keyedit.c branches/STABLE-BRANCH-1-4/g10/keylist.c branches/STABLE-BRANCH-1-4/g10/main.h branches/STABLE-BRANCH-1-4/g10/mainproc.c branches/STABLE-BRANCH-1-4/g10/misc.c branches/STABLE-BRANCH-1-4/g10/photoid.c branches/STABLE-BRANCH-1-4/g10/photoid.h branches/STABLE-BRANCH-1-4/g10/pkclist.c Log: * main.h, mainproc.c (check_sig_and_print), keylist.c (list_keyblock_print), pkclist.c (do_edit_ownertrust), keyedit.c (menu_showphoto), photoid.c (generate_photo_id, show_photos), misc.c (pct_expando): Add %v and %V expandos so that displaying photo IDs can show the attribute validity tag (%v) and string (%V). Originally by Daniel Gillmor. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2008-10-01 16:17:39 UTC (rev 4844) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2008-10-03 19:54:30 UTC (rev 4845) @@ -1,3 +1,12 @@ +2008-10-03 David Shaw + + * main.h, mainproc.c (check_sig_and_print), + keylist.c (list_keyblock_print), pkclist.c (do_edit_ownertrust), + keyedit.c (menu_showphoto), photoid.c (generate_photo_id, + show_photos), misc.c (pct_expando): Add %v and %V expandos so + that displaying photo IDs can show the attribute validity + tag (%v) and string (%V). Originally by Daniel Gillmor. + 2008-09-24 David Shaw * keyedit.c (keyedit_menu): Fix bug where a modified keyring loses Modified: branches/STABLE-BRANCH-1-4/g10/keyedit.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keyedit.c 2008-10-01 16:17:39 UTC (rev 4844) +++ branches/STABLE-BRANCH-1-4/g10/keyedit.c 2008-10-03 19:54:30 UTC (rev 4845) @@ -1,6 +1,6 @@ /* keyedit.c - keyedit stuff - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -5094,7 +5094,7 @@ "key %s (uid %d)\n"), image_type_to_string(type,1), (ulong)size,keystr_from_pk(pk),count); - show_photos(&uid->attribs[i],1,pk,NULL); + show_photos(&uid->attribs[i],1,pk,NULL,uid); } } } Modified: branches/STABLE-BRANCH-1-4/g10/keylist.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keylist.c 2008-10-01 16:17:39 UTC (rev 4844) +++ branches/STABLE-BRANCH-1-4/g10/keylist.c 2008-10-03 19:54:30 UTC (rev 4845) @@ -1,6 +1,6 @@ /* keylist.c - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -839,7 +839,7 @@ putchar('\n'); if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL) - show_photos(uid->attribs,uid->numattribs,pk,sk); + show_photos(uid->attribs,uid->numattribs,pk,sk,uid); } else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { Modified: branches/STABLE-BRANCH-1-4/g10/main.h =================================================================== --- branches/STABLE-BRANCH-1-4/g10/main.h 2008-10-01 16:17:39 UTC (rev 4844) +++ branches/STABLE-BRANCH-1-4/g10/main.h 2008-10-03 19:54:30 UTC (rev 4845) @@ -1,6 +1,6 @@ /* main.h - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -96,6 +96,8 @@ PKT_public_key *pk; PKT_secret_key *sk; byte imagetype; + int validity_info; + const char *validity_string; }; char *pct_expando(const char *string,struct expando_args *args); Modified: branches/STABLE-BRANCH-1-4/g10/mainproc.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/mainproc.c 2008-10-01 16:17:39 UTC (rev 4844) +++ branches/STABLE-BRANCH-1-4/g10/mainproc.c 2008-10-03 19:54:30 UTC (rev 4845) @@ -1,6 +1,6 @@ /* mainproc.c - handle packets - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1800,7 +1800,8 @@ if(opt.verify_options&VERIFY_SHOW_PHOTOS) show_photos(un->pkt->pkt.user_id->attribs, - un->pkt->pkt.user_id->numattribs,pk,NULL); + un->pkt->pkt.user_id->numattribs, + pk,NULL,un->pkt->pkt.user_id); } p=utf8_to_native(un->pkt->pkt.user_id->name, Modified: branches/STABLE-BRANCH-1-4/g10/misc.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/misc.c 2008-10-01 16:17:39 UTC (rev 4844) +++ branches/STABLE-BRANCH-1-4/g10/misc.c 2008-10-03 19:54:30 UTC (rev 4845) @@ -1,6 +1,6 @@ /* misc.c - miscellaneous functions - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -503,8 +503,6 @@ while(*ch!='\0') { - char *str=NULL; - if(!done) { /* 8192 is way bigger than we'll need here */ @@ -613,22 +611,46 @@ } break; - case 't': /* e.g. "jpg" */ - str=image_type_to_string(args->imagetype,0); - /* fall through */ - - case 'T': /* e.g. "image/jpeg" */ - if(str==NULL) - str=image_type_to_string(args->imagetype,2); - - if(idx+strlen(str)validity_info && idx+1validity_info; + ret[idx]='\0'; done=1; } break; + /* The text string types */ + case 't': + case 'T': + case 'V': + { + const char *str=NULL; + + switch(*(ch+1)) + { + case 't': /* e.g. "jpg" */ + str=image_type_to_string(args->imagetype,0); + break; + + case 'T': /* e.g. "image/jpeg" */ + str=image_type_to_string(args->imagetype,2); + break; + + case 'V': /* e.g. "full", "expired", etc. */ + str=args->validity_string; + break; + } + + if(str && idx+strlen(str)attribs,uid->numattribs,pk,NULL); + show_photos(uid->attribs,uid->numattribs,pk,NULL,uid); switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay", _("Is this photo correct (y/N/q)? "))) { @@ -289,8 +290,10 @@ } #endif -void show_photos(const struct user_attribute *attrs, - int count,PKT_public_key *pk,PKT_secret_key *sk) +void +show_photos(const struct user_attribute *attrs, + int count,PKT_public_key *pk,PKT_secret_key *sk, + PKT_user_id *uid) { #ifndef DISABLE_PHOTO_VIEWER int i; @@ -301,6 +304,8 @@ memset(&args,0,sizeof(args)); args.pk=pk; args.sk=sk; + args.validity_info=get_validity_info(pk,uid); + args.validity_string=get_validity_string(pk,uid); if(pk) keyid_from_pk(pk,kid); Modified: branches/STABLE-BRANCH-1-4/g10/photoid.h =================================================================== --- branches/STABLE-BRANCH-1-4/g10/photoid.h 2008-10-01 16:17:39 UTC (rev 4844) +++ branches/STABLE-BRANCH-1-4/g10/photoid.h 2008-10-03 19:54:30 UTC (rev 4845) @@ -1,5 +1,5 @@ /* photoid.h - * Copyright (C) 2001, 2002 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2005, 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -27,7 +27,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename); int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len); char *image_type_to_string(byte type,int style); -void show_photos(const struct user_attribute *attrs, - int count,PKT_public_key *pk,PKT_secret_key *sk); +void show_photos(const struct user_attribute *attrs,int count, + PKT_public_key *pk,PKT_secret_key *sk,PKT_user_id *uid); #endif /* !_PHOTOID_H_ */ Modified: branches/STABLE-BRANCH-1-4/g10/pkclist.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/pkclist.c 2008-10-01 16:17:39 UTC (rev 4844) +++ branches/STABLE-BRANCH-1-4/g10/pkclist.c 2008-10-03 19:54:30 UTC (rev 4845) @@ -239,7 +239,8 @@ if((opt.verify_options&VERIFY_SHOW_PHOTOS) && un->pkt->pkt.user_id->attrib_data) show_photos(un->pkt->pkt.user_id->attribs, - un->pkt->pkt.user_id->numattribs,pk,NULL); + un->pkt->pkt.user_id->numattribs,pk,NULL, + un->pkt->pkt.user_id); p=utf8_to_native(un->pkt->pkt.user_id->name, un->pkt->pkt.user_id->len,0); From cvs at cvs.gnupg.org Fri Oct 3 22:00:47 2008 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Fri, 03 Oct 2008 22:00:47 +0200 Subject: [svn] GnuPG - r4846 - trunk/g10 Message-ID: Author: dshaw Date: 2008-10-03 22:00:46 +0200 (Fri, 03 Oct 2008) New Revision: 4846 Modified: trunk/g10/ChangeLog trunk/g10/keyedit.c trunk/g10/keylist.c trunk/g10/main.h trunk/g10/mainproc.c trunk/g10/misc.c trunk/g10/photoid.c trunk/g10/photoid.h trunk/g10/pkclist.c Log: * main.h, mainproc.c (check_sig_and_print), keylist.c (list_keyblock_print), pkclist.c (do_edit_ownertrust), keyedit.c (menu_showphoto), photoid.c (generate_photo_id, show_photos), misc.c (pct_expando): Add %v and %V expandos so that displaying photo IDs can show the attribute validity tag (%v) and string (%V). Originally by Daniel Gillmor. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2008-10-03 19:54:30 UTC (rev 4845) +++ trunk/g10/ChangeLog 2008-10-03 20:00:46 UTC (rev 4846) @@ -1,3 +1,12 @@ +2008-10-03 David Shaw + + * main.h, mainproc.c (check_sig_and_print), + keylist.c (list_keyblock_print), pkclist.c (do_edit_ownertrust), + keyedit.c (menu_showphoto), photoid.c (generate_photo_id, + show_photos), misc.c (pct_expando): Add %v and %V expandos so + that displaying photo IDs can show the attribute validity + tag (%v) and string (%V). Originally by Daniel Gillmor. + 2008-09-29 Werner Koch * gpg.c (main): Remove -sat kludge. Note that we printed a Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2008-10-03 19:54:30 UTC (rev 4845) +++ trunk/g10/keyedit.c 2008-10-03 20:00:46 UTC (rev 4846) @@ -1,6 +1,6 @@ /* keyedit.c - keyedit stuff - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006, 2007 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -5103,7 +5103,7 @@ "key %s (uid %d)\n"), image_type_to_string(type,1), (ulong)size,keystr_from_pk(pk),count); - show_photos(&uid->attribs[i],1,pk,NULL); + show_photos(&uid->attribs[i],1,pk,NULL,uid); } } } Modified: trunk/g10/keylist.c =================================================================== --- trunk/g10/keylist.c 2008-10-03 19:54:30 UTC (rev 4845) +++ trunk/g10/keylist.c 2008-10-03 20:00:46 UTC (rev 4846) @@ -1,6 +1,6 @@ /* keylist.c - print keys - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, - * 2004, 2005, 2008 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -882,7 +882,7 @@ putchar('\n'); if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL) - show_photos(uid->attribs,uid->numattribs,pk,sk); + show_photos(uid->attribs,uid->numattribs,pk,sk,uid); } else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { Modified: trunk/g10/main.h =================================================================== --- trunk/g10/main.h 2008-10-03 19:54:30 UTC (rev 4845) +++ trunk/g10/main.h 2008-10-03 20:00:46 UTC (rev 4846) @@ -1,6 +1,6 @@ /* main.h - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -101,6 +101,8 @@ PKT_public_key *pk; PKT_secret_key *sk; byte imagetype; + int validity_info; + const char *validity_string; }; char *pct_expando(const char *string,struct expando_args *args); Modified: trunk/g10/mainproc.c =================================================================== --- trunk/g10/mainproc.c 2008-10-03 19:54:30 UTC (rev 4845) +++ trunk/g10/mainproc.c 2008-10-03 20:00:46 UTC (rev 4846) @@ -1,6 +1,6 @@ /* mainproc.c - handle packets - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1826,7 +1826,8 @@ if(opt.verify_options&VERIFY_SHOW_PHOTOS) show_photos(un->pkt->pkt.user_id->attribs, - un->pkt->pkt.user_id->numattribs,pk,NULL); + un->pkt->pkt.user_id->numattribs, + pk,NULL,un->pkt->pkt.user_id); } p=utf8_to_native(un->pkt->pkt.user_id->name, Modified: trunk/g10/misc.c =================================================================== --- trunk/g10/misc.c 2008-10-03 19:54:30 UTC (rev 4845) +++ trunk/g10/misc.c 2008-10-03 20:00:46 UTC (rev 4846) @@ -1,6 +1,6 @@ /* misc.c - miscellaneous functions - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2005, 2006, 2007, 2008 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -550,8 +550,6 @@ while(*ch!='\0') { - char *str=NULL; - if(!done) { /* 8192 is way bigger than we'll need here */ @@ -660,22 +658,46 @@ } break; - case 't': /* e.g. "jpg" */ - str=image_type_to_string(args->imagetype,0); - /* fall through */ - - case 'T': /* e.g. "image/jpeg" */ - if(str==NULL) - str=image_type_to_string(args->imagetype,2); - - if(idx+strlen(str)validity_info && idx+1validity_info; + ret[idx]='\0'; done=1; } break; + /* The text string types */ + case 't': + case 'T': + case 'V': + { + const char *str=NULL; + + switch(*(ch+1)) + { + case 't': /* e.g. "jpg" */ + str=image_type_to_string(args->imagetype,0); + break; + + case 'T': /* e.g. "image/jpeg" */ + str=image_type_to_string(args->imagetype,2); + break; + + case 'V': /* e.g. "full", "expired", etc. */ + str=args->validity_string; + break; + } + + if(str && idx+strlen(str)attribs,uid->numattribs,pk,NULL); + show_photos(uid->attribs,uid->numattribs,pk,NULL,uid); switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay", _("Is this photo correct (y/N/q)? "))) { @@ -282,8 +283,10 @@ } #endif -void show_photos(const struct user_attribute *attrs, - int count,PKT_public_key *pk,PKT_secret_key *sk) +void +show_photos(const struct user_attribute *attrs, + int count,PKT_public_key *pk,PKT_secret_key *sk, + PKT_user_id *uid) { #ifndef DISABLE_PHOTO_VIEWER int i; @@ -294,6 +297,8 @@ memset(&args,0,sizeof(args)); args.pk=pk; args.sk=sk; + args.validity_info=get_validity_info(pk,uid); + args.validity_string=get_validity_string(pk,uid); if(pk) keyid_from_pk(pk,kid); Modified: trunk/g10/photoid.h =================================================================== --- trunk/g10/photoid.h 2008-10-03 19:54:30 UTC (rev 4845) +++ trunk/g10/photoid.h 2008-10-03 20:00:46 UTC (rev 4846) @@ -1,5 +1,5 @@ /* photoid.h - * Copyright (C) 2001, 2002 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2005, 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -27,7 +27,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename); int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len); char *image_type_to_string(byte type,int style); -void show_photos(const struct user_attribute *attrs, - int count,PKT_public_key *pk,PKT_secret_key *sk); +void show_photos(const struct user_attribute *attrs,int count, + PKT_public_key *pk,PKT_secret_key *sk,PKT_user_id *uid); #endif /* !_PHOTOID_H_ */ Modified: trunk/g10/pkclist.c =================================================================== --- trunk/g10/pkclist.c 2008-10-03 19:54:30 UTC (rev 4845) +++ trunk/g10/pkclist.c 2008-10-03 20:00:46 UTC (rev 4846) @@ -236,7 +236,8 @@ if((opt.verify_options&VERIFY_SHOW_PHOTOS) && un->pkt->pkt.user_id->attrib_data) show_photos(un->pkt->pkt.user_id->attribs, - un->pkt->pkt.user_id->numattribs,pk,NULL); + un->pkt->pkt.user_id->numattribs,pk,NULL, + un->pkt->pkt.user_id); p=utf8_to_native(un->pkt->pkt.user_id->name, un->pkt->pkt.user_id->len,0); From cvs at cvs.gnupg.org Fri Oct 3 23:26:33 2008 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Fri, 03 Oct 2008 23:26:33 +0200 Subject: [svn] GnuPG - r4847 - branches/STABLE-BRANCH-1-4 Message-ID: Author: dshaw Date: 2008-10-03 23:26:33 +0200 (Fri, 03 Oct 2008) New Revision: 4847 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/acinclude.m4 branches/STABLE-BRANCH-1-4/configure.ac Log: * configure.ac, acinclude.m4: Remove GNUPG_CHECK_DOCBOOK_TO_TEXI as we no longer use it. Noted by John Clizbe. Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2008-10-03 20:00:46 UTC (rev 4846) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2008-10-03 21:26:33 UTC (rev 4847) @@ -1,3 +1,8 @@ +2008-10-03 David Shaw + + * configure.ac, acinclude.m4: Remove GNUPG_CHECK_DOCBOOK_TO_TEXI + as we no longer use it. Noted by John Clizbe. + 2008-08-27 David Shaw * configure.ac: Use printf for the most portable SVN version Modified: branches/STABLE-BRANCH-1-4/acinclude.m4 =================================================================== --- branches/STABLE-BRANCH-1-4/acinclude.m4 2008-10-03 20:00:46 UTC (rev 4846) +++ branches/STABLE-BRANCH-1-4/acinclude.m4 2008-10-03 21:26:33 UTC (rev 4847) @@ -1,5 +1,6 @@ # macros to configure gnupg -# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc. +# Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2006, 2007, +# 2008 Free Software Foundation, Inc. # # This file is part of GnuPG. # @@ -89,23 +90,6 @@ dnl fi ]) -dnl GNUPG_CHECK_DOCBOOK_TO_TEXI -dnl -AC_DEFUN([GNUPG_CHECK_DOCBOOK_TO_TEXI], - [ - AC_CHECK_PROG(DOCBOOK_TO_TEXI, docbook2texi, yes, no) - AC_MSG_CHECKING(for sgml to texi tools) - working_sgmltotexi=no - if test "$ac_cv_prog_DOCBOOK_TO_TEXI" = yes; then - if sgml2xml -v /dev/null 2>&1 | grep 'SP version' >/dev/null 2>&1 ; then - working_sgmltotexi=yes - fi - fi - AC_MSG_RESULT($working_sgmltotexi) - AM_CONDITIONAL(HAVE_DOCBOOK_TO_TEXI, test "$working_sgmltotexi" = "yes" ) - ]) - - dnl GNUPG_CHECK_ENDIAN dnl define either LITTLE_ENDIAN_HOST or BIG_ENDIAN_HOST dnl Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2008-10-03 20:00:46 UTC (rev 4846) +++ branches/STABLE-BRANCH-1-4/configure.ac 2008-10-03 21:26:33 UTC (rev 4847) @@ -531,7 +531,6 @@ AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no) AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes) GNUPG_CHECK_FAQPROG -GNUPG_CHECK_DOCBOOK_TO_TEXI GNUPG_CHECK_USTAR From cvs at cvs.gnupg.org Mon Oct 6 15:13:44 2008 From: cvs at cvs.gnupg.org (cvs user werner) Date: Mon, 06 Oct 2008 15:13:44 +0200 Subject: misc-scripts (encrypt-to-p.c sks-stats.sh) Message-ID: Date: Monday, October 6, 2008 @ 15:13:44 Author: werner Path: /cvs/wk/misc-scripts Added: encrypt-to-p.c Modified: sks-stats.sh . From cvs at cvs.gnupg.org Mon Oct 6 18:31:38 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 06 Oct 2008 18:31:38 +0200 Subject: [svn] gcry - r1348 - trunk/tests Message-ID: Author: wk Date: 2008-10-06 18:31:37 +0200 (Mon, 06 Oct 2008) New Revision: 1348 Modified: trunk/tests/ChangeLog trunk/tests/cavs_driver.pl trunk/tests/fipsdrv.c Log: New CAVS driver from upstream. Fixed RSA FIPS tests. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-02 19:30:08 UTC (rev 1347) +++ trunk/tests/ChangeLog 2008-10-06 16:31:37 UTC (rev 1348) @@ -1,3 +1,15 @@ +2008-10-06 Werner Koch + + * cavs_driver.pl: New version from upstream. + (libgcrypt_rsa_verify($$$$)): Pass pkcs1. + (libgcrypt_rsa_sign($$$)): Pass pkcs1 and hash algo. + + * fipsdrv.c (run_rsa_sign): Hash data in pkcs1 mode. + (run_rsa_verify): Ditto. + (read_key_file): Rename to read_private_key_file. Factor public + key code out to.. + (read_public_key_file): .. new. + 2008-10-02 Werner Koch * fipsdrv.c (print_buffer): Add base64 printing code. @@ -5,6 +17,7 @@ (run_rsa_gen, run_rsa_sign): New. (main): Add modes rsa-gen, rsa-sign and rsa-verify. + 2008-09-29 Werner Koch * fipsdrv.c: Merge code from fipsrngdrv.c Modified: trunk/tests/cavs_driver.pl =================================================================== --- trunk/tests/cavs_driver.pl 2008-10-02 19:30:08 UTC (rev 1347) +++ trunk/tests/cavs_driver.pl 2008-10-06 16:31:37 UTC (rev 1348) @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Id: cavs_driver.pl 1236 2008-09-17 13:00:06Z smueller +# $Id: cavs_driver.pl 1243 2008-09-18 18:42:57Z smueller $ # # CAVS test driver (based on the OpenSSL driver) # Written by: Stephan M?ller @@ -294,7 +294,6 @@ return pipe_through_program($data,$program); } - sub libgcrypt_rsa_sign($$$) { my $data = shift; my $hashalgo = shift; @@ -302,49 +301,44 @@ die "ARCFOUR not available for RSA" if $opt{'R'}; return pipe_through_program($data, - "fipsdrv --verbose --algo $hashalgo --key $keyfile rsa-sign"); + "fipsdrv --verbose --pkcs1 --algo $hashalgo --key $keyfile rsa-sign"); } - sub libgcrypt_rsa_verify($$$$) { my $data = shift; - my $cipher = shift; + my $hashalgo = shift; my $keyfile = shift; my $sigfile = shift; - $data = hex2bin($data); die "ARCFOUR not available for RSA" if $opt{'R'}; $data = pipe_through_program($data, - "fipsdrv --verbose --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify"); + "fipsdrv --verbose --pkcs1 --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify"); # Parse through the output information return ($data =~ /GOOD signature/); } - sub libgcrypt_gen_rsakey($$) { my $keylen = shift; my $file = shift; die "ARCFOUR not available for RSA" if $opt{'R'}; my @args = ("fipsdrv --keysize $keylen rsa-gen > $file"); - system(@args) == 0 + system(@args) == 0 or die "system @args failed: $?"; die "system @args failed: file $file not created" if (! -f $file); } - sub libgcrypt_hash($$) { my $pt = shift; my $hashalgo = shift; - my $program = "fipsdrv --no-fips --algo $hashalgo digest"; + my $program = "fipsdrv --no-fips --algo $hashalgo digest"; die "ARCFOUR not available for hashes" if $opt{'R'}; - + return pipe_through_program($pt, $program); } - sub libgcrypt_state_cipher($$$$$) { my $cipher = shift; my $enc = (shift) ? "encrypt": "decrypt"; @@ -356,7 +350,6 @@ return $program; } - sub libgcrypt_state_rng($$$) { my $key = shift; my $dt = shift; @@ -372,11 +365,41 @@ my $hashtype = shift; my $program = "fipsdrv --no-fips --key $key --algo $hashtype hmac-sha"; - return pipe_through_program($msg, $program); + return pipe_through_program($msg, $program); } ######### End of libgcrypt implementation ################ +################################################################ +###### Vendor1 interface functions +################################################################ + +sub vendor1_encdec($$$$$) { + my $key=shift; + my $iv=shift; + my $cipher=shift; + my $enc = (shift) ? "encrypt" : "decrypt"; + my $data=shift; + + $data=hex2bin($data); + my $program = "./aes $enc $key"; + $data=pipe_through_program($data,$program); + return bin2hex($data); +} + +sub vendor1_state_cipher($$$$$) { + my $cipher = shift; + my $encdec = shift; + my $bufsize = shift; + my $key = shift; + my $iv = shift; + + $key = bin2hex($key); + my $enc = $encdec ? "encrypt": "decrypt"; + my $out = "./aes $enc $key $bufsize"; + return $out; +} + ##### No other interface functions below this point ###### ########################################################## @@ -878,7 +901,7 @@ $key1= $key1 . $key3; } - $out .= "IV = $iv\n"; + $out .= "IV = $iv\n" if (defined($iv) && $iv ne ""); if ($enc) { $out .= "PLAINTEXT = $pt\n"; $out .= "CIPHERTEXT = " . encrypt($key1, $iv, $cipher, $pt) . "\n"; @@ -997,7 +1020,8 @@ } my $keylen = length($key1); - $out .= "IV = ". bin2hex($iv). "\n"; + $out .= "IV = ". bin2hex($iv) . "\n" + if (defined($iv) && $iv ne ""); if ($enc) { $out .= "PLAINTEXT = ". bin2hex($source_data). "\n"; @@ -1016,12 +1040,12 @@ $old_calc_data = $calc_data; # $calc_data = AES($key, $calc_data); - #print STDERR "source_data=", bin2hex($source_data), "\n"; + #print STDERR "source_data=", bin2hex($source_data), "\n"; syswrite $CI, $source_data or die; my $len = sysread $CO, $calc_data, $bufsize; - #print STDERR "len=$len, bufsize=$bufsize\n"; + #print STDERR "len=$len, bufsize=$bufsize\n"; die if $len ne $bufsize; - #print STDERR "calc_data=", bin2hex($calc_data), "\n"; + #print STDERR "calc_data=", bin2hex($calc_data), "\n"; if ( (!$enc && $ciph =~ /des/) || $ciph =~ /rc4/ ) { @@ -1235,10 +1259,10 @@ print STDERR "Usage: $0 [-R] [-I name] --R execution of ARCFOUR instead of OpenSSL --I NAME Use interface style NAME: - openssl OpenSSL (default) - libgcrypt Libgcrypt"; +-R execution of ARCFOUR instead of OpenSSL +-I NAME Use interface style NAME: + openssl OpenSSL (default) + libgcrypt Libgcrypt"; } # Parser of CAVS test vector file @@ -1394,7 +1418,7 @@ $tt = 2; die "Interface function state_cipher for Stateful Cipher operation defined for tested library" if (!defined($state_cipher)); - } elsif ($cipher eq "sha" && $tt!=5 && $tt!=6) { + } elsif ($cipher =~ /^sha\d+/ && $tt!=5 && $tt!=6) { $tt = 3; die "Interface function hash for Hashing not defined for tested library" if (!defined($hash)); @@ -1523,7 +1547,7 @@ # call tests if all input data is there if ($tt == 1) { - if ($key1 ne "" && $iv ne "" && $pt ne "" && $cipher ne "") { + if ($key1 ne "" && $pt ne "" && $cipher ne "") { $out .= kat($keytype, $key1, $key2, $key3, $iv, $pt, $cipher, $enc); $keytype = ""; $key1 = ""; @@ -1534,7 +1558,7 @@ } } elsif ($tt == 2) { - if ($key1 ne "" && $iv ne "" && $pt ne "" && $cipher ne "") { + if ($key1 ne "" && $pt ne "" && $cipher ne "") { $out .= crypto_mct($keytype, $key1, $key2, $key3, $iv, $pt, $cipher, $enc); $keytype = ""; $key1 = ""; @@ -1629,26 +1653,26 @@ ##### Set library - if ( ! defined $opt{'I'} || $opt{'I'} eq 'openssl' ) { - print STDERR "Using OpenSSL interface functions\n"; - $encdec = \&openssl_encdec; - $rsa_sign = \&openssl_rsa_sign; - $rsa_verify = \&openssl_rsa_verify; - $gen_rsakey = \&openssl_gen_rsakey; - $hash = \&openssl_hash; - $state_cipher = \&openssl_state_cipher; - } elsif ( $opt{'I'} eq 'libgcrypt' ) { - print STDERR "Using libgcrypt interface functions\n"; - $encdec = \&libgcrypt_encdec; - $rsa_sign = \&libgcrypt_rsa_sign; - $rsa_verify = \&libgcrypt_rsa_verify; - $gen_rsakey = \&libgcrypt_gen_rsakey; - $hash = \&libgcrypt_hash; - $state_cipher = \&libgcrypt_state_cipher; - $state_rng = \&libgcrypt_state_rng; - $hmac = \&libgcrypt_hmac; + if ( ! defined $opt{'I'} || $opt{'I'} eq 'openssl' ) { + print STDERR "Using OpenSSL interface functions\n"; + $encdec = \&openssl_encdec; + $rsa_sign = \&openssl_rsa_sign; + $rsa_verify = \&openssl_rsa_verify; + $gen_rsakey = \&openssl_gen_rsakey; + $hash = \&openssl_hash; + $state_cipher = \&openssl_state_cipher; + } elsif ( $opt{'I'} eq 'libgcrypt' ) { + print STDERR "Using libgcrypt interface functions\n"; + $encdec = \&libgcrypt_encdec; + $rsa_sign = \&libgcrypt_rsa_sign; + $rsa_verify = \&libgcrypt_rsa_verify; + $gen_rsakey = \&libgcrypt_gen_rsakey; + $hash = \&libgcrypt_hash; + $state_cipher = \&libgcrypt_state_cipher; + $state_rng = \&libgcrypt_state_rng; + $hmac = \&libgcrypt_hmac; } else { - die "Invalid interface option given"; + die "Invalid interface option given"; } my $infile=$ARGV[0]; Modified: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c 2008-10-02 19:30:08 UTC (rev 1347) +++ trunk/tests/fipsdrv.c 2008-10-06 16:31:37 UTC (rev 1348) @@ -431,11 +431,11 @@ } -/* Read the file FNAME assuming it is a PEM encoded private or public - key file and return an S-expression. With SHOW set, the key - parameters are printed. */ +/* Read the file FNAME assuming it is a PEM encoded private key file + and return an S-expression. With SHOW set, the key parameters are + printed. */ static gcry_sexp_t -read_key_file (const char *fname, int private, int show) +read_private_key_file (const char *fname, int show) { gcry_error_t err; FILE *fp; @@ -445,7 +445,7 @@ size_t derlen; struct tag_info ti; gcry_mpi_t keyparms[8]; - int n_keyparms = private? 8 : 2; + int n_keyparms = 8; int idx; gcry_sexp_t s_key; @@ -470,7 +470,7 @@ goto bad_asn1; if (ti.length != 1 || *der) goto bad_asn1; /* The value of the first integer is no 0. */ - der += ti.length; derlen += ti.length; + der += ti.length; derlen -= ti.length; for (idx=0; idx < n_keyparms; idx++) { @@ -488,51 +488,135 @@ err = gcry_mpi_scan (keyparms+idx, GCRYMPI_FMT_USG, der, ti.length,NULL); if (err) die ("error scanning RSA parameter %d: %s\n", idx, gpg_strerror (err)); - der += ti.length; derlen += ti.length; + der += ti.length; derlen -= ti.length; } if (idx != n_keyparms) die ("not enough RSA key parameters\n"); gcry_free (buffer); - if (private) + /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* First check that p < q; if not swap p and q and recompute u. */ + if (gcry_mpi_cmp (keyparms[3], keyparms[4]) > 0) { - /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ - /* First check that p < q; if not swap p and q and recompute u. */ - if (gcry_mpi_cmp (keyparms[3], keyparms[4]) > 0) + gcry_mpi_swap (keyparms[3], keyparms[4]); + gcry_mpi_invm (keyparms[7], keyparms[3], keyparms[4]); + } + + /* Build the S-expression. */ + err = gcry_sexp_build (&s_key, NULL, + "(private-key(rsa(n%m)(e%m)" + /**/ "(d%m)(p%m)(q%m)(u%m)))", + keyparms[0], keyparms[1], keyparms[2], + keyparms[3], keyparms[4], keyparms[7] ); + if (err) + die ("error building S-expression: %s\n", gpg_strerror (err)); + + for (idx=0; idx < n_keyparms; idx++) + gcry_mpi_release (keyparms[idx]); + + return s_key; + + bad_asn1: + die ("invalid ASN.1 structure in `%s'\n", fname); + return NULL; /*NOTREACHED*/ +} + + +/* Read the file FNAME assuming it is a PEM encoded public key file + and return an S-expression. With SHOW set, the key parameters are + printed. */ +static gcry_sexp_t +read_public_key_file (const char *fname, int show) +{ + gcry_error_t err; + FILE *fp; + char *buffer; + size_t buflen; + const unsigned char *der; + size_t derlen; + struct tag_info ti; + gcry_mpi_t keyparms[2]; + int n_keyparms = 2; + int idx; + gcry_sexp_t s_key; + + fp = fopen (fname, binary_input?"rb":"r"); + if (!fp) + die ("can't open `%s': %s\n", fname, strerror (errno)); + buffer = read_file (fp, 0, &buflen); + if (!buffer) + die ("error reading `%s'\n", fname); + fclose (fp); + + buflen = base64_decode (buffer, buflen); + + /* Parse the ASN.1 structure. */ + der = (const unsigned char*)buffer; + derlen = buflen; + if ( parse_tag (&der, &derlen, &ti) + || ti.tag != TAG_SEQUENCE || ti.class || !ti.cons || ti.ndef) + goto bad_asn1; + if ( parse_tag (&der, &derlen, &ti) + || ti.tag != TAG_SEQUENCE || ti.class || !ti.cons || ti.ndef) + goto bad_asn1; + /* We skip the description of the key parameters and assume it is RSA. */ + der += ti.length; derlen -= ti.length; + + if ( parse_tag (&der, &derlen, &ti) + || ti.tag != TAG_BIT_STRING || ti.class || ti.cons || ti.ndef) + goto bad_asn1; + if (ti.length < 1 || *der) + goto bad_asn1; /* The number of unused bits needs to be 0. */ + der += 1; derlen -= 1; + + /* Parse the BIT string. */ + if ( parse_tag (&der, &derlen, &ti) + || ti.tag != TAG_SEQUENCE || ti.class || !ti.cons || ti.ndef) + goto bad_asn1; + + for (idx=0; idx < n_keyparms; idx++) + { + if ( parse_tag (&der, &derlen, &ti) + || ti.tag != TAG_INTEGER || ti.class || ti.cons || ti.ndef) + goto bad_asn1; + if (show) { - gcry_mpi_swap (keyparms[3], keyparms[4]); - gcry_mpi_invm (keyparms[7], keyparms[3], keyparms[4]); + char prefix[2]; + + prefix[0] = idx < 2? "ne"[idx] : '?'; + prefix[1] = 0; + showhex (prefix, der, ti.length); } - - /* Build the S-expression. */ - err = gcry_sexp_build (&s_key, NULL, - "(private-key(rsa(n%m)(e%m)" - /**/ "(d%m)(p%m)(q%m)(u%m)))", - keyparms[0], keyparms[1], keyparms[2], - keyparms[3], keyparms[4], keyparms[7] ); + err = gcry_mpi_scan (keyparms+idx, GCRYMPI_FMT_USG, der, ti.length,NULL); + if (err) + die ("error scanning RSA parameter %d: %s\n", idx, gpg_strerror (err)); + der += ti.length; derlen -= ti.length; } - else - { - err = gcry_sexp_build (&s_key, NULL, - "(public-key(rsa(n%m)(e%m)))", - keyparms[0], keyparms[1]); + if (idx != n_keyparms) + die ("not enough RSA key parameters\n"); - } + gcry_free (buffer); + + /* Build the S-expression. */ + err = gcry_sexp_build (&s_key, NULL, + "(public-key(rsa(n%m)(e%m)))", + keyparms[0], keyparms[1] ); if (err) die ("error building S-expression: %s\n", gpg_strerror (err)); for (idx=0; idx < n_keyparms; idx++) gcry_mpi_release (keyparms[idx]); - + return s_key; - + bad_asn1: die ("invalid ASN.1 structure in `%s'\n", fname); return NULL; /*NOTREACHED*/ } + /* Read the file FNAME assuming it is a binary signature result and return an an S-expression suitable for gcry_pk_verify. */ static gcry_sexp_t @@ -1062,11 +1146,20 @@ size_t outlen; /* showhex ("D", data, datalen); */ + if (pkcs1) + { + unsigned char hash[50]; + unsigned int hashsize; - if (pkcs1) - err = gcry_sexp_build (&s_data, NULL, - "(data (flags pkcs1)(hash %s %b))", - gcry_md_algo_name (hashalgo), (int)datalen, data); + hashsize = gcry_md_get_algo_dlen (hashalgo); + if (!hashsize || hashsize > sizeof hash) + die ("digest too long for buffer or unknown hash algorithm\n"); + gcry_md_hash_buffer (hashalgo, hash, data, datalen); + err = gcry_sexp_build (&s_data, NULL, + "(data (flags pkcs1)(hash %s %b))", + gcry_md_algo_name (hashalgo), + (int)hashsize, hash); + } else { gcry_mpi_t tmp; @@ -1083,12 +1176,12 @@ die ("gcry_sexp_build failed for RSA data input: %s\n", gpg_strerror (err)); - s_key = read_key_file (keyfile, 1, 0); + s_key = read_private_key_file (keyfile, 0); err = gcry_pk_sign (&s_sig, s_data, s_key); if (err) { - gcry_sexp_release (read_key_file (keyfile, 1, 1)); + gcry_sexp_release (read_private_key_file (keyfile, 1)); die ("gcry_pk_signed failed (datalen=%d,keyfile=%s): %s\n", (int)datalen, keyfile, gpg_strerror (err)); } @@ -1141,9 +1234,19 @@ gcry_sexp_t s_data, s_key, s_sig; if (pkcs1) - err = gcry_sexp_build (&s_data, NULL, - "(data (flags pkcs1)(hash %s %b))", - gcry_md_algo_name (hashalgo), (int)datalen, data); + { + unsigned char hash[64]; + unsigned int hashsize; + + hashsize = gcry_md_get_algo_dlen (hashalgo); + if (!hashsize || hashsize > sizeof hash) + die ("digest too long for buffer or unknown hash algorithm\n"); + gcry_md_hash_buffer (hashalgo, hash, data, datalen); + err = gcry_sexp_build (&s_data, NULL, + "(data (flags pkcs1)(hash %s %b))", + gcry_md_algo_name (hashalgo), + (int)hashsize, hash); + } else { gcry_mpi_t tmp; @@ -1160,15 +1263,15 @@ die ("gcry_sexp_build failed for RSA data input: %s\n", gpg_strerror (err)); - s_key = read_key_file (keyfile, 0, 0); + s_key = read_public_key_file (keyfile, 0); s_sig = read_sig_file (sigfile); err = gcry_pk_verify (s_sig, s_data, s_key); if (!err) - puts ("GOOD signature\n"); + puts ("GOOD signature"); else if (gpg_err_code (err) == GPG_ERR_BAD_SIGNATURE) - puts ("BAD signature\n"); + puts ("BAD signature"); else printf ("ERROR (%s)\n", gpg_strerror (err)); From cvs at cvs.gnupg.org Mon Oct 13 11:29:20 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 13 Oct 2008 11:29:20 +0200 Subject: [svn] GnuPG - r4848 - trunk/doc Message-ID: Author: wk Date: 2008-10-13 11:29:20 +0200 (Mon, 13 Oct 2008) New Revision: 4848 Modified: trunk/doc/ChangeLog trunk/doc/gpgsm.texi trunk/doc/tools.texi Log: Explain how to delete a secret X.509 key. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2008-10-03 21:26:33 UTC (rev 4847) +++ trunk/doc/ChangeLog 2008-10-13 09:29:20 UTC (rev 4848) @@ -1,3 +1,8 @@ +2008-10-13 Werner Koch + + * gpgsm.texi (Certificate Management): Explain hot to delete the + secret key. + 2008-10-01 Werner Koch * tools.texi (Controlling gpg-connect-agent): Describe /datafile. Modified: trunk/doc/gpgsm.texi =================================================================== --- trunk/doc/gpgsm.texi 2008-10-03 21:26:33 UTC (rev 4847) +++ trunk/doc/gpgsm.texi 2008-10-13 09:29:20 UTC (rev 4848) @@ -224,7 +224,13 @@ @item --delete-keys @var{pattern} @opindex delete-keys -Delete the keys matching @var{pattern}. +Delete the keys matching @var{pattern}. Note that there is no command +to delete the secret part of the key directly. In case you need to do +this, you should run the command @code{gpg --dump-secret-keys KEYID} +before you delete the key, copy the string of hex-digits in the +``keygrip'' line and delete the file consisting of these hex-digits +and the suffix @code{.key} from the @file{private-keys-v1.d} directory +below our GnuPG home directory (usually @file{~/.gnupg}). @item --export [@var{pattern}] @opindex export Modified: trunk/doc/tools.texi =================================================================== --- trunk/doc/tools.texi 2008-10-03 21:26:33 UTC (rev 4847) +++ trunk/doc/tools.texi 2008-10-13 09:29:20 UTC (rev 4848) @@ -1312,7 +1312,7 @@ experimental and might change in future versions. @item /showopen -Show a listy of open files. +Show a list of open files. @item /serverpid Send the Assuan command @command{GETINFO pid} to the server and store From cvs at cvs.gnupg.org Mon Oct 13 11:42:33 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 13 Oct 2008 11:42:33 +0200 Subject: [svn] GnuPG - r4849 - trunk/sm Message-ID: Author: wk Date: 2008-10-13 11:42:32 +0200 (Mon, 13 Oct 2008) New Revision: 4849 Modified: trunk/sm/ChangeLog trunk/sm/gpgsm.c Log: Add --delete-keys as alias for --delete-key. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2008-10-13 09:29:20 UTC (rev 4848) +++ trunk/sm/ChangeLog 2008-10-13 09:42:32 UTC (rev 4849) @@ -1,3 +1,7 @@ +2008-10-13 Werner Koch + + * gpgsm.c: Add alias --delete-keys. + 2008-09-30 Werner Koch * server.c (cmd_getinfo): New subcommand agent-check. Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2008-10-13 09:29:20 UTC (rev 4848) +++ trunk/sm/gpgsm.c 2008-10-13 09:42:32 UTC (rev 4849) @@ -259,7 +259,7 @@ { aListChain, "list-chain", 256, N_("list certificate chain")}, { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")}, { aKeygen, "gen-key", 256, "@" }, - { aDeleteKey, "delete-key",256, N_("remove key from the public keyring")}, + { aDeleteKey, "delete-keys",256,N_("remove keys from the public keyring")}, { aSendKeys, "send-keys" , 256, N_("export keys to a key server") }, { aRecvKeys, "recv-keys" , 256, N_("import keys from a key server") }, { aImport, "import", 256 , N_("import certificates")}, @@ -447,6 +447,7 @@ { aListChain, "list-sigs",256, "@" }, /* alias */ { aListChain, "check-sig",256, "@" }, /* alias */ { aListChain, "check-sigs",256, "@"}, /* alias */ + { aDeleteKey, "delete-key",256,"@"}, /* alias */ { oSkipVerify, "skip-verify",0, "@" }, { oCompressKeys, "compress-keys",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"}, From cvs at cvs.gnupg.org Mon Oct 13 13:32:01 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 13 Oct 2008 13:32:01 +0200 Subject: [svn] w32pth - r26 - trunk Message-ID: Author: wk Date: 2008-10-13 13:32:00 +0200 (Mon, 13 Oct 2008) New Revision: 26 Modified: trunk/ChangeLog trunk/NEWS trunk/pth.h trunk/w32-pth.c Log: Re-implemented PTH_EVENT_HANDLE which was lost becuase I missed to commit the changes back in 2007. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-05-27 11:51:42 UTC (rev 25) +++ trunk/ChangeLog 2008-10-13 11:32:00 UTC (rev 26) @@ -1,3 +1,11 @@ +2008-10-13 Werner Koch + + * pth.h (PTH_EVENT_HANDLE): New. Note that this was orginally + implemented on 2007-11-20 but accidently not commited and thus + later lost. + * w32-pth.c (do_pth_event_body, do_pth_wait): Implement this event. + (do_pth_event_free): Do not close HD for a handle event. + 2008-05-27 Werner Koch * w32-pth.c (_pth_malloc, _pth_calloc, _pth_free): New. Always @@ -67,13 +75,6 @@ about remaining issues. (do_pth_event_body): Fix type in va_arg invocation. -2007-11-20 Werner Koch - - * pth.h (PTH_EVENT_HANDLE): New. - * w32-pth.c (struct pth_event_s): Add HANDLE. - (do_pth_event_body, do_pth_wait): Implement handle event. - (do_pth_event_free): Do not close HD for a handle event. - 2007-08-16 Werner Koch Released 2.0.1. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-05-27 11:51:42 UTC (rev 25) +++ trunk/NEWS 2008-10-13 11:32:00 UTC (rev 26) @@ -13,7 +13,9 @@ * New non-standard fucntion pth_thread_id. + * Add PTH_HANDLE_EVENT. + Noteworthy changes in version 2.0.1 (2007-08-16) ------------------------------------------------ @@ -27,7 +29,7 @@ to indicate the version of Pth we are emulating. - Copyright 2007 g10 Code GmbH + Copyright 2007, 2008 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/pth.h =================================================================== --- trunk/pth.h 2008-05-27 11:51:42 UTC (rev 25) +++ trunk/pth.h 2008-10-13 11:32:00 UTC (rev 26) @@ -103,8 +103,8 @@ #define PTH_EVENT_COND (1<<7) #define PTH_EVENT_TID (1<<8) #define PTH_EVENT_FUNC (1<<9) +#define PTH_EVENT_HANDLE (1<<10) /* A generic waitable W32 HANDLE. */ - /* Event occurrence restrictions. */ #define PTH_UNTIL_OCCURRED (1<<11) #define PTH_UNTIL_FD_READABLE (1<<12) Modified: trunk/w32-pth.c =================================================================== --- trunk/w32-pth.c 2008-05-27 11:51:42 UTC (rev 25) +++ trunk/w32-pth.c 2008-10-13 11:32:00 UTC (rev 26) @@ -88,7 +88,9 @@ { struct pth_event_s *next; struct pth_event_s *prev; - HANDLE hd; /* The event object. */ + HANDLE hd; /* The event object. Note that this is + also used directly for the + PTH_EVENT_HANDLE event. */ int u_type; /* The type of the event. */ union { @@ -344,7 +346,7 @@ return h2; } - +#if 0 /* Not yet used. */ static void set_event (HANDLE h) { @@ -363,6 +365,7 @@ log_get_prefix (NULL), h); } } +#endif static void reset_event (HANDLE h) @@ -1379,6 +1382,7 @@ } +#if 0 /* Not yet used. */ static BOOL WINAPI sig_handler (DWORD signo) { @@ -1395,6 +1399,7 @@ fprintf (dbgfp, "%s: sig_handler=%d\n", log_get_prefix (NULL), pth_signo); return TRUE; } +#endif /* Helper to build an fdarray. */ @@ -1448,14 +1453,17 @@ return NULL; ev->next = ev; ev->prev = ev; - if ((spec & PTH_EVENT_TIME)) - ev->hd = create_timer (); - else - ev->hd = create_event (); - if (!ev->hd) + if ( !(spec & PTH_EVENT_HANDLE) ) { - _pth_free (ev); - return NULL; + if ((spec & PTH_EVENT_TIME)) + ev->hd = create_timer (); + else + ev->hd = create_event (); + if (!ev->hd) + { + _pth_free (ev); + return NULL; + } } /* We don't support static yet but we need to consume the @@ -1470,6 +1478,11 @@ if (spec == 0) ; + else if (spec & PTH_EVENT_HANDLE) + { + ev->u_type = PTH_EVENT_HANDLE; + ev->hd = va_arg (arg, void *); + } else if (spec & PTH_EVENT_SIGS) { ev->u_type = PTH_EVENT_SIGS; @@ -1696,7 +1709,8 @@ do { pth_event_t next = cur->next; - CloseHandle (cur->hd); + if (cur->u_type != PTH_EVENT_HANDLE) + CloseHandle (cur->hd); cur->hd = NULL; _pth_free (cur); cur = next; @@ -1707,7 +1721,8 @@ { ev->prev->next = ev->next; ev->next->prev = ev->prev; - CloseHandle (ev->hd); + if (ev->u_type != PTH_EVENT_HANDLE) + CloseHandle (ev->hd); ev->hd = NULL; _pth_free (ev); } @@ -1803,7 +1818,7 @@ while (r != ev); /* Prepare all events which requires to launch helper threads for - some types. This creates an array of handles which are lates + some types. This creates an array of handles which are later passed to WFMO. */ pos = thlstidx = 0; r = ev; @@ -1920,6 +1935,12 @@ waitbuf[pos++] = r->hd; break; + case PTH_EVENT_HANDLE: + TRACE_LOG ("adding handle event"); + evarray[pos] = r; + waitbuf[pos++] = r->hd; + break; + case PTH_EVENT_MUTEX: if (DBG_ERROR) fprintf (dbgfp, "pth_wait: ignoring mutex event.\n"); From cvs at cvs.gnupg.org Tue Oct 14 20:18:27 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 14 Oct 2008 20:18:27 +0200 Subject: [svn] GnuPG - r4850 - in trunk: agent doc po scd Message-ID: Author: wk Date: 2008-10-14 20:18:21 +0200 (Tue, 14 Oct 2008) New Revision: 4850 Modified: trunk/agent/ChangeLog trunk/agent/call-scd.c trunk/agent/gpg-agent.c trunk/doc/gpgsm.texi trunk/po/be.po trunk/po/ca.po trunk/po/cs.po trunk/po/da.po trunk/po/de.po trunk/po/el.po trunk/po/eo.po trunk/po/es.po trunk/po/et.po trunk/po/fi.po trunk/po/gl.po trunk/po/hu.po trunk/po/id.po trunk/po/it.po trunk/po/ja.po trunk/po/nb.po trunk/po/pl.po trunk/po/pt.po trunk/po/pt_BR.po trunk/po/ro.po trunk/po/ru.po trunk/po/sk.po trunk/po/sv.po trunk/po/tr.po trunk/po/zh_CN.po trunk/po/zh_TW.po trunk/scd/ChangeLog trunk/scd/apdu.c trunk/scd/apdu.h trunk/scd/command.c trunk/scd/sc-copykeys.c trunk/scd/scdaemon.c Log: SCD changes for PC/SC under W32. [The diff below has been truncated] Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/agent/ChangeLog 2008-10-14 18:18:21 UTC (rev 4850) @@ -1,3 +1,8 @@ +2008-10-14 Werner Koch + + * gpg-agent.c (get_agent_scd_notify_event): Need to use a manual + reset event. + 2008-09-29 Werner Koch * agent.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/scd/ChangeLog 2008-10-14 18:18:21 UTC (rev 4850) @@ -1,3 +1,45 @@ +2008-10-14 Werner Koch + + + * apdu.c (reader_table_s): Add fields connect_card and + disconnect_card. + (new_reader_slot): Set them to NULL. + (apdu_connect, apdu_disconnect): New. + (apdu_close_reader, apdu_shutdown_reader): Call apdu_disconnect. + (connect_pcsc_card, disconnect_pcsc_card): new. + (reset_pcsc_reader_direct): Implement in terms of + disconnect_pcsc_card and connect_pcsc_card. + (apdu_get_atr): Return NULL if there is no ATR. + * sc-copykeys.c (main): Add call to apdu_connect. + * command.c (open_card): Ditto. + + * apdu.h (SW_HOST_ALREADY_CONNECTED): New. + (APDU_CARD_USABLE, APDU_CARD_PRESENT, APDU_CARD_ACTIVE): New. + * apdu.c: Replace constants by the new macros. + (open_pcsc_reader): Factor code out to ... + (open_pcsc_reader_direct, open_pcsc_reader_wrapped): New. + (reset_pcsc_reader): Factor code out to ... + (reset_pcsc_reader_direct, reset_pcsc_reader_wrapped): New. + (pcsc_get_status): Factor code out to ... + (pcsc_get_status_direct, pcsc_get_status_wrapped): New. + (pcsc_send_apdu): Factor code out to ... + (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped): New. + (close_pcsc_reader): Factor code out to ... + (close_pcsc_reader_direct, close_pcsc_reader_wrapped): New. + + * command.c (update_reader_status_file): Open the reader if not + yet done. + + * scdaemon.c (TIMERTICK_INTERVAL_SEC, TIMERTICK_INTERVAL_USEC): + New to replace TIMERTICK_INTERVAL. Chnage from 2s (4 under W32) + to 250ms. + +2008-10-13 Werner Koch + + * command.c (option_handler) [W32]: Use strtoul with base 16. + (update_reader_status_file) [W32]: Set Event. + (scd_command_handler): Use INT2FD to silent warning. + 2008-09-29 Werner Koch * scdaemon.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. Modified: trunk/agent/call-scd.c =================================================================== --- trunk/agent/call-scd.c 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/agent/call-scd.c 2008-10-14 18:18:21 UTC (rev 4850) @@ -378,8 +378,10 @@ char buf[100]; #ifdef HAVE_W32_SYSTEM - snprintf (buf, sizeof buf, "OPTION event-signal=%lx", - (unsigned long)get_agent_scd_notify_event ()); + /* Use estream snprintf due to a bug in mingw32 related to the l + modifier. */ + estream_snprintf (buf, sizeof buf, "OPTION event-signal=%lx", + (unsigned long)get_agent_scd_notify_event ()); #else snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2); #endif Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/agent/gpg-agent.c 2008-10-14 18:18:21 UTC (rev 4850) @@ -1268,12 +1268,34 @@ if (!the_event) { + HANDLE h, h2; SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE}; - the_event = CreateEvent ( &sa, FALSE, FALSE, NULL); - if (!the_event) + /* We need to use manual reset evet object due to the way our + w32-pth wait function works: If we would use an automatic + reset event we are not able to figure out which handle has + been signaled because at the time we single out the signaled + handles using WFSO the event has already been reset due to + the WFMO. */ + h = CreateEvent (&sa, TRUE, FALSE, NULL); + if (!h) log_error ("can't create scd notify event: %s\n", w32_strerror (-1) ); + else if (!DuplicateHandle (GetCurrentProcess(), h, + GetCurrentProcess(), &h2, + EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) + { + log_error ("setting syncronize for scd notify event failed: %s\n", + w32_strerror (-1) ); + CloseHandle (h); + } + else + { + CloseHandle (h); + the_event = h2; + } } + + log_debug ("returning notify handle %p\n", the_event); return the_event; } #endif /*HAVE_W32_SYSTEM*/ Modified: trunk/doc/gpgsm.texi =================================================================== --- trunk/doc/gpgsm.texi 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/doc/gpgsm.texi 2008-10-14 18:18:21 UTC (rev 4850) @@ -226,7 +226,7 @@ @opindex delete-keys Delete the keys matching @var{pattern}. Note that there is no command to delete the secret part of the key directly. In case you need to do -this, you should run the command @code{gpg --dump-secret-keys KEYID} +this, you should run the command @code{gpgsm --dump-secret-keys KEYID} before you delete the key, copy the string of hex-digits in the ``keygrip'' line and delete the file consisting of these hex-digits and the suffix @code{.key} from the @file{private-keys-v1.d} directory Modified: trunk/po/be.po [not shown] Modified: trunk/po/ca.po [not shown] Modified: trunk/po/cs.po [not shown] Modified: trunk/po/da.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/el.po [not shown] Modified: trunk/po/eo.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/et.po [not shown] Modified: trunk/po/fi.po [not shown] Modified: trunk/po/gl.po [not shown] Modified: trunk/po/hu.po [not shown] Modified: trunk/po/id.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/ja.po [not shown] Modified: trunk/po/nb.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/pt_BR.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/ru.po [not shown] Modified: trunk/po/sk.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/tr.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/po/zh_TW.po [not shown] Modified: trunk/scd/apdu.c =================================================================== --- trunk/scd/apdu.c 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/scd/apdu.c 2008-10-14 18:18:21 UTC (rev 4850) @@ -103,6 +103,8 @@ unsigned short port; /* Port number: 0 = unused, 1 - dev/tty */ /* Function pointers intialized to the various backends. */ + int (*connect_card)(int); + int (*disconnect_card)(int); int (*close_reader)(int); int (*shutdown_reader)(int); int (*reset_reader)(int); @@ -291,6 +293,7 @@ /* Prototypes. */ static int pcsc_get_status (int slot, unsigned int *status); +static int reset_pcsc_reader (int slot); @@ -327,6 +330,8 @@ reader_table[reader].lock_initialized = 1; } #endif /*USE_GNU_PTH*/ + reader_table[reader].connect_card = NULL; + reader_table[reader].disconnect_card = NULL; reader_table[reader].close_reader = NULL; reader_table[reader].shutdown_reader = NULL; reader_table[reader].reset_reader = NULL; @@ -386,6 +391,7 @@ case SW_HOST_NO_READER: return "no reader"; case SW_HOST_ABORTED: return "aborted"; case SW_HOST_NO_KEYPAD: return "no keypad"; + case SW_HOST_ALREADY_CONNECTED: return "already connected"; default: return "unknown host status error"; } } @@ -536,10 +542,10 @@ static int ct_get_status (int slot, unsigned int *status) { - *status = 1|2|4; /* FIXME */ + /* The status we returned is wrong but we don't care becuase ctAPI + is not anymore required. */ + *status = APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE; return 0; - - return SW_HOST_NOT_SUPPORTED; } /* Actually send the APDU of length APDULEN to SLOT and return a @@ -767,178 +773,87 @@ static void dump_pcsc_reader_status (int slot) { - log_info ("reader slot %d: active protocol:", slot); - if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T0)) - log_printf (" T0"); - else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1)) - log_printf (" T1"); - else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_RAW)) - log_printf (" raw"); - log_printf ("\n"); + if (reader_table[slot].pcsc.card) + { + log_info ("reader slot %d: active protocol:", slot); + if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T0)) + log_printf (" T0"); + else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1)) + log_printf (" T1"); + else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_RAW)) + log_printf (" raw"); + log_printf ("\n"); + } + else + log_info ("reader slot %d: not connected\n", slot); } -/* Send an PC/SC reset command and return a status word on error or 0 - on success. */ +#ifndef NEED_PCSC_WRAPPER static int -reset_pcsc_reader (int slot) +pcsc_get_status_direct (int slot, unsigned int *status) { -#ifdef NEED_PCSC_WRAPPER long err; - reader_table_t slotp; - size_t len; - int i, n; - unsigned char msgbuf[9]; - unsigned int dummy_status; - int sw = SW_HOST_CARD_IO_ERROR; + struct pcsc_readerstate_s rdrstates[1]; - slotp = reader_table + slot; - - if (slotp->pcsc.req_fd == -1 - || slotp->pcsc.rsp_fd == -1 - || slotp->pcsc.pid == (pid_t)(-1) ) - { - log_error ("pcsc_get_status: pcsc-wrapper not running\n"); - return sw; - } - - msgbuf[0] = 0x05; /* RESET command. */ - len = 0; - msgbuf[1] = (len >> 24); - msgbuf[2] = (len >> 16); - msgbuf[3] = (len >> 8); - msgbuf[4] = (len ); - if ( writen (slotp->pcsc.req_fd, msgbuf, 5) ) - { - log_error ("error sending PC/SC RESET request: %s\n", - strerror (errno)); - goto command_failed; - } - - /* Read the response. */ - if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) - { - log_error ("error receiving PC/SC RESET response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; - if (msgbuf[0] != 0x81 || len < 4) - { - log_error ("invalid response header from PC/SC received\n"); - goto command_failed; - } - len -= 4; /* Already read the error code. */ - if (len > DIM (slotp->atr)) - { - log_error ("PC/SC returned a too large ATR (len=%lx)\n", - (unsigned long)len); - sw = SW_HOST_GENERAL_ERROR; - goto command_failed; - } - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + memset (rdrstates, 0, sizeof *rdrstates); + rdrstates[0].reader = reader_table[slot].rdrname; + rdrstates[0].current_state = PCSC_STATE_UNAWARE; + err = pcsc_get_status_change (reader_table[slot].pcsc.context, + 0, + rdrstates, 1); + if (err == PCSC_E_TIMEOUT) + err = 0; /* Timeout is no error error here. */ if (err) { - log_error ("PC/SC RESET failed: %s (0x%lx)\n", + log_error ("pcsc_get_status_change failed: %s (0x%lx)\n", pcsc_error_string (err), err); - /* If the error code is no smart card, we should not considere - this a major error and close the wrapper. */ - sw = pcsc_error_to_sw (err); - if (err == PCSC_E_NO_SMARTCARD) - return sw; - goto command_failed; - } - - /* The open function may return a zero for the ATR length to - indicate that no card is present. */ - n = len; - if (n) - { - if ((i=readn (slotp->pcsc.rsp_fd, slotp->atr, n, &len)) || len != n) - { - log_error ("error receiving PC/SC RESET response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - } - slotp->atrlen = len; - - /* Read the status so that IS_T0 will be set. */ - pcsc_get_status (slot, &dummy_status); - - return 0; - - command_failed: - close (slotp->pcsc.req_fd); - close (slotp->pcsc.rsp_fd); - slotp->pcsc.req_fd = -1; - slotp->pcsc.rsp_fd = -1; - kill (slotp->pcsc.pid, SIGTERM); - slotp->pcsc.pid = (pid_t)(-1); - slotp->used = 0; - return sw; - -#else /* !NEED_PCSC_WRAPPER */ - long err; - char reader[250]; - unsigned long nreader, atrlen; - unsigned long card_state, card_protocol; - - if (reader_table[slot].pcsc.card) - { - err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD); - if (err) - { - log_error ("pcsc_disconnect failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - return SW_HOST_CARD_IO_ERROR; - } - reader_table[slot].pcsc.card = 0; - } - - err = pcsc_connect (reader_table[slot].pcsc.context, - reader_table[slot].rdrname, - PCSC_SHARE_EXCLUSIVE, - PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, - &reader_table[slot].pcsc.card, - &reader_table[slot].pcsc.protocol); - if (err) - { - log_error ("pcsc_connect failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - reader_table[slot].pcsc.card = 0; return pcsc_error_to_sw (err); } + /* log_debug */ + /* ("pcsc_get_status_change: %s%s%s%s%s%s%s%s%s%s\n", */ + /* (rdrstates[0].event_state & PCSC_STATE_IGNORE)? " ignore":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_CHANGED)? " changed":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_UNKNOWN)? " unknown":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_UNAVAILABLE)?" unavail":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_EMPTY)? " empty":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_PRESENT)? " present":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_ATRMATCH)? " atr":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_EXCLUSIVE)? " excl":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_INUSE)? " unuse":"", */ + /* (rdrstates[0].event_state & PCSC_STATE_MUTE)? " mute":"" ); */ - atrlen = DIM(reader_table[0].atr); - nreader = sizeof reader - 1; - err = pcsc_status (reader_table[slot].pcsc.card, - reader, &nreader, - &card_state, &card_protocol, - reader_table[slot].atr, &atrlen); - if (err) - { - log_error ("pcsc_status failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - reader_table[slot].atrlen = 0; - return pcsc_error_to_sw (err); - } - if (atrlen > DIM (reader_table[0].atr)) - log_bug ("ATR returned by pcsc_status is too large\n"); - reader_table[slot].atrlen = atrlen; - reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0); + *status = 0; + if ( (rdrstates[0].event_state & PCSC_STATE_PRESENT) ) + *status |= APDU_CARD_PRESENT; + if ( !(rdrstates[0].event_state & PCSC_STATE_MUTE) ) + *status |= APDU_CARD_ACTIVE; +#ifndef HAVE_W32_SYSTEM + /* We indicate a useful card if it is not in use by another + application. This is because we only use exclusive access + mode. */ + if ( (*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)) + == (APDU_CARD_PRESENT|APDU_CARD_ACTIVE) + && !