From cvs at cvs.gnupg.org Tue Dec 1 12:00:28 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 01 Dec 2009 12:00:28 +0100 Subject: [svn] gpgme - r1434 - trunk/src Message-ID: Author: wk Date: 2009-12-01 12:00:27 +0100 (Tue, 01 Dec 2009) New Revision: 1434 Modified: trunk/src/ChangeLog trunk/src/gpgme-tool.c Log: Fix segv in printf like functions. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-11-26 17:53:06 UTC (rev 1433) +++ trunk/src/ChangeLog 2009-12-01 11:00:27 UTC (rev 1434) @@ -1,3 +1,12 @@ +2009-12-01 Werner Koch + + * gpgme-tool.c (GT_GCC_A_SENTINEL, GT_GCC_A_PRINTF): New. + (gt_write_status): Use sentinel. + (argp_error, log_error): Use printf attribute. + (argp_parse): Remove extra argument to argp_error. + (_gt_progress_cb, gt_get_engine_info, gt_get_keylist_mode) + (gt_result): Add NULL arg. + 2009-11-26 Marcus Brinkmann * opassuan.c (opassuan_start): Allocate result structure before Modified: trunk/src/gpgme-tool.c =================================================================== --- trunk/src/gpgme-tool.c 2009-11-26 17:53:06 UTC (rev 1433) +++ trunk/src/gpgme-tool.c 2009-12-01 11:00:27 UTC (rev 1434) @@ -39,6 +39,21 @@ #include "gpgme.h" +/* GCC attributes. */ +#if __GNUC__ >= 4 +# define GT_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a))) +#else +# define GT_GCC_A_SENTINEL(a) +#endif + +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) +# define GT_GCC_A_PRINTF(f, a) __attribute__ ((format (printf,f,a))) +#else +# define GT_GCC_A_PRINTF(f, a) +#endif + + + #ifndef HAVE_ARGP_H /* Minimal argp implementation. */ @@ -135,6 +150,11 @@ | ARGP_HELP_DOC | ARGP_HELP_BUG_ADDR) +void argp_error (const struct argp_state *state, + const char *fmt, ...) GT_GCC_A_PRINTF(2, 3); + + + char * _argp_pname (char *name) { @@ -397,7 +417,7 @@ rc = argp->parser (ARGP_KEY_ARGS, NULL, &state); if (rc == ARGP_ERR_UNKNOWN) { - argp_error (&state, "Too many arguments", state.argv[idx]); + argp_error (&state, "Too many arguments"); goto argperror; } if (! rc && state.next == old_next) @@ -450,6 +470,10 @@ FILE *log_stream; char *program_name = "gpgme-tool"; +void log_error (int status, gpg_error_t errnum, + const char *fmt, ...) GT_GCC_A_PRINTF(3,4); + + void log_init (void) { @@ -518,7 +542,8 @@ /* Forward declaration. */ -void gt_write_status (gpgme_tool_t gt, status_t status, ...); +void gt_write_status (gpgme_tool_t gt, + status_t status, ...) GT_GCC_A_SENTINEL(0); void _gt_progress_cb (void *opaque, const char *what, @@ -528,7 +553,7 @@ char buf[100]; snprintf (buf, sizeof (buf), "0x%02x %i %i", type, current, total); - gt_write_status (gt, STATUS_PROGRESS, what, buf); + gt_write_status (gt, STATUS_PROGRESS, what, buf, NULL); } @@ -763,7 +788,7 @@ gt_write_status (gt, STATUS_ENGINE, gpgme_get_protocol_name (info->protocol), info->file_name, info->version, - info->req_version, info->home_dir); + info->req_version, info->home_dir, NULL); info = info->next; } return 0; @@ -896,7 +921,7 @@ modes[idx++] = NULL; gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2], - modes[3], modes[4], modes[5], modes[6]); + modes[3], modes[4], modes[5], modes[6], NULL); return 0; } @@ -1117,7 +1142,7 @@ while (invrec) { gt_write_status (gt, STATUS_ENCRYPT_RESULT, "invalid_recipient", - invrec->fpr, invrec->reason); + invrec->fpr, invrec->reason, NULL); invrec = invrec->next; } } From cvs at cvs.gnupg.org Tue Dec 1 12:21:47 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 01 Dec 2009 12:21:47 +0100 Subject: [svn] gpgme - r1435 - trunk/src Message-ID: Author: wk Date: 2009-12-01 12:21:47 +0100 (Tue, 01 Dec 2009) New Revision: 1435 Modified: trunk/src/ChangeLog trunk/src/gpgme-tool.c Log: Add flags to the getauditlog command. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-01 11:00:27 UTC (rev 1434) +++ trunk/src/ChangeLog 2009-12-01 11:21:47 UTC (rev 1435) @@ -1,5 +1,8 @@ 2009-12-01 Werner Koch + * gpgme-tool.c (cmd_getauditlog): Add flag --html. + (hlp_getauditlog): New. + * gpgme-tool.c (GT_GCC_A_SENTINEL, GT_GCC_A_PRINTF): New. (gt_write_status): Use sentinel. (argp_error, log_error): Use printf attribute. Modified: trunk/src/gpgme-tool.c =================================================================== --- trunk/src/gpgme-tool.c 2009-12-01 11:00:27 UTC (rev 1434) +++ trunk/src/gpgme-tool.c 2009-12-01 11:21:47 UTC (rev 1435) @@ -565,8 +565,8 @@ err = gpgme_new (ctx); if (err) return err; - gpgme_set_progress_cb (*ctx, _gt_progress_cb, gt); - return 0; + gpgme_set_progress_cb (*ctx, _gt_progress_cb, gt); + return 0; } @@ -1897,6 +1897,11 @@ } +static const char hlp_getauditlog[] = + "GETAUDITLOG [--html] [--with-help]\n" + "\n" + "Call the function gpgme_op_getauditlog with the given flags. Write\n" + "the output to the object set by the last OUTPUT command."; static gpg_error_t cmd_getauditlog (assuan_context_t ctx, char *line) { @@ -1904,6 +1909,7 @@ gpg_error_t err; assuan_fd_t out_fd; gpgme_data_t out_data; + unsigned int flags = 0; out_fd = assuan_get_output_fd (ctx); if (out_fd == ASSUAN_INVALID_FD) @@ -1912,8 +1918,13 @@ if (err) return err; - err = gt_getauditlog (server->gt, out_data, 0); + if (strstr (line, "--html")) + flags |= GPGME_AUDITLOG_HTML; + if (strstr (line, "--with-help")) + flags |= GPGME_AUDITLOG_WITH_HELP; + err = gt_getauditlog (server->gt, out_data, flags); + gpgme_data_release (out_data); server_reset_fds (server); @@ -2054,7 +2065,7 @@ { "KEYLIST", cmd_keylist }, { "LISTKEYS", cmd_keylist }, // TODO: TRUSTLIST, TRUSTLIST_EXT - { "GETAUDITLOG", cmd_getauditlog }, + { "GETAUDITLOG", cmd_getauditlog, hlp_getauditlog }, // TODO: ASSUAN { "VFS_MOUNT", cmd_vfs_mount }, { "MOUNT", cmd_vfs_mount }, From cvs at cvs.gnupg.org Tue Dec 1 20:19:35 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 01 Dec 2009 20:19:35 +0100 Subject: [svn] assuan - r324 - trunk/src Message-ID: Author: marcus Date: 2009-12-01 20:19:35 +0100 (Tue, 01 Dec 2009) New Revision: 324 Modified: trunk/src/ChangeLog trunk/src/assuan-pipe-server.c Log: 2009-12-01 Marcus Brinkmann * assuan-pipe-server.c (assuan_init_pipe_server): Fix debug output. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-11-27 19:12:01 UTC (rev 323) +++ trunk/src/ChangeLog 2009-12-01 19:19:35 UTC (rev 324) @@ -1,3 +1,7 @@ +2009-12-01 Marcus Brinkmann + + * assuan-pipe-server.c (assuan_init_pipe_server): Fix debug output. + 2009-11-27 Marcus Brinkmann * assuan.h (assuan_set_assuan_log_stream): Add prototype. Modified: trunk/src/assuan-pipe-server.c =================================================================== --- trunk/src/assuan-pipe-server.c 2009-11-27 19:12:01 UTC (rev 323) +++ trunk/src/assuan-pipe-server.c 2009-12-01 19:19:35 UTC (rev 324) @@ -59,9 +59,12 @@ assuan_fd_t infd = ASSUAN_INVALID_FD; assuan_fd_t outfd = ASSUAN_INVALID_FD; int is_usd = 0; - TRACE_BEG2 (ctx, ASSUAN_LOG_CTX, "assuan_init_pipe_server", ctx, - "fd[0]=0x%x, fd[1]=0x%x", filedes[0], filedes[1]); - + TRACE_BEG (ctx, ASSUAN_LOG_CTX, "assuan_init_pipe_server", ctx); + if (filedes) + { + TRACE_LOG2 ("fd[0]=0x%x, fd[1]=0x%x", filedes[0], filedes[1]); + } + rc = _assuan_register_std_commands (ctx); if (rc) return TRACE_ERR (rc); From cvs at cvs.gnupg.org Wed Dec 2 10:36:41 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 02 Dec 2009 10:36:41 +0100 Subject: [svn] pinentry - r212 - in trunk: . pinentry secmem Message-ID: Author: wk Date: 2009-12-02 10:36:40 +0100 (Wed, 02 Dec 2009) New Revision: 212 Modified: trunk/ChangeLog trunk/pinentry/pinentry-curses.c trunk/pinentry/pinentry.h trunk/secmem/util.c Log: Two portability fixes by Wyllys Ingersoll. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-08-10 15:27:56 UTC (rev 211) +++ trunk/ChangeLog 2009-12-02 09:36:40 UTC (rev 212) @@ -1,3 +1,11 @@ +2009-12-02 Werner Koch + + * secmem/util.c: Re-indent function names. + (TEMP_FAILURE_RETRY): Remove because it is non-portable. + (xwrite): Open code the EINTR retry. + * pinentry/pinentry-curses.c (dialog_run): Replace '\e' by a + standard escape. Reported by Wyllys Ingersoll. + 2009-08-10 Marcus Brinkmann * pinentry/pinentry.c [!ENABLE_ENHANCED]: Remove option enhanced. Modified: trunk/pinentry/pinentry-curses.c =================================================================== --- trunk/pinentry/pinentry-curses.c 2009-08-10 15:27:56 UTC (rev 211) +++ trunk/pinentry/pinentry-curses.c 2009-12-02 09:36:40 UTC (rev 212) @@ -767,7 +767,7 @@ } break; - case '\e': + case '\005': done = -2; break; Modified: trunk/pinentry/pinentry.h =================================================================== --- trunk/pinentry/pinentry.h 2009-08-10 15:27:56 UTC (rev 211) +++ trunk/pinentry/pinentry.h 2009-12-02 09:36:40 UTC (rev 212) @@ -107,7 +107,7 @@ /* If this is not NULL, a passphrase quality indicator is shown. There will also be an inquiry back to the caller to get an indication of the quality for the passphrase entered so far. The - string is used as a labe for the auality bar. */ + string is used as a label for the quality bar. */ char *quality_bar; /* The tooltip to be show for the qualitybar. Malloced or NULL. */ Modified: trunk/secmem/util.c =================================================================== --- trunk/secmem/util.c 2009-08-10 15:27:56 UTC (rev 211) +++ trunk/secmem/util.c 2009-12-02 09:36:40 UTC (rev 212) @@ -32,37 +32,36 @@ #include "util.h" -#ifndef TEMP_FAILURE_RETRY -#define TEMP_FAILURE_RETRY(expression) \ - (__extension__ \ - ({ long int __result; \ - do __result = (long int) (expression); \ - while (__result == -1L && errno == EINTR); \ - __result; })) -#endif - #ifndef HAVE_DOSISH_SYSTEM static int uid_set = 0; static uid_t real_uid, file_uid; #endif /*!HAVE_DOSISH_SYSTEM*/ -/* write DATA of size BYTES to FD, until all is written or an error occurs */ -ssize_t xwrite(int fd, const void *data, size_t bytes) +/* Write DATA of size BYTES to FD, until all is written or an error + occurs. */ +ssize_t +xwrite(int fd, const void *data, size_t bytes) { char *ptr; size_t todo; ssize_t written = 0; for (ptr = (char *)data, todo = bytes; todo; ptr += written, todo -= written) - if ((written = TEMP_FAILURE_RETRY(write(fd, ptr, todo))) < 0) - break; + { + do + written = write (fd, ptr, todo); + while (written == -1 && errno == EINTR); + if (written < 0) + break; + } return written; } #if 0 extern int debug; -int debugmsg(const char *fmt, ...) +int +debugmsg(const char *fmt, ...) { va_list va; int ret; @@ -81,7 +80,8 @@ /* initialize uid variables */ #ifndef HAVE_DOSISH_SYSTEM -static void init_uids(void) +static void +init_uids(void) { real_uid = getuid(); file_uid = geteuid(); @@ -92,7 +92,8 @@ #if 0 /* Not used. */ /* lower privileges to the real user's */ -void lower_privs() +void +lower_privs() { if (!uid_set) init_uids(); @@ -111,7 +112,8 @@ #if 0 /* Not used. */ /* raise privileges to the effective user's */ -void raise_privs() +void +raise_privs() { assert(real_uid >= 0); /* lower_privs() must be called before this */ #ifdef HAVE_SETEUID @@ -123,7 +125,8 @@ #endif /* if 0 */ /* drop all additional privileges */ -void drop_privs() +void +drop_privs() { #ifndef HAVE_DOSISH_SYSTEM if (!uid_set) From cvs at cvs.gnupg.org Wed Dec 2 10:49:57 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 02 Dec 2009 10:49:57 +0100 Subject: [svn] gpgme - r1436 - trunk/src Message-ID: Author: wk Date: 2009-12-02 10:49:56 +0100 (Wed, 02 Dec 2009) New Revision: 1436 Modified: trunk/src/ChangeLog trunk/src/gpgconf.c Log: Small portability fix Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-01 11:21:47 UTC (rev 1435) +++ trunk/src/ChangeLog 2009-12-02 09:49:56 UTC (rev 1436) @@ -1,3 +1,8 @@ +2009-12-02 Werner Koch + + * gpgconf.c (gpgme_conf_arg_release): No return in a function + returning void. Reported by Wyllys Ingersoll. + 2009-12-01 Werner Koch * gpgme-tool.c (cmd_getauditlog): Add flag --html. Modified: trunk/src/gpgconf.c =================================================================== --- trunk/src/gpgconf.c 2009-12-01 11:21:47 UTC (rev 1435) +++ trunk/src/gpgconf.c 2009-12-02 09:49:56 UTC (rev 1436) @@ -59,7 +59,7 @@ gpgme_conf_arg_release (gpgme_conf_arg_t arg, gpgme_conf_type_t type) { #ifdef ENABLE_GPGCONF - return _gpgme_conf_arg_release (arg, type); + _gpgme_conf_arg_release (arg, type); #endif } From cvs at cvs.gnupg.org Wed Dec 2 19:34:00 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 02 Dec 2009 19:34:00 +0100 Subject: [svn] GnuPG - r5202 - in trunk: . common g10 sm Message-ID: Author: wk Date: 2009-12-02 19:33:59 +0100 (Wed, 02 Dec 2009) New Revision: 5202 Modified: trunk/NEWS trunk/common/ChangeLog trunk/common/audit.c trunk/common/audit.h trunk/g10/ChangeLog trunk/g10/keyedit.c trunk/sm/ChangeLog trunk/sm/decrypt.c trunk/sm/gpgsm.c trunk/sm/sign.c trunk/sm/verify.c Log: More stuff for the audit-log. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/common/ChangeLog 2009-12-02 18:33:59 UTC (rev 5202) @@ -1,3 +1,11 @@ +2009-12-02 Werner Koch + + * audit.c (proc_type_decrypt, proc_type_sign): Implemented. + (proc_type_verify): Print hash algo infos. + * audit.h (AUDIT_DATA_CIPHER_ALGO, AUDIT_BAD_DATA_CIPHER_ALSO) + (AUDIT_NEW_RECP, AUDIT_DECRYPTION_RESULT, AUDIT_RECP_RESULT) + (AUDIT_ATTR_HASH_ALGO, AUDIT_SIGNED_BY, AUDIT_SIGNING_DONE): + 2009-11-05 Marcus Brinkmann * asshelp.c (start_new_gpg_agent): Update use of Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/g10/ChangeLog 2009-12-02 18:33:59 UTC (rev 5202) @@ -1,3 +1,7 @@ +2009-11-27 Werner Koch + + * keyedit.c (cmds, keyedit_menu): New command "checkbkupkey". + 2009-11-25 Marcus Brinkmann * server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/sm/ChangeLog 2009-12-02 18:33:59 UTC (rev 5202) @@ -1,3 +1,16 @@ +2009-12-02 Werner Koch + + * verify.c (gpgsm_verify): Add audit info on hash algorithms. + + * sign.c (gpgsm_sign): Add audit log calls. + (hash_data): Return an error indicator. + +2009-12-01 Werner Koch + + * decrypt.c (gpgsm_decrypt): Add audit log calls. + + * gpgsm.c: New option --html-audit-log. + 2009-11-25 Marcus Brinkmann * server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/NEWS 2009-12-02 18:33:59 UTC (rev 5202) @@ -4,7 +4,12 @@ * Encrypted OpenPGP messages with trailing data (e.g. other OpenPGP packets) are now correctly parsed. + * The GPGSM --audit-log feature is now more complete. + * The G13 tool for disk encryption key management has been added. + + + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: trunk/common/audit.c =================================================================== --- trunk/common/audit.c 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/common/audit.c 2009-12-02 18:33:59 UTC (rev 5202) @@ -1,5 +1,5 @@ /* audit.c - GnuPG's audit subsystem - * Copyright (C) 2007 Free Software Foundation, Inc. + * Copyright (C) 2007, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -42,7 +42,7 @@ { audit_event_t event; /* The event. */ gpg_error_t err; /* The logged error code. */ - int intvalue; /* A logged interger value. */ + int intvalue; /* A logged integer value. */ char *string; /* A malloced string or NULL. */ ksba_cert_t cert; /* A certifciate or NULL. */ int have_err:1; @@ -483,6 +483,14 @@ oktext = _("|audit-log-result|Not enabled"); else if (!strcmp (oktext, "error")) oktext = _("|audit-log-result|Error"); + else if (!strcmp (oktext, "not-used")) + oktext = _("|audit-log-result|Not used"); + else if (!strcmp (oktext, "okay")) + oktext = _("|audit-log-result|Okay"); + else if (!strcmp (oktext, "skipped")) + oktext = _("|audit-log-result|Skipped"); + else if (!strcmp (oktext, "some")) + oktext = _("|audit-log-result|Some"); else s = ""; @@ -806,17 +814,73 @@ static void proc_type_sign (audit_ctx_t ctx) { - log_item_t item; + log_item_t item, loopitem; + int signer, idx; + const char *result; + ksba_cert_t cert; + char *name; + int lastalgo; - item = NULL; + item = find_log_item (ctx, AUDIT_SIGNING_DONE, 0); writeout_li (ctx, item?"Yes":"No", "%s", _("Data signing succeeded")); enter_li (ctx); item = find_log_item (ctx, AUDIT_GOT_DATA, 0); writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); + /* Write remarks with the data hash algorithms. We use a very + simple scheme to avoid some duplicates. */ + loopitem = NULL; + lastalgo = 0; + while ((loopitem = find_next_log_item + (ctx, loopitem, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG))) + { + if (loopitem->intvalue && loopitem->intvalue != lastalgo) + writeout_rem (ctx, _("data hash algorithm: %s"), + gcry_md_algo_name (loopitem->intvalue)); + lastalgo = loopitem->intvalue; + } + /* Loop over all signer. */ + loopitem = NULL; + signer = 0; + while ((loopitem=find_next_log_item (ctx, loopitem, AUDIT_NEW_SIG, 0))) + { + signer++; + item = find_next_log_item (ctx, loopitem, AUDIT_SIGNED_BY, AUDIT_NEW_SIG); + if (!item) + result = "error"; + else if (!item->err) + result = "okay"; + else if (gpg_err_code (item->err) == GPG_ERR_CANCELED) + result = "skipped"; + else + result = gpg_strerror (item->err); + cert = item? item->cert : NULL; + + writeout_li (ctx, result, _("Signer %d"), signer); + item = find_next_log_item (ctx, loopitem, + AUDIT_ATTR_HASH_ALGO, AUDIT_NEW_SIG); + if (item) + writeout_rem (ctx, _("attr hash algorithm: %s"), + gcry_md_algo_name (item->intvalue)); + + if (cert) + { + name = get_cert_name (cert); + writeout_rem (ctx, "%s", name); + xfree (name); + enter_li (ctx); + for (idx=0; (name = get_cert_subject (cert, idx)); idx++) + { + writeout_rem (ctx, "%s", name); + xfree (name); + } + leave_li (ctx); + } + } + leave_li (ctx); } @@ -826,17 +890,88 @@ static void proc_type_decrypt (audit_ctx_t ctx) { - log_item_t item; + log_item_t loopitem, item; + int algo, recpno; + char *name; + char numbuf[35]; + int idx; - item = NULL; - writeout_li (ctx, item?"Yes":"No", "%s", _("Data decryption succeeded")); + item = find_log_item (ctx, AUDIT_DECRYPTION_RESULT, 0); + writeout_li (ctx, item && !item->err?"Yes":"No", + "%s", _("Data decryption succeeded")); enter_li (ctx); item = find_log_item (ctx, AUDIT_GOT_DATA, 0); writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); + item = find_log_item (ctx, AUDIT_DATA_CIPHER_ALGO, 0); + algo = item? item->intvalue : 0; + writeout_li (ctx, algo?"Yes":"No", "%s", _("Encryption algorithm supported")); + if (algo) + writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo)); + item = find_log_item (ctx, AUDIT_BAD_DATA_CIPHER_ALGO, 0); + if (item && item->string) + { + algo = gcry_cipher_map_name (item->string); + if (algo) + writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo)); + else if (item->string && !strcmp (item->string, "1.2.840.113549.3.2")) + writeout_rem (ctx, _("unsupported algorithm: %s"), "RC2"); + else if (item->string) + writeout_rem (ctx, _("unsupported algorithm: %s"), item->string); + else + writeout_rem (ctx, _("seems to be not encrypted")); + } + + + for (recpno = 0, item = NULL; + (item = find_next_log_item (ctx, item, AUDIT_NEW_RECP, 0)); recpno++) + ; + snprintf (numbuf, sizeof numbuf, "%d", recpno); + writeout_li (ctx, numbuf, "%s", _("Number of recipients")); + + /* Loop over all recipients. */ + loopitem = NULL; + while ((loopitem = find_next_log_item (ctx, loopitem, AUDIT_NEW_RECP, 0))) + { + const char *result; + + recpno = loopitem->have_intvalue? loopitem->intvalue : -1; + + item = find_next_log_item (ctx, loopitem, + AUDIT_RECP_RESULT, AUDIT_NEW_RECP); + if (!item) + result = "not-used"; + else if (!item->err) + result = "okay"; + else if (gpg_err_code (item->err) == GPG_ERR_CANCELED) + result = "skipped"; + else + result = gpg_strerror (item->err); + + item = find_next_log_item (ctx, loopitem, + AUDIT_RECP_NAME, AUDIT_NEW_RECP); + writeout_li (ctx, result, _("Recipient %d"), recpno); + if (item && item->string) + writeout_rem (ctx, "%s", item->string); + + /* If we have a certificate write out more infos. */ + item = find_next_log_item (ctx, loopitem, + AUDIT_SAVE_CERT, AUDIT_NEW_RECP); + if (item && item->cert) + { + enter_li (ctx); + for (idx=0; (name = get_cert_subject (item->cert, idx)); idx++) + { + writeout_rem (ctx, "%s", name); + xfree (name); + } + leave_li (ctx); + } + } + leave_li (ctx); } @@ -847,11 +982,12 @@ proc_type_verify (audit_ctx_t ctx) { log_item_t loopitem, item; - int signo, count, idx; + int signo, count, idx, n_good, n_bad; char numbuf[35]; + const char *result; /* If there is at least one signature status we claim that the - verifciation succeeded. This does not mean that the data has + verification succeeded. This does not mean that the data has verified okay. */ item = find_log_item (ctx, AUDIT_SIG_STATUS, 0); writeout_li (ctx, item?"Yes":"No", "%s", _("Data verification succeeded")); @@ -867,18 +1003,42 @@ if (!item) goto leave; - item = find_log_item (ctx, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG); - writeout_li (ctx, item?"Yes":"No", "%s", _("Parsing signature succeeded")); - if (!item) + /* Print info about the used data hashing algorithms. */ + for (idx=0, n_good=n_bad=0; idx < ctx->logused; idx++) { - item = find_log_item (ctx, AUDIT_BAD_DATA_HASH_ALGO, AUDIT_NEW_SIG); - if (item) - writeout_rem (ctx, _("Bad hash algorithm: %s"), - item->string? item->string:"?"); - - goto leave; + item = ctx->log + idx; + if (item->event == AUDIT_NEW_SIG) + break; + else if (item->event == AUDIT_DATA_HASH_ALGO) + n_good++; + else if (item->event == AUDIT_BAD_DATA_HASH_ALGO) + n_bad++; } + item = find_log_item (ctx, AUDIT_DATA_HASHING, AUDIT_NEW_SIG); + if (!item || item->err || !n_good) + result = "No"; + else if (n_good && !n_bad) + result = "Yes"; + else + result = "Some"; + writeout_li (ctx, result, "%s", _("Parsing data succeeded")); + if (n_good || n_bad) + { + for (idx=0; idx < ctx->logused; idx++) + { + item = ctx->log + idx; + if (item->event == AUDIT_NEW_SIG) + break; + else if (item->event == AUDIT_DATA_HASH_ALGO) + writeout_rem (ctx, _("data hash algorithm: %s"), + gcry_md_algo_name (item->intvalue)); + else if (item->event == AUDIT_BAD_DATA_HASH_ALGO) + writeout_rem (ctx, _("bad data hash algorithm: %s"), + item->string? item->string:"?"); + } + } + /* Loop over all signatures. */ loopitem = find_log_item (ctx, AUDIT_NEW_SIG, 0); assert (loopitem); @@ -893,6 +1053,18 @@ AUDIT_SIG_NAME, AUDIT_NEW_SIG); if (item) writeout_rem (ctx, "%s", item->string); + + item = find_next_log_item (ctx, loopitem, + AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG); + if (item) + writeout_rem (ctx, _("data hash algorithm: %s"), + gcry_md_algo_name (item->intvalue)); + item = find_next_log_item (ctx, loopitem, + AUDIT_ATTR_HASH_ALGO, AUDIT_NEW_SIG); + if (item) + writeout_rem (ctx, _("attr hash algorithm: %s"), + gcry_md_algo_name (item->intvalue)); + enter_li (ctx); /* List the certificate chain. */ @@ -1006,11 +1178,7 @@ /* We use an environment variable to include some debug info in the log. */ if ((s = getenv ("gnupg_debug_audit"))) - { - show_raw = 1; - if (!strcmp (s, "html")) - use_html = 1; - } + show_raw = 1; assert (!ctx->outstream); ctx->outstream = out; Modified: trunk/common/audit.h =================================================================== --- trunk/common/audit.h 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/common/audit.h 2009-12-02 18:33:59 UTC (rev 5202) @@ -81,15 +81,27 @@ /* A certifciate only signature has been detected. */ AUDIT_DATA_HASH_ALGO, /* int */ - /* The hash algo given as argument is used for this signature. - This event will be repeated for all hash algorithms used with - the data. */ + /* The hash algo given as argument is used for the data. This + event will be repeated for all hash algorithms used with the + data. */ + AUDIT_ATTR_HASH_ALGO, /* int */ + /* The hash algo given as argument is used to hash the message + digest and other signed attributes of this signature. */ + + AUDIT_DATA_CIPHER_ALGO, /* int */ + /* The cipher algo given as argument is used for this data. */ + AUDIT_BAD_DATA_HASH_ALGO, /* string */ /* The hash algo as specified by the signature can't be used. STRING is the description of this algorithm which usually is an OID string. STRING may be NULL. */ + AUDIT_BAD_DATA_CIPHER_ALGO, /* string */ + /* The symmetric cipher algorithm is not supported. STRING is the + description of this algorithm which usually is an OID string. + STRING may be NULL. */ + AUDIT_DATA_HASHING, /* ok_err */ /* Logs the result of the data hashing. */ @@ -118,7 +130,7 @@ certificate used for verification. An example for STRING when using CMS is: "#1234/CN=Prostetnic Vogon Jeltz". */ - AUDIT_SIG_STATUS, /* string */ + AUDIT_SIG_STATUS, /* string */ /* The signature status of the current signer. This is the last audit information for one signature. STRING gives the status: @@ -130,6 +142,24 @@ "good" - good signature */ + AUDIT_NEW_RECP, /* int */ + /* A new recipient has been seen during decryption. The argument + is the recipient number as used internally by the program. */ + + AUDIT_RECP_NAME, /* string */ + /* The name of a recipient. This is the name or other identification + data as known from the decryption and not the name from the + certificate used for decryption. An example for STRING when + using CMS is: "#1234/CN=Prostetnic Vogon Jeltz". */ + + AUDIT_RECP_RESULT, /* ok_err */ + /* The status of the session key decryption. This is only written + for recipients tried. */ + + AUDIT_DECRYPTION_RESULT, /* ok_err */ + /* The status of the entire decryption. The decryption was + successful if the error code is 0. */ + AUDIT_VALIDATE_CHAIN, /* Start the validation of a certificate chain. */ @@ -167,9 +197,14 @@ AUDIT_ENCRYPTION_DONE, /* Encryption succeeded. */ - + AUDIT_SIGNED_BY, /* cert, err */ + /* Records the certificate used for signed and whether the signure + could be created (if err==0). */ + AUDIT_SIGNING_DONE, + /* Signing succeeded. */ + AUDIT_LAST_EVENT /* Marker for parsing this list. */ } audit_event_t; Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/g10/keyedit.c 2009-12-02 18:33:59 UTC (rev 5202) @@ -1143,11 +1143,11 @@ break; default: if( sk->protect.s2k.mode == 1001 ) { - tty_printf(_("Secret parts of primary key are not available.\n")); + tty_printf(_("Secret parts of key are not available.\n")); no_primary_secrets = 1; } else if( sk->protect.s2k.mode == 1002 ) { - tty_printf(_("Secret parts of primary key are stored on-card.\n")); + tty_printf(_("Secret parts of key are stored on-card.\n")); no_primary_secrets = 1; } else { @@ -1365,8 +1365,8 @@ cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, - cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCLEAN, - cmdMINIMIZE, cmdNOP + cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCHECKBKUPKEY, + cmdCLEAN, cmdMINIMIZE, cmdNOP }; static struct @@ -1423,6 +1423,8 @@ N_("move a key to a smartcard")}, { "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, N_("move a backup key to a smartcard")}, + { "checkbkupkey", cmdCHECKBKUPKEY, KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, + NULL}, #endif /*ENABLE_CARD_SUPPORT*/ { "delkey" , cmdDELKEY , KEYEDIT_NOT_SK, @@ -1940,6 +1942,7 @@ break; case cmdBKUPTOCARD: + case cmdCHECKBKUPKEY: { /* Ask for a filename, check whether this is really a backup key as generated by the card generation, parse @@ -1991,12 +1994,36 @@ } node = new_kbnode (pkt); - /* Store it. */ - if (card_store_subkey (node, 0)) + if (cmd == cmdCHECKBKUPKEY) { - redisplay = 1; - sec_modified = 1; + PKT_secret_key *sk = node->pkt->pkt.secret_key; + switch (is_secret_key_protected (sk) ) + { + case 0: /* Not protected. */ + tty_printf (_("This key is not protected.\n")); + break; + case -1: + log_error (_("unknown key protection algorithm\n")); + break; + default: + if (sk->protect.s2k.mode == 1001) + tty_printf (_("Secret parts of key" + " are not available.\n")); + if (sk->protect.s2k.mode == 1002) + tty_printf (_("Secret parts of key" + " are stored on-card.\n")); + else + check_secret_key (sk, 0); + } } + else /* Store it. */ + { + if (card_store_subkey (node, 0)) + { + redisplay = 1; + sec_modified = 1; + } + } release_kbnode (node); } break; Modified: trunk/sm/decrypt.c =================================================================== --- trunk/sm/decrypt.c 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/sm/decrypt.c 2009-12-02 18:33:59 UTC (rev 5202) @@ -253,6 +253,8 @@ memset (&dfparm, 0, sizeof dfparm); + audit_set_type (ctrl->audit, AUDIT_TYPE_DECRYPT); + kh = keydb_new (0); if (!kh) { @@ -296,6 +298,8 @@ goto leave; } + audit_log (ctrl->audit, AUDIT_SETUP_READY); + /* Parser loop. */ do { @@ -313,6 +317,8 @@ const char *algoid; int any_key = 0; + audit_log (ctrl->audit, AUDIT_GOT_DATA); + algoid = ksba_cms_get_content_oid (cms, 2/* encryption algo*/); algo = gcry_cipher_map_name (algoid); mode = gcry_cipher_mode_from_oid (algoid); @@ -330,6 +336,7 @@ sprintf (numbuf, "%d", rc); gpgsm_status2 (ctrl, STATUS_ERROR, "decrypt.algorithm", numbuf, algoid?algoid:"?", NULL); + audit_log_s (ctrl->audit, AUDIT_BAD_DATA_CIPHER_ALGO, algoid); } /* If it seems that this is not an encrypted message we @@ -339,6 +346,8 @@ goto leave; } + + audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo); dfparm.algo = algo; dfparm.mode = mode; dfparm.blklen = gcry_cipher_get_algo_blklen (algo); @@ -369,6 +378,7 @@ rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial); if (rc == -1 && recp) break; /* no more recipients */ + audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp); if (rc) log_error ("recp %d - error getting info: %s\n", recp, gpg_strerror (rc)); @@ -382,6 +392,13 @@ gpgsm_dump_serial (serial); log_printf ("\n"); + if (ctrl->audit) + { + char *tmpstr = gpgsm_format_sn_issuer (serial, issuer); + audit_log_s (ctrl->audit, AUDIT_RECP_NAME, tmpstr); + xfree (tmpstr); + } + keydb_search_reset (kh); rc = keydb_search_issuer_sn (kh, issuer, serial); if (rc) @@ -415,6 +432,8 @@ kidbuf, "0", "0", NULL); } + /* Put the certificate into the audit log. */ + audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, 0); /* Just in case there is a problem with the own certificate we print this message - should never @@ -462,10 +481,41 @@ decrypt_filter, &dfparm); } + audit_log_ok (ctrl->audit, AUDIT_RECP_RESULT, rc); } xfree (hexkeygrip); xfree (desc); } + + /* If we write an audit log add the unused recipients to the + log as well. */ + if (ctrl->audit && any_key) + { + for (;; recp++) + { + char *issuer; + ksba_sexp_t serial; + int tmp_rc; + + tmp_rc = ksba_cms_get_issuer_serial (cms, recp, + &issuer, &serial); + if (tmp_rc == -1) + break; /* no more recipients */ + audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp); + if (tmp_rc) + log_error ("recp %d - error getting info: %s\n", + recp, gpg_strerror (rc)); + else + { + char *tmpstr = gpgsm_format_sn_issuer (serial, issuer); + audit_log_s (ctrl->audit, AUDIT_RECP_NAME, tmpstr); + xfree (tmpstr); + xfree (issuer); + xfree (serial); + } + } + } + if (!any_key) { rc = gpg_error (GPG_ERR_NO_SECKEY); @@ -488,7 +538,7 @@ dfparm.lastblock, dfparm.blklen - npadding); if (rc) - goto leave; + goto leave; for (i=dfparm.blklen - npadding; i < dfparm.blklen; i++) { @@ -515,6 +565,7 @@ leave: + audit_log_ok (ctrl->audit, AUDIT_DECRYPTION_RESULT, rc); if (rc) { gpgsm_status (ctrl, STATUS_DECRYPTION_FAILED, NULL); Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/sm/gpgsm.c 2009-12-02 18:33:59 UTC (rev 5202) @@ -99,6 +99,7 @@ oLogFile, oNoLogFile, oAuditLog, + oHtmlAuditLog, oEnableSpecialFilenames, @@ -286,6 +287,7 @@ ARGPARSE_s_s (oAuditLog, "audit-log", N_("|FILE|write an audit log to FILE")), + ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""), ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")), ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")), @@ -851,6 +853,7 @@ int default_keyring = 1; char *logfile = NULL; char *auditlog = NULL; + char *htmlauditlog = NULL; int greeting = 0; int nogreeting = 0; int debug_wait = 0; @@ -866,6 +869,7 @@ int do_not_setup_keys = 0; int recp_required = 0; estream_t auditfp = NULL; + estream_t htmlauditfp = NULL; struct assuan_malloc_hooks malloc_hooks; /*mtrace();*/ @@ -1182,6 +1186,7 @@ case oNoLogFile: logfile = NULL; break; case oAuditLog: auditlog = pargs.r.ret_str; break; + case oHtmlAuditLog: htmlauditlog = pargs.r.ret_str; break; case oBatch: opt.batch = 1; @@ -1410,11 +1415,6 @@ } # endif - if (auditlog) - log_info ("NOTE: The audit log feature (--audit-log) is " - "WORK IN PRORESS and not ready for use!\n"); - - if (may_coredump && !opt.quiet) log_info (_("WARNING: program may create a core file!\n")); @@ -1546,7 +1546,7 @@ /* Prepare the audit log feature for certain commands. */ - if (auditlog) + if (auditlog || htmlauditlog) { switch (cmd) { @@ -1556,7 +1556,10 @@ case aVerify: audit_release (ctrl.audit); ctrl.audit = audit_new (); - auditfp = open_es_fwrite (auditlog); + if (auditlog) + auditfp = open_es_fwrite (auditlog); + if (htmlauditlog) + htmlauditfp = open_es_fwrite (htmlauditlog); break; default: break; @@ -1914,12 +1917,16 @@ } /* Print the audit result if needed. */ - if (auditlog && auditfp) + if ((auditlog && auditfp) || (htmlauditlog && htmlauditfp)) { - audit_print_result (ctrl.audit, auditfp, 0); + if (auditlog && auditfp) + audit_print_result (ctrl.audit, auditfp, 0); + if (htmlauditlog && htmlauditfp) + audit_print_result (ctrl.audit, htmlauditfp, 1); audit_release (ctrl.audit); ctrl.audit = NULL; es_fclose (auditfp); + es_fclose (htmlauditfp); } /* cleanup */ Modified: trunk/sm/sign.c =================================================================== --- trunk/sm/sign.c 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/sm/sign.c 2009-12-02 18:33:59 UTC (rev 5202) @@ -34,18 +34,20 @@ #include "i18n.h" -static void +/* Hash the data and return if something was hashed. Return -1 on error. */ +static int hash_data (int fd, gcry_md_hd_t md) { FILE *fp; char buffer[4096]; int nread; + int rc = 0; fp = fdopen ( dup (fd), "rb"); if (!fp) { log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno)); - return; + return -1; } do @@ -55,8 +57,12 @@ } while (nread); if (ferror (fp)) + { log_error ("read error on fd %d: %s\n", fd, strerror (errno)); + rc = -1; + } fclose (fp); + return rc; } static int @@ -321,6 +327,8 @@ certlist_t cl; int release_signerlist = 0; + audit_set_type (ctrl->audit, AUDIT_TYPE_SIGN); + kh = keydb_new (0); if (!kh) { @@ -539,8 +547,11 @@ goto leave; } gcry_md_enable (data_md, algo); + audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo); } + audit_log (ctrl->audit, AUDIT_SETUP_READY); + if (detached) { /* We hash the data right now so that we can store the message digest. ksba_cms_build() takes this as an flag that detached @@ -548,7 +559,8 @@ unsigned char *digest; size_t digest_len; - hash_data (data_fd, data_md); + if (!hash_data (data_fd, data_md)) + audit_log (ctrl->audit, AUDIT_GOT_DATA); for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) { digest = gcry_md_read (data_md, cl->hash_algo); @@ -623,6 +635,7 @@ rc = hash_and_copy_data (data_fd, data_md, writer); if (rc) goto leave; + audit_log (ctrl->audit, AUDIT_GOT_DATA); for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) { digest = gcry_md_read (data_md, cl->hash_algo); @@ -663,13 +676,18 @@ unsigned char *sigval = NULL; char *buf, *fpr; + audit_log_i (ctrl->audit, AUDIT_NEW_SIG, signer); if (signer) gcry_md_reset (md); { certlist_t cl_tmp; for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next) - gcry_md_enable (md, cl_tmp->hash_algo); + { + gcry_md_enable (md, cl_tmp->hash_algo); + audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, + cl_tmp->hash_algo); + } } rc = ksba_cms_hash_signed_attrs (cms, signer); @@ -685,6 +703,7 @@ md, cl->hash_algo, &sigval); if (rc) { + audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, rc); gcry_md_close (md); goto leave; } @@ -693,6 +712,7 @@ xfree (sigval); if (err) { + audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err); log_error ("failed to store the signature: %s\n", gpg_strerror (err)); rc = err; @@ -708,28 +728,29 @@ gcry_md_close (md); goto leave; } + rc = 0; { int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL); - rc = asprintf (&buf, "%c %d %d 00 %s %s", - detached? 'D':'S', - pkalgo, - cl->hash_algo, - signed_at, - fpr); + buf = xtryasprintf ("%c %d %d 00 %s %s", + detached? 'D':'S', + pkalgo, + cl->hash_algo, + signed_at, + fpr); + if (!buf) + rc = gpg_error_from_syserror (); } xfree (fpr); - if (rc < 0) + if (rc) { - rc = gpg_error (GPG_ERR_ENOMEM); gcry_md_close (md); goto leave; } - rc = 0; gpgsm_status (ctrl, STATUS_SIG_CREATED, buf); - free (buf); /* yes, we must use the regular free() here */ + xfree (buf); + audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, 0); } gcry_md_close (md); - } } while (stopreason != KSBA_SR_READY); @@ -741,6 +762,7 @@ goto leave; } + audit_log (ctrl->audit, AUDIT_SIGNING_DONE); log_info ("signature created\n"); Modified: trunk/sm/verify.c =================================================================== --- trunk/sm/verify.c 2009-11-27 19:13:02 UTC (rev 5201) +++ trunk/sm/verify.c 2009-12-02 18:33:59 UTC (rev 5202) @@ -216,6 +216,8 @@ log_debug ("enabling extra hash algorithm %d\n", opt.extra_digest_algo); gcry_md_enable (data_md, opt.extra_digest_algo); + audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, + opt.extra_digest_algo); } if (is_detached) { @@ -236,7 +238,7 @@ } else if (stopreason == KSBA_SR_END_DATA) { /* The data bas been hashed */ - + audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0); } } while (stopreason != KSBA_SR_READY); @@ -452,6 +454,7 @@ log_printf (_(" using certificate ID 0x%08lX\n"), gpgsm_get_short_fingerprint (cert, NULL)); + audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo); if (msgdigest) { /* Signed attributes are available. */ @@ -484,6 +487,7 @@ goto next_signer; } + audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo); rc = gcry_md_open (&md, sigval_hash_algo, 0); if (rc) { From cvs at cvs.gnupg.org Wed Dec 2 19:35:35 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Wed, 02 Dec 2009 19:35:35 +0100 Subject: [svn] assuan - r325 - in trunk: . src Message-ID: Author: marcus Date: 2009-12-02 19:35:34 +0100 (Wed, 02 Dec 2009) New Revision: 325 Removed: trunk/src/assuan-client.c Modified: trunk/NEWS trunk/src/ChangeLog trunk/src/Makefile.am trunk/src/assuan-defs.h trunk/src/assuan-pipe-connect.c trunk/src/assuan-socket-connect.c trunk/src/assuan.h trunk/src/client.c trunk/src/libassuan.def trunk/src/libassuan.vers Log: src/ 2009-12-02 Marcus Brinkmann * Makefile.am (common_sources): Remove assuan-client.c. * assuan-client.c: File removed. * assuan.h (ASSUAN_RESPONSE_ERROR, ASSUAN_RESPONSE_OK) (ASSUAN_RESPONSE_STATUS, ASSUAN_RESPONSE_INQUIRE) (ASSUAN_RESPONSE_STATUS): New macros. (assuan_response_t): New type. (assuan_client_read_response, assuan_client_parse_response): New prototypes. * libassuan.def, libassuan.vers: Add assuan_client_read_response, assuan_client_parse_response. * assuan-client.c (xtoi_1, xtoi_2, assuan_transact) (_assuan_read_from_server): Moved to ... * client.c: ... here, with updates to use new functions and types. Include . (assuan_client_read_response, assuan_client_parse_response): New functions. * assuan-defs.h (_assuan_read_from_server): Use assuan_response_t. * assuan-pipe-connect.c (initial_handshake): Use assuan_response_t and ASSUAN_RESPONSE_OK. * assuan-socket-connect.c (assuan_socket_connect): Likewise. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/ChangeLog 2009-12-02 18:35:34 UTC (rev 325) @@ -1,3 +1,26 @@ +2009-12-02 Marcus Brinkmann + + * Makefile.am (common_sources): Remove assuan-client.c. + * assuan-client.c: File removed. + * assuan.h (ASSUAN_RESPONSE_ERROR, ASSUAN_RESPONSE_OK) + (ASSUAN_RESPONSE_STATUS, ASSUAN_RESPONSE_INQUIRE) + (ASSUAN_RESPONSE_STATUS): New macros. + (assuan_response_t): New type. + (assuan_client_read_response, assuan_client_parse_response): New + prototypes. + * libassuan.def, libassuan.vers: Add assuan_client_read_response, + assuan_client_parse_response. + * assuan-client.c (xtoi_1, xtoi_2, assuan_transact) + (_assuan_read_from_server): Moved to ... + * client.c: ... here, with updates to use new functions and types. + Include . + (assuan_client_read_response, assuan_client_parse_response): New + functions. + * assuan-defs.h (_assuan_read_from_server): Use assuan_response_t. + * assuan-pipe-connect.c (initial_handshake): Use assuan_response_t + and ASSUAN_RESPONSE_OK. + * assuan-socket-connect.c (assuan_socket_connect): Likewise. + 2009-12-01 Marcus Brinkmann * assuan-pipe-server.c (assuan_init_pipe_server): Fix debug output. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/NEWS 2009-12-02 18:35:34 UTC (rev 325) @@ -88,6 +88,8 @@ ASSUAN_SOCKET_CONNECT_FDPASSING NEW assuan_peercred_t NEW assuan_get_peercred CHANGED: Return assuan_peercred_t. +assuan_client_read_response NEW +assuan_client_parse_response NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Modified: trunk/src/Makefile.am =================================================================== --- trunk/src/Makefile.am 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/Makefile.am 2009-12-02 18:35:34 UTC (rev 325) @@ -44,7 +44,6 @@ assuan-handler.c \ assuan-inquire.c \ assuan-listen.c \ - assuan-client.c \ assuan-pipe-server.c \ assuan-socket-server.c \ assuan-pipe-connect.c \ Deleted: trunk/src/assuan-client.c Modified: trunk/src/assuan-defs.h =================================================================== --- trunk/src/assuan-defs.h 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/assuan-defs.h 2009-12-02 18:35:34 UTC (rev 325) @@ -277,9 +277,9 @@ gpg_error_t _assuan_write_line (assuan_context_t ctx, const char *prefix, const char *line, size_t len); -/*-- assuan-client.c --*/ +/*-- client.c --*/ gpg_error_t _assuan_read_from_server (assuan_context_t ctx, - int *okay, int *off); + assuan_response_t *okay, int *off); /*-- assuan-error.c --*/ Modified: trunk/src/assuan-pipe-connect.c =================================================================== --- trunk/src/assuan-pipe-connect.c 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/assuan-pipe-connect.c 2009-12-02 18:35:34 UTC (rev 325) @@ -88,14 +88,15 @@ static gpg_error_t initial_handshake (assuan_context_t ctx) { - int okay, off; + assuan_response_t response; + int off; gpg_error_t err; - err = _assuan_read_from_server (ctx, &okay, &off); + err = _assuan_read_from_server (ctx, &response, &off); if (err) TRACE1 (ctx, ASSUAN_LOG_SYSIO, "initial_handshake", ctx, "can't connect server: %s", gpg_strerror (err)); - else if (okay != 1) + else if (response != ASSUAN_RESPONSE_OK) { TRACE1 (ctx, ASSUAN_LOG_SYSIO, "initial_handshake", ctx, "can't connect server: `%s'", ctx->inbound.line); Modified: trunk/src/assuan-socket-connect.c =================================================================== --- trunk/src/assuan-socket-connect.c 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/assuan-socket-connect.c 2009-12-02 18:35:34 UTC (rev 325) @@ -124,13 +124,14 @@ /* initial handshake */ { - int okay, off; + assuan_response_t response; + int off; - err = _assuan_read_from_server (ctx, &okay, &off); + err = _assuan_read_from_server (ctx, &response, &off); if (err) TRACE1 (ctx, ASSUAN_LOG_SYSIO, "assuan_socket_connect_ext", ctx, "can't connect to server: %s\n", gpg_strerror (err)); - else if (okay != 1) + else if (response != ASSUAN_RESPONSE_OK) { char *sname = _assuan_encode_c_string (ctx, ctx->inbound.line); if (sname) Modified: trunk/src/assuan.h =================================================================== --- trunk/src/assuan.h 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/assuan.h 2009-12-02 18:35:34 UTC (rev 325) @@ -408,6 +408,26 @@ gpg_error_t assuan_get_peercred (assuan_context_t ctx, assuan_peercred_t *peercred); + + +/* Client interface. */ +#define ASSUAN_RESPONSE_ERROR 0 +#define ASSUAN_RESPONSE_OK 1 +#define ASSUAN_RESPONSE_DATA 2 +#define ASSUAN_RESPONSE_INQUIRE 3 +#define ASSUAN_RESPONSE_STATUS 4 +#define ASSUAN_RESPONSE_END 5 +typedef int assuan_response_t; + +/* This already de-escapes data lines. */ +gpg_error_t assuan_client_read_response (assuan_context_t ctx, + char **line, int *linelen); + +gpg_error_t assuan_client_parse_response (assuan_context_t ctx, + char *line, int linelen, + assuan_response_t *response, + int *off); + /*-- assuan-client.c --*/ gpg_error_t assuan_transact (assuan_context_t ctx, Modified: trunk/src/client.c =================================================================== --- trunk/src/client.c 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/client.c 2009-12-02 18:35:34 UTC (rev 325) @@ -22,9 +22,16 @@ #include #endif +#include + #include "assuan-defs.h" #include "debug.h" +#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ + *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) +#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) + + void _assuan_client_finish (assuan_context_t ctx) { @@ -58,3 +65,243 @@ _assuan_client_finish (ctx); } + + +/* This function also does deescaping for data lines. */ +gpg_error_t +assuan_client_read_response (assuan_context_t ctx, + char **line_r, int *linelen_r) +{ + gpg_error_t rc; + char *line = NULL; + int linelen = 0; + + *line_r = NULL; + *linelen_r = 0; + + do + { + do + { + rc = _assuan_read_line (ctx); + } + while (_assuan_error_is_eagain (ctx, rc)); + if (rc) + return rc; + line = ctx->inbound.line; + linelen = ctx->inbound.linelen; + } + while (*line == '#' || !linelen); + + /* For data lines, we deescape immediately. The user will never + have to worry about it. */ + if (linelen >= 1 && line[0] == 'D' && line[1] == ' ') + { + char *s, *d; + for (s=d=line; linelen; linelen--) + { + if (*s == '%' && linelen > 2) + { /* handle escaping */ + s++; + *d++ = xtoi_2 (s); + s += 2; + linelen -= 2; + } + else + *d++ = *s++; + } + *d = 0; /* add a hidden string terminator */ + + ctx->inbound.linelen = linelen; + } + + *line_r = line; + *linelen_r = linelen; + + return 0; +} + + +gpg_error_t +assuan_client_parse_response (assuan_context_t ctx, char *line, int linelen, + assuan_response_t *response, int *off) +{ + *response = ASSUAN_RESPONSE_ERROR; + *off = 0; + + if (linelen >= 1 + && line[0] == 'D' && line[1] == ' ') + { + *response = ASSUAN_RESPONSE_DATA; /* data line */ + *off = 2; + } + else if (linelen >= 1 + && line[0] == 'S' + && (line[1] == '\0' || line[1] == ' ')) + { + *response = ASSUAN_RESPONSE_STATUS; + *off = 1; + while (line[*off] == ' ') + ++*off; + } + else if (linelen >= 2 + && line[0] == 'O' && line[1] == 'K' + && (line[2] == '\0' || line[2] == ' ')) + { + *response = ASSUAN_RESPONSE_OK; + *off = 2; + while (line[*off] == ' ') + ++*off; + } + else if (linelen >= 3 + && line[0] == 'E' && line[1] == 'R' && line[2] == 'R' + && (line[3] == '\0' || line[3] == ' ')) + { + *response = ASSUAN_RESPONSE_ERROR; + *off = 3; + while (line[*off] == ' ') + ++*off; + } + else if (linelen >= 7 + && line[0] == 'I' && line[1] == 'N' && line[2] == 'Q' + && line[3] == 'U' && line[4] == 'I' && line[5] == 'R' + && line[6] == 'E' + && (line[7] == '\0' || line[7] == ' ')) + { + *response = ASSUAN_RESPONSE_INQUIRE; + *off = 7; + while (line[*off] == ' ') + ++*off; + } + else if (linelen >= 3 + && line[0] == 'E' && line[1] == 'N' && line[2] == 'D' + && (line[3] == '\0' || line[3] == ' ')) + { + *response = ASSUAN_RESPONSE_END; + *off = 3; + } + else + return _assuan_error (ctx, GPG_ERR_ASS_INV_RESPONSE); + + return 0; +} + + +gpg_error_t +_assuan_read_from_server (assuan_context_t ctx, assuan_response_t *response, + int *off) +{ + gpg_error_t rc; + char *line; + int linelen; + + *response = ASSUAN_RESPONSE_ERROR; + *off = 0; + rc = assuan_client_read_response (ctx, &line, &linelen); + if (!rc) + rc = assuan_client_parse_response (ctx, line, linelen, response, off); + return rc; +} + + +/** + * assuan_transact: + * @ctx: The Assuan context + * @command: Command line to be send to the server + * @data_cb: Callback function for data lines + * @data_cb_arg: first argument passed to @data_cb + * @inquire_cb: Callback function for a inquire response + * @inquire_cb_arg: first argument passed to @inquire_cb + * @status_cb: Callback function for a status response + * @status_cb_arg: first argument passed to @status_cb + * + * FIXME: Write documentation + * + * Return value: 0 on success or error code. The error code may be + * the one one returned by the server in error lines or from the + * callback functions. Take care: When a callback returns an error + * this function returns immediately with an error and thus the caller + * will altter return an Assuan error (write erro in most cases). + **/ +gpg_error_t +assuan_transact (assuan_context_t ctx, + const char *command, + gpg_error_t (*data_cb)(void *, const void *, size_t), + void *data_cb_arg, + gpg_error_t (*inquire_cb)(void*, const char *), + void *inquire_cb_arg, + gpg_error_t (*status_cb)(void*, const char *), + void *status_cb_arg) +{ + gpg_error_t rc; + assuan_response_t response; + int off; + char *line; + int linelen; + + rc = assuan_write_line (ctx, command); + if (rc) + return rc; + + if (*command == '#' || !*command) + return 0; /* Don't expect a response for a comment line. */ + + again: + rc = _assuan_read_from_server (ctx, &response, &off); + if (rc) + return rc; /* error reading from server */ + + line = ctx->inbound.line + off; + linelen = ctx->inbound.linelen - off; + + if (response == ASSUAN_RESPONSE_ERROR) + rc = atoi (line); + else if (response == ASSUAN_RESPONSE_DATA) + { + if (!data_cb) + rc = _assuan_error (ctx, GPG_ERR_ASS_NO_DATA_CB); + else + { + rc = data_cb (data_cb_arg, line, linelen); + if (!rc) + goto again; + } + } + else if (response == ASSUAN_RESPONSE_INQUIRE) + { + if (!inquire_cb) + { + assuan_write_line (ctx, "END"); /* get out of inquire mode */ + _assuan_read_from_server (ctx, &response, &off); /* dummy read */ + rc = _assuan_error (ctx, GPG_ERR_ASS_NO_INQUIRE_CB); + } + else + { + rc = inquire_cb (inquire_cb_arg, line); + if (!rc) + rc = assuan_send_data (ctx, NULL, 0); /* flush and send END */ + if (!rc) + goto again; + } + } + else if (response == ASSUAN_RESPONSE_STATUS) + { + if (status_cb) + rc = status_cb (status_cb_arg, line); + if (!rc) + goto again; + } + else if (response == ASSUAN_RESPONSE_END) + { + if (!data_cb) + rc = _assuan_error (ctx, GPG_ERR_ASS_NO_DATA_CB); + else + { + rc = data_cb (data_cb_arg, NULL, 0); + if (!rc) + goto again; + } + } + + return rc; +} Modified: trunk/src/libassuan.def =================================================================== --- trunk/src/libassuan.def 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/libassuan.def 2009-12-02 18:35:34 UTC (rev 325) @@ -94,6 +94,8 @@ __assuan_spawn @73 __assuan_usleep @74 assuan_fdopen @75 + assuan_client_read_response @76 + assuan_client_parse_response @77 ; END Modified: trunk/src/libassuan.vers =================================================================== --- trunk/src/libassuan.vers 2009-12-01 19:19:35 UTC (rev 324) +++ trunk/src/libassuan.vers 2009-12-02 18:35:34 UTC (rev 325) @@ -24,6 +24,8 @@ global: assuan_accept; assuan_begin_confidential; + assuan_client_read_response; + assuan_client_parse_response; assuan_close_input_fd; assuan_close_output_fd; assuan_command_parse_fd; From cvs at cvs.gnupg.org Wed Dec 2 20:00:10 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 02 Dec 2009 20:00:10 +0100 Subject: [svn] GnuPG - r5203 - trunk/agent Message-ID: Author: wk Date: 2009-12-02 20:00:10 +0100 (Wed, 02 Dec 2009) New Revision: 5203 Modified: trunk/agent/ChangeLog trunk/agent/trustlist.c Log: Fix usage of realloc. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2009-12-02 18:33:59 UTC (rev 5202) +++ trunk/agent/ChangeLog 2009-12-02 19:00:10 UTC (rev 5203) @@ -1,3 +1,10 @@ +2009-12-02 Werner Koch + + * trustlist.c (read_trustfiles): Store the pointer returned from + shrinking the memory and not the orginal one. Fixes bug#1163. + Reported by TAKAHASHI Tamotsu. Also return correct error after + memory failure. + 2009-11-27 Marcus Brinkmann * command.c (start_command_handler): Do not call Modified: trunk/agent/trustlist.c =================================================================== --- trunk/agent/trustlist.c 2009-12-02 18:33:59 UTC (rev 5202) +++ trunk/agent/trustlist.c 2009-12-02 19:00:10 UTC (rev 5203) @@ -361,13 +361,14 @@ ti = xtryrealloc (table, (tableidx?tableidx:1) * sizeof *table); if (!ti) { + err = gpg_error_from_syserror (); xfree (table); return err; } lock_trusttable (); xfree (trusttable); - trusttable = table; + trusttable = ti; trusttablesize = tableidx; unlock_trusttable (); return 0; From cvs at cvs.gnupg.org Wed Dec 2 20:02:33 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 02 Dec 2009 20:02:33 +0100 Subject: [svn] GnuPG - r5204 - branches/STABLE-BRANCH-2-0/agent Message-ID: Author: wk Date: 2009-12-02 20:02:33 +0100 (Wed, 02 Dec 2009) New Revision: 5204 Modified: branches/STABLE-BRANCH-2-0/agent/ChangeLog branches/STABLE-BRANCH-2-0/agent/trustlist.c Log: Fix realloc usage. Fixes bug#1163. Modified: branches/STABLE-BRANCH-2-0/agent/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/agent/ChangeLog 2009-12-02 19:00:10 UTC (rev 5203) +++ branches/STABLE-BRANCH-2-0/agent/ChangeLog 2009-12-02 19:02:33 UTC (rev 5204) @@ -1,3 +1,10 @@ +2009-12-02 Werner Koch + + * trustlist.c (read_trustfiles): Store the pointer returned from + shrinking the memory and not the orginal one. Fixes bug#1163. + Reported by TAKAHASHI Tamotsu. Also return correct error after + memory failure. + 2009-09-04 Marcus Brinkmann * command.c (start_command_handler): Add comment about gap in Modified: branches/STABLE-BRANCH-2-0/agent/trustlist.c =================================================================== --- branches/STABLE-BRANCH-2-0/agent/trustlist.c 2009-12-02 19:00:10 UTC (rev 5203) +++ branches/STABLE-BRANCH-2-0/agent/trustlist.c 2009-12-02 19:02:33 UTC (rev 5204) @@ -361,13 +361,14 @@ ti = xtryrealloc (table, (tableidx?tableidx:1) * sizeof *table); if (!ti) { + err = gpg_error_from_syserror (); xfree (table); return err; } lock_trusttable (); xfree (trusttable); - trusttable = table; + trusttable = ti; trusttablesize = tableidx; unlock_trusttable (); return 0; From cvs at cvs.gnupg.org Thu Dec 3 19:04:41 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 03 Dec 2009 19:04:41 +0100 Subject: [svn] GnuPG - r5205 - in trunk: . agent doc g10 g13 scd sm Message-ID: Author: wk Date: 2009-12-03 19:04:40 +0100 (Thu, 03 Dec 2009) New Revision: 5205 Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/gpg-agent.c trunk/doc/gpg-agent.texi trunk/doc/gpg.texi trunk/doc/gpgsm.texi trunk/doc/scdaemon.texi trunk/g10/ChangeLog trunk/g10/gpg.c trunk/g13/g13.c trunk/scd/ChangeLog trunk/scd/scdaemon.c trunk/sm/ChangeLog trunk/sm/gpgsm.c Log: support numeric debug levels. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/agent/ChangeLog 2009-12-03 18:04:40 UTC (rev 5205) @@ -1,3 +1,8 @@ +2009-12-03 Werner Koch + + * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + 2009-12-02 Werner Koch * trustlist.c (read_trustfiles): Store the pointer returned from Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/g10/ChangeLog 2009-12-03 18:04:40 UTC (rev 5205) @@ -1,3 +1,8 @@ +2009-12-03 Werner Koch + + * gpg.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + 2009-11-27 Werner Koch * keyedit.c (cmds, keyedit_menu): New command "checkbkupkey". Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/scd/ChangeLog 2009-12-03 18:04:40 UTC (rev 5205) @@ -1,3 +1,8 @@ +2009-12-03 Werner Koch + + * scdaemon.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + 2009-11-25 Marcus Brinkmann * command.c (scd_command_handler): Use assuan_fd_t and Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/sm/ChangeLog 2009-12-03 18:04:40 UTC (rev 5205) @@ -1,3 +1,8 @@ +2009-12-03 Werner Koch + + * gpgsm.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + 2009-12-02 Werner Koch * verify.c (gpgsm_verify): Add audit info on hash algorithms. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/NEWS 2009-12-03 18:04:40 UTC (rev 5205) @@ -1,5 +1,5 @@ -Noteworthy changes in version 2.1 (under development) -------------------------------------------------- +Noteworthy changes in version 2.1.x (under development) +------------------------------------------------------- * Encrypted OpenPGP messages with trailing data (e.g. other OpenPGP packets) are now correctly parsed. @@ -8,6 +8,8 @@ * The G13 tool for disk encryption key management has been added. + * Numerical values may now be used as an alternative to the + debug-level keywords. Noteworthy changes in version 2.0.13 (2009-09-04) Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/agent/gpg-agent.c 2009-12-03 18:04:40 UTC (rev 5205) @@ -361,19 +361,30 @@ static void set_debug (void) { + int numok = (debug_level && digitp (debug_level)); + int numlvl = numok? atoi (debug_level) : 0; + if (!debug_level) ; - else if (!strcmp (debug_level, "none")) + else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (debug_level, "basic")) + else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_ASSUAN_VALUE; - else if (!strcmp (debug_level, "advanced")) + else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE; - else if (!strcmp (debug_level, "expert")) + else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE |DBG_CACHE_VALUE); - else if (!strcmp (debug_level, "guru")) - opt.debug = ~0; + else if (!strcmp (debug_level, "guru") || numok) + { + opt.debug = ~0; + /* Unless the "guru" string has been used we don't want to allow + hashing debugging. The rationale is that people tend to + select the highest debug value and would then clutter their + disk with debug files which may reveal confidential data. */ + if (numok) + opt.debug &= ~(DBG_HASHING_VALUE); + } else { log_error (_("invalid debug-level `%s' given\n"), debug_level); @@ -391,6 +402,17 @@ if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_COMMAND_VALUE)? " command":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } Modified: trunk/doc/gpg-agent.texi =================================================================== --- trunk/doc/gpg-agent.texi 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/doc/gpg-agent.texi 2009-12-03 18:04:40 UTC (rev 5205) @@ -213,20 +213,26 @@ @item --debug-level @var{level} @opindex debug-level Select the debug level for investigating problems. @var{level} may be -one of: +a numeric value or a keyword: - @table @code - @item none - no debugging at all. - @item basic - some basic debug messages - @item advanced - more verbose debug messages - @item expert - even more detailed messages - @item guru - all of the debug messages you can get - @end table + at table @code + at item none +No debugging at all. A value of less than 1 may be used instead of +the keyword. + at item basic +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. + at item advanced +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. + at item expert +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. + at item guru +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. + at end table How these messages are mapped to the actual debugging flags is not specified and may change with newer releases of this program. They are Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/doc/gpg.texi 2009-12-03 18:04:40 UTC (rev 5205) @@ -2146,6 +2146,34 @@ @opindex interactive Prompt before overwriting any files. + at item --debug-level @var{level} + at opindex debug-level +Select the debug level for investigating problems. @var{level} may be +a numeric value or by a keyword: + + at table @code + at item none +No debugging at all. A value of less than 1 may be used instead of +the keyword. + at item basic +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. + at item advanced +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. + at item expert +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. + at item guru +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. + at end table + +How these messages are mapped to the actual debugging flags is not +specified and may change with newer releases of this program. They are +however carefully selected to best aid in debugging. + @item --debug @var{flags} @opindex debug Set debugging flags. All flags are or-ed and @var{flags} may Modified: trunk/doc/gpgsm.texi =================================================================== --- trunk/doc/gpgsm.texi 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/doc/gpgsm.texi 2009-12-03 18:04:40 UTC (rev 5205) @@ -617,19 +617,25 @@ @item --debug-level @var{level} @opindex debug-level Select the debug level for investigating problems. @var{level} may be -one of: +a numeric value or by a keyword: @table @code @item none -no debugging at all. +No debugging at all. A value of less than 1 may be used instead of +the keyword. @item basic -some basic debug messages +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. @item advanced -more verbose debug messages +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. @item expert -even more detailed messages +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. @item guru -all of the debug messages you can get +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. @end table How these messages are mapped to the actual debugging flags is not Modified: trunk/doc/scdaemon.texi =================================================================== --- trunk/doc/scdaemon.texi 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/doc/scdaemon.texi 2009-12-03 18:04:40 UTC (rev 5205) @@ -123,20 +123,26 @@ @item --debug-level @var{level} @opindex debug-level -Select the debug level for investigating problems. @var{level} may be -one of: +Select the debug level for investigating problems. @var{level} may be +a numeric value or a keyword: @table @code @item none -no debugging at all. +No debugging at all. A value of less than 1 may be used instead of +the keyword. @item basic -some basic debug messages +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. @item advanced -more verbose debug messages +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. @item expert -even more detailed messages +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. @item guru -all of the debug messages you can get +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. @end table How these messages are mapped to the actual debugging flags is not Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/g10/gpg.c 2009-12-03 18:04:40 UTC (rev 5205) @@ -976,19 +976,30 @@ static void set_debug (const char *level) { + int numok = (level && digitp (level)); + int numlvl = numok? atoi (level) : 0; + if (!level) ; - else if (!strcmp (level, "none")) + else if (!strcmp (level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (level, "basic")) + else if (!strcmp (level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_MEMSTAT_VALUE; - else if (!strcmp (level, "advanced")) + else if (!strcmp (level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE; - else if (!strcmp (level, "expert")) + else if (!strcmp (level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE |DBG_CACHE_VALUE|DBG_FILTER_VALUE|DBG_PACKET_VALUE); - else if (!strcmp (level, "guru")) - opt.debug = ~0; + else if (!strcmp (level, "guru") || numok) + { + opt.debug = ~0; + /* Unless the "guru" string has been used we don't want to allow + hashing debugging. The rationale is that people tend to + select the highest debug value and would then clutter their + disk with debug files which may reveal confidential data. */ + if (numok) + opt.debug &= ~(DBG_HASHING_VALUE); + } else { log_error (_("invalid debug-level `%s' given\n"), level); @@ -1006,6 +1017,22 @@ if (opt.debug & DBG_IOBUF_VALUE ) iobuf_debug_mode = 1; gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_PACKET_VALUE )? " packet":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CIPHER_VALUE )? " cipher":"", + (opt.debug & DBG_FILTER_VALUE )? " filter":"", + (opt.debug & DBG_IOBUF_VALUE )? " iobuf":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_TRUST_VALUE )? " trust":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"", + (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } Modified: trunk/g13/g13.c =================================================================== --- trunk/g13/g13.c 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/g13/g13.c 2009-12-03 18:04:40 UTC (rev 5205) @@ -258,18 +258,25 @@ static void set_debug (void) { + int numok = (debug_level && digitp (debug_level)); + int numlvl = numok? atoi (debug_level) : 0; + if (!debug_level) ; - else if (!strcmp (debug_level, "none")) + else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (debug_level, "basic")) + else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_ASSUAN_VALUE|DBG_MOUNT_VALUE; - else if (!strcmp (debug_level, "advanced")) + else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_ASSUAN_VALUE|DBG_MOUNT_VALUE; - else if (!strcmp (debug_level, "expert")) + else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_ASSUAN_VALUE|DBG_MOUNT_VALUE|DBG_CRYPTO_VALUE); - else if (!strcmp (debug_level, "guru")) - opt.debug = ~0; + else if (!strcmp (debug_level, "guru") || numok) + { + opt.debug = ~0; + /* if (numok) */ + /* opt.debug &= ~(DBG_HASHING_VALUE); */ + } else { log_error (_("invalid debug-level `%s' given\n"), debug_level); @@ -286,6 +293,14 @@ if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s\n", + (opt.debug & DBG_MOUNT_VALUE )? " mount":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } Modified: trunk/scd/scdaemon.c =================================================================== --- trunk/scd/scdaemon.c 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/scd/scdaemon.c 2009-12-03 18:04:40 UTC (rev 5205) @@ -289,19 +289,30 @@ static void set_debug (const char *level) { + int numok = (level && digitp (level)); + int numlvl = numok? atoi (level) : 0; + if (!level) ; - else if (!strcmp (level, "none")) + else if (!strcmp (level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (level, "basic")) + else if (!strcmp (level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_ASSUAN_VALUE; - else if (!strcmp (level, "advanced")) + else if (!strcmp (level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE; - else if (!strcmp (level, "expert")) + else if (!strcmp (level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE |DBG_CACHE_VALUE|DBG_CARD_IO_VALUE); - else if (!strcmp (level, "guru")) - opt.debug = ~0; + else if (!strcmp (level, "guru") || numok) + { + opt.debug = ~0; + /* Unless the "guru" string has been used we don't want to allow + hashing debugging. The rationale is that people tend to + select the highest debug value and would then clutter their + disk with debug files which may reveal confidential data. */ + if (numok) + opt.debug &= ~(DBG_HASHING_VALUE); + } else { log_error (_("invalid debug-level `%s' given\n"), level); @@ -319,6 +330,18 @@ if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_COMMAND_VALUE)? " command":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"", + (opt.debug & DBG_CARD_IO_VALUE)? " cardio":""); } Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2009-12-02 19:02:33 UTC (rev 5204) +++ trunk/sm/gpgsm.c 2009-12-03 18:04:40 UTC (rev 5205) @@ -648,23 +648,34 @@ static void set_debug (void) { + int numok = (debug_level && digitp (debug_level)); + int numlvl = numok? atoi (debug_level) : 0; + if (!debug_level) ; - else if (!strcmp (debug_level, "none")) + else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (debug_level, "basic")) + else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_ASSUAN_VALUE; - else if (!strcmp (debug_level, "advanced")) + else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_ASSUAN_VALUE|DBG_X509_VALUE; - else if (!strcmp (debug_level, "expert")) + else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE |DBG_CACHE_VALUE|DBG_CRYPTO_VALUE); - else if (!strcmp (debug_level, "guru")) - opt.debug = ~0; + else if (!strcmp (debug_level, "guru") || numok) + { + opt.debug = ~0; + /* Unless the "guru" string has been used we don't want to allow + hashing debugging. The rationale is that people tend to + select the highest debug value and would then clutter their + disk with debug files which may reveal confidential data. */ + if (numok) + opt.debug &= ~(DBG_HASHING_VALUE); + } else { log_error (_("invalid debug-level `%s' given\n"), debug_level); - gpgsm_exit(2); + gpgsm_exit (2); } opt.debug |= debug_value; @@ -679,6 +690,17 @@ if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_X509_VALUE )? " x509":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" ); } From cvs at cvs.gnupg.org Thu Dec 3 19:55:16 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Thu, 03 Dec 2009 19:55:16 +0100 Subject: [svn] assuan - r326 - trunk/src Message-ID: Author: marcus Date: 2009-12-03 19:55:16 +0100 (Thu, 03 Dec 2009) New Revision: 326 Modified: trunk/src/ChangeLog trunk/src/assuan-logging.c Log: 2009-12-03 Marcus Brinkmann * assuan-logging.c: (log_cats): New static variable. (TEST_LOG_CAT): New macro. (_assuan_log_handler): Check log category. (assuan_set_assuan_log_stream): Check ASSUAN_DEBUG for logging categories. (assuan_set_log_stream): Call assuan_set_assuan_log_stream. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-02 18:35:34 UTC (rev 325) +++ trunk/src/ChangeLog 2009-12-03 18:55:16 UTC (rev 326) @@ -1,3 +1,12 @@ +2009-12-03 Marcus Brinkmann + + * assuan-logging.c: (log_cats): New static variable. + (TEST_LOG_CAT): New macro. + (_assuan_log_handler): Check log category. + (assuan_set_assuan_log_stream): Check ASSUAN_DEBUG for logging + categories. + (assuan_set_log_stream): Call assuan_set_assuan_log_stream. + 2009-12-02 Marcus Brinkmann * Makefile.am (common_sources): Remove assuan-client.c. Modified: trunk/src/assuan-logging.c =================================================================== --- trunk/src/assuan-logging.c 2009-12-02 18:35:34 UTC (rev 325) +++ trunk/src/assuan-logging.c 2009-12-03 18:55:16 UTC (rev 326) @@ -44,14 +44,27 @@ logging of buffer data. */ static int full_logging; +/* A bitfield that specifies the categories to log. Note that + assuan-buffer currently does not log through the default handler, + but directly. This will be changed later. Then the default here + should be to log that and only that. */ +static int log_cats; +#define TEST_LOG_CAT(x) (!! (log_cats & (1 << (x - 1)))) static FILE *_assuan_log; void assuan_set_assuan_log_stream (FILE *fp) { + char *flagstr; + _assuan_log = fp; + + /* Set defaults. */ full_logging = !!getenv ("ASSUAN_FULL_LOGGING"); + flagstr = getenv ("ASSUAN_DEBUG"); + if (flagstr) + log_cats = atoi (flagstr); } @@ -65,7 +78,8 @@ if (ctx->log_fp) fflush (ctx->log_fp); ctx->log_fp = fp; - full_logging = !!getenv ("ASSUAN_FULL_LOGGING"); + if (! _assuan_log) + assuan_set_assuan_log_stream (fp); } } @@ -104,8 +118,11 @@ /* For now. */ if (msg == NULL) - return 1; + return TEST_LOG_CAT (cat); + if (! TEST_LOG_CAT (cat)) + return 0; + fp = ctx->log_fp ? ctx->log_fp : _assuan_log; if (!fp) return 0; From cvs at cvs.gnupg.org Thu Dec 3 20:13:24 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 03 Dec 2009 20:13:24 +0100 Subject: [svn] GnuPG - r5206 - in branches/STABLE-BRANCH-2-0: . agent doc g10 po scd sm Message-ID: Author: wk Date: 2009-12-03 20:13:19 +0100 (Thu, 03 Dec 2009) New Revision: 5206 Modified: branches/STABLE-BRANCH-2-0/NEWS branches/STABLE-BRANCH-2-0/agent/ChangeLog branches/STABLE-BRANCH-2-0/agent/gpg-agent.c branches/STABLE-BRANCH-2-0/doc/gpg-agent.texi branches/STABLE-BRANCH-2-0/doc/gpg.texi branches/STABLE-BRANCH-2-0/doc/gpgsm.texi branches/STABLE-BRANCH-2-0/doc/scdaemon.texi branches/STABLE-BRANCH-2-0/g10/ChangeLog branches/STABLE-BRANCH-2-0/g10/gpg.c branches/STABLE-BRANCH-2-0/po/be.po branches/STABLE-BRANCH-2-0/po/ca.po branches/STABLE-BRANCH-2-0/po/cs.po branches/STABLE-BRANCH-2-0/po/da.po branches/STABLE-BRANCH-2-0/po/de.po branches/STABLE-BRANCH-2-0/po/el.po branches/STABLE-BRANCH-2-0/po/eo.po branches/STABLE-BRANCH-2-0/po/es.po branches/STABLE-BRANCH-2-0/po/et.po branches/STABLE-BRANCH-2-0/po/fi.po branches/STABLE-BRANCH-2-0/po/fr.po branches/STABLE-BRANCH-2-0/po/gl.po branches/STABLE-BRANCH-2-0/po/hu.po branches/STABLE-BRANCH-2-0/po/id.po branches/STABLE-BRANCH-2-0/po/it.po branches/STABLE-BRANCH-2-0/po/ja.po branches/STABLE-BRANCH-2-0/po/nb.po branches/STABLE-BRANCH-2-0/po/pl.po branches/STABLE-BRANCH-2-0/po/pt.po branches/STABLE-BRANCH-2-0/po/pt_BR.po branches/STABLE-BRANCH-2-0/po/ro.po branches/STABLE-BRANCH-2-0/po/ru.po branches/STABLE-BRANCH-2-0/po/sk.po branches/STABLE-BRANCH-2-0/po/sv.po branches/STABLE-BRANCH-2-0/po/tr.po branches/STABLE-BRANCH-2-0/po/zh_CN.po branches/STABLE-BRANCH-2-0/po/zh_TW.po branches/STABLE-BRANCH-2-0/scd/ChangeLog branches/STABLE-BRANCH-2-0/scd/scdaemon.c branches/STABLE-BRANCH-2-0/sm/ChangeLog branches/STABLE-BRANCH-2-0/sm/gpgsm.c Log: Allow for numerical debug levels. Modified: branches/STABLE-BRANCH-2-0/agent/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/agent/ChangeLog 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/agent/ChangeLog 2009-12-03 19:13:19 UTC (rev 5206) @@ -1,3 +1,8 @@ +2009-12-03 Werner Koch + + * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + 2009-12-02 Werner Koch * trustlist.c (read_trustfiles): Store the pointer returned from Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2009-12-03 19:13:19 UTC (rev 5206) @@ -1,3 +1,8 @@ +2009-12-03 Werner Koch + + * gpg.c (set_debug): Allow for numerical debug levels. Print + active debug flags. + 2009-09-28 Werner Koch * trustdb.c (get_validity_info): Take care of a NULL PK. Fixes Modified: branches/STABLE-BRANCH-2-0/scd/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/scd/ChangeLog 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/scd/ChangeLog 2009-12-03 19:13:19 UTC (rev 5206) @@ -1,3 +1,8 @@ +2009-12-03 Werner Koch + + * scdaemon.c (set_debug): Allow for numerical debug levels. Print + active debug flags. + 2009-09-03 Werner Koch * app-openpgp.c (do_decipher): Compute required Le. Modified: branches/STABLE-BRANCH-2-0/sm/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/sm/ChangeLog 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/sm/ChangeLog 2009-12-03 19:13:19 UTC (rev 5206) @@ -1,3 +1,8 @@ +2009-12-03 Werner Koch + + * gpgsm.c (set_debug): Allow for numerical debug levels. Print + active debug flags. + 2009-10-16 Werner Koch * gpgsm.c (DEFAULT_INCLUDE_CERTS): New. Modified: branches/STABLE-BRANCH-2-0/NEWS =================================================================== --- branches/STABLE-BRANCH-2-0/NEWS 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/NEWS 2009-12-03 19:13:19 UTC (rev 5206) @@ -4,7 +4,10 @@ * The default for --inlucde-cert is now to include all certificates in the chain except for the root certificate. + * Numerical values may now be used as an alternative to the + debug-level keywords. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: branches/STABLE-BRANCH-2-0/agent/gpg-agent.c =================================================================== --- branches/STABLE-BRANCH-2-0/agent/gpg-agent.c 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/agent/gpg-agent.c 2009-12-03 19:13:19 UTC (rev 5206) @@ -360,19 +360,30 @@ static void set_debug (void) { + int numok = (debug_level && digitp (debug_level)); + int numlvl = numok? atoi (debug_level) : 0; + if (!debug_level) ; - else if (!strcmp (debug_level, "none")) + else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (debug_level, "basic")) + else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_ASSUAN_VALUE; - else if (!strcmp (debug_level, "advanced")) + else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE; - else if (!strcmp (debug_level, "expert")) + else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE |DBG_CACHE_VALUE); - else if (!strcmp (debug_level, "guru")) - opt.debug = ~0; + else if (!strcmp (debug_level, "guru") || numok) + { + opt.debug = ~0; + /* Unless the "guru" string has been used we don't want to allow + hashing debugging. The rationale is that people tend to + select the highest debug value and would then clutter their + disk with debug files which may reveal confidential data. */ + if (numok) + opt.debug &= ~(DBG_HASHING_VALUE); + } else { log_error (_("invalid debug-level `%s' given\n"), debug_level); @@ -390,6 +401,17 @@ if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_COMMAND_VALUE)? " command":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } Modified: branches/STABLE-BRANCH-2-0/doc/gpg-agent.texi =================================================================== --- branches/STABLE-BRANCH-2-0/doc/gpg-agent.texi 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/doc/gpg-agent.texi 2009-12-03 19:13:19 UTC (rev 5206) @@ -213,20 +213,26 @@ @item --debug-level @var{level} @opindex debug-level Select the debug level for investigating problems. @var{level} may be -one of: +a numeric value or a keyword: - @table @code - @item none - no debugging at all. - @item basic - some basic debug messages - @item advanced - more verbose debug messages - @item expert - even more detailed messages - @item guru - all of the debug messages you can get - @end table + at table @code + at item none +No debugging at all. A value of less than 1 may be used instead of +the keyword. + at item basic +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. + at item advanced +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. + at item expert +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. + at item guru +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. + at end table How these messages are mapped to the actual debugging flags is not specified and may change with newer releases of this program. They are Modified: branches/STABLE-BRANCH-2-0/doc/gpg.texi =================================================================== --- branches/STABLE-BRANCH-2-0/doc/gpg.texi 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/doc/gpg.texi 2009-12-03 19:13:19 UTC (rev 5206) @@ -2134,6 +2134,34 @@ @opindex interactive Prompt before overwriting any files. + at item --debug-level @var{level} + at opindex debug-level +Select the debug level for investigating problems. @var{level} may be +a numeric value or by a keyword: + + at table @code + at item none +No debugging at all. A value of less than 1 may be used instead of +the keyword. + at item basic +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. + at item advanced +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. + at item expert +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. + at item guru +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. + at end table + +How these messages are mapped to the actual debugging flags is not +specified and may change with newer releases of this program. They are +however carefully selected to best aid in debugging. + @item --debug @var{flags} @opindex debug Set debugging flags. All flags are or-ed and @var{flags} may Modified: branches/STABLE-BRANCH-2-0/doc/gpgsm.texi =================================================================== --- branches/STABLE-BRANCH-2-0/doc/gpgsm.texi 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/doc/gpgsm.texi 2009-12-03 19:13:19 UTC (rev 5206) @@ -617,19 +617,25 @@ @item --debug-level @var{level} @opindex debug-level Select the debug level for investigating problems. @var{level} may be -one of: +a numeric value or by a keyword: @table @code @item none -no debugging at all. +No debugging at all. A value of less than 1 may be used instead of +the keyword. @item basic -some basic debug messages +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. @item advanced -more verbose debug messages +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. @item expert -even more detailed messages +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. @item guru -all of the debug messages you can get +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. @end table How these messages are mapped to the actual debugging flags is not Modified: branches/STABLE-BRANCH-2-0/doc/scdaemon.texi =================================================================== --- branches/STABLE-BRANCH-2-0/doc/scdaemon.texi 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/doc/scdaemon.texi 2009-12-03 19:13:19 UTC (rev 5206) @@ -123,20 +123,26 @@ @item --debug-level @var{level} @opindex debug-level -Select the debug level for investigating problems. @var{level} may be -one of: +Select the debug level for investigating problems. @var{level} may be +a numeric value or a keyword: @table @code @item none -no debugging at all. +No debugging at all. A value of less than 1 may be used instead of +the keyword. @item basic -some basic debug messages +Some basic debug messages. A value between 1 and 2 may be used +instead of the keyword. @item advanced -more verbose debug messages +More verbose debug messages. A value between 3 and 5 may be used +instead of the keyword. @item expert -even more detailed messages +Even more detailed messages. A value between 6 and 8 may be used +instead of the keyword. @item guru -all of the debug messages you can get +All of the debug messages you can get. A value greater than 8 may be +used instead of the keyword. The creation of hash tracing files is +only enabled if the keyword is used. @end table How these messages are mapped to the actual debugging flags is not Modified: branches/STABLE-BRANCH-2-0/g10/gpg.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/gpg.c 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/g10/gpg.c 2009-12-03 19:13:19 UTC (rev 5206) @@ -972,19 +972,30 @@ static void set_debug (const char *level) { + int numok = (level && digitp (level)); + int numlvl = numok? atoi (level) : 0; + if (!level) ; - else if (!strcmp (level, "none")) + else if (!strcmp (level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (level, "basic")) + else if (!strcmp (level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_MEMSTAT_VALUE; - else if (!strcmp (level, "advanced")) + else if (!strcmp (level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE; - else if (!strcmp (level, "expert")) + else if (!strcmp (level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE |DBG_CACHE_VALUE|DBG_FILTER_VALUE|DBG_PACKET_VALUE); - else if (!strcmp (level, "guru")) - opt.debug = ~0; + else if (!strcmp (level, "guru") || numok) + { + opt.debug = ~0; + /* Unless the "guru" string has been used we don't want to allow + hashing debugging. The rationale is that people tend to + select the highest debug value and would then clutter their + disk with debug files which may reveal confidential data. */ + if (numok) + opt.debug &= ~(DBG_HASHING_VALUE); + } else { log_error (_("invalid debug-level `%s' given\n"), level); @@ -1002,6 +1013,22 @@ if (opt.debug & DBG_IOBUF_VALUE ) iobuf_debug_mode = 1; gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_PACKET_VALUE )? " packet":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CIPHER_VALUE )? " cipher":"", + (opt.debug & DBG_FILTER_VALUE )? " filter":"", + (opt.debug & DBG_IOBUF_VALUE )? " iobuf":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_TRUST_VALUE )? " trust":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"", + (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } Modified: branches/STABLE-BRANCH-2-0/po/be.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/ca.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/cs.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/da.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/de.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/el.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/eo.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/es.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/et.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/fi.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/fr.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/gl.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/hu.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/id.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/it.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/ja.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/nb.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/pl.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/pt.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/pt_BR.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/ro.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/ru.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/sk.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/sv.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/tr.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/zh_CN.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/zh_TW.po [not shown] Modified: branches/STABLE-BRANCH-2-0/scd/scdaemon.c =================================================================== --- branches/STABLE-BRANCH-2-0/scd/scdaemon.c 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/scd/scdaemon.c 2009-12-03 19:13:19 UTC (rev 5206) @@ -288,19 +288,30 @@ static void set_debug (const char *level) { + int numok = (level && digitp (level)); + int numlvl = numok? atoi (level) : 0; + if (!level) ; - else if (!strcmp (level, "none")) + else if (!strcmp (level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (level, "basic")) + else if (!strcmp (level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_ASSUAN_VALUE; - else if (!strcmp (level, "advanced")) + else if (!strcmp (level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE; - else if (!strcmp (level, "expert")) + else if (!strcmp (level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE |DBG_CACHE_VALUE|DBG_CARD_IO_VALUE); - else if (!strcmp (level, "guru")) - opt.debug = ~0; + else if (!strcmp (level, "guru") || numok) + { + opt.debug = ~0; + /* Unless the "guru" string has been used we don't want to allow + hashing debugging. The rationale is that people tend to + select the highest debug value and would then clutter their + disk with debug files which may reveal confidential data. */ + if (numok) + opt.debug &= ~(DBG_HASHING_VALUE); + } else { log_error (_("invalid debug-level `%s' given\n"), level); @@ -318,6 +329,18 @@ if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_COMMAND_VALUE)? " command":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"", + (opt.debug & DBG_CARD_IO_VALUE)? " cardio":""); } Modified: branches/STABLE-BRANCH-2-0/sm/gpgsm.