(rdrstates[0].event_state & PCSC_STATE_INUSE) ) + *status |= APDU_CARD_USABLE; +#else + /* Some winscard drivers may set EXCLUSIVE and INUSE at the same + time when we are the only user (SCM SCR335) under Windows. */ + if ((*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)) + == (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)) + *status |= APDU_CARD_USABLE; +#endif return 0; -#endif /* !NEED_PCSC_WRAPPER */ } +#endif /*!NEED_PCSC_WRAPPER*/ +#ifdef NEED_PCSC_WRAPPER static int -pcsc_get_status (int slot, unsigned int *status) +pcsc_get_status_wrapped (int slot, unsigned int *status) { -#ifdef NEED_PCSC_WRAPPER long err; reader_table_t slotp; size_t len, full_len; @@ -1030,7 +945,6 @@ /* We are lucky: The wrapper already returns the data in the required format. */ *status = buffer[3]; - return 0; command_failed: @@ -1042,74 +956,63 @@ slotp->pcsc.pid = (pid_t)(-1); slotp->used = 0; return sw; +} +#endif /*NEED_PCSC_WRAPPER*/ -#else /*!NEED_PCSC_WRAPPER*/ +static int +pcsc_get_status (int slot, unsigned int *status) +{ +#ifdef NEED_PCSC_WRAPPER + return pcsc_get_status_wrapped (slot, status); +#else + return pcsc_get_status_direct (slot, status); +#endif +} + + +#ifndef NEED_PCSC_WRAPPER +static int +pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen, + unsigned char *buffer, size_t *buflen, + struct pininfo_s *pininfo) +{ long err; - struct pcsc_readerstate_s rdrstates[1]; + struct pcsc_io_request_s send_pci; + unsigned long recv_len; - memset (rdrstates, 0, sizeof *rdrstates); - rdrstates[0].reader = reader_table[slot].rdrname; - rdrstates[0].current_state = PCSC_STATE_UNAWARE; - err = pcsc_get_status_change (reader_table[slot].pcsc.context, - 0, - rdrstates, 1); - if (err == PCSC_E_TIMEOUT) - err = 0; /* Timeout is no error error here. */ - if (err) - { - log_error ("pcsc_get_status_change failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - return pcsc_error_to_sw (err); - } + if (!reader_table[slot].atrlen + && (err = reset_pcsc_reader (slot))) + return err; + if (DBG_CARD_IO) + log_printhex (" PCSC_data:", apdu, apdulen); - /* log_debug */ - /* ("pcsc_get_status_change: %s%s%s%s%s%s%s%s%s%s\n", */ - /* (rdrstates[0].event_state & PCSC_STATE_IGNORE)? " ignore":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_CHANGED)? " changed":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_UNKNOWN)? " unknown":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_UNAVAILABLE)?" unavail":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_EMPTY)? " empty":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_PRESENT)? " present":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_ATRMATCH)? " atr":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_EXCLUSIVE)? " excl":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_INUSE)? " unuse":"", */ - /* (rdrstates[0].event_state & PCSC_STATE_MUTE)? " mute":"" ); */ + if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1)) + send_pci.protocol = PCSC_PROTOCOL_T1; + else + send_pci.protocol = PCSC_PROTOCOL_T0; + send_pci.pci_len = sizeof send_pci; + recv_len = *buflen; + err = pcsc_transmit (reader_table[slot].pcsc.card, + &send_pci, apdu, apdulen, + NULL, buffer, &recv_len); + *buflen = recv_len; + if (err) + log_error ("pcsc_transmit failed: %s (0x%lx)\n", + pcsc_error_string (err), err); - *status = 0; - if ( (rdrstates[0].event_state & PCSC_STATE_PRESENT) ) - *status |= 2; - if ( !(rdrstates[0].event_state & PCSC_STATE_MUTE) ) - *status |= 4; -#ifndef HAVE_W32_SYSTEM - /* We indicate a useful card if it is not in use by another - application. This is because we only use exclusive access - mode. */ - if ( (*status & 6) == 6 - && !(rdrstates[0].event_state & PCSC_STATE_INUSE) ) - *status |= 1; -#else - /* Some winscard drivers may set EXCLUSIVE and INUSE at the same - time when we are the only user (SCM SCR335) under Windows. */ - if ((*status & 6) == 6) - *status |= 1; -#endif - - return 0; + return pcsc_error_to_sw (err); +} #endif /*!NEED_PCSC_WRAPPER*/ -} -/* Actually send the APDU of length APDULEN to SLOT and return a - maximum of *BUFLEN data in BUFFER, the actual returned size will be - set to BUFLEN. Returns: CT API error code. */ +#ifdef NEED_PCSC_WRAPPER static int -pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, - struct pininfo_s *pininfo) +pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, + unsigned char *buffer, size_t *buflen, + struct pininfo_s *pininfo) { -#ifdef NEED_PCSC_WRAPPER long err; reader_table_t slotp; size_t len, full_len; @@ -1215,43 +1118,43 @@ slotp->pcsc.pid = (pid_t)(-1); slotp->used = 0; return sw; +} +#endif /*NEED_PCSC_WRAPPER*/ -#else /*!NEED_PCSC_WRAPPER*/ - long err; - struct pcsc_io_request_s send_pci; - unsigned long recv_len; +/* Send the APDU of length APDULEN to SLOT and return a maximum of + *BUFLEN data in BUFFER, the actual returned size will be stored at + BUFLEN. Returns: A status word. */ +static int +pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, + unsigned char *buffer, size_t *buflen, + struct pininfo_s *pininfo) +{ +#ifdef NEED_PCSC_WRAPPER + return pcsc_send_apdu_wrapped (slot, apdu, apdulen, buffer, buflen, pininfo); +#else + return pcsc_send_apdu_direct (slot, apdu, apdulen, buffer, buflen, pininfo); +#endif +} - if (!reader_table[slot].atrlen - && (err = reset_pcsc_reader (slot))) - return err; - if (DBG_CARD_IO) - log_printhex (" PCSC_data:", apdu, apdulen); - - if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1)) - send_pci.protocol = PCSC_PROTOCOL_T1; - else - send_pci.protocol = PCSC_PROTOCOL_T0; - send_pci.pci_len = sizeof send_pci; - recv_len = *buflen; - err = pcsc_transmit (reader_table[slot].pcsc.card, - &send_pci, apdu, apdulen, - NULL, buffer, &recv_len); - *buflen = recv_len; - if (err) - log_error ("pcsc_transmit failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - - return pcsc_error_to_sw (err); +#ifndef NEED_PCSC_WRAPPER +static int +close_pcsc_reader_direct (int slot) +{ + pcsc_release_context (reader_table[slot].pcsc.context); + xfree (reader_table[slot].rdrname); + reader_table[slot].rdrname = NULL; + reader_table[slot].used = 0; + return 0; +} #endif /*!NEED_PCSC_WRAPPER*/ -} +#ifdef NEED_PCSC_WRAPPER static int -close_pcsc_reader (int slot) +close_pcsc_reader_wrapped (int slot) { -#ifdef NEED_PCSC_WRAPPER long err; reader_table_t slotp; size_t len; @@ -1313,25 +1216,349 @@ slotp->pcsc.pid = (pid_t)(-1); slotp->used = 0; return 0; +} +#endif /*NEED_PCSC_WRAPPER*/ -#else /*!NEED_PCSC_WRAPPER*/ - pcsc_release_context (reader_table[slot].pcsc.context); - xfree (reader_table[slot].rdrname); - reader_table[slot].rdrname = NULL; - reader_table[slot].used = 0; +static int +close_pcsc_reader (int slot) +{ +#ifdef NEED_PCSC_WRAPPER + return close_pcsc_reader_wrapped (slot); +#else + return close_pcsc_reader_direct (slot); +#endif +} + + +/* Connect a PC/SC card. */ +#ifndef NEED_PCSC_WRAPPER +static int +connect_pcsc_card (int slot) +{ + long err; + + assert (slot >= 0 && slot < MAX_READER); + + if (reader_table[slot].pcsc.card) + return SW_HOST_ALREADY_CONNECTED; + + reader_table[slot].atrlen = 0; + reader_table[slot].last_status = 0; + reader_table[slot].is_t0 = 0; + + err = pcsc_connect (reader_table[slot].pcsc.context, + reader_table[slot].rdrname, + PCSC_SHARE_EXCLUSIVE, + PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, + &reader_table[slot].pcsc.card, + &reader_table[slot].pcsc.protocol); + if (err) + { + reader_table[slot].pcsc.card = 0; + if (err != PCSC_E_NO_SMARTCARD) + log_error ("pcsc_connect failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + } + else + { + char reader[250]; + unsigned long readerlen, atrlen; + unsigned long card_state, card_protocol; + + atrlen = DIM (reader_table[0].atr); + readerlen = sizeof reader -1 ; + err = pcsc_status (reader_table[slot].pcsc.card, + reader, &readerlen, + &card_state, &card_protocol, + reader_table[slot].atr, &atrlen); + if (err) + log_error ("pcsc_status failed: %s (0x%lx) %lu\n", + pcsc_error_string (err), err, readerlen); + else + { + if (atrlen > DIM (reader_table[0].atr)) + log_bug ("ATR returned by pcsc_status is too large\n"); + reader_table[slot].atrlen = atrlen; + /* If we got to here we know that a card is present + and usable. Remember this. */ + reader_table[slot].last_status = ( APDU_CARD_USABLE + | APDU_CARD_PRESENT + | APDU_CARD_ACTIVE + | 0x8000); + reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0); + } + } + + dump_reader_status (slot); + return pcsc_error_to_sw (err); +} +#endif /*!NEED_PCSC_WRAPPER*/ + + +/* Disconnect a PC/SC card. Note that this succeeds even if the card + is not connected. */ +#ifndef NEED_PCSC_WRAPPER +static int +disconnect_pcsc_card (int slot) +{ + long err; + + assert (slot >= 0 && slot < MAX_READER); + + if (!reader_table[slot].pcsc.card) + return 0; + + err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD); + if (err) + { + log_error ("pcsc_disconnect failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + return SW_HOST_CARD_IO_ERROR; + } + reader_table[slot].pcsc.card = 0; return 0; +} #endif /*!NEED_PCSC_WRAPPER*/ + + +#ifndef NEED_PCSC_WRAPPER +static int +reset_pcsc_reader_direct (int slot) +{ + int sw; + + sw = disconnect_pcsc_card (slot); + if (!sw) + sw = connect_pcsc_card (slot); + + return sw; } +#endif /*NEED_PCSC_WRAPPER*/ -/* Note: It is a pitty that we can't return proper error codes. */ + +#ifdef NEED_PCSC_WRAPPER static int -open_pcsc_reader (const char *portstr) +reset_pcsc_reader_wrapped (int slot) { + long err; + reader_table_t slotp; + size_t len; + int i, n; + unsigned char msgbuf[9]; + unsigned int dummy_status; + int sw = SW_HOST_CARD_IO_ERROR; + + slotp = reader_table + slot; + + if (slotp->pcsc.req_fd == -1 + || slotp->pcsc.rsp_fd == -1 + || slotp->pcsc.pid == (pid_t)(-1) ) + { + log_error ("pcsc_get_status: pcsc-wrapper not running\n"); + return sw; + } + + msgbuf[0] = 0x05; /* RESET command. */ + len = 0; + msgbuf[1] = (len >> 24); + msgbuf[2] = (len >> 16); + msgbuf[3] = (len >> 8); + msgbuf[4] = (len ); + if ( writen (slotp->pcsc.req_fd, msgbuf, 5) ) + { + log_error ("error sending PC/SC RESET request: %s\n", + strerror (errno)); + goto command_failed; + } + + /* Read the response. */ + if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) + { + log_error ("error receiving PC/SC RESET response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); + goto command_failed; + } + len -= 4; /* Already read the error code. */ + if (len > DIM (slotp->atr)) + { + log_error ("PC/SC returned a too large ATR (len=%lx)\n", + (unsigned long)len); + sw = SW_HOST_GENERAL_ERROR; + goto command_failed; + } + err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) + | (msgbuf[7] << 8 ) | msgbuf[8]); + if (err) + { + log_error ("PC/SC RESET failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + /* If the error code is no smart card, we should not considere + this a major error and close the wrapper. */ + sw = pcsc_error_to_sw (err); + if (err == PCSC_E_NO_SMARTCARD) + return sw; + goto command_failed; + } + + /* The open function may return a zero for the ATR length to + indicate that no card is present. */ + n = len; + if (n) + { + if ((i=readn (slotp->pcsc.rsp_fd, slotp->atr, n, &len)) || len != n) + { + log_error ("error receiving PC/SC RESET response: %s\n", + i? strerror (errno) : "premature EOF"); + goto command_failed; + } + } + slotp->atrlen = len; + + /* Read the status so that IS_T0 will be set. */ + pcsc_get_status (slot, &dummy_status); + + return 0; + + command_failed: + close (slotp->pcsc.req_fd); + close (slotp->pcsc.rsp_fd); + slotp->pcsc.req_fd = -1; + slotp->pcsc.rsp_fd = -1; + kill (slotp->pcsc.pid, SIGTERM); + slotp->pcsc.pid = (pid_t)(-1); + slotp->used = 0; + return sw; +} +#endif /* !NEED_PCSC_WRAPPER */ + + +/* Send an PC/SC reset command and return a status word on error or 0 + on success. */ +static int +reset_pcsc_reader (int slot) +{ #ifdef NEED_PCSC_WRAPPER + return reset_pcsc_reader_wrapped (slot); +#else + return reset_pcsc_reader_direct (slot); +#endif +} + + +/* Open the PC/SC reader without using the wrapper. Returns -1 on + error or a slot number for the reader. */ +#ifndef NEED_PCSC_WRAPPER +static int +open_pcsc_reader_direct (const char *portstr) +{ + long err; + int slot; + char *list = NULL; + unsigned long nreader, listlen; + char *p; + + slot = new_reader_slot (); + if (slot == -1) + return -1; + + /* Fixme: Allocating a context for each slot is not required. One + global context should be sufficient. */ + err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL, + &reader_table[slot].pcsc.context); + if (err) + { + log_error ("pcsc_establish_context failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + reader_table[slot].used = 0; + return -1; + } + + err = pcsc_list_readers (reader_table[slot].pcsc.context, + NULL, NULL, &nreader); + if (!err) + { + list = xtrymalloc (nreader+1); /* Better add 1 for safety reasons. */ + if (!list) + { + log_error ("error allocating memory for reader list\n"); + pcsc_release_context (reader_table[slot].pcsc.context); + reader_table[slot].used = 0; + return -1 /*SW_HOST_OUT_OF_CORE*/; + } + err = pcsc_list_readers (reader_table[slot].pcsc.context, + NULL, list, &nreader); + } + if (err) + { + log_error ("pcsc_list_readers failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + pcsc_release_context (reader_table[slot].pcsc.context); + reader_table[slot].used = 0; + xfree (list); + return -1; + } + + listlen = nreader; + p = list; + while (nreader) + { + if (!*p && !p[1]) + break; + if (*p) + log_info ("detected reader `%s'\n", p); + if (nreader < (strlen (p)+1)) + { + log_error ("invalid response from pcsc_list_readers\n"); + break; + } + nreader -= strlen (p)+1; + p += strlen (p) + 1; + } + + reader_table[slot].rdrname = xtrymalloc (strlen (portstr? portstr : list)+1); + if (!reader_table[slot].rdrname) + { + log_error ("error allocating memory for reader name\n"); + pcsc_release_context (reader_table[slot].pcsc.context); + reader_table[slot].used = 0; + return -1; + } + strcpy (reader_table[slot].rdrname, portstr? portstr : list); + xfree (list); + list = NULL; + + reader_table[slot].pcsc.card = 0; + reader_table[slot].atrlen = 0; + reader_table[slot].last_status = 0; + + reader_table[slot].connect_card = connect_pcsc_card; + reader_table[slot].disconnect_card = disconnect_pcsc_card; + reader_table[slot].close_reader = close_pcsc_reader; + reader_table[slot].reset_reader = reset_pcsc_reader; + reader_table[slot].get_status_reader = pcsc_get_status; + reader_table[slot].send_apdu_reader = pcsc_send_apdu; + reader_table[slot].dump_status_reader = dump_pcsc_reader_status; + + dump_reader_status (slot); + return slot; +} +#endif /*!NEED_PCSC_WRAPPER */ + + /* Open the PC/SC reader using the pcsc_wrapper program. This is needed to cope with different thread models and other peculiarities of libpcsclite. */ +#ifdef NEED_PCSC_WRAPPER +static int +open_pcsc_reader_wrapped (const char *portstr) +{ int slot; reader_table_t slotp; int fd, rp[2], wp[2]; @@ -1358,8 +1585,8 @@ return -1; slotp = reader_table + slot; - /* Fire up the pcsc wrapper. We don't use any fork/exec code from - the common directy but implement it direclty so that this file + /* Fire up the PC/SCc wrapper. We don't use any fork/exec code from + the common directy but implement it directly so that this file may still be source copied. */ if (pipe (rp) == -1) @@ -1449,7 +1676,7 @@ #endif while ( (i=WAIT (pid, NULL, 0)) == -1 && errno == EINTR) ; -#undef X +#undef WAIT /* Now send the open request. */ msgbuf[0] = 0x01; /* OPEN command. */ @@ -1509,7 +1736,10 @@ } /* If we got to here we know that a card is present and usable. Thus remember this. */ - slotp->last_status = (1|2|4| 0x8000); + slotp->last_status = ( APDU_CARD_USABLE + | APDU_CARD_PRESENT + | APDU_CARD_ACTIVE + | 0x8000); } slotp->atrlen = len; @@ -1517,7 +1747,6 @@ reader_table[slot].reset_reader = reset_pcsc_reader; reader_table[slot].get_status_reader = pcsc_get_status; reader_table[slot].send_apdu_reader = pcsc_send_apdu; - reader_table[slot].check_keypad = NULL; reader_table[slot].dump_status_reader = dump_pcsc_reader_status; /* Read the status so that IS_T0 will be set. */ @@ -1537,146 +1766,21 @@ /* There is no way to return SW. */ return -1; -#else /*!NEED_PCSC_WRAPPER */ - long err; - int slot; - char *list = NULL; - unsigned long nreader, listlen, atrlen; - char *p; - unsigned long card_state, card_protocol; +} +#endif /*NEED_PCSC_WRAPPER*/ - slot = new_reader_slot (); - if (slot == -1) - return -1; - err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL, - &reader_table[slot].pcsc.context); - if (err) - { - log_error ("pcsc_establish_context failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - reader_table[slot].used = 0; - return -1; - } - - err = pcsc_list_readers (reader_table[slot].pcsc.context, - NULL, NULL, &nreader); - if (!err) - { - list = xtrymalloc (nreader+1); /* Better add 1 for safety reasons. */ - if (!list) - { - log_error ("error allocating memory for reader list\n"); - pcsc_release_context (reader_table[slot].pcsc.context); - reader_table[slot].used = 0; - return -1 /*SW_HOST_OUT_OF_CORE*/; - } - err = pcsc_list_readers (reader_table[slot].pcsc.context, - NULL, list, &nreader); - } - if (err) - { - log_error ("pcsc_list_readers failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - pcsc_release_context (reader_table[slot].pcsc.context); - reader_table[slot].used = 0; - xfree (list); - return -1 /*pcsc_error_to_sw (err)*/; - } - - listlen = nreader; - p = list; - while (nreader) - { - if (!*p && !p[1]) - break; - if (*p) - log_info ("detected reader `%s'\n", p); - if (nreader < (strlen (p)+1)) - { - log_error ("invalid response from pcsc_list_readers\n"); - break; - } - nreader -= strlen (p)+1; - p += strlen (p) + 1; - } - - reader_table[slot].rdrname = xtrymalloc (strlen (portstr? portstr : list)+1); - if (!reader_table[slot].rdrname) - { - log_error ("error allocating memory for reader name\n"); - pcsc_release_context (reader_table[slot].pcsc.context); - reader_table[slot].used = 0; - return -1 /*SW_HOST_OUT_OF_CORE*/; - } - strcpy (reader_table[slot].rdrname, portstr? portstr : list); - xfree (list); - list = NULL; - - err = pcsc_connect (reader_table[slot].pcsc.context, - reader_table[slot].rdrname, - PCSC_SHARE_EXCLUSIVE, - PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, - &reader_table[slot].pcsc.card, - &reader_table[slot].pcsc.protocol); - if (err == PCSC_E_NO_SMARTCARD) - reader_table[slot].pcsc.card = 0; - else if (err) - { - log_error ("pcsc_connect failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - pcsc_release_context (reader_table[slot].pcsc.context); - xfree (reader_table[slot].rdrname); - reader_table[slot].rdrname = NULL; - reader_table[slot].used = 0; - return -1 /*pcsc_error_to_sw (err)*/; - } - - reader_table[slot].atrlen = 0; - reader_table[slot].last_status = 0; - if (!err) - { - char reader[250]; - unsigned long readerlen; - - atrlen = DIM (reader_table[0].atr); - readerlen = sizeof reader -1 ; - err = pcsc_status (reader_table[slot].pcsc.card, - reader, &readerlen, - &card_state, &card_protocol, - reader_table[slot].atr, &atrlen); - if (err) - log_error ("pcsc_status failed: %s (0x%lx) %lu\n", - pcsc_error_string (err), err, readerlen); - else - { - if (atrlen > DIM (reader_table[0].atr)) - log_bug ("ATR returned by pcsc_status is too large\n"); - reader_table[slot].atrlen = atrlen; - /* If we got to here we know that a card is present - and usable. Thus remember this. */ - reader_table[slot].last_status = (1|2|4| 0x8000); - reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0); - } - } - - reader_table[slot].close_reader = close_pcsc_reader; - reader_table[slot].reset_reader = reset_pcsc_reader; - reader_table[slot].get_status_reader = pcsc_get_status; - reader_table[slot].send_apdu_reader = pcsc_send_apdu; - reader_table[slot].check_keypad = NULL; - reader_table[slot].dump_status_reader = dump_pcsc_reader_status; - -/* log_debug ("state from pcsc_status: 0x%lx\n", card_state); */ -/* log_debug ("protocol from pcsc_status: 0x%lx\n", card_protocol); */ - - dump_reader_status (slot); - return slot; -#endif /*!NEED_PCSC_WRAPPER */ +static int +open_pcsc_reader (const char *portstr) +{ +#ifdef NEED_PCSC_WRAPPER + return open_pcsc_reader_wrapped (portstr); +#else + return open_pcsc_reader_direct (portstr); +#endif } - #ifdef HAVE_LIBUSB /* @@ -1738,9 +1842,9 @@ return -1; if (bits == 0) - *status = 1|2|4; + *status = (APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE); else if (bits == 1) - *status = 2; + *status = APDU_CARD_PRESENT; else *status = 0; @@ -1836,7 +1940,10 @@ { /* If we got to here we know that a card is present and usable. Thus remember this. */ - reader_table[slot].last_status = (1|2|4| 0x8000); + reader_table[slot].last_status = (APDU_CARD_USABLE + | APDU_CARD_PRESENT + | APDU_CARD_ACTIVE + | 0x8000); } reader_table[slot].close_reader = close_ccid_reader; @@ -2335,7 +2442,11 @@ pcsc_api_loaded = 1; } +#ifdef NEED_PCSC_WRAPPER + return open_pcsc_reader_wrapped (portstr); +#else return open_pcsc_reader (portstr); +#endif } @@ -2378,21 +2489,31 @@ int apdu_close_reader (int slot) { + int sw; + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; + sw = apdu_disconnect (slot); + if (sw) + return sw; if (reader_table[slot].close_reader) return reader_table[slot].close_reader (slot); return SW_HOST_NOT_SUPPORTED; } /* Shutdown a reader; that is basically the same as a close but keeps - the handle ready for later use. A apdu_reset_reader should be used - to get it active again. */ + the handle ready for later use. A apdu_reset_reader or apdu_connect + should be used to get it active again. */ int apdu_shutdown_reader (int slot) { + int sw; + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; + sw = apdu_disconnect (slot); + if (sw) + return sw; if (reader_table[slot].shutdown_reader) return reader_table[slot].shutdown_reader (slot); return SW_HOST_NOT_SUPPORTED; @@ -2410,6 +2531,58 @@ return 0; } + +/* Connect a card. This is used to power up the card and make sure + that an ATR is available. */ +int +apdu_connect (int slot) +{ + int sw; + + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) + return SW_HOST_NO_DRIVER; + + /* Only if the access method provides a connect function we use it. + If not, we expect that the card has been implicitly connected by + apdu_open_reader. */ + if (reader_table[slot].connect_card) + { + sw = lock_slot (slot); + if (!sw) + { + sw = reader_table[slot].connect_card (slot); + unlock_slot (slot); + } + } + else + sw = 0; + return sw; +} + +int +apdu_disconnect (int slot) +{ + int sw; + + if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) + return SW_HOST_NO_DRIVER; + + if (reader_table[slot].disconnect_card) + { + sw = lock_slot (slot); + if (!sw) + { + sw = reader_table[slot].disconnect_card (slot); + unlock_slot (slot); + } + } + else + sw = 0; + return sw; +} + + + /* Do a reset for the card in reader at SLOT. */ int apdu_reset (int slot) @@ -2430,7 +2603,10 @@ { /* If we got to here we know that a card is present and usable. Thus remember this. */ - reader_table[slot].last_status = (1|2|4| 0x8000); + reader_table[slot].last_status = (APDU_CARD_USABLE + | APDU_CARD_PRESENT + | APDU_CARD_ACTIVE + | 0x8000); } unlock_slot (slot); @@ -2474,7 +2650,10 @@ { /* If we got to here we know that a card is present and usable. Thus remember this. */ - reader_table[slot].last_status = (1|2|4| 0x8000); + reader_table[slot].last_status = (APDU_CARD_USABLE + | APDU_CARD_PRESENT + | APDU_CARD_ACTIVE + | 0x8000); } } } @@ -2493,7 +2672,8 @@ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return NULL; - + if (!reader_table[slot].atrlen) + return NULL; buf = xtrymalloc (reader_table[slot].atrlen); if (!buf) return NULL; @@ -2508,12 +2688,12 @@ card to become available if HANG is set to true. On success the bits in STATUS will be set to - bit 0 = card present and usable - bit 1 = card present - bit 2 = card active - bit 3 = card access locked [not yet implemented] + APDU_CARD_USABLE (bit 0) = card present and usable + APDU_CARD_PRESENT (bit 1) = card present + APDU_CARD_ACTIVE (bit 2) = card active + (bit 3) = card access locked [not yet implemented] - For must application, testing bit 0 is sufficient. + For must applications, testing bit 0 is sufficient. CHANGED will receive the value of the counter tracking the number of card insertions. This value may be used to detect a card Modified: trunk/scd/apdu.h =================================================================== --- trunk/scd/apdu.h 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/scd/apdu.h 2008-10-14 18:18:21 UTC (rev 4850) @@ -65,13 +65,20 @@ SW_HOST_GENERAL_ERROR = 0x1000b, SW_HOST_NO_READER = 0x1000c, SW_HOST_ABORTED = 0x1000d, - SW_HOST_NO_KEYPAD = 0x1000e + SW_HOST_NO_KEYPAD = 0x1000e, + SW_HOST_ALREADY_CONNECTED = 0x1000f }; #define SW_EXACT_LENGTH_P(a) (((a)&~0xff) == SW_EXACT_LENGTH) +/* Bit flags for the card status. */ +#define APDU_CARD_USABLE (1) /* Card is present and ready for use. */ +#define APDU_CARD_PRESENT (2) /* Card is just present. */ +#define APDU_CARD_ACTIVE (4) /* Card is active. */ + + /* Note , that apdu_open_reader returns no status word but -1 on error. */ int apdu_open_reader (const char *portstr); int apdu_open_remote_reader (const char *portstr, @@ -92,8 +99,11 @@ const char *apdu_strerror (int rc); -/* These apdu functions do return status words. */ +/* These APDU functions return status words. */ +int apdu_connect (int slot); +int apdu_disconnect (int slot); + int apdu_activate (int slot); int apdu_reset (int slot); int apdu_get_status (int slot, int hang, Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/scd/command.c 2008-10-14 18:18:21 UTC (rev 4850) @@ -102,8 +102,12 @@ /* The Assuan context used by this session/server. */ assuan_context_t assuan_ctx; - int event_signal; /* Or 0 if not used. */ - +#ifdef HAVE_W32_SYSTEM + unsigned long event_signal; /* Or 0 if not used. */ +#else + int event_signal; /* Or 0 if not used. */ +#endif + /* True if the card has been removed and a reset is required to continue operation. */ int card_removed; @@ -165,6 +169,7 @@ { sl->card_removed = value; } + /* Let the card application layer know about the removal. */ if (value) application_notify_card_removed (slot); } @@ -319,10 +324,16 @@ if (!strcmp (key, "event-signal")) { /* A value of 0 is allowed to reset the event signal. */ +#ifdef HAVE_W32_SYSTEM + if (!*value) + return gpg_error (GPG_ERR_ASS_PARAMETER); + ctrl->server_local->event_signal = strtoul (value, NULL, 16); +#else int i = *value? atoi (value) : -1; if (i < 0) return gpg_error (GPG_ERR_ASS_PARAMETER); ctrl->server_local->event_signal = i; +#endif } return 0; @@ -389,7 +400,15 @@ if (slot == -1) err = gpg_error (GPG_ERR_CARD); else - err = select_application (ctrl, slot, apptype, &ctrl->app_ctx); + { + /* Fixme: We should move the apdu_connect call to + select_application. */ + int sw = apdu_connect (slot); + if (sw && sw != SW_HOST_ALREADY_CONNECTED) + err = gpg_error (GPG_ERR_CARD); + else + err = select_application (ctrl, slot, apptype, &ctrl->app_ctx); + } TEST_CARD_REMOVAL (ctrl, err); return err; @@ -1774,7 +1793,7 @@ } else { - rc = assuan_init_socket_server_ext (&ctx, fd, 2); + rc = assuan_init_socket_server_ext (&ctx, INT2FD(fd), 2); } if (rc) { @@ -1911,6 +1930,11 @@ int idx; unsigned int status, changed; + /* Make sure that the reader has been opened. Like get_reader_slot, + this part of the code assumes that there is only one reader. */ + if (!slot_table[0].valid) + (void)get_reader_slot (); + /* Note, that we only try to get the status, because it does not make sense to wait here for a operation to complete. If we are busy working with a card, delays in the status file update should @@ -2007,11 +2031,20 @@ if (sl->event_signal && sl->assuan_ctx) { pid_t pid = assuan_get_pid (sl->assuan_ctx); + +#ifdef HAVE_W32_SYSTEM + HANDLE handle = (void *)sl->event_signal; + + log_info ("client pid is %d, triggering event %lx (%p)\n", + pid, sl->event_signal, handle); + if (!SetEvent (handle)) + log_error ("SetEvent(%lx) failed: %s\n", + sl->event_signal, w32_strerror (-1)); +#else int signo = sl->event_signal; log_info ("client pid is %d, sending signal %d\n", pid, signo); -#ifndef HAVE_W32_SYSTEM if (pid != (pid_t)(-1) && pid && signo > 0) kill (pid, signo); #endif Modified: trunk/scd/sc-copykeys.c =================================================================== --- trunk/scd/sc-copykeys.c 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/scd/sc-copykeys.c 2008-10-14 18:18:21 UTC (rev 4850) @@ -142,6 +142,8 @@ slot = apdu_open_reader (reader_port); if (slot == -1) exit (1); + if (apdu_connect (slot)) + exit (1); /* FIXME: Use select_application. */ appbuf.slot = slot; Modified: trunk/scd/scdaemon.c =================================================================== --- trunk/scd/scdaemon.c 2008-10-13 09:42:32 UTC (rev 4849) +++ trunk/scd/scdaemon.c 2008-10-14 18:18:21 UTC (rev 4850) @@ -148,15 +148,18 @@ #define DEFAULT_PCSC_DRIVER "libpcsclite.so" #endif -/* The timer tick used for housekeeping stuff. For Windows we use a - longer period as the SetWaitableTimer seems to signal earlier than - the 2 seconds. */ -#ifdef HAVE_W32_SYSTEM -#define TIMERTICK_INTERVAL (4) -#else From cvs at cvs.gnupg.org Wed Oct 15 12:49:32 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 15 Oct 2008 12:49:32 +0200 Subject: [svn] w32pth - r27 - trunk Message-ID: Author: wk Date: 2008-10-15 12:49:31 +0200 (Wed, 15 Oct 2008) New Revision: 27 Modified: trunk/ChangeLog trunk/w32-pth.c Log: Fixed bogus error checking so that a closed pipe is properly detected. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-13 11:32:00 UTC (rev 26) +++ trunk/ChangeLog 2008-10-15 10:49:31 UTC (rev 27) @@ -1,3 +1,8 @@ +2008-10-15 Werner Koch + + * w32-pth.c (map_w32_to_errno): Return EPIPE. + (do_pth_write): Fix bogus error checking for WriteFile. + 2008-10-13 Werner Koch * pth.h (PTH_EVENT_HANDLE): New. Note that this was orginally Modified: trunk/w32-pth.c =================================================================== --- trunk/w32-pth.c 2008-10-13 11:32:00 UTC (rev 26) +++ trunk/w32-pth.c 2008-10-15 10:49:31 UTC (rev 27) @@ -269,6 +269,9 @@ case ERROR_NOT_ENOUGH_MEMORY: return ENOMEM; + + case ERROR_NO_DATA: + return EPIPE; default: return EIO; @@ -672,16 +675,14 @@ /* This is no real error because we first need to figure out if we have a handle or a socket. */ - - n = WriteFile ((HANDLE)fd, buffer, size, &nwrite, NULL); - if (n == -1) + if (!WriteFile ((HANDLE)fd, buffer, size, &nwrite, NULL)) { + n = -1; + errno = map_w32_to_errno (GetLastError ()); if (DBG_ERROR) fprintf (dbgfp, "%s: pth_write(%d) failed in write: %s\n", log_get_prefix (NULL), fd, w32_strerror (strerr, sizeof strerr)); - n = -1; - errno = map_w32_to_errno (GetLastError ()); } else n = (int) nwrite; From cvs at cvs.gnupg.org Wed Oct 15 12:50:50 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 15 Oct 2008 12:50:50 +0200 Subject: [svn] assuan - r290 - trunk/src Message-ID: Author: wk Date: 2008-10-15 12:50:50 +0200 (Wed, 15 Oct 2008) New Revision: 290 Modified: trunk/src/ChangeLog trunk/src/assuan-logging.c trunk/src/assuan-socket-connect.c Log: Typo fix. flush full debug lines. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-09-01 10:39:44 UTC (rev 289) +++ trunk/src/ChangeLog 2008-10-15 10:50:50 UTC (rev 290) @@ -1,3 +1,8 @@ +2008-10-15 Werner Koch + + * assuan-logging.c (_assuan_log_printf): Flush if the format + string ends with a LF. + 2008-09-01 Werner Koch * assuan-io.c: Include time.h. Fixes bug#951. Modified: trunk/src/assuan-logging.c =================================================================== --- trunk/src/assuan-logging.c 2008-09-01 10:39:44 UTC (rev 289) +++ trunk/src/assuan-logging.c 2008-10-15 10:50:50 UTC (rev 290) @@ -112,6 +112,11 @@ va_start (arg_ptr, format); vfprintf (fp, format, arg_ptr ); va_end (arg_ptr); + /* If the log stream is a file, the output would be buffered. This + is bad for debugging, thus we flush the stream if FORMAT ends + with a LF. */ + if (format && *format && format[strlen(format)-1] == '\n') + fflush (fp); errno = save_errno; } Modified: trunk/src/assuan-socket-connect.c =================================================================== --- trunk/src/assuan-socket-connect.c 2008-09-01 10:39:44 UTC (rev 289) +++ trunk/src/assuan-socket-connect.c 2008-10-15 10:50:50 UTC (rev 290) @@ -107,7 +107,7 @@ /* We require that the name starts with a slash, so that we eventually can reuse this function for other socket types. To - make things easier we allow an optional dirver prefix. */ + make things easier we allow an optional driver prefix. */ s = name; if (*s && s[1] == ':') s += 2; From cvs at cvs.gnupg.org Wed Oct 15 15:02:18 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 15 Oct 2008 15:02:18 +0200 Subject: [svn] w32pth - r28 - trunk Message-ID: Author: wk Date: 2008-10-15 15:02:18 +0200 (Wed, 15 Oct 2008) New Revision: 28 Modified: trunk/ChangeLog trunk/w32-pth.c Log: Support thread statistics. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-15 10:49:31 UTC (rev 27) +++ trunk/ChangeLog 2008-10-15 13:02:18 UTC (rev 28) @@ -1,5 +1,10 @@ 2008-10-15 Werner Koch + * w32-pth.c (thread_counter): New. + (pth_ctrl): Return thread counters. + (launch_thread, pth_cancel, pth_abort): Track number of threads. + (pth_init): Set counter to 1. + * w32-pth.c (map_w32_to_errno): Return EPIPE. (do_pth_write): Fix bogus error checking for WriteFile. Modified: trunk/w32-pth.c =================================================================== --- trunk/w32-pth.c 2008-10-15 10:49:31 UTC (rev 27) +++ trunk/w32-pth.c 2008-10-15 13:02:18 UTC (rev 28) @@ -75,6 +75,9 @@ /* Mutex to make sure only one thread is running. */ static CRITICAL_SECTION pth_shd; +/* Counter to track the number of PTH threads. */ +static int thread_counter; + /* Object used by update_fdarray. */ struct fdarray_item_s { @@ -472,6 +475,7 @@ return FALSE; pth_initialized = 1; + thread_counter = 1; EnterCriticalSection (&pth_shd); return TRUE; } @@ -524,13 +528,29 @@ case PTH_CTRL_GETAVLOAD: case PTH_CTRL_GETPRIO: case PTH_CTRL_GETNAME: + return -1; + case PTH_CTRL_GETTHREADS_NEW: + return 0; /* Not strictly correct. */ + case PTH_CTRL_GETTHREADS_READY: + return thread_counter? (thread_counter-1):0; + case PTH_CTRL_GETTHREADS_RUNNING: + return thread_counter? 1:0; + case PTH_CTRL_GETTHREADS_WAITING: + return -1; /* We don't have this info. */ + case PTH_CTRL_GETTHREADS_SUSPENDED: + return -1; /* We don't have this info. */ + case PTH_CTRL_GETTHREADS_DEAD: + return 0; + case PTH_CTRL_GETTHREADS: + return thread_counter; + default: return -1; } @@ -1297,13 +1317,18 @@ int pth_cancel (pth_t hd) { + int ok = 0; + if (!hd) return -1; implicit_init (); enter_pth (__FUNCTION__); WaitForSingleObject (hd, 1000); - TerminateThread (hd, 0); + if (TerminateThread (hd, 0)) + ok = 1; leave_pth (__FUNCTION__); + if (ok) + thread_counter--; return TRUE; } @@ -1312,12 +1337,17 @@ int pth_abort (pth_t hd) { + int ok = 0; + if (!hd) return -1; implicit_init (); enter_pth (__FUNCTION__); - TerminateThread (hd, 0); + if (TerminateThread (hd, 0)) + ok = 1; leave_pth (__FUNCTION__); + if (ok) + thread_counter--; return TRUE; } @@ -1622,12 +1652,16 @@ if (c) { leave_pth (__FUNCTION__); + + thread_counter++; c->thread (c->arg); if (!c->joinable && c->th) { CloseHandle (c->th); c->th = NULL; } + thread_counter--; + /* FIXME: We would badly fail if someone accesses the now deallocated handle. Don't use it directly but setup proper scheduling queues. */ From cvs at cvs.gnupg.org Wed Oct 15 15:23:10 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 15 Oct 2008 15:23:10 +0200 Subject: [svn] GnuPG - r4851 - in trunk: . agent jnlib scd Message-ID: Author: wk Date: 2008-10-15 15:23:10 +0200 (Wed, 15 Oct 2008) New Revision: 4851 Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/call-scd.c trunk/jnlib/ChangeLog trunk/jnlib/logging.c trunk/scd/ChangeLog trunk/scd/apdu.c trunk/scd/command.c trunk/scd/scdaemon.c trunk/scd/scdaemon.h Log: Made scdaemon more robust on Windows. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/agent/ChangeLog 2008-10-15 13:23:10 UTC (rev 4851) @@ -1,3 +1,8 @@ +2008-10-15 Werner Koch + + * call-scd.c (start_scd): Enable assuan loggging if requested. + (agent_scd_check_aliveness) [W32]: Fix use of GetExitCodeProcess. + 2008-10-14 Werner Koch * gpg-agent.c (get_agent_scd_notify_event): Need to use a manual Modified: trunk/jnlib/ChangeLog =================================================================== --- trunk/jnlib/ChangeLog 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/jnlib/ChangeLog 2008-10-15 13:23:10 UTC (rev 4851) @@ -1,3 +1,7 @@ +2008-10-15 Werner Koch + + * logging.c (do_logv) [W32]: Flush the log stream. + 2008-09-29 Werner Koch * argparse.c (ARGERR_): Use constants for error values. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/scd/ChangeLog 2008-10-15 13:23:10 UTC (rev 4851) @@ -1,3 +1,12 @@ +2008-10-15 Werner Koch + + * command.c (scd_command_handler): Return true if there is no more + active session. + * scdaemon.c (start_connection_thread): Set shutdown flag if + requested by command handler. + (main): Make PIPE_SERVER module global. + (handle_connections): Disable listen_fd if a shutdown is pending. + 2008-10-14 Werner Koch Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/NEWS 2008-10-15 13:23:10 UTC (rev 4851) @@ -20,7 +20,7 @@ * [gpgsm] Made --output option work with --export-secret-key-p12. - * gpg-connect-agent accepts commands given as command line arguments. + * [gpg-connect-agent] Accept commands given as command line arguments. * [gpg] The option --fixed-list-mode is now implicitly used and obsolete. @@ -35,6 +35,8 @@ * Support for version 2 OpenPGP cards. + * [scdaemon] Made it more robust on W32. + * Libgcrypt 1.4 is now required. Modified: trunk/agent/call-scd.c =================================================================== --- trunk/agent/call-scd.c 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/agent/call-scd.c 2008-10-15 13:23:10 UTC (rev 4851) @@ -343,6 +343,9 @@ if (opt.verbose) log_debug ("first connection to SCdaemon established\n"); + if (DBG_ASSUAN) + assuan_set_log_stream (ctx, log_get_stream ()); + /* Get the name of the additional socket opened by scdaemon. */ { membuf_t data; @@ -412,9 +415,10 @@ { pth_event_t evt; pid_t pid; +#ifdef HAVE_W32_SYSTEM + DWORD rc; +#else int rc; -#ifdef HAVE_W32_SYSTEM - DWORD dummyec; #endif if (!primary_scd_ctx) @@ -443,8 +447,11 @@ { pid = assuan_get_pid (primary_scd_ctx); #ifdef HAVE_W32_SYSTEM + /* If we have a PID we disconnect if either GetExitProcessCode + fails or if ir returns the exit code of the scdaemon. 259 is + the error code for STILL_ALIVE. */ if (pid != (pid_t)(void*)(-1) && pid - && !GetExitCodeProcess ((HANDLE)pid, &dummyec)) + && (!GetExitCodeProcess ((HANDLE)pid, &rc) || rc != 259)) #else if (pid != (pid_t)(-1) && pid && ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) ) Modified: trunk/jnlib/logging.c =================================================================== --- trunk/jnlib/logging.c 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/jnlib/logging.c 2008-10-15 13:23:10 UTC (rev 4851) @@ -490,6 +490,10 @@ vfprintf(logstream,fmt,arg_ptr) ; if (*fmt && fmt[strlen(fmt)-1] != '\n') missing_lf = 1; +#ifdef HAVE_W32_SYSTEM + else + fflush (logstream); +#endif } if (level == JNLIB_LOG_FATAL) Modified: trunk/scd/apdu.c =================================================================== --- trunk/scd/apdu.c 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/scd/apdu.c 2008-10-15 13:23:10 UTC (rev 4851) @@ -2442,11 +2442,7 @@ pcsc_api_loaded = 1; } -#ifdef NEED_PCSC_WRAPPER - return open_pcsc_reader_wrapped (portstr); -#else return open_pcsc_reader (portstr); -#endif } Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/scd/command.c 2008-10-15 13:23:10 UTC (rev 4851) @@ -1,6 +1,6 @@ /* command.c - SCdaemon command handler * Copyright (C) 2001, 2002, 2003, 2004, 2005, - * 2007 Free Software Foundation, Inc. + * 2007, 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1776,8 +1776,9 @@ /* Startup the server. If FD is given as -1 this is simple pipe - server, otherwise it is a regular server. */ -void + server, otherwise it is a regular server. Returns true if there + are no more active asessions. */ +int scd_command_handler (ctrl_t ctrl, int fd) { int rc; @@ -1872,6 +1873,9 @@ /* Release the Assuan context. */ assuan_deinit_server (ctx); + + /* If there are no more sessions return true. */ + return !session_list; } Modified: trunk/scd/scdaemon.c =================================================================== --- trunk/scd/scdaemon.c 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/scd/scdaemon.c 2008-10-15 13:23:10 UTC (rev 4851) @@ -1,6 +1,6 @@ /* scdaemon.c - The GnuPG Smartcard Daemon * Copyright (C) 2001, 2002, 2004, 2005, - * 2007 Free Software Foundation, Inc. + * 2007, 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -167,6 +167,9 @@ /* It is possible that we are currently running under setuid permissions */ static int maybe_setuid = 1; +/* Flag telling whether we are running as a pipe server. */ +static int pipe_server; + /* Name of the communication socket */ static char *socket_name; @@ -304,7 +307,6 @@ int default_config =1; int greeting = 0; int nogreeting = 0; - int pipe_server = 0; int multi_server = 0; int is_daemon = 0; int nodetach = 0; @@ -1027,19 +1029,18 @@ log_info (_("handler for fd %d started\n"), FD2INT(ctrl->thread_startup.fd)); - scd_command_handler (ctrl, FD2INT(ctrl->thread_startup.fd)); + /* If this is a pipe server, we request a shutdown if the command + hanlder asked for it. With the next ticker event and given that + no other connections are running the shutdown will then + happen. */ + if (scd_command_handler (ctrl, FD2INT(ctrl->thread_startup.fd)) + && pipe_server) + shutdown_pending = 1; if (opt.verbose) log_info (_("handler for fd %d terminated\n"), FD2INT (ctrl->thread_startup.fd)); - /* If this thread is the pipe connection thread, flag that a - shutdown is required. With the next ticker event and given that - no other connections are running the shutdown will then - happen. */ - if (ctrl->thread_startup.fd == GNUPG_INVALID_FD) - shutdown_pending = 1; - scd_deinit_default_ctrl (ctrl); xfree (ctrl); return NULL; @@ -1105,6 +1106,7 @@ file descriptors to wait for, so that the select will be used to just wait on a signal or timeout event. */ FD_ZERO (&fdset); + listen_fd = -1; } /* Create a timeout event if needed. */ Modified: trunk/scd/scdaemon.h =================================================================== --- trunk/scd/scdaemon.h 2008-10-14 18:18:21 UTC (rev 4850) +++ trunk/scd/scdaemon.h 2008-10-15 13:23:10 UTC (rev 4851) @@ -121,7 +121,7 @@ /*-- command.c --*/ void initialize_module_command (void); -void scd_command_handler (ctrl_t, int); +int scd_command_handler (ctrl_t, int); void send_status_info (ctrl_t ctrl, const char *keyword, ...) GNUPG_GCC_A_SENTINEL(1); void scd_update_reader_status_file (void); From cvs at cvs.gnupg.org Thu Oct 16 14:42:39 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 16 Oct 2008 14:42:39 +0200 Subject: [svn] GpgOL - r269 - trunk/src Message-ID: Author: wk Date: 2008-10-16 14:42:39 +0200 (Thu, 16 Oct 2008) New Revision: 269 Modified: trunk/src/ChangeLog trunk/src/engine-assuan.c trunk/src/mapihelp.cpp Log: Support --protocol for SENDER assuan command. Refactored some code in mapihelp.cpp. Decide between signedData, evenelopedData and unknown in is_really_cms_encryped. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-09-30 13:33:44 UTC (rev 268) +++ trunk/src/ChangeLog 2008-10-16 12:42:39 UTC (rev 269) @@ -1,3 +1,19 @@ +2008-10-16 Werner Koch + + * mapihelp.cpp (is_really_cms_encrypted): Extend to detect unknown + message types. + (mapi_change_message_class): Adjust for this change. + (mapi_change_message_class): Factor code out to ... + (change_message_class_ipm_note) + (change_message_class_ipm_note_smime) + (change_message_class_ipm_note_smime_multipartsigned) + (change_message_class_ipm_note_secure_cex): New. + +2008-10-15 Werner Koch + + * engine-assuan.c (op_assuan_sign): Send the new --protocl option + to the server. + 2008-09-30 Werner Koch * mapihelp.cpp (mapi_change_message_class): Special handling for Modified: trunk/src/engine-assuan.c =================================================================== --- trunk/src/engine-assuan.c 2008-09-30 13:33:44 UTC (rev 268) +++ trunk/src/engine-assuan.c 2008-10-16 12:42:39 UTC (rev 269) @@ -1810,13 +1810,16 @@ goto leave; /* We always send the SENDER command because it allows us to figure - out the protocol to use. In case the UI server faisl to send the - protocol we fall back to OpenPGP. */ + out the protocol to use. In case the UI server fails to send the + protocol we fall back to OpenPGP. The --protocol option isused + to given the server a hint on what protocol we would prefer. */ suggested_protocol = PROTOCOL_UNKNOWN; if (!sender) sender = ""; - snprintf (line, sizeof line, "SENDER%s%s", - sender? " -- ":"", sender?sender:""); + snprintf (line, sizeof line, "SENDER%s%s -- %s", + protocol_name? " --protocol=":"", + protocol_name? protocol_name:"", + sender? sender:""); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, prep_foo_status_cb, &suggested_protocol); if (err) Modified: trunk/src/mapihelp.cpp =================================================================== --- trunk/src/mapihelp.cpp 2008-09-30 13:33:44 UTC (rev 268) +++ trunk/src/mapihelp.cpp 2008-10-16 12:42:39 UTC (rev 269) @@ -562,8 +562,10 @@ /* Check whether the message is really a CMS encrypted message. We check here whether the message is really encrypted by looking at - the object identifier inside the CMS data. Returns true if the - message is really encrypted. + the object identifier inside the CMS data. Returns: + -1 := Unknown message type, + 0 := The message is signed, + 1 := The message is encrypted. This function is required for two reasons: @@ -574,6 +576,10 @@ 2. If the smime-type parameter is missing we need another way to decide whether to decrypt or to verify. + + 3. Some messages lack a PR_TRANSPORT_MESSAGE_HEADERS and thus it is + not possible to deduce the message type from the mail headers. + This function may be used to identify the message anyway. */ static int is_really_cms_encrypted (LPMESSAGE message) @@ -583,7 +589,7 @@ LPMAPITABLE mapitable; LPSRowSet mapirows; unsigned int pos, n_attach; - int is_encrypted = 0; + int result = -1; /* Unknown. */ LPATTACH att = NULL; LPSTREAM stream = NULL; char buffer[24]; /* 24 bytes are more than enough to peek at. @@ -616,7 +622,7 @@ { FreeProws (mapirows); mapitable->Release (); - log_debug ("%s:%s: not just one attachments", SRCNAME, __func__); + log_debug ("%s:%s: not just one attachment", SRCNAME, __func__); return 0; } pos = 0; @@ -678,11 +684,16 @@ if (!(ti.cls == MY_ASN_CLASS_UNIVERSAL && ti.tag == MY_ASN_TAG_OBJECT_ID && !ti.is_cons && ti.length) || ti.length > n) goto leave; - /* Now is this enveloped data (1.2.840.113549.1.7.3)? */ - if (ti.length == 9 && !memcmp (p, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03", 9)) - is_encrypted = 1; - - + /* Now is this enveloped data (1.2.840.113549.1.7.3) + or signed data (1.2.840.113549.1.7.2) ? */ + if (ti.length == 9) + { + if (!memcmp (p, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03", 9)) + result = 1; /* Encrypted. */ + else if (!memcmp (p, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02", 9)) + result = 0; /* Signed. */ + } + leave: if (stream) stream->Release (); @@ -690,11 +701,258 @@ att->Release (); FreeProws (mapirows); mapitable->Release (); - return !!is_encrypted; + return result; } +/* Helper for mapi_change_message_class. Returns the new message + class as an allocated string. + Most message today are of the message class "IPM.Note". However a + PGP/MIME encrypted message also has this class. We need to see + whether we can detect such a mail right here and change the message + class accordingly. */ +static char * +change_message_class_ipm_note (LPMESSAGE message) +{ + char *newvalue = NULL; + char *ct, *proto; + + ct = mapi_get_message_content_type (message, &proto, NULL); + if (!ct) + log_debug ("%s:%s: message has no content type", SRCNAME, __func__); + else + { + log_debug ("%s:%s: content type is '%s'", SRCNAME, __func__, ct); + if (proto) + { + log_debug ("%s:%s: protocol is '%s'", SRCNAME, __func__, proto); + + if (!strcmp (ct, "multipart/encrypted") + && !strcmp (proto, "application/pgp-encrypted")) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartEncrypted"); + } + else if (!strcmp (ct, "multipart/signed") + && !strcmp (proto, "application/pgp-signature")) + { + /* Sometimes we receive a PGP/MIME signed message with a + class IPM.Note. */ + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + } + xfree (proto); + } + else if (!strcmp (ct, "text/plain")) + { + newvalue = get_msgcls_from_pgp_lines (message); + } + else if (!strcmp (ct, "multipart/mixed")) + { + /* It is quite common to have a multipart/mixed mail with + separate encrypted PGP parts. Look at the body to + decide. */ + newvalue = get_msgcls_from_pgp_lines (message); + } + + xfree (ct); + } + + return newvalue; +} + +/* Helper for mapi_change_message_class. Returns the new message + class as an allocated string. + + This function is used for the message class "IPM.Note.SMIME". It + indicates an S/MIME opaque encrypted or signed message. This may + also be an PGP/MIME mail. */ +static char * +change_message_class_ipm_note_smime (LPMESSAGE message) +{ + char *newvalue = NULL; + char *ct, *proto, *smtype; + + ct = mapi_get_message_content_type (message, &proto, &smtype); + if (!ct) + log_debug ("%s:%s: message has no content type", SRCNAME, __func__); + else + { + log_debug ("%s:%s: content type is '%s'", SRCNAME, __func__, ct); + if (proto + && !strcmp (ct, "multipart/signed") + && !strcmp (proto, "application/pgp-signature")) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + } + else if (!opt.enable_smime) + ; /* S/MIME not enabled; thus no further checks. */ + else if (smtype) + { + log_debug ("%s:%s: smime-type is '%s'", SRCNAME, __func__, smtype); + + if (!strcmp (ct, "application/pkcs7-mime") + || !strcmp (ct, "application/x-pkcs7-mime")) + { + if (!strcmp (smtype, "signed-data")) + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); + else if (!strcmp (smtype, "enveloped-data")) + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); + } + } + else + { + /* No smime type. The filename parameter is often not + reliable, thus we better look into the message to see if + it is encrypted and assume an opaque signed one if this + is not the case. */ + switch (is_really_cms_encrypted (message)) + { + case 0: + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); + break; + case 1: + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); + break; + } + + } + xfree (smtype); + xfree (proto); + xfree (ct); + } + if (!newvalue && opt.enable_smime) + newvalue = xstrdup ("IPM.Note.GpgOL"); + + return newvalue; +} + +/* Helper for mapi_change_message_class. Returns the new message + class as an allocated string. + + This function is used for the message class + "IPM.Note.SMIME.MultipartSigned". This is an S/MIME message class + but smime support is not enabled. We need to check whether this is + actually a PGP/MIME message. */ +static char * +change_message_class_ipm_note_smime_multipartsigned (LPMESSAGE message) +{ + char *newvalue = NULL; + char *ct, *proto; + + ct = mapi_get_message_content_type (message, &proto, NULL); + if (!ct) + log_debug ("%s:%s: message has no content type", SRCNAME, __func__); + else + { + log_debug ("%s:%s: content type is '%s'", SRCNAME, __func__, ct); + if (proto + && !strcmp (ct, "multipart/signed") + && !strcmp (proto, "application/pgp-signature")) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + } + xfree (proto); + xfree (ct); + } + + return newvalue; +} + +/* Helper for mapi_change_message_class. Returns the new message + class as an allocated string. + + This function is used for the message classes + "IPM.Note.Secure.CexSig" and "IPM.Note.Secure.Cexenc" (in the + latter case IS_CEXSIG is true). These are CryptoEx generated + signature or encryption messages. */ +static char * +change_message_class_ipm_note_secure_cex (LPMESSAGE message, int is_cexenc) +{ + char *newvalue = NULL; + char *ct, *smtype, *proto; + + ct = mapi_get_message_content_type (message, &proto, &smtype); + if (ct) + { + log_debug ("%s:%s: content type is '%s'", SRCNAME, __func__, ct); + if (smtype) + log_debug ("%s:%s: smime-type is '%s'", SRCNAME, __func__, smtype); + if (proto) + log_debug ("%s:%s: protocol is '%s'", SRCNAME, __func__, proto); + + if (smtype) + { + if (!strcmp (ct, "application/pkcs7-mime") + || !strcmp (ct, "application/x-pkcs7-mime")) + { + if (!strcmp (smtype, "signed-data")) + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); + else if (!strcmp (smtype, "enveloped-data")) + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); + } + } + + if (!newvalue && proto) + { + if (!strcmp (ct, "multipart/signed") + && (!strcmp (proto, "application/pkcs7-signature") + || !strcmp (proto, "application/x-pkcs7-signature"))) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + } + else if (!strcmp (ct, "multipart/signed") + && (!strcmp (proto, "application/pgp-signature"))) + { + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + } + } + + if (!newvalue && !strcmp (ct, "text/plain")) + { + newvalue = get_msgcls_from_pgp_lines (message); + } + + if (!newvalue) + { + switch (is_really_cms_encrypted (message)) + { + case 0: + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); + break; + case 1: + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); + break; + } + } + + xfree (smtype); + xfree (proto); + xfree (ct); + } + else + { + log_debug ("%s:%s: message has no content type", SRCNAME, __func__); + if (is_cexenc) + { + switch (is_really_cms_encrypted (message)) + { + case 0: + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); + break; + case 1: + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); + break; + } + } + } + + if (!newvalue) + newvalue = xstrdup ("IPM.Note.GpgOL"); + + return newvalue; +} + + /* This function checks whether MESSAGE requires processing by us and adjusts the message class to our own. By passing true for SYNC_OVERRIDE the actual MAPI message class will be updated to our @@ -743,108 +1001,11 @@ SRCNAME, __func__, s); if (!strcmp (s, "IPM.Note")) { - /* Most message today are of this type. However a PGP/MIME - encrypted message also has this class here. We need - to see whether we can detect such a mail right here and - change the message class accordingly. */ - char *ct, *proto; - - ct = mapi_get_message_content_type (message, &proto, NULL); - if (!ct) - log_debug ("%s:%s: message has no content type", - SRCNAME, __func__); - else - { - log_debug ("%s:%s: content type is '%s'", - SRCNAME, __func__, ct); - if (proto) - { - log_debug ("%s:%s: protocol is '%s'", - SRCNAME, __func__, proto); - - if (!strcmp (ct, "multipart/encrypted") - && !strcmp (proto, "application/pgp-encrypted")) - { - newvalue = xstrdup ("IPM.Note.GpgOL.MultipartEncrypted"); - } - else if (!strcmp (ct, "multipart/signed") - && !strcmp (proto, "application/pgp-signature")) - { - /* Sometimes we receive a PGP/MIME signed - message with a class IPM.Note. */ - newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); - } - xfree (proto); - } - else if (!strcmp (ct, "text/plain")) - { - newvalue = get_msgcls_from_pgp_lines (message); - } - else if (!strcmp (ct, "multipart/mixed")) - { - /* It is quite common to have a multipart/mixed mail - with separate encrypted PGP parts. Look at the - body to decide. */ - newvalue = get_msgcls_from_pgp_lines (message); - } - - xfree (ct); - } + newvalue = change_message_class_ipm_note (message); } else if (!strcmp (s, "IPM.Note.SMIME")) { - /* This is an S/MIME opaque encrypted or signed message. - Check what it really is. Notee that this might even be a - PGP/MIME mail. */ - char *ct, *proto, *smtype; - - ct = mapi_get_message_content_type (message, &proto, &smtype); - if (!ct) - log_debug ("%s:%s: message has no content type", - SRCNAME, __func__); - else - { - log_debug ("%s:%s: content type is '%s'", - SRCNAME, __func__, ct); - if (proto - && !strcmp (ct, "multipart/signed") - && !strcmp (proto, "application/pgp-signature")) - { - newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); - } - else if (!opt.enable_smime) - ; /* S/MIME not enabled; thus no further checks. */ - else if (smtype) - { - log_debug ("%s:%s: smime-type is '%s'", - SRCNAME, __func__, smtype); - - if (!strcmp (ct, "application/pkcs7-mime") - || !strcmp (ct, "application/x-pkcs7-mime")) - { - if (!strcmp (smtype, "signed-data")) - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); - else if (!strcmp (smtype, "enveloped-data")) - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); - } - } - else - { - /* No smime type. The filename parameter is often - not reliable, thus we better look into the - message to see whetehr it is encrypted and assume - an opaque signed one if not. */ - if (is_really_cms_encrypted (message)) - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); - else - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); - } - xfree (smtype); - xfree (proto); - xfree (ct); - } - if (!newvalue && opt.enable_smime) - newvalue = xstrdup ("IPM.Note.GpgOL"); + newvalue = change_message_class_ipm_note_smime (message); } else if (opt.enable_smime && !strncmp (s, "IPM.Note.SMIME", 14) && (!s[14]||s[14] =='.')) @@ -861,27 +1022,10 @@ else if (!strcmp (s, "IPM.Note.SMIME.MultipartSigned")) { /* This is an S/MIME message class but smime support is not - enabled. We need to check whetehr this is actually a + enabled. We need to check whether this is actually a PGP/MIME message. */ - char *ct, *proto; - - ct = mapi_get_message_content_type (message, &proto, NULL); - if (!ct) - log_debug ("%s:%s: message has no content type", - SRCNAME, __func__); - else - { - log_debug ("%s:%s: content type is '%s'", - SRCNAME, __func__, ct); - if (proto - && !strcmp (ct, "multipart/signed") - && !strcmp (proto, "application/pgp-signature")) - { - newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); - } - xfree (proto); - xfree (ct); - } + newvalue = change_message_class_ipm_note_smime_multipartsigned + (message); } else if (opt.enable_smime && sync_override && have_override && !strncmp (s, "IPM.Note.GpgOL", 14) && (!s[14]||s[14] =='.')) @@ -902,76 +1046,11 @@ && (!strcmp (s, "IPM.Note.Secure.CexSig") || (cexenc = !strcmp (s, "IPM.Note.Secure.CexEnc")))) { - /* This is a CryptoEx generated signature or encrypted data. */ - char *ct, *smtype, *proto; - - ct = mapi_get_message_content_type (message, &proto, &smtype); - if (!ct) - { - log_debug ("%s:%s: message has no content type", - SRCNAME, __func__); - if (cexenc) - { - if (is_really_cms_encrypted (message)) - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); - else - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); - } - } - else - { - log_debug ("%s:%s: content type is '%s'", - SRCNAME, __func__, ct); - if (smtype) - log_debug ("%s:%s: smime-type is '%s'", - SRCNAME, __func__, smtype); - if (proto) - log_debug ("%s:%s: protocol is '%s'", - SRCNAME, __func__, proto); - if (smtype) - { - if (!strcmp (ct, "application/pkcs7-mime") - || !strcmp (ct, "application/x-pkcs7-mime")) - { - if (!strcmp (smtype, "signed-data")) - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); - else if (!strcmp (smtype, "enveloped-data")) - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); - } - } - - if (!newvalue && proto) - { - if (!strcmp (ct, "multipart/signed") - && (!strcmp (proto, "application/pkcs7-signature") - || !strcmp (proto, "application/x-pkcs7-signature"))) - newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); - else if (!strcmp (ct, "multipart/signed") - && (!strcmp (proto, "application/pgp-signature"))) - newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); - } - - if (!newvalue && !strcmp (ct, "text/plain")) - { - newvalue = get_msgcls_from_pgp_lines (message); - } - - if (!newvalue) - { - if (is_really_cms_encrypted (message)) - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); - else - newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); - } - - xfree (smtype); - xfree (proto); - xfree (ct); - } - if (!newvalue) - newvalue = xstrdup ("IPM.Note.GpgOL"); + newvalue = change_message_class_ipm_note_secure_cex + (message, cexenc); } } + if (!newvalue) { /* We use our Sig-Status property to mark messages which passed @@ -2308,7 +2387,7 @@ if (PROP_TYPE (propval->ulPropTag) != PT_STRING8) { /* As per rfc822, header lines must be plain ascii, so no need - to cope withy unicode etc. */ + to cope with unicode etc. */ log_error ("%s:%s: proptag=%#lx not supported\n", SRCNAME, __func__, propval->ulPropTag); MAPIFreeBuffer (propval); From cvs at cvs.gnupg.org Thu Oct 16 19:33:35 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 16 Oct 2008 19:33:35 +0200 Subject: [svn] GpgOL - r270 - trunk/src Message-ID: Author: wk Date: 2008-10-16 19:33:34 +0200 (Thu, 16 Oct 2008) New Revision: 270 Modified: trunk/src/ChangeLog trunk/src/mapihelp.cpp trunk/src/mimeparser.c Log: Better cope with weird CryptEx messages. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-16 12:42:39 UTC (rev 269) +++ trunk/src/ChangeLog 2008-10-16 17:33:34 UTC (rev 270) @@ -1,5 +1,8 @@ 2008-10-16 Werner Koch + * mimeparser.c (start_attachment): Take care not to set the file + name "smime.p7m". + * mapihelp.cpp (is_really_cms_encrypted): Extend to detect unknown message types. (mapi_change_message_class): Adjust for this change. @@ -8,6 +11,9 @@ (change_message_class_ipm_note_smime) (change_message_class_ipm_note_smime_multipartsigned) (change_message_class_ipm_note_secure_cex): New. + (get_first_attach_mime_tag): New. + (change_message_class_ipm_note_secure_cex): Use it here for CexSig. + (has_smime_filename): Also look at the long filename. 2008-10-15 Werner Koch Modified: trunk/src/mapihelp.cpp =================================================================== --- trunk/src/mapihelp.cpp 2008-10-16 12:42:39 UTC (rev 269) +++ trunk/src/mapihelp.cpp 2008-10-16 17:33:34 UTC (rev 270) @@ -46,6 +46,7 @@ static int get_attach_method (LPATTACH obj); static int has_smime_filename (LPATTACH obj); +static char *get_attach_mime_tag (LPATTACH obj); @@ -605,7 +606,7 @@ { log_debug ("%s:%s: GetAttachmentTable failed: hr=%#lx", SRCNAME, __func__, hr); - return 0; + return -1; } hr = HrQueryAllRows (mapitable, (LPSPropTagArray)&propAttNum, @@ -615,7 +616,7 @@ log_debug ("%s:%s: HrQueryAllRows failed: hr=%#lx", SRCNAME, __func__, hr); mapitable->Release (); - return 0; + return -1; } n_attach = mapirows->cRows > 0? mapirows->cRows : 0; if (n_attach != 1) @@ -623,7 +624,7 @@ FreeProws (mapirows); mapitable->Release (); log_debug ("%s:%s: not just one attachment", SRCNAME, __func__); - return 0; + return -1; } pos = 0; @@ -647,9 +648,15 @@ goto leave; } if (!has_smime_filename (att)) - goto leave; + { + log_debug ("%s:%s: no smime filename", SRCNAME, __func__); + goto leave; + } if (get_attach_method (att) != ATTACH_BY_VALUE) - goto leave; + { + log_debug ("%s:%s: wrong attach method", SRCNAME, __func__); + goto leave; + } hr = att->OpenProperty (PR_ATTACH_DATA_BIN, &IID_IStream, 0, 0, (LPUNKNOWN*) &stream); @@ -705,6 +712,86 @@ } + +/* Return the content-type of the first and only attachment of MESSAGE + or NULL if it does not exists. Caller must free. */ +static char * +get_first_attach_mime_tag (LPMESSAGE message) +{ + HRESULT hr; + SizedSPropTagArray (1L, propAttNum) = { 1L, {PR_ATTACH_NUM} }; + LPMAPITABLE mapitable; + LPSRowSet mapirows; + unsigned int pos, n_attach; + LPATTACH att = NULL; + char *result = NULL; + + hr = message->GetAttachmentTable (0, &mapitable); + if (FAILED (hr)) + { + log_debug ("%s:%s: GetAttachmentTable failed: hr=%#lx", + SRCNAME, __func__, hr); + return NULL; + } + + hr = HrQueryAllRows (mapitable, (LPSPropTagArray)&propAttNum, + NULL, NULL, 0, &mapirows); + if (FAILED (hr)) + { + log_debug ("%s:%s: HrQueryAllRows failed: hr=%#lx", + SRCNAME, __func__, hr); + mapitable->Release (); + return NULL; + } + n_attach = mapirows->cRows > 0? mapirows->cRows : 0; + if (n_attach != 1) + { + FreeProws (mapirows); + mapitable->Release (); + log_debug ("%s:%s: not just one attachment", SRCNAME, __func__); + return NULL; + } + pos = 0; + + if (mapirows->aRow[pos].cValues < 1) + { + log_error ("%s:%s: invalid row at pos %d", SRCNAME, __func__, pos); + goto leave; + } + if (mapirows->aRow[pos].lpProps[0].ulPropTag != PR_ATTACH_NUM) + { + log_error ("%s:%s: invalid prop at pos %d", SRCNAME, __func__, pos); + goto leave; + } + hr = message->OpenAttach (mapirows->aRow[pos].lpProps[0].Value.l, + NULL, MAPI_BEST_ACCESS, &att); + if (FAILED (hr)) + { + log_error ("%s:%s: can't open attachment %d (%ld): hr=%#lx", + SRCNAME, __func__, pos, + mapirows->aRow[pos].lpProps[0].Value.l, hr); + goto leave; + } + + /* Note: We do not expect a filename. */ + + if (get_attach_method (att) != ATTACH_BY_VALUE) + { + log_debug ("%s:%s: wrong attach method", SRCNAME, __func__); + goto leave; + } + + result = get_attach_mime_tag (att); + + leave: + if (att) + att->Release (); + FreeProws (mapirows); + mapitable->Release (); + return result; +} + + /* Helper for mapi_change_message_class. Returns the new message class as an allocated string. @@ -719,9 +806,7 @@ char *ct, *proto; ct = mapi_get_message_content_type (message, &proto, NULL); - if (!ct) - log_debug ("%s:%s: message has no content type", SRCNAME, __func__); - else + if (ct) { log_debug ("%s:%s: content type is '%s'", SRCNAME, __func__, ct); if (proto) @@ -756,6 +841,8 @@ xfree (ct); } + else + log_debug ("%s:%s: message has no content type", SRCNAME, __func__); return newvalue; } @@ -773,9 +860,7 @@ char *ct, *proto, *smtype; ct = mapi_get_message_content_type (message, &proto, &smtype); - if (!ct) - log_debug ("%s:%s: message has no content type", SRCNAME, __func__); - else + if (ct) { log_debug ("%s:%s: content type is '%s'", SRCNAME, __func__, ct); if (proto @@ -814,12 +899,34 @@ newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); break; } - + } xfree (smtype); xfree (proto); xfree (ct); } + else + { + log_debug ("%s:%s: message has no content type", SRCNAME, __func__); + + /* CryptoEx (or the Toltec Connector) create messages without + the transport headers property and thus we don't know the + content type. We try to detect the message type anyway by + looking into the first and only attachments. */ + switch (is_really_cms_encrypted (message)) + { + case 0: + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueSigned"); + break; + case 1: + newvalue = xstrdup ("IPM.Note.GpgOL.OpaqueEncrypted"); + break; + default: /* Unknown. */ + break; + } + } + + /* If we did not found anything but let's change the class anyway. */ if (!newvalue && opt.enable_smime) newvalue = xstrdup ("IPM.Note.GpgOL"); @@ -840,9 +947,7 @@ char *ct, *proto; ct = mapi_get_message_content_type (message, &proto, NULL); - if (!ct) - log_debug ("%s:%s: message has no content type", SRCNAME, __func__); - else + if (ct) { log_debug ("%s:%s: content type is '%s'", SRCNAME, __func__, ct); if (proto @@ -854,6 +959,8 @@ xfree (proto); xfree (ct); } + else + log_debug ("%s:%s: message has no content type", SRCNAME, __func__); return newvalue; } @@ -944,6 +1051,20 @@ break; } } + else + { + char *mimetag; + + mimetag = get_first_attach_mime_tag (message); + if (mimetag && !strcmp (mimetag, "multipart/signed")) + newvalue = xstrdup ("IPM.Note.GpgOL.MultipartSigned"); + xfree (mimetag); + } + + if (!newvalue) + { + newvalue = get_msgcls_from_pgp_lines (message); + } } if (!newvalue) @@ -2541,7 +2662,11 @@ hr = HrGetOneProp ((LPMAPIPROP)obj, PR_ATTACH_FILENAME, &propval); if (FAILED(hr)) - return 0; + { + hr = HrGetOneProp ((LPMAPIPROP)obj, PR_ATTACH_LONG_FILENAME, &propval); + if (FAILED(hr)) + return 0; + } if ( PROP_TYPE (propval->ulPropTag) == PT_UNICODE) { Modified: trunk/src/mimeparser.c =================================================================== --- trunk/src/mimeparser.c 2008-10-16 12:42:39 UTC (rev 269) +++ trunk/src/mimeparser.c 2008-10-16 17:33:34 UTC (rev 270) @@ -353,11 +353,16 @@ goto leave; } - /* And now for the real name. */ + /* And now for the real name. We avoid storing the name "smime.p7m" + because that one is used at several places in the mapi conversion + functions. */ if (ctx->mimestruct_cur && ctx->mimestruct_cur->filename) { prop.ulPropTag = PR_ATTACH_LONG_FILENAME_A; - prop.Value.lpszA = ctx->mimestruct_cur->filename; + if (!strcmp (ctx->mimestruct_cur->filename, "smime.p7m")) + prop.Value.lpszA = "x-smime.p7m"; + else + prop.Value.lpszA = ctx->mimestruct_cur->filename; hr = HrSetOneProp ((LPMAPIPROP)newatt, &prop); if (hr) { From cvs at cvs.gnupg.org Fri Oct 17 11:14:17 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 17 Oct 2008 11:14:17 +0200 Subject: [svn] GpgOL - r271 - trunk/po Message-ID: Author: wk Date: 2008-10-17 11:14:16 +0200 (Fri, 17 Oct 2008) New Revision: 271 Modified: trunk/po/de.po Log: Changed a translation. Modified: trunk/po/de.po [not shown] From cvs at cvs.gnupg.org Fri Oct 17 13:15:48 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 17 Oct 2008 13:15:48 +0200 Subject: [svn] gpgme - r1335 - trunk/gpgme Message-ID: Author: wk Date: 2008-10-17 13:15:48 +0200 (Fri, 17 Oct 2008) New Revision: 1335 Modified: trunk/gpgme/ChangeLog trunk/gpgme/w32-glib-io.c Log: Fix for mingw32 bug. Modified: trunk/gpgme/ChangeLog =================================================================== --- trunk/gpgme/ChangeLog 2008-09-23 10:52:09 UTC (rev 1334) +++ trunk/gpgme/ChangeLog 2008-10-17 11:15:48 UTC (rev 1335) @@ -1,3 +1,8 @@ +2008-10-17 Werner Koch + + * w32-glib-io.c (_gpgme_io_fd2str): Use "%d" and not "%ld" to work + around a bug in mingw32. + 2008-09-23 Marcus Brinkmann * gpgme.c (gpgme_sig_notation_clear): Clear CTX->sig_notations. Modified: trunk/gpgme/w32-glib-io.c =================================================================== --- trunk/gpgme/w32-glib-io.c 2008-09-23 10:52:09 UTC (rev 1334) +++ trunk/gpgme/w32-glib-io.c 2008-10-17 11:15:48 UTC (rev 1335) @@ -143,7 +143,7 @@ { TRACE_BEG1 (DEBUG_SYSIO, "_gpgme_io_fd2str", fd, "fd=%d", fd); TRACE_SUC1 ("syshd=%p", _get_osfhandle (fd)); - return snprintf (buf, buflen, "%ld", (long) _get_osfhandle (fd)); + return snprintf (buf, buflen, "%d", (int) _get_osfhandle (fd)); } From cvs at cvs.gnupg.org Fri Oct 17 15:12:12 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 17 Oct 2008 15:12:12 +0200 Subject: [svn] GnuPG - r4852 - trunk/sm Message-ID: Author: wk Date: 2008-10-17 15:12:11 +0200 (Fri, 17 Oct 2008) New Revision: 4852 Modified: trunk/sm/ChangeLog trunk/sm/call-dirmngr.c Log: Reset the context lock flag after a failed dirmngr start which may happend due to --disable-dirmngr. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2008-10-15 13:23:10 UTC (rev 4851) +++ trunk/sm/ChangeLog 2008-10-17 13:12:11 UTC (rev 4852) @@ -1,3 +1,10 @@ +2008-10-17 Werner Koch + + * call-dirmngr.c (start_dirmngr, start_dirmngr2): Reset the lock + flag on error. + (release_dirmngr, release_dirmngr2): Replace asserts by error messages. + (gpgsm_dirmngr_lookup): Replace assert by fatal error message. + 2008-10-13 Werner Koch * gpgsm.c: Add alias --delete-keys. Modified: trunk/sm/call-dirmngr.c =================================================================== --- trunk/sm/call-dirmngr.c 2008-10-15 13:23:10 UTC (rev 4851) +++ trunk/sm/call-dirmngr.c 2008-10-17 13:12:11 UTC (rev 4852) @@ -141,7 +141,7 @@ } -/* This fucntion prepares the dirmngr for a new session. The +/* This function prepares the dirmngr for a new session. The audit-events option is used so that other dirmngr clients won't get disturbed by such events. */ static void @@ -320,17 +320,27 @@ static int start_dirmngr (ctrl_t ctrl) { + gpg_error_t err; + assert (! dirmngr_ctx_locked); dirmngr_ctx_locked = 1; - return start_dirmngr_ext (ctrl, &dirmngr_ctx); + err = start_dirmngr_ext (ctrl, &dirmngr_ctx); + /* We do not check ERR but the existance of a context because the + error might come from a failed command send to the dirmngr. + Fixme: Why don't we close the drimngr context if we encountered + an error in prepare_dirmngr? */ + if (!dirmngr_ctx) + dirmngr_ctx_locked = 0; + return err; } static void release_dirmngr (ctrl_t ctrl) { - assert (dirmngr_ctx_locked); + if (!dirmngr_ctx_locked) + log_error ("WARNING: trying to release a non-locked dirmngr ctx\n"); dirmngr_ctx_locked = 0; } @@ -338,17 +348,23 @@ static int start_dirmngr2 (ctrl_t ctrl) { + gpg_error_t err; + assert (! dirmngr2_ctx_locked); dirmngr2_ctx_locked = 1; - return start_dirmngr_ext (ctrl, &dirmngr2_ctx); + err = start_dirmngr_ext (ctrl, &dirmngr2_ctx); + if (!dirmngr2_ctx) + dirmngr2_ctx_locked = 0; + return err; } static void release_dirmngr2 (ctrl_t ctrl) { - assert (dirmngr2_ctx_locked); + if (!dirmngr2_ctx_locked) + log_error ("WARNING: trying to release a non-locked dirmngr2 ctx\n"); dirmngr2_ctx_locked = 0; } @@ -780,21 +796,24 @@ /* The lookup function can be invoked from the callback of a lookup function, for example to walk the chain. */ - assert (!dirmngr_ctx_locked || !dirmngr2_ctx_locked); - if (! dirmngr_ctx_locked) + if (!dirmngr_ctx_locked) { rc = start_dirmngr (ctrl); if (rc) return rc; ctx = dirmngr_ctx; } - else + else if (!dirmngr2_ctx_locked) { rc = start_dirmngr2 (ctrl); if (rc) return rc; ctx = dirmngr2_ctx; } + else + { + log_fatal ("both dirmngr contexts are in use\n"); + } pattern = pattern_from_strlist (names); if (!pattern) From cvs at cvs.gnupg.org Fri Oct 17 15:47:43 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 17 Oct 2008 15:47:43 +0200 Subject: [svn] pinentry - r188 - in trunk: . secmem Message-ID: Author: wk Date: 2008-10-17 15:47:43 +0200 (Fri, 17 Oct 2008) New Revision: 188 Modified: trunk/ChangeLog trunk/secmem/memory.h trunk/secmem/secmem.c Log: C++ protection and a new function. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-07-25 13:46:53 UTC (rev 187) +++ trunk/ChangeLog 2008-10-17 13:47:43 UTC (rev 188) @@ -1,3 +1,9 @@ +2008-10-17 Werner Koch + + * secmem/memory.h: Add C++ extern declaration. + + * secmem/secmem.c (secmem_get_max_size): New. + 2008-07-25 Marcus Brinkmann * qt4/Makefile.am (DISTCLEANFILES): Rename to CLEANFILES. Modified: trunk/secmem/memory.h =================================================================== --- trunk/secmem/memory.h 2008-07-25 13:46:53 UTC (rev 187) +++ trunk/secmem/memory.h 2008-10-17 13:47:43 UTC (rev 188) @@ -22,6 +22,14 @@ #include +#ifdef __cplusplus +extern "C" { +#if 0 +} +#endif +#endif + + /* values for flags, hardcoded in secmem.c */ #define SECMEM_WARN 0 #define SECMEM_DONT_WARN 1 @@ -36,5 +44,12 @@ void secmem_dump_stats(void); void secmem_set_flags( unsigned flags ); unsigned secmem_get_flags(void); +size_t secmem_get_max_size (void); +#if 0 +{ +#endif +#ifdef __cplusplus +} +#endif #endif /* _MEMORY_H */ Modified: trunk/secmem/secmem.c =================================================================== --- trunk/secmem/secmem.c 2008-07-25 13:46:53 UTC (rev 187) +++ trunk/secmem/secmem.c 2008-10-17 13:47:43 UTC (rev 188) @@ -446,3 +446,9 @@ (ulong)poollen, (ulong)poolsize ); } + +size_t +secmem_get_max_size (void) +{ + return poolsize; +} From cvs at cvs.gnupg.org Fri Oct 17 20:22:02 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 17 Oct 2008 20:22:02 +0200 Subject: [svn] GpgOL - r272 - in trunk: . po src Message-ID: Author: wk Date: 2008-10-17 20:22:02 +0200 (Fri, 17 Oct 2008) New Revision: 272 Modified: trunk/NEWS trunk/configure.ac trunk/po/sv.po trunk/src/ChangeLog trunk/src/engine-assuan.c trunk/src/engine.c trunk/src/mimeparser.c Log: Fixed opaque signature verification. Other minor changes. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-17 09:14:16 UTC (rev 271) +++ trunk/src/ChangeLog 2008-10-17 18:22:02 UTC (rev 272) @@ -1,3 +1,14 @@ +2008-10-17 Werner Koch + + * mimeparser.c (mime_verify_opaque): Remove extra semicolon which + shortcuted most of the code. Why didn't gcc notice that? Bug + was introduced on 2008-06-12. + + * engine-assuan.c (create_io_pipe, send_options) + (op_assuan_encrypt, op_assuan_sign, op_assuan_decrypt) + (op_assuan_verify): Replace use of long in snprint by int to + workaround a bug in mingw32. Doesn't matter on w32 anyway. + 2008-10-16 Werner Koch * mimeparser.c (start_attachment): Take care not to set the file Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-17 09:14:16 UTC (rev 271) +++ trunk/NEWS 2008-10-17 18:22:02 UTC (rev 272) @@ -1,3 +1,9 @@ +Noteworthy changes for version 0.10.16 +=================================================== + + * Fixed a regression in the last release with opaque signatures. + + Noteworthy changes for version 0.10.15 (2008-08-06) =================================================== Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-17 09:14:16 UTC (rev 271) +++ trunk/configure.ac 2008-10-17 18:22:02 UTC (rev 272) @@ -16,8 +16,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [0.10.15]) -m4_define([my_issvn], [no]) +m4_define([my_version], [0.10.16]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) Modified: trunk/po/sv.po [not shown] Modified: trunk/src/engine-assuan.c =================================================================== --- trunk/src/engine-assuan.c 2008-10-17 09:14:16 UTC (rev 271) +++ trunk/src/engine-assuan.c 2008-10-17 18:22:02 UTC (rev 272) @@ -240,8 +240,8 @@ only one instance, use the standard timeout of 120 seconds and buffers of 4k. */ pipeno = InterlockedIncrement (&pipenumber); - snprintf (pipename, sizeof pipename, "\\\\.\\pipe\\GpgOL_anon.%08lx.%08lx", - (unsigned long)GetCurrentProcessId(), pipeno); + snprintf (pipename, sizeof pipename, "\\\\.\\pipe\\GpgOL_anon.%08x.%08x", + (unsigned int)GetCurrentProcessId(), (unsigned int)pipeno); sec_attr.bInheritHandle = /*for_write? TRUE :*/FALSE; r = CreateNamedPipe (pipename, (PIPE_ACCESS_INBOUND | (for_write? 0:FILE_FLAG_OVERLAPPED)), @@ -437,7 +437,7 @@ if (!err && hwnd) { - snprintf (numbuf, sizeof numbuf, "%lx", (unsigned long)hwnd); + snprintf (numbuf, sizeof numbuf, "%x", (unsigned int)hwnd); err = send_one_option (ctx, "window-id", numbuf); } @@ -1513,7 +1513,7 @@ cld->status_cbs.write = status_in_cb; cld->assctx = ctx; /* Fixme: We might want to have reference counting for CLD to cope - with thye problem that the gpgme data object uses CLD which might + with the problem that the gpgme data object uses CLD which might get invalidated at any time. */ err = gpgme_data_new_from_cbs (&cld->status_data, &cld->status_cbs, cld); if (err) @@ -1669,11 +1669,11 @@ duplicate the handle into the server process and the server then uses this handle. Eventually we should put this code into assuan_sendfd. */ - snprintf (line, sizeof line, "INPUT FD=%ld", (unsigned long int)inpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)inpipe[0]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "OUTPUT FD=%ld", (unsigned long int)outpipe[1]); + snprintf (line, sizeof line, "OUTPUT FD=%d", (unsigned int)outpipe[1]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; @@ -1843,11 +1843,11 @@ *r_used_protocol = protocol; log_debug ("%s:%s: using protocol %s", SRCNAME, __func__, protocol_name); - snprintf (line, sizeof line, "INPUT FD=%ld", (unsigned long int)inpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)inpipe[0]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "OUTPUT FD=%ld", (unsigned long int)outpipe[1]); + snprintf (line, sizeof line, "OUTPUT FD=%d", (unsigned int)outpipe[1]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; @@ -1941,11 +1941,11 @@ goto leave; } - snprintf (line, sizeof line, "INPUT FD=%ld", (unsigned long int)inpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)inpipe[0]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "OUTPUT FD=%ld", (unsigned long int)outpipe[1]); + snprintf (line, sizeof line, "OUTPUT FD=%d", (unsigned int)outpipe[1]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; @@ -2081,13 +2081,11 @@ if (!opaque_mode) { - snprintf (line, sizeof line, "MESSAGE FD=%ld", - (unsigned long int)msgpipe[0]); + snprintf (line, sizeof line, "MESSAGE FD=%d", (unsigned int)msgpipe[0]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "INPUT FD=%ld", - (unsigned long int)sigpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)sigpipe[0]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; @@ -2098,13 +2096,11 @@ } else { - snprintf (line, sizeof line, "INPUT FD=%ld", - (unsigned long int)msgpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)msgpipe[0]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "OUTPUT FD=%ld", - (unsigned long int)outpipe[1]); + snprintf (line, sizeof line, "OUTPUT FD=%d", (unsigned int)outpipe[1]); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; Modified: trunk/src/engine.c =================================================================== --- trunk/src/engine.c 2008-10-17 09:14:16 UTC (rev 271) +++ trunk/src/engine.c 2008-10-17 18:22:02 UTC (rev 272) @@ -257,7 +257,7 @@ } if (debug_filter) - log_debug ("%s:%s: enter\n", SRCNAME, __func__); + log_debug ("%s:%s: filter %p: enter\n", SRCNAME, __func__, filter ); take_in_lock (filter, __func__); while (!filter->in.length) { @@ -265,7 +265,8 @@ { release_in_lock (filter, __func__); if (debug_filter) - log_debug ("%s:%s: returning EOF\n", SRCNAME, __func__); + log_debug ("%s:%s: filter %p: returning EOF\n", + SRCNAME, __func__, filter ); return 0; /* Return EOF. */ } release_in_lock (filter, __func__); @@ -273,23 +274,26 @@ { errno = EAGAIN; if (debug_filter_extra) - log_debug ("%s:%s: leave; result=EAGAIN\n", SRCNAME, __func__); + log_debug ("%s:%s: filter %p: leave; result=EAGAIN\n", + SRCNAME, __func__, filter); switch_threads (filter); return -1; } else clear_switch_threads (filter); if (debug_filter) - log_debug ("%s:%s: waiting for in.condvar\n", SRCNAME, __func__); + log_debug ("%s:%s: filter %p: waiting for in.condvar\n", + SRCNAME, __func__, filter); WaitForSingleObject (filter->in.condvar, 500); take_in_lock (filter, __func__); if (debug_filter) - log_debug ("%s:%s: continuing\n", SRCNAME, __func__); + log_debug ("%s:%s: filter %p: continuing\n", + SRCNAME, __func__, filter); } if (debug_filter) - log_debug ("%s:%s: requested read size=%d (filter.in.length=%d)\n", - SRCNAME, __func__, (int)size, (int)filter->in.length); + log_debug ("%s:%s: filter %p: requested read size=%d (in.length=%d)\n", + SRCNAME, __func__, filter, (int)size, (int)filter->in.length); nbytes = size < filter->in.length ? size : filter->in.length; memcpy (buffer, filter->in.buffer, nbytes); if (filter->in.length > nbytes) @@ -299,8 +303,8 @@ release_in_lock (filter, __func__); if (debug_filter) - log_debug ("%s:%s: leave; result=%d\n", - SRCNAME, __func__, (int)nbytes); + log_debug ("%s:%s: filter %p: leave; result=%d\n", + SRCNAME, __func__, filter, (int)nbytes); return nbytes; } @@ -627,6 +631,9 @@ if (err) goto failure; + if (debug_filter) + log_debug ("%s:%s: filter %p: created\n", + SRCNAME, __func__, filter ); *r_filter = filter; return 0; @@ -822,7 +829,8 @@ engine_gpgme_cancel (cancel_data); if (WaitForSingleObject (filter->in.ready_event, INFINITE) != WAIT_OBJECT_0) - log_error_w32 (-1, "%s:%s: WFSO failed", SRCNAME, __func__); + log_error_w32 (-1, "%s:%s: filter %p: WFSO failed", + SRCNAME, __func__, filter); else log_debug ("%s:%s: filter %p: backend has been canceled", SRCNAME, __func__, filter); Modified: trunk/src/mimeparser.c =================================================================== --- trunk/src/mimeparser.c 2008-10-17 09:14:16 UTC (rev 271) +++ trunk/src/mimeparser.c 2008-10-17 18:22:02 UTC (rev 272) @@ -1378,7 +1378,7 @@ err = engine_verify_start (filter, hwnd, NULL, 0, protocol, from); xfree (from); } - if (err); + if (err) goto leave; if (instream) @@ -1399,16 +1399,27 @@ } else if (nread) { +/* if (debug_mime_data) */ +/* log_hexdump (buffer, nread, "%s:%s: ctx=%p, data: ", */ +/* SRCNAME, __func__, ctx); */ err = engine_filter (filter, buffer, nread); } else - break; /* EOF */ + { +/* if (debug_mime_data) */ +/* log_debug ("%s:%s: ctx=%p, data: EOF\n", */ +/* SRCNAME, __func__, ctx); */ + break; /* EOF */ + } } while (!err); } else { /* Filter the buffer. */ +/* if (debug_mime_data) */ +/* log_hexdump (inbuffer, inbufferlen, "%s:%s: ctx=%p, data: ", */ +/* SRCNAME, __func__, ctx); */ err = engine_filter (filter, inbuffer, inbufferlen); } if (err) From cvs at cvs.gnupg.org Fri Oct 17 20:57:49 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 17 Oct 2008 20:57:49 +0200 Subject: [svn] gpgme - r1336 - trunk Message-ID: Author: marcus Date: 2008-10-17 20:57:49 +0200 (Fri, 17 Oct 2008) New Revision: 1336 Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac Log: 2008-10-17 Marcus Brinkmann Release GPGME 1.1.7. * configure.ac (LIBGPGME_LT_REVISION): Bump for release. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-17 11:15:48 UTC (rev 1335) +++ trunk/ChangeLog 2008-10-17 18:57:49 UTC (rev 1336) @@ -1,3 +1,9 @@ +2008-10-17 Marcus Brinkmann + + Release GPGME 1.1.7. + + * configure.ac (LIBGPGME_LT_REVISION): Bump for release. + 2008-09-19 Moritz * configure.ac: Remove bogus "esac". Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-17 11:15:48 UTC (rev 1335) +++ trunk/NEWS 2008-10-17 18:57:49 UTC (rev 1336) @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.1.7 (unreleased) +Noteworthy changes in version 1.1.7 (2008-10-177) ------------------------------------------------ * Using GPGME_KEYLIST_MODE_LOCAL combined with @@ -1237,7 +1237,7 @@ * Made the W32 support more robust. - Copyright 2001, 2002, 2003, 2004, 2005, 2007 g10 Code GmbH + Copyright 2001, 2002, 2003, 2004, 2005, 2007, 2008 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-17 11:15:48 UTC (rev 1335) +++ trunk/configure.ac 2008-10-17 18:57:49 UTC (rev 1336) @@ -1,6 +1,6 @@ # configure.ac for GPGME # Copyright (C) 2000 Werner Koch (dd9jn) -# Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 g10 Code GmbH +# Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 g10 Code GmbH # # This file is part of GPGME. # @@ -32,7 +32,7 @@ # SVN version is the most recent one in a branch. To disable the SVN # version for the real release, set the my_issvn macro to no. m4_define(my_version, [1.1.7]) -m4_define(my_issvn, [yes]) +m4_define(my_issvn, [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) @@ -51,7 +51,7 @@ # Subtract 2 from this value if you want to make the LFS transition an # ABI break. [Note to self: Remove this comment with the next regular break.] LIBGPGME_LT_AGE=6 -LIBGPGME_LT_REVISION=4 +LIBGPGME_LT_REVISION=5 # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 From cvs at cvs.gnupg.org Fri Oct 17 21:04:00 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 17 Oct 2008 21:04:00 +0200 Subject: [svn] GpgOL - r273 - in trunk: . src Message-ID: Author: wk Date: 2008-10-17 21:04:00 +0200 (Fri, 17 Oct 2008) New Revision: 273 Modified: trunk/configure.ac trunk/src/ChangeLog trunk/src/config-dialog.c trunk/src/display.cpp trunk/src/engine-assuan.c trunk/src/engine-gpgme.c trunk/src/ext-commands.cpp trunk/src/main.c trunk/src/mapihelp.cpp trunk/src/message-events.cpp trunk/src/mimemaker.c trunk/src/mimeparser.c trunk/src/property-sheets.cpp trunk/src/recipient-dialog.c trunk/src/user-events.cpp trunk/src/w32-gettext.c Log: use more gcc warnings. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/ChangeLog 2008-10-17 19:04:00 UTC (rev 273) @@ -1,5 +1,8 @@ 2008-10-17 Werner Koch + * recipient-dialog.c (load_rsetbox): Remove superfluous check on + negativness for an unsigned variable. + * mimeparser.c (mime_verify_opaque): Remove extra semicolon which shortcuted most of the code. Why didn't gcc notice that? Bug was introduced on 2008-06-12. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/configure.ac 2008-10-17 19:04:00 UTC (rev 273) @@ -195,8 +195,20 @@ if test "$USE_MAINTAINER_MODE" = "yes"; then CFLAGS="$CFLAGS -Wcast-align -Wshadow -Wstrict-prototypes" CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security" + CFLAGS="$CFLAGS -W -Wno-sign-compare" CXXFLAGS="$CXXFLAGS -Wcast-align -Wshadow" CXXFLAGS="$CXXFLAGS -Wno-format-y2k -Wformat-security" + CXXFLAGS="$CXXFLAGS -W -Wno-sign-compare" + AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wno-missing-field-initializers" + AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_mfi=yes,_gcc_mfi=no) + AC_MSG_RESULT($_gcc_mfi) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_mfi" = xyes ; then + CFLAGS="$CFLAGS -Wno-missing-field-initializers" + CXXFLAGS="$CXXFLAGS -Wno-missing-field-initializers" + fi fi fi Modified: trunk/src/config-dialog.c =================================================================== --- trunk/src/config-dialog.c 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/config-dialog.c 2008-10-17 19:04:00 UTC (rev 273) @@ -150,6 +150,8 @@ char name[MAX_PATH+1]; int n; const char *s; + + (void)lparam; switch (msg) { Modified: trunk/src/display.cpp =================================================================== --- trunk/src/display.cpp 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/display.cpp 2008-10-17 19:04:00 UTC (rev 273) @@ -221,6 +221,9 @@ HWND window; struct find_message_window_state findstate; + (void)is_sensitive; + + memset (&findstate, 0, sizeof findstate); window = find_message_window (hwnd, &findstate); if (window && !is_html) Modified: trunk/src/engine-assuan.c =================================================================== --- trunk/src/engine-assuan.c 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/engine-assuan.c 2008-10-17 19:04:00 UTC (rev 273) @@ -1247,6 +1247,7 @@ void engine_assuan_cancel (void *cancel_data) { + (void)cancel_data; /* FIXME */ } @@ -1289,6 +1290,8 @@ work_item_t item; int created = 0; + (void)ctx; + EnterCriticalSection (&work_queue_lock); for (item = work_queue; item; item = item->next) if (!item->used) Modified: trunk/src/engine-gpgme.c =================================================================== --- trunk/src/engine-gpgme.c 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/engine-gpgme.c 2008-10-17 19:04:00 UTC (rev 273) @@ -439,6 +439,8 @@ gpgme_ctx_t ctx = NULL; gpgme_key_t *keys = NULL; + (void)hwnd; + cld = xcalloc (1, sizeof *cld); cld->closure = encrypt_closure; cld->filter = filter; @@ -503,6 +505,8 @@ static void sign_closure (closure_data_t cld, gpgme_ctx_t ctx, gpg_error_t err) { + (void)ctx; + update_passphrase_cache (err, &cld->pw_cb); engine_private_finished (cld->filter, err); } @@ -521,6 +525,8 @@ gpgme_ctx_t ctx = NULL; gpgme_key_t sign_key = NULL; + (void)hwnd; + if (signer_dialog_box (&sign_key, NULL, 0) == -1) { log_debug ("%s:%s: leave (dialog failed)\n", SRCNAME, __func__); @@ -628,6 +634,8 @@ closure_data_t cld; gpgme_ctx_t ctx = NULL; + (void)hwnd; + cld = xcalloc (1, sizeof *cld); cld->closure = decrypt_closure; cld->filter = filter; @@ -706,6 +714,8 @@ gpgme_ctx_t ctx = NULL; gpgme_data_t sigobj = NULL; + (void)hwnd; + cld = xcalloc (1, sizeof *cld); cld->closure = verify_closure; cld->filter = filter; Modified: trunk/src/ext-commands.cpp =================================================================== --- trunk/src/ext-commands.cpp 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/ext-commands.cpp 2008-10-17 19:04:00 UTC (rev 273) @@ -388,6 +388,7 @@ VARIANT aVariant; int force_encrypt = 0; + (void)hMenu; if (debug_commands) log_debug ("%s:%s: context=%s flags=0x%lx\n", SRCNAME, __func__, @@ -880,6 +881,7 @@ STDMETHODIMP_(VOID) GpgolExtCommands::InitMenu(LPEXCHEXTCALLBACK eecb) { + (void)eecb; } @@ -890,6 +892,8 @@ STDMETHODIMP GpgolExtCommands::Help (LPEXCHEXTCALLBACK eecb, UINT nCommandID) { + (void)eecb; + if (nCommandID == m_nCmdProtoAuto && m_lContext == EECONTEXT_SENDNOTEMESSAGE) { @@ -1036,6 +1040,9 @@ { toolbar_info_t tb_info; + (void)description_size; + (void)flags; + for (tb_info = m_toolbar_info; tb_info; tb_info = tb_info->next ) if (tb_info->button_id == buttonid && tb_info->context == m_lContext) @@ -1101,6 +1108,9 @@ STDMETHODIMP GpgolExtCommands::ResetToolbar (ULONG lToolbarID, ULONG lFlags) { + (void)lToolbarID; + (void)lFlags; + return S_OK; } Modified: trunk/src/main.c =================================================================== --- trunk/src/main.c 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/main.c 2008-10-17 19:04:00 UTC (rev 273) @@ -155,6 +155,8 @@ int WINAPI DllMain (HINSTANCE hinst, DWORD reason, LPVOID reserved) { + (void)reserved; + if (reason == DLL_PROCESS_ATTACH) { set_global_hinstance (hinst); Modified: trunk/src/mapihelp.cpp =================================================================== --- trunk/src/mapihelp.cpp 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/mapihelp.cpp 2008-10-17 19:04:00 UTC (rev 273) @@ -2467,6 +2467,9 @@ get_message_content_type_cb (void *dummy_arg, rfc822parse_event_t event, rfc822parse_t msg) { + (void)dummy_arg; + (void)msg; + if (event == RFC822PARSE_T2BODY) return 42; /* Hack to stop the parsing after having read the outer headers. */ Modified: trunk/src/message-events.cpp =================================================================== --- trunk/src/message-events.cpp 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/message-events.cpp 2008-10-17 19:04:00 UTC (rev 273) @@ -409,6 +409,8 @@ STDMETHODIMP GpgolMessageEvents::OnCheckNames(LPEXCHEXTCALLBACK eecb) { + (void)eecb; + log_debug ("%s:%s: received\n", SRCNAME, __func__); return S_FALSE; } @@ -420,6 +422,9 @@ STDMETHODIMP GpgolMessageEvents::OnCheckNamesComplete (LPEXCHEXTCALLBACK eecb,ULONG flags) { + (void)eecb; + (void)flags; + log_debug ("%s:%s: received\n", SRCNAME, __func__); return S_FALSE; } @@ -432,6 +437,8 @@ STDMETHODIMP GpgolMessageEvents::OnSubmit (LPEXCHEXTCALLBACK eecb) { + (void)eecb; + log_debug ("%s:%s: received\n", SRCNAME, __func__); m_bOnSubmitActive = TRUE; m_bWriteFailed = FALSE; @@ -444,6 +451,9 @@ STDMETHODIMP_ (VOID) GpgolMessageEvents::OnSubmitComplete (LPEXCHEXTCALLBACK eecb, ULONG flags) { + (void)eecb; + (void)flags; + log_debug ("%s:%s: received\n", SRCNAME, __func__); m_bOnSubmitActive = FALSE; } Modified: trunk/src/mimemaker.c =================================================================== --- trunk/src/mimemaker.c 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/mimemaker.c 2008-10-17 19:04:00 UTC (rev 273) @@ -690,7 +690,7 @@ 0: Plain ASCII. 1: Quoted Printable 2: Base64 */ -static const int +static int infer_content_encoding (const void *data, size_t datalen) { const unsigned char *p; Modified: trunk/src/mimeparser.c =================================================================== --- trunk/src/mimeparser.c 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/mimeparser.c 2008-10-17 19:04:00 UTC (rev 273) @@ -1180,6 +1180,7 @@ size_t sig_len; engine_filter_t filter = NULL; + (void)protocol; /* Note: PROTOCOL is not used here but figured out directly while collecting the message. Eventually it might help use setup a proper verification context right at startup to avoid collecting Modified: trunk/src/property-sheets.cpp =================================================================== --- trunk/src/property-sheets.cpp 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/property-sheets.cpp 2008-10-17 19:04:00 UTC (rev 273) @@ -98,6 +98,9 @@ // containing the number of property // sheets actually used. { + (void)pEECB; + (void)lFlags; + pPSP[0].dwSize = sizeof (PROPSHEETPAGE); pPSP[0].dwFlags = PSP_DEFAULT | PSP_HASHELP; pPSP[0].hInstance = glob_hinst; @@ -117,6 +120,9 @@ STDMETHODIMP_ (VOID) GpgolPropertySheets::FreePages (LPPROPSHEETPAGE pPSP, - ULONG lFlags, ULONG lPSP) + ULONG lFlags, ULONG lPSP) { + (void)pPSP; + (void)lFlags; + (void)lPSP; } Modified: trunk/src/recipient-dialog.c =================================================================== --- trunk/src/recipient-dialog.c 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/recipient-dialog.c 2008-10-17 19:04:00 UTC (rev 273) @@ -221,7 +221,7 @@ } val = key->uids->validity; - if (val < 0 || val > 5) + if (val > 5) val = 0; strcpy (keybuf, trust_items[val]); s = keybuf; Modified: trunk/src/user-events.cpp =================================================================== --- trunk/src/user-events.cpp 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/user-events.cpp 2008-10-17 19:04:00 UTC (rev 273) @@ -198,6 +198,8 @@ STDMETHODIMP_ (VOID) GpgolUserEvents::OnObjectChange (LPEXCHEXTCALLBACK eecb) { + (void)eecb; + if (debug_commands) log_debug ("%s:%s: received\n", SRCNAME, __func__); } Modified: trunk/src/w32-gettext.c =================================================================== --- trunk/src/w32-gettext.c 2008-10-17 18:22:02 UTC (rev 272) +++ trunk/src/w32-gettext.c 2008-10-17 19:04:00 UTC (rev 273) @@ -773,6 +773,8 @@ LANGID langid; int primary, sub; + (void)category; + /* Let the user override the system settings through environment variables, as on POSIX systems. */ retval = getenv ("LC_ALL"); @@ -1778,6 +1780,8 @@ char * dgettext (const char *domainname, const char *msgid) { + (void)domainname; + /* For now, support only one domain. */ return (char*)gettext (msgid); } From cvs at cvs.gnupg.org Fri Oct 17 21:18:47 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 17 Oct 2008 21:18:47 +0200 Subject: [svn] GnuPG - r4853 - in trunk: . agent common g10 jnlib scd Message-ID: Author: wk Date: 2008-10-17 21:18:46 +0200 (Fri, 17 Oct 2008) New Revision: 4853 Modified: trunk/ChangeLog trunk/agent/ChangeLog trunk/agent/call-scd.c trunk/agent/command.c trunk/common/ChangeLog trunk/common/miscellaneous.c trunk/common/util.h trunk/configure.ac trunk/g10/ChangeLog trunk/g10/main.h trunk/g10/pubkey-enc.c trunk/jnlib/dynload.h trunk/scd/ChangeLog trunk/scd/command.c Log: Use more warning options with modern GCCs. Other minor changes. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/ChangeLog 2008-10-17 19:18:46 UTC (rev 4853) @@ -1,3 +1,7 @@ +2008-10-17 Werner Koch + + * configure.ac: Use more warning options with modern GCCs. + 2008-09-29 Werner Koch * configure.ac: Require libgcrypt 1.4. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/agent/ChangeLog 2008-10-17 19:18:46 UTC (rev 4853) @@ -1,3 +1,8 @@ +2008-10-17 Werner Koch + + * call-scd.c (start_scd) [W32]: Use snprintf again because we now + always use the estream variant. + 2008-10-15 Werner Koch * call-scd.c (start_scd): Enable assuan loggging if requested. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/common/ChangeLog 2008-10-17 19:18:46 UTC (rev 4853) @@ -1,3 +1,7 @@ +2008-10-17 Werner Koch + + * util.h (snprintf) [W32]: Redefine to estream_snprintf. + 2008-09-03 Werner Koch * convert.c (hex2str): New. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/g10/ChangeLog 2008-10-17 19:18:46 UTC (rev 4853) @@ -1,9 +1,16 @@ +2008-10-17 Werner Koch + + * main.h (idea_cipher_warn): Use do while construct in place of an + empty definition. + 2008-10-03 David Shaw - * main.h, mainproc.c (check_sig_and_print), - keylist.c (list_keyblock_print), pkclist.c (do_edit_ownertrust), - keyedit.c (menu_showphoto), photoid.c (generate_photo_id, - show_photos), misc.c (pct_expando): Add %v and %V expandos so + * main.h, mainproc.c (check_sig_and_print) + * keylist.c (list_keyblock_print) + * pkclist.c (do_edit_ownertrust) + * keyedit.c (menu_showphoto) + * photoid.c (generate_photo_id, show_photos) + * misc.c (pct_expando): Add %v and %V expandos so that displaying photo IDs can show the attribute validity tag (%v) and string (%V). Originally by Daniel Gillmor. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/scd/ChangeLog 2008-10-17 19:18:46 UTC (rev 4853) @@ -1,3 +1,8 @@ +2008-10-16 Werner Koch + + * command.c (cmd_disconnect): New dummy command. + (register_commands): Register command. + 2008-10-15 Werner Koch * command.c (scd_command_handler): Return true if there is no more Modified: trunk/agent/call-scd.c =================================================================== --- trunk/agent/call-scd.c 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/agent/call-scd.c 2008-10-17 19:18:46 UTC (rev 4853) @@ -381,10 +381,8 @@ char buf[100]; #ifdef HAVE_W32_SYSTEM - /* Use estream snprintf due to a bug in mingw32 related to the l - modifier. */ - estream_snprintf (buf, sizeof buf, "OPTION event-signal=%lx", - (unsigned long)get_agent_scd_notify_event ()); + snprintf (buf, sizeof buf, "OPTION event-signal=%lx", + (unsigned long)get_agent_scd_notify_event ()); #else snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2); #endif Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/agent/command.c 2008-10-17 19:18:46 UTC (rev 4853) @@ -80,7 +80,7 @@ -/* To help polling clients, we keep tarck of the number of certain +/* To help polling clients, we keep track of the number of certain events. This structure keeps those counters. The counters are integers and there should be no problem if they are overflowing as callers need to check only whether a counter changed. The actual Modified: trunk/common/miscellaneous.c =================================================================== --- trunk/common/miscellaneous.c 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/common/miscellaneous.c 2008-10-17 19:18:46 UTC (rev 4853) @@ -31,6 +31,8 @@ static void my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr) { + (void)dummy; + /* Map the log levels. */ switch (level) { @@ -51,6 +53,8 @@ static void my_gcry_fatalerror_handler (void *opaque, int rc, const char *text) { + (void)opaque; + log_fatal ("libgcrypt problem: %s\n", text ? text : gpg_strerror (rc)); abort (); } @@ -64,6 +68,8 @@ { static int been_here; /* Used to protect against recursive calls. */ + (void)opaque; + if (!been_here) { been_here = 1; @@ -140,6 +146,8 @@ #define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A')) const unsigned char *s; + (void)reserved; + for (s = buffer; length; s++, length--) { putc ( tohex ((*s>>4)&15), fp); Modified: trunk/common/util.h =================================================================== --- trunk/common/util.h 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/common/util.h 2008-10-17 19:18:46 UTC (rev 4853) @@ -46,7 +46,13 @@ #define asprintf estream_asprintf #define vasprintf estream_vasprintf +/* Due to a bug in mingw32's snprintf related to the 'l' modifier we + better use our snprintf. */ +#ifdef HAVE_W32_SYSTEM +#define snprintf estream_snprintf +#endif + /* GCC attributes. */ #if __GNUC__ >= 4 # define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a))) @@ -260,6 +266,7 @@ static inline char * ttyname (int fd) { + (void)fd; return NULL; } #endif /* !HAVE_TTYNAME */ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/configure.ac 2008-10-17 19:18:46 UTC (rev 4853) @@ -1248,6 +1248,24 @@ if test "$USE_MAINTAINER_MODE" = "yes"; then CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security" + AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wno-missing-field-initializers" + AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers" + fi + AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wdeclaration-after-statement" + AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -Wdeclaration-after-statement" + fi else CFLAGS="$CFLAGS -Wall" fi Modified: trunk/g10/main.h =================================================================== --- trunk/g10/main.h 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/g10/main.h 2008-10-17 19:18:46 UTC (rev 4853) @@ -93,7 +93,7 @@ #ifdef USE_IDEA void idea_cipher_warn( int show ); #else -#define idea_cipher_warn(a) +#define idea_cipher_warn(a) do { } while (0) #endif struct expando_args Modified: trunk/g10/pubkey-enc.c =================================================================== --- trunk/g10/pubkey-enc.c 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/g10/pubkey-enc.c 2008-10-17 19:18:46 UTC (rev 4853) @@ -246,7 +246,7 @@ log_info(_("cipher algorithm %d%s is unknown or disabled\n"), dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":""); if(dek->algo==CIPHER_ALGO_IDEA) - idea_cipher_warn(0); + idea_cipher_warn (0); } dek->algo = 0; goto leave; Modified: trunk/jnlib/dynload.h =================================================================== --- trunk/jnlib/dynload.h 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/jnlib/dynload.h 2008-10-17 19:18:46 UTC (rev 4853) @@ -31,6 +31,7 @@ dlopen (const char * name, int flag) { void * hd = LoadLibrary (name); + (void)flag; return hd; } Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2008-10-17 13:12:11 UTC (rev 4852) +++ trunk/scd/command.c 2008-10-17 19:18:46 UTC (rev 4853) @@ -1638,6 +1638,19 @@ } +/* DISCONNECT + + TBD + +*/ +static int +cmd_disconnect (assuan_context_t ctx, char *line) +{ + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +} + + + /* APDU [--atr] [--more] [hexstring] Send an APDU to the current reader. This command bypasses the high @@ -1756,6 +1769,7 @@ { "UNLOCK", cmd_unlock }, { "GETINFO", cmd_getinfo }, { "RESTART", cmd_restart }, + { "DISCONNECT", cmd_disconnect }, { "APDU", cmd_apdu }, { NULL } }; From cvs at cvs.gnupg.org Fri Oct 17 23:03:00 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 17 Oct 2008 23:03:00 +0200 Subject: [svn] gpgme - r1337 - trunk Message-ID: Author: marcus Date: 2008-10-17 23:03:00 +0200 (Fri, 17 Oct 2008) New Revision: 1337 Modified: trunk/NEWS trunk/configure.ac Log: Post-release changes. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-17 18:57:49 UTC (rev 1336) +++ trunk/NEWS 2008-10-17 21:03:00 UTC (rev 1337) @@ -1,6 +1,14 @@ -Noteworthy changes in version 1.1.7 (2008-10-177) +Noteworthy changes in version 1.1.7 (unreleased) ------------------------------------------------ + * Interface changes relative to the 1.1.7 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +Noteworthy changes in version 1.1.7 (2008-10-17) +------------------------------------------------ + * Using GPGME_KEYLIST_MODE_LOCAL combined with GPGME_KEYLIST_MODE_EXTERN is now supported; it uses the --locate-keys feature of gpg (>= 2.0.10). Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-17 18:57:49 UTC (rev 1336) +++ trunk/configure.ac 2008-10-17 21:03:00 UTC (rev 1337) @@ -31,8 +31,8 @@ # specific feature can already be done under the assumption that the # SVN version is the most recent one in a branch. To disable the SVN # version for the real release, set the my_issvn macro to no. -m4_define(my_version, [1.1.7]) -m4_define(my_issvn, [no]) +m4_define(my_version, [1.1.8]) +m4_define(my_issvn, [yes]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) From cvs at cvs.gnupg.org Fri Oct 17 23:08:30 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 17 Oct 2008 23:08:30 +0200 Subject: [svn] w32pth - r29 - trunk Message-ID: Author: marcus Date: 2008-10-17 23:08:30 +0200 (Fri, 17 Oct 2008) New Revision: 29 Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac Log: 2008-10-17 Marcus Brinkmann Released 2.0.2. * configure.ac (W32PTH_LT_CURRENT, W32PTH_LT_AGE): Bump. (W32PTH_LT_REVISION): Reset. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-15 13:02:18 UTC (rev 28) +++ trunk/ChangeLog 2008-10-17 21:08:30 UTC (rev 29) @@ -1,3 +1,10 @@ +2008-10-17 Marcus Brinkmann + + Released 2.0.2. + + * configure.ac (W32PTH_LT_CURRENT, W32PTH_LT_AGE): Bump. + (W32PTH_LT_REVISION): Reset. + 2008-10-15 Werner Koch * w32-pth.c (thread_counter): New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-15 13:02:18 UTC (rev 28) +++ trunk/NEWS 2008-10-17 21:08:30 UTC (rev 29) @@ -1,4 +1,4 @@ -Noteworthy changes in version 2.0.2 +Noteworthy changes in version 2.0.2 (2008-10-17) ------------------------------------------------ * Support pipes created with non-standard extensions pth_pipe and Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-15 13:02:18 UTC (rev 28) +++ trunk/configure.ac 2008-10-17 21:08:30 UTC (rev 29) @@ -1,5 +1,5 @@ # configure.ac - for w32pth -# Copyright (C) 2007 g10 Code GmbH +# Copyright (C) 2007, 2008 g10 Code GmbH # # This file is part of W32PTH # @@ -27,7 +27,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [2.0.2]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -39,9 +39,9 @@ # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) # Please remember to document interface changes in the NEWS file. -W32PTH_LT_CURRENT=0 -W32PTH_LT_AGE=0 -W32PTH_LT_REVISION=1 +W32PTH_LT_CURRENT=1 +W32PTH_LT_AGE=1 +W32PTH_LT_REVISION=0 #------------------- # If the API is changed in an incompatible way: increment the next counter. W32PTH_CONFIG_API_VERSION=1 From cvs at cvs.gnupg.org Sat Oct 18 01:10:27 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Sat, 18 Oct 2008 01:10:27 +0200 Subject: [svn] gpgme - r1338 - trunk/gpgme Message-ID: Author: marcus Date: 2008-10-18 01:10:26 +0200 (Sat, 18 Oct 2008) New Revision: 1338 Modified: trunk/gpgme/ChangeLog trunk/gpgme/w32-util.c Log: 2008-10-18 Marcus Brinkmann * w32-util.c (find_program_in_registry): Don't define. (_gpgme_get_gpg_path, _gpgme_get_gpgsm_path) (_gpgme_get_gpgconf_path): Do not check for fooProgram in the registry anymore. It is now no longer possible to overwrite the default location in that way. Modified: trunk/gpgme/ChangeLog =================================================================== --- trunk/gpgme/ChangeLog 2008-10-17 21:03:00 UTC (rev 1337) +++ trunk/gpgme/ChangeLog 2008-10-17 23:10:26 UTC (rev 1338) @@ -1,3 +1,11 @@ +2008-10-18 Marcus Brinkmann + + * w32-util.c (find_program_in_registry): Don't define. + (_gpgme_get_gpg_path, _gpgme_get_gpgsm_path) + (_gpgme_get_gpgconf_path): Do not check for fooProgram in the + registry anymore. It is now no longer possible to overwrite the + default location in that way. + 2008-10-17 Werner Koch * w32-glib-io.c (_gpgme_io_fd2str): Use "%d" and not "%ld" to work Modified: trunk/gpgme/w32-util.c =================================================================== --- trunk/gpgme/w32-util.c 2008-10-17 21:03:00 UTC (rev 1337) +++ trunk/gpgme/w32-util.c 2008-10-17 23:10:26 UTC (rev 1338) @@ -225,6 +225,7 @@ } +#if 0 static char * find_program_in_registry (const char *name) { @@ -245,6 +246,7 @@ } return program; } +#endif static char * @@ -307,8 +309,10 @@ static char *gpg_program; LOCK (get_path_lock); +#if 0 if (!gpg_program) gpg_program = find_program_in_registry ("gpgProgram"); +#endif if (!gpg_program) gpg_program = find_program_in_inst_dir ("gpg.exe"); if (!gpg_program) @@ -324,8 +328,10 @@ static char *gpgsm_program; LOCK (get_path_lock); +#if 0 if (!gpgsm_program) gpgsm_program = find_program_in_registry ("gpgsmProgram"); +#endif if (!gpgsm_program) gpgsm_program = find_program_in_inst_dir ("gpgsm.exe"); if (!gpgsm_program) @@ -341,8 +347,10 @@ static char *gpgconf_program; LOCK (get_path_lock); +#if 0 if (!gpgconf_program) gpgconf_program = find_program_in_registry ("gpgconfProgram"); +#endif if (!gpgconf_program) gpgconf_program = find_program_in_inst_dir ("gpgconf.exe"); if (!gpgconf_program) From cvs at cvs.gnupg.org Sun Oct 19 18:10:47 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Sun, 19 Oct 2008 18:10:47 +0200 Subject: [svn] GnuPG - r4854 - trunk/common Message-ID: Author: wk Date: 2008-10-19 18:10:46 +0200 (Sun, 19 Oct 2008) New Revision: 4854 Modified: trunk/common/ChangeLog trunk/common/estream-printf.c trunk/common/t-gettime.c Log: Fix a bug in estream_snprintf. Found by a failed t-gettime under Windows. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2008-10-17 19:18:46 UTC (rev 4853) +++ trunk/common/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) @@ -1,3 +1,9 @@ +2008-10-19 Werner Koch + + * estream-printf.c (estream_vsnprintf): Fix return value. + (check_snprintf): Add a new test. + (one_test) [W32]: Disable test. + 2008-10-17 Werner Koch * util.h (snprintf) [W32]: Redefine to estream_snprintf. Modified: trunk/common/estream-printf.c =================================================================== --- trunk/common/estream-printf.c 2008-10-17 19:18:46 UTC (rev 4853) +++ trunk/common/estream-printf.c 2008-10-19 16:10:46 UTC (rev 4854) @@ -1,5 +1,5 @@ /* estream-printf.c - Versatile C-99 compliant printf formatting - * Copyright (C) 2007 g10 Code GmbH + * Copyright (C) 2007, 2008 g10 Code GmbH * * This file is part of Libestream. * @@ -1224,6 +1224,9 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg, argspec_t arg, value_t value, size_t *nbytes) { + (void)outfnc; + (void)outfncarg; + switch (arg->vt) { case VALTYPE_SCHAR_PTR: @@ -1647,7 +1650,7 @@ struct fixed_buffer_parm_s parm; int rc; - parm.size = bufsize? bufsize-1:0; + parm.size = bufsize; parm.count = 0; parm.used = 0; parm.buffer = bufsize?buf:NULL; @@ -1656,9 +1659,10 @@ rc = fixed_buffer_out (&parm, "", 1); /* Print terminating Nul. */ if (rc == -1) return -1; - if (bufsize && buf && parm.count >= parm.size) + if (bufsize && buf && parm.size && parm.count >= parm.size) buf[parm.size-1] = 0; + parm.count--; /* Do not count the trailing nul. */ return (int)parm.count; /* Return number of bytes which would have been written. */ } @@ -1788,6 +1792,18 @@ static int one_test (const char *format, ...) { +#ifdef _WIN32 + { + static int show; + + if (!show) + { + /* We do not have a system vasprintf. */ + printf ("one-test: disabled under W32\n"); + show = 1; + } + } +#else int rc1, rc2; va_list arg_ptr; char *buf1, *buf2; @@ -1824,7 +1840,7 @@ free (buf2); free (buf1); - +#endif return 0; } @@ -2021,23 +2037,37 @@ check_snprintf (void) { char buffer[20]; - int rc; + int rc, rc2; + size_t tmplen, blen, blen2; rc = estream_snprintf (buffer, 0, "%*s", 18, ""); - if (rc != 19) + if (rc != 18) printf ("rc=%d\n", rc ); rc = estream_snprintf (buffer, sizeof buffer, "%*s", 18, ""); - if (rc != 19) + if (rc != 18) printf ("rc=%d, strlen(buffer)=%d\n", rc, (int)strlen (buffer)); rc = estream_snprintf (buffer, sizeof buffer, "%*s", 19, ""); - if (rc != 20) + if (rc != 19) printf ("rc=%d, strlen(buffer)=%d\n", rc, (int)strlen (buffer)); rc = estream_snprintf (buffer, sizeof buffer, "%*s", 20, ""); - if (rc != 21) + if (rc != 20) printf ("rc=%d, strlen(buffer)=%d\n", rc, (int)strlen (buffer)); rc = estream_snprintf (buffer, sizeof buffer, "%*s", 21, ""); - if (rc != 22) + if (rc != 21) printf ("rc=%d, strlen(buffer)=%d\n", rc, (int)strlen (buffer)); + + for (tmplen = 0; tmplen <= sizeof buffer; tmplen++) + { + rc = estream_snprintf (buffer, tmplen, "%04d%02d%02dT%02d%02d%02d", + 1998, 9, 7, 16, 56, 05); + blen = strlen (buffer); + rc2 = snprintf (buffer, tmplen, "%04d%02d%02dT%02d%02d%02d", + 1998, 9, 7, 16, 56, 05); + blen2 = strlen (buffer); + if (rc != rc2 || blen != blen2) + printf ("snprintf test with len %u gives %d instead of %d (%d,%d)\n", + (unsigned int)tmplen, rc, rc2, blen, blen2); + } } Modified: trunk/common/t-gettime.c =================================================================== --- trunk/common/t-gettime.c 2008-10-17 19:18:46 UTC (rev 4853) +++ trunk/common/t-gettime.c 2008-10-19 16:10:46 UTC (rev 4854) @@ -75,7 +75,12 @@ { epoch2isotime (tbuf, val); if (strlen (tbuf) != 15) - fail (idx); + { + if (verbose) + fprintf (stderr, "string `%s', time-t %ld, revert: `%s'\n", + array[idx].string, (long)val, tbuf); + fail (idx); + } if (strncmp (array[idx].string, tbuf, 15)) fail (idx); } From cvs at cvs.gnupg.org Mon Oct 20 15:53:26 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 20 Oct 2008 15:53:26 +0200 Subject: [svn] GnuPG - r4855 - in trunk: . agent common g10 jnlib kbx keyserver scd sm tests tools Message-ID: Author: wk Date: 2008-10-20 15:53:23 +0200 (Mon, 20 Oct 2008) New Revision: 4855 Modified: trunk/ChangeLog trunk/agent/ChangeLog trunk/agent/call-pinentry.c trunk/agent/call-scd.c trunk/agent/command-ssh.c trunk/agent/command.c trunk/agent/findkey.c trunk/agent/genkey.c trunk/agent/protect-tool.c trunk/agent/t-protect.c trunk/autogen.sh trunk/common/ChangeLog trunk/common/asshelp.c trunk/common/audit.c trunk/common/estream.c trunk/common/exechelp.c trunk/common/http.c trunk/common/iobuf.c trunk/common/localename.c trunk/common/signal.c trunk/common/sysutils.c trunk/common/t-convert.c trunk/common/t-sexputil.c trunk/g10/ChangeLog trunk/g10/build-packet.c trunk/g10/call-agent.c trunk/g10/card-util.c trunk/g10/cpr.c trunk/g10/getkey.c trunk/g10/gpg.c trunk/g10/gpgv.c trunk/g10/import.c trunk/g10/keydb.c trunk/g10/keyedit.c trunk/g10/keygen.c trunk/g10/keyring.c trunk/g10/misc.c trunk/g10/parse-packet.c trunk/g10/passphrase.c trunk/g10/server.c trunk/g10/tdbdump.c trunk/g10/trustdb.c trunk/g10/verify.c trunk/jnlib/ChangeLog trunk/jnlib/argparse.c trunk/jnlib/dotlock.c trunk/jnlib/stringhelp.c trunk/jnlib/t-stringhelp.c trunk/jnlib/w32-afunix.c trunk/kbx/ChangeLog trunk/kbx/kbxutil.c trunk/kbx/keybox-blob.c trunk/kbx/keybox-dump.c trunk/kbx/keybox-search.c trunk/kbx/keybox-update.c trunk/keyserver/ChangeLog trunk/keyserver/curl-shim.c trunk/scd/ChangeLog trunk/scd/apdu.c trunk/scd/app-nks.c trunk/scd/app-openpgp.c trunk/scd/app.c trunk/scd/ccid-driver.c trunk/scd/command.c trunk/scd/pcsc-wrapper.c trunk/scd/scdaemon.c trunk/sm/ChangeLog trunk/sm/call-agent.c trunk/sm/call-dirmngr.c trunk/sm/certchain.c trunk/sm/certlist.c trunk/sm/gpgsm.c trunk/sm/import.c trunk/sm/keydb.c trunk/sm/keylist.c trunk/sm/qualified.c trunk/sm/server.c trunk/tests/ChangeLog trunk/tests/asschk.c trunk/tools/ChangeLog trunk/tools/gpg-connect-agent.c trunk/tools/gpgparsemail.c trunk/tools/gpgsplit.c trunk/tools/no-libgcrypt.c Log: Marked all unused args on non-W32 platforms. [The diff below has been truncated] Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,7 @@ +2008-10-20 Werner Koch + + * + 2008-10-17 Werner Koch * configure.ac: Use more warning options with modern GCCs. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,20 @@ +2008-10-20 Werner Koch + + * command.c (cmd_geteventcounter): Mark unused arg. + (cmd_listtrusted, cmd_pksign, cmd_pkdecrypt, cmd_genkey): Ditto. + (cmd_updatestartuptty, post_cmd_notify): Ditto. + * command-ssh.c (add_control_entry) + (ssh_handler_request_identities, ssh_handler_remove_identity) + (ssh_handler_remove_all_identities, ssh_handler_lock) + (ssh_handler_unlock): Ditto. + * call-pinentry.c (pinentry_active_p, popup_message_thread) + (agent_popup_message_stop): Ditto. + * findkey.c (agent_public_key_from_file): Ditto. + * genkey.c (check_passphrase_pattern): Ditto. + * call-scd.c (atfork_cb): Ditto. + * protect-tool.c (import_p12_cert_cb): Ditto. + * t-protect.c (main): Ditto. + 2008-10-17 Werner Koch * call-scd.c (start_scd) [W32]: Use snprintf again because we now Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,24 @@ +2008-10-20 Werner Koch + + + * http.c (http_register_tls_callback) [!HTTP_USE_GNUTLS]: Mark + unused arg. + * localename.c (do_nl_locale_name): Ditto. + * audit.c (event2str): Silent gcc warning. + * sysutils.c (translate_sys2libc_fd): Mark unused arg. + (translate_sys2libc_fd_int): Ditto. + * iobuf.c (translate_file_handle): Ditto. + * asshelp.c (send_one_option): Ditto. + * exechelp.c (gnupg_spawn_process): Ditto. + * signal.c (got_usr_signal): Ditto + * estream.c (es_func_fd_create) [!W32]: Ditto. + (es_func_fp_create) [!W32]: Ditto. + (es_write_hexstring): Ditto. + (dummy_mutex_call_void, dummy_mutex_call_int) [HAVE_PTH]: New. + (ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK, ESTREAM_MUTEX_TRYLOCK) + (ESTREAM_MUTEX_INITIALIZE) [HAVE_PTH]: Use dummy calls so to mark + unused arg. + 2008-10-19 Werner Koch * estream-printf.c (estream_vsnprintf): Fix return value. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,47 @@ +2008-10-20 Werner Koch + + * gpgv.c: Mark all args of the stub fucntions as unused. + + * card-util.c (generate_card_keys): Remove unused arg SERIALNO and + adjust caller. + + * build-packet.c (write_sign_packet_header): Mark unused arg. + * gpg.c (gpg_init_default_ctrl, gpg_deinit_default_ctrl): Ditto. + * getkey.c (skip_unusable): Ditto. + (write_version): Ditto. + * keydb.c (keydb_locate_writable): Ditto. + * keyring.c (update_offset_hash_table): Ditto. + (keyring_lock): Ditto. + * misc.c (register_secured_file): Ditto. + (unregister_secured_file): Ditto. + (is_secured_file): Ditto. + (is_secured_filename): Ditto. + * parse-packet.c (parse_marker): Ditto. + (parse_key, parse_attribute): Ditto. + (parse_trust, parse_compressed, parse_mdc, parse_gpg_control): Ditto. + * cpr.c (progress_cb): Ditto. + * passphrase.c (passphrase_clear_cache): Ditto. + (ask_passphrase): Ditto. + * keyedit.c (keyedit_completion): Ditto. + * import.c (import_revoke_cert): Ditto. + (chk_self_sigs, delete_inv_parts, append_uid): Ditto. + (merge_sigs, merge_keysigs, append_key): Ditto. + * trustdb.c (list_trust_path): Ditto. + (enum_cert_paths, enum_cert_paths_print): Ditto. + * tdbdump.c (list_trustdb): Ditto. + * keygen.c (keygen_upd_std_prefs): Ditto. + (genhelp_factors): Ditto. + * call-agent.c (agent_scd_setattr): Ditto. + (agent_scd_writekey, agent_scd_change_pin, agent_scd_genkey): Ditto. + (agent_clear_pin_cache): Ditto. + + * server.c (option_handler): Mark non yet used arg. + (input_notify, output_notify): Ditto. + (cmd_recipient, cmd_signer, cmd_encrypt, cmd_decrypt, cmd_verify) + (cmd_sign, cmd_import, cmd_export, cmd_delkeys, do_listkeys) + (cmd_genkey): Ditto. + * verify.c (gpg_verify): Ditto. + 2008-10-17 Werner Koch * main.h (idea_cipher_warn): Use do while construct in place of an Modified: trunk/jnlib/ChangeLog =================================================================== --- trunk/jnlib/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/jnlib/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,13 @@ +2008-10-20 Werner Koch + + * w32-afunix.c (_w32_sock_connect): Mark ADDRLEN as unused. + + * dotlock.c (release_dotlock): Do not mix declaration and code. + + * stringhelp.c (make_basename): Silent gcc warning about unused arg. + * argparse.c (store_alias): Ditto. + (find_long_option): + 2008-10-15 Werner Koch * logging.c (do_logv) [W32]: Flush the log stream. Modified: trunk/kbx/ChangeLog =================================================================== --- trunk/kbx/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/kbx/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,14 @@ +2008-10-20 Werner Koch + + * keybox-update.c (blob_filecopy): Remove unused arg n_packets. + (keybox_insert_cert): Adjust for that. + (keybox_update_cert): Mark unused args. + (keybox_set_flags): Ditto. + * keybox-blob.c (create_blob_trailer): Ditto. + * keybox-search.c (keybox_get_flags): Ditto. + * keybox-dump.c (_keybox_dump_find_dups): Ditto. + * kbxutil.c (my_gcry_logger): Ditto. + 2008-05-06 Werner Koch * keybox-file.c (_keybox_read_blob2): Return GPG_ERR_TOO_SHORT if Modified: trunk/keyserver/ChangeLog =================================================================== --- trunk/keyserver/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/keyserver/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,8 @@ +2008-10-20 Werner Koch + + * curl-shim.c (curl_global_init): Mark usused arg. + (curl_version_info): Ditto. + 2008-08-29 Werner Koch * gpgkeys_kdns.c: Changed copyright notice to the FSF. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/scd/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,21 @@ +2008-10-20 Werner Koch + + * pcsc-wrapper.c (read_32): Use provided arg and not stdin. Is + called with stdin, though. + (handle_close): Mark unused arg. + (handle_status, handle_reset): Ditto. + + * ccid-driver.c (ccid_check_card_presence): Mark not yet used arg. + + * scdaemon.c (scd_deinit_default_ctrl): Mark unused arg. + * command.c (cmd_unlock, cmd_restart, cmd_disconnect): Ditto. + * apdu.c (ct_get_status): Ditto. + (ct_send_apdu, pcsc_send_apdu_wrapped) + (apdu_open_remote_reader): Ditto. + * app.c (select_application): Ditto. + * app-openpgp.c (do_writecert, do_change_pin, do_writekey): Ditto. + * app-nks.c (do_change_pin, do_check_pin): Ditto. + 2008-10-16 Werner Koch * command.c (cmd_disconnect): New dummy command. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/sm/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,21 @@ +2008-10-20 Werner Koch + + * keydb.c (keydb_locate_writable): Mark unused arg. + (keydb_search_kid): Ditto. + (keydb_clear_some_cert_flags): Ditto. + * server.c (cmd_encrypt): Ditto. + (cmd_decrypt, cmd_verify, cmd_import, cmd_genkey): Ditto. + * call-agent.c (gpgsm_scd_pksign): Ditto. + * call-dirmngr.c (release_dirmngr, release_dirmngr2) + (run_command_cb): Ditto. + * certlist.c (gpgsm_add_cert_to_certlist): Ditto. + * certchain.c (find_up_dirmngr): Ditto. + * keylist.c (print_key_data): Ditto. + (list_cert_raw, list_cert_std): Ditto. + * qualified.c (gpgsm_is_in_qualified_list): Ditto. + + * gpgsm.c (set_binary) [!W32]: Mark unused arg. + 2008-10-17 Werner Koch * call-dirmngr.c (start_dirmngr, start_dirmngr2): Reset the lock Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/tests/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,9 @@ +2008-10-20 Werner Koch + + * asschk.c (cmd_echo): Mark unused arg. + (cmd_send, cmd_expect_ok, cmd_expect_err, cmd_pipeserver) + (cmd_quit_if, cmd_fail_if): Ditto. + 2008-09-29 Werner Koch * Makefile.am (TESTS): Remove tests. Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/tools/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) @@ -1,3 +1,13 @@ +2008-10-20 Werner Koch + + * gpgsplit.c (write_part): Remove unused arg FNAME. Change caller. + (do_split): Ditto. + + * no-libgcrypt.c (gcry_control): Mark unused arg. + * gpg-connect-agent.c (do_recvfd): Ditto. + * gpgparsemail.c (mime_signed_begin, mime_encrypted_begin): Ditto. + (pkcs7_begin): Ditto. + 2008-10-01 Werner Koch * gpg-connect-agent.c (main): New command datafile. Modified: trunk/agent/call-pinentry.c =================================================================== --- trunk/agent/call-pinentry.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/call-pinentry.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -410,6 +410,8 @@ int pinentry_active_p (ctrl_t ctrl, int waitseconds) { + (void)ctrl; + if (waitseconds > 0) { pth_event_t evt; @@ -935,6 +937,8 @@ static void * popup_message_thread (void *arg) { + (void)arg; + /* We use the --one-button hack instead of the MESSAGE command to allow the use of old Pinentries. Those old Pinentries will then show an additional Cancel button but that is mostly a visual @@ -1008,6 +1012,8 @@ int rc; pid_t pid; + (void)ctrl; + if (!popup_tid || !entry_ctx) { log_debug ("agent_popup_message_stop called with no active popup\n"); Modified: trunk/agent/call-scd.c =================================================================== --- trunk/agent/call-scd.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/call-scd.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -191,6 +191,8 @@ static void atfork_cb (void *opaque, int where) { + (void)opaque; + if (!where) gcry_control (GCRYCTL_TERM_SECMEM); } Modified: trunk/agent/command-ssh.c =================================================================== --- trunk/agent/command-ssh.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/command-ssh.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -782,6 +782,8 @@ FILE *fp; int disabled; + (void)ctrl; + err = open_control_file (&fp, 1); if (err) return err; @@ -1782,6 +1784,8 @@ char *cardsn; gpg_error_t ret_err; + (void)request; + /* Prepare buffer stream. */ key_directory = NULL; @@ -2541,6 +2545,8 @@ gpg_error_t ret_err; gpg_error_t err; + (void)ctrl; + /* Receive key. */ key_blob = NULL; @@ -2590,6 +2596,9 @@ { gpg_error_t ret_err; gpg_error_t err; + + (void)ctrl; + (void)request; err = ssh_identities_remove_all (); @@ -2632,6 +2641,9 @@ { gpg_error_t ret_err; gpg_error_t err; + + (void)ctrl; + (void)request; err = ssh_lock (); @@ -2650,6 +2662,9 @@ gpg_error_t ret_err; gpg_error_t err; + (void)ctrl; + (void)request; + err = ssh_unlock (); if (! err) Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/command.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -357,6 +357,8 @@ char key_counter[25]; char card_counter[25]; + (void)line; + snprintf (any_counter, sizeof any_counter, "%u", eventcounter.any); snprintf (key_counter, sizeof key_counter, "%u", eventcounter.key); snprintf (card_counter, sizeof card_counter, "%u", eventcounter.card); @@ -436,7 +438,11 @@ static int cmd_listtrusted (assuan_context_t ctx, char *line) { - int rc = agent_listtrusted (ctx); + int rc; + + (void)line; + + rc = agent_listtrusted (ctx); if (rc) log_error ("command listtrusted failed: %s\n", gpg_strerror (rc)); return rc; @@ -652,6 +658,8 @@ ctrl_t ctrl = assuan_get_pointer (ctx); membuf_t outbuf; + (void)line; + if (opt.ignore_cache_for_signing) cache_mode = CACHE_MODE_IGNORE; else if (!ctrl->server_local->use_cache_for_signing) @@ -685,6 +693,8 @@ size_t valuelen; membuf_t outbuf; + (void)line; + /* First inquire the data to decrypt */ rc = assuan_inquire (ctx, "CIPHERTEXT", &value, &valuelen, MAXLEN_CIPHERTEXT); @@ -731,6 +741,8 @@ size_t valuelen; membuf_t outbuf; + (void)line; + /* First inquire the parameters */ rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM); if (rc) @@ -1312,6 +1324,8 @@ { ctrl_t ctrl = assuan_get_pointer (ctx); + (void)line; + xfree (opt.startup_display); opt.startup_display = NULL; xfree (opt.startup_ttyname); opt.startup_ttyname = NULL; xfree (opt.startup_ttytype); opt.startup_ttytype = NULL; @@ -1505,6 +1519,8 @@ post_cmd_notify (assuan_context_t ctx, int err) { ctrl_t ctrl = assuan_get_pointer (ctx); + + (void)err; /* Switch off any I/O monitor controlled logging pausing. */ ctrl->server_local->pause_io_logging = 0; Modified: trunk/agent/findkey.c =================================================================== --- trunk/agent/findkey.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/findkey.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -669,6 +669,8 @@ const char *elems; gcry_mpi_t *array; + (void)ctrl; + *result = NULL; rc = read_key_file (grip, &s_skey); Modified: trunk/agent/genkey.c =================================================================== --- trunk/agent/genkey.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/genkey.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -99,6 +99,8 @@ pid_t pid; int result, i; + (void)ctrl; + infp = gnupg_tmpfile (); if (!infp) { Modified: trunk/agent/protect-tool.c =================================================================== --- trunk/agent/protect-tool.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/protect-tool.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -630,6 +630,8 @@ struct b64state state; gpg_error_t err, err2; + (void)opaque; + err = b64enc_start (&state, stdout, "CERTIFICATE"); if (!err) err = b64enc_write (&state, cert, certlen); Modified: trunk/agent/t-protect.c =================================================================== --- trunk/agent/t-protect.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/agent/t-protect.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -294,6 +294,9 @@ int main (int argc, char **argv) { + (void)argc; + (void)argv; + gcry_control (GCRYCTL_DISABLE_SECMEM); test_agent_protect (); Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/autogen.sh 2008-10-20 13:53:23 UTC (rev 4855) @@ -208,4 +208,6 @@ echo "Running autoconf${FORCE} ..." $AUTOCONF${FORCE} -echo "You may now run \"./configure --sysconfdir=/etc --enable-maintainer-mode && make\"." +echo "You may now run: + ./configure --sysconfdir=/etc --enable-maintainer-mode && make +" Modified: trunk/common/asshelp.c =================================================================== --- trunk/common/asshelp.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/asshelp.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -42,6 +42,8 @@ gpg_error_t err; char *optstr; + (void)errsource; + if (!value || !*value) err = 0; /* Avoid sending empty strings. */ else if (asprintf (&optstr, "OPTION %s=%s", name, value ) < 0) Modified: trunk/common/audit.c =================================================================== --- trunk/common/audit.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/audit.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -115,7 +115,9 @@ static const char * event2str (audit_event_t event) { - int idx = eventstr_msgidxof (event); + /* We need the cast so that compiler does not complain about an + always true comparison (>= 0) for an unsigned value. */ + int idx = eventstr_msgidxof ((int)event); if (idx == -1) return "Unknown event"; else Modified: trunk/common/estream.c =================================================================== --- trunk/common/estream.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/estream.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -114,11 +114,25 @@ #else typedef void *estream_mutex_t; + +static inline void +dummy_mutex_call_void (estream_mutex_t mutex) +{ + (void)mutex; +} + +static inline int +dummy_mutex_call_int (estream_mutex_t mutex) +{ + (void)mutex; + return 0; +} + # define ESTREAM_MUTEX_INITIALIZER NULL -# define ESTREAM_MUTEX_LOCK(mutex) (void) 0 -# define ESTREAM_MUTEX_UNLOCK(mutex) (void) 0 -# define ESTREAM_MUTEX_TRYLOCK(mutex) 0 -# define ESTREAM_MUTEX_INITIALIZE(mutex) (void) 0 +# define ESTREAM_MUTEX_LOCK(mutex) dummy_mutex_call_void ((mutex)) +# define ESTREAM_MUTEX_UNLOCK(mutex) dummy_mutex_call_void ((mutex)) +# define ESTREAM_MUTEX_TRYLOCK(mutex) dummy_mutex_call_int ((mutex)) +# define ESTREAM_MUTEX_INITIALIZE(mutex) dummy_mutex_call_void ((mutex)) #endif /* Primitive system I/O. */ @@ -183,11 +197,7 @@ }; static estream_list_t estream_list; -#ifdef HAVE_PTH -/* Note that we can't use a static initialization with W32Pth, thus we - do it in es_init. */ static estream_mutex_t estream_list_lock; -#endif #define ESTREAM_LIST_LOCK ESTREAM_MUTEX_LOCK (estream_list_lock) #define ESTREAM_LIST_UNLOCK ESTREAM_MUTEX_UNLOCK (estream_list_lock) @@ -620,6 +630,8 @@ /* Make sure it is in binary mode if requested. */ if ( (modeflags & O_BINARY) ) setmode (fd, O_BINARY); +#else + (void)modeflags; #endif fd_cookie->fd = fd; fd_cookie->no_close = no_close; @@ -721,7 +733,8 @@ /* Create function for fd objects. */ static int -es_func_fp_create (void **cookie, FILE *fp, unsigned int modeflags, int no_close) +es_func_fp_create (void **cookie, FILE *fp, + unsigned int modeflags, int no_close) { estream_cookie_fp_t fp_cookie; int err; @@ -735,6 +748,8 @@ /* Make sure it is in binary mode if requested. */ if ( (modeflags & O_BINARY) ) setmode (fileno (fp), O_BINARY); +#else + (void)modeflags; #endif fp_cookie->fp = fp; fp_cookie->no_close = no_close; @@ -3145,6 +3160,8 @@ const unsigned char *s; size_t count = 0; + (void)reserved; + #define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A')) if (!length) Modified: trunk/common/exechelp.c =================================================================== --- trunk/common/exechelp.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/exechelp.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -351,6 +351,8 @@ char *cmdline; int fd, fdout, rp[2]; + (void)preexec; + /* Setup return values. */ *statusfile = NULL; *pid = (pid_t)(-1); @@ -452,6 +454,8 @@ gpg_error_t err; int fd, fdout, rp[2]; + (void)flags; /* Currently not used. */ + *statusfile = NULL; *pid = (pid_t)(-1); fflush (infile); @@ -767,8 +771,8 @@ to pass the GPG_AGENT_INFO variable to gpg-agent. As the default on windows is to use a standard socket, this does not really matter. */ + (void)envp; - if (access (pgmname, X_OK)) return gpg_error_from_syserror (); Modified: trunk/common/http.c =================================================================== --- trunk/common/http.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/http.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -304,6 +304,8 @@ { #ifdef HTTP_USE_GNUTLS tls_callback = (gpg_error_t (*) (http_t, gnutls_session_t, int))cb; +#else + (void)cb; #endif } Modified: trunk/common/iobuf.c =================================================================== --- trunk/common/iobuf.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/iobuf.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -412,14 +412,20 @@ size_t nbytes = 0; int rc = 0; + (void)chain; /* Not used. */ + #ifdef FILE_FILTER_USES_STDIO if (control == IOBUFCTRL_UNDERFLOW) { - assert (size); /* need a buffer */ + assert (size); /* We need a buffer. */ if (feof (f)) - { /* On terminals you could easiely read as many EOFs as you call */ - rc = -1; /* fread() or fgetc() repeatly. Every call will block until you press */ - *ret_len = 0; /* CTRL-D. So we catch this case before we call fread() again. */ + { + /* On terminals you could easily read as many EOFs as you + call fread() or fgetc() repeatly. Every call will block + until you press CTRL-D. So we catch this case before we + call fread() again. */ + rc = -1; + *ret_len = 0; } else { @@ -427,7 +433,7 @@ nbytes = fread (buf, 1, size, f); if (feof (f) && !nbytes) { - rc = -1; /* okay: we can return EOF now. */ + rc = -1; /* Okay: we can return EOF now. */ } else if (ferror (f) && errno != EPIPE) { @@ -469,13 +475,13 @@ fclose (f); } f = NULL; - xfree (a); /* we can free our context now */ + xfree (a); /* We can free our context now. */ } #else /* !stdio implementation */ if (control == IOBUFCTRL_UNDERFLOW) { - assert (size); /* need a buffer */ + assert (size); /* We need a buffer. */ if (a->eof_seen) { rc = -1; @@ -620,9 +626,9 @@ } f = INVALID_FP; #endif - xfree (a); /* we can free our context now */ + xfree (a); /* We can free our context now. */ } -#endif /* !stdio implementation */ +#endif /* !stdio implementation. */ return rc; } @@ -639,6 +645,8 @@ size_t nbytes = 0; int rc = 0; + (void)chain; + if (control == IOBUFCTRL_UNDERFLOW) { assert (size); /* need a buffer */ @@ -2408,6 +2416,8 @@ # else { int x; + + (void)for_write; if (fd == 0) x = (int) GetStdHandle (STD_INPUT_HANDLE); @@ -2425,6 +2435,8 @@ fd = x; } # endif +#else + (void)for_write; #endif return fd; } Modified: trunk/common/localename.c =================================================================== --- trunk/common/localename.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/localename.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -65,6 +65,7 @@ /* Use the POSIX methods of looking to 'LC_ALL', 'LC_xxx', and 'LANG'. On some systems this can be done by the 'setlocale' function itself. */ # if defined HAVE_SETLOCALE && defined HAVE_LC_MESSAGES && defined HAVE_LOCALE_NULL + (void)categoryname; retval = setlocale (category, NULL); # else /* Setting of LC_ALL overwrites all other. */ Modified: trunk/common/signal.c =================================================================== --- trunk/common/signal.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/signal.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -146,6 +146,7 @@ static RETSIGTYPE got_usr_signal (int sig) { + (void)sig; caught_sigusr1 = 1; } #endif /*!HAVE_DOSISH_SYSTEM*/ Modified: trunk/common/sysutils.c =================================================================== --- trunk/common/sysutils.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/sysutils.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -299,6 +299,7 @@ log_error ("failed to translate osfhandle %p\n", (void *) fd); return x; #else /*!HAVE_W32_SYSTEM */ + (void)for_write; return fd; #endif } @@ -314,6 +315,7 @@ return translate_sys2libc_fd ((void*)fd, for_write); #else + (void)for_write; return fd; #endif } Modified: trunk/common/t-convert.c =================================================================== --- trunk/common/t-convert.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/t-convert.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -447,6 +447,8 @@ int main (int argc, char **argv) { + (void)argc; + (void)argv; test_hex2bin (); test_hexcolon2bin (); Modified: trunk/common/t-sexputil.c =================================================================== --- trunk/common/t-sexputil.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/common/t-sexputil.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -74,7 +74,9 @@ int main (int argc, char **argv) { - + (void)argc; + (void)argv; + test_hash_algo_from_sigval (); return 0; Modified: trunk/g10/build-packet.c =================================================================== --- trunk/g10/build-packet.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/build-packet.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -1241,14 +1241,16 @@ static int -write_sign_packet_header( IOBUF out, int ctb, u32 len ) +write_sign_packet_header (IOBUF out, int ctb, u32 len) { - /* work around a bug in the pgp read function for signature packets, - * which are not correctly coded and silently assume at some - * point 2 byte length headers.*/ - iobuf_put(out, 0x89 ); - iobuf_put(out, len >> 8 ); - return iobuf_put(out, len ) == -1 ? -1:0; + (void)ctb; + + /* Work around a bug in the pgp read function for signature packets, + which are not correctly coded and silently assume at some point 2 + byte length headers.*/ + iobuf_put (out, 0x89 ); + iobuf_put (out, len >> 8 ); + return iobuf_put (out, len) == -1 ? -1:0; } /**************** @@ -1350,9 +1352,11 @@ } static int -write_version( IOBUF out, int ctb ) +write_version (IOBUF out, int ctb) { - if( iobuf_put( out, 3 ) ) - return -1; - return 0; + (void)ctb; + + if (iobuf_put (out, 3)) + return -1; + return 0; } Modified: trunk/g10/call-agent.c =================================================================== --- trunk/g10/call-agent.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/call-agent.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -418,6 +418,8 @@ char line[ASSUAN_LINELENGTH]; char *p; + (void)serialno; + if (!*name || !valuelen) return gpg_error (GPG_ERR_INV_VALUE); @@ -532,6 +534,8 @@ char line[ASSUAN_LINELENGTH]; struct writekey_parm_s parms; + (void)serialno; + rc = start_agent (); if (rc) return rc; @@ -616,6 +620,8 @@ char line[ASSUAN_LINELENGTH]; gnupg_isotime_t tbuf; + (void)serialno; + rc = start_agent (); if (rc) return rc; @@ -775,6 +781,8 @@ char line[ASSUAN_LINELENGTH]; const char *reset = ""; + (void)serialno; + if (chvno >= 100) reset = "--reset"; chvno %= 100; @@ -816,7 +824,7 @@ void agent_clear_pin_cache (const char *sn) { - + (void)sn; } Modified: trunk/g10/card-util.c =================================================================== --- trunk/g10/card-util.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/card-util.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -1127,7 +1127,7 @@ static void -generate_card_keys (const char *serialno) +generate_card_keys (void) { struct agent_card_info_s info; int forced_chv1; @@ -1674,7 +1674,7 @@ break; case cmdGENERATE: - generate_card_keys (serialnobuf); + generate_card_keys (); break; case cmdPASSWD: Modified: trunk/g10/cpr.c =================================================================== --- trunk/g10/cpr.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/cpr.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -48,6 +48,8 @@ { char buf[50]; + (void)ctx; + if ( printchar == '\n' && !strcmp (what, "primegen") ) snprintf (buf, sizeof buf -1, "%.20s X 100 100", what ); else Modified: trunk/g10/getkey.c =================================================================== --- trunk/g10/getkey.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/getkey.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -760,10 +760,12 @@ static int -skip_unusable(void *dummy,u32 *keyid,PKT_user_id *uid) +skip_unusable (void *dummy, u32 *keyid, PKT_user_id *uid) { int unusable=0; KBNODE keyblock; + + (void)dummy; keyblock=get_pubkeyblock(keyid); if(!keyblock) Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/gpg.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -1766,6 +1766,7 @@ static void gpg_init_default_ctrl (ctrl_t ctrl) { + (void)ctrl; } @@ -1774,6 +1775,7 @@ static void gpg_deinit_default_ctrl (ctrl_t ctrl) { + (void)ctrl; } Modified: trunk/g10/gpgv.c =================================================================== --- trunk/g10/gpgv.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/gpgv.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -200,12 +200,21 @@ int check_signatures_trust( PKT_signature *sig ) { - return 0; + (void)sig; + return 0; } void -read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, - byte *marginals,byte *completes,byte *cert_depth) {} +read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck, + byte *marginals, byte *completes, byte *cert_depth) +{ + (void)trust_model; + (void)created; + (void)nextcheck; + (void)marginals; + (void)completes; + (void)cert_depth; +} /* Stub: * We don't have the trustdb , so we have to provide some stub functions @@ -215,46 +224,58 @@ int cache_disabled_value(PKT_public_key *pk) { + (void)pk; return 0; } void -check_trustdb_stale(void) {} +check_trustdb_stale(void) +{ +} int get_validity_info (PKT_public_key *pk, PKT_user_id *uid) { - return '?'; + (void)pk; + (void)uid; + return '?'; } unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid) { + (void)pk; + (void)uid; return 0; } const char * trust_value_to_string (unsigned int value) { + (void)value; return "err"; } const char * -uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid) +uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid) { + (void)key; + (void)uid; return "err"; } int get_ownertrust_info (PKT_public_key *pk) { - return '?'; + (void)pk; + return '?'; } unsigned int get_ownertrust (PKT_public_key *pk) { - return TRUST_UNKNOWN; + (void)pk; + return TRUST_UNKNOWN; } @@ -264,122 +285,217 @@ */ struct keyserver_spec * -keyserver_match(struct keyserver_spec *spec) { return NULL; } +keyserver_match (struct keyserver_spec *spec) +{ + (void)spec; + return NULL; +} int -keyserver_import_keyid( u32 *keyid, void *dummy ) +keyserver_import_keyid (u32 *keyid, void *dummy) { - return -1; + (void)keyid; + (void)dummy; + return -1; } int -keyserver_import_cert(const char *name) { return -1; } +keyserver_import_cert (const char *name) +{ + (void)name; + return -1; +} int -keyserver_import_pka(const char *name,unsigned char *fpr) { return -1; } +keyserver_import_pka (const char *name,unsigned char *fpr) +{ + (void)name; + (void)fpr; + return -1; +} int -keyserver_import_name(const char *name,struct keyserver_spec *spec) +keyserver_import_name (const char *name,struct keyserver_spec *spec) { + (void)name; + (void)spec; return -1; } int -keyserver_import_ldap(const char *name) { return -1; } +keyserver_import_ldap (const char *name) +{ + (void)name; + return -1; +} /* Stub: * No encryption here but mainproc links to these functions. */ int -get_session_key( PKT_pubkey_enc *k, DEK *dek ) +get_session_key (PKT_pubkey_enc *k, DEK *dek) { - return G10ERR_GENERAL; + (void)k; + (void)dek; + return G10ERR_GENERAL; } + /* Stub: */ int -get_override_session_key( DEK *dek, const char *string ) +get_override_session_key (DEK *dek, const char *string) { - return G10ERR_GENERAL; + (void)dek; + (void)string; + return G10ERR_GENERAL; } + /* Stub: */ int -decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) +decrypt_data (void *procctx, PKT_encrypted *ed, DEK *dek) { - return G10ERR_GENERAL; + (void)procctx; + (void)ed; + (void)dek; + return G10ERR_GENERAL; } /* Stub: - * No interactive commnds, so we don't need the helptexts + * No interactive commands, so we don't need the helptexts */ void -display_online_help( const char *keyword ) +display_online_help (const char *keyword) { + (void)keyword; } /* Stub: * We don't use secret keys, but getkey.c links to this */ int -check_secret_key( PKT_secret_key *sk, int n ) +check_secret_key (PKT_secret_key *sk, int n) { - return G10ERR_GENERAL; + (void)sk; + (void)n; + return G10ERR_GENERAL; } /* Stub: * No secret key, so no passphrase needed */ DEK * -passphrase_to_dek( u32 *keyid, int pubkey_algo, - int cipher_algo, STRING2KEY *s2k, int mode, +passphrase_to_dek (u32 *keyid, int pubkey_algo, + int cipher_algo, STRING2KEY *s2k, int mode, const char *tmp, int *canceled) { + (void)keyid; + (void)pubkey_algo; + (void)cipher_algo; + (void)s2k; + (void)mode; + (void)tmp; + if (canceled) *canceled = 0; return NULL; } -struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig) {return NULL;} -struct keyserver_spec *parse_keyserver_uri(const char *uri,int require_scheme, - const char *configname, - unsigned int configlineno) +struct keyserver_spec * +parse_preferred_keyserver(PKT_signature *sig) { + (void)sig; return NULL; } -void free_keyserver_spec(struct keyserver_spec *keyserver) {} +struct keyserver_spec * +parse_keyserver_uri (const char *uri, int require_scheme, + const char *configname, unsigned int configlineno) +{ + (void)uri; + (void)require_scheme; + (void)configname; + (void)configlineno; + return NULL; +} +void +free_keyserver_spec (struct keyserver_spec *keyserver) +{ + (void)keyserver; +} + /* Stubs to avoid linking to photoid.c */ -void show_photos(const struct user_attribute *attrs,int count,PKT_public_key *pk) {} -int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len) {return 0;} -char *image_type_to_string(byte type,int string) {return NULL;} +void +show_photos (const struct user_attribute *attrs, int count, PKT_public_key *pk) +{ + (void)attrs; + (void)count; + (void)pk; +} +int +parse_image_header (const struct user_attribute *attr, byte *type, u32 *len) +{ + (void)attr; + (void)type; + (void)len; + return 0; +} + +char * +image_type_to_string (byte type, int string) +{ + (void)type; + (void)string; + return NULL; +} + #ifdef ENABLE_CARD_SUPPORT -int agent_scd_getattr (const char *name, struct agent_card_info_s *info) {return 0;} +int +agent_scd_getattr (const char *name, struct agent_card_info_s *info) +{ + (void)name; + (void)info; + return 0; +} #endif /* ENABLE_CARD_SUPPORT */ -/* Stubs to void linking to ../cipher/cipher.c */ -const char *cipher_algo_to_string( int algo ) { return "?";} -void disable_cipher_algo( int algo ) {} -int check_cipher_algo( int algo ) { return -1;} -unsigned int cipher_get_keylen( int algo ) { return 0; } -unsigned int cipher_get_blocksize( int algo ) {return 0;} -gcry_cipher_hd_t cipher_open( int algo, int mode, int secure ) { return NULL;} -void cipher_close( gcry_cipher_hd_t c ) {} -int cipher_setkey( gcry_cipher_hd_t c, byte *key, unsigned keylen ) { return -1;} -void cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen ){} -void cipher_encrypt( gcry_cipher_hd_t c, byte *outbuf, - byte *inbuf, unsigned nbytes ) {} -void cipher_decrypt( gcry_cipher_hd_t c, byte *outbuf, - byte *inbuf, unsigned nbytes ) {} -void cipher_sync( gcry_cipher_hd_t c ) {} +/* We do not do any locking, so use these stubs here */ +void +disable_dotlock (void) +{ +} +DOTLOCK +create_dotlock (const char *file_to_lock) +{ + (void)file_to_lock; + return NULL; +} +void +destroy_dotlock (DOTLOCK h) +{ + (void)h; +} -/* We do not do any locking, so use these stubs here */ -void disable_dotlock(void) {} -DOTLOCK create_dotlock( const char *file_to_lock ) { return NULL; } -void destroy_dotlock (DOTLOCK h) {} -int make_dotlock( DOTLOCK h, long timeout ) { return 0;} -int release_dotlock( DOTLOCK h ) {return 0;} -void remove_lockfiles(void) {} +int +make_dotlock (DOTLOCK h, long timeout) +{ + (void)h; + (void)timeout; + return 0; +} + +int +release_dotlock (DOTLOCK h) +{ + (void)h; + return 0; +} + +void +remove_lockfiles (void) +{ +} + Modified: trunk/g10/import.c =================================================================== --- trunk/g10/import.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/import.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -1238,6 +1238,8 @@ u32 keyid[2]; int rc = 0; + (void)fname; + assert( !node->next ); assert( node->pkt->pkttype == PKT_SIGNATURE ); assert( node->pkt->pkt.signature->sig_class == 0x20 ); @@ -1365,6 +1367,9 @@ u32 bsdate=0,rsdate=0; KBNODE bsnode=NULL,rsnode=NULL; + (void)fname; + (void)pk; + for( n=keyblock; (n = find_next_kbnode(n, 0)); ) { if(n->pkt->pkttype==PKT_PUBLIC_SUBKEY) { @@ -1537,6 +1542,8 @@ KBNODE node; int nvalid=0, uid_seen=0, subkey_seen=0; + (void)fname; + for(node=keyblock->next; node; node = node->next ) { if( node->pkt->pkttype == PKT_USER_ID ) { uid_seen = 1; @@ -2047,11 +2054,14 @@ * append the userid starting with NODE and all signatures to KEYBLOCK. */ static int -append_uid( KBNODE keyblock, KBNODE node, int *n_sigs, - const char *fname, u32 *keyid ) +append_uid (KBNODE keyblock, KBNODE node, int *n_sigs, + const char *fname, u32 *keyid ) { KBNODE n, n_where=NULL; + (void)fname; + (void)keyid; + assert(node->pkt->pkttype == PKT_USER_ID ); /* find the position */ @@ -2099,6 +2109,9 @@ KBNODE n, n2; int found=0; + (void)fname; + (void)keyid; + assert(dst->pkt->pkttype == PKT_USER_ID ); assert(src->pkt->pkttype == PKT_USER_ID ); @@ -2134,12 +2147,15 @@ * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_xxx_SUBKEY. */ static int -merge_keysigs( KBNODE dst, KBNODE src, int *n_sigs, - const char *fname, u32 *keyid ) +merge_keysigs (KBNODE dst, KBNODE src, int *n_sigs, + const char *fname, u32 *keyid) { KBNODE n, n2; int found=0; + (void)fname; + (void)keyid; + assert( dst->pkt->pkttype == PKT_PUBLIC_SUBKEY || dst->pkt->pkttype == PKT_SECRET_SUBKEY ); @@ -2187,11 +2203,14 @@ * Mark all new and copied packets by setting flag bit 0. */ static int -append_key( KBNODE keyblock, KBNODE node, int *n_sigs, - const char *fname, u32 *keyid ) +append_key (KBNODE keyblock, KBNODE node, int *n_sigs, + const char *fname, u32 *keyid) { KBNODE n; + (void)fname; + (void)keyid; + assert( node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_SECRET_SUBKEY ); Modified: trunk/g10/keydb.c =================================================================== --- trunk/g10/keydb.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/keydb.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -644,7 +644,9 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) { int rc; - + + (void)reserved; + if (!hd) return G10ERR_INV_ARG; Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/keyedit.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -1494,6 +1494,8 @@ /* If we are at the start of a line, we try and command-complete. If not, just do nothing for now. */ + (void)end; + if(start==0) return rl_completion_matches(text,command_generator); Modified: trunk/g10/keygen.c =================================================================== --- trunk/g10/keygen.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/keygen.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -631,42 +631,45 @@ xfree (buf); } + int -keygen_upd_std_prefs( PKT_signature *sig, void *opaque ) +keygen_upd_std_prefs (PKT_signature *sig, void *opaque) { - if (!prefs_initialized) - keygen_set_std_prefs (NULL, 0); + (void)opaque; + + if (!prefs_initialized) + keygen_set_std_prefs (NULL, 0); + + if (nsym_prefs) + build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs); + else + { + delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM); + delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM); + } + + if (nhash_prefs) + build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs); + else + { + delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH); + delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH); + } - if (nsym_prefs) - build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs); - else - { - delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM); - delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM); - } + if (nzip_prefs) + build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs); + else + { + delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR); + delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR); + } + + /* Make sure that the MDC feature flag is set if needed. */ + add_feature_mdc (sig,mdc_available); + add_keyserver_modify (sig,ks_modify); + keygen_add_keyserver_url(sig,NULL); - if (nhash_prefs) - build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs); - else - { - delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH); - delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH); - } - - if (nzip_prefs) - build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs); - else - { - delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR); - delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR); - } - - /* Make sure that the MDC feature flag is set if needed */ - add_feature_mdc (sig,mdc_available); - add_keyserver_modify (sig,ks_modify); - keygen_add_keyserver_url(sig,NULL); - - return 0; + return 0; } @@ -1102,6 +1105,8 @@ static void genhelp_factors (gcry_sexp_t misc_key_info, KBNODE sec_root) { + (void)misc_key_info; + (void)sec_root; #if 0 /* Not used anymore */ size_t n; char *buf; Modified: trunk/g10/keyring.c =================================================================== --- trunk/g10/keyring.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/keyring.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -158,6 +158,8 @@ { struct off_item *k; + (void)off; + for (k = tbl[(kid[1] & 0x07ff)]; k; k = k->next) { if (k->kid[0] == kid[0] && k->kid[1] == kid[1]) @@ -288,7 +290,7 @@ /* - * Lock the keyring with the given handle, or unlok if yes is false. + * Lock the keyring with the given handle, or unlock if YES is false. * We ignore the handle and lock all registered files. */ int @@ -297,6 +299,8 @@ KR_NAME kr; int rc = 0; + (void)hd; + if (yes) { /* first make sure the lock handles are created */ for (kr=kr_names; kr; kr = kr->next) { Modified: trunk/g10/misc.c =================================================================== --- trunk/g10/misc.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/misc.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -121,7 +121,9 @@ sf->dev = buf.st_dev; sf->next = secured_files; secured_files = sf; -#endif /*ENABLE_SELINUX_HACKS*/ +#else /*!ENABLE_SELINUX_HACKS*/ + (void)fname; +#endif /*!ENABLE_SELINUX_HACKS*/ } /* Remove a file registered as secure. */ @@ -152,7 +154,9 @@ return; } } -#endif /*ENABLE_SELINUX_HACKS*/ +#else /*!ENABLE_SELINUX_HACKS*/ + (void)fname; +#endif /*!ENABLE_SELINUX_HACKS*/ } /* Return true if FD is corresponds to a secured file. Using -1 for @@ -182,7 +186,9 @@ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev) return 1; /* Yes. */ } -#endif /*ENABLE_SELINUX_HACKS*/ +#else /*!ENABLE_SELINUX_HACKS*/ + (void)fd; +#endif /*!ENABLE_SELINUX_HACKS*/ return 0; /* No. */ } @@ -217,7 +223,9 @@ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev) return 1; /* Yes. */ } -#endif /*ENABLE_SELINUX_HACKS*/ +#else /*!ENABLE_SELINUX_HACKS*/ + (void)fname; +#endif /*!ENABLE_SELINUX_HACKS*/ return 0; /* No. */ } Modified: trunk/g10/parse-packet.c =================================================================== --- trunk/g10/parse-packet.c 2008-10-19 16:10:46 UTC (rev 4854) +++ trunk/g10/parse-packet.c 2008-10-20 13:53:23 UTC (rev 4855) @@ -702,6 +702,8 @@ static int parse_marker( IOBUF inp, int pkttype, unsigned long pktlen ) { + (void)pkttype; + if(pktlen!=3) goto fail; @@ -1661,8 +1663,8 @@ static int -parse_key( IOBUF inp, int pkttype, unsigned long pktlen, - byte *hdr, int hdrlen, PACKET *pkt ) +parse_key (IOBUF inp, int pkttype, unsigned long pktlen, + byte *hdr, int hdrlen, PACKET *pkt) { int i, version, algorithm; unsigned n; @@ -1671,6 +1673,8 @@ int is_v4=0; int rc=0; + (void)hdr; + version = iobuf_get_noeof(inp); pktlen--; if( pkttype == PKT_PUBLIC_SUBKEY && version == '#' ) { /* early versions of G10 use old PGP comments packets; @@ -2170,6 +2174,8 @@ { byte *p; + (void)pkttype; + #define EXTRA_UID_NAME_SPACE 71 packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + EXTRA_UID_NAME_SPACE); @@ -2237,6 +2243,8 @@ { int c; + (void)pkttype; + if (pktlen) { c = iobuf_get_noeof(inp); @@ -2332,20 +2340,22 @@ parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt, int new_ctb ) { - PKT_compressed *zd; + PKT_compressed *zd; + + /* PKTLEN is here 0, but data follows (this should be the last + object in a file or the compress algorithm should know the + length). */ + (void)pkttype; + (void)pktlen; - /* pktlen is here 0, but data follows - * (this should be the last object in a file or - * the compress algorithm should know the length) - */ - zd = pkt->pkt.compressed = xmalloc(sizeof *pkt->pkt.compressed ); - zd->algorithm = iobuf_get_noeof(inp); - zd->len = 0; /* not used */ - zd->new_ctb = new_ctb; - zd->buf = inp; - if( list_mode ) - fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm); - return 0; + zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed); + zd->algorithm = iobuf_get_noeof(inp); + zd->len = 0; /* not used */ + zd->new_ctb = new_ctb; + zd->buf = inp; + if (list_mode) + fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm); + return 0; } From cvs at cvs.gnupg.org Mon Oct 20 17:24:01 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 20 Oct 2008 17:24:01 +0200 Subject: [svn] gcry - r1349 - trunk/doc Message-ID: Author: wk Date: 2008-10-20 17:24:01 +0200 (Mon, 20 Oct 2008) New Revision: 1349 Modified: trunk/doc/ChangeLog trunk/doc/gcrypt.texi Log: doc fix. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2008-10-06 16:31:37 UTC (rev 1348) +++ trunk/doc/ChangeLog 2008-10-20 15:24:01 UTC (rev 1349) @@ -1,3 +1,9 @@ +2008-10-20 Werner Koch + + * gcrypt.texi (Error handler): Fix description of + gcry_handler_no_mem_t. Reported by Patrick Strateman. desribe + what what the error handler is expected to do. Fixes bug #961. + 2008-09-18 Werner Koch * gcrypt.texi (FIPS Mode): Add state transition Error to Error. Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2008-10-06 16:31:37 UTC (rev 1348) +++ trunk/doc/gcrypt.texi 2008-10-20 15:24:01 UTC (rev 1349) @@ -1320,12 +1320,18 @@ may and should be registered prior to calling @code{gcry_check_version}. @deftp {Data type} gcry_handler_no_mem_t -This type is defined as: @code{void (*gcry_handler_no_mem_t) (void *, size_t, unsigned int)} +This type is defined as: @code{int (*gcry_handler_no_mem_t) (void *, size_t, unsigned int)} @end deftp @deftypefun void gcry_set_outofcore_handler (gcry_handler_no_mem_t @var{func_no_mem}, void *@var{cb_data}) This function registers @var{func_no_mem} as `out-of-core handler', which means that it will be called in the case of not having enough -memory available. +memory available. The handler is called with 3 arguments: The first +one is the pointer @var{cb_data} as set with this function, the second +is the requested memory size and the last being a flag. If bit 0 of +the flag is set, secure memory has been requested. The handler should +either return true to indicate that Libgcrypt should try again +allocating memory or return false to let Libgcrypt use its default +fatal error handler. @end deftypefun @deftp {Data type} gcry_handler_error_t From cvs at cvs.gnupg.org Mon Oct 20 17:59:20 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 20 Oct 2008 17:59:20 +0200 Subject: [svn] gpgme - r1339 - in trunk: . doc gpgme Message-ID: Author: wk Date: 2008-10-20 17:59:19 +0200 (Mon, 20 Oct 2008) New Revision: 1339 Added: trunk/gpgme/gpgme.h.in Removed: trunk/gpgme/gpgme.h Modified: trunk/ChangeLog trunk/configure.ac trunk/doc/ChangeLog trunk/doc/uiserver.texi trunk/gpgme/ChangeLog trunk/gpgme/Makefile.am trunk/gpgme/posix-io.c Log: Fix bug #818. Use gpgme.h.in instead of in-place editing gpgme.h. [The diff below has been truncated] Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-17 23:10:26 UTC (rev 1338) +++ trunk/ChangeLog 2008-10-20 15:59:19 UTC (rev 1339) @@ -1,3 +1,8 @@ +2008-10-20 Werner Koch + + * configure.ac (AC_CONFIG_FILES): Add gpgme.h. + (GNUPG_FIX_HDR_VERSION): Remove. + 2008-10-17 Marcus Brinkmann Release GPGME 1.1.7. @@ -828,7 +833,7 @@ * autogen.sh: Added option --build-w32. - Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007 g10 Code GmbH + Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2008-10-17 23:10:26 UTC (rev 1338) +++ trunk/doc/ChangeLog 2008-10-20 15:59:19 UTC (rev 1339) @@ -1,3 +1,8 @@ +2008-10-15 Werner Koch + + * uiserver.texi (Miscellaneous UI Server Commands): Add option + --protocol to the SENDER command. + 2008-07-17 Werner Koch * module-overview.sk: New. Modified: trunk/gpgme/ChangeLog =================================================================== --- trunk/gpgme/ChangeLog 2008-10-17 23:10:26 UTC (rev 1338) +++ trunk/gpgme/ChangeLog 2008-10-20 15:59:19 UTC (rev 1339) @@ -1,3 +1,12 @@ +2008-10-20 Werner Koch + + * Makefile.am (EXTRA_DIST): Add gpgme.h.in. + + * gpgme.h: Rename to gpgme.h.in. + * gpgme.h.in (GPGME_VERSION): Use autoconf substitution. + + * posix-io.c: Include sys/uio.h. Fixes bug #818. + 2008-10-18 Marcus Brinkmann * w32-util.c (find_program_in_registry): Don't define. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-17 23:10:26 UTC (rev 1338) +++ trunk/configure.ac 2008-10-20 15:59:19 UTC (rev 1339) @@ -62,7 +62,7 @@ PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION -AC_CONFIG_SRCDIR(gpgme/gpgme.h) +AC_CONFIG_SRCDIR(gpgme/gpgme.h.in) dnl FIXME: Enable this with autoconf 2.59. dnl AC_CONFIG_MACRO_DIR(m4) AM_CONFIG_HEADER(config.h) @@ -695,10 +695,6 @@ AM_CONDITIONAL(BUILD_COMPLUS, test "$component_system" = "COM+") -# Make the version number in gpgme/gpgme.h the same as the one here. -# (this is easier than to have a *.in file just for one substitution) -GNUPG_FIX_HDR_VERSION(gpgme/gpgme.h, GPGME_VERSION) - # Generate values for the DLL version info if test "$have_w32_system" = yes; then BUILD_TIMESTAMP=`date --iso-8601=minutes` @@ -750,7 +746,8 @@ AC_CONFIG_FILES(Makefile assuan/Makefile gpgme/Makefile tests/Makefile tests/gpg/Makefile tests/gpgsm/Makefile doc/Makefile complus/Makefile - gpgme/versioninfo.rc) + gpgme/versioninfo.rc + gpgme/gpgme.h) AC_CONFIG_FILES(gpgme/gpgme-config, chmod +x gpgme/gpgme-config) AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd]) AC_OUTPUT Modified: trunk/doc/uiserver.texi =================================================================== --- trunk/doc/uiserver.texi 2008-10-17 23:10:26 UTC (rev 1338) +++ trunk/doc/uiserver.texi 2008-10-20 15:59:19 UTC (rev 1339) @@ -568,7 +568,7 @@ When doing an operation on a mail, it is useful to let the server know the address of the sender: - at deffn Command SENDER [- at w{}-info] @var{email} + at deffn Command SENDER [- at w{}-info] [- at w{}-protocol=@var{name}] @var{email} @var{email} is the plain ASCII encoded address ("addr-spec" as per RFC-2822) enclosed in angle brackets. The address set with this command is valid until a successful completion of the operation or until a @@ -580,6 +580,9 @@ protocol to use for signing. The client may use this suggested protocol on its own discretion. The same status line as with PREP_ENCRYPT is used for this. + +The option @option{--protocol} may be used to give the server a hint on +which signing protocol should be preferred. @end deffn @noindent Modified: trunk/gpgme/Makefile.am =================================================================== --- trunk/gpgme/Makefile.am 2008-10-17 23:10:26 UTC (rev 1338) +++ trunk/gpgme/Makefile.am 2008-10-20 15:59:19 UTC (rev 1339) @@ -21,7 +21,7 @@ # Note: moc_kdpipeiodevice should actually be a dependcy below. EXTRA_DIST = gpgme-config.in gpgme.m4 mkstatus libgpgme.vers \ - versioninfo.rc.in gpgme.def moc_kdpipeiodevice.cpp + gpgme.h.in versioninfo.rc.in gpgme.def moc_kdpipeiodevice.cpp BUILT_SOURCES = status-table.h MOSTLYCLEANFILES = status-table.h bin_SCRIPTS = gpgme-config Deleted: trunk/gpgme/gpgme.h Copied: trunk/gpgme/gpgme.h.in (from rev 1338, trunk/gpgme/gpgme.h) =================================================================== --- trunk/gpgme/gpgme.h.in (rev 0) +++ trunk/gpgme/gpgme.h.in 2008-10-20 15:59:19 UTC (rev 1339) @@ -0,0 +1,1893 @@ +/* gpgme.h - Public interface to GnuPG Made Easy. -*- c -*- + Copyright (C) 2000 Werner Koch (dd9jn) + Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 g10 Code GmbH + + This file is part of GPGME. + + GPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + GPGME is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . + + File: @configure_input@ */ + +#ifndef GPGME_H +#define GPGME_H + +#ifdef __GNUC__ +#define _GPGME_INLINE __inline__ +#elif __STDC_VERSION__ >= 199901L +#define _GPGME_INLINE inline +#else +#define _GPGME_INLINE +#endif + +/* Include stdio.h for the FILE type definition. */ +#include + +#ifdef _MSC_VER + typedef long off_t; + typedef long ssize_t; +#else +# include +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#if 0 /* just to make Emacs auto-indent happy */ +} +#endif +#endif /* __cplusplus */ + + + +/* Check for compiler features. */ +#if __GNUC__ +#define _GPGME_GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) + +#if _GPGME_GCC_VERSION > 30100 +#define _GPGME_DEPRECATED __attribute__ ((__deprecated__)) +#endif +#endif + +#ifndef _GPGME_DEPRECATED +#define _GPGME_DEPRECATED +#endif + + +/* The version of this header should match the one of the library. Do + not use this symbol in your application, use gpgme_check_version + instead. The purpose of this macro is to let autoconf (using the + AM_PATH_GPGME macro) check that this header matches the installed + library. */ +#define GPGME_VERSION "@PACKAGE_VERSION@" + + + +/* Some opaque data types used by GPGME. */ + +/* The context holds some global state and configration options, as + well as the results of a crypto operation. */ +struct gpgme_context; +typedef struct gpgme_context *gpgme_ctx_t; + +/* The data object is used by GPGME to exchange arbitrary data. */ +struct gpgme_data; +typedef struct gpgme_data *gpgme_data_t; + + +/* Wrappers for the libgpg-error library. */ + +typedef gpg_error_t gpgme_error_t; +typedef gpg_err_code_t gpgme_err_code_t; +typedef gpg_err_source_t gpgme_err_source_t; + + +static _GPGME_INLINE gpgme_error_t +gpgme_err_make (gpgme_err_source_t source, gpgme_err_code_t code) +{ + return gpg_err_make (source, code); +} + + +/* The user can define GPGME_ERR_SOURCE_DEFAULT before including this + file to specify a default source for gpgme_error. */ +#ifndef GPGME_ERR_SOURCE_DEFAULT +#define GPGME_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_USER_1 +#endif + +static _GPGME_INLINE gpgme_error_t +gpgme_error (gpgme_err_code_t code) +{ + return gpgme_err_make (GPGME_ERR_SOURCE_DEFAULT, code); +} + + +static _GPGME_INLINE gpgme_err_code_t +gpgme_err_code (gpgme_error_t err) +{ + return gpg_err_code (err); +} + + +static _GPGME_INLINE gpgme_err_source_t +gpgme_err_source (gpgme_error_t err) +{ + return gpg_err_source (err); +} + + +/* Return a pointer to a string containing a description of the error + code in the error value ERR. This function is not thread safe. */ +const char *gpgme_strerror (gpgme_error_t err); + +/* Return the error string for ERR in the user-supplied buffer BUF of + size BUFLEN. This function is, in contrast to gpg_strerror, + thread-safe if a thread-safe strerror_r() function is provided by + the system. If the function succeeds, 0 is returned and BUF + contains the string describing the error. If the buffer was not + large enough, ERANGE is returned and BUF contains as much of the + beginning of the error string as fits into the buffer. */ +int gpgme_strerror_r (gpg_error_t err, char *buf, size_t buflen); + + +/* Return a pointer to a string containing a description of the error + source in the error value ERR. */ +const char *gpgme_strsource (gpgme_error_t err); + + +/* Retrieve the error code for the system error ERR. This returns + GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report + this). */ +gpgme_err_code_t gpgme_err_code_from_errno (int err); + + +/* Retrieve the system error for the error code CODE. This returns 0 + if CODE is not a system error code. */ +int gpgme_err_code_to_errno (gpgme_err_code_t code); + + +/* Return an error value with the error source SOURCE and the system + error ERR. */ +gpgme_error_t gpgme_err_make_from_errno (gpgme_err_source_t source, int err); + + +/* Return an error value with the system error ERR. */ +gpgme_err_code_t gpgme_error_from_errno (int err); + + +/* The possible encoding mode of gpgme_data_t objects. */ +typedef enum + { + GPGME_DATA_ENCODING_NONE = 0, /* Not specified. */ + GPGME_DATA_ENCODING_BINARY = 1, + GPGME_DATA_ENCODING_BASE64 = 2, + GPGME_DATA_ENCODING_ARMOR = 3 /* Either PEM or OpenPGP Armor. */ + } +gpgme_data_encoding_t; + + +/* Public key algorithms from libgcrypt. */ +typedef enum + { + GPGME_PK_RSA = 1, + GPGME_PK_RSA_E = 2, + GPGME_PK_RSA_S = 3, + GPGME_PK_ELG_E = 16, + GPGME_PK_DSA = 17, + GPGME_PK_ELG = 20 + } +gpgme_pubkey_algo_t; + + +/* Hash algorithms from libgcrypt. */ +typedef enum + { + GPGME_MD_NONE = 0, + GPGME_MD_MD5 = 1, + GPGME_MD_SHA1 = 2, + GPGME_MD_RMD160 = 3, + GPGME_MD_MD2 = 5, + GPGME_MD_TIGER = 6, /* TIGER/192. */ + GPGME_MD_HAVAL = 7, /* HAVAL, 5 pass, 160 bit. */ + GPGME_MD_SHA256 = 8, + GPGME_MD_SHA384 = 9, + GPGME_MD_SHA512 = 10, + GPGME_MD_MD4 = 301, + GPGME_MD_CRC32 = 302, + GPGME_MD_CRC32_RFC1510 = 303, + GPGME_MD_CRC24_RFC2440 = 304 + } +gpgme_hash_algo_t; + + +/* The possible signature stati. Deprecated, use error value in sig + status. */ +typedef enum + { + GPGME_SIG_STAT_NONE = 0, + GPGME_SIG_STAT_GOOD = 1, + GPGME_SIG_STAT_BAD = 2, + GPGME_SIG_STAT_NOKEY = 3, + GPGME_SIG_STAT_NOSIG = 4, + GPGME_SIG_STAT_ERROR = 5, + GPGME_SIG_STAT_DIFF = 6, + GPGME_SIG_STAT_GOOD_EXP = 7, + GPGME_SIG_STAT_GOOD_EXPKEY = 8 + } +_gpgme_sig_stat_t; +typedef _gpgme_sig_stat_t gpgme_sig_stat_t _GPGME_DEPRECATED; + + +/* The available signature modes. */ +typedef enum + { + GPGME_SIG_MODE_NORMAL = 0, + GPGME_SIG_MODE_DETACH = 1, + GPGME_SIG_MODE_CLEAR = 2 + } +gpgme_sig_mode_t; + + +/* The available key and signature attributes. Deprecated, use the + individual result structures instead. */ +typedef enum + { + GPGME_ATTR_KEYID = 1, + GPGME_ATTR_FPR = 2, + GPGME_ATTR_ALGO = 3, + GPGME_ATTR_LEN = 4, + GPGME_ATTR_CREATED = 5, + GPGME_ATTR_EXPIRE = 6, + GPGME_ATTR_OTRUST = 7, + GPGME_ATTR_USERID = 8, + GPGME_ATTR_NAME = 9, + GPGME_ATTR_EMAIL = 10, + GPGME_ATTR_COMMENT = 11, + GPGME_ATTR_VALIDITY = 12, + GPGME_ATTR_LEVEL = 13, + GPGME_ATTR_TYPE = 14, + GPGME_ATTR_IS_SECRET = 15, + GPGME_ATTR_KEY_REVOKED = 16, + GPGME_ATTR_KEY_INVALID = 17, + GPGME_ATTR_UID_REVOKED = 18, + GPGME_ATTR_UID_INVALID = 19, + GPGME_ATTR_KEY_CAPS = 20, + GPGME_ATTR_CAN_ENCRYPT = 21, + GPGME_ATTR_CAN_SIGN = 22, + GPGME_ATTR_CAN_CERTIFY = 23, + GPGME_ATTR_KEY_EXPIRED = 24, + GPGME_ATTR_KEY_DISABLED = 25, + GPGME_ATTR_SERIAL = 26, + GPGME_ATTR_ISSUER = 27, + GPGME_ATTR_CHAINID = 28, + GPGME_ATTR_SIG_STATUS = 29, + GPGME_ATTR_ERRTOK = 30, + GPGME_ATTR_SIG_SUMMARY = 31, + GPGME_ATTR_SIG_CLASS = 32 + } +_gpgme_attr_t; +typedef _gpgme_attr_t gpgme_attr_t _GPGME_DEPRECATED; + + +/* The available validities for a trust item or key. */ +typedef enum + { + GPGME_VALIDITY_UNKNOWN = 0, + GPGME_VALIDITY_UNDEFINED = 1, + GPGME_VALIDITY_NEVER = 2, + GPGME_VALIDITY_MARGINAL = 3, + GPGME_VALIDITY_FULL = 4, + GPGME_VALIDITY_ULTIMATE = 5 + } +gpgme_validity_t; + + +/* The available protocols. */ +typedef enum + { + GPGME_PROTOCOL_OpenPGP = 0, /* The default mode. */ + GPGME_PROTOCOL_CMS = 1, + GPGME_PROTOCOL_GPGCONF = 2, /* Special code for gpgconf. */ + GPGME_PROTOCOL_UNKNOWN = 255 + } +gpgme_protocol_t; + + +/* The available keylist mode flags. */ +#define GPGME_KEYLIST_MODE_LOCAL 1 +#define GPGME_KEYLIST_MODE_EXTERN 2 +#define GPGME_KEYLIST_MODE_SIGS 4 +#define GPGME_KEYLIST_MODE_SIG_NOTATIONS 8 +#define GPGME_KEYLIST_MODE_VALIDATE 256 + +typedef unsigned int gpgme_keylist_mode_t; + + +/* Flags for the audit log functions. */ +#define GPGME_AUDITLOG_HTML 1 +#define GPGME_AUDITLOG_WITH_HELP 128 + + +/* Signature notations. */ + +/* The available signature notation flags. */ +#define GPGME_SIG_NOTATION_HUMAN_READABLE 1 +#define GPGME_SIG_NOTATION_CRITICAL 2 + +typedef unsigned int gpgme_sig_notation_flags_t; + +struct _gpgme_sig_notation +{ + struct _gpgme_sig_notation *next; + + /* If NAME is a null pointer, then VALUE contains a policy URL + rather than a notation. */ + char *name; + + /* The value of the notation data. */ + char *value; + + /* The length of the name of the notation data. */ + int name_len; + + /* The length of the value of the notation data. */ + int value_len; + + /* The accumulated flags. */ + gpgme_sig_notation_flags_t flags; + + /* Notation data is human-readable. */ + unsigned int human_readable : 1; + + /* Notation data is critical. */ + unsigned int critical : 1; + + /* Internal to GPGME, do not use. */ + int _unused : 30; +}; +typedef struct _gpgme_sig_notation *gpgme_sig_notation_t; + + +/* The possible stati for the edit operation. */ +typedef enum + { + GPGME_STATUS_EOF, + /* mkstatus processing starts here */ + GPGME_STATUS_ENTER, + GPGME_STATUS_LEAVE, + GPGME_STATUS_ABORT, + + GPGME_STATUS_GOODSIG, + GPGME_STATUS_BADSIG, + GPGME_STATUS_ERRSIG, + + GPGME_STATUS_BADARMOR, + + GPGME_STATUS_RSA_OR_IDEA, + GPGME_STATUS_KEYEXPIRED, + GPGME_STATUS_KEYREVOKED, + + GPGME_STATUS_TRUST_UNDEFINED, + GPGME_STATUS_TRUST_NEVER, + GPGME_STATUS_TRUST_MARGINAL, + GPGME_STATUS_TRUST_FULLY, + GPGME_STATUS_TRUST_ULTIMATE, + + GPGME_STATUS_SHM_INFO, + GPGME_STATUS_SHM_GET, + GPGME_STATUS_SHM_GET_BOOL, + GPGME_STATUS_SHM_GET_HIDDEN, + + GPGME_STATUS_NEED_PASSPHRASE, + GPGME_STATUS_VALIDSIG, + GPGME_STATUS_SIG_ID, + GPGME_STATUS_ENC_TO, + GPGME_STATUS_NODATA, + GPGME_STATUS_BAD_PASSPHRASE, + GPGME_STATUS_NO_PUBKEY, + GPGME_STATUS_NO_SECKEY, + GPGME_STATUS_NEED_PASSPHRASE_SYM, + GPGME_STATUS_DECRYPTION_FAILED, + GPGME_STATUS_DECRYPTION_OKAY, + GPGME_STATUS_MISSING_PASSPHRASE, + GPGME_STATUS_GOOD_PASSPHRASE, + GPGME_STATUS_GOODMDC, + GPGME_STATUS_BADMDC, + GPGME_STATUS_ERRMDC, + GPGME_STATUS_IMPORTED, + GPGME_STATUS_IMPORT_OK, + GPGME_STATUS_IMPORT_PROBLEM, + GPGME_STATUS_IMPORT_RES, + GPGME_STATUS_FILE_START, + GPGME_STATUS_FILE_DONE, + GPGME_STATUS_FILE_ERROR, + + GPGME_STATUS_BEGIN_DECRYPTION, + GPGME_STATUS_END_DECRYPTION, + GPGME_STATUS_BEGIN_ENCRYPTION, + GPGME_STATUS_END_ENCRYPTION, + + GPGME_STATUS_DELETE_PROBLEM, + GPGME_STATUS_GET_BOOL, + GPGME_STATUS_GET_LINE, + GPGME_STATUS_GET_HIDDEN, + GPGME_STATUS_GOT_IT, + GPGME_STATUS_PROGRESS, + GPGME_STATUS_SIG_CREATED, + GPGME_STATUS_SESSION_KEY, + GPGME_STATUS_NOTATION_NAME, + GPGME_STATUS_NOTATION_DATA, + GPGME_STATUS_POLICY_URL, + GPGME_STATUS_BEGIN_STREAM, + GPGME_STATUS_END_STREAM, + GPGME_STATUS_KEY_CREATED, + GPGME_STATUS_USERID_HINT, + GPGME_STATUS_UNEXPECTED, + GPGME_STATUS_INV_RECP, + GPGME_STATUS_NO_RECP, + GPGME_STATUS_ALREADY_SIGNED, + GPGME_STATUS_SIGEXPIRED, + GPGME_STATUS_EXPSIG, + GPGME_STATUS_EXPKEYSIG, + GPGME_STATUS_TRUNCATED, + GPGME_STATUS_ERROR, + GPGME_STATUS_NEWSIG, + GPGME_STATUS_REVKEYSIG, + GPGME_STATUS_SIG_SUBPACKET, + GPGME_STATUS_NEED_PASSPHRASE_PIN, + GPGME_STATUS_SC_OP_FAILURE, + GPGME_STATUS_SC_OP_SUCCESS, + GPGME_STATUS_CARDCTRL, + GPGME_STATUS_BACKUP_KEY_CREATED, + GPGME_STATUS_PKA_TRUST_BAD, + GPGME_STATUS_PKA_TRUST_GOOD, + + GPGME_STATUS_PLAINTEXT + } +gpgme_status_code_t; + + +/* The engine information structure. */ +struct _gpgme_engine_info +{ + struct _gpgme_engine_info *next; + + /* The protocol ID. */ + gpgme_protocol_t protocol; + + /* The file name of the engine binary. */ + char *file_name; + + /* The version string of the installed engine. */ + char *version; + + /* The minimum version required for GPGME. */ + const char *req_version; + + /* The home directory used, or NULL if default. */ + char *home_dir; +}; +typedef struct _gpgme_engine_info *gpgme_engine_info_t; + + +/* A subkey from a key. */ +struct _gpgme_subkey +{ + struct _gpgme_subkey *next; + + /* True if subkey is revoked. */ + unsigned int revoked : 1; + + /* True if subkey is expired. */ + unsigned int expired : 1; + + /* True if subkey is disabled. */ + unsigned int disabled : 1; + + /* True if subkey is invalid. */ + unsigned int invalid : 1; + + /* True if subkey can be used for encryption. */ + unsigned int can_encrypt : 1; + + /* True if subkey can be used for signing. */ + unsigned int can_sign : 1; + + /* True if subkey can be used for certification. */ + unsigned int can_certify : 1; + + /* True if subkey is secret. */ + unsigned int secret : 1; + + /* True if subkey can be used for authentication. */ + unsigned int can_authenticate : 1; + + /* True if subkey is qualified for signatures according to German law. */ + unsigned int is_qualified : 1; + + /* Internal to GPGME, do not use. */ + unsigned int _unused : 22; + + /* Public key algorithm supported by this subkey. */ + gpgme_pubkey_algo_t pubkey_algo; + + /* Length of the subkey. */ + unsigned int length; + + /* The key ID of the subkey. */ + char *keyid; + + /* Internal to GPGME, do not use. */ + char _keyid[16 + 1]; + + /* The fingerprint of the subkey in hex digit form. */ + char *fpr; + + /* The creation timestamp, -1 if invalid, 0 if not available. */ + long int timestamp; + + /* The expiration timestamp, 0 if the subkey does not expire. */ + long int expires; +}; +typedef struct _gpgme_subkey *gpgme_subkey_t; + + +/* A signature on a user ID. */ +struct _gpgme_key_sig +{ + struct _gpgme_key_sig *next; + + /* True if the signature is a revocation signature. */ + unsigned int revoked : 1; + + /* True if the signature is expired. */ + unsigned int expired : 1; + + /* True if the signature is invalid. */ + unsigned int invalid : 1; + + /* True if the signature should be exported. */ + unsigned int exportable : 1; + + /* Internal to GPGME, do not use. */ + unsigned int _unused : 28; + + /* The public key algorithm used to create the signature. */ + gpgme_pubkey_algo_t pubkey_algo; + + /* The key ID of key used to create the signature. */ + char *keyid; + + /* Internal to GPGME, do not use. */ + char _keyid[16 + 1]; + + /* The creation timestamp, -1 if invalid, 0 if not available. */ + long int timestamp; + + /* The expiration timestamp, 0 if the subkey does not expire. */ + long int expires; + + /* Same as in gpgme_signature_t. */ + gpgme_error_t status; + +#ifdef __cplusplus + unsigned int _obsolete_class _GPGME_DEPRECATED; +#else + /* Must be set to SIG_CLASS below. */ + unsigned int class _GPGME_DEPRECATED; +#endif + + /* The user ID string. */ + char *uid; + + /* The name part of the user ID. */ + char *name; + + /* The email part of the user ID. */ + char *email; + + /* The comment part of the user ID. */ + char *comment; + + /* Crypto backend specific signature class. */ + unsigned int sig_class; + + /* Notation data and policy URLs. */ + gpgme_sig_notation_t notations; + + /* Internal to GPGME, do not use. */ + gpgme_sig_notation_t _last_notation; +}; +typedef struct _gpgme_key_sig *gpgme_key_sig_t; + + +/* An user ID from a key. */ +struct _gpgme_user_id +{ + struct _gpgme_user_id *next; + + /* True if the user ID is revoked. */ + unsigned int revoked : 1; + + /* True if the user ID is invalid. */ + unsigned int invalid : 1; + + /* Internal to GPGME, do not use. */ + unsigned int _unused : 30; + + /* The validity of the user ID. */ + gpgme_validity_t validity; + + /* The user ID string. */ + char *uid; + + /* The name part of the user ID. */ + char *name; + + /* The email part of the user ID. */ + char *email; + + /* The comment part of the user ID. */ + char *comment; + + /* The signatures of the user ID. */ + gpgme_key_sig_t signatures; + + /* Internal to GPGME, do not use. */ + gpgme_key_sig_t _last_keysig; +}; +typedef struct _gpgme_user_id *gpgme_user_id_t; + + +/* A key from the keyring. */ +struct _gpgme_key +{ + /* Internal to GPGME, do not use. */ + unsigned int _refs; + + /* True if key is revoked. */ + unsigned int revoked : 1; + + /* True if key is expired. */ + unsigned int expired : 1; + + /* True if key is disabled. */ + unsigned int disabled : 1; + + /* True if key is invalid. */ + unsigned int invalid : 1; + + /* True if key can be used for encryption. */ + unsigned int can_encrypt : 1; + + /* True if key can be used for signing. */ + unsigned int can_sign : 1; + + /* True if key can be used for certification. */ + unsigned int can_certify : 1; + + /* True if key is secret. */ + unsigned int secret : 1; + + /* True if key can be used for authentication. */ + unsigned int can_authenticate : 1; + + /* True if subkey is qualified for signatures according to German law. */ + unsigned int is_qualified : 1; + + /* Internal to GPGME, do not use. */ + unsigned int _unused : 22; + + /* This is the protocol supported by this key. */ + gpgme_protocol_t protocol; + + /* If protocol is GPGME_PROTOCOL_CMS, this string contains the + issuer serial. */ + char *issuer_serial; + + /* If protocol is GPGME_PROTOCOL_CMS, this string contains the + issuer name. */ + char *issuer_name; + + /* If protocol is GPGME_PROTOCOL_CMS, this string contains the chain + ID. */ + char *chain_id; + + /* If protocol is GPGME_PROTOCOL_OpenPGP, this field contains the + owner trust. */ + gpgme_validity_t owner_trust; + + /* The subkeys of the key. */ + gpgme_subkey_t subkeys; + + /* The user IDs of the key. */ + gpgme_user_id_t uids; + + /* Internal to GPGME, do not use. */ + gpgme_subkey_t _last_subkey; + + /* Internal to GPGME, do not use. */ + gpgme_user_id_t _last_uid; + + /* The keylist mode that was active when listing the key. */ + gpgme_keylist_mode_t keylist_mode; +}; +typedef struct _gpgme_key *gpgme_key_t; + + + +/* Types for callback functions. */ + +/* Request a passphrase from the user. */ +typedef gpgme_error_t (*gpgme_passphrase_cb_t) (void *hook, + const char *uid_hint, + const char *passphrase_info, + int prev_was_bad, int fd); + +/* Inform the user about progress made. */ +typedef void (*gpgme_progress_cb_t) (void *opaque, const char *what, + int type, int current, int total); + +/* Interact with the user about an edit operation. */ +typedef gpgme_error_t (*gpgme_edit_cb_t) (void *opaque, + gpgme_status_code_t status, + const char *args, int fd); + + +/* Context management functions. */ + +/* Create a new context and return it in CTX. */ +gpgme_error_t gpgme_new (gpgme_ctx_t *ctx); + +/* Release the context CTX. */ +void gpgme_release (gpgme_ctx_t ctx); + +/* Set the protocol to be used by CTX to PROTO. */ +gpgme_error_t gpgme_set_protocol (gpgme_ctx_t ctx, gpgme_protocol_t proto); + +/* Get the protocol used with CTX */ +gpgme_protocol_t gpgme_get_protocol (gpgme_ctx_t ctx); + +/* Get the string describing protocol PROTO, or NULL if invalid. */ +const char *gpgme_get_protocol_name (gpgme_protocol_t proto); + +/* If YES is non-zero, enable armor mode in CTX, disable it otherwise. */ +void gpgme_set_armor (gpgme_ctx_t ctx, int yes); + +/* Return non-zero if armor mode is set in CTX. */ +int gpgme_get_armor (gpgme_ctx_t ctx); + +/* If YES is non-zero, enable text mode in CTX, disable it otherwise. */ +void gpgme_set_textmode (gpgme_ctx_t ctx, int yes); + +/* Return non-zero if text mode is set in CTX. */ +int gpgme_get_textmode (gpgme_ctx_t ctx); + +/* Use whatever the default of the backend crypto engine is. */ +#define GPGME_INCLUDE_CERTS_DEFAULT -256 + +/* Include up to NR_OF_CERTS certificates in an S/MIME message. */ +void gpgme_set_include_certs (gpgme_ctx_t ctx, int nr_of_certs); + +/* Return the number of certs to include in an S/MIME message. */ +int gpgme_get_include_certs (gpgme_ctx_t ctx); + +/* Set keylist mode in CTX to MODE. */ +gpgme_error_t gpgme_set_keylist_mode (gpgme_ctx_t ctx, + gpgme_keylist_mode_t mode); + +/* Get keylist mode in CTX. */ +gpgme_keylist_mode_t gpgme_get_keylist_mode (gpgme_ctx_t ctx); + +/* Set the passphrase callback function in CTX to CB. HOOK_VALUE is + passed as first argument to the passphrase callback function. */ +void gpgme_set_passphrase_cb (gpgme_ctx_t ctx, + gpgme_passphrase_cb_t cb, void *hook_value); + +/* Get the current passphrase callback function in *CB and the current + hook value in *HOOK_VALUE. */ +void gpgme_get_passphrase_cb (gpgme_ctx_t ctx, gpgme_passphrase_cb_t *cb, + void **hook_value); + +/* Set the progress callback function in CTX to CB. HOOK_VALUE is + passed as first argument to the progress callback function. */ +void gpgme_set_progress_cb (gpgme_ctx_t c, gpgme_progress_cb_t cb, + void *hook_value); + +/* Get the current progress callback function in *CB and the current + hook value in *HOOK_VALUE. */ +void gpgme_get_progress_cb (gpgme_ctx_t ctx, gpgme_progress_cb_t *cb, + void **hook_value); + +/* This function sets the locale for the context CTX, or the default + locale if CTX is a null pointer. */ +gpgme_error_t gpgme_set_locale (gpgme_ctx_t ctx, int category, + const char *value); + +/* Get the information about the configured engines. A pointer to the + first engine in the statically allocated linked list is returned. + The returned data is valid until the next gpgme_ctx_set_engine_info. */ +gpgme_engine_info_t gpgme_ctx_get_engine_info (gpgme_ctx_t ctx); + +/* Set the engine info for the context CTX, protocol PROTO, to the + file name FILE_NAME and the home directory HOME_DIR. */ +gpgme_error_t gpgme_ctx_set_engine_info (gpgme_ctx_t ctx, + gpgme_protocol_t proto, + const char *file_name, + const char *home_dir); + + +/* Return a statically allocated string with the name of the public + key algorithm ALGO, or NULL if that name is not known. */ +const char *gpgme_pubkey_algo_name (gpgme_pubkey_algo_t algo); + +/* Return a statically allocated string with the name of the hash + algorithm ALGO, or NULL if that name is not known. */ +const char *gpgme_hash_algo_name (gpgme_hash_algo_t algo); + + +/* Delete all signers from CTX. */ +void gpgme_signers_clear (gpgme_ctx_t ctx); + +/* Add KEY to list of signers in CTX. */ +gpgme_error_t gpgme_signers_add (gpgme_ctx_t ctx, const gpgme_key_t key); + +/* Return the SEQth signer's key in CTX. */ +gpgme_key_t gpgme_signers_enum (const gpgme_ctx_t ctx, int seq); + +/* Retrieve the signature status of signature IDX in CTX after a + successful verify operation in R_STAT (if non-null). The creation + time stamp of the signature is returned in R_CREATED (if non-null). + The function returns a string containing the fingerprint. + Deprecated, use verify result directly. */ +const char *gpgme_get_sig_status (gpgme_ctx_t ctx, int idx, + _gpgme_sig_stat_t *r_stat, + time_t *r_created) _GPGME_DEPRECATED; + +/* Retrieve certain attributes of a signature. IDX is the index + number of the signature after a successful verify operation. WHAT + is an attribute where GPGME_ATTR_EXPIRE is probably the most useful + one. WHATIDX is to be passed as 0 for most attributes . */ +unsigned long gpgme_get_sig_ulong_attr (gpgme_ctx_t c, int idx, + _gpgme_attr_t what, int whatidx) + _GPGME_DEPRECATED; +const char *gpgme_get_sig_string_attr (gpgme_ctx_t c, int idx, + _gpgme_attr_t what, int whatidx) + _GPGME_DEPRECATED; + + +/* Get the key used to create signature IDX in CTX and return it in + R_KEY. */ +gpgme_error_t gpgme_get_sig_key (gpgme_ctx_t ctx, int idx, gpgme_key_t *r_key) + _GPGME_DEPRECATED; + + +/* Clear all notation data from the context. */ +void gpgme_sig_notation_clear (gpgme_ctx_t ctx); + +/* Add the human-readable notation data with name NAME and value VALUE + to the context CTX, using the flags FLAGS. If NAME is NULL, then + VALUE should be a policy URL. The flag + GPGME_SIG_NOTATION_HUMAN_READABLE is forced to be true for notation + data, and false for policy URLs. */ +gpgme_error_t gpgme_sig_notation_add (gpgme_ctx_t ctx, const char *name, + const char *value, + gpgme_sig_notation_flags_t flags); + +/* Get the sig notations for this context. */ +gpgme_sig_notation_t gpgme_sig_notation_get (gpgme_ctx_t ctx); + + +/* Run control. */ + +/* The type of an I/O callback function. */ +typedef gpgme_error_t (*gpgme_io_cb_t) (void *data, int fd); + +/* The type of a function that can register FNC as the I/O callback + function for the file descriptor FD with direction dir (0: for writing, + 1: for reading). FNC_DATA should be passed as DATA to FNC. The + function should return a TAG suitable for the corresponding + gpgme_remove_io_cb_t, and an error value. */ +typedef gpgme_error_t (*gpgme_register_io_cb_t) (void *data, int fd, int dir, + gpgme_io_cb_t fnc, + void *fnc_data, void **tag); + +/* The type of a function that can remove a previously registered I/O + callback function given TAG as returned by the register + function. */ +typedef void (*gpgme_remove_io_cb_t) (void *tag); + +typedef enum + { + GPGME_EVENT_START, + GPGME_EVENT_DONE, + GPGME_EVENT_NEXT_KEY, + GPGME_EVENT_NEXT_TRUSTITEM + } +gpgme_event_io_t; + +/* The type of a function that is called when a context finished an + operation. */ +typedef void (*gpgme_event_io_cb_t) (void *data, gpgme_event_io_t type, + void *type_data); + +struct gpgme_io_cbs +{ + gpgme_register_io_cb_t add; + void *add_priv; + gpgme_remove_io_cb_t remove; + gpgme_event_io_cb_t event; + void *event_priv; +}; +typedef struct gpgme_io_cbs *gpgme_io_cbs_t; + +/* Set the I/O callback functions in CTX to IO_CBS. */ +void gpgme_set_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs); + +/* Get the current I/O callback functions. */ +void gpgme_get_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs); + +/* Process the pending operation and, if HANG is non-zero, wait for + the pending operation to finish. */ +gpgme_ctx_t gpgme_wait (gpgme_ctx_t ctx, gpgme_error_t *status, int hang); + + +/* Functions to handle data objects. */ + +/* Read up to SIZE bytes into buffer BUFFER from the data object with + the handle HANDLE. Return the number of characters read, 0 on EOF + and -1 on error. If an error occurs, errno is set. */ +typedef ssize_t (*gpgme_data_read_cb_t) (void *handle, void *buffer, + size_t size); + +/* Write up to SIZE bytes from buffer BUFFER to the data object with + the handle HANDLE. Return the number of characters written, or -1 + on error. If an error occurs, errno is set. */ +typedef ssize_t (*gpgme_data_write_cb_t) (void *handle, const void *buffer, + size_t size); + +/* Set the current position from where the next read or write starts + in the data object with the handle HANDLE to OFFSET, relativ to + WHENCE. */ +typedef off_t (*gpgme_data_seek_cb_t) (void *handle, off_t offset, int whence); + +/* Close the data object with the handle DL. */ +typedef void (*gpgme_data_release_cb_t) (void *handle); + +struct gpgme_data_cbs +{ + gpgme_data_read_cb_t read; + gpgme_data_write_cb_t write; + gpgme_data_seek_cb_t seek; + gpgme_data_release_cb_t release; +}; +typedef struct gpgme_data_cbs *gpgme_data_cbs_t; + +/* Read up to SIZE bytes into buffer BUFFER from the data object with + the handle DH. Return the number of characters read, 0 on EOF and + -1 on error. If an error occurs, errno is set. */ +ssize_t gpgme_data_read (gpgme_data_t dh, void *buffer, size_t size); + +/* Write up to SIZE bytes from buffer BUFFER to the data object with + the handle DH. Return the number of characters written, or -1 on + error. If an error occurs, errno is set. */ +ssize_t gpgme_data_write (gpgme_data_t dh, const void *buffer, size_t size); + +/* Set the current position from where the next read or write starts + in the data object with the handle DH to OFFSET, relativ to + WHENCE. */ +off_t gpgme_data_seek (gpgme_data_t dh, off_t offset, int whence); + +/* Create a new data buffer and return it in R_DH. */ +gpgme_error_t gpgme_data_new (gpgme_data_t *r_dh); + +/* Destroy the data buffer DH. */ +void gpgme_data_release (gpgme_data_t dh); + +/* Create a new data buffer filled with SIZE bytes starting from + BUFFER. If COPY is zero, copying is delayed until necessary, and + the data is taken from the original location when needed. */ +gpgme_error_t gpgme_data_new_from_mem (gpgme_data_t *r_dh, + const char *buffer, size_t size, + int copy); + +/* Destroy the data buffer DH and return a pointer to its content. + The memory has be to released with gpgme_free() by the user. It's + size is returned in R_LEN. */ +char *gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len); + +/* Release the memory returned by gpgme_data_release_and_get_mem(). */ +void gpgme_free (void *buffer); + +gpgme_error_t gpgme_data_new_from_cbs (gpgme_data_t *dh, + gpgme_data_cbs_t cbs, + void *handle); + +gpgme_error_t gpgme_data_new_from_fd (gpgme_data_t *dh, int fd); + +gpgme_error_t gpgme_data_new_from_stream (gpgme_data_t *dh, FILE *stream); + +/* Return the encoding attribute of the data buffer DH */ +gpgme_data_encoding_t gpgme_data_get_encoding (gpgme_data_t dh); + +/* Set the encoding attribute of data buffer DH to ENC */ +gpgme_error_t gpgme_data_set_encoding (gpgme_data_t dh, + gpgme_data_encoding_t enc); + +/* Get the file name associated with the data object with handle DH, or + NULL if there is none. */ +char *gpgme_data_get_file_name (gpgme_data_t dh); + +/* Set the file name associated with the data object with handle DH to + FILE_NAME. */ +gpgme_error_t gpgme_data_set_file_name (gpgme_data_t dh, + const char *file_name); + + +/* Create a new data buffer which retrieves the data from the callback + function READ_CB. Deprecated, please use gpgme_data_new_from_cbs + instead. */ +gpgme_error_t gpgme_data_new_with_read_cb (gpgme_data_t *r_dh, + int (*read_cb) (void*,char *, + size_t,size_t*), + void *read_cb_value) + _GPGME_DEPRECATED; + +/* Create a new data buffer filled with the content of file FNAME. + COPY must be non-zero. For delayed read, please use + gpgme_data_new_from_fd or gpgme_data_new_from stream instead. */ +gpgme_error_t gpgme_data_new_from_file (gpgme_data_t *r_dh, + const char *fname, + int copy); + +/* Create a new data buffer filled with LENGTH bytes starting from + OFFSET within the file FNAME or stream FP (exactly one must be + non-zero). */ +gpgme_error_t gpgme_data_new_from_filepart (gpgme_data_t *r_dh, + const char *fname, FILE *fp, + off_t offset, size_t length); + +/* Reset the read pointer in DH. Deprecated, please use + gpgme_data_seek instead. */ +gpgme_error_t gpgme_data_rewind (gpgme_data_t dh) _GPGME_DEPRECATED; + + +/* Key and trust functions. */ + +/* Get the key with the fingerprint FPR from the crypto backend. If + SECRET is true, get the secret key. */ +gpgme_error_t gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, + gpgme_key_t *r_key, int secret); + +/* Acquire a reference to KEY. */ +void gpgme_key_ref (gpgme_key_t key); + +/* Release a reference to KEY. If this was the last one the key is + destroyed. */ +void gpgme_key_unref (gpgme_key_t key); +void gpgme_key_release (gpgme_key_t key); + +/* Return the value of the attribute WHAT of KEY, which has to be + representable by a string. IDX specifies the sub key or user ID + for attributes related to sub keys or user IDs. Deprecated, use + key structure directly instead. */ +const char *gpgme_key_get_string_attr (gpgme_key_t key, _gpgme_attr_t what, + const void *reserved, int idx) + _GPGME_DEPRECATED; + +/* Return the value of the attribute WHAT of KEY, which has to be + representable by an unsigned integer. IDX specifies the sub key or + user ID for attributes related to sub keys or user IDs. + Deprecated, use key structure directly instead. */ +unsigned long gpgme_key_get_ulong_attr (gpgme_key_t key, _gpgme_attr_t what, + const void *reserved, int idx) + _GPGME_DEPRECATED; + +/* Return the value of the attribute WHAT of a signature on user ID + UID_IDX in KEY, which has to be representable by a string. IDX + specifies the signature. Deprecated, use key structure directly + instead. */ +const char *gpgme_key_sig_get_string_attr (gpgme_key_t key, int uid_idx, + _gpgme_attr_t what, + const void *reserved, int idx) + _GPGME_DEPRECATED; + +/* Return the value of the attribute WHAT of a signature on user ID + UID_IDX in KEY, which has to be representable by an unsigned + integer string. IDX specifies the signature. Deprecated, use key + structure directly instead. */ +unsigned long gpgme_key_sig_get_ulong_attr (gpgme_key_t key, int uid_idx, + _gpgme_attr_t what, + const void *reserved, int idx) + _GPGME_DEPRECATED; + + +/* Crypto Operations. */ + +/* Cancel a pending asynchronous operation. */ +gpgme_error_t gpgme_cancel (gpgme_ctx_t ctx); + +/* Cancel a pending operation asynchronously. */ +gpgme_error_t gpgme_cancel_async (gpgme_ctx_t ctx); + + +struct _gpgme_invalid_key +{ + struct _gpgme_invalid_key *next; + char *fpr; + gpgme_error_t reason; +}; +typedef struct _gpgme_invalid_key *gpgme_invalid_key_t; + + +/* Encryption. */ +struct _gpgme_op_encrypt_result +{ + /* The list of invalid recipients. */ + gpgme_invalid_key_t invalid_recipients; +}; +typedef struct _gpgme_op_encrypt_result *gpgme_encrypt_result_t; + +/* Retrieve a pointer to the result of the encrypt operation. */ +gpgme_encrypt_result_t gpgme_op_encrypt_result (gpgme_ctx_t ctx); + +/* The valid encryption flags. */ +typedef enum + { + GPGME_ENCRYPT_ALWAYS_TRUST = 1 + } +gpgme_encrypt_flags_t; + +/* Encrypt plaintext PLAIN within CTX for the recipients RECP and + store the resulting ciphertext in CIPHER. */ +gpgme_error_t gpgme_op_encrypt_start (gpgme_ctx_t ctx, gpgme_key_t recp[], + gpgme_encrypt_flags_t flags, + gpgme_data_t plain, gpgme_data_t cipher); +gpgme_error_t gpgme_op_encrypt (gpgme_ctx_t ctx, gpgme_key_t recp[], + gpgme_encrypt_flags_t flags, + gpgme_data_t plain, gpgme_data_t cipher); + +/* Encrypt plaintext PLAIN within CTX for the recipients RECP and + store the resulting ciphertext in CIPHER. Also sign the ciphertext + with the signers in CTX. */ +gpgme_error_t gpgme_op_encrypt_sign_start (gpgme_ctx_t ctx, + gpgme_key_t recp[], + gpgme_encrypt_flags_t flags, + gpgme_data_t plain, + gpgme_data_t cipher); +gpgme_error_t gpgme_op_encrypt_sign (gpgme_ctx_t ctx, gpgme_key_t recp[], + gpgme_encrypt_flags_t flags, + gpgme_data_t plain, gpgme_data_t cipher); + + +/* Decryption. */ + +struct _gpgme_recipient +{ + struct _gpgme_recipient *next; + + /* The key ID of key for which the text was encrypted. */ + char *keyid; + + /* Internal to GPGME, do not use. */ + char _keyid[16 + 1]; + + /* The public key algorithm of the recipient key. */ + gpgme_pubkey_algo_t pubkey_algo; + + /* The status of the recipient. */ + gpgme_error_t status; +}; +typedef struct _gpgme_recipient *gpgme_recipient_t; + +struct _gpgme_op_decrypt_result +{ + char *unsupported_algorithm; + + /* Key should not have been used for encryption. */ + unsigned int wrong_key_usage : 1; + + /* Internal to GPGME, do not use. */ + int _unused : 31; + + gpgme_recipient_t recipients; + + /* The original file name of the plaintext message, if + available. */ + char *file_name; +}; +typedef struct _gpgme_op_decrypt_result *gpgme_decrypt_result_t; + +/* Retrieve a pointer to the result of the decrypt operation. */ +gpgme_decrypt_result_t gpgme_op_decrypt_result (gpgme_ctx_t ctx); + +/* Decrypt ciphertext CIPHER within CTX and store the resulting + plaintext in PLAIN. */ +gpgme_error_t gpgme_op_decrypt_start (gpgme_ctx_t ctx, gpgme_data_t cipher, + gpgme_data_t plain); +gpgme_error_t gpgme_op_decrypt (gpgme_ctx_t ctx, + gpgme_data_t cipher, gpgme_data_t plain); + +/* Decrypt ciphertext CIPHER and make a signature verification within + CTX and store the resulting plaintext in PLAIN. */ +gpgme_error_t gpgme_op_decrypt_verify_start (gpgme_ctx_t ctx, + gpgme_data_t cipher, + gpgme_data_t plain); +gpgme_error_t gpgme_op_decrypt_verify (gpgme_ctx_t ctx, gpgme_data_t cipher, + gpgme_data_t plain); + + +/* Signing. */ +struct _gpgme_new_signature +{ + struct _gpgme_new_signature *next; + + /* The type of the signature. */ + gpgme_sig_mode_t type; + + /* The public key algorithm used to create the signature. */ + gpgme_pubkey_algo_t pubkey_algo; + + /* The hash algorithm used to create the signature. */ + gpgme_hash_algo_t hash_algo; + + /* Internal to GPGME, do not use. Must be set to the same value as + CLASS below. */ + unsigned long _obsolete_class; + + /* Signature creation time. */ + long int timestamp; + + /* The fingerprint of the signature. */ + char *fpr; + +#ifdef __cplusplus + unsigned int _obsolete_class_2; +#else + /* Must be set to SIG_CLASS below. */ + unsigned int class _GPGME_DEPRECATED; +#endif + + /* Crypto backend specific signature class. */ + unsigned int sig_class; +}; +typedef struct _gpgme_new_signature *gpgme_new_signature_t; + +struct _gpgme_op_sign_result +{ + /* The list of invalid signers. */ + gpgme_invalid_key_t invalid_signers; + gpgme_new_signature_t signatures; +}; +typedef struct _gpgme_op_sign_result *gpgme_sign_result_t; + +/* Retrieve a pointer to the result of the signing operation. */ +gpgme_sign_result_t gpgme_op_sign_result (gpgme_ctx_t ctx); + +/* Sign the plaintext PLAIN and store the signature in SIG. */ +gpgme_error_t gpgme_op_sign_start (gpgme_ctx_t ctx, + gpgme_data_t plain, gpgme_data_t sig, + gpgme_sig_mode_t mode); +gpgme_error_t gpgme_op_sign (gpgme_ctx_t ctx, + gpgme_data_t plain, gpgme_data_t sig, + gpgme_sig_mode_t mode); + + +/* Verify. */ + +/* Flags used for the SUMMARY field in a gpgme_signature_t. */ +typedef enum + { + GPGME_SIGSUM_VALID = 0x0001, /* The signature is fully valid. */ + GPGME_SIGSUM_GREEN = 0x0002, /* The signature is good. */ + GPGME_SIGSUM_RED = 0x0004, /* The signature is bad. */ + GPGME_SIGSUM_KEY_REVOKED = 0x0010, /* One key has been revoked. */ + GPGME_SIGSUM_KEY_EXPIRED = 0x0020, /* One key has expired. */ + GPGME_SIGSUM_SIG_EXPIRED = 0x0040, /* The signature has expired. */ + GPGME_SIGSUM_KEY_MISSING = 0x0080, /* Can't verify: key missing. */ + GPGME_SIGSUM_CRL_MISSING = 0x0100, /* CRL not available. */ + GPGME_SIGSUM_CRL_TOO_OLD = 0x0200, /* Available CRL is too old. */ + GPGME_SIGSUM_BAD_POLICY = 0x0400, /* A policy was not met. */ + GPGME_SIGSUM_SYS_ERROR = 0x0800 /* A system error occured. */ + } +gpgme_sigsum_t; + +struct _gpgme_signature +{ + struct _gpgme_signature *next; + + /* A summary of the signature status. */ + gpgme_sigsum_t summary; + + /* The fingerprint or key ID of the signature. */ + char *fpr; + + /* The status of the signature. */ + gpgme_error_t status; + + /* Notation data and policy URLs. */ + gpgme_sig_notation_t notations; + + /* Signature creation time. */ + unsigned long timestamp; + + /* Signature exipration time or 0. */ + unsigned long exp_timestamp; + + /* Key should not have been used for signing. */ + unsigned int wrong_key_usage : 1; + + /* PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU. */ + unsigned int pka_trust : 2; + + /* Validity has been verified using the chain model. */ + unsigned int chain_model : 1; + + /* Internal to GPGME, do not use. */ + int _unused : 28; + + gpgme_validity_t validity; + gpgme_error_t validity_reason; + + /* The public key algorithm used to create the signature. */ + gpgme_pubkey_algo_t pubkey_algo; + + /* The hash algorithm used to create the signature. */ + gpgme_hash_algo_t hash_algo; + + /* The mailbox from the PKA information or NULL. */ + char *pka_address; +}; +typedef struct _gpgme_signature *gpgme_signature_t; + +struct _gpgme_op_verify_result +{ + gpgme_signature_t signatures; + + /* The original file name of the plaintext message, if + available. */ + char *file_name; +}; +typedef struct _gpgme_op_verify_result *gpgme_verify_result_t; + +/* Retrieve a pointer to the result of the verify operation. */ +gpgme_verify_result_t gpgme_op_verify_result (gpgme_ctx_t ctx); + +/* Verify within CTX that SIG is a valid signature for TEXT. */ +gpgme_error_t gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig, + gpgme_data_t signed_text, + gpgme_data_t plaintext); +gpgme_error_t gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig, + gpgme_data_t signed_text, + gpgme_data_t plaintext); + + +/* Import. */ + +/* The key was new. */ +#define GPGME_IMPORT_NEW 1 + +/* The key contained new user IDs. */ +#define GPGME_IMPORT_UID 2 + +/* The key contained new signatures. */ +#define GPGME_IMPORT_SIG 4 + +/* The key contained new sub keys. */ +#define GPGME_IMPORT_SUBKEY 8 + +/* The key contained a secret key. */ +#define GPGME_IMPORT_SECRET 16 + + +struct _gpgme_import_status +{ + struct _gpgme_import_status *next; + + /* Fingerprint. */ + char *fpr; + + /* If a problem occured, the reason why the key could not be + imported. Otherwise GPGME_No_Error. */ + gpgme_error_t result; + + /* The result of the import, the GPGME_IMPORT_* values bit-wise + ORed. 0 means the key was already known and no new components + have been added. */ + unsigned int status; +}; +typedef struct _gpgme_import_status *gpgme_import_status_t; + +/* Import. */ +struct _gpgme_op_import_result +{ + /* Number of considered keys. */ + int considered; + + /* Keys without user ID. */ From cvs at cvs.gnupg.org Tue Oct 21 15:53:09 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 21 Oct 2008 15:53:09 +0200 Subject: [svn] GnuPG - r4856 - trunk/scd Message-ID: Author: marcus Date: 2008-10-21 15:53:08 +0200 (Tue, 21 Oct 2008) New Revision: 4856 Modified: trunk/scd/ChangeLog trunk/scd/command.c Log: 2008-10-21 Marcus Brinkmann * command.c (open_card): If connect error is SW_HOST_NO_CARD, return a more descriptive error. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-10-20 13:53:23 UTC (rev 4855) +++ trunk/scd/ChangeLog 2008-10-21 13:53:08 UTC (rev 4856) @@ -1,3 +1,8 @@ +2008-10-21 Marcus Brinkmann + + * command.c (open_card): If connect error is SW_HOST_NO_CARD, + return a more descriptive error. + 2008-10-20 Werner Koch * pcsc-wrapper.c (read_32): Use provided arg and not stdin. Is Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2008-10-20 13:53:23 UTC (rev 4855) +++ trunk/scd/command.c 2008-10-21 13:53:08 UTC (rev 4856) @@ -405,7 +405,12 @@ select_application. */ int sw = apdu_connect (slot); if (sw && sw != SW_HOST_ALREADY_CONNECTED) - err = gpg_error (GPG_ERR_CARD); + { + if (sw == SW_HOST_NO_CARD) + err = gpg_error (GPG_ERR_CARD_NOT_PRESENT); + else + err = gpg_error (GPG_ERR_CARD); + } else err = select_application (ctrl, slot, apptype, &ctrl->app_ctx); } From cvs at cvs.gnupg.org Tue Oct 21 16:50:29 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 21 Oct 2008 16:50:29 +0200 Subject: [svn] dirmngr - r310 - in trunk: . doc doc/examples/trusted-certs po src Message-ID: Author: wk Date: 2008-10-21 16:50:28 +0200 (Tue, 21 Oct 2008) New Revision: 310 Modified: trunk/ChangeLog trunk/NEWS trunk/TODO trunk/configure.ac trunk/doc/dirmngr.texi trunk/doc/examples/trusted-certs/README trunk/po/de.po trunk/po/dirmngr.pot trunk/src/ChangeLog trunk/src/certcache.c trunk/src/crlcache.c trunk/src/dirmngr.c trunk/src/dirmngr.h trunk/src/estream-printf.c trunk/src/estream-printf.h trunk/src/estream.c trunk/src/estream.h trunk/src/ocsp.c trunk/src/server.c trunk/src/validate.c trunk/src/validate.h Log: Allow for client provided CRL signing cert trust anchors. General updates. [The diff below has been truncated] Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/ChangeLog 2008-10-21 14:50:28 UTC (rev 310) @@ -1,3 +1,8 @@ +2008-10-21 Werner Koch + + * configure.ac: Require libgcrypt 1.4. Remove test for + gcry_md_debug. + 2008-07-31 Werner Koch * tests/Makefile.am (LDADD): Add LIBINTL and LIBICONV. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/src/ChangeLog 2008-10-21 14:50:28 UTC (rev 310) @@ -1,3 +1,35 @@ +2008-10-21 Werner Koch + + * certcache.c (load_certs_from_dir): Accept ".der" files. + + * server.c (get_istrusted_from_client): New. + * validate.c (validate_cert_chain): Add new optional arg + R_TRUST_ANCHOR. Adjust all callers + * crlcache.c (crl_cache_entry_s): Add fields USER_TRUST_REQ + and CHECK_TRUST_ANCHOR. + (release_one_cache_entry): Release CHECK_TRUST_ANCHOR. + (list_one_crl_entry): Print info about the new fields. + (open_dir, write_dir_line_crl): Support the new U-flag. + (crl_parse_insert): Add arg R_TRUST_ANCHOR and set it accordingly. + (crl_cache_insert): Store trust anchor in entry object. + (cache_isvalid): Ask client for trust is needed. + + * crlcache.c (open_dir): Replace xcalloc by xtrycalloc. + (next_line_from_file): Ditt. Add arg to return the gpg error. + Change all callers. + (update_dir): Replace sprintf and malloc by estream_asprintf. + (crl_cache_insert): Ditto. + (crl_cache_isvalid): Replace xmalloc by xtrymalloc. + (get_auth_key_id): Ditto. + (crl_cache_insert): Ditto. + + * crlcache.c (start_sig_check): Remove HAVE_GCRY_MD_DEBUG test. + * validate.c (check_cert_sig): Ditto. Remove workaround for bug + in libgcrypt 1.2. + + * estream.c, estream.h, estream-printf.c, estream-printf.h: Update + from current libestream (svn rev 61). + 2008-09-30 Marcus Brinkmann * get-path.c (get_dirmngr_ldap_path): Revert last change. @@ -16,6 +48,11 @@ * dirmngr.c (main): Mark the ldapserverlist-file option as read-only. +2008-07-31 Werner Koch + + * crlcache.c (start_sig_check) [!HAVE_GCRY_MD_DEBUG]: Use + gcry_md_start_debug + 2008-06-16 Werner Koch * get-path.c (w32_commondir): New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/NEWS 2008-10-21 14:50:28 UTC (rev 310) @@ -1,7 +1,13 @@ Noteworthy changes in version 1.0.3 ------------------------------------------------ + * Client based trust anchors are now supported. + * Configured certificates with the suffix ".der" are now also used. + + * Libgcrypt 1.4 is now required. + + Noteworthy changes in version 1.0.2 (2008-07-31) ------------------------------------------------ Modified: trunk/TODO =================================================================== --- trunk/TODO 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/TODO 2008-10-21 14:50:28 UTC (rev 310) @@ -35,6 +35,3 @@ When hashing debugging is enabled, we leak file handles for the dbgmd crl files. May be a bug in gcrypt. -* When requiring libgcrypt 1.4: -** Remove the configure check for gcry_md_debug - Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/configure.ac 2008-10-21 14:50:28 UTC (rev 310) @@ -38,7 +38,7 @@ NEED_GPG_ERROR_VERSION=1.4 NEED_LIBGCRYPT_API=1 -NEED_LIBGCRYPT_VERSION=1.2.2 +NEED_LIBGCRYPT_VERSION=1.4.0 NEED_LIBASSUAN_API=1 NEED_LIBASSUAN_VERSION=1.0.4 @@ -358,15 +358,6 @@ AC_CHECK_FUNCS([canonicalize_file_name]) -# Temporary check until we require libgcrypt 1.4. -_save_cppflags="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS $LIBGCRYPT_CFLAGS" -_save_ldflags="$LDFLAGS" -LDFLAGS="$LIBGCRYPT_LIBS $LDFLAGS" -AC_CHECK_FUNCS([gcry_md_debug]) -CPPFLAGS="${_save_cppflags}" -LDFLAGS="${_save_ldflags}" - # # Stuff which goes at the bottom of config.h. # Modified: trunk/doc/dirmngr.texi =================================================================== --- trunk/doc/dirmngr.texi 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/doc/dirmngr.texi 2008-10-21 14:50:28 UTC (rev 310) @@ -175,13 +175,14 @@ @item /etc/dirmngr/trusted-certs This directory should be filled with certificates of Root CAs you are -trusting in checking the CRLS and signing OCSP Reponses. Usually these -are the same certificates you use with the applications making use of -dirmngr. It is expected that each of these certificate files contain -exactly one @acronym{DER} encoded certificate in a file with the suffix - at file{.crt}. @command{dirmngr} reads those certificates on startup and -when given a SIGHUP. Certificates which are not readable or do not make -up a proper X.509 certificate are ignored; see the log file for details. +trusting in checking the CRLS and signing OCSP Reponses. Usually +these are the same certificates you use with the applications making +use of dirmngr. It is expected that each of these certificate files +contain exactly one @acronym{DER} encoded certificate in a file with +the suffix @file{.crt} or @file{.der}. @command{dirmngr} reads those +certificates on startup and when given a SIGHUP. Certificates which +are not readable or do not make up a proper X.509 certificate are +ignored; see the log file for details. Note that for OCSP responses the certificate specified using the option @option{--ocsp-signer} is always considered valid to sign OCSP requests. @@ -193,7 +194,7 @@ couple intermediate CA certificates or certificates ususally used to sign OCSP reponses. These certificates are first tried before going out to the net to look for them. These certificates must also be - at acronym{DER} encoded and suffixed with @file{.crt}. + at acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}. @item /var/run/dirmngr This directory keeps the socket file for accsing @command{dirmngr} services. @@ -757,7 +758,20 @@ A client should be aware that DirMngr may ask for more than one certificate. +If Dirmngr has a certificate but the signature of the certificate +could not been validated because the root certificate is not known to +dirmngr as trusted, it may ask back to see whether the client trusts +this the root certificate: + at example + S: INQUIRE ISTRUSTED + C: D 1 + C: END + at end example + +Only this answer will let Dirmngr consider the CRL as valid. + + @node Dirmngr CHECKCRL @section Validate a certificate using a CRL Modified: trunk/doc/examples/trusted-certs/README =================================================================== --- trunk/doc/examples/trusted-certs/README 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/doc/examples/trusted-certs/README 2008-10-21 14:50:28 UTC (rev 310) @@ -1,4 +1,4 @@ These certificates are trusted and thus make up an anchor for a certificate -chain. Note that only DER encoded certificates with the suffix ".crt" are -used. They are loded at dirmngr startup. +chain. Note that only DER encoded certificates with a suffix of +".crt" or ".der" are used. They are loded at dirmngr startup. Modified: trunk/po/de.po [not shown] Modified: trunk/po/dirmngr.pot =================================================================== --- trunk/po/dirmngr.pot 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/po/dirmngr.pot 2008-10-21 14:50:28 UTC (rev 310) @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: gpa-dev at gnupg.org\n" -"POT-Creation-Date: 2008-06-27 09:59+0200\n" +"POT-Creation-Date: 2008-10-21 16:03+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -51,7 +51,7 @@ msgid "can't access directory `%s': %s\n" msgstr "" -#: src/certcache.c:390 src/crlcache.c:2234 src/dirmngr.c:1433 +#: src/certcache.c:390 src/crlcache.c:2366 src/dirmngr.c:1433 #, c-format msgid "can't open `%s': %s\n" msgstr "" @@ -137,7 +137,7 @@ msgid "error fetching certificate by subject: %s\n" msgstr "" -#: src/certcache.c:1338 src/validate.c:436 +#: src/certcache.c:1338 src/validate.c:445 msgid "no issuer found in certificate\n" msgstr "" @@ -146,486 +146,487 @@ msgid "error getting authorityKeyIdentifier: %s\n" msgstr "" -#: src/crlcache.c:206 +#: src/crlcache.c:214 #, c-format msgid "creating directory `%s'\n" msgstr "" -#: src/crlcache.c:210 +#: src/crlcache.c:218 #, c-format msgid "error creating directory `%s': %s\n" msgstr "" -#: src/crlcache.c:238 +#: src/crlcache.c:246 #, c-format msgid "ignoring database dir `%s'\n" msgstr "" -#: src/crlcache.c:247 +#: src/crlcache.c:255 #, c-format msgid "error reading directory `%s': %s\n" msgstr "" -#: src/crlcache.c:268 +#: src/crlcache.c:276 #, c-format msgid "removing cache file `%s'\n" msgstr "" -#: src/crlcache.c:277 +#: src/crlcache.c:285 #, c-format msgid "not removing file `%s'\n" msgstr "" -#: src/crlcache.c:346 src/crlcache.c:1041 +#: src/crlcache.c:374 src/crlcache.c:1113 #, c-format msgid "error closing cache file: %s\n" msgstr "" -#: src/crlcache.c:383 src/crlcache.c:727 +#: src/crlcache.c:412 src/crlcache.c:788 #, c-format msgid "failed to open cache dir file `%s': %s\n" msgstr "" -#: src/crlcache.c:393 +#: src/crlcache.c:422 #, c-format msgid "error creating new cache dir file `%s': %s\n" msgstr "" -#: src/crlcache.c:400 +#: src/crlcache.c:429 #, c-format msgid "error writing new cache dir file `%s': %s\n" msgstr "" -#: src/crlcache.c:407 +#: src/crlcache.c:436 #, c-format msgid "error closing new cache dir file `%s': %s\n" msgstr "" -#: src/crlcache.c:412 +#: src/crlcache.c:441 #, c-format msgid "new cache dir file `%s' created\n" msgstr "" -#: src/crlcache.c:417 +#: src/crlcache.c:446 #, c-format msgid "failed to re-open cache dir file `%s': %s\n" msgstr "" -#: src/crlcache.c:444 +#: src/crlcache.c:474 #, c-format msgid "first record of `%s' is not the version\n" msgstr "" -#: src/crlcache.c:455 +#: src/crlcache.c:487 msgid "old version of cache directory - cleaning up\n" msgstr "" -#: src/crlcache.c:471 +#: src/crlcache.c:503 msgid "old version of cache directory - giving up\n" msgstr "" -#: src/crlcache.c:559 +#: src/crlcache.c:608 #, c-format msgid "extra field detected in crl record of `%s' line %u\n" msgstr "" -#: src/crlcache.c:567 +#: src/crlcache.c:616 #, c-format msgid "invalid line detected in `%s' line %u\n" msgstr "" -#: src/crlcache.c:576 +#: src/crlcache.c:625 #, c-format msgid "duplicate entry detected in `%s' line %u\n" msgstr "" -#: src/crlcache.c:591 +#: src/crlcache.c:640 #, c-format msgid "unsupported record type in `%s' line %u skipped\n" msgstr "" -#: src/crlcache.c:599 src/crlcache.c:842 src/dirmngr.c:1379 +#: src/crlcache.c:649 src/crlcache.c:654 src/crlcache.c:908 src/crlcache.c:914 +#: src/dirmngr.c:1379 #, c-format msgid "error reading `%s': %s\n" msgstr "" -#: src/crlcache.c:611 +#: src/crlcache.c:666 #, c-format msgid "invalid issuer hash in `%s' line %u\n" msgstr "" -#: src/crlcache.c:617 +#: src/crlcache.c:672 #, c-format msgid "no issuer DN in `%s' line %u\n" msgstr "" -#: src/crlcache.c:624 +#: src/crlcache.c:679 #, c-format msgid "invalid timestamp in `%s' line %u\n" msgstr "" -#: src/crlcache.c:630 +#: src/crlcache.c:685 #, c-format msgid "WARNING: invalid cache file hash in `%s' line %u\n" msgstr "" -#: src/crlcache.c:636 +#: src/crlcache.c:691 msgid "detected errors in cache dir file\n" msgstr "" -#: src/crlcache.c:637 +#: src/crlcache.c:692 msgid "please check the reason and manually delete that file\n" msgstr "" -#: src/crlcache.c:767 +#: src/crlcache.c:820 src/crlcache.c:834 #, c-format msgid "failed to create temporary cache dir file `%s': %s\n" msgstr "" -#: src/crlcache.c:847 +#: src/crlcache.c:919 #, c-format msgid "error writing `%s': %s\n" msgstr "" -#: src/crlcache.c:858 +#: src/crlcache.c:930 #, c-format msgid "error closing `%s': %s\n" msgstr "" -#: src/crlcache.c:870 +#: src/crlcache.c:942 #, c-format msgid "error renaming `%s' to `%s': %s\n" msgstr "" -#: src/crlcache.c:925 +#: src/crlcache.c:997 #, c-format msgid "can't hash `%s': %s\n" msgstr "" -#: src/crlcache.c:933 +#: src/crlcache.c:1005 #, c-format msgid "error setting up MD5 hash context: %s\n" msgstr "" -#: src/crlcache.c:949 +#: src/crlcache.c:1021 #, c-format msgid "error hashing `%s': %s\n" msgstr "" -#: src/crlcache.c:977 +#: src/crlcache.c:1049 #, c-format msgid "invalid formatted checksum for `%s'\n" msgstr "" -#: src/crlcache.c:1030 +#: src/crlcache.c:1102 msgid "too many open cache files; can't open anymore\n" msgstr "" -#: src/crlcache.c:1048 +#: src/crlcache.c:1120 #, c-format msgid "opening cache file `%s'\n" msgstr "" -#: src/crlcache.c:1067 +#: src/crlcache.c:1139 #, c-format msgid "error opening cache file `%s': %s\n" msgstr "" -#: src/crlcache.c:1076 +#: src/crlcache.c:1148 #, c-format msgid "error initializing cache file `%s' for reading: %s\n" msgstr "" -#: src/crlcache.c:1097 +#: src/crlcache.c:1169 msgid "calling unlock_db_file on a closed file\n" msgstr "" -#: src/crlcache.c:1099 +#: src/crlcache.c:1171 msgid "calling unlock_db_file on an unlocked file\n" msgstr "" -#: src/crlcache.c:1153 +#: src/crlcache.c:1225 #, c-format msgid "failed to create a new cache object: %s\n" msgstr "" -#: src/crlcache.c:1208 +#: src/crlcache.c:1280 #, c-format msgid "no CRL available for issuer id %s\n" msgstr "" -#: src/crlcache.c:1215 +#: src/crlcache.c:1287 #, c-format msgid "cached CRL for issuer id %s too old; update required\n" msgstr "" -#: src/crlcache.c:1229 +#: src/crlcache.c:1301 #, c-format msgid "" "force-crl-refresh active and %d minutes passed for issuer id %s; update " "required\n" msgstr "" -#: src/crlcache.c:1237 +#: src/crlcache.c:1309 #, c-format msgid "force-crl-refresh active for issuer id %s; update required\n" msgstr "" -#: src/crlcache.c:1246 +#: src/crlcache.c:1318 #, c-format msgid "available CRL for issuer ID %s can't be used\n" msgstr "" -#: src/crlcache.c:1257 +#: src/crlcache.c:1329 #, c-format msgid "cached CRL for issuer id %s tampered; we need to update\n" msgstr "" -#: src/crlcache.c:1269 +#: src/crlcache.c:1341 msgid "WARNING: invalid cache record length for S/N " msgstr "" -#: src/crlcache.c:1278 +#: src/crlcache.c:1350 #, c-format msgid "problem reading cache record for S/N %s: %s\n" msgstr "" -#: src/crlcache.c:1281 +#: src/crlcache.c:1353 #, c-format msgid "S/N %s is not valid; reason=%02X date=%.15s\n" msgstr "" -#: src/crlcache.c:1292 +#: src/crlcache.c:1364 #, c-format msgid "S/N %s is valid, it is not listed in the CRL\n" msgstr "" -#: src/crlcache.c:1300 +#: src/crlcache.c:1372 #, c-format msgid "error getting data from cache file: %s\n" msgstr "" -#: src/crlcache.c:1436 src/validate.c:833 +#: src/crlcache.c:1534 src/validate.c:868 #, c-format msgid "unknown hash algorithm `%s'\n" msgstr "" -#: src/crlcache.c:1443 +#: src/crlcache.c:1541 #, c-format msgid "gcry_md_open for algorithm %d failed: %s\n" msgstr "" -#: src/crlcache.c:1480 src/crlcache.c:1499 +#: src/crlcache.c:1578 src/crlcache.c:1597 msgid "got an invalid S-expression from libksba\n" msgstr "" -#: src/crlcache.c:1487 src/crlcache.c:1506 src/misc.c:438 +#: src/crlcache.c:1585 src/crlcache.c:1604 src/misc.c:438 #, c-format msgid "converting S-expression failed: %s\n" msgstr "" -#: src/crlcache.c:1521 src/ocsp.c:419 +#: src/crlcache.c:1619 src/ocsp.c:419 #, c-format msgid "creating S-expression failed: %s\n" msgstr "" -#: src/crlcache.c:1589 +#: src/crlcache.c:1691 #, c-format msgid "ksba_crl_parse failed: %s\n" msgstr "" -#: src/crlcache.c:1603 +#: src/crlcache.c:1705 #, c-format msgid "error getting update times of CRL: %s\n" msgstr "" -#: src/crlcache.c:1610 +#: src/crlcache.c:1712 #, c-format msgid "update times of this CRL: this=%s next=%s\n" msgstr "" -#: src/crlcache.c:1614 +#: src/crlcache.c:1716 msgid "nextUpdate not given; assuming a validity period of one day\n" msgstr "" -#: src/crlcache.c:1634 +#: src/crlcache.c:1736 #, c-format msgid "error getting CRL item: %s\n" msgstr "" -#: src/crlcache.c:1649 +#: src/crlcache.c:1751 #, c-format msgid "error inserting item into temporary cache file: %s\n" msgstr "" -#: src/crlcache.c:1676 +#: src/crlcache.c:1778 #, c-format msgid "no CRL issuer found in CRL: %s\n" msgstr "" -#: src/crlcache.c:1691 +#: src/crlcache.c:1793 msgid "locating CRL issuer certificate by authorityKeyIdentifier\n" msgstr "" -#: src/crlcache.c:1736 +#: src/crlcache.c:1838 #, c-format msgid "CRL signature verification failed: %s\n" msgstr "" -#: src/crlcache.c:1746 +#: src/crlcache.c:1849 #, c-format msgid "error checking validity of CRL issuer certificate: %s\n" msgstr "" -#: src/crlcache.c:1874 +#: src/crlcache.c:1980 #, c-format msgid "ksba_crl_new failed: %s\n" msgstr "" -#: src/crlcache.c:1881 +#: src/crlcache.c:1987 #, c-format msgid "ksba_crl_set_reader failed: %s\n" msgstr "" -#: src/crlcache.c:1911 +#: src/crlcache.c:2021 #, c-format msgid "removed stale temporary cache file `%s'\n" msgstr "" -#: src/crlcache.c:1914 +#: src/crlcache.c:2025 #, c-format msgid "problem removing stale temporary cache file `%s': %s\n" msgstr "" -#: src/crlcache.c:1924 +#: src/crlcache.c:2035 #, c-format msgid "error creating temporary cache file `%s': %s\n" msgstr "" -#: src/crlcache.c:1934 +#: src/crlcache.c:2045 #, c-format msgid "crl_parse_insert failed: %s\n" msgstr "" -#: src/crlcache.c:1944 +#: src/crlcache.c:2055 #, c-format msgid "error finishing temporary cache file `%s': %s\n" msgstr "" -#: src/crlcache.c:1951 +#: src/crlcache.c:2062 #, c-format msgid "error closing temporary cache file `%s': %s\n" msgstr "" -#: src/crlcache.c:1976 +#: src/crlcache.c:2087 #, c-format msgid "WARNING: new CRL still too old; it expired on %s - loading anyway\n" msgstr "" -#: src/crlcache.c:1980 +#: src/crlcache.c:2091 #, c-format msgid "new CRL still too old; it expired on %s\n" msgstr "" -#: src/crlcache.c:1996 +#: src/crlcache.c:2107 #, c-format msgid "unknown critical CRL extension %s\n" msgstr "" -#: src/crlcache.c:2006 +#: src/crlcache.c:2117 #, c-format msgid "error reading CRL extensions: %s\n" msgstr "" -#: src/crlcache.c:2040 +#: src/crlcache.c:2168 #, c-format msgid "creating cache file `%s'\n" msgstr "" -#: src/crlcache.c:2047 +#: src/crlcache.c:2175 #, c-format msgid "problem renaming `%s' to `%s': %s\n" msgstr "" -#: src/crlcache.c:2061 +#: src/crlcache.c:2189 msgid "" "updating the DIR file failed - cache entry will get lost with the next " "program start\n" msgstr "" -#: src/crlcache.c:2097 +#: src/crlcache.c:2226 #, c-format msgid "Begin CRL dump (retrieved via %s)\n" msgstr "" -#: src/crlcache.c:2117 +#: src/crlcache.c:2249 #, c-format msgid "" " ERROR: The CRL will not be used because it was still too old after an " "update!