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2009-12-03 18:04:40 UTC (rev 5205) +++ branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2009-12-03 19:13:19 UTC (rev 5206) @@ -636,23 +636,34 @@ static void set_debug (void) { + int numok = (debug_level && digitp (debug_level)); + int numlvl = numok? atoi (debug_level) : 0; + if (!debug_level) ; - else if (!strcmp (debug_level, "none")) + else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; - else if (!strcmp (debug_level, "basic")) + else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_ASSUAN_VALUE; - else if (!strcmp (debug_level, "advanced")) + else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_ASSUAN_VALUE|DBG_X509_VALUE; - else if (!strcmp (debug_level, "expert")) + else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE |DBG_CACHE_VALUE|DBG_CRYPTO_VALUE); - else if (!strcmp (debug_level, "guru")) - opt.debug = ~0; + else if (!strcmp (debug_level, "guru") || numok) + { + opt.debug = ~0; + /* Unless the "guru" string has been used we don't want to allow + hashing debugging. The rationale is that people tend to + select the highest debug value and would then clutter their + disk with debug files which may reveal confidential data. */ + if (numok) + opt.debug &= ~(DBG_HASHING_VALUE); + } else { log_error (_("invalid debug-level `%s' given\n"), debug_level); - gpgsm_exit(2); + gpgsm_exit (2); } opt.debug |= debug_value; @@ -667,6 +678,17 @@ if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_X509_VALUE )? " x509":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" ); } From cvs at cvs.gnupg.org Thu Dec 3 20:39:40 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 03 Dec 2009 20:39:40 +0100 Subject: [svn] GnuPG - r5207 - in branches/STABLE-BRANCH-2-0: . common g10 sm Message-ID: Author: wk Date: 2009-12-03 20:39:39 +0100 (Thu, 03 Dec 2009) New Revision: 5207 Modified: branches/STABLE-BRANCH-2-0/NEWS branches/STABLE-BRANCH-2-0/common/ChangeLog branches/STABLE-BRANCH-2-0/common/audit.c branches/STABLE-BRANCH-2-0/common/audit.h branches/STABLE-BRANCH-2-0/g10/ChangeLog branches/STABLE-BRANCH-2-0/g10/gpg.c branches/STABLE-BRANCH-2-0/g10/keygen.c branches/STABLE-BRANCH-2-0/sm/ChangeLog branches/STABLE-BRANCH-2-0/sm/certreqgen.c branches/STABLE-BRANCH-2-0/sm/decrypt.c branches/STABLE-BRANCH-2-0/sm/gpgsm.c branches/STABLE-BRANCH-2-0/sm/sign.c branches/STABLE-BRANCH-2-0/sm/verify.c Log: Backported some stuff from trunk Modified: branches/STABLE-BRANCH-2-0/common/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/common/ChangeLog 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/common/ChangeLog 2009-12-03 19:39:39 UTC (rev 5207) @@ -1,3 +1,12 @@ +2009-12-03 Werner Koch + + From trunk: + * audit.c (proc_type_decrypt, proc_type_sign): Implemented. + (proc_type_verify): Print hash algo infos. + * audit.h (AUDIT_DATA_CIPHER_ALGO, AUDIT_BAD_DATA_CIPHER_ALSO) + (AUDIT_NEW_RECP, AUDIT_DECRYPTION_RESULT, AUDIT_RECP_RESULT) + (AUDIT_ATTR_HASH_ALGO, AUDIT_SIGNED_BY, AUDIT_SIGNING_DONE): + 2009-09-03 Werner Koch Update from libestream: Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2009-12-03 19:39:39 UTC (rev 5207) @@ -3,6 +3,8 @@ * gpg.c (set_debug): Allow for numerical debug levels. Print active debug flags. + * gpg.c (gpgconf_list): Add key "default_pubkey_algo". + 2009-09-28 Werner Koch * trustdb.c (get_validity_info): Take care of a NULL PK. Fixes Modified: branches/STABLE-BRANCH-2-0/sm/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/sm/ChangeLog 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/sm/ChangeLog 2009-12-03 19:39:39 UTC (rev 5207) @@ -1,5 +1,20 @@ 2009-12-03 Werner Koch + From trunk: + + * verify.c (gpgsm_verify): Add audit info on hash algorithms. + * sign.c (gpgsm_sign): Add audit log calls. + (hash_data): Return an error indicator. + * decrypt.c (gpgsm_decrypt): Add audit log calls. + + * gpgsm.c: New option --html-audit-log. + + * certreqgen.c (proc_parameters): Change fallback key length to + 2048. + * gpgsm.c (main) : Add key "default_pubkey_algo". + +2009-12-03 Werner Koch + * gpgsm.c (set_debug): Allow for numerical debug levels. Print active debug flags. Modified: branches/STABLE-BRANCH-2-0/NEWS =================================================================== --- branches/STABLE-BRANCH-2-0/NEWS 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/NEWS 2009-12-03 19:39:39 UTC (rev 5207) @@ -1,13 +1,15 @@ Noteworthy changes in version 2.0.14 ------------------------------------------------- - * The default for --inlucde-cert is now to include all certificates + * The default for --include-cert is now to include all certificates in the chain except for the root certificate. * Numerical values may now be used as an alternative to the debug-level keywords. + * The GPGSM --audit-log feature is now more complete. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: branches/STABLE-BRANCH-2-0/common/audit.c =================================================================== --- branches/STABLE-BRANCH-2-0/common/audit.c 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/common/audit.c 2009-12-03 19:39:39 UTC (rev 5207) @@ -1,5 +1,5 @@ /* audit.c - GnuPG's audit subsystem - * Copyright (C) 2007 Free Software Foundation, Inc. + * Copyright (C) 2007, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -42,7 +42,7 @@ { audit_event_t event; /* The event. */ gpg_error_t err; /* The logged error code. */ - int intvalue; /* A logged interger value. */ + int intvalue; /* A logged integer value. */ char *string; /* A malloced string or NULL. */ ksba_cert_t cert; /* A certifciate or NULL. */ int have_err:1; @@ -483,6 +483,14 @@ oktext = _("|audit-log-result|Not enabled"); else if (!strcmp (oktext, "error")) oktext = _("|audit-log-result|Error"); + else if (!strcmp (oktext, "not-used")) + oktext = _("|audit-log-result|Not used"); + else if (!strcmp (oktext, "okay")) + oktext = _("|audit-log-result|Okay"); + else if (!strcmp (oktext, "skipped")) + oktext = _("|audit-log-result|Skipped"); + else if (!strcmp (oktext, "some")) + oktext = _("|audit-log-result|Some"); else s = ""; @@ -806,17 +814,73 @@ static void proc_type_sign (audit_ctx_t ctx) { - log_item_t item; + log_item_t item, loopitem; + int signer, idx; + const char *result; + ksba_cert_t cert; + char *name; + int lastalgo; - item = NULL; + item = find_log_item (ctx, AUDIT_SIGNING_DONE, 0); writeout_li (ctx, item?"Yes":"No", "%s", _("Data signing succeeded")); enter_li (ctx); item = find_log_item (ctx, AUDIT_GOT_DATA, 0); writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); + /* Write remarks with the data hash algorithms. We use a very + simple scheme to avoid some duplicates. */ + loopitem = NULL; + lastalgo = 0; + while ((loopitem = find_next_log_item + (ctx, loopitem, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG))) + { + if (loopitem->intvalue && loopitem->intvalue != lastalgo) + writeout_rem (ctx, _("data hash algorithm: %s"), + gcry_md_algo_name (loopitem->intvalue)); + lastalgo = loopitem->intvalue; + } + /* Loop over all signer. */ + loopitem = NULL; + signer = 0; + while ((loopitem=find_next_log_item (ctx, loopitem, AUDIT_NEW_SIG, 0))) + { + signer++; + item = find_next_log_item (ctx, loopitem, AUDIT_SIGNED_BY, AUDIT_NEW_SIG); + if (!item) + result = "error"; + else if (!item->err) + result = "okay"; + else if (gpg_err_code (item->err) == GPG_ERR_CANCELED) + result = "skipped"; + else + result = gpg_strerror (item->err); + cert = item? item->cert : NULL; + + writeout_li (ctx, result, _("Signer %d"), signer); + item = find_next_log_item (ctx, loopitem, + AUDIT_ATTR_HASH_ALGO, AUDIT_NEW_SIG); + if (item) + writeout_rem (ctx, _("attr hash algorithm: %s"), + gcry_md_algo_name (item->intvalue)); + + if (cert) + { + name = get_cert_name (cert); + writeout_rem (ctx, "%s", name); + xfree (name); + enter_li (ctx); + for (idx=0; (name = get_cert_subject (cert, idx)); idx++) + { + writeout_rem (ctx, "%s", name); + xfree (name); + } + leave_li (ctx); + } + } + leave_li (ctx); } @@ -826,17 +890,88 @@ static void proc_type_decrypt (audit_ctx_t ctx) { - log_item_t item; + log_item_t loopitem, item; + int algo, recpno; + char *name; + char numbuf[35]; + int idx; - item = NULL; - writeout_li (ctx, item?"Yes":"No", "%s", _("Data decryption succeeded")); + item = find_log_item (ctx, AUDIT_DECRYPTION_RESULT, 0); + writeout_li (ctx, item && !item->err?"Yes":"No", + "%s", _("Data decryption succeeded")); enter_li (ctx); item = find_log_item (ctx, AUDIT_GOT_DATA, 0); writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); + item = find_log_item (ctx, AUDIT_DATA_CIPHER_ALGO, 0); + algo = item? item->intvalue : 0; + writeout_li (ctx, algo?"Yes":"No", "%s", _("Encryption algorithm supported")); + if (algo) + writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo)); + item = find_log_item (ctx, AUDIT_BAD_DATA_CIPHER_ALGO, 0); + if (item && item->string) + { + algo = gcry_cipher_map_name (item->string); + if (algo) + writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo)); + else if (item->string && !strcmp (item->string, "1.2.840.113549.3.2")) + writeout_rem (ctx, _("unsupported algorithm: %s"), "RC2"); + else if (item->string) + writeout_rem (ctx, _("unsupported algorithm: %s"), item->string); + else + writeout_rem (ctx, _("seems to be not encrypted")); + } + + + for (recpno = 0, item = NULL; + (item = find_next_log_item (ctx, item, AUDIT_NEW_RECP, 0)); recpno++) + ; + snprintf (numbuf, sizeof numbuf, "%d", recpno); + writeout_li (ctx, numbuf, "%s", _("Number of recipients")); + + /* Loop over all recipients. */ + loopitem = NULL; + while ((loopitem = find_next_log_item (ctx, loopitem, AUDIT_NEW_RECP, 0))) + { + const char *result; + + recpno = loopitem->have_intvalue? loopitem->intvalue : -1; + + item = find_next_log_item (ctx, loopitem, + AUDIT_RECP_RESULT, AUDIT_NEW_RECP); + if (!item) + result = "not-used"; + else if (!item->err) + result = "okay"; + else if (gpg_err_code (item->err) == GPG_ERR_CANCELED) + result = "skipped"; + else + result = gpg_strerror (item->err); + + item = find_next_log_item (ctx, loopitem, + AUDIT_RECP_NAME, AUDIT_NEW_RECP); + writeout_li (ctx, result, _("Recipient %d"), recpno); + if (item && item->string) + writeout_rem (ctx, "%s", item->string); + + /* If we have a certificate write out more infos. */ + item = find_next_log_item (ctx, loopitem, + AUDIT_SAVE_CERT, AUDIT_NEW_RECP); + if (item && item->cert) + { + enter_li (ctx); + for (idx=0; (name = get_cert_subject (item->cert, idx)); idx++) + { + writeout_rem (ctx, "%s", name); + xfree (name); + } + leave_li (ctx); + } + } + leave_li (ctx); } @@ -847,11 +982,12 @@ proc_type_verify (audit_ctx_t ctx) { log_item_t loopitem, item; - int signo, count, idx; + int signo, count, idx, n_good, n_bad; char numbuf[35]; + const char *result; /* If there is at least one signature status we claim that the - verifciation succeeded. This does not mean that the data has + verification succeeded. This does not mean that the data has verified okay. */ item = find_log_item (ctx, AUDIT_SIG_STATUS, 0); writeout_li (ctx, item?"Yes":"No", "%s", _("Data verification succeeded")); @@ -867,18 +1003,42 @@ if (!item) goto leave; - item = find_log_item (ctx, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG); - writeout_li (ctx, item?"Yes":"No", "%s", _("Parsing signature succeeded")); - if (!item) + /* Print info about the used data hashing algorithms. */ + for (idx=0, n_good=n_bad=0; idx < ctx->logused; idx++) { - item = find_log_item (ctx, AUDIT_BAD_DATA_HASH_ALGO, AUDIT_NEW_SIG); - if (item) - writeout_rem (ctx, _("Bad hash algorithm: %s"), - item->string? item->string:"?"); - - goto leave; + item = ctx->log + idx; + if (item->event == AUDIT_NEW_SIG) + break; + else if (item->event == AUDIT_DATA_HASH_ALGO) + n_good++; + else if (item->event == AUDIT_BAD_DATA_HASH_ALGO) + n_bad++; } + item = find_log_item (ctx, AUDIT_DATA_HASHING, AUDIT_NEW_SIG); + if (!item || item->err || !n_good) + result = "No"; + else if (n_good && !n_bad) + result = "Yes"; + else + result = "Some"; + writeout_li (ctx, result, "%s", _("Parsing data succeeded")); + if (n_good || n_bad) + { + for (idx=0; idx < ctx->logused; idx++) + { + item = ctx->log + idx; + if (item->event == AUDIT_NEW_SIG) + break; + else if (item->event == AUDIT_DATA_HASH_ALGO) + writeout_rem (ctx, _("data hash algorithm: %s"), + gcry_md_algo_name (item->intvalue)); + else if (item->event == AUDIT_BAD_DATA_HASH_ALGO) + writeout_rem (ctx, _("bad data hash algorithm: %s"), + item->string? item->string:"?"); + } + } + /* Loop over all signatures. */ loopitem = find_log_item (ctx, AUDIT_NEW_SIG, 0); assert (loopitem); @@ -893,6 +1053,18 @@ AUDIT_SIG_NAME, AUDIT_NEW_SIG); if (item) writeout_rem (ctx, "%s", item->string); + + item = find_next_log_item (ctx, loopitem, + AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG); + if (item) + writeout_rem (ctx, _("data hash algorithm: %s"), + gcry_md_algo_name (item->intvalue)); + item = find_next_log_item (ctx, loopitem, + AUDIT_ATTR_HASH_ALGO, AUDIT_NEW_SIG); + if (item) + writeout_rem (ctx, _("attr hash algorithm: %s"), + gcry_md_algo_name (item->intvalue)); + enter_li (ctx); /* List the certificate chain. */ @@ -1006,11 +1178,7 @@ /* We use an environment variable to include some debug info in the log. */ if ((s = getenv ("gnupg_debug_audit"))) - { - show_raw = 1; - if (!strcmp (s, "html")) - use_html = 1; - } + show_raw = 1; assert (!ctx->outstream); ctx->outstream = out; Modified: branches/STABLE-BRANCH-2-0/common/audit.h =================================================================== --- branches/STABLE-BRANCH-2-0/common/audit.h 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/common/audit.h 2009-12-03 19:39:39 UTC (rev 5207) @@ -62,6 +62,12 @@ operations the Dirmngr is not required and thus no such event will be logged. */ + AUDIT_GPG_READY, /* err */ + /* Indicates whether the Gpg engine is available. */ + + AUDIT_GPGSM_READY, /* err */ + /* Indicates whether the Gpgsm engine is available. */ + AUDIT_GOT_DATA, /* Data to be processed has been seen. */ @@ -72,15 +78,27 @@ /* A certifciate only signature has been detected. */ AUDIT_DATA_HASH_ALGO, /* int */ - /* The hash algo given as argument is used for this signature. - This event will be repeated for all hash algorithms used with - the data. */ + /* The hash algo given as argument is used for the data. This + event will be repeated for all hash algorithms used with the + data. */ + AUDIT_ATTR_HASH_ALGO, /* int */ + /* The hash algo given as argument is used to hash the message + digest and other signed attributes of this signature. */ + + AUDIT_DATA_CIPHER_ALGO, /* int */ + /* The cipher algo given as argument is used for this data. */ + AUDIT_BAD_DATA_HASH_ALGO, /* string */ /* The hash algo as specified by the signature can't be used. STRING is the description of this algorithm which usually is an OID string. STRING may be NULL. */ + AUDIT_BAD_DATA_CIPHER_ALGO, /* string */ + /* The symmetric cipher algorithm is not supported. STRING is the + description of this algorithm which usually is an OID string. + STRING may be NULL. */ + AUDIT_DATA_HASHING, /* ok_err */ /* Logs the result of the data hashing. */ @@ -109,7 +127,7 @@ certificate used for verification. An example for STRING when using CMS is: "#1234/CN=Prostetnic Vogon Jeltz". */ - AUDIT_SIG_STATUS, /* string */ + AUDIT_SIG_STATUS, /* string */ /* The signature status of the current signer. This is the last audit information for one signature. STRING gives the status: @@ -121,6 +139,24 @@ "good" - good signature */ + AUDIT_NEW_RECP, /* int */ + /* A new recipient has been seen during decryption. The argument + is the recipient number as used internally by the program. */ + + AUDIT_RECP_NAME, /* string */ + /* The name of a recipient. This is the name or other identification + data as known from the decryption and not the name from the + certificate used for decryption. An example for STRING when + using CMS is: "#1234/CN=Prostetnic Vogon Jeltz". */ + + AUDIT_RECP_RESULT, /* ok_err */ + /* The status of the session key decryption. This is only written + for recipients tried. */ + + AUDIT_DECRYPTION_RESULT, /* ok_err */ + /* The status of the entire decryption. The decryption was + successful if the error code is 0. */ + AUDIT_VALIDATE_CHAIN, /* Start the validation of a certificate chain. */ @@ -158,9 +194,14 @@ AUDIT_ENCRYPTION_DONE, /* Encryption succeeded. */ - + AUDIT_SIGNED_BY, /* cert, err */ + /* Records the certificate used for signed and whether the signure + could be created (if err==0). */ + AUDIT_SIGNING_DONE, + /* Signing succeeded. */ + AUDIT_LAST_EVENT /* Marker for parsing this list. */ } audit_event_t; Modified: branches/STABLE-BRANCH-2-0/g10/gpg.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/gpg.c 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/g10/gpg.c 2009-12-03 19:39:39 UTC (rev 5207) @@ -1613,6 +1613,11 @@ printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT); printf ("group:%lu:\n", GC_OPT_FLAG_NONE); + /* The next one is an info only item and should match what + keygen:ask_keysize actually implements. */ + printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, + "RSA-2048"); + xfree (configfile_esc); } Modified: branches/STABLE-BRANCH-2-0/g10/keygen.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/keygen.c 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/g10/keygen.c 2009-12-03 19:39:39 UTC (rev 5207) @@ -1765,6 +1765,8 @@ static unsigned ask_keysize (int algo, unsigned int primary_keysize) { + /* NOTE: If you change the default key size/algo, remember to change + it also in gpg.c:gpgconf_list. */ unsigned int nbits, min, def=2048, max=4096; int for_subkey = !!primary_keysize; int autocomp = 0; Modified: branches/STABLE-BRANCH-2-0/sm/certreqgen.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/certreqgen.c 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/sm/certreqgen.c 2009-12-03 19:39:39 UTC (rev 5207) @@ -61,7 +61,7 @@ This is a required parameter. For now the only supported algorithm is "rsa". Key-Length: - Length of the key in bits. Default is 1024. + Length of the key in bits. Default is 2048. Key-Grip: hexstring This is optional and used to generate a request for an already existing key. Key-Length will be ignored when given, @@ -83,7 +83,7 @@ $ cat >foo < 4096) && !cardkeyid) Modified: branches/STABLE-BRANCH-2-0/sm/decrypt.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/decrypt.c 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/sm/decrypt.c 2009-12-03 19:39:39 UTC (rev 5207) @@ -253,6 +253,8 @@ memset (&dfparm, 0, sizeof dfparm); + audit_set_type (ctrl->audit, AUDIT_TYPE_DECRYPT); + kh = keydb_new (0); if (!kh) { @@ -296,6 +298,8 @@ goto leave; } + audit_log (ctrl->audit, AUDIT_SETUP_READY); + /* Parser loop. */ do { @@ -313,6 +317,8 @@ const char *algoid; int any_key = 0; + audit_log (ctrl->audit, AUDIT_GOT_DATA); + algoid = ksba_cms_get_content_oid (cms, 2/* encryption algo*/); algo = gcry_cipher_map_name (algoid); mode = gcry_cipher_mode_from_oid (algoid); @@ -330,6 +336,7 @@ sprintf (numbuf, "%d", rc); gpgsm_status2 (ctrl, STATUS_ERROR, "decrypt.algorithm", numbuf, algoid?algoid:"?", NULL); + audit_log_s (ctrl->audit, AUDIT_BAD_DATA_CIPHER_ALGO, algoid); } /* If it seems that this is not an encrypted message we @@ -339,6 +346,8 @@ goto leave; } + + audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo); dfparm.algo = algo; dfparm.mode = mode; dfparm.blklen = gcry_cipher_get_algo_blklen (algo); @@ -369,6 +378,7 @@ rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial); if (rc == -1 && recp) break; /* no more recipients */ + audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp); if (rc) log_error ("recp %d - error getting info: %s\n", recp, gpg_strerror (rc)); @@ -382,6 +392,13 @@ gpgsm_dump_serial (serial); log_printf ("\n"); + if (ctrl->audit) + { + char *tmpstr = gpgsm_format_sn_issuer (serial, issuer); + audit_log_s (ctrl->audit, AUDIT_RECP_NAME, tmpstr); + xfree (tmpstr); + } + keydb_search_reset (kh); rc = keydb_search_issuer_sn (kh, issuer, serial); if (rc) @@ -415,6 +432,8 @@ kidbuf, "0", "0", NULL); } + /* Put the certificate into the audit log. */ + audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, 0); /* Just in case there is a problem with the own certificate we print this message - should never @@ -462,10 +481,41 @@ decrypt_filter, &dfparm); } + audit_log_ok (ctrl->audit, AUDIT_RECP_RESULT, rc); } xfree (hexkeygrip); xfree (desc); } + + /* If we write an audit log add the unused recipients to the + log as well. */ + if (ctrl->audit && any_key) + { + for (;; recp++) + { + char *issuer; + ksba_sexp_t serial; + int tmp_rc; + + tmp_rc = ksba_cms_get_issuer_serial (cms, recp, + &issuer, &serial); + if (tmp_rc == -1) + break; /* no more recipients */ + audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp); + if (tmp_rc) + log_error ("recp %d - error getting info: %s\n", + recp, gpg_strerror (rc)); + else + { + char *tmpstr = gpgsm_format_sn_issuer (serial, issuer); + audit_log_s (ctrl->audit, AUDIT_RECP_NAME, tmpstr); + xfree (tmpstr); + xfree (issuer); + xfree (serial); + } + } + } + if (!any_key) { rc = gpg_error (GPG_ERR_NO_SECKEY); @@ -488,7 +538,7 @@ dfparm.lastblock, dfparm.blklen - npadding); if (rc) - goto leave; + goto leave; for (i=dfparm.blklen - npadding; i < dfparm.blklen; i++) { @@ -515,6 +565,7 @@ leave: + audit_log_ok (ctrl->audit, AUDIT_DECRYPTION_RESULT, rc); if (rc) { gpgsm_status (ctrl, STATUS_DECRYPTION_FAILED, NULL); Modified: branches/STABLE-BRANCH-2-0/sm/gpgsm.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2009-12-03 19:39:39 UTC (rev 5207) @@ -99,6 +99,7 @@ oLogFile, oNoLogFile, oAuditLog, + oHtmlAuditLog, oEnableSpecialFilenames, @@ -286,6 +287,7 @@ ARGPARSE_s_s (oAuditLog, "audit-log", N_("|FILE|write an audit log to FILE")), + ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""), ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")), ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")), @@ -863,6 +865,7 @@ int default_keyring = 1; char *logfile = NULL; char *auditlog = NULL; + char *htmlauditlog = NULL; int greeting = 0; int nogreeting = 0; int debug_wait = 0; @@ -878,6 +881,7 @@ int do_not_setup_keys = 0; int recp_required = 0; estream_t auditfp = NULL; + estream_t htmlauditfp = NULL; /*mtrace();*/ @@ -1194,6 +1198,7 @@ case oNoLogFile: logfile = NULL; break; case oAuditLog: auditlog = pargs.r.ret_str; break; + case oHtmlAuditLog: htmlauditlog = pargs.r.ret_str; break; case oBatch: opt.batch = 1; @@ -1422,11 +1427,6 @@ } # endif - if (auditlog) - log_info ("NOTE: The audit log feature (--audit-log) is " - "WORK IN PRORESS and not ready for use!\n"); - - if (may_coredump && !opt.quiet) log_info (_("WARNING: program may create a core file!\n")); @@ -1558,7 +1558,7 @@ /* Prepare the audit log feature for certain commands. */ - if (auditlog) + if (auditlog || htmlauditlog) { switch (cmd) { @@ -1568,7 +1568,10 @@ case aVerify: audit_release (ctrl.audit); ctrl.audit = audit_new (); - auditfp = open_es_fwrite (auditlog); + if (auditlog) + auditfp = open_es_fwrite (auditlog); + if (htmlauditlog) + htmlauditfp = open_es_fwrite (htmlauditlog); break; default: break; @@ -1645,6 +1648,10 @@ printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_DEFAULT); printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE); + /* The next one is an info only item and should match what + proc_parameters actually implements. */ + printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, + "RSA-2048"); } break; case aGPGConfTest: @@ -1920,12 +1927,16 @@ } /* Print the audit result if needed. */ - if (auditlog && auditfp) + if ((auditlog && auditfp) || (htmlauditlog && htmlauditfp)) { - audit_print_result (ctrl.audit, auditfp, 0); + if (auditlog && auditfp) + audit_print_result (ctrl.audit, auditfp, 0); + if (htmlauditlog && htmlauditfp) + audit_print_result (ctrl.audit, htmlauditfp, 1); audit_release (ctrl.audit); ctrl.audit = NULL; es_fclose (auditfp); + es_fclose (htmlauditfp); } /* cleanup */ Modified: branches/STABLE-BRANCH-2-0/sm/sign.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/sign.c 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/sm/sign.c 2009-12-03 19:39:39 UTC (rev 5207) @@ -34,18 +34,20 @@ #include "i18n.h" -static void +/* Hash the data and return if something was hashed. Return -1 on error. */ +static int hash_data (int fd, gcry_md_hd_t md) { FILE *fp; char buffer[4096]; int nread; + int rc = 0; fp = fdopen ( dup (fd), "rb"); if (!fp) { log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno)); - return; + return -1; } do @@ -55,8 +57,12 @@ } while (nread); if (ferror (fp)) + { log_error ("read error on fd %d: %s\n", fd, strerror (errno)); + rc = -1; + } fclose (fp); + return rc; } static int @@ -321,6 +327,8 @@ certlist_t cl; int release_signerlist = 0; + audit_set_type (ctrl->audit, AUDIT_TYPE_SIGN); + kh = keydb_new (0); if (!kh) { @@ -539,8 +547,11 @@ goto leave; } gcry_md_enable (data_md, algo); + audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo); } + audit_log (ctrl->audit, AUDIT_SETUP_READY); + if (detached) { /* We hash the data right now so that we can store the message digest. ksba_cms_build() takes this as an flag that detached @@ -548,7 +559,8 @@ unsigned char *digest; size_t digest_len; - hash_data (data_fd, data_md); + if (!hash_data (data_fd, data_md)) + audit_log (ctrl->audit, AUDIT_GOT_DATA); for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) { digest = gcry_md_read (data_md, cl->hash_algo); @@ -623,6 +635,7 @@ rc = hash_and_copy_data (data_fd, data_md, writer); if (rc) goto leave; + audit_log (ctrl->audit, AUDIT_GOT_DATA); for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) { digest = gcry_md_read (data_md, cl->hash_algo); @@ -663,13 +676,18 @@ unsigned char *sigval = NULL; char *buf, *fpr; + audit_log_i (ctrl->audit, AUDIT_NEW_SIG, signer); if (signer) gcry_md_reset (md); { certlist_t cl_tmp; for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next) - gcry_md_enable (md, cl_tmp->hash_algo); + { + gcry_md_enable (md, cl_tmp->hash_algo); + audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, + cl_tmp->hash_algo); + } } rc = ksba_cms_hash_signed_attrs (cms, signer); @@ -685,6 +703,7 @@ md, cl->hash_algo, &sigval); if (rc) { + audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, rc); gcry_md_close (md); goto leave; } @@ -693,6 +712,7 @@ xfree (sigval); if (err) { + audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err); log_error ("failed to store the signature: %s\n", gpg_strerror (err)); rc = err; @@ -708,28 +728,29 @@ gcry_md_close (md); goto leave; } + rc = 0; { int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL); - rc = asprintf (&buf, "%c %d %d 00 %s %s", - detached? 'D':'S', - pkalgo, - cl->hash_algo, - signed_at, - fpr); + buf = xtryasprintf ("%c %d %d 00 %s %s", + detached? 'D':'S', + pkalgo, + cl->hash_algo, + signed_at, + fpr); + if (!buf) + rc = gpg_error_from_syserror (); } xfree (fpr); - if (rc < 0) + if (rc) { - rc = gpg_error (GPG_ERR_ENOMEM); gcry_md_close (md); goto leave; } - rc = 0; gpgsm_status (ctrl, STATUS_SIG_CREATED, buf); - free (buf); /* yes, we must use the regular free() here */ + xfree (buf); + audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, 0); } gcry_md_close (md); - } } while (stopreason != KSBA_SR_READY); @@ -741,6 +762,7 @@ goto leave; } + audit_log (ctrl->audit, AUDIT_SIGNING_DONE); log_info ("signature created\n"); Modified: branches/STABLE-BRANCH-2-0/sm/verify.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/verify.c 2009-12-03 19:13:19 UTC (rev 5206) +++ branches/STABLE-BRANCH-2-0/sm/verify.c 2009-12-03 19:39:39 UTC (rev 5207) @@ -216,6 +216,8 @@ log_debug ("enabling extra hash algorithm %d\n", opt.extra_digest_algo); gcry_md_enable (data_md, opt.extra_digest_algo); + audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, + opt.extra_digest_algo); } if (is_detached) { @@ -236,7 +238,7 @@ } else if (stopreason == KSBA_SR_END_DATA) { /* The data bas been hashed */ - + audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0); } } while (stopreason != KSBA_SR_READY); @@ -452,6 +454,7 @@ log_printf (_(" using certificate ID 0x%08lX\n"), gpgsm_get_short_fingerprint (cert, NULL)); + audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo); if (msgdigest) { /* Signed attributes are available. */ @@ -484,6 +487,7 @@ goto next_signer; } + audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo); rc = gcry_md_open (&md, sigval_hash_algo, 0); if (rc) { From cvs at cvs.gnupg.org Fri Dec 4 12:37:12 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 04 Dec 2009 12:37:12 +0100 Subject: [svn] GnuPG - r5208 - trunk/common Message-ID: Author: wk Date: 2009-12-04 12:37:12 +0100 (Fri, 04 Dec 2009) New Revision: 5208 Modified: trunk/common/ChangeLog trunk/common/Makefile.am Log: Fix possible problem with chnages status.h and VBUILDS. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2009-12-03 19:39:39 UTC (rev 5207) +++ trunk/common/ChangeLog 2009-12-04 11:37:12 UTC (rev 5208) @@ -1,3 +1,8 @@ +2009-12-04 Werner Koch + + * Makefile.am (audit-events.h, status-codes.h): Create files in + the source dir. Fixes bug#1164. + 2009-12-02 Werner Koch * audit.c (proc_type_decrypt, proc_type_sign): Implemented. Modified: trunk/common/Makefile.am =================================================================== --- trunk/common/Makefile.am 2009-12-03 19:39:39 UTC (rev 5207) +++ trunk/common/Makefile.am 2009-12-04 11:37:12 UTC (rev 5208) @@ -97,16 +97,20 @@ gpgrlhelp.c # Create the audit-events.h include file from audit.h +# Note: We create the target file in the source directory because it +# is a distributed built source. If we would not do that we may end +# up with two files and then it is not clear which version of the +# files will be picked up. audit-events.h: Makefile mkstrtable.awk exaudit.awk audit.h $(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \ - -v namespace=eventstr_ >$@ + -v namespace=eventstr_ > $(srcdir)/$@ # Create the status-codes.h include file from status.h status-codes.h: Makefile mkstrtable.awk exstatus.awk status.h $(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \ - -v namespace=statusstr_ >$@ + -v namespace=statusstr_ > $(srcdir)/$@ # From cvs at cvs.gnupg.org Fri Dec 4 12:38:41 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 04 Dec 2009 12:38:41 +0100 Subject: [svn] GnuPG - r5209 - branches/STABLE-BRANCH-2-0/common Message-ID: Author: wk Date: 2009-12-04 12:38:41 +0100 (Fri, 04 Dec 2009) New Revision: 5209 Modified: branches/STABLE-BRANCH-2-0/common/ChangeLog branches/STABLE-BRANCH-2-0/common/Makefile.am Log: Fix for bug 1164 Modified: branches/STABLE-BRANCH-2-0/common/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/common/ChangeLog 2009-12-04 11:37:12 UTC (rev 5208) +++ branches/STABLE-BRANCH-2-0/common/ChangeLog 2009-12-04 11:38:41 UTC (rev 5209) @@ -1,3 +1,8 @@ +2009-12-04 Werner Koch + + * Makefile.am (audit-events.h, status-codes.h): Create files in + the source dir. Fixes bug#1164. + 2009-12-03 Werner Koch From trunk: Modified: branches/STABLE-BRANCH-2-0/common/Makefile.am =================================================================== --- branches/STABLE-BRANCH-2-0/common/Makefile.am 2009-12-04 11:37:12 UTC (rev 5208) +++ branches/STABLE-BRANCH-2-0/common/Makefile.am 2009-12-04 11:38:41 UTC (rev 5209) @@ -97,16 +97,20 @@ gpgrlhelp.c # Create the audit-events.h include file from audit.h +# Note: We create the target file in the source directory because it +# is a distributed built source. If we would not do that we may end +# up with two files and then it is not clear which version of the +# files will be picked up. audit-events.h: Makefile mkstrtable.awk exaudit.awk audit.h $(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \ - -v namespace=eventstr_ >$@ + -v namespace=eventstr_ > $(srcdir)/$@ # Create the status-codes.h include file from status.h status-codes.h: Makefile mkstrtable.awk exstatus.awk status.h $(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \ - -v namespace=statusstr_ >$@ + -v namespace=statusstr_ > $(srcdir)/$@ # From cvs at cvs.gnupg.org Fri Dec 4 16:27:53 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 04 Dec 2009 16:27:53 +0100 Subject: [svn] GnuPG - r5210 - branches/STABLE-BRANCH-2-0/po Message-ID: Author: wk Date: 2009-12-04 16:27:52 +0100 (Fri, 04 Dec 2009) New Revision: 5210 Modified: branches/STABLE-BRANCH-2-0/po/ChangeLog branches/STABLE-BRANCH-2-0/po/cs.po Log: Update Modified: branches/STABLE-BRANCH-2-0/po/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/po/ChangeLog 2009-12-04 11:38:41 UTC (rev 5209) +++ branches/STABLE-BRANCH-2-0/po/ChangeLog 2009-12-04 15:27:52 UTC (rev 5210) @@ -1,3 +1,7 @@ +2009-12-04 Petr Pisar (wk) + + * cs.po: Update. + 2009-09-03 Werner Koch * de.po: Translate new strings. Modified: branches/STABLE-BRANCH-2-0/po/cs.po [not shown] From cvs at cvs.gnupg.org Fri Dec 4 20:47:54 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 04 Dec 2009 20:47:54 +0100 Subject: [svn] GnuPG - r5211 - in trunk: . doc g10 Message-ID: Author: wk Date: 2009-12-04 20:47:54 +0100 (Fri, 04 Dec 2009) New Revision: 5211 Modified: trunk/NEWS trunk/doc/DETAILS trunk/g10/ChangeLog trunk/g10/gpg.c trunk/g10/keygen.c Log: allow for default algorithms in a gpg parameter file Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2009-12-04 15:27:52 UTC (rev 5210) +++ trunk/g10/ChangeLog 2009-12-04 19:47:54 UTC (rev 5211) @@ -1,3 +1,11 @@ +2009-12-04 Werner Koch + + * keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New. + (ask_keysize): Use new macro. + (gen_rsa): Set default size if NBITS is 0. + (get_parameter_algo): Add algo name "default". Add arg R_DEFAULT. + (proc_parameter_file): Process default flag. + 2009-12-03 Werner Koch * gpg.c (set_debug): Allow for numerical debug leveles. Print Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-04 15:27:52 UTC (rev 5210) +++ trunk/NEWS 2009-12-04 19:47:54 UTC (rev 5211) @@ -8,6 +8,9 @@ * The G13 tool for disk encryption key management has been added. + * The default for --include-cert is now to include all certificates + in the chain except for the root certificate. + * Numerical values may now be used as an alternative to the debug-level keywords. Modified: trunk/doc/DETAILS =================================================================== --- trunk/doc/DETAILS 2009-12-04 15:27:52 UTC (rev 5210) +++ trunk/doc/DETAILS 2009-12-04 19:47:54 UTC (rev 5211) @@ -823,11 +823,14 @@ used. Some syntactically checks may be performed. The currently defined parameters are: Key-Type: | - Starts a new parameter block by giving the type of the - primary key. The algorithm must be capable of signing. - This is a required parameter. + Starts a new parameter block by giving the type of the primary + key. The algorithm must be capable of signing. This is a + required parameter. It may be "default" to use the default + one; in this case don't give a Key-Usage and use "default" for + the Subkey-Type. Key-Length: - Length of the key in bits. Default is 1024. + Length of the key in bits. The default is returned by running + the command "gpg --gpgconf-list". Key-Usage: Space or comma delimited list of key usage, allowed values are "encrypt", "sign", and "auth". This is used to generate the @@ -835,13 +838,15 @@ this usage. Note that OpenPGP requires that all primary keys are capable of certification, so no matter what usage is given here, the "cert" flag will be on. If no Key-Usage is - specified, all the allowed usages for that particular - algorithm are used. + specified and the key-type is not "default", all allowed + usages for that particular algorithm are used; if it is not + given but "default" is used the usage will be "sign". Subkey-Type: | This generates a secondary key. Currently only one subkey can be handled. Subkey-Length: - Length of the subkey in bits. Default is 1024. + Length of the subkey in bits. The default is returned by running + the command "gpg --gpgconf-list". Subkey-Usage: Similar to Key-Usage. Passphrase: @@ -892,9 +897,9 @@ keyserver URL for the key. -Here is an example: +Here is an example on how to create a key: $ cat >foo < ssb 1024g/8F70E2C0 2000-03-09 +If you want to create a key with the default algorithms you would +use these parameters: + %echo Generating a default key + Key-Type: default + Subkey-Type: default + Name-Real: Joe Tester + Name-Comment: with stupid passphrase + Name-Email: joe at foo.bar + Expire-Date: 0 + Passphrase: abc + %pubring foo.pub + %secring foo.sec + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done + + + Layout of the TrustDB ===================== The TrustDB is built from fixed length records, where the first byte Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2009-12-04 15:27:52 UTC (rev 5210) +++ trunk/g10/gpg.c 2009-12-04 19:47:54 UTC (rev 5211) @@ -1617,8 +1617,8 @@ printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT); printf ("group:%lu:\n", GC_OPT_FLAG_NONE); - /* The next one is an info only item and should match what - keygen:ask_keysize actually implements. */ + /* The next one is an info only item and should match the macros at + the top of keygen.c */ printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "RSA-2048"); Modified: trunk/g10/keygen.c =================================================================== --- trunk/g10/keygen.c 2009-12-04 15:27:52 UTC (rev 5210) +++ trunk/g10/keygen.c 2009-12-04 19:47:54 UTC (rev 5211) @@ -43,7 +43,13 @@ #include "keyserver-internal.h" #include "call-agent.h" +/* The default algorithms. If you change them remember to change them + also in gpg.c:gpgconf_list. You should also check that the value + is inside the bounds enforced by ask_keysize and gen_xxx. */ +#define DEFAULT_STD_ALGO GCRY_PK_RSA +#define DEFAULT_STD_KEYSIZE 2048 + #define MAX_PREFS 30 enum para_name { @@ -1426,6 +1432,9 @@ assert (is_RSA(algo)); + if (!nbits) + nbits = DEFAULT_STD_KEYSIZE; + if (nbits < 1024) { nbits = 1024; @@ -1765,9 +1774,7 @@ static unsigned ask_keysize (int algo, unsigned int primary_keysize) { - /* NOTE: If you change the default key size/algo, remember to change - it also in gpgconf.c:gpgconf_list. */ - unsigned int nbits, min, def=2048, max=4096; + unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096; int for_subkey = !!primary_keysize; int autocomp = 0; @@ -2382,22 +2389,37 @@ } static int -get_parameter_algo( struct para_data_s *para, enum para_name key ) +get_parameter_algo( struct para_data_s *para, enum para_name key, + int *r_default) { - int i; - struct para_data_s *r = get_parameter( para, key ); - if( !r ) - return -1; - if( digitp( r->u.value ) ) - i = atoi( r->u.value ); - else if ( !strcmp ( r->u.value, "ELG-E") - || !strcmp ( r->u.value, "ELG") ) - i = GCRY_PK_ELG_E; - else - i = gcry_pk_map_name (r->u.value); - if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S) - i = 0; /* we don't want to allow generation of these algorithms */ - return i; + int i; + struct para_data_s *r = get_parameter( para, key ); + + if (r_default) + *r_default = 0; + + if (!r) + return -1; + + if (!ascii_strcasecmp (r->u.value, "default")) + { + /* Note: If you change this default algo, remember to change it + also in gpg.c:gpgconf_list. */ + i = DEFAULT_STD_ALGO; + if (r_default) + *r_default = 1; + } + else if (digitp (r->u.value)) + i = atoi( r->u.value ); + else if (!strcmp (r->u.value, "ELG-E") + || !strcmp (r->u.value, "ELG")) + i = GCRY_PK_ELG_E; + else + i = gcry_pk_map_name (r->u.value); + + if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S) + i = 0; /* we don't want to allow generation of these algorithms */ + return i; } /* @@ -2541,13 +2563,15 @@ const char *s1, *s2, *s3; size_t n; char *p; - int have_user_id=0,err,algo; + int is_default = 0; + int have_user_id = 0; + int err, algo; /* Check that we have all required parameters. */ r = get_parameter( para, pKEYTYPE ); if(r) { - algo=get_parameter_algo(para,pKEYTYPE); + algo = get_parameter_algo (para, pKEYTYPE, &is_default); if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG)) { log_error ("%s:%d: invalid algorithm\n", fname, r->lnr ); @@ -2563,10 +2587,13 @@ err = parse_parameter_usage (fname, para, pKEYUSAGE); if (!err) { - /* Default to algo capabilities if key-usage is not provided */ + /* Default to algo capabilities if key-usage is not provided and + no default algorithm has been requested. */ r = xmalloc_clear(sizeof(*r)); r->key = pKEYUSAGE; - r->u.usage = openpgp_pk_algo_usage(algo); + r->u.usage = (is_default + ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG) + : openpgp_pk_algo_usage(algo)); r->next = para; para = r; } @@ -2583,10 +2610,11 @@ } } + is_default = 0; r = get_parameter( para, pSUBKEYTYPE ); if(r) { - algo = get_parameter_algo (para, pSUBKEYTYPE); + algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default); if (openpgp_pk_test_algo (algo)) { log_error ("%s:%d: invalid algorithm\n", fname, r->lnr ); @@ -2600,7 +2628,9 @@ provided */ r = xmalloc_clear (sizeof(*r)); r->key = pSUBKEYUSAGE; - r->u.usage = openpgp_pk_algo_usage (algo); + r->u.usage = (is_default + ? PUBKEY_USAGE_ENC + : openpgp_pk_algo_usage (algo)); r->next = para; para = r; } @@ -3441,7 +3471,7 @@ if (!card) { - rc = do_create (get_parameter_algo( para, pKEYTYPE ), + rc = do_create (get_parameter_algo( para, pKEYTYPE, NULL ), get_parameter_uint( para, pKEYLENGTH ), pub_root, sec_root, get_parameter_dek( para, pPASSPHRASE_DEK ), @@ -3503,7 +3533,7 @@ { if (!card) { - rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ), + rc = do_create( get_parameter_algo( para, pSUBKEYTYPE, NULL ), get_parameter_uint( para, pSUBKEYLENGTH ), pub_root, sec_root, get_parameter_dek( para, pPASSPHRASE_DEK ), @@ -3612,7 +3642,8 @@ int no_enc_rsa; PKT_public_key *pk; - no_enc_rsa = (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_RSA + no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL) + == PUBKEY_ALGO_RSA) && get_parameter_uint (para, pKEYUSAGE) && !((get_parameter_uint (para, pKEYUSAGE) & PUBKEY_USAGE_ENC)) ); @@ -3634,7 +3665,7 @@ if (!opt.batch - && (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_DSA + && (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA || no_enc_rsa ) && !get_parameter (para, pSUBKEYTYPE) ) { From cvs at cvs.gnupg.org Fri Dec 4 20:58:29 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 04 Dec 2009 20:58:29 +0100 Subject: [svn] GnuPG - r5212 - in branches/STABLE-BRANCH-2-0: doc g10 Message-ID: Author: wk Date: 2009-12-04 20:58:28 +0100 (Fri, 04 Dec 2009) New Revision: 5212 Modified: branches/STABLE-BRANCH-2-0/doc/DETAILS branches/STABLE-BRANCH-2-0/g10/ChangeLog branches/STABLE-BRANCH-2-0/g10/gpg.c branches/STABLE-BRANCH-2-0/g10/keygen.c Log: Allow for default algorithms in a parameter file Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2009-12-04 19:47:54 UTC (rev 5211) +++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2009-12-04 19:58:28 UTC (rev 5212) @@ -1,3 +1,11 @@ +2009-12-04 Werner Koch + + * keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New. + (ask_keysize): Use new macro. + (gen_rsa): Set default size if NBITS is 0. + (get_parameter_algo): Add algo name "default". Add arg R_DEFAULT. + (proc_parameter_file): Process default flag. + 2009-12-03 Werner Koch * gpg.c (set_debug): Allow for numerical debug levels. Print Modified: branches/STABLE-BRANCH-2-0/doc/DETAILS =================================================================== --- branches/STABLE-BRANCH-2-0/doc/DETAILS 2009-12-04 19:47:54 UTC (rev 5211) +++ branches/STABLE-BRANCH-2-0/doc/DETAILS 2009-12-04 19:58:28 UTC (rev 5212) @@ -681,6 +681,7 @@ KEYID. + Format of the "--attribute-fd" output ===================================== @@ -817,11 +818,14 @@ used. Some syntactically checks may be performed. The currently defined parameters are: Key-Type: | - Starts a new parameter block by giving the type of the - primary key. The algorithm must be capable of signing. - This is a required parameter. + Starts a new parameter block by giving the type of the primary + key. The algorithm must be capable of signing. This is a + required parameter. It may be "default" to use the default + one; in this case don't give a Key-Usage and use "default" for + the Subkey-Type. Key-Length: - Length of the key in bits. Default is 1024. + Length of the key in bits. The default is returned by running + the command "gpg --gpgconf-list". Key-Usage: Space or comma delimited list of key usage, allowed values are "encrypt", "sign", and "auth". This is used to generate the @@ -829,13 +833,15 @@ this usage. Note that OpenPGP requires that all primary keys are capable of certification, so no matter what usage is given here, the "cert" flag will be on. If no Key-Usage is - specified, all the allowed usages for that particular - algorithm are used. + specified and the key-type is not "default", all allowed + usages for that particular algorithm are used; if it is not + given but "default" is used the usage will be "sign". Subkey-Type: | This generates a secondary key. Currently only one subkey - can be handled. + can be handled. "default" is also supported. Subkey-Length: - Length of the subkey in bits. Default is 1024. + Length of the subkey in bits. The default is returned by running + the command "gpg --gpgconf-list". Subkey-Usage: Similar to Key-Usage. Passphrase: @@ -886,9 +892,9 @@ keyserver URL for the key. -Here is an example: +Here is an example on how to create a key: $ cat >foo < ssb 1024g/8F70E2C0 2000-03-09 +If you want to create a key with the default algorithms you would +use these parameters: + %echo Generating a default key + Key-Type: default + Subkey-Type: default + Name-Real: Joe Tester + Name-Comment: with stupid passphrase + Name-Email: joe at foo.bar + Expire-Date: 0 + Passphrase: abc + %pubring foo.pub + %secring foo.sec + # Do a commit here, so that we can later print "done" :-) + %commit + %echo done + + + Layout of the TrustDB ===================== The TrustDB is built from fixed length records, where the first byte Modified: branches/STABLE-BRANCH-2-0/g10/gpg.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/gpg.c 2009-12-04 19:47:54 UTC (rev 5211) +++ branches/STABLE-BRANCH-2-0/g10/gpg.c 2009-12-04 19:58:28 UTC (rev 5212) @@ -1613,8 +1613,8 @@ printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT); printf ("group:%lu:\n", GC_OPT_FLAG_NONE); - /* The next one is an info only item and should match what - keygen:ask_keysize actually implements. */ + /* The next one is an info only item and should match the macros at + the top of keygen.c. */ printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "RSA-2048"); Modified: branches/STABLE-BRANCH-2-0/g10/keygen.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/keygen.c 2009-12-04 19:47:54 UTC (rev 5211) +++ branches/STABLE-BRANCH-2-0/g10/keygen.c 2009-12-04 19:58:28 UTC (rev 5212) @@ -43,7 +43,13 @@ #include "keyserver-internal.h" #include "call-agent.h" +/* The default algorithms. If you change them remember to change them + also in gpg.c:gpgconf_list. You should also check that the value + is inside the bounds enforced by ask_keysize and gen_xxx. */ +#define DEFAULT_STD_ALGO GCRY_PK_RSA +#define DEFAULT_STD_KEYSIZE 2048 + #define MAX_PREFS 30 enum para_name { @@ -1426,6 +1432,9 @@ assert (is_RSA(algo)); + if (!nbits) + nbits = DEFAULT_STD_KEYSIZE; + if (nbits < 1024) { nbits = 1024; @@ -1765,9 +1774,7 @@ static unsigned ask_keysize (int algo, unsigned int primary_keysize) { - /* NOTE: If you change the default key size/algo, remember to change - it also in gpg.c:gpgconf_list. */ - unsigned int nbits, min, def=2048, max=4096; + unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096; int for_subkey = !!primary_keysize; int autocomp = 0; @@ -2382,22 +2389,37 @@ } static int -get_parameter_algo( struct para_data_s *para, enum para_name key ) +get_parameter_algo( struct para_data_s *para, enum para_name key, + int *r_default) { - int i; - struct para_data_s *r = get_parameter( para, key ); - if( !r ) - return -1; - if( digitp( r->u.value ) ) - i = atoi( r->u.value ); - else if ( !strcmp ( r->u.value, "ELG-E") - || !strcmp ( r->u.value, "ELG") ) - i = GCRY_PK_ELG_E; - else - i = gcry_pk_map_name (r->u.value); - if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S) - i = 0; /* we don't want to allow generation of these algorithms */ - return i; + int i; + struct para_data_s *r = get_parameter( para, key ); + + if (r_default) + *r_default = 0; + + if (!r) + return -1; + + if (!ascii_strcasecmp (r->u.value, "default")) + { + /* Note: If you change this default algo, remember to change it + also in gpg.c:gpgconf_list. */ + i = DEFAULT_STD_ALGO; + if (r_default) + *r_default = 1; + } + else if (digitp (r->u.value)) + i = atoi( r->u.value ); + else if (!strcmp (r->u.value, "ELG-E") + || !strcmp (r->u.value, "ELG")) + i = GCRY_PK_ELG_E; + else + i = gcry_pk_map_name (r->u.value); + + if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S) + i = 0; /* we don't want to allow generation of these algorithms */ + return i; } /* @@ -2541,13 +2563,15 @@ const char *s1, *s2, *s3; size_t n; char *p; - int have_user_id=0,err,algo; + int is_default = 0; + int have_user_id = 0; + int err, algo; /* Check that we have all required parameters. */ r = get_parameter( para, pKEYTYPE ); if(r) { - algo=get_parameter_algo(para,pKEYTYPE); + algo = get_parameter_algo (para, pKEYTYPE, &is_default); if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG)) { log_error ("%s:%d: invalid algorithm\n", fname, r->lnr ); @@ -2563,10 +2587,13 @@ err = parse_parameter_usage (fname, para, pKEYUSAGE); if (!err) { - /* Default to algo capabilities if key-usage is not provided */ + /* Default to algo capabilities if key-usage is not provided and + no default algorithm has been requested. */ r = xmalloc_clear(sizeof(*r)); r->key = pKEYUSAGE; - r->u.usage = openpgp_pk_algo_usage(algo); + r->u.usage = (is_default + ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG) + : openpgp_pk_algo_usage(algo)); r->next = para; para = r; } @@ -2583,10 +2610,11 @@ } } + is_default = 0; r = get_parameter( para, pSUBKEYTYPE ); if(r) { - algo = get_parameter_algo (para, pSUBKEYTYPE); + algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default); if (openpgp_pk_test_algo (algo)) { log_error ("%s:%d: invalid algorithm\n", fname, r->lnr ); @@ -2600,7 +2628,9 @@ provided */ r = xmalloc_clear (sizeof(*r)); r->key = pSUBKEYUSAGE; - r->u.usage = openpgp_pk_algo_usage (algo); + r->u.usage = (is_default + ? PUBKEY_USAGE_ENC + : openpgp_pk_algo_usage (algo)); r->next = para; para = r; } @@ -3441,7 +3471,7 @@ if (!card) { - rc = do_create (get_parameter_algo( para, pKEYTYPE ), + rc = do_create (get_parameter_algo( para, pKEYTYPE, NULL ), get_parameter_uint( para, pKEYLENGTH ), pub_root, sec_root, get_parameter_dek( para, pPASSPHRASE_DEK ), @@ -3503,7 +3533,7 @@ { if (!card) { - rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ), + rc = do_create( get_parameter_algo( para, pSUBKEYTYPE, NULL ), get_parameter_uint( para, pSUBKEYLENGTH ), pub_root, sec_root, get_parameter_dek( para, pPASSPHRASE_DEK ), @@ -3612,7 +3642,8 @@ int no_enc_rsa; PKT_public_key *pk; - no_enc_rsa = (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_RSA + no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL) + == PUBKEY_ALGO_RSA) && get_parameter_uint (para, pKEYUSAGE) && !((get_parameter_uint (para, pKEYUSAGE) & PUBKEY_USAGE_ENC)) ); @@ -3634,7 +3665,7 @@ if (!opt.batch - && (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_DSA + && (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA || no_enc_rsa ) && !get_parameter (para, pSUBKEYTYPE) ) { From cvs at cvs.gnupg.org Mon Dec 7 16:52:28 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 07 Dec 2009 16:52:28 +0100 Subject: [svn] GnuPG - r5213 - in trunk: . common doc tools Message-ID: Author: wk Date: 2009-12-07 16:52:27 +0100 (Mon, 07 Dec 2009) New Revision: 5213 Modified: trunk/ChangeLog trunk/NEWS trunk/common/ChangeLog trunk/common/pka.c trunk/common/srv.c trunk/configure.ac trunk/doc/DETAILS trunk/tools/ChangeLog trunk/tools/no-libgcrypt.c Log: Use ADNS for PKA and SRV records if no other resolver is available. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-12-04 19:58:28 UTC (rev 5212) +++ trunk/ChangeLog 2009-12-07 15:52:27 UTC (rev 5213) @@ -1,3 +1,8 @@ +2009-12-07 Werner Koch + + * configure.ac: Check for ADNS before checking for the BIND + resolver. + 2009-10-20 Marcus Brinkmann * configure.ac: Check for fusermount and encfs. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2009-12-04 19:58:28 UTC (rev 5212) +++ trunk/common/ChangeLog 2009-12-07 15:52:27 UTC (rev 5213) @@ -1,3 +1,10 @@ +2009-12-07 Werner Koch + + * pka.c (get_pka_info): Add support for ADNS. + * src.v (getsrv): Add support for ADNS. + + * srv.c (getsrv): s/xrealloc/xtryrealloc/. + 2009-12-04 Werner Koch * Makefile.am (audit-events.h, status-codes.h): Create files in Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2009-12-04 19:58:28 UTC (rev 5212) +++ trunk/tools/ChangeLog 2009-12-07 15:52:27 UTC (rev 5213) @@ -1,3 +1,7 @@ +2009-12-07 Werner Koch + + * no-libgcrypt.c (gcry_strdup): Actually copy the string. + 2009-11-23 Werner Koch * gpgconf-comp.c (gc_options_gpg): Add default_pubkey_algo. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-04 19:58:28 UTC (rev 5212) +++ trunk/NEWS 2009-12-07 15:52:27 UTC (rev 5213) @@ -14,7 +14,9 @@ * Numerical values may now be used as an alternative to the debug-level keywords. + * Support SRV and PKA records on W32. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: trunk/common/pka.c =================================================================== --- trunk/common/pka.c 2009-12-04 19:58:28 UTC (rev 5212) +++ trunk/common/pka.c 2009-12-07 15:52:27 UTC (rev 5213) @@ -33,6 +33,12 @@ #include #endif #endif /* USE_DNS_PKA */ +#ifdef USE_ADNS +# include +# ifndef HAVE_ADNS_FREE +# define adns_free free +# endif +#endif #include "util.h" #include "pka.h" @@ -106,6 +112,67 @@ char * get_pka_info (const char *address, unsigned char *fpr) { +#ifdef USE_ADNS + int rc; + adns_state state; + const char *domain; + char *name; + adns_answer *answer = NULL; + char *buffer = NULL; + + domain = strrchr (address, '@'); + if (!domain || domain == address || !domain[1]) + return NULL; /* Invalid mail address given. */ + name = xtrymalloc (strlen (address) + 5 + 1); + if (!name) + return NULL; + memcpy (name, address, domain - address); + strcpy (stpcpy (name + (domain-address), "._pka."), domain+1); + + rc = adns_init (&state, adns_if_noerrprint, NULL); + if (rc) + { + log_error ("error initializing adns: %s\n", strerror (errno)); + xfree (name); + return NULL; + } + + rc = adns_synchronous (state, name, adns_r_txt, adns_qf_quoteok_query, + &answer); + xfree (name); + if (rc) + { + log_error ("DNS query failed: %s\n", strerror (errno)); + adns_finish (state); + return NULL; + } + if (answer->status != adns_s_ok + || answer->type != adns_r_txt || !answer->nrrs) + { + log_error ("DNS query returned an error: %s (%s)\n", + adns_strerror (answer->status), + adns_errabbrev (answer->status)); + adns_free (answer); + adns_finish (state); + return NULL; + } + + /* We use a PKA records iff there is exactly one record. */ + if (answer->nrrs == 1 && answer->rrs.manyistr[0]->i != -1) + { + buffer = xtrystrdup (answer->rrs.manyistr[0]->str); + if (parse_txt_record (buffer, fpr)) + { + xfree (buffer); + buffer = NULL; /* Not a valid gpg trustdns RR. */ + } + } + + adns_free (answer); + adns_finish (state); + return buffer; + +#else /*!USE_ADNS*/ unsigned char answer[PACKETSZ]; int anslen; int qdcount, ancount, nscount, arcount; @@ -197,7 +264,9 @@ } return NULL; +#endif /*!USE_ADNS*/ } + #else /* !USE_DNS_PKA */ /* Dummy version of the function if we can't use the resolver @@ -247,6 +316,6 @@ /* Local Variables: -compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv libutil.a" +compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv ../tools/no-libgcrypt.o ../jnlib/libjnlib.a" End: */ Modified: trunk/common/srv.c =================================================================== --- trunk/common/srv.c 2009-12-04 19:58:28 UTC (rev 5212) +++ trunk/common/srv.c 2009-12-07 15:52:27 UTC (rev 5213) @@ -30,6 +30,12 @@ #include #include #include +#ifdef USE_ADNS +# include +# ifndef HAVE_ADNS_FREE +# define adns_free free +# endif +#endif #include "util.h" #include "srv.h" @@ -52,172 +58,232 @@ return 0; } + int -getsrv(const char *name,struct srventry **list) +getsrv (const char *name,struct srventry **list) { - unsigned char answer[2048]; - int r,srvcount=0; - unsigned char *pt,*emsg; - u16 count,dlen; - HEADER *header=(HEADER *)answer; + int srvcount=0; + u16 count; + int i, rc; - *list=NULL; + *list = NULL; - r=res_query(name,C_IN,T_SRV,answer,2048); - if(r2048) - return -1; +#ifdef USE_ADNS + { + adns_state state; + adns_answer *answer = NULL; + + rc = adns_init (&state, adns_if_noerrprint, NULL); + if (rc) + { + log_error ("error initializing adns: %s\n", strerror (errno)); + return -1; + } - if(header->rcode==NOERROR && (count=ntohs(header->ancount))) - { - int i,rc; + rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query, + &answer); + if (rc) + { + log_error ("DNS query failed: %s\n", strerror (errno)); + adns_finish (state); + return -1; + } + if (answer->status != adns_s_ok + || answer->type != adns_r_srv || !answer->nrrs) + { + log_error ("DNS query returned an error or no records: %s (%s)\n", + adns_strerror (answer->status), + adns_errabbrev (answer->status)); + adns_free (answer); + adns_finish (state); + return 0; + } - emsg=&answer[r]; - pt=&answer[sizeof(HEADER)]; + for (count = 0; count < answer->nrrs; count++) + { + struct srventry *srv = NULL; + struct srventry *newlist; - /* Skip over the query */ + if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME) + { + log_info ("hostname in SRV record too long - skipped\n"); + continue; + } + + newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry)); + if (!newlist) + goto fail; + *list = newlist; + memset (&(*list)[srvcount], 0, sizeof(struct srventry)); + srv = &(*list)[srvcount]; + srvcount++; + + srv->priority = answer->rrs.srvha[count].priority; + srv->weight = answer->rrs.srvha[count].weight; + srv->port = answer->rrs.srvha[count].port; + strcpy (srv->target, answer->rrs.srvha[count].ha.host); + } - rc=dn_skipname(pt,emsg); - if(rc==-1) - goto fail; + adns_free (answer); + adns_finish (state); + } +#else /*!USE_ADNS*/ + { + unsigned char answer[2048]; + HEADER *header = (HEADER *)answer; + unsigned char *pt, *emsg; + int r; + u16 dlen; + + r = res_query (name, C_IN, T_SRV, answer, sizeof answer); + if (r < sizeof (HEADER) || r > sizeof answer) + return -1; + if (header->rcode != NOERROR || !(count=ntohs (header->ancount))) + return 0; /* Error or no record found. */ + + emsg = &answer[r]; + pt = &answer[sizeof(HEADER)]; + + /* Skip over the query */ + rc = dn_skipname (pt, emsg); + if (rc == -1) + goto fail; + + pt += rc + QFIXEDSZ; + + while (count-- > 0 && pt < emsg) + { + struct srventry *srv=NULL; + u16 type,class; + struct srventry *newlist; + + newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry)); + if (!newlist) + goto fail; + *list = newlist; + memset(&(*list)[srvcount],0,sizeof(struct srventry)); + srv=&(*list)[srvcount]; + srvcount++; + + rc = dn_skipname(pt,emsg); /* the name we just queried for */ + if (rc == -1) + goto fail; + pt+=rc; + + /* Truncated message? */ + if((emsg-pt)<16) + goto fail; + + type=*pt++ << 8; + type|=*pt++; + /* We asked for SRV and got something else !? */ + if(type!=T_SRV) + goto fail; + + class=*pt++ << 8; + class|=*pt++; + /* We asked for IN and got something else !? */ + if(class!=C_IN) + goto fail; + + pt+=4; /* ttl */ + dlen=*pt++ << 8; + dlen|=*pt++; + srv->priority=*pt++ << 8; + srv->priority|=*pt++; + srv->weight=*pt++ << 8; + srv->weight|=*pt++; + srv->port=*pt++ << 8; + srv->port|=*pt++; + + /* Get the name. 2782 doesn't allow name compression, but + dn_expand still works to pull the name out of the + packet. */ + rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME); + if (rc == 1 && srv->target[0] == 0) /* "." */ + { + xfree(*list); + *list = NULL; + return 0; + } + if (rc == -1) + goto fail; + pt += rc; + /* Corrupt packet? */ + if (dlen != rc+6) + goto fail; + } + } +#endif /*!USE_ADNS*/ + + /* Now we have an array of all the srv records. */ + + /* Order by priority */ + qsort(*list,srvcount,sizeof(struct srventry),priosort); + + /* For each priority, move the zero-weighted items first. */ + for (i=0; i < srvcount; i++) + { + int j; + + for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++) + { + if((*list)[j].weight==0) + { + /* Swap j with i */ + if(j!=i) + { + struct srventry temp; + + memcpy (&temp,&(*list)[j],sizeof(struct srventry)); + memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry)); + memcpy (&(*list)[i],&temp,sizeof(struct srventry)); + } + + break; + } + } + } - pt+=rc+QFIXEDSZ; + /* Run the RFC-2782 weighting algorithm. We don't need very high + quality randomness for this, so regular libc srand/rand is + sufficient. Fixme: It is a bit questionaly to reinitalize srand + - better use a gnupg fucntion for this. */ + srand(time(NULL)*getpid()); - while(count-->0 && ptpriority=*pt++ << 8; - srv->priority|=*pt++; - srv->weight=*pt++ << 8; - srv->weight|=*pt++; - srv->port=*pt++ << 8; - srv->port|=*pt++; - - /* Get the name. 2782 doesn't allow name compression, but - dn_expand still works to pull the name out of the - packet. */ - rc=dn_expand(answer,emsg,pt,srv->target,MAXDNAME); - if(rc==1 && srv->target[0]==0) /* "." */ - goto noanswer; - if(rc==-1) - goto fail; - pt+=rc; - /* Corrupt packet? */ - if(dlen!=rc+6) - goto fail; - -#if 0 - printf("count=%d\n",srvcount); - printf("priority=%d\n",srv->priority); - printf("weight=%d\n",srv->weight); - printf("port=%d\n",srv->port); - printf("target=%s\n",srv->target); -#endif - } - - /* Now we have an array of all the srv records. */ - - /* Order by priority */ - qsort(*list,srvcount,sizeof(struct srventry),priosort); - - /* For each priority, move the zero-weighted items first. */ - for(i=0;i @@ -802,6 +832,20 @@ use_dns_srv=no use_dns_pka=no use_dns_cert=no + # If we have no resolver library but ADNS (e.g. under W32) enable the + # code parts which can be used with ADNS. + if test x"$have_adns" = xyes ; then + DNSLIB="$ADNSLIBS" + AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.]) + + if test x"$use_dns_srv" = xyes ; then + AC_DEFINE(USE_DNS_SRV,1) + fi + + if test x"$use_dns_pka" = xyes ; then + AC_DEFINE(USE_DNS_PKA,1) + fi + fi fi LIBS=$_dns_save_libs @@ -813,33 +857,6 @@ # -# Check for ADNS. -# -_cppflags="${CPPFLAGS}" -_ldflags="${LDFLAGS}" -AC_ARG_WITH(adns, - AC_HELP_STRING([--with-adns=DIR], - [look for the adns library in DIR]), - [if test -d "$withval"; then - CPPFLAGS="${CPPFLAGS} -I$withval/include" - LDFLAGS="${LDFLAGS} -L$withval/lib" - fi]) -if test "$with_adns" != "no"; then - AC_CHECK_HEADERS(adns.h, - AC_CHECK_LIB(adns, adns_init, - [have_adns=yes], - [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]), - [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]) -fi -if test "$have_adns" = "yes"; then - ADNSLIBS="-ladns" -fi -AC_SUBST(ADNSLIBS) -# Newer adns versions feature a free function to be used under W32. -AC_CHECK_FUNCS(adns_free) - - -# # Check for LDAP # if test "$try_ldap" = yes ; then Modified: trunk/doc/DETAILS =================================================================== --- trunk/doc/DETAILS 2009-12-04 19:58:28 UTC (rev 5212) +++ trunk/doc/DETAILS 2009-12-07 15:52:27 UTC (rev 5213) @@ -843,7 +843,7 @@ given but "default" is used the usage will be "sign". Subkey-Type: | This generates a secondary key. Currently only one subkey - can be handled. + can be handled. "default" is also supported. Subkey-Length: Length of the subkey in bits. The default is returned by running the command "gpg --gpgconf-list". Modified: trunk/tools/no-libgcrypt.c =================================================================== --- trunk/tools/no-libgcrypt.c 2009-12-04 19:58:28 UTC (rev 5212) +++ trunk/tools/no-libgcrypt.c 2009-12-07 15:52:27 UTC (rev 5213) @@ -55,7 +55,10 @@ char * gcry_strdup (const char *string) { - return malloc (strlen (string)+1); + char *p = malloc (strlen (string)+1); + if (p) + strcpy (p, string); + return p; } From cvs at cvs.gnupg.org Mon Dec 7 18:12:00 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 07 Dec 2009 18:12:00 +0100 Subject: [svn] GnuPG - r5214 - in branches/STABLE-BRANCH-2-0: . common tools Message-ID: Author: wk Date: 2009-12-07 18:11:59 +0100 (Mon, 07 Dec 2009) New Revision: 5214 Modified: branches/STABLE-BRANCH-2-0/AUTHORS branches/STABLE-BRANCH-2-0/ChangeLog branches/STABLE-BRANCH-2-0/common/ChangeLog branches/STABLE-BRANCH-2-0/common/pka.c branches/STABLE-BRANCH-2-0/common/srv.c branches/STABLE-BRANCH-2-0/configure.ac branches/STABLE-BRANCH-2-0/tools/ChangeLog branches/STABLE-BRANCH-2-0/tools/no-libgcrypt.c Log: Support PKA and SRV DNS lookups under w32 Modified: branches/STABLE-BRANCH-2-0/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/ChangeLog 2009-12-07 15:52:27 UTC (rev 5213) +++ branches/STABLE-BRANCH-2-0/ChangeLog 2009-12-07 17:11:59 UTC (rev 5214) @@ -1,3 +1,9 @@ +2009-12-07 Werner Koch + + * configure.ac: Check for ADNS before checking for the BIND + resolver. + (USE_ADNS): Fallback macro for PKA and CERT lookups. + 2009-09-04 Werner Koch Release 2.0.13. Modified: branches/STABLE-BRANCH-2-0/common/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/common/ChangeLog 2009-12-07 15:52:27 UTC (rev 5213) +++ branches/STABLE-BRANCH-2-0/common/ChangeLog 2009-12-07 17:11:59 UTC (rev 5214) @@ -1,3 +1,10 @@ +2009-12-07 Werner Koch + + * pka.c (get_pka_info): Add support for ADNS. + * src.v (getsrv): Add support for ADNS. + + * srv.c (getsrv): s/xrealloc/xtryrealloc/. + 2009-12-04 Werner Koch * Makefile.am (audit-events.h, status-codes.h): Create files in Modified: branches/STABLE-BRANCH-2-0/tools/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/tools/ChangeLog 2009-12-07 15:52:27 UTC (rev 5213) +++ branches/STABLE-BRANCH-2-0/tools/ChangeLog 2009-12-07 17:11:59 UTC (rev 5214) @@ -1,3 +1,7 @@ +2009-12-07 Werner Koch + + * no-libgcrypt.c (gcry_strdup): Actually copy the string. + 2009-07-21 Werner Koch * gpgsplit.c (my_strusage): Remove i18n stuff. Modified: branches/STABLE-BRANCH-2-0/AUTHORS =================================================================== --- branches/STABLE-BRANCH-2-0/AUTHORS 2009-12-07 15:52:27 UTC (rev 5213) +++ branches/STABLE-BRANCH-2-0/AUTHORS 2009-12-07 17:11:59 UTC (rev 5214) @@ -93,6 +93,8 @@ Pedro Morais Translations [pt_PT] +Petr Pisar Translations [cs] + R?mi Guyomarch Assigns past and future changes. (g10/compress.c, g10/encr-data.c, g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c) Modified: branches/STABLE-BRANCH-2-0/common/pka.c =================================================================== --- branches/STABLE-BRANCH-2-0/common/pka.c 2009-12-07 15:52:27 UTC (rev 5213) +++ branches/STABLE-BRANCH-2-0/common/pka.c 2009-12-07 17:11:59 UTC (rev 5214) @@ -1,5 +1,5 @@ /* pka.c - DNS Public Key Association RR access - * Copyright (C) 2005 Free Software Foundation, Inc. + * Copyright (C) 2005, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -33,6 +33,12 @@ #include #endif #endif /* USE_DNS_PKA */ +#ifdef USE_ADNS +# include +# ifndef HAVE_ADNS_FREE +# define adns_free free +# endif +#endif #include "util.h" #include "pka.h" @@ -106,6 +112,67 @@ char * get_pka_info (const char *address, unsigned char *fpr) { +#ifdef USE_ADNS + int rc; + adns_state state; + const char *domain; + char *name; + adns_answer *answer = NULL; + char *buffer = NULL; + + domain = strrchr (address, '@'); + if (!domain || domain == address || !domain[1]) + return NULL; /* Invalid mail address given. */ + name = xtrymalloc (strlen (address) + 5 + 1); + if (!name) + return NULL; + memcpy (name, address, domain - address); + strcpy (stpcpy (name + (domain-address), "._pka."), domain+1); + + rc = adns_init (&state, adns_if_noerrprint, NULL); + if (rc) + { + log_error ("error initializing adns: %s\n", strerror (errno)); + xfree (name); + return NULL; + } + + rc = adns_synchronous (state, name, adns_r_txt, adns_qf_quoteok_query, + &answer); + xfree (name); + if (rc) + { + log_error ("DNS query failed: %s\n", strerror (errno)); + adns_finish (state); + return NULL; + } + if (answer->status != adns_s_ok + || answer->type != adns_r_txt || !answer->nrrs) + { + /* log_error ("DNS query returned an error: %s (%s)\n", */ + /* adns_strerror (answer->status), */ + /* adns_errabbrev (answer->status)); */ + adns_free (answer); + adns_finish (state); + return NULL; + } + + /* We use a PKA records iff there is exactly one record. */ + if (answer->nrrs == 1 && answer->rrs.manyistr[0]->i != -1) + { + buffer = xtrystrdup (answer->rrs.manyistr[0]->str); + if (parse_txt_record (buffer, fpr)) + { + xfree (buffer); + buffer = NULL; /* Not a valid gpg trustdns RR. */ + } + } + + adns_free (answer); + adns_finish (state); + return buffer; + +#else /*!USE_ADNS*/ unsigned char answer[PACKETSZ]; int anslen; int qdcount, ancount, nscount, arcount; @@ -197,7 +264,9 @@ } return NULL; +#endif /*!USE_ADNS*/ } + #else /* !USE_DNS_PKA */ /* Dummy version of the function if we can't use the resolver @@ -247,6 +316,6 @@ /* Local Variables: -compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv libutil.a" +compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv ../tools/no-libgcrypt.o ../jnlib/libjnlib.a" End: */ Modified: branches/STABLE-BRANCH-2-0/common/srv.c =================================================================== --- branches/STABLE-BRANCH-2-0/common/srv.c 2009-12-07 15:52:27 UTC (rev 5213) +++ branches/STABLE-BRANCH-2-0/common/srv.c 2009-12-07 17:11:59 UTC (rev 5214) @@ -30,6 +30,12 @@ #include #include #include +#ifdef USE_ADNS +# include +# ifndef HAVE_ADNS_FREE +# define adns_free free +# endif +#endif #include "util.h" #include "srv.h" @@ -52,172 +58,232 @@ return 0; } + int -getsrv(const char *name,struct srventry **list) +getsrv (const char *name,struct srventry **list) { - unsigned char answer[2048]; - int r,srvcount=0; - unsigned char *pt,*emsg; - u16 count,dlen; - HEADER *header=(HEADER *)answer; + int srvcount=0; + u16 count; + int i, rc; - *list=NULL; + *list = NULL; - r=res_query(name,C_IN,T_SRV,answer,2048); - if(r2048) - return -1; +#ifdef USE_ADNS + { + adns_state state; + adns_answer *answer = NULL; + + rc = adns_init (&state, adns_if_noerrprint, NULL); + if (rc) + { + log_error ("error initializing adns: %s\n", strerror (errno)); + return -1; + } - if(header->rcode==NOERROR && (count=ntohs(header->ancount))) - { - int i,rc; + rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query, + &answer); + if (rc) + { + log_error ("DNS query failed: %s\n", strerror (errno)); + adns_finish (state); + return -1; + } + if (answer->status != adns_s_ok + || answer->type != adns_r_srv || !answer->nrrs) + { + /* log_error ("DNS query returned an error or no records: %s (%s)\n", */ + /* adns_strerror (answer->status), */ + /* adns_errabbrev (answer->status)); */ + adns_free (answer); + adns_finish (state); + return 0; + } - emsg=&answer[r]; - pt=&answer[sizeof(HEADER)]; + for (count = 0; count < answer->nrrs; count++) + { + struct srventry *srv = NULL; + struct srventry *newlist; - /* Skip over the query */ + if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME) + { + log_info ("hostname in SRV record too long - skipped\n"); + continue; + } + + newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry)); + if (!newlist) + goto fail; + *list = newlist; + memset (&(*list)[srvcount], 0, sizeof(struct srventry)); + srv = &(*list)[srvcount]; + srvcount++; + + srv->priority = answer->rrs.srvha[count].priority; + srv->weight = answer->rrs.srvha[count].weight; + srv->port = answer->rrs.srvha[count].port; + strcpy (srv->target, answer->rrs.srvha[count].ha.host); + } - rc=dn_skipname(pt,emsg); - if(rc==-1) - goto fail; + adns_free (answer); + adns_finish (state); + } +#else /*!USE_ADNS*/ + { + unsigned char answer[2048]; + HEADER *header = (HEADER *)answer; + unsigned char *pt, *emsg; + int r; + u16 dlen; + + r = res_query (name, C_IN, T_SRV, answer, sizeof answer); + if (r < sizeof (HEADER) || r > sizeof answer) + return -1; + if (header->rcode != NOERROR || !(count=ntohs (header->ancount))) + return 0; /* Error or no record found. */ + + emsg = &answer[r]; + pt = &answer[sizeof(HEADER)]; + + /* Skip over the query */ + rc = dn_skipname (pt, emsg); + if (rc == -1) + goto fail; + + pt += rc + QFIXEDSZ; + + while (count-- > 0 && pt < emsg) + { + struct srventry *srv=NULL; + u16 type,class; + struct srventry *newlist; + + newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry)); + if (!newlist) + goto fail; + *list = newlist; + memset(&(*list)[srvcount],0,sizeof(struct srventry)); + srv=&(*list)[srvcount]; + srvcount++; + + rc = dn_skipname(pt,emsg); /* the name we just queried for */ + if (rc == -1) + goto fail; + pt+=rc; + + /* Truncated message? */ + if((emsg-pt)<16) + goto fail; + + type=*pt++ << 8; + type|=*pt++; + /* We asked for SRV and got something else !? */ + if(type!=T_SRV) + goto fail; + + class=*pt++ << 8; + class|=*pt++; + /* We asked for IN and got something else !? */ + if(class!=C_IN) + goto fail; + + pt+=4; /* ttl */ + dlen=*pt++ << 8; + dlen|=*pt++; + srv->priority=*pt++ << 8; + srv->priority|=*pt++; + srv->weight=*pt++ << 8; + srv->weight|=*pt++; + srv->port=*pt++ << 8; + srv->port|=*pt++; + + /* Get the name. 2782 doesn't allow name compression, but + dn_expand still works to pull the name out of the + packet. */ + rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME); + if (rc == 1 && srv->target[0] == 0) /* "." */ + { + xfree(*list); + *list = NULL; + return 0; + } + if (rc == -1) + goto fail; + pt += rc; + /* Corrupt packet? */ + if (dlen != rc+6) + goto fail; + } + } +#endif /*!USE_ADNS*/ + + /* Now we have an array of all the srv records. */ + + /* Order by priority */ + qsort(*list,srvcount,sizeof(struct srventry),priosort); + + /* For each priority, move the zero-weighted items first. */ + for (i=0; i < srvcount; i++) + { + int j; + + for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++) + { + if((*list)[j].weight==0) + { + /* Swap j with i */ + if(j!=i) + { + struct srventry temp; + + memcpy (&temp,&(*list)[j],sizeof(struct srventry)); + memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry)); + memcpy (&(*list)[i],&temp,sizeof(struct srventry)); + } + + break; + } + } + } - pt+=rc+QFIXEDSZ; + /* Run the RFC-2782 weighting algorithm. We don't need very high + quality randomness for this, so regular libc srand/rand is + sufficient. Fixme: It is a bit questionaly to reinitalize srand + - better use a gnupg fucntion for this. */ + srand(time(NULL)*getpid()); - while(count-->0 && ptpriority=*pt++ << 8; - srv->priority|=*pt++; - srv->weight=*pt++ << 8; - srv->weight|=*pt++; - srv->port=*pt++ << 8; - srv->port|=*pt++; - - /* Get the name. 2782 doesn't allow name compression, but - dn_expand still works to pull the name out of the - packet. */ - rc=dn_expand(answer,emsg,pt,srv->target,MAXDNAME); - if(rc==1 && srv->target[0]==0) /* "." */ - goto noanswer; - if(rc==-1) - goto fail; - pt+=rc; - /* Corrupt packet? */ - if(dlen!=rc+6) - goto fail; - -#if 0 - printf("count=%d\n",srvcount); - printf("priority=%d\n",srv->priority); - printf("weight=%d\n",srv->weight); - printf("port=%d\n",srv->port); - printf("target=%s\n",srv->target); -#endif - } - - /* Now we have an array of all the srv records. */ - - /* Order by priority */ - qsort(*list,srvcount,sizeof(struct srventry),priosort); - - /* For each priority, move the zero-weighted items first. */ - for(i=0;i @@ -795,9 +824,24 @@ AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism]) fi else - use_dns_srv=no - use_dns_pka=no + # If we have no resolver library but ADNS (e.g. under W32) enable the + # code parts which can be used with ADNS. use_dns_cert=no + if test x"$have_adns" = xyes ; then + DNSLIBS="$ADNSLIBS" + AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.]) + + if test x"$use_dns_srv" = xyes ; then + AC_DEFINE(USE_DNS_SRV,1) + fi + + if test x"$use_dns_pka" = xyes ; then + AC_DEFINE(USE_DNS_PKA,1) + fi + else + use_dns_srv=no + use_dns_pka=no + fi fi LIBS=$_dns_save_libs @@ -809,33 +853,6 @@ # -# Check for ADNS. -# -_cppflags="${CPPFLAGS}" -_ldflags="${LDFLAGS}" -AC_ARG_WITH(adns, - AC_HELP_STRING([--with-adns=DIR], - [look for the adns library in DIR]), - [if test -d "$withval"; then - CPPFLAGS="${CPPFLAGS} -I$withval/include" - LDFLAGS="${LDFLAGS} -L$withval/lib" - fi]) -if test "$with_adns" != "no"; then - AC_CHECK_HEADERS(adns.h, - AC_CHECK_LIB(adns, adns_init, - [have_adns=yes], - [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]), - [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]) -fi -if test "$have_adns" = "yes"; then - ADNSLIBS="-ladns" -fi -AC_SUBST(ADNSLIBS) -# Newer adns versions feature a free function to be used under W32. -AC_CHECK_FUNCS(adns_free) - - -# # Check for LDAP # if test "$try_ldap" = yes ; then Modified: branches/STABLE-BRANCH-2-0/tools/no-libgcrypt.c =================================================================== --- branches/STABLE-BRANCH-2-0/tools/no-libgcrypt.c 2009-12-07 15:52:27 UTC (rev 5213) +++ branches/STABLE-BRANCH-2-0/tools/no-libgcrypt.c 2009-12-07 17:11:59 UTC (rev 5214) @@ -55,7 +55,10 @@ char * gcry_strdup (const char *string) { - return malloc (strlen (string)+1); + char *p = malloc (strlen (string)+1); + if (p) + strcpy (p, string); + return p; } From cvs at cvs.gnupg.org Mon Dec 7 18:12:28 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 07 Dec 2009 18:12:28 +0100 Subject: [svn] GnuPG - r5215 - in trunk: . common Message-ID: Author: wk Date: 2009-12-07 18:12:28 +0100 (Mon, 07 Dec 2009) New Revision: 5215 Modified: trunk/ChangeLog trunk/common/pka.c trunk/configure.ac Log: Fix last configure change. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-12-07 17:11:59 UTC (rev 5214) +++ trunk/ChangeLog 2009-12-07 17:12:28 UTC (rev 5215) @@ -2,6 +2,7 @@ * configure.ac: Check for ADNS before checking for the BIND resolver. + (USE_ADNS): Fallback macro for PKA and CERT lookups. 2009-10-20 Marcus Brinkmann Modified: trunk/common/pka.c =================================================================== --- trunk/common/pka.c 2009-12-07 17:11:59 UTC (rev 5214) +++ trunk/common/pka.c 2009-12-07 17:12:28 UTC (rev 5215) @@ -1,5 +1,5 @@ /* pka.c - DNS Public Key Association RR access - * Copyright (C) 2005 Free Software Foundation, Inc. + * Copyright (C) 2005, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2009-12-07 17:11:59 UTC (rev 5214) +++ trunk/configure.ac 2009-12-07 17:12:28 UTC (rev 5215) @@ -829,13 +829,11 @@ AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism]) fi else - use_dns_srv=no - use_dns_pka=no - use_dns_cert=no # If we have no resolver library but ADNS (e.g. under W32) enable the # code parts which can be used with ADNS. + use_dns_cert=no if test x"$have_adns" = xyes ; then - DNSLIB="$ADNSLIBS" + DNSLIBS="$ADNSLIBS" AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.]) if test x"$use_dns_srv" = xyes ; then @@ -845,6 +843,9 @@ if test x"$use_dns_pka" = xyes ; then AC_DEFINE(USE_DNS_PKA,1) fi + else + use_dns_srv=no + use_dns_pka=no fi fi From cvs at cvs.gnupg.org Tue Dec 8 05:01:04 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 05:01:04 +0100 Subject: [svn] w32pth - r30 - in trunk: . m4 Message-ID: Author: marcus Date: 2009-12-08 05:01:02 +0100 (Tue, 08 Dec 2009) New Revision: 30 Added: trunk/m4/ trunk/m4/libtool.m4 trunk/m4/ltoptions.m4 trunk/m4/ltsugar.m4 trunk/m4/ltversion.m4 trunk/m4/lt~obsolete.m4 Modified: trunk/ChangeLog trunk/INSTALL trunk/Makefile.am trunk/compile trunk/config.guess trunk/config.sub trunk/configure.ac trunk/depcomp trunk/install-sh trunk/ltmain.sh trunk/missing Log: 2009-12-08 Marcus Brinkmann Update to libtool 2.2.6a. * configure.ac: Invoke AC_CONFIG_MACRO_DIR. (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... (LT_PREREQ, LT_INIT, LT_LANG): ... these. * config.guess, config.sub, install-sh, ltmain.sh: Updated to libtool 2.2.6a. * m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: New files from libtool 2.2.6a. * Makefile.am (LTRCCOMPILE): Refactor with ... (RCCOMPILE): ... this new macro. Add $(w32pth_la_CPPFLAGS). (SUFFIXES): Add .lo. (.rc.o): Change to ... (.rc.lo): ... this implicit rule. (w32pth_res_ldflag): Removed. (w32pth_res): Use libtool object file name here. (install-def-file): Fix typo. (w32pth_la_LDFLAGS): Remove w32pth_res_ldflag usage. (w32pth_la_LIBADD): Add w32pth_res. * depcomp, compile, INSTALL, missing: Update from automake 1.10. [The diff below has been truncated] Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/ChangeLog 2009-12-08 04:01:02 UTC (rev 30) @@ -1,3 +1,25 @@ +2009-12-08 Marcus Brinkmann + + Update to libtool 2.2.6a. + * configure.ac: Invoke AC_CONFIG_MACRO_DIR. + (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... + (LT_PREREQ, LT_INIT, LT_LANG): ... these. + * config.guess, config.sub, install-sh, ltmain.sh: + Updated to libtool 2.2.6a. + * m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, + m4/lt~obsolete.m4: New files from libtool 2.2.6a. + * Makefile.am (LTRCCOMPILE): Refactor with ... + (RCCOMPILE): ... this new macro. Add $(w32pth_la_CPPFLAGS). + (SUFFIXES): Add .lo. + (.rc.o): Change to ... + (.rc.lo): ... this implicit rule. + (w32pth_res_ldflag): Removed. + (w32pth_res): Use libtool object file name here. + (install-def-file): Fix typo. + (w32pth_la_LDFLAGS): Remove w32pth_res_ldflag usage. + (w32pth_la_LIBADD): Add w32pth_res. + * depcomp, compile, INSTALL, missing: Update from automake 1.10. + 2008-10-17 Marcus Brinkmann Released 2.0.2. Modified: trunk/INSTALL =================================================================== --- trunk/INSTALL 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/INSTALL 2009-12-08 04:01:02 UTC (rev 30) @@ -2,15 +2,15 @@ ************************* Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, -2006 Free Software Foundation, Inc. +2006, 2007, 2008, 2009 Free Software Foundation, Inc. -This file is free documentation; the Free Software Foundation gives + This file is free documentation; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. Basic Installation ================== -Briefly, the shell commands `./configure; make; make install' should + Briefly, the shell commands `./configure; make; make install' should configure, build, and install this package. The following more-detailed instructions are generic; see the `README' file for instructions specific to this package. @@ -67,12 +67,15 @@ all sorts of other programs in order to regenerate files that came with the distribution. + 6. Often, you can also type `make uninstall' to remove the installed + files again. + Compilers and Options ===================== -Some systems require unusual options for compilation or linking that the -`configure' script does not know about. Run `./configure --help' for -details on some of the pertinent environment variables. + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here @@ -85,7 +88,7 @@ Compiling For Multiple Architectures ==================================== -You can compile the package for more than one kind of computer at the + You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run @@ -97,10 +100,24 @@ installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. + Installation Names ================== -By default, `make install' installs the package's commands under + By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PREFIX'. @@ -123,7 +140,7 @@ Optional Features ================= -Some packages pay attention to `--enable-FEATURE' options to + Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The @@ -135,14 +152,46 @@ you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + Specifying the System Type ========================== -There may be some features `configure' cannot figure out automatically, -but needs to determine by the type of machine the package will run on. -Usually, assuming the package is built to be run on the _same_ -architectures, `configure' can figure that out, but if it prints a -message saying it cannot guess the machine type, give it the + There may be some features `configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, `configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: @@ -150,7 +199,8 @@ where SYSTEM can have one of these forms: - OS KERNEL-OS + OS + KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't @@ -168,9 +218,9 @@ Sharing Defaults ================ -If you want to set default values for `configure' scripts to share, you -can create a site shell script called `config.site' that gives default -values for variables like `CC', `cache_file', and `prefix'. + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. @@ -179,7 +229,7 @@ Defining Variables ================== -Variables not defined in a site shell script can be set in the + Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set @@ -198,12 +248,20 @@ `configure' Invocation ====================== -`configure' recognizes the following options to control how it operates. + `configure' recognizes the following options to control how it +operates. `--help' `-h' - Print a summary of the options to `configure', and exit. + Print a summary of all of the options to `configure', and exit. +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. + `--version' `-V' Print the version of Autoconf used to generate the `configure' @@ -229,6 +287,16 @@ Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. +`--prefix=DIR' + Use DIR as the installation prefix. *Note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. + +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. + `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. Modified: trunk/Makefile.am =================================================================== --- trunk/Makefile.am 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/Makefile.am 2009-12-08 04:01:02 UTC (rev 30) @@ -30,18 +30,18 @@ include_HEADERS = pth.h lib_LTLIBRARIES = libw32pth.la -LTRCCOMPILE = $(LIBTOOL) --mode=compile $(RC) \ - `echo $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) | \ - sed -e 's/-I/--include-dir /g;s/-D/--define /g'` +RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(libgpg_error_la_CPPFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) +LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) +SUFFIXES: .rc .lo + .rc.lo: $(LTRCCOMPILE) -i $< -o $@ w32pth_res = versioninfo.lo -w32pth_res_ldflag = -Wl,.libs/versioninfo.o no_undefined = -no-undefined export_symbols = -export-symbols $(srcdir)/libw32pth.def -w32pth_deps = $(w32pth_res) libw32pth.def install-def-file: $(INSTALL) $(srcdir)/libw32pth.def $(DESTDIR)$(libdir)/libw32pth.def @@ -49,11 +49,11 @@ uninstall-def-file: -rm $(DESTDIR)$(libdir)/libw32pth.def -libw32pth_la_LDFLAGS = $(w32pth_res_ldflag) $(no_undefined) $(export_symbols) \ +libw32pth_la_LDFLAGS = $(no_undefined) $(export_symbols) \ -version-info \ @W32PTH_LT_CURRENT@:@W32PTH_LT_REVISION@:@W32PTH_LT_AGE@ -libw32pth_la_DEPENDENCIES = $(w32pth_deps) -libw32pth_la_LIBADD = @LTLIBOBJS@ -lws2_32 +libw32pth_la_DEPENDENCIES = $(w32pth_res) libw32pth.def +libw32pth_la_LIBADD = $(w32pth_res) @LTLIBOBJS@ -lws2_32 libw32pth_la_SOURCES = pth.h debug.h w32-pth.c w32-io.h w32-io.c @@ -63,3 +63,4 @@ dist-hook: @set -e; echo "$(VERSION)" > $(distdir)/VERSION + Modified: trunk/compile =================================================================== --- trunk/compile 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/compile 2009-12-08 04:01:02 UTC (rev 30) @@ -1,9 +1,10 @@ #! /bin/sh # Wrapper for compilers which do not understand `-c -o'. -scriptversion=2005-05-14.22 +scriptversion=2009-04-28.21; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc. +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009 Free Software +# Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify @@ -17,8 +18,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -103,13 +103,13 @@ fi # Name of file we expect compiler to create. -cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'` +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` # Create the lock directory. -# Note: use `[/.