\n" msgstr "" -#: src/crlcache.c:2119 +#: src/crlcache.c:2251 #, c-format msgid "" " ERROR: The CRL will not be used due to an unknown critical extension!\n" msgstr "" -#: src/crlcache.c:2121 +#: src/crlcache.c:2253 #, c-format msgid " ERROR: The CRL will not be used\n" msgstr "" -#: src/crlcache.c:2128 +#: src/crlcache.c:2260 #, c-format msgid " ERROR: This cached CRL may has been tampered with!\n" msgstr "" -#: src/crlcache.c:2145 +#: src/crlcache.c:2277 msgid " WARNING: invalid cache record length\n" msgstr "" -#: src/crlcache.c:2152 +#: src/crlcache.c:2284 #, c-format msgid "problem reading cache record: %s\n" msgstr "" -#: src/crlcache.c:2163 +#: src/crlcache.c:2295 #, c-format msgid "problem reading cache key: %s\n" msgstr "" -#: src/crlcache.c:2194 +#: src/crlcache.c:2326 #, c-format msgid "error reading cache entry from db: %s\n" msgstr "" -#: src/crlcache.c:2197 +#: src/crlcache.c:2329 #, c-format msgid "End CRL dump\n" msgstr "" -#: src/crlcache.c:2243 src/crlfetch.c:213 src/ldap.c:656 +#: src/crlcache.c:2375 src/crlfetch.c:213 src/ldap.c:656 #, c-format msgid "error initializing reader object: %s\n" msgstr "" -#: src/crlcache.c:2324 +#: src/crlcache.c:2456 #, c-format msgid "crl_fetch via DP failed: %s\n" msgstr "" -#: src/crlcache.c:2335 +#: src/crlcache.c:2467 #, c-format msgid "crl_cache_insert via DP failed: %s\n" msgstr "" -#: src/crlcache.c:2385 +#: src/crlcache.c:2517 #, c-format msgid "crl_fetch via issuer failed: %s\n" msgstr "" -#: src/crlcache.c:2395 +#: src/crlcache.c:2527 #, c-format msgid "crl_cache_insert via issuer failed: %s\n" msgstr "" @@ -1211,7 +1212,7 @@ msgid "no suitable certificate found to verify the OCSP response\n" msgstr "" -#: src/ocsp.c:551 src/validate.c:588 +#: src/ocsp.c:551 src/validate.c:609 #, c-format msgid "issuer certificate not found: %s\n" msgstr "" @@ -1300,80 +1301,80 @@ msgid "OCSP responder returned an too old status\n" msgstr "" -#: src/server.c:174 src/server.c:286 +#: src/server.c:174 src/server.c:286 src/server.c:332 #, c-format msgid "assuan_inquire(%s) failed: %s\n" msgstr "" -#: src/server.c:390 +#: src/server.c:425 msgid "ldapserver missing" msgstr "" -#: src/server.c:461 +#: src/server.c:496 msgid "serialno missing in cert ID" msgstr "" -#: src/server.c:514 src/server.c:628 src/server.c:713 src/server.c:1008 -#: src/server.c:1036 src/server.c:1062 src/server.c:1115 src/server.c:1184 +#: src/server.c:549 src/server.c:663 src/server.c:748 src/server.c:1043 +#: src/server.c:1071 src/server.c:1097 src/server.c:1150 src/server.c:1219 #, c-format msgid "command %s failed: %s\n" msgstr "" -#: src/server.c:599 src/server.c:687 src/server.c:1095 src/server.c:1148 +#: src/server.c:634 src/server.c:722 src/server.c:1130 src/server.c:1183 #, c-format msgid "assuan_inquire failed: %s\n" msgstr "" -#: src/server.c:732 +#: src/server.c:767 #, c-format msgid "fetch_cert_by_url failed: %s\n" msgstr "" -#: src/server.c:744 src/server.c:775 src/server.c:931 +#: src/server.c:779 src/server.c:810 src/server.c:966 #, c-format msgid "error sending data: %s\n" msgstr "" -#: src/server.c:879 +#: src/server.c:914 #, c-format msgid "start_cert_fetch failed: %s\n" msgstr "" -#: src/server.c:912 +#: src/server.c:947 #, c-format msgid "fetch_next_cert failed: %s\n" msgstr "" -#: src/server.c:939 +#: src/server.c:974 #, c-format msgid "max_replies %d exceeded\n" msgstr "" -#: src/server.c:1058 +#: src/server.c:1093 msgid "no data stream" msgstr "" -#: src/server.c:1250 +#: src/server.c:1285 #, c-format msgid "can't allocate control structure: %s\n" msgstr "" -#: src/server.c:1273 +#: src/server.c:1308 #, c-format msgid "failed to initialize the server: %s\n" msgstr "" -#: src/server.c:1281 +#: src/server.c:1316 #, c-format msgid "failed to the register commands with Assuan: %s\n" msgstr "" -#: src/server.c:1324 +#: src/server.c:1359 #, c-format msgid "Assuan accept problem: %s\n" msgstr "" -#: src/server.c:1344 +#: src/server.c:1379 #, c-format msgid "Assuan processing failed: %s\n" msgstr "" @@ -1411,108 +1412,108 @@ msgid "checking CRL for" msgstr "" -#: src/validate.c:365 +#: src/validate.c:374 msgid "running in compatibility mode - certificate chain not checked!\n" msgstr "" -#: src/validate.c:450 +#: src/validate.c:459 #, c-format msgid "certificate with invalid validity: %s" msgstr "" -#: src/validate.c:468 +#: src/validate.c:477 msgid "certificate not yet valid" msgstr "" -#: src/validate.c:479 +#: src/validate.c:488 msgid "certificate has expired" msgstr "" -#: src/validate.c:509 +#: src/validate.c:518 msgid "selfsigned certificate has a BAD signature" msgstr "" -#: src/validate.c:527 +#: src/validate.c:536 msgid "root certificate is not marked trusted" msgstr "" -#: src/validate.c:529 +#: src/validate.c:538 #, c-format msgid "fingerprint=%s\n" msgstr "" -#: src/validate.c:535 +#: src/validate.c:551 #, c-format msgid "checking trustworthiness of root certificate failed: %s\n" msgstr "" -#: src/validate.c:570 +#: src/validate.c:591 msgid "certificate chain too long\n" msgstr "" -#: src/validate.c:582 +#: src/validate.c:603 msgid "issuer certificate not found" msgstr "" -#: src/validate.c:608 +#: src/validate.c:629 msgid "certificate has a BAD signature" msgstr "" -#: src/validate.c:632 +#: src/validate.c:653 msgid "found another possible matching CA certificate - trying again" msgstr "" -#: src/validate.c:657 +#: src/validate.c:678 #, c-format msgid "certificate chain longer than allowed by CA (%d)" msgstr "" -#: src/validate.c:687 +#: src/validate.c:708 msgid "certificate is good\n" msgstr "" -#: src/validate.c:707 +#: src/validate.c:728 msgid "certificate chain is good\n" msgstr "" -#: src/validate.c:932 +#: src/validate.c:958 msgid "DSA requires the use of a 160 bit hash algorithm\n" msgstr "" -#: src/validate.c:1039 +#: src/validate.c:1065 msgid "no key usage specified - assuming all usages\n" msgstr "" -#: src/validate.c:1049 +#: src/validate.c:1075 #, c-format msgid "error getting key usage information: %s\n" msgstr "" -#: src/validate.c:1059 +#: src/validate.c:1085 msgid "certificate should have not been used for certification\n" msgstr "" -#: src/validate.c:1071 +#: src/validate.c:1097 msgid "certificate should have not been used for OCSP response signing\n" msgstr "" -#: src/validate.c:1080 +#: src/validate.c:1106 msgid "certificate should have not been used for CRL signing\n" msgstr "" -#: src/validate.c:1091 +#: src/validate.c:1117 msgid "certificate should have not been used for encryption\n" msgstr "" -#: src/validate.c:1093 +#: src/validate.c:1119 msgid "certificate should have not been used for signing\n" msgstr "" -#: src/validate.c:1094 +#: src/validate.c:1120 msgid "certificate is not usable for encryption\n" msgstr "" -#: src/validate.c:1095 +#: src/validate.c:1121 msgid "certificate is not usable for signing\n" msgstr "" Modified: trunk/src/certcache.c =================================================================== --- trunk/src/certcache.c 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/src/certcache.c 2008-10-21 14:50:28 UTC (rev 310) @@ -348,7 +348,7 @@ /* Load certificates from the directory DIRNAME. All certificates - matching the pattern "*.crt" are loaded. We assume that + matching the pattern "*.crt" or "*.der" are loaded. We assume that certificates are DER encoded and not PEM encapsulated. The cache should be in a locked state when calling this fucntion. */ static gpg_error_t @@ -379,8 +379,8 @@ if (*p == '.' || !*p) continue; /* Skip any hidden files and invalid entries. */ n = strlen (p); - if ( n < 5 || strcmp (p+n-4,".crt") ) - continue; /* Not the desired "*.crt" pattern. */ + if ( n < 5 || (strcmp (p+n-4,".crt") && strcmp (p+n-4,".der"))) + continue; /* Not the desired "*.crt" or "*.der" pattern. */ xfree (fname); fname = make_filename (dirname, p, NULL); Modified: trunk/src/crlcache.c =================================================================== --- trunk/src/crlcache.c 2008-09-30 14:41:40 UTC (rev 309) +++ trunk/src/crlcache.c 2008-10-21 14:50:28 UTC (rev 310) @@ -49,7 +49,10 @@ 1.3. CRL cache record - Field 1: Constant "c" or "i" + Field 1: Constant "c", "u" or "i". + A "c" or "u" indicate a valid cache entry, however + "u" requires that a user root certificate check needs + to be done. An "i" indicates an invalid Cache entry which should not be used but still exists so that it can be updated at NEXT_UPDATE. @@ -60,10 +63,11 @@ Field 5: 15 character ISO timestamp with THIS_UPDATE. Field 6: 15 character ISO timestamp with NEXT_UPDATE. Field 7: Hexadecimal encoded MD-5 hash of the DB file to detect - accidential modified (i.e.deleted and created) cache files. + accidental modified (i.e. deleted and created) cache files. Field 8: optional CRL number as a hex string. Field 9: AuthorityKeyID.issuer, each Name separated by 0x01 Field 10: AuthorityKeyID.serial + Field 11: Hex fingerprint of trust anchor if field 1 is 'u'. 2. Layout of the standard CRL Cache DB file: @@ -71,12 +75,13 @@ n bytes Serialnumber (binary) used as key thus there is no need to store the length explicitly with DB2. - 1 byte Reason for revocation (currently the KSBA reason flags are used) + 1 byte Reason for revocation + (currently the KSBA reason flags are used) 15 bytes ISO date of revocation (e.g. 19980815T142000) Note that there is no terminating 0 stored. The filename used is the hexadecimal (using uppercase letters) - SHA-1 hash value of the issuer DN prefix with a "crl-" and + SHA-1 hash value of the issuer DN prefixed with a "crl-" and suffixed with a ".db". Thus the length of the filename is 47. @@ -108,6 +113,7 @@ #include "crlfetch.h" #include "misc.h" #include "cdb.h" +#include "estream-printf.h" /* Change this whenever the format changes */ #define DBDIR_D (opt.system_daemon? "crls.d" : "dirmngr-cache.d") @@ -139,6 +145,8 @@ char *issuer_hash; /* Ditto. */ char *dbfile_hash; /* MD5 sum of the cache file, points into RELEASE_PTR.*/ int invalid; /* Can't use this CRL. */ + int user_trust_req; /* User supplied root certificate required. */ + char *check_trust_anchor; /* Malloced fingerprint. */ ksba_isotime_t this_update; ksba_isotime_t next_update; ksba_isotime_t last_refresh; /* Use for the force_crl_refresh feature. */ @@ -290,7 +298,7 @@ removed, the function will read the last line of a file, even if that is not terminated by a LF. */ static char * -next_line_from_file (FILE *fp) +next_line_from_file (FILE *fp, gpg_error_t *r_err) { char buf[300]; char *largebuf = NULL; @@ -298,7 +306,9 @@ size_t len = 0; unsigned char *p; int c; + char *tmpbuf; + *r_err = 0; p = buf; buflen = sizeof buf - 1; while ((c=getc (fp)) != EOF && c != '\n') @@ -308,13 +318,25 @@ if (!largebuf) { buflen += 1024; - largebuf = xmalloc ( buflen + 1 ); + largebuf = xtrymalloc ( buflen + 1 ); + if (!largebuf) + { + *r_err = gpg_error_from_syserror (); + return NULL; + } memcpy (largebuf, buf, len); } else { buflen += 1024; - largebuf = xrealloc (largebuf, buflen + 1); + tmpbuf = xtryrealloc (largebuf, buflen + 1); + if (!tmpbuf) + { + *r_err = gpg_error_from_syserror (); + xfree (largebuf); + return NULL; + } + largebuf = tmpbuf; } p = largebuf; } @@ -325,9 +347,15 @@ p[len] = 0; if (largebuf) - return xrealloc (largebuf, len+1); + tmpbuf = xtryrealloc (largebuf, len+1); else - return xstrdup (buf); + tmpbuf = xtrystrdup (buf); + if (!tmpbuf) + { + *r_err = gpg_error_from_syserror (); + xfree (largebuf); + } + return tmpbuf; } @@ -346,6 +374,7 @@ log_error (_("error closing cache file: %s\n"), strerror(errno)); } xfree (entry->release_ptr); + xfree (entry->check_trust_anchor); xfree (entry); } } @@ -430,11 +459,12 @@ int cleanup_on_mismatch) { char *line; + gpg_error_t lineerr = 0; FILE *fp = *fpadr; int created = 0; retry: - while ((line = next_line_from_file (fp))) + while ((line = next_line_from_file (fp, &lineerr))) { ++*lineno; if (*line == 'v' && line[1] == ':') @@ -447,6 +477,8 @@ } xfree (line); } + if (lineerr) + return lineerr; if (strtol (line+2, NULL, 10) != DBDIRVERSION) { @@ -485,15 +517,20 @@ static gpg_error_t open_dir (crl_cache_t *r_cache) { - crl_cache_t cache = xcalloc (1, sizeof *cache); + crl_cache_t cache; char *fname; char *line = NULL; + gpg_error_t lineerr = 0; FILE *fp; crl_cache_entry_t entry, *entrytail; unsigned int lineno; gpg_error_t err = 0; int anyerr = 0; + cache = xtrycalloc (1, sizeof *cache); + if (!cache) + return gpg_error_from_syserror (); + fname = make_filename (opt.homedir_cache, DBDIR_D, DBDIRFILE, NULL); lineno = 0; @@ -513,15 +550,20 @@ cache->entries = NULL; entrytail = &cache->entries; xfree (line); - while ((line = next_line_from_file (fp))) + while ((line = next_line_from_file (fp, &lineerr))) { int fieldno; char *p, *endp; lineno++; - if ( *line == 'c' || *line == 'i' ) + if ( *line == 'c' || *line == 'u' || *line == 'i' ) { - entry = xcalloc (1, sizeof *entry); + entry = xtrycalloc (1, sizeof *entry); + if (!entry) + { + err = gpg_error_from_syserror (); + goto leave; + } entry->lineno = lineno; entry->release_ptr = line; if (*line == 'i') @@ -530,6 +572,9 @@ if (entry->invalid < 1) entry->invalid = 1; } + else if (*line == 'u') + entry->user_trust_req = 1; + for (fieldno=1, p = line; p; p = endp, fieldno++) { endp = strchr (p, ':'); @@ -554,6 +599,10 @@ if (*p) entry->authority_serialno = unpercent_string (p); break; + case 11: + if (*p) + entry->check_trust_anchor = xtrystrdup (p); + break; default: if (*p) log_info (_("extra field detected in crl record of " @@ -594,6 +643,12 @@ if (line) xfree (line); } + if (lineerr) + { + err = lineerr; + log_error (_("error reading `%s': %s\n"), fname, gpg_strerror (err)); + goto leave; + } if (ferror (fp)) { log_error (_("error reading `%s': %s\n"), fname, strerror (errno)); @@ -673,6 +728,8 @@ { if (e->invalid) fprintf (fp, "i%d", e->invalid); + else if (e->user_trust_req) + putc ('u', fp); else putc ('c', fp); putc (':', fp); @@ -696,6 +753,9 @@ putc (':', fp); if (e->authority_serialno) fputs (e->authority_serialno, fp); + putc (':', fp); + if (e->check_trust_anchor && e->user_trust_req) + fputs (e->check_trust_anchor, fp); putc ('\n', fp); } @@ -707,6 +767,7 @@ char *fname = NULL; char *tmpfname = NULL; char *line = NULL; + gpg_error_t lineerr = 0; FILE *fp, *fpout = NULL; crl_cache_entry_t e; unsigned int lineno; @@ -751,9 +812,15 @@ nodename = utsbuf.nodename; #endif - tmpbuf = xmalloc (strlen (nodename) + 100); - sprintf (tmpbuf, "DIR-tmp-%s-%u-%p.txt.tmp", - nodename, (unsigned int)getpid (), tmpbuf); + estream_asprintf (&tmpbuf, "DIR-tmp-%s-%u-%p.txt.tmp", + nodename, (unsigned int)getpid (), &tmpbuf); + if (!tmpbuf) + { + err = gpg_error_from_errno (errno); + log_error (_("failed to create temporary cache dir file `%s': %s\n"), + tmpfname, strerror (errno)); + goto leave; + } for (p=tmpbuf; *p; p++) if (*p == '/') *p = '.'; @@ -769,10 +836,10 @@ goto leave; } - while ((line = next_line_from_file (fp))) + while ((line = next_line_from_file (fp, &lineerr))) { lineno++; - if (*line == 'c' || *line == 'i') + if (*line == 'c' || *line == 'u' || *line == 'i') { /* Extract the issuer hash field. */ char *fieldp, *endp; @@ -824,7 +891,7 @@ xfree (line); } - if (!ferror (fp) && !ferror (fpout)) + if (!ferror (fp) && !ferror (fpout) && !lineerr) { /* Write out the remaining entries. */ for (e= cache->entries; e; e = e->next) @@ -835,7 +902,12 @@ e->mark = 0; } } - + if (lineerr) + { + err = lineerr; + log_error (_("error reading `%s': %s\n"), fname, gpg_strerror (err)); + goto leave; + } if (ferror (fp)) { err = gpg_error_from_errno (errno); @@ -1139,7 +1211,7 @@ void crl_cache_init(void) { - crl_cache_t cache; + crl_cache_t cache = NULL; gpg_error_t err; if (current_cache) @@ -1302,6 +1374,28 @@ retval = CRL_CACHE_DONTKNOW; } + + if (entry->user_trust_req + && (retval == CRL_CACHE_VALID || retval == CRL_CACHE_INVALID)) + { + if (!entry->check_trust_anchor) + { + log_error ("inconsistent data on user trust check\n"); + retval = CRL_CACHE_CANTUSE; + } + else if (get_istrusted_from_client (ctrl, entry->check_trust_anchor)) + { + if (opt.verbose) + log_info ("no system trust and client does not trust either\n"); + retval = CRL_CACHE_CANTUSE; + } + else + { + /* Okay, the CRL is considered valid by the client and thus + we can return the result as is. */ + } + } + unlock_db_file (cache, entry); return retval; @@ -1327,7 +1421,11 @@ if (n < sizeof snbuf_buffer - 1) snbuf = snbuf_buffer; else - snbuf = xmalloc (n); + { + snbuf = xtrymalloc (n); + if (!snbuf) + return CRL_CACHE_DONTKNOW; + } n = unhexify (snbuf, serialno); @@ -1445,13 +1543,7 @@ return err; } if (DBG_HASHING) - { -#ifdef HAVE_GCRY_MD_DEBUG - gcry_md_debug (*md, "hash.cert"); -#else - gcry_md_start_debug (*md, "crl"); -#endif - } + gcry_md_debug (*md, "hash.cert"); ksba_crl_set_hash_function (crl, HASH_FNC, *md); return 0; @@ -1566,13 +1658,16 @@ corresponding data from the CRL. Note that these values might get set even if the CRL processing fails at a later step; thus the caller should free *R_ISSUER even if the function returns with an - error. + error. R_TRUST_ANCHOR is set on exit to NULL or a string with the + hexified fingerprint of the root certificate, if checking this + certificate for trustiness is required. */ static int crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, struct cdb_make *cdb, const char *fname, char **r_crlissuer, - ksba_isotime_t thisupdate, ksba_isotime_t nextupdate) + ksba_isotime_t thisupdate, ksba_isotime_t nextupdate, + char **r_trust_anchor) { gpg_error_t err; ksba_stop_reason_t stopreason; @@ -1585,6 +1680,7 @@ *r_crlissuer = NULL; *thisupdate = *nextupdate = 0; + *r_trust_anchor = NULL; /* Start of the KSBA parser loop. */ do @@ -1745,8 +1841,9 @@ } md = NULL; - err = validate_cert_chain (ctrl, crlissuer_cert, - NULL, VALIDATE_MODE_CRL_RECURSIVE); + err = validate_cert_chain (ctrl, crlissuer_cert, NULL, + VALIDATE_MODE_CRL_RECURSIVE, + r_trust_anchor); if (err) { log_error (_("error checking validity of CRL " @@ -1826,15 +1923,18 @@ length += strlen (p?p:s) + 1; xfree (p); } - string = xmalloc (length+1); - *string = 0; - for (idx=0; (s = ksba_name_enum (name, idx)); idx++) + string = xtrymalloc (length+1); + if (string) { - char *p = ksba_name_get_uri (name, idx); - if (*string) - strcat (string, "\x01"); - strcat (string, p?p:s); - xfree (p); + *string = 0; + for (idx=0; (s = ksba_name_enum (name, idx)); idx++) + { + char *p = ksba_name_get_uri (name, idx); + if (*string) + strcat (string, "\x01"); + strcat (string, p?p:s); + xfree (p); + } } ksba_name_release (name); return string; @@ -1866,8 +1966,8 @@ int idx; const char *oid; int critical; + char *trust_anchor = NULL; - /* FIXME: We should acquire a mutex for the URL, so that we don't simultaneously enter the same CRL twice. However this needs to be interweaved with the checking function.*/ @@ -1905,9 +2005,13 @@ nodename = utsbuf.nodename; #endif - tmpfname = xmalloc (strlen (nodename) + 100); - sprintf (tmpfname, "crl-tmp-%s-%u-%p.db.tmp", - nodename, (unsigned int)getpid (), tmpfname); + estream_asprintf (&tmpfname, "crl-tmp-%s-%u-%p.db.tmp", + nodename, (unsigned int)getpid (), &tmpfname); + if (!tmpfname) + { + err = gpg_error_from_syserror (); + goto leave; + } for (p=tmpfname; *p; p++) if (*p == '/') *p = '.'; @@ -1917,8 +2021,9 @@ log_info (_("removed stale temporary cache file `%s'\n"), fname); else if (errno != ENOENT) { + err = gpg_error_from_syserror (); log_error (_("problem removing stale temporary cache file `%s': %s\n"), From cvs at cvs.gnupg.org Tue Oct 21 17:03:52 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 21 Oct 2008 17:03:52 +0200 Subject: [svn] GnuPG - r4857 - trunk/sm Message-ID: Author: wk Date: 2008-10-21 17:03:51 +0200 (Tue, 21 Oct 2008) New Revision: 4857 Modified: trunk/sm/ChangeLog trunk/sm/call-agent.c trunk/sm/call-dirmngr.c trunk/sm/certchain.c trunk/sm/gpgsm.h trunk/sm/keylist.c Log: Help dirmngr to use supplied trust anchors. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2008-10-21 13:53:08 UTC (rev 4856) +++ trunk/sm/ChangeLog 2008-10-21 15:03:51 UTC (rev 4857) @@ -1,3 +1,12 @@ +2008-10-21 Werner Koch + + * call-dirmngr.c (inq_certificate_parm_s): Add field CTRL. + (gpgsm_dirmngr_isvalid): Supply a value for that field. + (inq_certificate): Add inquiry ISTRUSTED. + + * call-agent.c (gpgsm_agent_istrusted): Add new optional arg + HEXFPR. Changed all callers. + 2008-10-20 Werner Koch * keydb.c (keydb_locate_writable): Mark unused arg. Modified: trunk/sm/call-agent.c =================================================================== --- trunk/sm/call-agent.c 2008-10-21 13:53:08 UTC (rev 4856) +++ trunk/sm/call-agent.c 2008-10-21 15:03:51 UTC (rev 4857) @@ -560,31 +560,45 @@ /* Ask the agent whether the certificate is in the list of trusted - keys. ROOTCA_FLAGS is guaranteed to be cleared on error. */ + keys. The certificate is either specified by the CERT object or by + the fingerprint HEXFPR. ROOTCA_FLAGS is guaranteed to be cleared + on error. */ int -gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, +gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr, struct rootca_flags_s *rootca_flags) { int rc; - char *fpr; char line[ASSUAN_LINELENGTH]; memset (rootca_flags, 0, sizeof *rootca_flags); + if (cert && hexfpr) + return gpg_error (GPG_ERR_INV_ARG); + rc = start_agent (ctrl); if (rc) return rc; - fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); - if (!fpr) + if (hexfpr) { - log_error ("error getting the fingerprint\n"); - return gpg_error (GPG_ERR_GENERAL); + snprintf (line, DIM(line)-1, "ISTRUSTED %s", hexfpr); + line[DIM(line)-1] = 0; } + else + { + char *fpr; - snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr); - line[DIM(line)-1] = 0; - xfree (fpr); + fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); + if (!fpr) + { + log_error ("error getting the fingerprint\n"); + return gpg_error (GPG_ERR_GENERAL); + } + + snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr); + line[DIM(line)-1] = 0; + xfree (fpr); + } rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, istrusted_status_cb, rootca_flags); Modified: trunk/sm/call-dirmngr.c =================================================================== --- trunk/sm/call-dirmngr.c 2008-10-21 13:53:08 UTC (rev 4856) +++ trunk/sm/call-dirmngr.c 2008-10-21 15:03:51 UTC (rev 4857) @@ -55,6 +55,7 @@ static int force_pipe_server = 0; struct inq_certificate_parm_s { + ctrl_t ctrl; assuan_context_t ctx; ksba_cert_t cert; ksba_cert_t issuer_cert; @@ -408,6 +409,33 @@ line += 14; issuer_mode = 1; } + else if (!strncmp (line, "ISTRUSTED", 9) && (line[9]==' ' || !line[9])) + { + /* The server is asking us whether the certificate is a trusted + root certificate. */ + const char *s; + size_t n; + char fpr[41]; + struct rootca_flags_s rootca_flags; + + line += 9; + while (*line == ' ') + line++; + + for (s=line,n=0; hexdigitp (s); s++, n++) + ; + if (*s || n != 40) + return gpg_error (GPG_ERR_ASS_PARAMETER); + for (s=line, n=0; n < 40; s++, n++) + fpr[n] = (*s >= 'a')? (*s & 0xdf): *s; + fpr[n] = 0; + + if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags)) + rc = assuan_send_data (parm->ctx, "1", 1); + else + rc = 0; + return rc; + } else { log_error ("unsupported inquiry `%s'\n", line); @@ -555,6 +583,7 @@ } parm.ctx = dirmngr_ctx; + parm.ctrl = ctrl; parm.cert = cert; parm.issuer_cert = issuer_cert; Modified: trunk/sm/certchain.c =================================================================== --- trunk/sm/certchain.c 2008-10-21 13:53:08 UTC (rev 4856) +++ trunk/sm/certchain.c 2008-10-21 15:03:51 UTC (rev 4857) @@ -1284,7 +1284,7 @@ We used to do this only later but changed it to call the check right here so that we can access special flags associated with that specific root certificate. */ - istrusted_rc = gpgsm_agent_istrusted (ctrl, subject_cert, + istrusted_rc = gpgsm_agent_istrusted (ctrl, subject_cert, NULL, rootca_flags); audit_log_cert (ctrl->audit, AUDIT_ROOT_TRUSTED, subject_cert, istrusted_rc); @@ -1565,7 +1565,7 @@ performance reasons. */ if (is_root) { - istrusted_rc = gpgsm_agent_istrusted (ctrl, issuer_cert, + istrusted_rc = gpgsm_agent_istrusted (ctrl, issuer_cert, NULL, rootca_flags); if (!istrusted_rc && rootca_flags->relax) { Modified: trunk/sm/gpgsm.h =================================================================== --- trunk/sm/gpgsm.h 2008-10-21 13:53:08 UTC (rev 4856) +++ trunk/sm/gpgsm.h 2008-10-21 15:03:51 UTC (rev 4857) @@ -386,7 +386,7 @@ ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey); int gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip, ksba_sexp_t *r_pubkey); -int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, +int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr, struct rootca_flags_s *rootca_flags); int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip); int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert); Modified: trunk/sm/keylist.c =================================================================== --- trunk/sm/keylist.c 2008-10-21 13:53:08 UTC (rev 4856) +++ trunk/sm/keylist.c 2008-10-21 15:03:51 UTC (rev 4857) @@ -429,7 +429,7 @@ { struct rootca_flags_s dummy_flags; - rc = gpgsm_agent_istrusted (ctrl, cert, &dummy_flags); + rc = gpgsm_agent_istrusted (ctrl, cert, NULL, &dummy_flags); if (!rc) *truststring = 'u'; /* Yes, we trust this one (ultimately). */ else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED) From cvs at cvs.gnupg.org Thu Oct 23 11:41:42 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 23 Oct 2008 11:41:42 +0200 Subject: [svn] GnuPG - r4858 - trunk/sm Message-ID: Author: wk Date: 2008-10-23 11:41:41 +0200 (Thu, 23 Oct 2008) New Revision: 4858 Modified: trunk/sm/ChangeLog trunk/sm/export.c trunk/sm/import.c Log: Try to start the agent before invoking the protect-tool. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2008-10-21 15:03:51 UTC (rev 4857) +++ trunk/sm/ChangeLog 2008-10-23 09:41:41 UTC (rev 4858) @@ -1,3 +1,9 @@ +2008-10-23 Werner Koch + + * import.c (popen_protect_tool): Add arg CTRL and assure that the + agent is running. Pass a value for CTRL from all caller. + * export.c (popen_protect_tool): Ditto. + 2008-10-21 Werner Koch * call-dirmngr.c (inq_certificate_parm_s): Add field CTRL. Modified: trunk/sm/export.c =================================================================== --- trunk/sm/export.c 2008-10-21 15:03:51 UTC (rev 4857) +++ trunk/sm/export.c 2008-10-23 09:41:41 UTC (rev 4858) @@ -571,7 +571,7 @@ static gpg_error_t -popen_protect_tool (const char *pgmname, +popen_protect_tool (ctrl_t ctrl, const char *pgmname, FILE *infile, FILE *outfile, FILE **statusfile, const char *prompt, const char *keygrip, pid_t *pid) @@ -579,6 +579,12 @@ const char *argv[20]; int i=0; + /* Make sure that the agent is running so that the protect tool is + able to ask for a passphrase. This has only an effect under W32 + where the agent is started on demand; sending a NOP does not harm + on other platforms. */ + gpgsm_agent_send_nop (ctrl); + argv[i++] = "--homedir"; argv[i++] = opt.homedir; argv[i++] = "--p12-export"; @@ -645,7 +651,8 @@ goto cleanup; } - err = popen_protect_tool (pgmname, infp, outfp, &fp, prompt, keygrip, &pid); + err = popen_protect_tool (ctrl, + pgmname, infp, outfp, &fp, prompt, keygrip, &pid); if (err) { pid = -1; Modified: trunk/sm/import.c =================================================================== --- trunk/sm/import.c 2008-10-21 15:03:51 UTC (rev 4857) +++ trunk/sm/import.c 2008-10-23 09:41:41 UTC (rev 4858) @@ -460,12 +460,18 @@ output to OUTFILE and the pid of the process in PID. Returns 0 on success or an error code. */ static gpg_error_t -popen_protect_tool (const char *pgmname, +popen_protect_tool (ctrl_t ctrl, const char *pgmname, FILE *infile, FILE *outfile, FILE **statusfile, pid_t *pid) { const char *argv[20]; int i=0; + /* Make sure that the agent is running so that the protect tool is + able to ask for a passphrase. This has only an effect under W32 + where the agent is started on demand; sending a NOP does not harm + on other platforms. */ + gpgsm_agent_send_nop (ctrl); + argv[i++] = "--homedir"; argv[i++] = opt.homedir; argv[i++] = "--p12-import"; @@ -551,7 +557,7 @@ goto cleanup; } - err = popen_protect_tool (pgmname, tmpfp, certfp, &fp, &pid); + err = popen_protect_tool (ctrl, pgmname, tmpfp, certfp, &fp, &pid); if (err) { pid = -1; From cvs at cvs.gnupg.org Thu Oct 23 12:51:31 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Thu, 23 Oct 2008 12:51:31 +0200 Subject: [svn] gpgme - r1340 - trunk/gpgme Message-ID: Author: marcus Date: 2008-10-23 12:51:31 +0200 (Thu, 23 Oct 2008) New Revision: 1340 Modified: trunk/gpgme/ChangeLog trunk/gpgme/rungpg.c Log: 2008-10-23 Marcus Brinkmann * rungpg.c (gpg_keylist_preprocess): Convert percent escaped string to C coded string. Modified: trunk/gpgme/ChangeLog =================================================================== --- trunk/gpgme/ChangeLog 2008-10-20 15:59:19 UTC (rev 1339) +++ trunk/gpgme/ChangeLog 2008-10-23 10:51:31 UTC (rev 1340) @@ -1,3 +1,8 @@ +2008-10-23 Marcus Brinkmann + + * rungpg.c (gpg_keylist_preprocess): Convert percent escaped + string to C coded string. + 2008-10-20 Werner Koch * Makefile.am (EXTRA_DIST): Add gpgme.h.in. Modified: trunk/gpgme/rungpg.c =================================================================== --- trunk/gpgme/rungpg.c 2008-10-20 15:59:19 UTC (rev 1339) +++ trunk/gpgme/rungpg.c 2008-10-23 10:51:31 UTC (rev 1340) @@ -1878,12 +1878,47 @@ HTTP Keyserver Protocol (draft). We want: - uid:o::::::::: + uid:o::::::::: */ - if (asprintf (r_line, "uid:o%s::::%s:%s:::%s:", - field[4], field[2], field[3], field[1]) < 0) - return gpg_error_from_errno (errno); + { + /* The user ID is percent escaped, but we want c-coded. + Because we have to replace each '%HL' by '\xHL', we need at + most 4/3 th the number of bytes. But because this + security software, we err on the good side and allocate + twice as much. */ + char *uid = malloc (2 * strlen (field[1]) + 1); + char *src; + char *dst; + + if (! uid) + return gpg_error_from_errno (errno); + src = field[1]; + dst = uid; + while (*src) + { + if (*src == '%') + { + *(dst++) = '\\'; + *(dst++) = 'x'; + src++; + /* Copy the next two bytes unconditionally. This is + what reduces the maximum number of needed bytes + from 2n+1 to (4/3)n+1, even for invalid strings. */ + if (*src) + *(dst++) = *(src++); + if (*src) + *(dst++) = *(src++); + } + else + *(dst++) = *(src++); + } + *dst = '\0'; + + if (asprintf (r_line, "uid:o%s::::%s:%s:::%s:", + field[4], field[2], field[3], uid) < 0) + return gpg_error_from_errno (errno); + } return 0; case RT_NONE: From cvs at cvs.gnupg.org Thu Oct 23 21:19:31 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 23 Oct 2008 21:19:31 +0200 Subject: [svn] GpgOL - r274 - in trunk: . po src Message-ID: Author: wk Date: 2008-10-23 21:19:31 +0200 (Thu, 23 Oct 2008) New Revision: 274 Modified: trunk/NEWS trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/mapihelp.cpp trunk/src/mapihelp.h trunk/src/message-events.cpp trunk/src/message.cpp trunk/src/mimeparser.c trunk/src/mimeparser.h Log: Fixed PGP clear sign message verification. Delete stale attachemnt when forwarding a message. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-17 19:04:00 UTC (rev 273) +++ trunk/src/ChangeLog 2008-10-23 19:19:31 UTC (rev 274) @@ -1,3 +1,17 @@ +2008-10-23 Werner Koch + + * mapihelp.cpp (mapi_delete_gpgol_body_attachment): New. + * message-events.cpp (OnWriteComplete): Remove a body attachment. + + * message.cpp (message_display_handler): Do not display PGP + clearsigned messages. + (message_display_handler): Do not update GpgOLStatus; it is not + used anyway. + (pgp_mime_from_clearsigned): Fix bogus trailing white space + removal code. Insert an empty line. + * mimeparser.c (mime_verify): Add arg MIMEHACK. + (message_verify): Use it. + 2008-10-17 Werner Koch * recipient-dialog.c (load_rsetbox): Remove superfluous check on Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-17 19:04:00 UTC (rev 273) +++ trunk/NEWS 2008-10-23 19:19:31 UTC (rev 274) @@ -3,7 +3,9 @@ * Fixed a regression in the last release with opaque signatures. + * Fixed PGP cleartext signature verification. + Noteworthy changes for version 0.10.15 (2008-08-06) =================================================== Modified: trunk/po/de.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/src/mapihelp.cpp =================================================================== --- trunk/src/mapihelp.cpp 2008-10-17 19:04:00 UTC (rev 273) +++ trunk/src/mapihelp.cpp 2008-10-23 19:19:31 UTC (rev 274) @@ -1482,6 +1482,7 @@ if ( PROP_TYPE (propval->ulPropTag) == PT_STRING8 ) { const char *s = propval->Value.lpszA; + if (!strncmp (s, "IPM.Note.GpgOL", 14) && (!s[14] || s[14] =='.')) { s += 14; @@ -2837,6 +2838,96 @@ } +/* Delete a possible body atatchment. Returns true if an atatchment + has been deleted. */ +int +mapi_delete_gpgol_body_attachment (LPMESSAGE message) +{ + HRESULT hr; + SizedSPropTagArray (1L, propAttNum) = { 1L, {PR_ATTACH_NUM} }; + LPMAPITABLE mapitable; + LPSRowSet mapirows; + unsigned int pos, n_attach; + ULONG moss_tag; + int found = 0; + + if (get_gpgolattachtype_tag (message, &moss_tag) ) + return 0; + + hr = message->GetAttachmentTable (0, &mapitable); + if (FAILED (hr)) + { + log_debug ("%s:%s: GetAttachmentTable failed: hr=%#lx", + SRCNAME, __func__, hr); + return 0; + } + + hr = HrQueryAllRows (mapitable, (LPSPropTagArray)&propAttNum, + NULL, NULL, 0, &mapirows); + if (FAILED (hr)) + { + log_debug ("%s:%s: HrQueryAllRows failed: hr=%#lx", + SRCNAME, __func__, hr); + mapitable->Release (); + return 0; + } + n_attach = mapirows->cRows > 0? mapirows->cRows : 0; + if (!n_attach) + { + FreeProws (mapirows); + mapitable->Release (); + return 0; /* No Attachments. */ + } + + for (pos=0; pos < n_attach; pos++) + { + LPATTACH att; + + if (mapirows->aRow[pos].cValues < 1) + { + log_error ("%s:%s: invalid row at pos %d", SRCNAME, __func__, pos); + continue; + } + if (mapirows->aRow[pos].lpProps[0].ulPropTag != PR_ATTACH_NUM) + { + log_error ("%s:%s: invalid prop at pos %d", SRCNAME, __func__, pos); + continue; + } + hr = message->OpenAttach (mapirows->aRow[pos].lpProps[0].Value.l, + NULL, MAPI_BEST_ACCESS, &att); + if (FAILED (hr)) + { + log_error ("%s:%s: can't open attachment %d (%ld): hr=%#lx", + SRCNAME, __func__, pos, + mapirows->aRow[pos].lpProps[0].Value.l, hr); + continue; + } + if (has_gpgol_body_name (att) + && get_gpgolattachtype (att, moss_tag) == ATTACHTYPE_FROMMOSS) + { + att->Release (); + hr = message->DeleteAttach (mapirows->aRow[pos].lpProps[0].Value.l, + 0, NULL, 0); + if (hr) + log_error ("%s:%s: DeleteAttach failed: hr=%#lx\n", + SRCNAME, __func__, hr); + else + { + log_debug ("%s:%s: body attachment deleted\n", + SRCNAME, __func__); + found = 1; + + } + break; + } + att->Release (); + } + FreeProws (mapirows); + mapitable->Release (); + return found; +} + + /* Copy the attachment ITEM of the message MESSAGE verbatim to the PR_BODY property. Returns 0 on success. This function does not call SaveChanges. */ Modified: trunk/src/mapihelp.h =================================================================== --- trunk/src/mapihelp.h 2008-10-17 19:04:00 UTC (rev 273) +++ trunk/src/mapihelp.h 2008-10-23 19:19:31 UTC (rev 274) @@ -159,6 +159,7 @@ char **r_body, size_t *r_nbytes, int *r_ishtml, int *r_protected); +int mapi_delete_gpgol_body_attachment (LPMESSAGE message); int mapi_attachment_to_body (LPMESSAGE message, mapi_attach_item_t *item); Modified: trunk/src/message-events.cpp =================================================================== --- trunk/src/message-events.cpp 2008-10-17 19:04:00 UTC (rev 273) +++ trunk/src/message-events.cpp 2008-10-23 19:19:31 UTC (rev 274) @@ -387,7 +387,14 @@ else if (!m_pExchExt->m_gpgEncrypt && m_pExchExt->m_gpgSign) rc = message_sign (msg, proto, hWnd); else - rc = 0; + { + /* In case this is a forward message which is not to be + signed or encrypted we need to remove a possible body + attachment. */ + if (mapi_delete_gpgol_body_attachment (msg)) + mapi_save_changes (msg, KEEP_OPEN_READWRITE); + rc = 0; + } if (rc) { Modified: trunk/src/message.cpp =================================================================== --- trunk/src/message.cpp 2008-10-17 19:04:00 UTC (rev 273) +++ trunk/src/message.cpp 2008-10-23 19:19:31 UTC (rev 274) @@ -154,28 +154,46 @@ LPMDB mdb = NULL; int ishtml, wasprotected = false; char *body; - + hr = eecb->GetObject (&mdb, (LPMAPIPROP *)&message); if (SUCCEEDED (hr)) { - err = mapi_get_gpgol_body_attachment (message, &body, NULL, - &ishtml, &wasprotected); - if (!err && body) + if (mapi_get_message_type (message) == MSGTYPE_GPGOL_CLEAR_SIGNED) { - put_outlook_property (eecb, "GpgOLStatus", - mapi_get_sig_status (message)); - - update_display (hwnd, eecb, wasprotected, ishtml, body); + /* We used to display the clearsigned data in the processed + form, that is without the PGP lines and without the dash + escaping. However, this poses the problem that the user + does not notice that he is viewing a mail which was + signed using a deprecated method and - far worse - it + might update the PR_BODY and thus all signature + information will get lost. Of course we could save the + body away first like we do it with encrypted mails, but + that is too much overhead and GpgOL will always be + required to show such a message, which contrdicts the + very reason of clearsigned messages. */ + log_debug ("%s:%s: skipping display update for ClearSigned\n", + SRCNAME, __func__); } else { - put_outlook_property (eecb, "GpgOLStatus", "?"); - update_display (hwnd, NULL, 0, 0, - _("[Crypto operation failed - " - "can't show the body of the message]")); + err = mapi_get_gpgol_body_attachment (message, &body, NULL, + &ishtml, &wasprotected); + if (!err && body) + { + /* put_outlook_property (eecb, "GpgOLStatus", */ + /* mapi_get_sig_status (message)); */ + + update_display (hwnd, eecb, wasprotected, ishtml, body); + } + else + { + /* put_outlook_property (eecb, "GpgOLStatus", "?"); */ + update_display (hwnd, NULL, 0, 0, + _("[Crypto operation failed - " + "can't show the body of the message]")); + } + xfree (body); } - xfree (body); - } else log_debug_w32 (hr, "%s:%s: error getting message", SRCNAME, __func__); @@ -307,7 +325,10 @@ /* Convert the clear signed message from INPUT into a PGP/MIME signed message and return it in a new allocated buffer. OUTPUTLEN received the valid length of that buffer; the buffer is guaranteed - to be Nul terminated. */ + to be Nul terminated. Note: Because we need to insert an empty + line to indicate the end of MIME headers, the signature won't + verify unless we tell the signature verification routine to skip + this first line. */ static char * pgp_mime_from_clearsigned (LPSTREAM input, size_t *outputlen) { @@ -332,7 +353,7 @@ "Content-Type: multipart/signed; boundary=\"%s\";\r\n" " protocol=\"application/pgp-signature\"\r\n" "\r\n" - "--%s\r\n", boundary, boundary); + "--%s\r\n\r\n", boundary, boundary); snprintf (sig_header, sizeof sig_header, "--%s\r\n" "Content-Type: application/pgp-signature\r\n" @@ -397,16 +418,19 @@ while (*p && *p != '\n') { if (*p == ' ' || *p == '\t' || *p == '\r') - mark = p; + { + if (!mark) + mark = dest; + } else mark = NULL; *dest++ = *p++; } if (mark) - *mark =0; /* Remove trailing white space. */ + dest = mark; if (*p == '\n') { - if (p[-1] == '\r') + if (p > p0 && p[-1] == '\r') *dest++ = '\r'; *dest++ = '\n'; } @@ -497,6 +521,7 @@ size_t inbuflen = 0; protocol_t protocol = PROTOCOL_UNKNOWN; int err; + int mimehack = 0; switch (msgtype) { @@ -560,6 +585,7 @@ if (!inbuf) return -1; protocol = PROTOCOL_OPENPGP; + mimehack = 1; /* Required for our made up PGP/MIME. */ } else if (msgtype == MSGTYPE_GPGOL_OPAQUE_SIGNED) { @@ -636,7 +662,7 @@ err = mime_verify_opaque (protocol, opaquestream, NULL, 0, message, hwnd, 0, 0); else - err = mime_verify (protocol, inbuf, inbuflen, message, hwnd, 0); + err = mime_verify (protocol, inbuf, inbuflen, message, hwnd, 0, mimehack); log_debug ("mime_verify%s returned %d", opaquestream? "_opaque":"", err); if (err && opt.enable_debug) { Modified: trunk/src/mimeparser.c =================================================================== --- trunk/src/mimeparser.c 2008-10-17 19:04:00 UTC (rev 273) +++ trunk/src/mimeparser.c 2008-10-23 19:19:31 UTC (rev 274) @@ -1168,9 +1168,12 @@ +/* FIXME: Needs documentation! + + MIMEHACK make the verification code ignore the first two bytes. */ int mime_verify (protocol_t protocol, const char *message, size_t messagelen, - LPMESSAGE mapi_message, HWND hwnd, int preview_mode) + LPMESSAGE mapi_message, HWND hwnd, int preview_mode, int mimehack) { gpg_error_t err = 0; mime_context_t ctx; @@ -1241,7 +1244,7 @@ /* Now actually verify the signature. */ if (!err && ctx->signed_data && signature) { - gpgme_data_seek (ctx->signed_data, 0, SEEK_SET); + gpgme_data_seek (ctx->signed_data, mimehack? 2:0, SEEK_SET); if ((err=engine_create_filter (&filter, NULL, NULL))) goto leave; Modified: trunk/src/mimeparser.h =================================================================== --- trunk/src/mimeparser.h 2008-10-17 19:04:00 UTC (rev 273) +++ trunk/src/mimeparser.h 2008-10-23 19:19:31 UTC (rev 274) @@ -30,7 +30,7 @@ int mime_verify (protocol_t protocol, const char *message, size_t messagelen, LPMESSAGE mapi_message, - HWND hwnd, int preview_mode); + HWND hwnd, int preview_mode, int mimehack); int mime_verify_opaque (protocol_t protocol, LPSTREAM instream, const char *inbuffer, size_t inbufferlen, LPMESSAGE mapi_message, HWND hwnd, int preview_mode, From cvs at cvs.gnupg.org Thu Oct 23 21:58:27 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 23 Oct 2008 21:58:27 +0200 Subject: [svn] GnuPG - r4859 - trunk/po Message-ID: Author: wk Date: 2008-10-23 21:58:20 +0200 (Thu, 23 Oct 2008) New Revision: 4859 Modified: trunk/po/be.po trunk/po/ca.po trunk/po/cs.po trunk/po/da.po trunk/po/de.po trunk/po/el.po trunk/po/eo.po trunk/po/es.po trunk/po/et.po trunk/po/fi.po trunk/po/fr.po trunk/po/gl.po trunk/po/hu.po trunk/po/id.po trunk/po/it.po trunk/po/ja.po trunk/po/nb.po trunk/po/pl.po trunk/po/pt.po trunk/po/pt_BR.po trunk/po/ro.po trunk/po/ru.po trunk/po/sk.po trunk/po/sv.po trunk/po/tr.po trunk/po/zh_CN.po trunk/po/zh_TW.po Log: auto po updates. Modified: trunk/po/be.po [not shown] Modified: trunk/po/ca.po [not shown] Modified: trunk/po/cs.po [not shown] Modified: trunk/po/da.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/el.po [not shown] Modified: trunk/po/eo.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/et.po [not shown] Modified: trunk/po/fi.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/gl.po [not shown] Modified: trunk/po/hu.po [not shown] Modified: trunk/po/id.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/ja.po [not shown] Modified: trunk/po/nb.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/pt_BR.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/ru.po [not shown] Modified: trunk/po/sk.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/tr.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/po/zh_TW.po [not shown] From cvs at cvs.gnupg.org Fri Oct 24 15:29:32 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 24 Oct 2008 15:29:32 +0200 Subject: [svn] GpgOL - r275 - in trunk: po src Message-ID: Author: wk Date: 2008-10-24 15:29:31 +0200 (Fri, 24 Oct 2008) New Revision: 275 Modified: trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/mimeparser.c Log: Add another CryptoEx hack. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-23 19:19:31 UTC (rev 274) +++ trunk/src/ChangeLog 2008-10-24 13:29:31 UTC (rev 275) @@ -1,3 +1,11 @@ +2008-10-24 Werner Koch + + * mimeparser.c (struct mime_context): Add flag MAY_BE_OPAQUE_SIGNED. + (t2body): Set that flag. + (is_cms_signed_data): New. + (mime_decrypt): Try to verify if the content is opaque signed + without proper MIME headers. + 2008-10-23 Werner Koch * mapihelp.cpp (mapi_delete_gpgol_body_attachment): New. @@ -45,7 +53,7 @@ 2008-10-15 Werner Koch - * engine-assuan.c (op_assuan_sign): Send the new --protocl option + * engine-assuan.c (op_assuan_sign): Send the new --protocol option to the server. 2008-09-30 Werner Koch Modified: trunk/po/de.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/src/mimeparser.c =================================================================== --- trunk/src/mimeparser.c 2008-10-23 19:19:31 UTC (rev 274) +++ trunk/src/mimeparser.c 2008-10-24 13:29:31 UTC (rev 275) @@ -115,6 +115,7 @@ int is_base64_encoded; /* Current part is base 64 encoded. */ int is_body; /* The current part belongs to the body. */ int is_opaque_signed; /* Flag indicating opaque signed S/MIME. */ + int may_be_opaque_signed;/* Hack, see code. */ protocol_t protocol; /* The detected crypto protocol. */ int part_counter; /* Counts the number of processed parts. */ @@ -221,6 +222,34 @@ } +/* Returns true if the BER encoded data in BUFFER is CMS signed data. + LENGTH gives the length of the buffer, for correct detection LENGTH + should be at least about 24 bytes. */ +static int +is_cms_signed_data (const char *buffer, size_t length) +{ + const char *p = buffer; + size_t n = length; + tlvinfo_t ti; + + if (parse_tlv (&p, &n, &ti)) + return 0; + if (!(ti.cls == MY_ASN_CLASS_UNIVERSAL && ti.tag == MY_ASN_TAG_SEQUENCE + && ti.is_cons) ) + return 0; + if (parse_tlv (&p, &n, &ti)) + return 0; + if (!(ti.cls == MY_ASN_CLASS_UNIVERSAL && ti.tag == MY_ASN_TAG_OBJECT_ID + && !ti.is_cons && ti.length) || ti.length > n) + return 0; + if (ti.length == 9 && !memcmp (p, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02", 9)) + return 1; + return 0; +} + + + + /* Start a new atatchment. With IS_BODY set, the attachment is actually the body part of the message which is treated in a special way. */ @@ -833,7 +862,7 @@ else /* Other type. */ { /* Check whether this attachment is an opaque signed S/MIME - part. We use a counter to later check that tehre is only one + part. We use a counter to later check that there is only one such part. */ if (!strcmp (ctmain, "application") && !strcmp (ctsub, "pkcs7-mime")) { @@ -841,6 +870,12 @@ "smime-type", 0); if (smtype && !strcmp (smtype, "signed-data")) ctx->is_opaque_signed++; + else + { + /* CryptoEx is notorious in setting wrong MIME header. + Mark that so we can test later if possible. */ + ctx->may_be_opaque_signed++; + } } if (!ctx->preview) @@ -1685,6 +1720,7 @@ mime_context_t decctx, ctx; engine_filter_t filter = NULL; int opaque_signed = 0; + int may_be_opaque_signed = 0; int last_part_counter = 0; unsigned int session_number; char *signature = NULL; @@ -1919,6 +1955,8 @@ symenc_close (ctx->body_saved.symenc); last_part_counter = ctx->part_counter; opaque_signed = (ctx->is_opaque_signed == 1); + if (!opaque_signed && ctx->may_be_opaque_signed == 1) + may_be_opaque_signed = 1; xfree (ctx); } if (decctx) @@ -1927,7 +1965,7 @@ xfree (decctx); } - if (!err && opaque_signed) + if (!err && (opaque_signed || may_be_opaque_signed)) { /* Handle an S/MIME opaque signed part. The decryption has written an attachment we are now going to verify and render @@ -1940,7 +1978,8 @@ table = mapi_create_attach_table (mapi_message, 0); if (!table) { - err = gpg_error (GPG_ERR_GENERAL); + if (opaque_signed) + err = gpg_error (GPG_ERR_GENERAL); goto leave_verify; } @@ -1951,30 +1990,44 @@ break; if (table[i].end_of_table) { - log_debug ("%s:%s: attachment for opaque signed S/MIME not found", - SRCNAME, __func__); - err = gpg_error (GPG_ERR_GENERAL); + if (opaque_signed) + { + log_debug ("%s:%s: " + "attachment for opaque signed S/MIME not found", + SRCNAME, __func__); + err = gpg_error (GPG_ERR_GENERAL); + } goto leave_verify; } plainbuffer = mapi_get_attach (mapi_message, 1, table+i, &plainbufferlen); if (!plainbuffer) { - err = gpg_error (GPG_ERR_GENERAL); + if (opaque_signed) + err = gpg_error (GPG_ERR_GENERAL); goto leave_verify; } - err = mime_verify_opaque (PROTOCOL_SMIME, NULL, - plainbuffer, plainbufferlen, - mapi_message, hwnd, 0, last_part_counter+1); + /* Now that we have the data, we can check whether this is an + S/MIME signature (without proper MIME headers). */ + if (may_be_opaque_signed + && is_cms_signed_data (plainbuffer, plainbufferlen)) + opaque_signed = 1; + + /* And check the signature. */ + if (opaque_signed) + { + err = mime_verify_opaque (PROTOCOL_SMIME, NULL, + plainbuffer, plainbufferlen, + mapi_message, hwnd, 0, + last_part_counter+1); + log_debug ("%s:%s: mime_verify_opaque returned %d", + SRCNAME, __func__, err); + if (sig_err) + *sig_err = err; + err = 0; + } - log_debug ("%s:%s: mime_verify_opaque returned %d", - SRCNAME, __func__, err); - if (sig_err) - *sig_err = err; - err = 0; - - leave_verify: xfree (plainbuffer); mapi_release_attach_table (table); From cvs at cvs.gnupg.org Fri Oct 24 16:07:15 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 24 Oct 2008 16:07:15 +0200 Subject: [svn] gpgme - r1341 - trunk/gpgme Message-ID: Author: wk Date: 2008-10-24 16:07:14 +0200 (Fri, 24 Oct 2008) New Revision: 1341 Modified: trunk/gpgme/ChangeLog trunk/gpgme/rungpg.c Log: Fix last change. Modified: trunk/gpgme/ChangeLog =================================================================== --- trunk/gpgme/ChangeLog 2008-10-23 10:51:31 UTC (rev 1340) +++ trunk/gpgme/ChangeLog 2008-10-24 14:07:14 UTC (rev 1341) @@ -1,3 +1,7 @@ +2008-10-24 Werner Koch + + * rungpg.c (gpg_keylist_preprocess): Escape backslashes too. + 2008-10-23 Marcus Brinkmann * rungpg.c (gpg_keylist_preprocess): Convert percent escaped Modified: trunk/gpgme/rungpg.c =================================================================== --- trunk/gpgme/rungpg.c 2008-10-23 10:51:31 UTC (rev 1340) +++ trunk/gpgme/rungpg.c 2008-10-24 14:07:14 UTC (rev 1341) @@ -1884,9 +1884,8 @@ { /* The user ID is percent escaped, but we want c-coded. Because we have to replace each '%HL' by '\xHL', we need at - most 4/3 th the number of bytes. But because this - security software, we err on the good side and allocate - twice as much. */ + most 4/3 th the number of bytes. But because we also need + to escape the backslashes we allocate twice as much. */ char *uid = malloc (2 * strlen (field[1]) + 1); char *src; char *dst; @@ -1902,14 +1901,17 @@ *(dst++) = '\\'; *(dst++) = 'x'; src++; - /* Copy the next two bytes unconditionally. This is - what reduces the maximum number of needed bytes - from 2n+1 to (4/3)n+1, even for invalid strings. */ + /* Copy the next two bytes unconditionally. */ if (*src) *(dst++) = *(src++); if (*src) *(dst++) = *(src++); } + else if (*src == '\\') + { + *dst++ = '\\'; + *dst++ = '\\'; + } else *(dst++) = *(src++); } From cvs at cvs.gnupg.org Fri Oct 24 19:01:31 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 24 Oct 2008 19:01:31 +0200 Subject: [svn] gcry - r1350 - in trunk: . cipher doc src tests Message-ID: Author: wk Date: 2008-10-24 19:01:30 +0200 (Fri, 24 Oct 2008) New Revision: 1350 Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/md.c trunk/cipher/rsa.c trunk/doc/gcrypt.texi trunk/src/ChangeLog trunk/src/fips.c trunk/src/g10lib.h trunk/src/global.c trunk/tests/ChangeLog trunk/tests/basic.c trunk/tests/benchmark.c Log: Do no restrtc usage of MD5 in fips mode. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/cipher/ChangeLog 2008-10-24 17:01:30 UTC (rev 1350) @@ -1,3 +1,9 @@ +2008-10-24 Werner Koch + + * md.c (digest_table): Allow MD5 in fips mode. + (md_register_default): Take special action for MD5. + (md_enable, gcry_md_hash_buffer): Ditto. + 2008-09-30 Werner Koch * rijndael.c (do_setkey): Properly align "t" and "tk". Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/src/ChangeLog 2008-10-24 17:01:30 UTC (rev 1350) @@ -1,3 +1,10 @@ +2008-10-24 Werner Koch + + * global.c (inactive_fips_mode): Move to fips.c. + (gcry_set_allocation_handler): Factor code out to ... + * fips.c (_gcry_inactivate_fips_mode): New. + (_gcry_is_fips_mode_inactive): New. + 2008-09-29 Werner Koch * gcrypt-module.h (GCRY_MODULE_ID_USER, GCRY_MODULE_ID_USER_LAST): Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/tests/ChangeLog 2008-10-24 17:01:30 UTC (rev 1350) @@ -1,3 +1,8 @@ +2008-10-24 Werner Koch + + * benchmark.c (md_bench): Do not test MD5 in fips mode. + * basic.c (check_digests, check_hmac): Ditto. + 2008-10-06 Werner Koch * cavs_driver.pl: New version from upstream. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/NEWS 2008-10-24 17:01:30 UTC (rev 1350) @@ -4,7 +4,9 @@ * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants. This functionality is in Libgcrypt since 1.3.0. + * MD5 may now be used in non-enforced fips mode. + Noteworthy changes in version 1.4.3 (2008-09-18) ------------------------------------------------ Modified: trunk/cipher/md.c =================================================================== --- trunk/cipher/md.c 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/cipher/md.c 2008-10-24 17:01:30 UTC (rev 1350) @@ -43,7 +43,7 @@ gcry_md_spec_t *digest; md_extra_spec_t *extraspec; unsigned int algorithm; - int fips_allowed; + int fips_allowed; } digest_table[] = { #if USE_CRC @@ -62,7 +62,7 @@ #endif #if USE_MD5 { &_gcry_digest_spec_md5, - &dummy_extra_spec, GCRY_MD_MD5 }, + &dummy_extra_spec, GCRY_MD_MD5, 1 }, #endif #if USE_RMD160 { &_gcry_digest_spec_rmd160, @@ -176,8 +176,14 @@ for (i = 0; !err && digest_table[i].digest; i++) { - if ( fips_mode () && !digest_table[i].fips_allowed ) - continue; + if ( fips_mode ()) + { + if (!digest_table[i].fips_allowed) + continue; + if (digest_table[i].algorithm == GCRY_MD_MD5 + && _gcry_enforced_fips_mode () ) + continue; /* Do not register in enforced fips mode. */ + } err = _gcry_module_add (&digests_registered, digest_table[i].algorithm, @@ -550,11 +556,23 @@ log_debug ("md_enable: algorithm %d not available\n", algorithm); err = GPG_ERR_DIGEST_ALGO; } - else + else digest = (gcry_md_spec_t *) module->spec; - if (! err) + + if (!err && algorithm == GCRY_MD_MD5 && fips_mode ()) { + _gcry_inactivate_fips_mode ("MD5 used"); + if (_gcry_enforced_fips_mode () ) + { + /* We should never get to here because we do not register + MD5 in enforced fips mode. But better throw an error. */ + err = GPG_ERR_DIGEST_ALGO; + } + } + + if (!err) + { size_t size = (sizeof (*entry) + digest->contextsize - sizeof (entry->context)); @@ -992,7 +1010,20 @@ /* For the others we do not have a fast function, so we use the normal functions. */ gcry_md_hd_t h; - gpg_err_code_t err = md_open (&h, algo, 0, 0); + gpg_err_code_t err; + + if (algo == GCRY_MD_MD5 && fips_mode ()) + { + _gcry_inactivate_fips_mode ("MD5 used"); + if (_gcry_enforced_fips_mode () ) + { + /* We should never get to here because we do not register + MD5 in enforced fips mode. */ + _gcry_fips_noreturn (); + } + } + + err = md_open (&h, algo, 0, 0); if (err) log_bug ("gcry_md_open failed for algo %d: %s", algo, gpg_strerror (gcry_error(err))); Modified: trunk/cipher/rsa.c =================================================================== --- trunk/cipher/rsa.c 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/cipher/rsa.c 2008-10-24 17:01:30 UTC (rev 1350) @@ -196,12 +196,12 @@ gcry_random_level_t random_level; if (fips_mode ()) - { - if (nbits < 1024) - return GPG_ERR_INV_VALUE; - if (transient_key) - return GPG_ERR_INV_VALUE; - } + { + if (nbits < 1024) + return GPG_ERR_INV_VALUE; + if (transient_key) + return GPG_ERR_INV_VALUE; + } /* The random quality depends on the transient_key flag. */ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM; Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/doc/gcrypt.texi 2008-10-24 17:01:30 UTC (rev 1350) @@ -5524,6 +5524,11 @@ it is used Libgcrypt disables FIPS mode unless Enforced FIPS mode is enabled, in which case Libgcrypt will enter the error state. + at item +The digest algorithm MD5 may not be used. If it is used Libgcrypt +disables FIPS mode unless Enforced FIPS mode is enabled, in which case +Libgcrypt will enter the error state. + @item In Enforced FIPS mode the command @code{GCRYCTL_DISABLE_SECMEM} is ignored. In standard FIPS mode it disables FIPS mode. @@ -5536,10 +5541,9 @@ @end itemize Note that when we speak about disabling FIPS mode, it merely means -that the fucntion @code{gcry_fips_mode_active} returns false; it does +that the function @code{gcry_fips_mode_active} returns false; it does not mean that any non FIPS algorithms are allowed. - @c ******************************************** @section FIPS Finite State Machine @@ -5688,6 +5692,25 @@ @end table @end float + at c ******************************************** + at section FIPS Miscellaneous Information + +Libgcrypt does not do any key management on itself; the application +needs to care about it. Keys which are passed to Libgcrypt should be +allocated in secure memory as available with the functions + at code{gcry_malloc_secure} and @code{gcry_calloc_secure}. By calling + at code{gcry_free} on this memory, the memory and thus the keys are +overwritten with zero bytes before releasing the memory. + +For use with the random number generator, Libgcrypt generates 3 +internal keys which are stored in the encryption contexts used by the +RNG. These keys are stored in secure memory for the lifetime of the +process. Application are required to use @code{GCRYCTL_TERM_SECMEM} +before process termination. This will zero out the entire secure +memory and thus also the encryption contexts with these keys. + + + @c ********************************************************** @c ************* Appendices (license etc.) **************** @c ********************************************************** Modified: trunk/src/fips.c =================================================================== --- trunk/src/fips.c 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/src/fips.c 2008-10-24 17:01:30 UTC (rev 1350) @@ -63,6 +63,11 @@ /* Flag to indicate that we are in the enforced FIPS mode. */ static int enforced_fips_mode; +/* If this flag is set, the application may no longer assume that the + process is running in FIPS mode. This flag is protected by the + FSM_LOCK. */ +static int inactive_fips_mode; + /* This is the lock we use to protect the FSM. */ static ath_mutex_t fsm_lock = ATH_MUTEX_INITIALIZER; @@ -259,7 +264,7 @@ { /* No locking is required becuase we have the requirement that this variable is only intialized once with no other threads - exiisting. */ + existing. */ return !no_fips_mode_required; } @@ -272,6 +277,54 @@ } +/* If we do not want to enforce the fips mode, we can set a flag so + that the application may check whether it is still in fips mode. + TEXT will be printed as part of a syslog message. This function + may only be be called if in fips mode. */ +void +_gcry_inactivate_fips_mode (const char *text) +{ + gcry_assert (_gcry_fips_mode ()); + + if (_gcry_enforced_fips_mode () ) + { + /* Get us into the error state. */ + fips_signal_error (text); + return; + } + + lock_fsm (); + if (!inactive_fips_mode) + { + inactive_fips_mode = 1; + unlock_fsm (); +#ifdef HAVE_SYSLOG + syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: " + "%s - FIPS mode inactivated", text); +#endif /*HAVE_SYSLOG*/ + } + else + unlock_fsm (); +} + + +/* Return the FIPS mode inactive flag. If it is true the FIPS mode is + not anymore active. */ +int +_gcry_is_fips_mode_inactive (void) +{ + int flag; + + if (!_gcry_fips_mode ()) + return 0; + lock_fsm (); + flag = inactive_fips_mode; + unlock_fsm (); + return flag; +} + + + static const char * state2str (enum module_states state) { Modified: trunk/src/g10lib.h =================================================================== --- trunk/src/g10lib.h 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/src/g10lib.h 2008-10-24 17:01:30 UTC (rev 1350) @@ -295,6 +295,10 @@ int _gcry_enforced_fips_mode (void); +void _gcry_inactivate_fips_mode (const char *text); +int _gcry_is_fips_mode_inactive (void); + + void _gcry_fips_signal_error (const char *srcfile, int srcline, const char *srcfunc, Modified: trunk/src/global.c =================================================================== --- trunk/src/global.c 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/src/global.c 2008-10-24 17:01:30 UTC (rev 1350) @@ -50,10 +50,6 @@ intialization code swicthed fips mode on. */ static int force_fips_mode; -/* If this flag is set, the application may no longer assume that the - process is running in FIPS mode. */ -static int inactive_fips_mode; - /* Controlled by global_init(). */ static int any_init_done; @@ -495,7 +491,9 @@ break; case GCRYCTL_FIPS_MODE_P: - if (fips_mode () && !inactive_fips_mode && !no_secure_memory) + if (fips_mode () + && !_gcry_is_fips_mode_inactive () + && !no_secure_memory) err = GPG_ERR_GENERAL; /* Used as TRUE value */ break; @@ -658,20 +656,10 @@ if (fips_mode ()) { - if (_gcry_enforced_fips_mode () ) - { - /* Get us into the error state. */ - fips_signal_error ("custom allocation handler used"); - return; - } /* We do not want to enforce the fips mode, but merely set a - flag so that the application may check wheter it is still in + flag so that the application may check whether it is still in fips mode. */ - inactive_fips_mode = 1; -#ifdef HAVE_SYSLOG - syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: " - "custom allocation handler used - FIPS mode disabled"); -#endif /*HAVE_SYSLOG*/ + _gcry_inactivate_fips_mode ("custom allocation handler"); } alloc_func = new_alloc_func; Modified: trunk/tests/basic.c =================================================================== --- trunk/tests/basic.c 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/tests/basic.c 2008-10-24 17:01:30 UTC (rev 1350) @@ -1316,7 +1316,8 @@ for (i = 0; algos[i].md; i++) { - if (gcry_md_test_algo (algos[i].md) && in_fips_mode) + if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5) + && in_fips_mode) { if (verbose) fprintf (stderr, " algorithm %d not available in fips mode\n", @@ -1685,7 +1686,8 @@ for (i = 0; algos[i].md; i++) { - if (gcry_md_test_algo (algos[i].md) && in_fips_mode) + if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5) + && in_fips_mode) { if (verbose) fprintf (stderr, " algorithm %d not available in fips mode\n", @@ -2117,6 +2119,7 @@ check_pubkey (); } + if (in_fips_mode && !selftest_only) { /* If we are in fips mode do some more tests. */ @@ -2170,5 +2173,8 @@ if (verbose) fprintf (stderr, "\nAll tests completed. Errors: %i\n", error_count); + if (in_fips_mode && !gcry_fips_mode_active ()) + fprintf (stderr, "FIPS mode is not anymore active\n"); + return error_count ? 1 : 0; } Modified: trunk/tests/benchmark.c =================================================================== --- trunk/tests/benchmark.c 2008-10-20 15:24:01 UTC (rev 1349) +++ trunk/tests/benchmark.c 2008-10-24 17:01:30 UTC (rev 1350) @@ -41,7 +41,10 @@ /* Number of cipher repetitions. */ static int cipher_repetitions; +/* Whether fips mode was active at startup. */ +static int in_fips_mode; + static const char sample_private_dsa_key_1024[] = "(private-key\n" " (dsa\n" @@ -373,7 +376,9 @@ if (!algoname) { for (i=1; i < 400; i++) - if ( !gcry_md_test_algo (i) ) + if (in_fips_mode && i == GCRY_MD_MD5) + ; /* Don't use MD5 in fips mode. */ + else if ( !gcry_md_test_algo (i) ) md_bench (gcry_md_algo_name (i)); return; } @@ -1055,7 +1060,9 @@ exit (1); } - if (!gcry_fips_mode_active ()) + if (gcry_fips_mode_active ()) + in_fips_mode = 1; + else gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (use_random_daemon) @@ -1135,6 +1142,10 @@ fprintf (stderr, PGM ": bad arguments\n"); return 1; } + + + if (in_fips_mode && !gcry_fips_mode_active ()) + fprintf (stderr, PGM ": FIPS mode is not anymore active\n"); return 0; } From cvs at cvs.gnupg.org Mon Oct 27 13:38:17 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 27 Oct 2008 13:38:17 +0100 Subject: [svn] GpgOL - r276 - in trunk: po src Message-ID: Author: wk Date: 2008-10-27 13:38:17 +0100 (Mon, 27 Oct 2008) New Revision: 276 Modified: trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/mapihelp.cpp Log: Use named property Internet Charset Body for old style PGP messages if available. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-24 13:29:31 UTC (rev 275) +++ trunk/src/ChangeLog 2008-10-27 12:38:17 UTC (rev 276) @@ -1,3 +1,8 @@ +2008-10-27 Werner Koch + + * mapihelp.cpp (get_internetcharsetbody_tag): New. + (mapi_get_body_as_stream): Try the new tag first. + 2008-10-24 Werner Koch * mimeparser.c (struct mime_context): Add flag MAY_BE_OPAQUE_SIGNED. Modified: trunk/po/de.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/src/mapihelp.cpp =================================================================== --- trunk/src/mapihelp.cpp 2008-10-24 13:29:31 UTC (rev 275) +++ trunk/src/mapihelp.cpp 2008-10-27 12:38:17 UTC (rev 276) @@ -223,6 +223,39 @@ } +/* Return the tag of the Internet Charset Body property which seems to + hold the PR_BODY as received and thus before charset + conversion. */ +int +get_internetcharsetbody_tag (LPMESSAGE message, ULONG *r_tag) +{ + HRESULT hr; + LPSPropTagArray proparr = NULL; + MAPINAMEID mnid, *pmnid; + /* {4E3A7680-B77A-11D0-9DA5-00C04FD65685} */ + GUID guid = {0x4E3A7680, 0xB77A, 0x11D0, {0x9D, 0xA5, 0x00, 0xC0, + 0x4F, 0xD6, 0x56, 0x85}}; + + memset (&mnid, 0, sizeof mnid); + mnid.lpguid = &guid; + mnid.ulKind = MNID_STRING; + mnid.Kind.lpwstrName = L"Internet Charset Body"; + pmnid = &mnid; + hr = message->GetIDsFromNames (1, &pmnid, 0, &proparr); + if (FAILED (hr) || !(proparr->aulPropTag[0] & 0xFFFF0000) ) + { + log_error ("%s:%s: can't get the Internet Charset Body property:" + " hr=%#lx\n", SRCNAME, __func__, hr); + return -1; + } + + if (!(proparr->aulPropTag[0] & 0xFFFF0000)) + return -1; + *r_tag = ((proparr->aulPropTag[0] & 0xFFFF0000) | PT_BINARY); + return 0; +} + + /* A Wrapper around the SaveChanges method. This function should be called indirect through the mapi_save_changes macro. Returns 0 on success. */ @@ -322,11 +355,26 @@ mapi_get_body_as_stream (LPMESSAGE message) { HRESULT hr; + ULONG tag; LPSTREAM stream; if (!message) return NULL; + if (!get_internetcharsetbody_tag (message, &tag) ) + { + /* The store knows about the Internet Charset Body property, + thus try to get the body from this property if it exists. */ + + hr = message->OpenProperty (tag, &IID_IStream, 0, 0, + (LPUNKNOWN*)&stream); + if (!hr) + return stream; + + log_debug ("%s:%s: OpenProperty tag=%lx failed: hr=%#lx", + SRCNAME, __func__, tag, hr); + } + /* We try to get it as an ASCII body. If this fails we would either need to implement some kind of stream filter to translated to utf-8 or read everyting into a memory buffer and [provide an From cvs at cvs.gnupg.org Mon Oct 27 16:44:26 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 27 Oct 2008 16:44:26 +0100 Subject: [svn] GpgOL - r277 - in trunk: . forms po src Message-ID: Author: wk Date: 2008-10-27 16:44:26 +0100 (Mon, 27 Oct 2008) New Revision: 277 Added: trunk/forms/gpgol-cs_de.cfg Modified: trunk/ChangeLog trunk/forms/Makefile.am trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/mapihelp.cpp trunk/src/olflange.cpp Log: Another cryptoex update. This time for inline encrypted messages. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-27 12:38:17 UTC (rev 276) +++ trunk/ChangeLog 2008-10-27 15:44:26 UTC (rev 277) @@ -1,3 +1,7 @@ +2008-10-27 Werner Koch + + * forms/gpgol-cs_de.cfg: New. + 2008-08-06 Werner Koch Release 0.10.15. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-27 12:38:17 UTC (rev 276) +++ trunk/src/ChangeLog 2008-10-27 15:44:26 UTC (rev 277) @@ -1,7 +1,11 @@ 2008-10-27 Werner Koch + * olflange.cpp (install_forms): Add gpgol-cs. + * mapihelp.cpp (get_internetcharsetbody_tag): New. (mapi_get_body_as_stream): Try the new tag first. + (get_msgcls_from_pgp_lines): Ditto. Remove the simple access + method. 2008-10-24 Werner Koch Modified: trunk/forms/Makefile.am =================================================================== --- trunk/forms/Makefile.am 2008-10-27 12:38:17 UTC (rev 276) +++ trunk/forms/Makefile.am 2008-10-27 15:44:26 UTC (rev 277) @@ -13,9 +13,8 @@ icons = encr-l.ico encr-s.ico sign-l.ico sign-s.ico -cfg_german = gpgol_de.cfg gpgol-ms_de.cfg +cfg_german = gpgol_de.cfg gpgol-ms_de.cfg gpgol-cs_de.cfg - dist_pkgdata_DATA = $(icons) $(cfg_german) Added: trunk/forms/gpgol-cs_de.cfg =================================================================== --- trunk/forms/gpgol-cs_de.cfg (rev 0) +++ trunk/forms/gpgol-cs_de.cfg 2008-10-27 15:44:26 UTC (rev 277) @@ -0,0 +1,35 @@ +[Description] +MessageClass=IPM.Note.GpgOL.ClearSigned +DesignerRuntimeGuid={0006F020-0000-0000-C000-000000000046} +CLSID={00061033-0000-0000-C000-000000000046} +DisplayName=Form for class IPM.Note.GpgOL.MultipartSigned +Category=Standard +Subcategory=Formular +Comment= +LargeIcon=sign-l.ico +SmallIcon=sign-s.ico +VersionMajor=1 +VersionMinor=0 +Locale=deu +Hidden=1 +Owner=Public Domain + +[Properties] + +[Verbs] +Verb1=1 + +[Verb.1] +DisplayName=?&ffnen +Code=0 +Flags=0 +Attribs=2 + +[Extensions] +Extensions1=1 + +[Extension.1] +Type=30 +NmidPropset={00020D0C-0000-0000-C000-000000000046} +NmidInteger=1 +Value=1011111111111111 Modified: trunk/po/de.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/src/mapihelp.cpp =================================================================== --- trunk/src/mapihelp.cpp 2008-10-27 12:38:17 UTC (rev 276) +++ trunk/src/mapihelp.cpp 2008-10-27 15:44:26 UTC (rev 277) @@ -499,7 +499,6 @@ get_msgcls_from_pgp_lines (LPMESSAGE message) { HRESULT hr; - LPSPropValue lpspvFEID = NULL; LPSTREAM stream; STATSTG statInfo; ULONG nread; @@ -507,103 +506,98 @@ char *body = NULL; char *p; char *msgcls = NULL; - - hr = HrGetOneProp ((LPMAPIPROP)message, PR_BODY, &lpspvFEID); - if (SUCCEEDED (hr)) /* Message is small enough to be retrieved directly. */ - { - switch ( PROP_TYPE (lpspvFEID->ulPropTag) ) - { - case PT_UNICODE: - body = wchar_to_utf8 (lpspvFEID->Value.lpszW); - if (!body) - log_debug ("%s: error converting to utf8\n", __func__); - break; - - case PT_STRING8: - body = xstrdup (lpspvFEID->Value.lpszA); - break; - - default: - log_debug ("%s: proptag=0x%08lx not supported\n", - __func__, lpspvFEID->ulPropTag); - break; - } - MAPIFreeBuffer (lpspvFEID); + ULONG tag; + int is_binary = 0; + + hr = 0; + if (!get_internetcharsetbody_tag (message, &tag) ) + { + hr = message->OpenProperty (tag, &IID_IStream, 0, 0, + (LPUNKNOWN*)&stream); + if (!hr) + is_binary = 1; } - else /* Message is large; use an IStream to read it. */ + if (hr) { - hr = message->OpenProperty (PR_BODY, &IID_IStream, 0, 0, + tag = PR_BODY; + hr = message->OpenProperty (tag, &IID_IStream, 0, 0, (LPUNKNOWN*)&stream); - if (hr) - { - log_debug ("%s:%s: OpenProperty failed: hr=%#lx", - SRCNAME, __func__, hr); - return NULL; - } + } + if (hr) + { + log_debug ("%s:%s: OpenProperty(%lx) failed: hr=%#lx", + SRCNAME, __func__, tag, hr); + return NULL; + } + + hr = stream->Stat (&statInfo, STATFLAG_NONAME); + if (hr) + { + log_debug ("%s:%s: Stat failed: hr=%#lx", SRCNAME, __func__, hr); + stream->Release (); + return NULL; + } + + /* We read only the first 1k to decide whether this is actually an + OpenPGP armored message . */ + nbytes = (size_t)statInfo.cbSize.QuadPart; + if (nbytes > 1024*2) + nbytes = 1024*2; + body = (char*)xmalloc (nbytes + 2); + hr = stream->Read (body, nbytes, &nread); + if (hr) + { + log_debug ("%s:%s: Read failed: hr=%#lx", SRCNAME, __func__, hr); + xfree (body); + stream->Release (); + return NULL; + } + body[nread] = 0; + body[nread+1] = 0; + if (nread != nbytes) + { + log_debug ("%s:%s: not enough bytes returned\n", SRCNAME, __func__); - hr = stream->Stat (&statInfo, STATFLAG_NONAME); - if (hr) + xfree (body); + stream->Release (); + return NULL; + } + stream->Release (); + + if (!is_binary) + { + char *tmp; + tmp = wchar_to_utf8 ((wchar_t*)body); + if (!tmp) + log_debug ("%s: error converting to utf8\n", __func__); + else { - log_debug ("%s:%s: Stat failed: hr=%#lx", SRCNAME, __func__, hr); - stream->Release (); - return NULL; - } - - /* We read only the first 1k to decide whether this is actually - an OpenPGP armored message . */ - nbytes = (size_t)statInfo.cbSize.QuadPart; - if (nbytes > 1024*2) - nbytes = 1024*2; - body = (char*)xmalloc (nbytes + 2); - hr = stream->Read (body, nbytes, &nread); - if (hr) - { - log_debug ("%s:%s: Read failed: hr=%#lx", SRCNAME, __func__, hr); xfree (body); - stream->Release (); - return NULL; + body = tmp; } - body[nread] = 0; - body[nread+1] = 0; - if (nread != statInfo.cbSize.QuadPart) - { - log_debug ("%s:%s: not enough bytes returned\n", SRCNAME, __func__); - xfree (body); - stream->Release (); - return NULL; - } - stream->Release (); - - { - char *tmp; - tmp = wchar_to_utf8 ((wchar_t*)body); - if (!tmp) - log_debug ("%s: error converting to utf8\n", __func__); - else - { - xfree (body); - body = tmp; - } - } } - /* The first ~1k of the body of the message is now availble in the + + /* The first ~1k of the body of the message is now available in the utf-8 string BODY. Walk over it to figure out its type. */ for (p=body; p && *p; p = (p=strchr (p+1, '\n')? (p+1):NULL)) - if (!strncmp (p, "-----BEGIN PGP ", 15)) - { - if (!strncmp (p+15, "SIGNED MESSAGE-----", 19) - && trailing_ws_p (p+15+19)) - msgcls = xstrdup ("IPM.Note.GpgOL.ClearSigned"); - else if (!strncmp (p+15, "MESSAGE-----", 12) - && trailing_ws_p (p+15+12)) - msgcls = xstrdup ("IPM.Note.GpgOL.PGPMessage"); - break; - } - else if (!trailing_ws_p (p)) - break; /* Text before the PGP message - don't take this as a - proper message. */ - + { + if (!strncmp (p, "-----BEGIN PGP ", 15)) + { + if (!strncmp (p+15, "SIGNED MESSAGE-----", 19) + && trailing_ws_p (p+15+19)) + msgcls = xstrdup ("IPM.Note.GpgOL.ClearSigned"); + else if (!strncmp (p+15, "MESSAGE-----", 12) + && trailing_ws_p (p+15+12)) + msgcls = xstrdup ("IPM.Note.GpgOL.PGPMessage"); + break; + } + else if (!trailing_ws_p (p)) + break; /* Text before the PGP message - don't take this as a + proper message. */ + } + + xfree (body); return msgcls; } Modified: trunk/src/olflange.cpp =================================================================== --- trunk/src/olflange.cpp 2008-10-27 12:38:17 UTC (rev 276) +++ trunk/src/olflange.cpp 2008-10-27 15:44:26 UTC (rev 277) @@ -655,6 +655,7 @@ { "gpgol", "gpgol-ms", + "gpgol-cs", NULL, }; int formidx; From cvs at cvs.gnupg.org Mon Oct 27 18:16:07 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 27 Oct 2008 18:16:07 +0100 Subject: [svn] GpgOL - r278 - trunk/po Message-ID: Author: wk Date: 2008-10-27 18:16:06 +0100 (Mon, 27 Oct 2008) New Revision: 278 Modified: trunk/po/de.po Log: Changed two translations. Modified: trunk/po/de.po [not shown] From cvs at cvs.gnupg.org Mon Oct 27 19:20:23 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 27 Oct 2008 19:20:23 +0100 Subject: [svn] GpgOL - r279 - in trunk: po src Message-ID: Author: wk Date: 2008-10-27 19:20:23 +0100 (Mon, 27 Oct 2008) New Revision: 279 Modified: trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/message.cpp trunk/src/mimemaker.c Log: Better checks for empty messages. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-27 17:16:06 UTC (rev 278) +++ trunk/src/ChangeLog 2008-10-27 18:20:23 UTC (rev 279) @@ -1,5 +1,14 @@ 2008-10-27 Werner Koch + * mimemaker.c (mime_encrypt): Check for an empty message before + creating the filter. Return a suitable error code. + (do_mime_sign): Ditto. + (mime_sign_encrypt): Ditto. + (mime_sign): Return an error code. + * message.cpp (sign_encrypt): Show an error message for empty + messages. + (message_sign): Ditto. + * olflange.cpp (install_forms): Add gpgol-cs. * mapihelp.cpp (get_internetcharsetbody_tag): New. Modified: trunk/po/de.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/src/message.cpp =================================================================== --- trunk/src/message.cpp 2008-10-27 17:16:06 UTC (rev 278) +++ trunk/src/message.cpp 2008-10-27 18:20:23 UTC (rev 279) @@ -1236,8 +1236,14 @@ err = mime_sign_encrypt (message, hwnd, protocol, recipients); else err = mime_encrypt (message, hwnd, protocol, recipients); - if (err && opt.enable_debug) + if (gpg_err_code (err) == GPG_ERR_NO_DATA) { + MessageBox (hwnd, _("Encrypting or signing an empty message " + "is not possible."), + "GpgOL", MB_ICONERROR|MB_OK); + } + else if (err && opt.enable_debug) + { char buf[200]; snprintf (buf, sizeof buf, @@ -1257,8 +1263,14 @@ gpg_error_t err; err = mime_sign (message, hwnd, protocol); - if (err && opt.enable_debug) + if (gpg_err_code (err) == GPG_ERR_NO_DATA) { + MessageBox (hwnd, _("Encrypting or signing an empty message " + "is not possible."), + "GpgOL", MB_ICONERROR|MB_OK); + } + else if (err && opt.enable_debug) + { char buf[200]; snprintf (buf, sizeof buf, Modified: trunk/src/mimemaker.c =================================================================== --- trunk/src/mimemaker.c 2008-10-27 17:16:06 UTC (rev 278) +++ trunk/src/mimemaker.c 2008-10-27 18:20:23 UTC (rev 279) @@ -1127,7 +1127,7 @@ { int result = -1; int rc; - LPATTACH attach; + LPATTACH attach = NULL; struct sink_s sinkmem; sink_t sink = &sinkmem; struct sink_s hashsinkmem; @@ -1138,7 +1138,7 @@ char *body = NULL; int n_att_usable; char top_header[BOUNDARYSIZE+200]; - engine_filter_t filter; + engine_filter_t filter = NULL; struct databuf_s sigbuffer; *r_att_table = NULL; @@ -1159,6 +1159,22 @@ return -1; } + /* Get the attachment info and the body. */ + body = mapi_get_body (message, NULL); + if (body && !*body) + { + xfree (body); + body = NULL; + } + att_table = mapi_create_attach_table (message, 0); + n_att_usable = count_usable_attachments (att_table); + if (!n_att_usable && !body) + { + log_debug ("%s:%s: can't sign an empty message\n", SRCNAME, __func__); + result = gpg_error (GPG_ERR_NO_DATA); + goto failure; + } + /* Prepare the signing. */ if (engine_create_filter (&filter, collect_signature, &sigbuffer)) goto failure; @@ -1174,21 +1190,6 @@ } - /* Get the attachment info and the body. */ - body = mapi_get_body (message, NULL); - if (body && !*body) - { - xfree (body); - body = NULL; - } - att_table = mapi_create_attach_table (message, 0); - n_att_usable = count_usable_attachments (att_table); - if (!n_att_usable && !body) - { - log_debug ("%s:%s: can't sign an empty message\n", SRCNAME, __func__); - goto failure; - } - /* Write the top header. */ generate_boundary (boundary); create_top_signing_header (top_header, sizeof top_header, @@ -1360,7 +1361,8 @@ int result = -1; mapi_attach_item_t *att_table; - if (!do_mime_sign (message, hwnd, protocol, &att_table, 0)) + result = do_mime_sign (message, hwnd, protocol, &att_table, 0); + if (!result) { if (!finalize_message (message, att_table, protocol, 0)) result = 0; @@ -1557,7 +1559,7 @@ mapi_attach_item_t *att_table = NULL; char *body = NULL; int n_att_usable; - engine_filter_t filter; + engine_filter_t filter = NULL; memset (sink, 0, sizeof *sink); memset (encsink, 0, sizeof *encsink); @@ -1566,6 +1568,27 @@ if (!attach) return -1; + /* Get the attachment info and the body. We need to do this before + creating the engine's filter sue problem sending the cancel to + the engine with nothing for the engine to process. This is + actually a bug in our engine code but we better avoid triggering + this bug because the engine sometimes hangs. Fixme: Needs a + proper fix. */ + body = mapi_get_body (message, NULL); + if (body && !*body) + { + xfree (body); + body = NULL; + } + att_table = mapi_create_attach_table (message, 0); + n_att_usable = count_usable_attachments (att_table); + if (!n_att_usable && !body) + { + log_debug ("%s:%s: can't encrypt an empty message\n", SRCNAME, __func__); + result = gpg_error (GPG_ERR_NO_DATA); + goto failure; + } + /* Prepare the encryption. We do this early as it is quite common that some recipient keys are not available and thus the encryption will fail early. */ @@ -1580,21 +1603,6 @@ if (protocol == PROTOCOL_UNKNOWN) goto failure; - /* Get the attachment info and the body. */ - body = mapi_get_body (message, NULL); - if (body && !*body) - { - xfree (body); - body = NULL; - } - att_table = mapi_create_attach_table (message, 0); - n_att_usable = count_usable_attachments (att_table); - if (!n_att_usable && !body) - { - log_debug ("%s:%s: can't encrypt an empty message\n", SRCNAME, __func__); - goto failure; - } - /* Write the top header. */ rc = create_top_encryption_header (sink, protocol, boundary); if (rc) @@ -1689,7 +1697,7 @@ sink_t tmpsink = &tmpsinkmem; char boundary[BOUNDARYSIZE+1]; mapi_attach_item_t *att_table = NULL; - engine_filter_t filter; + engine_filter_t filter = NULL; memset (sink, 0, sizeof *sink); memset (encsink, 0, sizeof *encsink); @@ -1699,6 +1707,37 @@ if (!attach) return -1; + /* First check that we are not rying to process an empty message + which might lock up our engine. Unfortunately we need to + duplicate the code we use in do_mime_sign here. FIXME: The + engine should be fixed instead of using such a workaround. */ + { + char *body; + + body = mapi_get_body (message, NULL); + if (body && !*body) + { + xfree (body); + body = NULL; + } + att_table = mapi_create_attach_table (message, 0); + if (!count_usable_attachments (att_table) && !body) + result = gpg_error (GPG_ERR_NO_DATA); + xfree (body); + if (att_table) + { + mapi_release_attach_table (att_table); + att_table = NULL; + } + if (gpg_err_code (result) == GPG_ERR_NO_DATA) + { + log_debug ("%s:%s: can't sign+encrypt an empty message\n", + SRCNAME, __func__); + goto failure; + } + } + + /* Create a temporary sink to construct the signed data. */ hr = OpenStreamOnFile (MAPIAllocateBuffer, MAPIFreeBuffer, (SOF_UNIQUEFILENAME | STGM_DELETEONRELEASE From cvs at cvs.gnupg.org Mon Oct 27 19:23:30 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 27 Oct 2008 19:23:30 +0100 Subject: [svn] GpgOL - r280 - trunk/src Message-ID: Author: wk Date: 2008-10-27 19:23:30 +0100 (Mon, 27 Oct 2008) New Revision: 280 Modified: trunk/src/message.cpp Log: Remove an fprintf based debug output. Modified: trunk/src/message.cpp =================================================================== --- trunk/src/message.cpp 2008-10-27 18:20:23 UTC (rev 279) +++ trunk/src/message.cpp 2008-10-27 18:23:30 UTC (rev 280) @@ -443,7 +443,8 @@ p0 = p; if (strncmp (p, "-----BEGIN PGP SIGNATURE-----", 29) || !trailing_ws_p (p+29) ) - fprintf (stderr,"Invalid clear signed message\n"); + log_debug ("%s:%s: invalid clear signed message\n", + SRCNAME, __func__); state = 3; dest = stpcpy (dest, sig_header); @@ -479,7 +480,8 @@ p0 = p; if (strncmp (p, "-----END PGP SIGNATURE-----", 27) || !trailing_ws_p (p+27) ) - fprintf (stderr,"Invalid clear signed message (no end)\n"); + log_debug ("%s:%s: invalid clear signed message (no end)\n", + SRCNAME, __func__); while (*p && *p != '\n') *dest++ = *p++; if (*p == '\n') From cvs at cvs.gnupg.org Tue Oct 28 12:41:57 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 28 Oct 2008 12:41:57 +0100 Subject: [svn] GnuPG - r4860 - in trunk: g10 po sm Message-ID: Author: wk Date: 2008-10-28 12:41:52 +0100 (Tue, 28 Oct 2008) New Revision: 4860 Modified: trunk/g10/ChangeLog trunk/g10/keyedit.c trunk/po/be.po trunk/po/ca.po trunk/po/cs.po trunk/po/da.po trunk/po/de.po trunk/po/el.po trunk/po/eo.po trunk/po/es.po trunk/po/et.po trunk/po/fi.po trunk/po/fr.po trunk/po/gl.po trunk/po/hu.po trunk/po/id.po trunk/po/it.po trunk/po/ja.po trunk/po/nb.po trunk/po/pl.po trunk/po/pt.po trunk/po/pt_BR.po trunk/po/ro.po trunk/po/ru.po trunk/po/sk.po trunk/po/sv.po trunk/po/tr.po trunk/po/zh_CN.po trunk/po/zh_TW.po trunk/sm/ChangeLog trunk/sm/certdump.c trunk/sm/gpgsm.h Log: fixed a bug in the prompt formatter. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2008-10-23 19:58:20 UTC (rev 4859) +++ trunk/g10/ChangeLog 2008-10-28 11:41:52 UTC (rev 4860) @@ -1,3 +1,7 @@ +2008-10-24 Werner Koch + + * keyedit.c (change_passphrase): Clear passphrase cache. + 2008-10-20 Werner Koch * gpgv.c: Mark all args of the stub fucntions as unused. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2008-10-23 19:58:20 UTC (rev 4859) +++ trunk/sm/ChangeLog 2008-10-28 11:41:52 UTC (rev 4860) @@ -1,3 +1,12 @@ +2008-10-28 Werner Koch + + * certdump.c (gpgsm_format_keydesc): Use xtryasprintf and xfree. + (gpgsm_es_print_name): Factor code out to ... + (gpgsm_es_print_name2): New function. + (gpgsm_format_name2, format_name_writer): Use estream so that it + works on all platforms. + (format_name_writer): Fix reallocation bug. + 2008-10-23 Werner Koch * import.c (popen_protect_tool): Add arg CTRL and assure that the Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2008-10-23 19:58:20 UTC (rev 4859) +++ trunk/g10/keyedit.c 2008-10-28 11:41:52 UTC (rev 4860) @@ -1151,7 +1151,15 @@ no_primary_secrets = 1; } else { + u32 keyid[2]; + tty_printf(_("Key is protected.\n")); + + /* Clear the passphrase cache so that the user is required + to enter the old passphrase. */ + keyid_from_sk (sk, keyid); + passphrase_clear_cache (keyid, NULL, 0); + rc = check_secret_key( sk, 0 ); if( !rc ) passphrase = get_last_passphrase(); @@ -1233,7 +1241,17 @@ log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); else + { + u32 keyid[2]; + + /* Clear the cahce again so that the user is + required to enter the new passphrase at the + next operation. */ + keyid_from_sk (sk, keyid); + passphrase_clear_cache (keyid, NULL, 0); + changed++; + } break; } } Modified: trunk/po/be.po [not shown] Modified: trunk/po/ca.po [not shown] Modified: trunk/po/cs.po [not shown] Modified: trunk/po/da.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/el.po [not shown] Modified: trunk/po/eo.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/et.po [not shown] Modified: trunk/po/fi.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/gl.po [not shown] Modified: trunk/po/hu.po [not shown] Modified: trunk/po/id.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/ja.po [not shown] Modified: trunk/po/nb.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/pt_BR.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/ru.po [not shown] Modified: trunk/po/sk.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/tr.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/po/zh_TW.po [not shown] Modified: trunk/sm/certdump.c =================================================================== --- trunk/sm/certdump.c 2008-10-23 19:58:20 UTC (rev 4859) +++ trunk/sm/certdump.c 2008-10-28 11:41:52 UTC (rev 4860) @@ -39,15 +39,7 @@ #include "keydb.h" #include "i18n.h" -#ifdef HAVE_FOPENCOOKIE -typedef ssize_t my_funopen_hook_ret_t; -typedef size_t my_funopen_hook_size_t; -#else -typedef int my_funopen_hook_ret_t; -typedef int my_funopen_hook_size_t; -#endif - struct dn_array_s { char *key; char *value; @@ -719,9 +711,9 @@ } -/* This is avariant of gpgsm_print_name sending it output to an estream. */ +/* This is a variant of gpgsm_print_name sending it output to an estream. */ void -gpgsm_es_print_name (estream_t fp, const char *name) +gpgsm_es_print_name2 (estream_t fp, const char *name, int translate) { const unsigned char *s = (const unsigned char *)name; int i; @@ -735,8 +727,13 @@ const char *s2 = strchr ( (char*)s+1, '>'); if (s2) - es_write_sanitized_utf8_buffer (fp, s + 1, s2 - (char*)s - 1, - NULL, NULL); + { + if (translate) + es_write_sanitized_utf8_buffer (fp, s + 1, s2 - (char*)s - 1, + NULL, NULL); + else + es_write_sanitized (fp, s + 1, s2 - (char*)s - 1, NULL, NULL); + } } else if (*s == '(') { @@ -754,7 +751,7 @@ es_fputs (_("[Error - invalid DN]"), fp); else { - print_dn_parts (NULL, fp, dn, 1); + print_dn_parts (NULL, fp, dn, translate); for (i=0; dn[i].key; i++) { xfree (dn[i].key); @@ -766,9 +763,13 @@ } +void +gpgsm_es_print_name (estream_t fp, const char *name) +{ + gpgsm_es_print_name2 (fp, name, 1); +} -#if defined (HAVE_FOPENCOOKIE) || defined (HAVE_FUNOPEN) /* A cookie structure used for the memory stream. */ struct format_name_cookie { @@ -779,32 +780,55 @@ }; /* The writer function for the memory stream. */ -static my_funopen_hook_ret_t -format_name_writer (void *cookie, const char *buffer, - my_funopen_hook_size_t size) +static ssize_t +format_name_writer (void *cookie, const void *buffer, size_t size) { struct format_name_cookie *c = cookie; char *p; - if (c->buffer) - p = xtryrealloc (c->buffer, c->size + size + 1); + log_debug ("buffer: size=%d len=%d error=%d: adding %d bytes\n", + (int)c->size, (int)c->len, c->error, (int)size); + log_printhex ("Adding:", buffer, size); + if (!c->buffer) + { + p = xtrymalloc (size + 1 + 1); + if (p) + { + c->size = size + 1; + c->buffer = p; + c->len = 0; + } + } + else if (c->len + size < c->len) + { + p = NULL; + errno = ENOMEM; + } + else if (c->size < c->len + size) + { + p = xtryrealloc (c->buffer, c->len + size + 1); + if (p) + { + c->size = c->len + size; + c->buffer = p; + } + } else - p = xtrymalloc (size + 1); + p = c->buffer; if (!p) { c->error = errno; xfree (c->buffer); + c->buffer = NULL; errno = c->error; - return (my_funopen_hook_ret_t)(-1); + return -1; } - c->buffer = p; memcpy (p + c->len, buffer, size); c->len += size; p[c->len] = 0; /* Terminate string. */ - return (my_funopen_hook_ret_t)size; + return (ssize_t)size; } -#endif /*HAVE_FOPENCOOKIE || HAVE_FUNOPEN*/ /* Format NAME which is expected to be in rfc2253 format into a better @@ -815,24 +839,14 @@ char * gpgsm_format_name2 (const char *name, int translate) { -#if defined (HAVE_FOPENCOOKIE) || defined (HAVE_FUNOPEN) - FILE *fp; + estream_t fp; struct format_name_cookie cookie; + es_cookie_io_functions_t io = { NULL }; memset (&cookie, 0, sizeof cookie); -#ifdef HAVE_FOPENCOOKIE - { - cookie_io_functions_t io = { NULL }; - io.write = format_name_writer; - - fp = fopencookie (&cookie, "w", io); - } -#else /*!HAVE_FOPENCOOKIE*/ - { - fp = funopen (&cookie, NULL, format_name_writer, NULL, NULL); - } -#endif /*!HAVE_FOPENCOOKIE*/ + io.func_write = format_name_writer; + fp = es_fopencookie (&cookie, "w", io); if (!fp) { int save_errno = errno; @@ -840,8 +854,8 @@ errno = save_errno; return NULL; } - gpgsm_print_name2 (fp, name, translate); - fclose (fp); + gpgsm_es_print_name2 (fp, name, translate); + es_fclose (fp); if (cookie.error || !cookie.buffer) { xfree (cookie.buffer); @@ -849,11 +863,9 @@ return NULL; } return cookie.buffer; -#else /* No fun - use the name verbatim. */ - return xtrystrdup (name); -#endif /* No fun. */ } + char * gpgsm_format_name (const char *name) { @@ -920,7 +932,6 @@ char * gpgsm_format_keydesc (ksba_cert_t cert) { - int rc; char *name, *subject, *buffer, *p; const char *s; ksba_isotime_t t; @@ -931,8 +942,10 @@ char *orig_codeset; name = ksba_cert_get_subject (cert, 0); + log_printhex ("XXXX NAME: ", name, strlen (name)); subject = name? gpgsm_format_name2 (name, 0) : NULL; ksba_free (name); name = NULL; + log_printhex ("YYYY NAME: ", subject, strlen (subject)); sexp = ksba_cert_get_serial (cert); sn = sexp? gpgsm_format_serial (sexp) : NULL; @@ -951,20 +964,19 @@ orig_codeset = i18n_switchto_utf8 (); - rc = asprintf (&name, - _("Please enter the passphrase to unlock the" - " secret key for the X.509 certificate:\n" - "\"%s\"\n" - "S/N %s, ID 0x%08lX,\n" - "created %s, expires %s.\n" ), - subject? subject:"?", - sn? sn: "?", - gpgsm_get_short_fingerprint (cert), - created, expires); - + name = xtryasprintf (_("Please enter the passphrase to unlock the" + " secret key for the X.509 certificate:\n" + "\"%s\"\n" + "S/N %s, ID 0x%08lX,\n" + "created %s, expires %s.\n" ), + subject? subject:"?", + sn? sn: "?", + gpgsm_get_short_fingerprint (cert), + created, expires); + i18n_switchback (orig_codeset); - - if (rc < 0) + + if (!name) { int save_errno = errno; xfree (subject); @@ -996,7 +1008,7 @@ *p++ = *s; } *p = 0; - free (name); + xfree (name); return buffer; } Modified: trunk/sm/gpgsm.h =================================================================== --- trunk/sm/gpgsm.h 2008-10-23 19:58:20 UTC (rev 4859) +++ trunk/sm/gpgsm.h 2008-10-28 11:41:52 UTC (rev 4860) @@ -267,6 +267,7 @@ void gpgsm_print_name2 (FILE *fp, const char *string, int translate); void gpgsm_print_name (FILE *fp, const char *string); void gpgsm_es_print_name (estream_t fp, const char *string); +void gpgsm_es_print_name2 (estream_t fp, const char *string, int translate); void gpgsm_cert_log_name (const char *text, ksba_cert_t cert); From cvs at cvs.gnupg.org Tue Oct 28 13:14:33 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 28 Oct 2008 13:14:33 +0100 Subject: [svn] GnuPG - r4861 - in trunk: po sm Message-ID: Author: wk Date: 2008-10-28 13:14:29 +0100 (Tue, 28 Oct 2008) New Revision: 4861 Modified: trunk/po/be.po trunk/po/ca.po trunk/po/cs.po trunk/po/da.po trunk/po/de.po trunk/po/el.po trunk/po/eo.po trunk/po/es.po trunk/po/et.po trunk/po/fi.po trunk/po/fr.po trunk/po/gl.po trunk/po/hu.po trunk/po/id.po trunk/po/it.po trunk/po/ja.po trunk/po/nb.po trunk/po/pl.po trunk/po/pt.po trunk/po/pt_BR.po trunk/po/ro.po trunk/po/ru.po trunk/po/sk.po trunk/po/sv.po trunk/po/tr.po trunk/po/zh_CN.po trunk/po/zh_TW.po trunk/sm/certdump.c Log: Remove debug code. Modified: trunk/po/be.po [not shown] Modified: trunk/po/ca.po [not shown] Modified: trunk/po/cs.po [not shown] Modified: trunk/po/da.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/el.po [not shown] Modified: trunk/po/eo.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/et.po [not shown] Modified: trunk/po/fi.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/gl.po [not shown] Modified: trunk/po/hu.po [not shown] Modified: trunk/po/id.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/ja.po [not shown] Modified: trunk/po/nb.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/pt_BR.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/ru.po [not shown] Modified: trunk/po/sk.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/tr.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/po/zh_TW.po [not shown] Modified: trunk/sm/certdump.c =================================================================== --- trunk/sm/certdump.c 2008-10-28 11:41:52 UTC (rev 4860) +++ trunk/sm/certdump.c 2008-10-28 12:14:29 UTC (rev 4861) @@ -786,9 +786,6 @@ struct format_name_cookie *c = cookie; char *p; - log_debug ("buffer: size=%d len=%d error=%d: adding %d bytes\n", - (int)c->size, (int)c->len, c->error, (int)size); - log_printhex ("Adding:", buffer, size); if (!c->buffer) { p = xtrymalloc (size + 1 + 1); From cvs at cvs.gnupg.org Tue Oct 28 16:00:27 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 28 Oct 2008 16:00:27 +0100 Subject: [svn] GnuPG - r4862 - in trunk: jnlib po Message-ID: Author: wk Date: 2008-10-28 16:00:23 +0100 (Tue, 28 Oct 2008) New Revision: 4862 Modified: trunk/jnlib/ChangeLog trunk/jnlib/w32-gettext.c trunk/po/be.po trunk/po/ca.po trunk/po/cs.po trunk/po/da.po trunk/po/de.po trunk/po/el.po trunk/po/eo.po trunk/po/es.po trunk/po/et.po trunk/po/fi.po trunk/po/fr.po trunk/po/gl.po trunk/po/hu.po trunk/po/id.po trunk/po/it.po trunk/po/ja.po trunk/po/nb.po trunk/po/pl.po trunk/po/pt.po trunk/po/pt_BR.po trunk/po/ro.po trunk/po/ru.po trunk/po/sk.po trunk/po/sv.po trunk/po/tr.po trunk/po/zh_CN.po trunk/po/zh_TW.po Log: Fixed w32-gettext. Modified: trunk/jnlib/ChangeLog =================================================================== --- trunk/jnlib/ChangeLog 2008-10-28 12:14:29 UTC (rev 4861) +++ trunk/jnlib/ChangeLog 2008-10-28 15:00:23 UTC (rev 4862) @@ -1,3 +1,8 @@ +2008-10-28 Werner Koch + + * w32-gettext.c (gettext): Try the binary search if the string was + not found in the hash table. + 2008-10-20 Werner Koch * w32-afunix.c (_w32_sock_connect): Mark ADDRLEN as unused. Modified: trunk/jnlib/w32-gettext.c =================================================================== --- trunk/jnlib/w32-gettext.c 2008-10-28 12:14:29 UTC (rev 4861) +++ trunk/jnlib/w32-gettext.c 2008-10-28 15:00:23 UTC (rev 4862) @@ -1647,6 +1647,7 @@ /*NOTREACHED*/ } + not_found: /* Now we try the default method: binary search in the sorted array of messages. */ bottom = 0; @@ -1667,7 +1668,6 @@ return get_string (domain, act); } - not_found: return msgid; } Modified: trunk/po/be.po [not shown] Modified: trunk/po/ca.po [not shown] Modified: trunk/po/cs.po [not shown] Modified: trunk/po/da.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/el.po [not shown] Modified: trunk/po/eo.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/et.po [not shown] Modified: trunk/po/fi.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/gl.po [not shown] Modified: trunk/po/hu.po [not shown] Modified: trunk/po/id.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/ja.po [not shown] Modified: trunk/po/nb.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/pt_BR.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/ru.po [not shown] Modified: trunk/po/sk.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/tr.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/po/zh_TW.po [not shown] From cvs at cvs.gnupg.org Wed Oct 29 09:38:07 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 29 Oct 2008 09:38:07 +0100 Subject: [svn] GnuPG - r4863 - trunk/jnlib Message-ID: Author: wk Date: 2008-10-29 09:38:07 +0100 (Wed, 29 Oct 2008) New Revision: 4863 Modified: trunk/jnlib/ChangeLog trunk/jnlib/w32-gettext.c Log: Fix last chnage. Reported by Tom Pegios. Modified: trunk/jnlib/ChangeLog =================================================================== --- trunk/jnlib/ChangeLog 2008-10-28 15:00:23 UTC (rev 4862) +++ trunk/jnlib/ChangeLog 2008-10-29 08:38:07 UTC (rev 4863) @@ -1,3 +1,8 @@ +2008-10-29 Werner Koch + + * w32-gettext.c (gettext): Return if no domain is loaded. + Reported by Tom Pegios. + 2008-10-28 Werner Koch * w32-gettext.c (gettext): Try the binary search if the string was Modified: trunk/jnlib/w32-gettext.c =================================================================== --- trunk/jnlib/w32-gettext.c 2008-10-28 15:00:23 UTC (rev 4862) +++ trunk/jnlib/w32-gettext.c 2008-10-29 08:38:07 UTC (rev 4863) @@ -1603,7 +1603,7 @@ size_t top, bottom; if (!(domain = the_domain)) - goto not_found; + return msgid; /* Locate the MSGID and its translation. */ if (domain->hash_size > 2 && domain->hash_tab) From cvs at cvs.gnupg.org Wed Oct 29 09:45:17 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 29 Oct 2008 09:45:17 +0100 Subject: [svn] GnuPG - r4864 - in trunk: . po scd Message-ID: Author: wk Date: 2008-10-29 09:45:13 +0100 (Wed, 29 Oct 2008) New Revision: 4864 Modified: trunk/THANKS trunk/po/be.po trunk/po/ca.po trunk/po/cs.po trunk/po/da.po trunk/po/de.po trunk/po/el.po trunk/po/eo.po trunk/po/es.po trunk/po/et.po trunk/po/fi.po trunk/po/fr.po trunk/po/gl.po trunk/po/hu.po trunk/po/id.po trunk/po/it.po trunk/po/ja.po trunk/po/nb.po trunk/po/pl.po trunk/po/pt.po trunk/po/pt_BR.po trunk/po/ro.po trunk/po/ru.po trunk/po/sk.po trunk/po/sv.po trunk/po/tr.po trunk/po/zh_CN.po trunk/po/zh_TW.po trunk/scd/command.c Log: Cosmetic fix Modified: trunk/THANKS =================================================================== --- trunk/THANKS 2008-10-29 08:38:07 UTC (rev 4863) +++ trunk/THANKS 2008-10-29 08:45:13 UTC (rev 4864) @@ -241,6 +241,7 @@ Todd Vierling tv at pobox.com TOGAWA Satoshi Satoshi.Togawa at jp.yokogawa.com Tom Duerbusch DuerbuschT at stlouiscity.com +Tom Pegios tomp at idirect.com Tom Spindler dogcow at home.merit.edu Tom Zerucha tzeruch at ceddec.com Tomas Fasth tomas.fasth at twinspot.net Modified: trunk/po/be.po [not shown] Modified: trunk/po/ca.po [not shown] Modified: trunk/po/cs.po [not shown] Modified: trunk/po/da.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/el.po [not shown] Modified: trunk/po/eo.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/et.po [not shown] Modified: trunk/po/fi.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/gl.po [not shown] Modified: trunk/po/hu.po [not shown] Modified: trunk/po/id.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/ja.po [not shown] Modified: trunk/po/nb.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/pt_BR.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/ru.po [not shown] Modified: trunk/po/sk.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/tr.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/po/zh_TW.po [not shown] Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2008-10-29 08:38:07 UTC (rev 4863) +++ trunk/scd/command.c 2008-10-29 08:45:13 UTC (rev 4864) @@ -498,7 +498,8 @@ if (rc) return rc; - rc = estream_asprintf (&serial_and_stamp, "%s %lu", serial, (unsigned long)stamp); + rc = estream_asprintf (&serial_and_stamp, "%s %lu", + serial, (unsigned long)stamp); xfree (serial); if (rc < 0) return out_of_core (); From cvs at cvs.gnupg.org Wed Oct 29 13:52:44 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Wed, 29 Oct 2008 13:52:44 +0100 Subject: [svn] gpg-error - r206 - in trunk: . src Message-ID: Author: marcus Date: 2008-10-29 13:52:44 +0100 (Wed, 29 Oct 2008) New Revision: 206 Modified: trunk/ChangeLog trunk/src/mkstrtable.awk Log: 2008-10-29 Marcus Brinkmann * src/mkstrtable.awk: Make generated code -W clean to silence gcc warnings. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-08-06 16:08:52 UTC (rev 205) +++ trunk/ChangeLog 2008-10-29 12:52:44 UTC (rev 206) @@ -1,3 +1,8 @@ +2008-10-29 Marcus Brinkmann + + * src/mkstrtable.awk: Make generated code -W clean to silence gcc + warnings. + 2008-08-06 Werner Koch * src/err-codes.h.in (GPG_ERR_NOT_OPERATIONAL): New. Modified: trunk/src/mkstrtable.awk =================================================================== --- trunk/src/mkstrtable.awk 2008-08-06 16:08:52 UTC (rev 205) +++ trunk/src/mkstrtable.awk 2008-10-29 12:52:44 UTC (rev 206) @@ -1,5 +1,5 @@ # mkstrtable.awk -# Copyright (C) 2003, 2004 g10 Code GmbH +# Copyright (C) 2003, 2004, 2008 g10 Code GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as @@ -157,7 +157,10 @@ print " " pos[coded_msgs]; print " };"; print ""; - print "#define " namespace "msgidxof(code) (0 ? -1 \\"; + print "static inline int"; + print namespace "msgidxof (int code)"; + print "{"; + print " return (0 ? 0"; # Gather the ranges. skip = code[0]; @@ -170,17 +173,17 @@ else { print " : ((code >= " start ") && (code <= " stop ")) ? (code - " \ - skip ") \\"; + skip ")"; skip += code[i] - stop - 1; start = code[i]; stop = code[i]; } } print " : ((code >= " start ") && (code <= " stop ")) ? (code - " \ - skip ") \\"; + skip ")"; if (has_default) - print " : " stop + 1 " - " skip ")"; + print " : " stop + 1 " - " skip ");"; else - print " : -1)"; - - } + print " : -1);"; + print "}"; +} From cvs at cvs.gnupg.org Wed Oct 29 14:01:29 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 29 Oct 2008 14:01:29 +0100 Subject: [svn] GpgOL - r281 - in trunk: . po src Message-ID: Author: wk Date: 2008-10-29 14:01:28 +0100 (Wed, 29 Oct 2008) New Revision: 281 Modified: trunk/NEWS trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/engine.c trunk/src/mimemaker.c Log: Made atatchment encryption faster. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-27 18:23:30 UTC (rev 280) +++ trunk/src/ChangeLog 2008-10-29 13:01:28 UTC (rev 281) @@ -1,3 +1,8 @@ +2008-10-29 Werner Koch + + * engine.c (engine_filter): Collect more data in the in buffer. + * mimemaker.c (write_b64): Buffer up to 2k of output. + 2008-10-27 Werner Koch * mimemaker.c (mime_encrypt): Check for an empty message before Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-27 18:23:30 UTC (rev 280) +++ trunk/NEWS 2008-10-29 13:01:28 UTC (rev 281) @@ -5,7 +5,9 @@ * Fixed PGP cleartext signature verification. + * Encryption of attachments is now much faster. + Noteworthy changes for version 0.10.15 (2008-08-06) =================================================== Modified: trunk/po/de.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/src/engine.c =================================================================== --- trunk/src/engine.c 2008-10-27 18:23:30 UTC (rev 280) +++ trunk/src/engine.c 2008-10-29 13:01:28 UTC (rev 281) @@ -555,13 +555,17 @@ /* Fill the input buffer, relinquish control to the callback processor and loop until all input data has been processed. */ - if (!filter->in.length && indatalen) + if (indatalen && filter->in.length < FILTER_BUFFER_SIZE ) { - filter->in.length = (indatalen > FILTER_BUFFER_SIZE - ? FILTER_BUFFER_SIZE : indatalen); - memcpy (filter->in.buffer, indata, filter->in.length); - indata += filter->in.length; - indatalen -= filter->in.length; + size_t tmplen; + + tmplen = FILTER_BUFFER_SIZE - filter->in.length; + tmplen = (indatalen > tmplen? tmplen : indatalen); + + memcpy (filter->in.buffer+filter->in.length, indata, tmplen); + filter->in.length += tmplen; + indata += tmplen; + indatalen -= tmplen; any = 1; } /* Terminate the loop if the filter queue is empty OR the filter Modified: trunk/src/mimemaker.c =================================================================== --- trunk/src/mimemaker.c 2008-10-27 18:23:30 UTC (rev 280) +++ trunk/src/mimemaker.c 2008-10-29 13:01:28 UTC (rev 281) @@ -310,45 +310,62 @@ const unsigned char *p; unsigned char inbuf[4]; int idx, quads; - char outbuf[4]; + char outbuf[2048]; + size_t outlen; log_debug (" writing base64 of length %d\n", (int)datalen); idx = quads = 0; + outlen = 0; for (p = data; datalen; p++, datalen--) { inbuf[idx++] = *p; if (idx > 2) { - outbuf[0] = bintoasc[(*inbuf>>2)&077]; - outbuf[1] = bintoasc[(((*inbuf<<4)&060)|((inbuf[1] >> 4)&017))&077]; - outbuf[2] = bintoasc[(((inbuf[1]<<2)&074)|((inbuf[2]>>6)&03))&077]; - outbuf[3] = bintoasc[inbuf[2]&077]; - if ((rc = write_buffer (sink, outbuf, 4))) - return rc; + /* We need space for a quad and a possible CR,LF. */ + if (outlen+4+2 >= sizeof outbuf) + { + if ((rc = write_buffer (sink, outbuf, outlen))) + return rc; + outlen = 0; + } + outbuf[outlen++] = bintoasc[(*inbuf>>2)&077]; + outbuf[outlen++] = bintoasc[(((*inbuf<<4)&060) + |((inbuf[1] >> 4)&017))&077]; + outbuf[outlen++] = bintoasc[(((inbuf[1]<<2)&074) + |((inbuf[2]>>6)&03))&077]; + outbuf[outlen++] = bintoasc[inbuf[2]&077]; idx = 0; if (++quads >= (64/4)) { quads = 0; - if ((rc = write_buffer (sink, "\r\n", 2))) - return rc; + outbuf[outlen++] = '\r'; + outbuf[outlen++] = '\n'; } } } + /* We need space for a quad and a final CR,LF. */ + if (outlen+4+2 >= sizeof outbuf) + { + if ((rc = write_buffer (sink, outbuf, outlen))) + return rc; + outlen = 0; + } if (idx) { - outbuf[0] = bintoasc[(*inbuf>>2)&077]; + outbuf[outlen++] = bintoasc[(*inbuf>>2)&077]; if (idx == 1) { - outbuf[1] = bintoasc[((*inbuf<<4)&060)&077]; - outbuf[2] = '='; - outbuf[3] = '='; + outbuf[outlen++] = bintoasc[((*inbuf<<4)&060)&077]; + outbuf[outlen++] = '='; + outbuf[outlen++] = '='; } else { - outbuf[1] = bintoasc[(((*inbuf<<4)&060)|((inbuf[1]>>4)&017))&077]; - outbuf[2] = bintoasc[((inbuf[1]<<2)&074)&077]; - outbuf[3] = '='; + outbuf[outlen++] = bintoasc[(((*inbuf<<4)&060) + |((inbuf[1]>>4)&017))&077]; + outbuf[outlen++] = bintoasc[((inbuf[1]<<2)&074)&077]; + outbuf[outlen++] = '='; } if ((rc = write_buffer (sink, outbuf, 4))) return rc; @@ -356,9 +373,17 @@ } if (quads) - if ((rc = write_buffer (sink, "\r\n", 2))) - return rc; + { + outbuf[outlen++] = '\r'; + outbuf[outlen++] = '\n'; + } + if (outlen) + { + if ((rc = write_buffer (sink, outbuf, outlen))) + return rc; + } + return 0; } From cvs at cvs.gnupg.org Wed Oct 29 18:24:27 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 29 Oct 2008 18:24:27 +0100 Subject: [svn] GnuPG - r4865 - in trunk: . agent jnlib Message-ID: Author: wk Date: 2008-10-29 18:24:27 +0100 (Wed, 29 Oct 2008) New Revision: 4865 Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/gpg-agent.c trunk/jnlib/ChangeLog trunk/jnlib/stringhelp.c trunk/jnlib/stringhelp.h Log: Check that the socket is well and served by us. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2008-10-29 08:45:13 UTC (rev 4864) +++ trunk/agent/ChangeLog 2008-10-29 17:24:27 UTC (rev 4865) @@ -1,3 +1,16 @@ +2008-10-29 Werner Koch + + * gpg-agent.c (main): Move USE_STANDARD_SOCKET to the outer scope. + (create_socket_name): Remove arg USE_STANDARD_SOCKET. Change all + callers. + (create_server_socket): Remove IS_STANDARD_NAME and replace it by + USE_STANDARD_SOCKET. Change all callers. + (check_own_socket_running): New. + (check_own_socket, check_own_socket_thread): New. + (handle_tick): Check server socket once a minute. + (handle_connections): Remove the extra pth_wait in the shutdown + case. + 2008-10-20 Werner Koch * command.c (cmd_geteventcounter): Mark unused arg. Modified: trunk/jnlib/ChangeLog =================================================================== --- trunk/jnlib/ChangeLog 2008-10-29 08:45:13 UTC (rev 4864) +++ trunk/jnlib/ChangeLog 2008-10-29 17:24:27 UTC (rev 4865) @@ -1,5 +1,10 @@ 2008-10-29 Werner Koch + * stringhelp.c (make_filename): Implement using macros. Factor some + code out to .. + (change_slashes): New. + (make_filename_try): New. + * w32-gettext.c (gettext): Return if no domain is loaded. Reported by Tom Pegios. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-29 08:45:13 UTC (rev 4864) +++ trunk/NEWS 2008-10-29 17:24:27 UTC (rev 4865) @@ -1,42 +1,46 @@ Noteworthy changes in version 2.0.10 (unreleased) ------------------------------------------------- - * New keyserver helper gpg2keys_kdns as generic DNS CERT lookup. Run - with --help for a short description. Requires the ADNS library. + * [gpg] New keyserver helper gpg2keys_kdns as generic DNS CERT + lookup. Run with --help for a short description. Requires the + ADNS library. * [gpg] New mechanisms "local" and "nodefault" for --auto-key-locate. Fixed a few problems with this option. - * [w32] Initialized the socket subsystem for all keyserver helpers. - - * [w32] The sysconf directory has been moved from a subdirectory of - the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg. - * [gpg] New command --locate-keys. * [gpg] New options --with-sig-list and --with-sig-check. * [gpg] The option "-sat" is no longer an alias for --clearsign. + * [gpg] The option --fixed-list-mode is now implicitly used and obsolete. + + * [gpg] New control statement %ask-passphrase for the unattended key + generation. + + * [gpgsm] Now uses AES by default. + * [gpgsm] Made --output option work with --export-secret-key-p12. + * [gpg-agent] Terminate process if the own listening socket is not + anymore served by ourself. + + * [scdaemon] Made it more robust on W32. + * [gpg-connect-agent] Accept commands given as command line arguments. - * [gpg] The option --fixed-list-mode is now implicitly used and obsolete. + * [w32] Initialized the socket subsystem for all keyserver helpers. - * [gpg] New control statement %ask-passphrase for the unattended key - generation. + * [w32] The sysconf directory has been moved from a subdirectory of + the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg. - * gpgsm now uses AES by default. + * The gpg-preset-passphrase mechanism works again. - * gpg-preset-passphrase works again. - * Admin PINs are cached again (bug in 2.0.9). * Support for version 2 OpenPGP cards. - * [scdaemon] Made it more robust on W32. - * Libgcrypt 1.4 is now required. @@ -635,7 +639,8 @@ development branch. - Copyright 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc. + Copyright 2002, 2003, 2004, 2005, 2006, 2007, + 2008 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2008-10-29 08:45:13 UTC (rev 4864) +++ trunk/agent/gpg-agent.c 2008-10-29 17:24:27 UTC (rev 4865) @@ -194,10 +194,15 @@ #define TIMERTICK_INTERVAL (2) /* Seconds. */ #endif -/* flag to indicate that a shutdown was requested */ +/* Flag to indicate that a shutdown was requested. */ static int shutdown_pending; +/* Counter for the currently running own socket checks. */ +static int check_own_socket_running; +/* True if we are listening on the standard socket. */ +static int use_standard_socket; + /* It is possible that we are currently running under setuid permissions */ static int maybe_setuid = 1; @@ -241,10 +246,8 @@ Local prototypes. */ -static char *create_socket_name (int use_standard_socket, - char *standard_name, char *template); -static gnupg_fd_t create_server_socket (int is_standard_name, char *name, - int is_ssh, +static char *create_socket_name (char *standard_name, char *template); +static gnupg_fd_t create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce); static void create_directories (void); @@ -253,6 +256,7 @@ static void handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh); +static void check_own_socket (void); static int check_for_running_agent (int silent, int mode); /* Pth wrapper function definitions. */ @@ -494,7 +498,6 @@ char *logfile = NULL; int debug_wait = 0; int gpgconf_list = 0; - int use_standard_socket = 0; gpg_error_t err; const char *env_file_name = NULL; @@ -895,19 +898,15 @@ /* Create the sockets. */ - socket_name = create_socket_name (use_standard_socket, - "S.gpg-agent", - "/tmp/gpg-XXXXXX/S.gpg-agent"); + socket_name = create_socket_name + ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); if (opt.ssh_support) - socket_name_ssh = create_socket_name (use_standard_socket, - "S.gpg-agent.ssh", - "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); + socket_name_ssh = create_socket_name + ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); - fd = create_server_socket (use_standard_socket, socket_name, 0, - &socket_nonce); + fd = create_server_socket (socket_name, 0, &socket_nonce); if (opt.ssh_support) - fd_ssh = create_server_socket (use_standard_socket, socket_name_ssh, 1, - &socket_nonce_ssh); + fd_ssh = create_server_socket (socket_name_ssh, 1, &socket_nonce_ssh); else fd_ssh = GNUPG_INVALID_FD; @@ -1311,8 +1310,7 @@ terminates the process in case of an error. Returns: Pointer to an allocated string with the absolute name of the socket used. */ static char * -create_socket_name (int use_standard_socket, - char *standard_name, char *template) +create_socket_name (char *standard_name, char *template) { char *name, *p; @@ -1349,14 +1347,12 @@ -/* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates - whether a non-random socket is used. Returns the file descriptor +/* Create a Unix domain socket with NAME. Returns the file descriptor or terminates the process in case of an error. Not that this - function needs to be used for the regular socket first and only then - for the ssh socket. */ + function needs to be used for the regular socket first and only + then for the ssh socket. */ static gnupg_fd_t -create_server_socket (int is_standard_name, char *name, int is_ssh, - assuan_sock_nonce_t *nonce) +create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) { struct sockaddr_un *serv_addr; socklen_t len; @@ -1383,7 +1379,7 @@ + strlen (serv_addr->sun_path) + 1); rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); - if (is_standard_name && rc == -1 && errno == EADDRINUSE) + if (use_standard_socket && rc == -1 && errno == EADDRINUSE) { /* Check whether a gpg-agent is already running on the standard socket. We do this test only if this is not the ssh socket. @@ -1416,7 +1412,7 @@ gpg_strerror (gpg_error_from_errno (errno))); assuan_sock_close (fd); - if (is_standard_name) + if (use_standard_socket) *name = 0; /* Inhibit removal of the socket by cleanup(). */ agent_exit (2); } @@ -1530,6 +1526,11 @@ static void handle_tick (void) { + static time_t last_minute; + + if (!last_minute) + last_minute = time (NULL); + /* Check whether the scdaemon has died and cleanup in this case. */ agent_scd_check_aliveness (); @@ -1548,6 +1549,14 @@ } } #endif /*HAVE_W32_SYSTEM*/ + + /* Code to be run every minute. */ + if (last_minute + 60 <= time (NULL)) + { + check_own_socket (); + last_minute = time (NULL); + } + } @@ -1755,13 +1764,9 @@ if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1) break; /* ready */ - /* Do not accept anymore connections and wait for existing - connections to terminate */ - signo = 0; - pth_wait (ev); - if (pth_event_occurred (ev) && signo) - handle_signal (signo); - continue; + /* Do not accept new connections but keep on running the + loop to cope with the timer events. */ + FD_ZERO (&fdset); } /* Create a timeout event if needed. */ @@ -1828,7 +1833,7 @@ new thread. Thus we need to block those signals. */ pth_sigmask (SIG_BLOCK, &sigs, &oldsigs); - if (FD_ISSET (FD2INT (listen_fd), &read_fdset)) + if (!shutdown_pending && FD_ISSET (FD2INT (listen_fd), &read_fdset)) { ctrl_t ctrl; @@ -1865,7 +1870,7 @@ fd = GNUPG_INVALID_FD; } - if (listen_fd_ssh != GNUPG_INVALID_FD + if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD && FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset)) { ctrl_t ctrl; @@ -1917,6 +1922,111 @@ } + +/* Helper for check_own_socket. */ +static int +check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length) +{ + membuf_t *mb = opaque; + put_membuf (mb, buffer, length); + return 0; +} + + +/* The thread running the actual check. We need to run this in a + separate thread so that check_own_thread can be called from the + timer tick. */ +static void * +check_own_socket_thread (void *arg) +{ + int rc; + char *sockname = arg; + assuan_context_t ctx; + membuf_t mb; + char *buffer; + + check_own_socket_running++; + + rc = assuan_socket_connect (&ctx, sockname, (pid_t)(-1)); + xfree (sockname); + if (rc) + { + log_error ("can't connect my own socket: %s\n", gpg_strerror (rc)); + goto leave; + } + + init_membuf (&mb, 100); + rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb, + NULL, NULL, NULL, NULL); + put_membuf (&mb, "", 1); + buffer = get_membuf (&mb, NULL); + if (rc || !buffer) + { + log_error ("sending command \"%s\" to my own socket failed: %s\n", + "GETINFO pid", gpg_strerror (rc)); + rc = 1; + } + else if ( (pid_t)strtoul (buffer, NULL, 10) != getpid ()) + { + log_error ("socket is now serviced by another server\n"); + rc = 1; + } + else if (opt.verbose) + log_error ("socket is still served by this server\n"); + + xfree (buffer); + assuan_disconnect (ctx); + + leave: + if (rc) + { + /* We may not remove the socket as it is now in use by another + server. Setting the name to empty does this. */ + if (socket_name) + *socket_name = 0; + if (socket_name_ssh) + *socket_name_ssh = 0; + shutdown_pending = 2; + log_info ("this process is useless - shutting down\n"); + } + check_own_socket_running--; + return NULL; +} + + +/* Check whether we are still listening on our own socket. In case + another gpg-agent process started after us has taken ownership of + our socket, we woul linger around without any real taks. Thus we + better check once in a while whether we are really needed. */ +static void +check_own_socket (void) +{ + char *sockname; + pth_attr_t tattr; + + if (!use_standard_socket) + return; /* This check makes only sense in standard socket mode. */ + + if (check_own_socket_running || shutdown_pending) + return; /* Still running or already shutting down. */ + + sockname = make_filename (opt.homedir, "S.gpg-agent", NULL); + if (!sockname) + return; /* Out of memory. */ + + tattr = pth_attr_new(); + pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); + pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024); + pth_attr_set (tattr, PTH_ATTR_NAME, "check-owb-socket"); + + if (!pth_spawn (tattr, check_own_socket_thread, sockname)) + log_error ("error spawning check_own_socket_thread: %s\n", + strerror (errno) ); + pth_attr_destroy (tattr); +} + + + /* Figure out whether an agent is available and running. Prints an error if not. If SILENT is true, no messages are printed. Usually started with MODE 0. Returns 0 if the agent is running. */ Modified: trunk/jnlib/stringhelp.c =================================================================== --- trunk/jnlib/stringhelp.c 2008-10-29 08:45:13 UTC (rev 4864) +++ trunk/jnlib/stringhelp.c 2008-10-29 17:24:27 UTC (rev 4865) @@ -1,6 +1,6 @@ /* stringhelp.c - standard string helper functions * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, - * 2006, 2007 Free Software Foundation, Inc. + * 2006, 2007, 2008 Free Software Foundation, Inc. * * This file is part of JNLIB. * @@ -34,6 +34,28 @@ #define tohex_lower(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'a')) +/* Sometimes we want to avoid mixing slashes and backslashes on W32 + and prefer backslashes. There is usual no problem with mixing + them, however a very few W32 API calls can't grok plain slashes. + Printing filenames with mixed slashes also looks a bit strange. + This function has no effext on POSIX. */ +static inline char * +change_slashes (char *name) +{ + char *p; + +#ifdef HAVE_DRIVE_LETTERS + if (strchr (name, '\\')) + { + for (p=name; *p; p++) + if (*p == '/') + *p = '\\'; + } +#endif /*HAVE_DRIVE_LETTERS*/ + return name; +} + + /* * Look for the substring SUB in buffer and return a pointer to that * substring in BUFFER or NULL if not found. @@ -290,56 +312,65 @@ } + +/* Implementation of make_filename and make_filename_try. We need to + use macros here toa void the use of the soemtimes problematic + va_copy fucntion which is not available on all systems. */ +#define MAKE_FILENAME_PART1 \ + va_list arg_ptr; \ + size_t n; \ + const char *s; \ + char *name, *home, *p; \ + \ + va_start (arg_ptr, first_part); \ + n = strlen (first_part) + 1; \ + while ( (s = va_arg (arg_ptr, const char *)) ) \ + n += strlen(s) + 1; \ + va_end(arg_ptr); \ + \ + home = NULL; \ + if ( *first_part == '~' && first_part[1] == '/' \ + && (home = getenv("HOME")) && *home ) \ + n += strlen (home); + +#define MAKE_FILENAME_PART2 \ + p = (home \ + ? stpcpy (stpcpy (name,home), first_part + 1)\ + : stpcpy(name, first_part)); \ + \ + va_start (arg_ptr, first_part); \ + while ( (s = va_arg(arg_ptr, const char *)) ) \ + p = stpcpy (stpcpy (p,"/"), s); \ + va_end(arg_ptr); \ + return change_slashes (name); -/**************** - * Construct a filename from the NULL terminated list of parts. - * Tilde expansion is done here. - */ + +/* Construct a filename from the NULL terminated list of parts. Tilde + expansion is done here. This function will never fail. */ char * -make_filename( const char *first_part, ... ) +make_filename (const char *first_part, ... ) { - va_list arg_ptr ; - size_t n; - const char *s; - char *name, *home, *p; - - va_start (arg_ptr, first_part); - n = strlen (first_part) + 1; - while ( (s = va_arg (arg_ptr, const char *)) ) - n += strlen(s) + 1; - va_end(arg_ptr); - - home = NULL; - if ( *first_part == '~' && first_part[1] == '/' - && (home = getenv("HOME")) && *home ) - n += strlen (home); - + MAKE_FILENAME_PART1 name = jnlib_xmalloc (n); - p = (home - ? stpcpy (stpcpy (name,home), first_part + 1) - : stpcpy(name, first_part)); + MAKE_FILENAME_PART2 +} - va_start (arg_ptr, first_part) ; - while ( (s = va_arg(arg_ptr, const char *)) ) - p = stpcpy (stpcpy (p,"/"), s); - va_end(arg_ptr); - -#ifdef HAVE_DRIVE_LETTERS - /* We better avoid mixing slashes and backslashes and prefer - backslashes. There is usual no problem with mixing them, however - a very few W32 API calls can't grok plain slashes. Printing - filenames with mixed slashes also looks a bit strange. */ - if (strchr (name, '\\')) - { - for (p=name; *p; p++) - if (*p == '/') - *p = '\\'; - } -#endif /*HAVE_DRIVE_LETTERS*/ - return name; +/* Construct a filename from the NULL terminated list of parts. Tilde + expansion is done here. This function may return NULL on error. */ +char * +make_filename_try (const char *first_part, ... ) +{ + MAKE_FILENAME_PART1 + name = jnlib_xmalloc (n); + if (!name) + return NULL; + MAKE_FILENAME_PART2 } +#undef MAKE_FILENAME_PART1 +#undef MAKE_FILENAME_PART2 + /* Compare whether the filenames are identical. This is a special version of strcmp() taking the semantics of filenames in account. Note that this function works only on the supplied names Modified: trunk/jnlib/stringhelp.h =================================================================== --- trunk/jnlib/stringhelp.h 2008-10-29 08:45:13 UTC (rev 4864) +++ trunk/jnlib/stringhelp.h 2008-10-29 17:24:27 UTC (rev 4865) @@ -38,6 +38,7 @@ char *make_basename(const char *filepath, const char *inputpath); char *make_dirname(const char *filepath); char *make_filename( const char *first_part, ... ); +char *make_filename_try (const char *first_part, ... ); int compare_filenames( const char *a, const char *b ); int hextobyte (const char *s); From cvs at cvs.gnupg.org Wed Oct 29 20:52:37 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Wed, 29 Oct 2008 20:52:37 +0100 Subject: [svn] assuan - r291 - in trunk: doc src Message-ID: Author: marcus Date: 2008-10-29 20:52:36 +0100 (Wed, 29 Oct 2008) New Revision: 291 Modified: trunk/doc/ChangeLog trunk/doc/assuan.texi trunk/src/ChangeLog trunk/src/assuan.h Log: src/ 2008-10-29 Marcus Brinkmann * assuan.h (assuan_error_t) (_ASSUAN_ONLY_GPG_ERRORS): Make unsigned int. (assuan_transact): Change return type of callback handlers to assuan_error_t. doc/ 2008-10-29 Marcus Brinkmann * assuan.texi: Change return type of callback handlers in assuan_transact. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2008-10-15 10:50:50 UTC (rev 290) +++ trunk/doc/ChangeLog 2008-10-29 19:52:36 UTC (rev 291) @@ -1,3 +1,8 @@ +2008-10-29 Marcus Brinkmann + + * assuan.texi: Change return type of callback handlers in + assuan_transact. + 2007-11-14 Werner Koch * assuan.texi (Client code): Describe the new flag bit 7 of the Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-15 10:50:50 UTC (rev 290) +++ trunk/src/ChangeLog 2008-10-29 19:52:36 UTC (rev 291) @@ -1,3 +1,10 @@ +2008-10-29 Marcus Brinkmann + + * assuan.h (assuan_error_t) (_ASSUAN_ONLY_GPG_ERRORS): Make + unsigned int. + (assuan_transact): Change return type of callback handlers to + assuan_error_t. + 2008-10-15 Werner Koch * assuan-logging.c (_assuan_log_printf): Flush if the format Modified: trunk/doc/assuan.texi =================================================================== --- trunk/doc/assuan.texi 2008-10-15 10:50:50 UTC (rev 290) +++ trunk/doc/assuan.texi 2008-10-29 19:52:36 UTC (rev 291) @@ -772,7 +772,7 @@ conveniently done using a couple of callbacks and the transact function: - at deftypefun assuan_error_t assuan_transact (@w{assuan_context_t @var{ctx}}, @w{const char *@var{command}}, @w{int (*@var{data_cb})(void *, const void *, size_t)}, @w{void *@var{data_cb_arg}}, @w{int (*@var{inquire_cb})(void*, const char *)}, @w{void *@var{inquire_cb_arg}}, @w{int (*@var{status_cb})(void*, const char *)}, @w{void *@var{status_cb_arg}}) + at deftypefun assuan_error_t assuan_transact (@w{assuan_context_t @var{ctx}}, @w{const char *@var{command}}, @w{assuan_error_t (*@var{data_cb})(void *, const void *, size_t)}, @w{void *@var{data_cb_arg}}, @w{assuan_error_t (*@var{inquire_cb})(void*, const char *)}, @w{void *@var{inquire_cb_arg}}, @w{assuan_error_t (*@var{status_cb})(void*, const char *)}, @w{void *@var{status_cb_arg}}) Here @var{ctx} is the Assuan context opened by one of the connect calls. @var{command} is the actual one liner Assuan command. It Modified: trunk/src/assuan.h =================================================================== --- trunk/src/assuan.h 2008-10-15 10:50:50 UTC (rev 290) +++ trunk/src/assuan.h 2008-10-29 19:52:36 UTC (rev 291) @@ -346,7 +346,8 @@ #else /*!_ASSUAN_ONLY_GPG_ERRORS*/ -typedef int assuan_error_t; +/* Choose a type compatible with gpg_error_t. */ +typedef unsigned int assuan_error_t; #endif /*!_ASSUAN_ONLY_GPG_ERRORS*/ @@ -538,11 +539,11 @@ assuan_error_t assuan_transact (assuan_context_t ctx, const char *command, - int (*data_cb)(void *, const void *, size_t), + assuan_error_t (*data_cb)(void *, const void *, size_t), void *data_cb_arg, - int (*inquire_cb)(void*, const char *), + assuan_error_t (*inquire_cb)(void*, const char *), void *inquire_cb_arg, - int (*status_cb)(void*, const char *), + assuan_error_t (*status_cb)(void*, const char *), void *status_cb_arg); From cvs at cvs.gnupg.org Thu Oct 30 11:14:50 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Thu, 30 Oct 2008 11:14:50 +0100 Subject: [svn] ksba - r295 - trunk/src Message-ID: Author: marcus Date: 2008-10-30 11:14:50 +0100 (Thu, 30 Oct 2008) New Revision: 295 Modified: trunk/src/ChangeLog trunk/src/ocsp.c Log: 2008-10-30 Marcus Brinkmann * ocsp.c (parse_context_tag): Don't trash the error value. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-09-22 09:26:30 UTC (rev 294) +++ trunk/src/ChangeLog 2008-10-30 10:14:50 UTC (rev 295) @@ -1,3 +1,7 @@ +2008-10-30 Marcus Brinkmann + + * ocsp.c (parse_context_tag): Don't trash the error value. + 2008-09-04 Werner Koch * asn1-func.h (ksba_asn_create_structure): Remove unused prototype Modified: trunk/src/ocsp.c =================================================================== --- trunk/src/ocsp.c 2008-09-22 09:26:30 UTC (rev 294) +++ trunk/src/ocsp.c 2008-10-30 10:14:50 UTC (rev 295) @@ -237,7 +237,8 @@ err = _ksba_ber_parse_tl (buf, len, ti); if (err) ; - if (!(ti->class == CLASS_CONTEXT && ti->tag == tag && ti->is_constructed) ) + else if (!(ti->class == CLASS_CONTEXT && ti->tag == tag + && ti->is_constructed) ) err = gpg_error (GPG_ERR_INV_OBJ); else if (ti->length > *len) err = gpg_error (GPG_ERR_BAD_BER); From cvs at cvs.gnupg.org Thu Oct 30 11:21:19 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Thu, 30 Oct 2008 11:21:19 +0100 Subject: [svn] dirmngr - r311 - in trunk: . jnlib src tests Message-ID: Author: marcus Date: 2008-10-30 11:21:19 +0100 (Thu, 30 Oct 2008) New Revision: 311 Modified: trunk/ChangeLog trunk/jnlib/ChangeLog trunk/jnlib/logging.c trunk/src/ChangeLog trunk/src/crlcache.c trunk/src/dirmngr-client.c trunk/src/dirmngr.c trunk/src/dirmngr_ldap.c trunk/src/estream.c trunk/src/server.c trunk/tests/asschk.c Log: 2008-10-29 Marcus Brinkmann * tests/asschk.c (interpreter): Add missing initializer to silence gcc -W warning. (expand_line): Add explicit cast for same reason. jnlib/ 2008-10-30 Marcus Brinkmann * logging.c (set_file_fd): Add missing initializer to silence gcc -W warning. src/ 2008-10-29 Marcus Brinkmann * estream.c (es_getline): Add explicit cast to silence gcc -W warning. * crlcache.c (finish_sig_check): Likewise. * dirmngr.c (opts): Add missing initializer to silence gcc -W warning. * server.c (register_commands): Likewise. * dirmngr-client.c (opts): Likewise. * dirmngr_ldap.c (opts): Likewise. * dirmngr-client.c (status_cb, inq_cert, data_cb): Change return type to gpg_error_t to silence gcc warning. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/ChangeLog 2008-10-30 10:21:19 UTC (rev 311) @@ -1,3 +1,9 @@ +2008-10-29 Marcus Brinkmann + + * tests/asschk.c (interpreter): Add missing initializer to silence + gcc -W warning. + (expand_line): Add explicit cast for same reason. + 2008-10-21 Werner Koch * configure.ac: Require libgcrypt 1.4. Remove test for Modified: trunk/jnlib/ChangeLog =================================================================== --- trunk/jnlib/ChangeLog 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/jnlib/ChangeLog 2008-10-30 10:21:19 UTC (rev 311) @@ -1,3 +1,8 @@ +2008-10-30 Marcus Brinkmann + + * logging.c (set_file_fd): Add missing initializer to silence gcc + -W warning. + 2008-02-22 Werner Koch * argparse.c (strusage): Set copyright year to 2008. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/src/ChangeLog 2008-10-30 10:21:19 UTC (rev 311) @@ -1,3 +1,19 @@ +2008-10-29 Marcus Brinkmann + + + * estream.c (es_getline): Add explicit cast to silence gcc -W + warning. + * crlcache.c (finish_sig_check): Likewise. + + * dirmngr.c (opts): Add missing initializer to silence gcc + -W warning. + * server.c (register_commands): Likewise. + * dirmngr-client.c (opts): Likewise. + * dirmngr_ldap.c (opts): Likewise. + + * dirmngr-client.c (status_cb, inq_cert, data_cb): Change return + type to gpg_error_t to silence gcc warning. + 2008-10-21 Werner Koch * certcache.c (load_certs_from_dir): Accept ".der" files. Modified: trunk/jnlib/logging.c =================================================================== --- trunk/jnlib/logging.c 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/jnlib/logging.c 2008-10-30 10:21:19 UTC (rev 311) @@ -276,7 +276,7 @@ #ifdef HAVE_FOPENCOOKIE { - cookie_io_functions_t io = { NULL }; + cookie_io_functions_t io = { NULL, NULL, NULL, NULL }; io.write = fun_writer; io.close = fun_closer; Modified: trunk/src/crlcache.c =================================================================== --- trunk/src/crlcache.c 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/src/crlcache.c 2008-10-30 10:21:19 UTC (rev 311) @@ -1565,7 +1565,7 @@ char algoname[50]; size_t n; gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL; - int i; + unsigned int i; /* This also stops debugging on the MD. */ gcry_md_final (md); @@ -1608,7 +1608,7 @@ /* Create an S-expression with the actual hash value. */ s = gcry_md_algo_name (algo); - for (i=0; *s && i < sizeof(algoname) - 1; s++, i++) + for (i = 0; *s && i < sizeof(algoname) - 1; s++, i++) algoname[i] = ascii_tolower (*s); algoname[i] = 0; err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))", @@ -2218,7 +2218,7 @@ { struct cdb_find cdbfp; struct cdb *cdb; - int i, rc; + int rc; int warn = 0; const unsigned char *s; @@ -2269,6 +2269,7 @@ int reason; int any = 0; cdbi_t n; + cdbi_t i; rc = 0; n = cdb_datalen (cdb); @@ -2299,7 +2300,7 @@ reason = *record; fputs (" ", fp); - for (i=0; i < n; i++) + for (i = 0; i < n; i++) fprintf (fp, "%02X", keyrecord[i]); fputs (":\t reasons( ", fp); Modified: trunk/src/dirmngr-client.c =================================================================== --- trunk/src/dirmngr-client.c 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/src/dirmngr-client.c 2008-10-30 10:21:19 UTC (rev 311) @@ -80,7 +80,7 @@ { oPEM, "pem", 0, N_("certificates are expected in PEM format")}, { oForceDefaultResponder, "force-default-responder", 0, N_("force the use of the default OCSP responder")}, - { 0 } + { 0, NULL, 0, NULL } }; @@ -419,7 +419,7 @@ /* Print status line from the assuan protocol. */ -static int +static gpg_error_t status_cb (void *opaque, const char *line) { (void)opaque; @@ -430,7 +430,7 @@ } /* Print data as retrieved by the lookup function. */ -static int +static gpg_error_t data_cb (void *opaque, const void *buffer, size_t length) { gpg_error_t err; @@ -766,7 +766,7 @@ /* Callback for the inquire fiunction to send back the certificate. */ -static int +static gpg_error_t inq_cert (void *opaque, const char *line) { struct inq_cert_parm_s *parm = opaque; Modified: trunk/src/dirmngr.c =================================================================== --- trunk/src/dirmngr.c 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/src/dirmngr.c 2008-10-30 10:21:19 UTC (rev 311) @@ -200,7 +200,7 @@ "@\n(See the \"info\" manual for a complete listing of all commands and options)\n" )}, - {0} + { 0, NULL, 0, NULL } }; #define DEFAULT_MAX_REPLIES 10 Modified: trunk/src/dirmngr_ldap.c =================================================================== --- trunk/src/dirmngr_ldap.c 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/src/dirmngr_ldap.c 2008-10-30 10:21:19 UTC (rev 311) @@ -100,7 +100,7 @@ { oAttr, "attr", 2, N_("|STRING|return the attribute STRING")}, { oOnlySearchTimeout, "only-search-timeout", 0, "@"}, { oLogWithPID,"log-with-pid", 0, "@"}, - {0} + { 0, NULL, 0, NULL } }; Modified: trunk/src/estream.c =================================================================== --- trunk/src/estream.c 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/src/estream.c 2008-10-30 10:21:19 UTC (rev 311) @@ -2720,7 +2720,7 @@ out: - return err ? err : line_n; + return err ? err : (ssize_t) line_n; } Modified: trunk/src/server.c =================================================================== --- trunk/src/server.c 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/src/server.c 2008-10-30 10:21:19 UTC (rev 311) @@ -1242,7 +1242,7 @@ { "VALIDATE", cmd_validate }, { "INPUT", NULL }, { "OUTPUT", NULL }, - { NULL } + { NULL, NULL } }; int i, j, rc; Modified: trunk/tests/asschk.c =================================================================== --- trunk/tests/asschk.c 2008-10-21 14:50:28 UTC (rev 310) +++ trunk/tests/asschk.c 2008-10-30 10:21:19 UTC (rev 311) @@ -601,7 +601,7 @@ if (!value) value = ""; valuelen = strlen (value); - if (valuelen <= pend - p) + if (valuelen <= (size_t) (pend - p)) { memcpy (p, value, valuelen); p += valuelen; @@ -912,7 +912,7 @@ { "fail-if" , cmd_fail_if }, { "cmpfiles" , cmd_cmpfiles }, { "getenv" , cmd_getenv }, - { NULL } + { NULL, NULL } }; char *p, *save_p; int i, save_c; From cvs at cvs.gnupg.org Thu Oct 30 11:23:18 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 30 Oct 2008 11:23:18 +0100 Subject: [svn] gcry - r1351 - trunk/tests Message-ID: Author: wk Date: 2008-10-30 11:23:17 +0100 (Thu, 30 Oct 2008) New Revision: 1351 Modified: trunk/tests/ChangeLog trunk/tests/cavs_driver.pl trunk/tests/cavs_tests.sh trunk/tests/fipsdrv.c Log: Fix ECB mode test Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-24 17:01:30 UTC (rev 1350) +++ trunk/tests/ChangeLog 2008-10-30 10:23:17 UTC (rev 1351) @@ -1,3 +1,11 @@ +2008-10-27 Werner Koch + + * fipsdrv.c (run_encrypt_decrypt): Make IV_BUFFER optional. + (main): Ditto. + * cavs_driver.pl: Remove the --no-fips flags. + (libgcrypt_encdec($$$$$)): Make IV optional. + (libgcrypt_state_cipher($$$$$)): Ditto. + 2008-10-24 Werner Koch * benchmark.c (md_bench): Do not test MD5 in fips mode. Modified: trunk/tests/cavs_driver.pl =================================================================== --- trunk/tests/cavs_driver.pl 2008-10-24 17:01:30 UTC (rev 1350) +++ trunk/tests/cavs_driver.pl 2008-10-30 10:23:17 UTC (rev 1351) @@ -289,8 +289,10 @@ my $enc = (shift) ? "encrypt" : "decrypt"; my $data=shift; - my $program="fipsdrv --no-fips --key $key --iv $iv --algo $cipher $enc"; + $iv = "--iv $iv" if ($iv); + my $program="fipsdrv --key $key $iv --algo $cipher $enc"; + return pipe_through_program($data,$program); } @@ -333,7 +335,7 @@ my $pt = shift; my $hashalgo = shift; - my $program = "fipsdrv --no-fips --algo $hashalgo digest"; + my $program = "fipsdrv --algo $hashalgo digest"; die "ARCFOUR not available for hashes" if $opt{'R'}; return pipe_through_program($pt, $program); @@ -346,7 +348,9 @@ my $key = shift; my $iv = shift; - my $program="fipsdrv --no-fips --binary --key ".bin2hex($key)." --iv ".bin2hex($iv)." --algo '$cipher' --chunk '$bufsize' $enc"; + $iv = "--iv $iv" if ($iv); + + my $program="fipsdrv --binary --key ".bin2hex($key)." $iv ".bin2hex($iv)." --algo '$cipher' --chunk '$bufsize' $enc"; return $program; } @@ -364,7 +368,7 @@ my $msg = shift; my $hashtype = shift; - my $program = "fipsdrv --no-fips --key $key --algo $hashtype hmac-sha"; + my $program = "fipsdrv --key $key --algo $hashtype hmac-sha"; return pipe_through_program($msg, $program); } Modified: trunk/tests/cavs_tests.sh =================================================================== --- trunk/tests/cavs_tests.sh 2008-10-24 17:01:30 UTC (rev 1350) +++ trunk/tests/cavs_tests.sh 2008-10-30 10:23:17 UTC (rev 1351) @@ -55,13 +55,15 @@ [ -f "$rspfile" ] && rm "$rspfile" if ./cavs_driver.pl -I libgcrypt "$reqfile"; then - echo "failed test: $reqfile" >&2 + if [ -f "$tmprspfile" ]; then + mv "$tmprspfile" "$rspfile" + else + echo "failed test: $reqfile" >&2 + : >"$errors_seen_file" + fi + else + echo "failed test: $reqfile rc=$?" >&2 : >"$errors_seen_file" - elif [ -f "$tmprspfile" ]; then - mv "$tmprspfile" "$rspfile" - else - echo "failed test: $reqfile" >&2 - : >"$errors_seen_file" fi } @@ -72,7 +74,7 @@ ARCH=$(arch || echo unknown) result_file="CAVS_results-$ARCH-$DATE.zip" -for f in fipsdrv fipsrngdrv cavs_driver.pl; do +for f in fipsdrv cavs_driver.pl; do if [ ! -f "./$f" ]; then echo "required program \"$f\" missing in current directory" >&2 exit 2 @@ -110,6 +112,9 @@ find cavs -type f -name "*.req" | while read f ; do echo "Running test file $f" >&2 run_one_test "$f" + if [ -f "$errors_seen_file" ]; then + break; + fi done if [ -f "$errors_seen_file" ]; then Modified: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c 2008-10-24 17:01:30 UTC (rev 1350) +++ trunk/tests/fipsdrv.c 2008-10-30 10:23:17 UTC (rev 1351) @@ -867,10 +867,13 @@ die ("gcry_cipher_setkey failed with keylen %u: %s\n", (unsigned int)key_buflen, gpg_strerror (err)); - err = gcry_cipher_setiv (hd, iv_buffer, iv_buflen); - if (err) - die ("gcry_cipher_setiv failed with ivlen %u: %s\n", - (unsigned int)iv_buflen, gpg_strerror (err)); + if (iv_buffer) + { + err = gcry_cipher_setiv (hd, iv_buffer, iv_buflen); + if (err) + die ("gcry_cipher_setiv failed with ivlen %u: %s\n", + (unsigned int)iv_buflen, gpg_strerror (err)); + } inbuf = data? NULL : gcry_xmalloc (datalen); outbuflen = datalen; @@ -1508,11 +1511,19 @@ cipher_algo = map_openssl_cipher_name (algo_string, &cipher_mode); if (!cipher_algo) die ("cipher algorithm `%s' is not supported\n", algo_string); - if (!iv_string) - die ("option --iv is required in this mode\n"); - iv_buffer = hex2buffer (iv_string, &iv_buflen); - if (!iv_buffer) - die ("invalid value for IV\n"); + if (cipher_mode != GCRY_CIPHER_MODE_ECB) + { + if (!iv_string) + die ("option --iv is required in this mode\n"); + iv_buffer = hex2buffer (iv_string, &iv_buflen); + if (!iv_buffer) + die ("invalid value for IV\n"); + } + else + { + iv_buffer = NULL; + iv_buflen = 0; + } if (!key_string) die ("option --key is required in this mode\n"); key_buffer = hex2buffer (key_string, &key_buflen); From cvs at cvs.gnupg.org Thu Oct 30 11:51:12 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 30 Oct 2008 11:51:12 +0100 Subject: [svn] ksba - r296 - in trunk: . src tests Message-ID: Author: wk Date: 2008-10-30 11:51:12 +0100 (Thu, 30 Oct 2008) New Revision: 296 Modified: trunk/ChangeLog trunk/NEWS trunk/announce.txt trunk/autogen.sh trunk/configure.ac trunk/src/ChangeLog trunk/src/ber-dump.c trunk/src/ber-help.c trunk/tests/ChangeLog trunk/tests/t-cms-parser.c trunk/tests/t-ocsp.c Log: Add more gcc warning options in maintainer mode. Mark a few unsued args. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/ChangeLog 2008-10-30 10:51:12 UTC (rev 296) @@ -1,3 +1,7 @@ +2008-10-30 Werner Koch + + * configure.ac: Use more strict warnings with newer gcc versions. + 2008-09-22 Werner Koch Release 1.0.4. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/src/ChangeLog 2008-10-30 10:51:12 UTC (rev 296) @@ -1,3 +1,8 @@ +2008-10-30 Werner Koch + + * ber-dump.c (one_file): Mark unused arg. + * ber-help.c (_ksba_ber_count_tl): Ditto. + 2008-10-30 Marcus Brinkmann * ocsp.c (parse_context_tag): Don't trash the error value. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/tests/ChangeLog 2008-10-30 10:51:12 UTC (rev 296) @@ -1,3 +1,8 @@ +2008-10-30 Werner Koch + + * t-cms-parser.c (dummy_hash_fnc): Mark unused args. + * t-ocsp.c (my_hash_buffer): Ditto. + 2007-12-13 Werner Koch * t-cms-parser.c (one_file): Print the value of the signature. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/NEWS 2008-10-30 10:51:12 UTC (rev 296) @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.0.5 +------------------------------------------------ + + Noteworthy changes in version 1.0.4 (2008-09-22) ------------------------------------------------ Modified: trunk/announce.txt =================================================================== --- trunk/announce.txt 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/announce.txt 2008-10-30 10:51:12 UTC (rev 296) @@ -1,6 +1,6 @@ Hello! -We are pleased to announce version 1.0.3 of Libksba. +We are pleased to announce version 1.0.4 of Libksba. Libksba is an X.509 and CMS (PKCS#7) library. It is for example required to build the S/MIME part of GnuPG-2 (gpgsm). The only build @@ -10,37 +10,38 @@ user tools accompanying this software, thus it is mostly relevant to developers. -This is a bug fix release. +This is a maintenance release. You may download the library and its OpenPGP signature from: - ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.3.tar.bz2 (513k) - ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.3.tar.bz2.sig + ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.4.tar.bz2 (553k) + ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.4.tar.bz2.sig As an alternative you may use a patch file to upgrade the previous version of the library: - ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.2-1.0.3.diff.bz2 (13k) + ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.3-1.0.4.diff.bz2 (144k) -or from any mirror of that server (http://www.gnupg.org/mirrors.html). +(the reason for the large patch file is due to newer version of files +from the build systems) or from any mirror of that server +(http://www.gnupg.org/mirrors.html). SHA-1 checksums are: -7a4b3a8340087ed360269b567881ebfb9b67441b libksba-1.0.3.tar.bz2 -ecbeb0f381db55f387753f5c873e20be59c9b65f libksba-1.0.2-1.0.3.diff.bz2 +05d0b803bac34b53e07619ca52425452be535792 libksba-1.0.4.tar.bz2 +51249c45ea74c61325c1f2462045ba5a4148bf38 libksba-1.0.3-1.0.4.diff.bz2 -Noteworthy changes in version 1.0.3 (2008-02-12) +Noteworthy changes in version 1.0.4 (2008-09-22) ------------------------------------------------ - * Minor bug fixes. + * Write smimeCapabilities according to RFC3851 to help Mozilla. - * Include the used hash algorithm in sig-val structures. + * Support DSA. - * Fix for unknown tags in issuerAltName and subjectAltName. + * The visibility attribute is now used if supported by the toolchain. - Commercial support contracts for Libksba are available, and they help finance continued maintenance. g10 Code, a Duesseldorf based company owned and headed by Libksba's principal author, is currently funding Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/autogen.sh 2008-10-30 10:51:12 UTC (rev 296) @@ -201,4 +201,6 @@ echo "Running autoconf${FORCE} ..." $AUTOCONF${FORCE} -echo "You may now run \"./configure --enable-maintainer-mode && make\"." +echo "You may now run: + ./configure --enable-maintainer-mode && make +" Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/configure.ac 2008-10-30 10:51:12 UTC (rev 296) @@ -24,8 +24,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.0.4]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.0.5]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -112,6 +112,32 @@ if test "$GCC" = yes; then CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" + if test "$USE_MAINTAINER_MODE" = "yes"; then + CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security" + + # We use -W only if -Wno-missing-field-initializers is supported. + # -W is important because it detects errors like "if (foo);" + AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wno-missing-field-initializers" + AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers" + fi + + AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wdeclaration-after-statement" + AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -Wdeclaration-after-statement" + fi + fi + AC_MSG_CHECKING([if gcc supports -Wpointer-arith]) _gcc_cflags_save=$CFLAGS CFLAGS="-Wpointer-arith" Modified: trunk/src/ber-dump.c =================================================================== --- trunk/src/ber-dump.c 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/src/ber-dump.c 2008-10-30 10:51:12 UTC (rev 296) @@ -76,6 +76,8 @@ ksba_reader_t r; BerDecoder d; + (void)fname; /* Not yet used in error messages. */ + err = ksba_reader_new (&r); if (err) fatal ("out of core\n"); Modified: trunk/src/ber-help.c =================================================================== --- trunk/src/ber-help.c 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/src/ber-help.c 2008-10-30 10:51:12 UTC (rev 296) @@ -404,11 +404,11 @@ } -/* calculate the length of the TL needed to encode a TAG of CLASS. - constructed is a flag telling - whether the value is a constructed one. length gives the length of - the value, if it is 0 undefinite length is assumed. length is - ignored for the NULL tag. */ +/* Calculate the length of the TL needed to encode a TAG of CLASS. + CONSTRUCTED is a flag telling whether the value is a constructed + one. LENGTH gives the length of the value; if it is 0 an + indefinite length is assumed. LENGTH is ignored for the NULL + tag. */ size_t _ksba_ber_count_tl (unsigned long tag, enum tag_class class, @@ -417,6 +417,8 @@ { int buflen = 0; + (void)constructed; /* Not used, but passed for uniformity of such calls. */ + if (tag < 0x1f) { buflen++; Modified: trunk/tests/t-cms-parser.c =================================================================== --- trunk/tests/t-cms-parser.c 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/tests/t-cms-parser.c 2008-10-30 10:51:12 UTC (rev 296) @@ -29,8 +29,11 @@ #include "t-common.h" void -dummy_hash_fnc (void *arg, const void *buffer,size_t length) +dummy_hash_fnc (void *arg, const void *buffer, size_t length) { + (void)arg; + (void)buffer; + (void)length; } Modified: trunk/tests/t-ocsp.c =================================================================== --- trunk/tests/t-ocsp.c 2008-10-30 10:14:50 UTC (rev 295) +++ trunk/tests/t-ocsp.c 2008-10-30 10:51:12 UTC (rev 296) @@ -342,6 +342,8 @@ const void *buffer, size_t length, size_t resultsize, unsigned char *result, size_t *resultlen) { + (void)arg; /* Not used. */ + if (oid && strcmp (oid, "1.3.14.3.2.26")) return gpg_error (GPG_ERR_NOT_SUPPORTED); /* We only support SHA-1. */ if (resultsize < 20) From cvs at cvs.gnupg.org Thu Oct 30 12:56:58 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 30 Oct 2008 12:56:58 +0100 Subject: [svn] gcry - r1352 - in trunk: . src Message-ID: Author: wk Date: 2008-10-30 12:56:57 +0100 (Thu, 30 Oct 2008) New Revision: 1352 Modified: trunk/ChangeLog trunk/autogen.sh trunk/configure.ac trunk/src/ChangeLog trunk/src/g10lib.h Log: Autodetect useful gcc warnings in maintainer-mode. Flag _gcry_gettext with format_arg attribute. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-30 10:23:17 UTC (rev 1351) +++ trunk/ChangeLog 2008-10-30 11:56:57 UTC (rev 1352) @@ -1,3 +1,8 @@ +2008-10-30 Werner Koch + + * configure.ac: Remove option --enable-gcc-warnings. Autodetect + useful gcc warnings in maintainer mode. + 2008-09-18 Werner Koch Release 1.4.3. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-30 10:23:17 UTC (rev 1351) +++ trunk/src/ChangeLog 2008-10-30 11:56:57 UTC (rev 1352) @@ -1,3 +1,8 @@ +2008-10-30 Werner Koch + + * g10lib.h (GCC_ATTR_FORMAT_ARG): New. + (_gcry_gettext): Use it. + 2008-10-24 Werner Koch * global.c (inactive_fips_mode): Move to fips.c. Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2008-10-30 10:23:17 UTC (rev 1351) +++ trunk/autogen.sh 2008-10-30 11:56:57 UTC (rev 1352) @@ -195,5 +195,6 @@ echo "Running autoconf${FORCE} ..." $AUTOCONF${FORCE} -echo "You may now run \"./configure --enable-maintainer-mode && make\"." -echo "(gcc users may want to add the option \"--enable-gcc-warnings\")" +echo "You may now run: + ./configure --enable-maintainer-mode && make +" Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-30 10:23:17 UTC (rev 1351) +++ trunk/configure.ac 2008-10-30 11:56:57 UTC (rev 1352) @@ -852,39 +852,40 @@ CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'` fi]) -AC_ARG_ENABLE(gcc-warnings, - AC_HELP_STRING([--enable-gcc-warnings], - [enable more verbose gcc warnings]), - [more_gcc_warnings="$enableval"], - [more_gcc_warnings="no"]) +# CFLAGS mangling when using gcc. +if test "$GCC" = yes; then + CFLAGS="$CFLAGS -Wall" + if test "$USE_MAINTAINER_MODE" = "yes"; then + CFLAGS="$CFLAGS -Wcast-align -Wshadow -Wstrict-prototypes" + CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security" -if test "$GCC" = yes; then - if test "$USE_MAINTAINER_MODE" = "yes" || - test "$more_gcc_warnings" = "yes"; then - CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" - if test "$more_gcc_warnings" = "yes"; then - CFLAGS="$CFLAGS -W -Wextra -Wbad-function-cast" - CFLAGS="$CFLAGS -Wwrite-strings" - CFLAGS="$CFLAGS -Wdeclaration-after-statement" - CFLAGS="$CFLAGS -Wno-missing-field-initializers" - CFLAGS="$CFLAGS -Wno-sign-compare" - # Note: We don't use -Wunreachable-code because this gives - # warnings for all asserts and many inline functions like - # gpg_error (gcc 4.1.2 20060928). + # If -Wno-missing-field-initializers is supported we can enable a + # a bunch of really useful warnings. + AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wno-missing-field-initializers" + AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -W -Wextra -Wbad-function-cast" + CFLAGS="$CFLAGS -Wwrite-strings" + CFLAGS="$CFLAGS -Wdeclaration-after-statement" + CFLAGS="$CFLAGS -Wno-missing-field-initializers" + CFLAGS="$CFLAGS -Wno-sign-compare" fi - else - CFLAGS="$CFLAGS -Wall" + + AC_MSG_CHECKING([if gcc supports -Wpointer-arith]) + _gcc_cflags_save=$CFLAGS + CFLAGS="-Wpointer-arith" + AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + CFLAGS=$_gcc_cflags_save; + if test x"$_gcc_wopt" = xyes ; then + CFLAGS="$CFLAGS -Wpointer-arith" + fi fi - AC_MSG_CHECKING([if gcc supports -Wpointer-arith]) - _gcc_cflags_save=$CFLAGS - CFLAGS="-Wpointer-arith" - AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no) - AC_MSG_RESULT($_gcc_wopt) - CFLAGS=$_gcc_cflags_save; - if test x"$_gcc_wopt" = xyes ; then - CFLAGS="$CFLAGS -Wpointer-arith" - fi fi # Check whether as(1) supports a noeexecstack feature. This test Modified: trunk/src/g10lib.h =================================================================== --- trunk/src/g10lib.h 2008-10-30 10:23:17 UTC (rev 1351) +++ trunk/src/g10lib.h 2008-10-30 11:56:57 UTC (rev 1352) @@ -58,6 +58,15 @@ #define GCC_ATTR_NORETURN #endif +#if __GNUC__ >= 3 +/* According to glibc this attribute is available since 2.8 however we + better play safe and use it only with gcc 3 or newer. */ +#define GCC_ATTR_FORMAT_ARG(a) __attribute__ ((format_arg (a))) +#else +#define GCC_ATTR_FORMAT_ARG(a) +#endif + + /* Gettext macros. */ #define _(a) _gcry_gettext(a) @@ -92,7 +101,7 @@ void _gcry_assert_failed (const char *expr, const char *file, int line); #endif -const char *_gcry_gettext (const char *key); +const char *_gcry_gettext (const char *key) GCC_ATTR_FORMAT_ARG(1); void _gcry_fatal_error(int rc, const char *text ) JNLIB_GCC_A_NR; void _gcry_log( int level, const char *fmt, ... ) JNLIB_GCC_A_PRINTF(2,3); void _gcry_log_bug( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2); From cvs at cvs.gnupg.org Thu Oct 30 14:23:42 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 30 Oct 2008 14:23:42 +0100 Subject: [svn] gpgme - r1342 - trunk/tests/gpgsm Message-ID: Author: wk Date: 2008-10-30 14:23:42 +0100 (Thu, 30 Oct 2008) New Revision: 1342 Added: trunk/tests/gpgsm/cms-keylist.c Modified: trunk/tests/gpgsm/Makefile.am Log: new debug helper program Modified: trunk/tests/gpgsm/Makefile.am =================================================================== --- trunk/tests/gpgsm/Makefile.am 2008-10-24 14:07:14 UTC (rev 1341) +++ trunk/tests/gpgsm/Makefile.am 2008-10-30 13:23:42 UTC (rev 1342) @@ -36,7 +36,7 @@ # We don't run t-genkey in the test suite, because it takes too long # and needs a working pinentry. -noinst_PROGRAMS = $(TESTS) t-genkey +noinst_PROGRAMS = $(TESTS) t-genkey cms-keylist key_id = 32100C27173EF6E9C4E9A25D3D69F86D37A4F939 Added: trunk/tests/gpgsm/cms-keylist.c =================================================================== --- trunk/tests/gpgsm/cms-keylist.c (rev 0) +++ trunk/tests/gpgsm/cms-keylist.c 2008-10-30 13:23:42 UTC (rev 1342) @@ -0,0 +1,122 @@ +/* cms-keylist.c - Helper to show a key listing. + Copyright (C) 2008 g10 Code GmbH + + This file is part of GPGME. + + GPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + GPGME is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . +*/ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include + +#define PGM "cms-keylist" + +#include "t-support.h" + +static const char * +nonnull (const char *s) +{ + return s? s :"[none]"; +} + + +int +main (int argc, char **argv) +{ + gpgme_error_t err; + gpgme_ctx_t ctx; + gpgme_key_t key; + gpgme_keylist_result_t result; + + if (argc) + { argc--; argv++; } + + if (argc > 1) + { + fputs ("usage: " PGM " [USERID]\n", stderr); + exit (1); + } + + init_gpgme (GPGME_PROTOCOL_CMS); + + err = gpgme_new (&ctx); + fail_if_err (err); + gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); + + err = gpgme_op_keylist_start (ctx, argc? argv[0]:NULL, 0); + fail_if_err (err); + + while (!(err = gpgme_op_keylist_next (ctx, &key))) + { + gpgme_user_id_t uid; + int nuids; + + for (nuids=0, uid=key->uids; uid; uid = uid->next) + nuids++; + + printf ("serial : %s\n", nonnull (key->issuer_serial)); + printf ("issuer : %s\n", nonnull (key->issuer_name)); + printf ("chain-id: %s\n", nonnull (key->chain_id)); + printf ("caps : %s%s%s%s\n", + key->can_encrypt? "e":"", + key->can_sign? "s":"", + key->can_certify? "c":"", + key->can_authenticate? "a":""); + printf ("flags :%s%s%s%s%s%s\n", + key->secret? " secret":"", + key->revoked? " revoked":"", + key->expired? " expired":"", + key->disabled? " disabled":"", + key->invalid? " invalid":"", + key->is_qualified? " qualifid":""); + for (nuids=0, uid=key->uids; uid; uid = uid->next, nuids++) + { + printf ("userid %d: %s\n", nuids, nonnull(uid->uid)); + printf ("valid %d: %s\n", nuids, + uid->validity == GPGME_VALIDITY_UNKNOWN? "unknown": + uid->validity == GPGME_VALIDITY_UNDEFINED? "undefined": + uid->validity == GPGME_VALIDITY_NEVER? "never": + uid->validity == GPGME_VALIDITY_MARGINAL? "marginal": + uid->validity == GPGME_VALIDITY_FULL? "full": + uid->validity == GPGME_VALIDITY_ULTIMATE? "ultimate": "[?]"); + } + + putchar ('\n'); + + gpgme_key_unref (key); + } + if (gpg_err_code (err) != GPG_ERR_EOF) + fail_if_err (err); + err = gpgme_op_keylist_end (ctx); + fail_if_err (err); + + result = gpgme_op_keylist_result (ctx); + if (result->truncated) + { + fprintf (stderr, PGM ": key listing unexpectedly truncated\n"); + exit (1); + } + + gpgme_release (ctx); + return 0; +} From cvs at cvs.gnupg.org Thu Oct 30 15:41:23 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 30 Oct 2008 15:41:23 +0100 Subject: [svn] gpgme - r1343 - trunk/tests/gpgsm Message-ID: Author: wk Date: 2008-10-30 15:41:23 +0100 (Thu, 30 Oct 2008) New Revision: 1343 Modified: trunk/tests/gpgsm/cms-keylist.c Log: use validated mode. Modified: trunk/tests/gpgsm/cms-keylist.c =================================================================== --- trunk/tests/gpgsm/cms-keylist.c 2008-10-30 13:23:42 UTC (rev 1342) +++ trunk/tests/gpgsm/cms-keylist.c 2008-10-30 14:41:23 UTC (rev 1343) @@ -63,6 +63,9 @@ fail_if_err (err); gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); + gpgme_set_keylist_mode (ctx, (gpgme_get_keylist_mode (ctx) + | GPGME_KEYLIST_MODE_VALIDATE)); + err = gpgme_op_keylist_start (ctx, argc? argv[0]:NULL, 0); fail_if_err (err); From cvs at cvs.gnupg.org Thu Oct 30 16:08:45 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Thu, 30 Oct 2008 16:08:45 +0100 Subject: [svn] gpgme - r1344 - in trunk: assuan gpgme Message-ID: Author: marcus Date: 2008-10-30 16:08:44 +0100 (Thu, 30 Oct 2008) New Revision: 1344 Modified: trunk/assuan/ChangeLog trunk/assuan/assuan-pipe-connect.c trunk/gpgme/ChangeLog trunk/gpgme/posix-io.c trunk/gpgme/priv-io.h trunk/gpgme/w32-io.c trunk/gpgme/wait-global.c trunk/gpgme/wait-private.c trunk/gpgme/wait-user.c Log: assuan/ 2008-10-30 Marcus Brinkmann * assuan-pipe-connect.c: Fix prototype for _gpgme_io_spawn. Cast second argument in its invocation to silence gcc warning. gpgme/ 2008-10-30 Marcus Brinkmann * wait-private.c (_gpgme_wait_on_condition): Remove unused variable IDX. * wait-global.c: Include ops.h to silence gcc warning. (_gpgme_wait_global_event_cb): Pass error value directly. * wait-user.c: Include ops.h to silence gcc warning. * posix-io.c (_gpgme_io_spawn): Make ARGV argument const to silence gcc warning. Cast argument to execv to silence warning. * w32-io.c (_gpgme_io_spawn): Likewise. * priv-io.h (_gpgme_io_spawn): Likewise for prototype. Modified: trunk/assuan/ChangeLog =================================================================== --- trunk/assuan/ChangeLog 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/assuan/ChangeLog 2008-10-30 15:08:44 UTC (rev 1344) @@ -1,3 +1,8 @@ +2008-10-30 Marcus Brinkmann + + * assuan-pipe-connect.c: Fix prototype for _gpgme_io_spawn. Cast + second argument in its invocation to silence gcc warning. + 2008-06-25 Marcus Brinkmann * assuan-pipe-connect.c (struct spawn_fd_item_s): Add new members. Modified: trunk/gpgme/ChangeLog =================================================================== --- trunk/gpgme/ChangeLog 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/gpgme/ChangeLog 2008-10-30 15:08:44 UTC (rev 1344) @@ -1,3 +1,16 @@ +2008-10-30 Marcus Brinkmann + + * wait-private.c (_gpgme_wait_on_condition): Remove unused + variable IDX. + * wait-global.c: Include ops.h to silence gcc warning. + (_gpgme_wait_global_event_cb): Pass error value directly. + * wait-user.c: Include ops.h to silence gcc warning. + + * posix-io.c (_gpgme_io_spawn): Make ARGV argument const to + silence gcc warning. Cast argument to execv to silence warning. + * w32-io.c (_gpgme_io_spawn): Likewise. + * priv-io.h (_gpgme_io_spawn): Likewise for prototype. + 2008-10-24 Werner Koch * rungpg.c (gpg_keylist_preprocess): Escape backslashes too. Modified: trunk/assuan/assuan-pipe-connect.c =================================================================== --- trunk/assuan/assuan-pipe-connect.c 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/assuan/assuan-pipe-connect.c 2008-10-30 15:08:44 UTC (rev 1344) @@ -52,7 +52,7 @@ int _gpgme_io_pipe (int filedes[2], int inherit_idx); -int _gpgme_io_spawn (const char *path, char **argv, +int _gpgme_io_spawn (const char *path, char *const argv[], struct spawn_fd_item_s *fd_list, pid_t *r_pid); #endif @@ -665,7 +665,7 @@ child_fds[nr].dup_to = -1; /* Start the process. */ - res = _gpgme_io_spawn (name, argv, child_fds, NULL); + res = _gpgme_io_spawn (name, (char *const *) argv, child_fds, NULL); if (res == -1) { _assuan_log_printf ("CreateProcess failed: %s\n", strerror (errno)); Modified: trunk/gpgme/posix-io.c =================================================================== --- trunk/gpgme/posix-io.c 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/gpgme/posix-io.c 2008-10-30 15:08:44 UTC (rev 1344) @@ -304,7 +304,7 @@ /* Returns 0 on success, -1 on error. */ int -_gpgme_io_spawn (const char *path, char **argv, +_gpgme_io_spawn (const char *path, char *const argv[], struct spawn_fd_item_s *fd_list, pid_t *r_pid) { pid_t pid; @@ -427,7 +427,7 @@ close (fd); } - execv (path, argv); + execv (path, (char *const *) argv); /* Hmm: in that case we could write a special status code to the status-pipe. */ #if 0 Modified: trunk/gpgme/priv-io.h =================================================================== --- trunk/gpgme/priv-io.h 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/gpgme/priv-io.h 2008-10-30 15:08:44 UTC (rev 1344) @@ -63,7 +63,7 @@ close all fds except for those in FD_LIST in the child, then optionally dup() the child fds. Finally, all fds in the list are closed in the parent. */ -int _gpgme_io_spawn (const char *path, char **argv, +int _gpgme_io_spawn (const char *path, char *const argv[], struct spawn_fd_item_s *fd_list, pid_t *r_pid); int _gpgme_io_select (struct io_select_fd_s *fds, size_t nfds, int nonblock); Modified: trunk/gpgme/w32-io.c =================================================================== --- trunk/gpgme/w32-io.c 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/gpgme/w32-io.c 2008-10-30 15:08:44 UTC (rev 1344) @@ -1009,7 +1009,7 @@ int -_gpgme_io_spawn (const char *path, char **argv, +_gpgme_io_spawn (const char *path, char *const argv[], struct spawn_fd_item_s *fd_list, pid_t *r_pid) { SECURITY_ATTRIBUTES sec_attr; Modified: trunk/gpgme/wait-global.c =================================================================== --- trunk/gpgme/wait-global.c 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/gpgme/wait-global.c 2008-10-30 15:08:44 UTC (rev 1344) @@ -33,6 +33,7 @@ #include "context.h" #include "wait.h" #include "priv-io.h" +#include "ops.h" /* The global event loop is used for all asynchronous operations (except key listing) for which no user I/O callbacks are specified. @@ -202,7 +203,7 @@ if (err) /* An error occured. Close all fds in this context, and send the error in a done event. */ - _gpgme_cancel_with_err (ctx, &err); + _gpgme_cancel_with_err (ctx, err); } break; Modified: trunk/gpgme/wait-private.c =================================================================== --- trunk/gpgme/wait-private.c 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/gpgme/wait-private.c 2008-10-30 15:08:44 UTC (rev 1344) @@ -86,8 +86,6 @@ { /* An error occured. Close all fds in this context, and signal it. */ - unsigned int idx; - err = gpg_error_from_errno (errno); _gpgme_cancel_with_err (ctx, err); Modified: trunk/gpgme/wait-user.c =================================================================== --- trunk/gpgme/wait-user.c 2008-10-30 14:41:23 UTC (rev 1343) +++ trunk/gpgme/wait-user.c 2008-10-30 15:08:44 UTC (rev 1344) @@ -28,6 +28,7 @@ #include "context.h" #include "priv-io.h" #include "wait.h" +#include "ops.h" /* The user event loops are used for all asynchronous operations for From cvs at cvs.gnupg.org Fri Oct 31 14:57:40 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 31 Oct 2008 14:57:40 +0100 Subject: [svn] gcry - r1353 - trunk/tests Message-ID: Author: wk Date: 2008-10-31 14:57:39 +0100 (Fri, 31 Oct 2008) New Revision: 1353 Modified: trunk/tests/ChangeLog trunk/tests/fipsdrv.c Log: Increase a buffer for use with SHA-512. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-30 11:56:57 UTC (rev 1352) +++ trunk/tests/ChangeLog 2008-10-31 13:57:39 UTC (rev 1353) @@ -1,3 +1,7 @@ +2008-10-31 Werner Koch + + * fipsdrv.c (run_rsa_sign): Buffer needs to be larger for SHA512. + 2008-10-27 Werner Koch * fipsdrv.c (run_encrypt_decrypt): Make IV_BUFFER optional. Modified: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c 2008-10-30 11:56:57 UTC (rev 1352) +++ trunk/tests/fipsdrv.c 2008-10-31 13:57:39 UTC (rev 1353) @@ -799,8 +799,8 @@ { "des-ecb", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB }, { "des-ede3-cbc", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC }, - { "des-ede3 ", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB }, - { "des3 ", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC }, + { "des-ede3", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB }, + { "des3", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC }, { "des-ede3-cfb", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CFB }, { "des-ede3-ofb", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_OFB }, @@ -1151,7 +1151,7 @@ /* showhex ("D", data, datalen); */ if (pkcs1) { - unsigned char hash[50]; + unsigned char hash[64]; unsigned int hashsize; hashsize = gcry_md_get_algo_dlen (hashalgo);