-]' here to ensure that we don't use the same name +# Note: use `[/\\:.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. -lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d while true; do if mkdir "$lockdir" >/dev/null 2>&1; then break @@ -138,5 +138,6 @@ # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: Modified: trunk/config.guess =================================================================== --- trunk/config.guess 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/config.guess 2009-12-08 04:01:02 UTC (rev 30) @@ -1,9 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# Free Software Foundation, Inc. -timestamp='2006-02-23' +timestamp='2009-04-27' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -55,8 +56,8 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -160,6 +161,7 @@ arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -210,7 +212,7 @@ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) - echo powerppc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} @@ -322,14 +324,30 @@ case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -530,7 +548,7 @@ echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[45]) + *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -770,6 +788,8 @@ case ${UNAME_MACHINE} in pc98) echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac @@ -777,12 +797,9 @@ i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; - i*:MINGW*:*) + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS_NT-*:*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 @@ -790,12 +807,18 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[345]*) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - EM64T:Interix*:[345]*) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; + *:Interix*:[3456]*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T | authenticamd | genuineintel) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; @@ -829,6 +852,16 @@ echo ${UNAME_MACHINE}-pc-minix exit ;; arm*:Linux:*:*) + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi + exit ;; + avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) @@ -918,6 +951,9 @@ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -947,6 +983,9 @@ x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent @@ -965,9 +1004,6 @@ a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. @@ -989,7 +1025,7 @@ LIBC=gnulibc1 # endif #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__sun) + #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) LIBC=gnu #else LIBC=gnuaout @@ -1082,8 +1118,11 @@ pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1121,6 +1160,16 @@ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* $[0-9][0-9]$.*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1196,6 +1245,9 @@ BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1205,6 +1257,15 @@ SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1295,6 +1356,9 @@ i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1455,9 +1519,9 @@ the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD and - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be Modified: trunk/config.sub =================================================================== --- trunk/config.sub 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/config.sub 2009-12-08 04:01:02 UTC (rev 30) @@ -1,9 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# Free Software Foundation, Inc. -timestamp='2006-02-23' +timestamp='2009-04-17' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -71,8 +72,8 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -121,6 +122,7 @@ case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^$.*$-$[^-]*-[^-]*$$/\1/'` @@ -240,20 +242,24 @@ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ - | m32r | m32rle | m68000 | m68k | m88k | maxq | mb | microblaze | mcore \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -266,6 +272,7 @@ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ | nios | nios2 \ @@ -274,21 +281,19 @@ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b \ - | strongarm \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ - | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ + | z8k | z80) basic_machine=$basic_machine-unknown ;; - m32c) - basic_machine=$basic_machine-unknown - ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown @@ -318,25 +323,28 @@ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ + | avr-* | avr32-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ - | m32r-* | m32rle-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -358,22 +366,24 @@ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ + | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) ;; - m32c-*) + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. @@ -437,6 +447,10 @@ basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -445,10 +459,22 @@ basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; c90) basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -477,8 +503,8 @@ basic_machine=craynv-cray os=-unicosmp ;; - cr16c) - basic_machine=cr16c-unknown + cr16) + basic_machine=cr16-unknown os=-elf ;; crds | unos) @@ -516,6 +542,10 @@ basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -670,6 +700,14 @@ basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -685,6 +723,10 @@ basic_machine=i386-pc os=-mingw32 ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; miniframe) basic_machine=m68000-convergent ;; @@ -811,6 +853,14 @@ basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -912,6 +962,10 @@ sb1el) basic_machine=mipsisa64sb1el-unknown ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; sei) basic_machine=mips-sei os=-seiux @@ -923,6 +977,9 @@ basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -1012,6 +1069,10 @@ basic_machine=tic6x-unknown os=-coff ;; + tile*) + basic_machine=tile-unknown + os=-linux-gnu + ;; tx39) basic_machine=mipstx39-unknown ;; @@ -1087,6 +1148,10 @@ basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1125,10 +1190,10 @@ we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sparc | sparcv8 | sparcv9 | sparcv9b) + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) @@ -1197,8 +1262,9 @@ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1207,7 +1273,7 @@ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ @@ -1217,7 +1283,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1347,6 +1413,9 @@ -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; -none) ;; *) @@ -1369,6 +1438,12 @@ # system, and we'll never get to this point. case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; *-acorn) os=-riscix1.2 ;; @@ -1378,9 +1453,9 @@ arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff - ;; + c4x-* | tic4x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 @@ -1406,6 +1481,9 @@ m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/configure.ac 2009-12-08 04:01:02 UTC (rev 30) @@ -54,6 +54,7 @@ AC_CANONICAL_TARGET AM_INIT_AUTOMAKE($PACKAGE, $VERSION) AM_CONFIG_HEADER(config.h) +AC_CONFIG_MACRO_DIR([m4]) #AB_INIT AC_GNU_SOURCE @@ -105,9 +106,9 @@ AC_PROG_MAKE_SET AC_C_INLINE -AC_LIBTOOL_WIN32_DLL -AC_LIBTOOL_RC -AM_PROG_LIBTOOL +LT_PREREQ([2.2.6]) +LT_INIT([win32-dll disable-static]) +LT_LANG([Windows Resource]) if test "$GCC" = yes; then CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" Modified: trunk/depcomp =================================================================== --- trunk/depcomp 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/depcomp 2009-12-08 04:01:02 UTC (rev 30) @@ -1,10 +1,10 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2006-10-15.18 +scriptversion=2009-04-28.21; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006 Free Software -# Foundation, Inc. +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free +# Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -17,9 +17,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -87,6 +85,15 @@ depmode=dashmstdout fi +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u="sed s,\\\\\\\\,/,g" + depmode=msvisualcpp +fi + case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what @@ -192,14 +199,14 @@ ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ tr ' -' ' ' >> $depfile - echo >> $depfile +' ' ' >> "$depfile" + echo >> "$depfile" # The second pass generates a dummy entry for each header file. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ - >> $depfile + >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile @@ -215,34 +222,39 @@ # current directory. Also, the AIX compiler puts `$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. - stripped=`echo "$object" | sed 's/$.*$\..*$/\1/'` - tmpdepfile="$stripped.u" + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u "$@" -Wc,-M else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u "$@" -M fi stat=$? - if test -f "$tmpdepfile"; then : - else - stripped=`echo "$stripped" | sed 's,^.*/,,'` - tmpdepfile="$stripped.u" - fi - if test $stat -eq 0; then : else - rm -f "$tmpdepfile" + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done if test -f "$tmpdepfile"; then - outname="$stripped.o" # Each line is of the form `foo.o: dependent.h'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. - sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile" - sed -e "s,^$outname: $.*$$,\1:," < "$tmpdepfile" >> "$depfile" + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile @@ -323,7 +335,12 @@ if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" # Add `dependent.h:' lines. - sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile" + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi @@ -399,7 +416,7 @@ # Remove the call to Libtool. if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift @@ -450,32 +467,39 @@ "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift fi # X makedepend shift - cleared=no - for arg in "$@"; do + cleared=no eat=no + for arg + do case $cleared in no) set ""; shift cleared=yes ;; esac + if test $eat = yes; then + eat=no + continue + fi case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done - obj_suffix="`echo $object | sed 's/^.*\././'`" + obj_suffix=`echo "$object" | sed 's/^.*\././'` touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" @@ -495,7 +519,7 @@ # Remove the call to Libtool. if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift @@ -533,13 +557,27 @@ msvisualcpp) # Important note: in order to support this mode, a compiler *must* - # always write the preprocessed file to stdout, regardless of -o, - # because we must use -o when running libtool. + # always write the preprocessed file to stdout. "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + IFS=" " for arg do case "$arg" in + -o) + shift + ;; + $object) + shift + ;; "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift @@ -552,16 +590,23 @@ ;; esac done - "$@" -E | - sed -n '/^#line [0-9][0-9]* "$[^"]*$"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "$[^"]*$"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^$.*$$/ s:: \1 \\:p' >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^$.*$$/ s:: \1 \\:p' >> "$depfile" echo " " >> "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^$.*$$/ s::\1\::p' >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^$.*$$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + none) exec "$@" ;; @@ -580,5 +625,6 @@ # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: Modified: trunk/install-sh =================================================================== --- trunk/install-sh 2008-10-17 21:08:30 UTC (rev 29) +++ trunk/install-sh 2009-12-08 04:01:02 UTC (rev 30) @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2006-10-14.15 +scriptversion=2009-04-28.21; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -48,7 +48,7 @@ # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" +doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else @@ -58,34 +58,49 @@ # Put in absolute file names if you don't have them in your path; # or use environment vars. -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} -posix_glob= +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + posix_mkdir= # Desired mode of installed file. mode=0755 +chgrpcmd= chmodcmd=$chmodprog chowncmd= -chgrpcmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" stripcmd= -rmcmd="$rmprog -f" -mvcmd="$mvprog" + src= dst= dir_arg= -dstarg= +dst_arg= + +copy_on_change=false no_target_directory= -usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... @@ -95,65 +110,55 @@ In the 4th, create DIRECTORIES. Options: --c (ignored) --d create directories instead of installing files. --g GROUP $chgrpprog installed files to GROUP. --m MODE $chmodprog installed files to MODE. --o USER $chownprog installed files to USER. --s $stripprog installed files. --t DIRECTORY install into DIRECTORY. --T report an error if DSTFILE is a directory. ---help display this help and exit. ---version display version info and exit. + --help display this help and exit. + --version display version info and exit. + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + Environment variables override the default commands: - CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG " while test $# -ne 0; do case $1 in - -c) shift - continue;; + -c) ;; - -d) dir_arg=true - shift - continue;; + -C) copy_on_change=true;; + -d) dir_arg=true;; + -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - shift - shift case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac - continue;; + shift;; -o) chowncmd="$chownprog $2" - shift - shift - continue;; + shift;; - -s) stripcmd=$stripprog - shift - continue;; + -s) stripcmd=$stripprog;; - -t) dstarg=$2 - shift - shift - continue;; + -t) dst_arg=$2 + shift;; - -T) no_target_directory=true - shift - continue;; + -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; @@ -165,21 +170,22 @@ *) break;; esac + shift done -if test $# -ne 0 && test -z "$dir_arg$dstarg"; then +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do - if test -n "$dstarg"; then + if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. - set fnord "$@" "$dstarg" + set fnord "$@" "$dst_arg" shift # fnord fi shift # arg - dstarg=$arg + dst_arg=$arg done fi @@ -224,7 +230,7 @@ do # Protect names starting with `-'. case $src in - -*) src=./$src ;; + -*) src=./$src;; esac if test -n "$dir_arg"; then @@ -242,22 +248,22 @@ exit 1 fi - if test -z "$dstarg"; then + if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi - dst=$dstarg + dst=$dst_arg # Protect names starting with `-'. case $dst in - -*) dst=./$dst ;; + -*) dst=./$dst;; esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then From cvs at cvs.gnupg.org Tue Dec 8 05:07:58 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 05:07:58 +0100 Subject: [svn] gpgme - r1437 - trunk/src Message-ID: Author: marcus Date: 2009-12-08 05:07:57 +0100 (Tue, 08 Dec 2009) New Revision: 1437 Modified: trunk/src/ChangeLog trunk/src/ath.c Log: 2009-12-08 Marcus Brinkmann * ath.c (ath_self) [HAVE_W32_SYSTEM]: Fix typo. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-02 09:49:56 UTC (rev 1436) +++ trunk/src/ChangeLog 2009-12-08 04:07:57 UTC (rev 1437) @@ -1,3 +1,7 @@ +2009-12-08 Marcus Brinkmann + + * ath.c (ath_self) [HAVE_W32_SYSTEM]: Fix typo. + 2009-12-02 Werner Koch * gpgconf.c (gpgme_conf_arg_release): No return in a function Modified: trunk/src/ath.c =================================================================== --- trunk/src/ath.c 2009-12-02 09:49:56 UTC (rev 1436) +++ trunk/src/ath.c 2009-12-08 04:07:57 UTC (rev 1437) @@ -47,7 +47,7 @@ uintptr_t ath_self (void) { - return (uintptr_t) GetCurrentThreadID (); + return (uintptr_t) GetCurrentThreadId (); } #else # ifdef __linux From cvs at cvs.gnupg.org Tue Dec 8 05:09:36 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 05:09:36 +0100 Subject: [svn] GnuPG - r5216 - trunk/common Message-ID: Author: marcus Date: 2009-12-08 05:09:36 +0100 (Tue, 08 Dec 2009) New Revision: 5216 Modified: trunk/common/ChangeLog trunk/common/asshelp.c trunk/common/iobuf.c Log: 2009-12-08 Marcus Brinkmann * asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing argument in assuan_socket_connect invocation. * iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function declaration. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2009-12-07 17:12:28 UTC (rev 5215) +++ trunk/common/ChangeLog 2009-12-08 04:09:36 UTC (rev 5216) @@ -1,3 +1,10 @@ +2009-12-08 Marcus Brinkmann + + * asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing + argument in assuan_socket_connect invocation. + * iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function + declaration. + 2009-12-07 Werner Koch * pka.c (get_pka_info): Add support for ADNS. Modified: trunk/common/asshelp.c =================================================================== --- trunk/common/asshelp.c 2009-12-07 17:12:28 UTC (rev 5215) +++ trunk/common/asshelp.c 2009-12-08 04:09:36 UTC (rev 5216) @@ -247,7 +247,7 @@ /* Give the agent some time to prepare itself. */ gnupg_sleep (3); /* Now try again to connect the agent. */ - rc = assuan_socket_connect (ctx, sockname, 0); + rc = assuan_socket_connect (ctx, sockname, 0, 0); } } #else /*!HAVE_W32_SYSTEM*/ Modified: trunk/common/iobuf.c =================================================================== --- trunk/common/iobuf.c 2009-12-07 17:12:28 UTC (rev 5215) +++ trunk/common/iobuf.c 2009-12-08 04:09:36 UTC (rev 5216) @@ -1266,7 +1266,7 @@ "rb" if FNAME is used. In contrast to iobuf_fdopen the file descriptor FD will not be closed during an iobuf_close. */ iobuf_t -iobuf_open_fd_or_name (int fd, const char *fname, const char *mode) +iobuf_open_fd_or_name (gnupg_fd_t fd, const char *fname, const char *mode) { iobuf_t a; From cvs at cvs.gnupg.org Tue Dec 8 05:20:16 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 05:20:16 +0100 Subject: [svn] assuan - r327 - in trunk: . src Message-ID: Author: marcus Date: 2009-12-08 05:20:16 +0100 (Tue, 08 Dec 2009) New Revision: 327 Modified: trunk/NEWS trunk/src/ChangeLog trunk/src/assuan-defs.h trunk/src/assuan-pipe-connect.c trunk/src/assuan-socket.c trunk/src/assuan.h trunk/src/system.c Log: 2009-12-08 Marcus Brinkmann * assuan-socket.c (get_nonce): Cast buffer to unsigned. (_assuan_sock_connect) [HAVE_W32_SYSTEM]: Drop ctx argument from read_port_and_nonce invocation. * system.c (assuan_fdopen) [HAVE_W32_SYSTEM]: Fix typo in variable name. (__assuan_spawn) [HAVE_W32_SYSTEM]: Fix types of fd and fdp. Use ASSUAN_INVALID_FD. Add missing context argument to _assuan_free, and fix call to _assuan_w32_strerror. Set errno on error. (__assuan_socketpair) [HAVE_W32_STRERROR]: Fix type of filedes argument. * assuan-pipe-connect.c (pipe_connect, assuan_pipe_connect, socketpair_connect) [HAVE_W32_SYSTEM]: Fix type of fd_child_list. * assuan-defs.h (_assuan_socketpair): Likewise for prototype. * assuan.h (assuan_fd_from_posix_fd): New static inline function. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-03 18:55:16 UTC (rev 326) +++ trunk/src/ChangeLog 2009-12-08 04:20:16 UTC (rev 327) @@ -1,3 +1,20 @@ +2009-12-08 Marcus Brinkmann + + * assuan-socket.c (get_nonce): Cast buffer to unsigned. + (_assuan_sock_connect) [HAVE_W32_SYSTEM]: Drop ctx argument from + read_port_and_nonce invocation. + * system.c (assuan_fdopen) [HAVE_W32_SYSTEM]: Fix typo in variable + name. + (__assuan_spawn) [HAVE_W32_SYSTEM]: Fix types of fd and fdp. Use + ASSUAN_INVALID_FD. Add missing context argument to _assuan_free, + and fix call to _assuan_w32_strerror. Set errno on error. + (__assuan_socketpair) [HAVE_W32_STRERROR]: Fix type of filedes + argument. + * assuan-pipe-connect.c (pipe_connect, assuan_pipe_connect, + socketpair_connect) [HAVE_W32_SYSTEM]: Fix type of fd_child_list. + * assuan-defs.h (_assuan_socketpair): Likewise for prototype. + * assuan.h (assuan_fd_from_posix_fd): New static inline function. + 2009-12-03 Marcus Brinkmann * assuan-logging.c: (log_cats): New static variable. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-03 18:55:16 UTC (rev 326) +++ trunk/NEWS 2009-12-08 04:20:16 UTC (rev 327) @@ -52,6 +52,7 @@ assuan_pipe_connect CHANGED: Take ctx arg instead of pointer to ctx. If NAME is NULL, ARGV will contain fork result. CHANGED: Is now what assuan_pipe_connect_ext was. + CHANGED: Child fds are now assuan_fd_t. assuan_pipe_connect_ext REMOVED assuan_init_pipe_server CHANGED: Take ctx arg instead of pointer to ctx. CHANGED: Swallows fds (are closed at end). @@ -90,6 +91,7 @@ assuan_get_peercred CHANGED: Return assuan_peercred_t. assuan_client_read_response NEW assuan_client_parse_response NEW +assuan_fd_from_posix_fd NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Modified: trunk/src/assuan-defs.h =================================================================== --- trunk/src/assuan-defs.h 2009-12-03 18:55:16 UTC (rev 326) +++ trunk/src/assuan-defs.h 2009-12-08 04:20:16 UTC (rev 327) @@ -246,7 +246,7 @@ pid_t _assuan_waitpid (assuan_context_t ctx, pid_t pid, int nowait, int *status, int options); int _assuan_socketpair (assuan_context_t ctx, int namespace, int style, - int protocol, int filedes[2]); + int protocol, assuan_fd_t filedes[2]); extern struct assuan_system_hooks _assuan_system_hooks; Modified: trunk/src/assuan-pipe-connect.c =================================================================== --- trunk/src/assuan-pipe-connect.c 2009-12-03 18:55:16 UTC (rev 326) +++ trunk/src/assuan-pipe-connect.c 2009-12-08 04:20:16 UTC (rev 327) @@ -144,7 +144,7 @@ static gpg_error_t pipe_connect (assuan_context_t ctx, const char *name, const char **argv, - int *fd_child_list, + assuan_fd_t *fd_child_list, void (*atfork) (void *opaque, int reserved), void *atforkvalue, unsigned int flags) { @@ -257,7 +257,7 @@ static gpg_error_t socketpair_connect (assuan_context_t ctx, const char *name, const char **argv, - int *fd_child_list, + assuan_fd_t *fd_child_list, void (*atfork) (void *opaque, int reserved), void *atforkvalue) { @@ -388,7 +388,7 @@ gpg_error_t assuan_pipe_connect (assuan_context_t ctx, const char *name, const char *argv[], - int *fd_child_list, + assuan_fd_t *fd_child_list, void (*atfork) (void *opaque, int reserved), void *atforkvalue, unsigned int flags) { Modified: trunk/src/assuan-socket.c =================================================================== --- trunk/src/assuan-socket.c 2009-12-03 18:55:16 UTC (rev 326) +++ trunk/src/assuan-socket.c 2009-12-08 04:20:16 UTC (rev 327) @@ -92,7 +92,7 @@ errno = ENODEV; else { - if (!CryptGenRandom (prov, nbytes, buffer)) + if (!CryptGenRandom (prov, nbytes, (unsigned char *) buffer)) errno = ENODEV; else ret = 0; @@ -178,7 +178,7 @@ int ret; unaddr = (struct sockaddr_un *)addr; - if (read_port_and_nonce (ctx, unaddr->sun_path, &port, nonce)) + if (read_port_and_nonce (unaddr->sun_path, &port, nonce)) return -1; myaddr.sin_family = AF_INET; @@ -308,7 +308,7 @@ } nonce->length = 16; unaddr = (struct sockaddr_un *)addr; - if (read_port_and_nonce (ctx, unaddr->sun_path, &port, nonce->nonce)) + if (read_port_and_nonce (unaddr->sun_path, &port, nonce->nonce)) return -1; } else Modified: trunk/src/assuan.h =================================================================== --- trunk/src/assuan.h 2009-12-03 18:55:16 UTC (rev 326) +++ trunk/src/assuan.h 2009-12-08 04:20:16 UTC (rev 327) @@ -85,10 +85,20 @@ typedef void *assuan_fd_t; #define ASSUAN_INVALID_FD ((void*)(-1)) #define ASSUAN_INVALID_PID ((pid_t) -1) +static inline assuan_fd_t +assuan_fd_from_posix_fd (int fd) +{ + return (assuan_fd_t) _get_osfhandle (fd); +} #else typedef int assuan_fd_t; #define ASSUAN_INVALID_FD (-1) #define ASSUAN_INVALID_PID ((pid_t) -1) +static inline assuan_fd_t +assuan_fd_from_posix_fd (int fd) +{ + return fd; +} #endif assuan_fd_t assuan_fdopen (int fd); Modified: trunk/src/system.c =================================================================== --- trunk/src/system.c 2009-12-03 18:55:16 UTC (rev 326) +++ trunk/src/system.c 2009-12-08 04:20:16 UTC (rev 327) @@ -51,12 +51,12 @@ assuan_fd_t ifd = (assuan_fd_t) _get_osfhandle (fd); assuan_fd_t ofd; - if (! DuplicateHandle(GetCurrentProcess(), hfd, + if (! DuplicateHandle(GetCurrentProcess(), ifd, GetCurrentProcess(), &ofd, 0, TRUE, DUPLICATE_SAME_ACCESS)) { errno = EIO; - return ASSUAN_INVALID_FD: + return ASSUAN_INVALID_FD; } return ofd; #else @@ -540,8 +540,8 @@ 0 /* Returns tid. */ }; STARTUPINFO si; - int fd; - int *fdp; + assuan_fd_t fd; + assuan_fd_t *fdp; char *cmdline; HANDLE nullfd = INVALID_HANDLE_VALUE; @@ -570,14 +570,14 @@ /* Dup stderr to /dev/null unless it is in the list of FDs to be passed to the child. */ - fd = fileno (stderr); + fd = assuan_fd_from_posix_fd (fileno (stderr)); fdp = fd_child_list; if (fdp) { - for (; *fdp != -1 && *fdp != fd; fdp++) + for (; *fdp != ASSUAN_INVALID_FD && *fdp != fd; fdp++) ; } - if (!fdp || *fdp == -1) + if (!fdp || *fdp == ASSUAN_INVALID_FD) { nullfd = CreateFile ("nul", GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, @@ -585,14 +585,15 @@ if (nullfd == INVALID_HANDLE_VALUE) { TRACE1 (ctx, ASSUAN_LOG_SYSIO, "__assuan_spawn", ctx, - "can't open `nul': %s", w32_strerror (ctx, -1)); - _assuan_free (cmdline); + "can't open `nul': %s", _assuan_w32_strerror (ctx, -1)); + _assuan_free (ctx, cmdline); + errno = EIO; return -1; } si.hStdError = nullfd; } else - si.hStdError = (void*)_get_osfhandle (fd); + si.hStdError = fd; /* Note: We inherit all handles flagged as inheritable. This seems @@ -616,8 +617,8 @@ )) { TRACE1 (ctx, ASSUAN_LOG_SYSIO, "pipe_connect_w32", ctx, - "CreateProcess failed: %s", w32_strerror (ctx, -1)); - _assuan_free (cmdline); + "CreateProcess failed: %s", _assuan_w32_strerror (ctx, -1)); + _assuan_free (ctx, cmdline); if (nullfd != INVALID_HANDLE_VALUE) CloseHandle (nullfd); @@ -625,7 +626,7 @@ return -1; } - _assuan_free (cmdline); + _assuan_free (ctx, cmdline); if (nullfd != INVALID_HANDLE_VALUE) CloseHandle (nullfd); @@ -882,7 +883,7 @@ int __assuan_socketpair (assuan_context_t ctx, int namespace, int style, - int protocol, int filedes[2]) + int protocol, assuan_fd_t filedes[2]) { #if HAVE_W32_SYSTEM errno = ENOSYS; From cvs at cvs.gnupg.org Tue Dec 8 05:22:38 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 05:22:38 +0100 Subject: [svn] dirmngr - r333 - trunk/src Message-ID: Author: marcus Date: 2009-12-08 05:22:38 +0100 (Tue, 08 Dec 2009) New Revision: 333 Modified: trunk/src/ChangeLog trunk/src/dirmngr-client.c Log: 2009-12-08 Marcus Brinkmann * dirmngr-client.c (start_dirmngr): Convert posix FDs to assuan fds. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-11-25 17:56:31 UTC (rev 332) +++ trunk/src/ChangeLog 2009-12-08 04:22:38 UTC (rev 333) @@ -1,3 +1,7 @@ +2009-12-08 Marcus Brinkmann + + * dirmngr-client.c (start_dirmngr): Convert posix FDs to assuan fds. + 2009-11-25 Marcus Brinkmann * server.c (start_command_handler): Use assuan_fd_t and Modified: trunk/src/dirmngr-client.c =================================================================== --- trunk/src/dirmngr-client.c 2009-11-25 17:56:31 UTC (rev 332) +++ trunk/src/dirmngr-client.c 2009-12-08 04:22:38 UTC (rev 333) @@ -499,8 +499,8 @@ i=0; if (log_get_fd () != -1) - no_close_list[i++] = log_get_fd (); - no_close_list[i++] = fileno (stderr); + no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); + no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); no_close_list[i] = -1; /* Connect to the agent and perform initial handshaking. */ From cvs at cvs.gnupg.org Tue Dec 8 05:43:16 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 05:43:16 +0100 Subject: [svn] GnuPG - r5217 - in trunk: agent common g13 sm tools Message-ID: Author: marcus Date: 2009-12-08 05:43:15 +0100 (Tue, 08 Dec 2009) New Revision: 5217 Modified: trunk/agent/ChangeLog trunk/agent/call-pinentry.c trunk/agent/call-scd.c trunk/common/ChangeLog trunk/common/asshelp.c trunk/g13/call-gpg.c trunk/sm/ChangeLog trunk/sm/call-dirmngr.c trunk/tools/ChangeLog trunk/tools/gpg-connect-agent.c Log: common/ 2009-12-08 Marcus Brinkmann * asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD. agent/ 2009-12-08 Marcus Brinkmann * call-pinentry.c (start_pinentry): Convert posix fd to assuan fd. * call-scd.c (start_scd): Likewise. sm/ 2009-12-08 Marcus Brinkmann * call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd. tools/ 2009-12-08 Marcus Brinkmann * gpg-connect-agent.c (main): Convert posix fd to assuan fd. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/agent/ChangeLog 2009-12-08 04:43:15 UTC (rev 5217) @@ -1,3 +1,8 @@ +2009-12-08 Marcus Brinkmann + + * call-pinentry.c (start_pinentry): Convert posix fd to assuan fd. + * call-scd.c (start_scd): Likewise. + 2009-12-03 Werner Koch * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/common/ChangeLog 2009-12-08 04:43:15 UTC (rev 5217) @@ -1,5 +1,7 @@ 2009-12-08 Marcus Brinkmann + * asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD. + * asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing argument in assuan_socket_connect invocation. * iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/sm/ChangeLog 2009-12-08 04:43:15 UTC (rev 5217) @@ -1,3 +1,7 @@ +2009-12-08 Marcus Brinkmann + + * call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd. + 2009-12-03 Werner Koch * gpgsm.c (set_debug): Allow for numerical debug leveles. Print Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/tools/ChangeLog 2009-12-08 04:43:15 UTC (rev 5217) @@ -1,3 +1,7 @@ +2009-12-08 Marcus Brinkmann + + * gpg-connect-agent.c (main): Convert posix fd to assuan fd. + 2009-12-07 Werner Koch * no-libgcrypt.c (gcry_strdup): Actually copy the string. Modified: trunk/agent/call-pinentry.c =================================================================== --- trunk/agent/call-pinentry.c 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/agent/call-pinentry.c 2009-12-08 04:43:15 UTC (rev 5217) @@ -304,8 +304,8 @@ if (!opt.running_detached) { if (log_get_fd () != -1) - no_close_list[i++] = log_get_fd (); - no_close_list[i++] = fileno (stderr); + no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); + no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); } no_close_list[i] = -1; Modified: trunk/agent/call-scd.c =================================================================== --- trunk/agent/call-scd.c 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/agent/call-scd.c 2009-12-08 04:43:15 UTC (rev 5217) @@ -333,8 +333,8 @@ if (!opt.running_detached) { if (log_get_fd () != -1) - no_close_list[i++] = log_get_fd (); - no_close_list[i++] = fileno (stderr); + no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); + no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); } no_close_list[i] = -1; Modified: trunk/common/asshelp.c =================================================================== --- trunk/common/asshelp.c 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/common/asshelp.c 2009-12-08 04:43:15 UTC (rev 5217) @@ -268,8 +268,8 @@ i=0; if (log_get_fd () != -1) - no_close_list[i++] = log_get_fd (); - no_close_list[i++] = fileno (stderr); + no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); + no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); no_close_list[i] = -1; /* Connect to the agent and perform initial handshaking. */ Modified: trunk/g13/call-gpg.c =================================================================== --- trunk/g13/call-gpg.c 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/g13/call-gpg.c 2009-12-08 04:43:15 UTC (rev 5217) @@ -92,12 +92,12 @@ i = 0; if (log_get_fd () != -1) - no_close_list[i++] = log_get_fd (); - no_close_list[i++] = fileno (stderr); + no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); + no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); if (input_fd != -1) - no_close_list[i++] = input_fd; + no_close_list[i++] = assuan_fd_from_posix_fd (input_fd); if (output_fd != -1) - no_close_list[i++] = output_fd; + no_close_list[i++] = assuan_fd_from_posix_fd (output_fd); no_close_list[i] = -1; /* Connect to GPG and perform initial handshaking. */ Modified: trunk/sm/call-dirmngr.c =================================================================== --- trunk/sm/call-dirmngr.c 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/sm/call-dirmngr.c 2009-12-08 04:43:15 UTC (rev 5217) @@ -258,8 +258,8 @@ i=0; if (log_get_fd () != -1) - no_close_list[i++] = log_get_fd (); - no_close_list[i++] = fileno (stderr); + no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); + no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); no_close_list[i] = -1; /* connect to the agent and perform initial handshaking */ Modified: trunk/tools/gpg-connect-agent.c =================================================================== --- trunk/tools/gpg-connect-agent.c 2009-12-08 04:09:36 UTC (rev 5216) +++ trunk/tools/gpg-connect-agent.c 2009-12-08 04:43:15 UTC (rev 5217) @@ -1222,8 +1222,8 @@ { int no_close[3]; - no_close[0] = fileno (stderr); - no_close[1] = log_get_fd (); + no_close[0] = assuan_fd_from_posix_fd (fileno (stderr)); + no_close[1] = assuan_fd_from_posix_fd (log_get_fd ()); no_close[2] = -1; rc = assuan_new (&ctx); From cvs at cvs.gnupg.org Tue Dec 8 05:47:31 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 05:47:31 +0100 Subject: [svn] assuan - r328 - trunk/src Message-ID: Author: marcus Date: 2009-12-08 05:47:31 +0100 (Tue, 08 Dec 2009) New Revision: 328 Modified: trunk/src/ChangeLog trunk/src/assuan.h Log: 2009-12-08 Marcus Brinkmann * assuan_fd_from_posix_fd (assuan_fd_from_posix_fd): Handle invalid fd early. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 04:20:16 UTC (rev 327) +++ trunk/src/ChangeLog 2009-12-08 04:47:31 UTC (rev 328) @@ -1,5 +1,7 @@ 2009-12-08 Marcus Brinkmann + * assuan_fd_from_posix_fd (assuan_fd_from_posix_fd): Handle invalid fd early. + * assuan-socket.c (get_nonce): Cast buffer to unsigned. (_assuan_sock_connect) [HAVE_W32_SYSTEM]: Drop ctx argument from read_port_and_nonce invocation. Modified: trunk/src/assuan.h =================================================================== --- trunk/src/assuan.h 2009-12-08 04:20:16 UTC (rev 327) +++ trunk/src/assuan.h 2009-12-08 04:47:31 UTC (rev 328) @@ -88,7 +88,10 @@ static inline assuan_fd_t assuan_fd_from_posix_fd (int fd) { - return (assuan_fd_t) _get_osfhandle (fd); + if (fd < 0) + return ASSUAN_INVALID_FD; + else + return (assuan_fd_t) _get_osfhandle (fd); } #else typedef int assuan_fd_t; From cvs at cvs.gnupg.org Tue Dec 8 05:47:49 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 05:47:49 +0100 Subject: [svn] assuan - r329 - trunk/src Message-ID: Author: marcus Date: 2009-12-08 05:47:49 +0100 (Tue, 08 Dec 2009) New Revision: 329 Modified: trunk/src/ChangeLog Log: Fix changelog. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 04:47:31 UTC (rev 328) +++ trunk/src/ChangeLog 2009-12-08 04:47:49 UTC (rev 329) @@ -1,6 +1,6 @@ 2009-12-08 Marcus Brinkmann - * assuan_fd_from_posix_fd (assuan_fd_from_posix_fd): Handle invalid fd early. + * assuan.h (assuan_fd_from_posix_fd): Handle invalid fd early. * assuan-socket.c (get_nonce): Cast buffer to unsigned. (_assuan_sock_connect) [HAVE_W32_SYSTEM]: Drop ctx argument from From cvs at cvs.gnupg.org Tue Dec 8 13:20:11 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 08 Dec 2009 13:20:11 +0100 Subject: [svn] GnuPG - r5218 - in trunk: . common keyserver Message-ID: Author: wk Date: 2009-12-08 13:20:11 +0100 (Tue, 08 Dec 2009) New Revision: 5218 Modified: trunk/ChangeLog trunk/common/ChangeLog trunk/common/dns-cert.c trunk/configure.ac trunk/keyserver/gpgkeys_kdns.c Log: Support CERT records via ADNS Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-12-08 04:43:15 UTC (rev 5217) +++ trunk/ChangeLog 2009-12-08 12:20:11 UTC (rev 5218) @@ -1,3 +1,7 @@ +2009-12-08 Werner Koch + + * configure.ac (USE_DNS_CERT): Support ADNS. + 2009-12-07 Werner Koch * configure.ac: Check for ADNS before checking for the BIND Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2009-12-08 04:43:15 UTC (rev 5217) +++ trunk/common/ChangeLog 2009-12-08 12:20:11 UTC (rev 5218) @@ -1,3 +1,7 @@ +2009-12-08 Werner Koch + + * dns-cert.c (get_dns_cert): Add support for ADNS. + 2009-12-08 Marcus Brinkmann * asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD. Modified: trunk/common/dns-cert.c =================================================================== --- trunk/common/dns-cert.c 2009-12-08 04:43:15 UTC (rev 5217) +++ trunk/common/dns-cert.c 2009-12-08 12:20:11 UTC (rev 5218) @@ -21,14 +21,20 @@ #include #ifdef USE_DNS_CERT # ifdef HAVE_W32_SYSTEM -# include +# include # else -# include -# include -# include +# include +# include +# include # endif -#include +# include #endif +#ifdef USE_ADNS +# include +# ifndef HAVE_ADNS_FREE +# define adns_free free +# endif +#endif #include "util.h" #include "iobuf.h" @@ -40,14 +46,106 @@ #define T_CERT 37 #endif +/* ADNS has no support for CERT yes. */ +#define my_adns_r_cert 37 + + /* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for - IPGP provided. */ + IPGP provided. Note that this fucntion retruns the first CERT + found with a supported type; it is expected that only one CERT + record is used. */ int -get_dns_cert (const char *name,size_t max_size,IOBUF *iobuf, - unsigned char **fpr,size_t *fpr_len,char **url) +get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf, + unsigned char **fpr, size_t *fpr_len, char **url) { #ifdef USE_DNS_CERT +#ifdef USE_ADNS + adns_state state; + adns_answer *answer = NULL; + int rc; + unsigned int ctype; + int count; + + rc = adns_init (&state, adns_if_noerrprint, NULL); + if (rc) + { + log_error ("error initializing adns: %s\n", strerror (errno)); + return -1; + } + + rc = adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert), + adns_qf_quoteok_query, &answer); + if (rc) + { + /* log_error ("DNS query failed: %s\n", strerror (errno)); */ + adns_finish (state); + return -1; + } + if (answer->status != adns_s_ok) + { + /* log_error ("DNS query returned an error: %s (%s)\n", */ + /* adns_strerror (answer->status), */ + /* adns_errabbrev (answer->status)); */ + adns_free (answer); + adns_finish (state); + return 0; + } + + for (rc = 0, count=0; !rc && count < answer->nrrs; count++) + { + int datalen = answer->rrs.byteblock[count].len; + const unsigned char *data = answer->rrs.byteblock[count].data; + + if (datalen < 5) + continue; /* Truncated CERT record - skip. */ + + ctype = ((data[0]<<8)|data[1]); + /* (key tag and algorithm fields are not required.) */ + data += 5; + datalen -= 5; + + if (ctype == 3 && datalen >= 11) + { + /* CERT type is PGP. Gpg checks for a minimum length of 11, + thus we do the same. */ + *iobuf = iobuf_temp_with_content ((char*)data, datalen); + rc = 1; + } + else if (ctype == 6 && datalen && datalen < 1023 + && datalen >= data[0]+1 && fpr && fpr_len && url) + { + /* CERT type is IPGP. We made sure tha the data is + plausible and that the caller requested the + information. */ + *fpr_len = data[0]; + if (*fpr_len) + { + *fpr = xmalloc (*fpr_len); + memcpy (*fpr, data+1, *fpr_len); + } + else + *fpr = NULL; + + if (datalen > *fpr_len + 1) + { + *url = xmalloc (datalen - (*fpr_len+1) + 1); + memcpy (*url, data + (*fpr_len+1), datalen - (*fpr_len+1)); + (*url)[datalen - (*fpr_len+1)] = '\0'; + } + else + *url = NULL; + + rc = 2; + } + } + + adns_free (answer); + adns_finish (state); + return rc; + +#else /*!USE_ADNS*/ + unsigned char *answer; int r,ret=-1; u16 count; @@ -178,8 +276,8 @@ fail: xfree(answer); - return ret; +#endif /*!USE_ADNS*/ #else /* !USE_DNS_CERT */ return -1; #endif Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2009-12-08 04:43:15 UTC (rev 5217) +++ trunk/configure.ac 2009-12-08 12:20:11 UTC (rev 5218) @@ -831,7 +831,6 @@ else # If we have no resolver library but ADNS (e.g. under W32) enable the # code parts which can be used with ADNS. - use_dns_cert=no if test x"$have_adns" = xyes ; then DNSLIBS="$ADNSLIBS" AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.]) @@ -843,9 +842,14 @@ if test x"$use_dns_pka" = xyes ; then AC_DEFINE(USE_DNS_PKA,1) fi + + if test x"$use_dns_cert" = xyes ; then + AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT]) + fi else use_dns_srv=no use_dns_pka=no + use_dns_cert=no fi fi Modified: trunk/keyserver/gpgkeys_kdns.c =================================================================== --- trunk/keyserver/gpgkeys_kdns.c 2009-12-08 04:43:15 UTC (rev 5217) +++ trunk/keyserver/gpgkeys_kdns.c 2009-12-08 12:20:11 UTC (rev 5218) @@ -66,7 +66,7 @@ /* The replacement string for the at sign. */ static const char *kdns_at_repl; -/* Flag indicating that a TCP conenction should be used. */ +/* Flag indicating that a TCP connection should be used. */ static int kdns_usevc; From cvs at cvs.gnupg.org Tue Dec 8 13:29:02 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 13:29:02 +0100 Subject: [svn] assuan - r330 - in trunk: . doc src Message-ID: Author: marcus Date: 2009-12-08 13:29:02 +0100 (Tue, 08 Dec 2009) New Revision: 330 Modified: trunk/NEWS trunk/TODO trunk/doc/ChangeLog trunk/doc/assuan.texi trunk/src/ChangeLog trunk/src/assuan-pipe-connect.c trunk/src/assuan.h Log: doc/ 2009-12-08 Marcus Brinkmann * assuan.texi (Contexts): Document ASSUAN_SPAWN_DETACHED. src/ 2009-12-08 Marcus Brinkmann * assuan.h (ASSUAN_SPAWN_DETACHED): New macro. * assuan-pipe-connect.c (pipe_connect): Calculate spawn_flags from flags. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2009-12-08 04:47:49 UTC (rev 329) +++ trunk/doc/ChangeLog 2009-12-08 12:29:02 UTC (rev 330) @@ -1,3 +1,7 @@ +2009-12-08 Marcus Brinkmann + + * assuan.texi (Contexts): Document ASSUAN_SPAWN_DETACHED. + 2009-11-25 Marcus Brinkmann * assuan.texi (Data Types): Document assuan_fdopen. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 04:47:49 UTC (rev 329) +++ trunk/src/ChangeLog 2009-12-08 12:29:02 UTC (rev 330) @@ -1,5 +1,9 @@ 2009-12-08 Marcus Brinkmann + * assuan.h (ASSUAN_SPAWN_DETACHED): New macro. + * assuan-pipe-connect.c (pipe_connect): Calculate spawn_flags from + flags. + * assuan.h (assuan_fd_from_posix_fd): Handle invalid fd early. * assuan-socket.c (get_nonce): Cast buffer to unsigned. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-08 04:47:49 UTC (rev 329) +++ trunk/NEWS 2009-12-08 12:29:02 UTC (rev 330) @@ -92,6 +92,7 @@ assuan_client_read_response NEW assuan_client_parse_response NEW assuan_fd_from_posix_fd NEW +ASSUAN_SPAWN_DETACHED NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Modified: trunk/TODO =================================================================== --- trunk/TODO 2009-12-08 04:47:49 UTC (rev 329) +++ trunk/TODO 2009-12-08 12:29:02 UTC (rev 330) @@ -1,9 +1,6 @@ -*- outline -*- * Check that we have Pth-ed all blocking fucntions. -* When turning libassuan into a shared library, provide a general - version as well as a Pth-enabled one. -* Even better, allow replacing all these I/O and spawn functions on - a per-context basis at runtime (like the old assuan_set_io_hooks but better). +* Introduce a spawn wrapper program as gpgme has to not leak fds under W32. * assuan_transact returns immediately on an error in the callback function. It might be better to return the error to the caller. As an example see dirmngr-client, where we need to send empty responses Modified: trunk/doc/assuan.texi =================================================================== --- trunk/doc/assuan.texi 2009-12-08 04:47:49 UTC (rev 329) +++ trunk/doc/assuan.texi 2009-12-08 12:29:02 UTC (rev 330) @@ -913,6 +913,16 @@ case, @code{*argv} should be set to @code{"client"} in the parent process and @code{"server"} in the child process. +Flags is the bit-wise OR of some (or none) of the following flags: + + at table @code + at item ASSUAN_SPAWN_DETACHED +If set and there is a need to start the server it will be started as a +background process. This flag is useful under W32 systems, so that no +new console is created and pops up a console window when starting the +server. + at end table + @item pid_t (*waitpid) (assuan_context_t ctx, pid_t pid, int action, int *status, int options) This is the function called by @sc{Assuan} to wait for the spawned child process @var{pid} to exit, or, if @var{action} is 1, to just Modified: trunk/src/assuan-pipe-connect.c =================================================================== --- trunk/src/assuan-pipe-connect.c 2009-12-08 04:47:49 UTC (rev 329) +++ trunk/src/assuan-pipe-connect.c 2009-12-08 12:29:02 UTC (rev 330) @@ -154,6 +154,7 @@ pid_t pid; int res; struct at_pipe_fork atp; + unsigned int spawn_flags; atp.user_atfork = atfork; atp.user_atforkvalue = atforkvalue; @@ -173,10 +174,14 @@ _assuan_close (ctx, rp[1]); return _assuan_error (ctx, gpg_err_code_from_syserror ()); } + + spawn_flags = 0; + if (flags & ASSUAN_PIPE_CONNECT_DETACHED) + spawn_flags |= ASSUAN_SPAWN_DETACHED; /* FIXME: Use atfork handler that closes child fds on Unix. */ res = _assuan_spawn (ctx, &pid, name, argv, wp[0], rp[1], - fd_child_list, at_pipe_fork_cb, &atp, flags); + fd_child_list, at_pipe_fork_cb, &atp, spawn_flags); if (res < 0) { rc = gpg_err_code_from_syserror (); Modified: trunk/src/assuan.h =================================================================== --- trunk/src/assuan.h 2009-12-08 04:47:49 UTC (rev 329) +++ trunk/src/assuan.h 2009-12-08 12:29:02 UTC (rev 330) @@ -253,6 +253,7 @@ #define ASSUAN_SYSTEM_HOOKS_VERSION 1 +#define ASSUAN_SPAWN_DETACHED 128 struct assuan_system_hooks { /* Always set to ASSUAN_SYTEM_HOOKS_VERSION. */ From cvs at cvs.gnupg.org Tue Dec 8 13:43:27 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 08 Dec 2009 13:43:27 +0100 Subject: [svn] GnuPG - r5219 - in branches/STABLE-BRANCH-2-0: . common Message-ID: Author: wk Date: 2009-12-08 13:43:27 +0100 (Tue, 08 Dec 2009) New Revision: 5219 Modified: branches/STABLE-BRANCH-2-0/ChangeLog branches/STABLE-BRANCH-2-0/NEWS branches/STABLE-BRANCH-2-0/common/ChangeLog branches/STABLE-BRANCH-2-0/common/dns-cert.c branches/STABLE-BRANCH-2-0/configure.ac Log: Support DNS CERT lookups via ADNS Modified: branches/STABLE-BRANCH-2-0/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/ChangeLog 2009-12-08 12:20:11 UTC (rev 5218) +++ branches/STABLE-BRANCH-2-0/ChangeLog 2009-12-08 12:43:27 UTC (rev 5219) @@ -1,3 +1,7 @@ +2009-12-08 Werner Koch + + * configure.ac (USE_DNS_CERT): Support via ADNS. + 2009-12-07 Werner Koch * configure.ac: Check for ADNS before checking for the BIND Modified: branches/STABLE-BRANCH-2-0/common/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/common/ChangeLog 2009-12-08 12:20:11 UTC (rev 5218) +++ branches/STABLE-BRANCH-2-0/common/ChangeLog 2009-12-08 12:43:27 UTC (rev 5219) @@ -1,3 +1,7 @@ +2009-12-08 Werner Koch + + * dns-cert.c: Add support for ADNS. + 2009-12-07 Werner Koch * pka.c (get_pka_info): Add support for ADNS. Modified: branches/STABLE-BRANCH-2-0/NEWS =================================================================== --- branches/STABLE-BRANCH-2-0/NEWS 2009-12-08 12:20:11 UTC (rev 5218) +++ branches/STABLE-BRANCH-2-0/NEWS 2009-12-08 12:43:27 UTC (rev 5219) @@ -9,7 +9,9 @@ * The GPGSM --audit-log feature is now more complete. + * Support DNS lookups for SRV, PKA and CERT on W32. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: branches/STABLE-BRANCH-2-0/common/dns-cert.c =================================================================== --- branches/STABLE-BRANCH-2-0/common/dns-cert.c 2009-12-08 12:20:11 UTC (rev 5218) +++ branches/STABLE-BRANCH-2-0/common/dns-cert.c 2009-12-08 12:43:27 UTC (rev 5219) @@ -1,5 +1,5 @@ /* dns-cert.c - DNS CERT code - * Copyright (C) 2005, 2006 Free Software Foundation, Inc. + * Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc. * * This file is part of GNUPG. * @@ -21,14 +21,20 @@ #include #ifdef USE_DNS_CERT # ifdef HAVE_W32_SYSTEM -# include +# include # else -# include -# include -# include +# include +# include +# include # endif -#include +# include #endif +#ifdef USE_ADNS +# include +# ifndef HAVE_ADNS_FREE +# define adns_free free +# endif +#endif #include "util.h" #include "iobuf.h" @@ -40,14 +46,106 @@ #define T_CERT 37 #endif +/* ADNS has no support for CERT yes. */ +#define my_adns_r_cert 37 + + /* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for - IPGP provided. */ + IPGP provided. Note that this fucntion retruns the first CERT + found with a supported type; it is expected that only one CERT + record is used. */ int -get_dns_cert (const char *name,size_t max_size,IOBUF *iobuf, - unsigned char **fpr,size_t *fpr_len,char **url) +get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf, + unsigned char **fpr, size_t *fpr_len, char **url) { #ifdef USE_DNS_CERT +#ifdef USE_ADNS + adns_state state; + adns_answer *answer = NULL; + int rc; + unsigned int ctype; + int count; + + rc = adns_init (&state, adns_if_noerrprint, NULL); + if (rc) + { + log_error ("error initializing adns: %s\n", strerror (errno)); + return -1; + } + + rc = adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert), + adns_qf_quoteok_query, &answer); + if (rc) + { + /* log_error ("DNS query failed: %s\n", strerror (errno)); */ + adns_finish (state); + return -1; + } + if (answer->status != adns_s_ok) + { + /* log_error ("DNS query returned an error: %s (%s)\n", */ + /* adns_strerror (answer->status), */ + /* adns_errabbrev (answer->status)); */ + adns_free (answer); + adns_finish (state); + return 0; + } + + for (rc = 0, count=0; !rc && count < answer->nrrs; count++) + { + int datalen = answer->rrs.byteblock[count].len; + const unsigned char *data = answer->rrs.byteblock[count].data; + + if (datalen < 5) + continue; /* Truncated CERT record - skip. */ + + ctype = ((data[0]<<8)|data[1]); + /* (key tag and algorithm fields are not required.) */ + data += 5; + datalen -= 5; + + if (ctype == 3 && datalen >= 11) + { + /* CERT type is PGP. Gpg checks for a minimum length of 11, + thus we do the same. */ + *iobuf = iobuf_temp_with_content ((char*)data, datalen); + rc = 1; + } + else if (ctype == 6 && datalen && datalen < 1023 + && datalen >= data[0]+1 && fpr && fpr_len && url) + { + /* CERT type is IPGP. We made sure tha the data is + plausible and that the caller requested the + information. */ + *fpr_len = data[0]; + if (*fpr_len) + { + *fpr = xmalloc (*fpr_len); + memcpy (*fpr, data+1, *fpr_len); + } + else + *fpr = NULL; + + if (datalen > *fpr_len + 1) + { + *url = xmalloc (datalen - (*fpr_len+1) + 1); + memcpy (*url, data + (*fpr_len+1), datalen - (*fpr_len+1)); + (*url)[datalen - (*fpr_len+1)] = '\0'; + } + else + *url = NULL; + + rc = 2; + } + } + + adns_free (answer); + adns_finish (state); + return rc; + +#else /*!USE_ADNS*/ + unsigned char *answer; int r,ret=-1; u16 count; @@ -178,8 +276,8 @@ fail: xfree(answer); - return ret; +#endif /*!USE_ADNS*/ #else /* !USE_DNS_CERT */ return -1; #endif Modified: branches/STABLE-BRANCH-2-0/configure.ac =================================================================== --- branches/STABLE-BRANCH-2-0/configure.ac 2009-12-08 12:20:11 UTC (rev 5218) +++ branches/STABLE-BRANCH-2-0/configure.ac 2009-12-08 12:43:27 UTC (rev 5219) @@ -826,7 +826,6 @@ else # If we have no resolver library but ADNS (e.g. under W32) enable the # code parts which can be used with ADNS. - use_dns_cert=no if test x"$have_adns" = xyes ; then DNSLIBS="$ADNSLIBS" AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.]) @@ -838,9 +837,14 @@ if test x"$use_dns_pka" = xyes ; then AC_DEFINE(USE_DNS_PKA,1) fi + + if test x"$use_dns_cert" = xyes ; then + AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT]) + fi else use_dns_srv=no use_dns_pka=no + use_dns_cert=no fi fi From cvs at cvs.gnupg.org Tue Dec 8 16:25:14 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 16:25:14 +0100 Subject: [svn] assuan - r331 - trunk/src Message-ID: Author: marcus Date: 2009-12-08 16:25:14 +0100 (Tue, 08 Dec 2009) New Revision: 331 Modified: trunk/src/ChangeLog trunk/src/client.c Log: 2009-12-08 Marcus Brinkmann * client.c (assuan_client_read_response): Fix linelen. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 12:29:02 UTC (rev 330) +++ trunk/src/ChangeLog 2009-12-08 15:25:14 UTC (rev 331) @@ -1,5 +1,7 @@ 2009-12-08 Marcus Brinkmann + * client.c (assuan_client_read_response): Fix linelen. + * assuan.h (ASSUAN_SPAWN_DETACHED): New macro. * assuan-pipe-connect.c (pipe_connect): Calculate spawn_flags from flags. Modified: trunk/src/client.c =================================================================== --- trunk/src/client.c 2009-12-08 12:29:02 UTC (rev 330) +++ trunk/src/client.c 2009-12-08 15:25:14 UTC (rev 331) @@ -112,6 +112,7 @@ } *d = 0; /* add a hidden string terminator */ + linelen = d - line; ctx->inbound.linelen = linelen; } From cvs at cvs.gnupg.org Tue Dec 8 16:30:22 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 16:30:22 +0100 Subject: [svn] ksba - r313 - trunk Message-ID: Author: marcus Date: 2009-12-08 16:30:22 +0100 (Tue, 08 Dec 2009) New Revision: 313 Modified: trunk/ChangeLog trunk/configure.ac Log: 2009-12-08 Marcus Brinkmann * configure.ac: Allow cross compiling to be "maybe". Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-07-03 11:41:12 UTC (rev 312) +++ trunk/ChangeLog 2009-12-08 15:30:22 UTC (rev 313) @@ -1,3 +1,7 @@ +2009-12-08 Marcus Brinkmann + + * configure.ac: Allow cross compiling to be "maybe". + 2009-07-03 Werner Koch * configure.ac: Bump LT version to C17/A9/R7. Unfortunately only Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2009-07-03 11:41:12 UTC (rev 312) +++ trunk/configure.ac 2009-12-08 15:30:22 UTC (rev 313) @@ -324,7 +324,7 @@ AC_SUBST(KSBA_CONFIG_API_VERSION) # The Makefiles need to know about cross compiling -AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) +AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling != xno) # Generate extended version information for W32. @@ -361,7 +361,7 @@ Platform: $host " -if test x$cross_compiling = xyes; then +if test x$cross_compiling != xno; then echo "Hint: If you encounter make problems like \"No rule to make target 'asn1-tables.c'\" you should first do a native build without installing From cvs at cvs.gnupg.org Tue Dec 8 17:30:34 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 08 Dec 2009 17:30:34 +0100 Subject: [svn] GnuPG - r5220 - in trunk: . agent common g10 kbx sm Message-ID: Author: wk Date: 2009-12-08 17:30:33 +0100 (Tue, 08 Dec 2009) New Revision: 5220 Added: trunk/common/userids.c trunk/common/userids.h Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/protect.c trunk/common/ChangeLog trunk/common/Makefile.am trunk/common/dns-cert.c trunk/g10/ChangeLog trunk/g10/delkey.c trunk/g10/export.c trunk/g10/getkey.c trunk/g10/gpg.h trunk/g10/keydb.h trunk/g10/keyring.h trunk/g10/keyserver.c trunk/g10/packet.h trunk/g10/pkclist.c trunk/g10/revoke.c trunk/g10/trustdb.c trunk/kbx/ChangeLog trunk/kbx/keybox-search-desc.h trunk/kbx/keybox-search.c trunk/sm/ChangeLog trunk/sm/certlist.c trunk/sm/delete.c trunk/sm/export.c trunk/sm/import.c trunk/sm/keydb.c trunk/sm/keydb.h trunk/sm/keylist.c trunk/sm/sign.c Log: Unification of the search descriptor usage. [The diff below has been truncated] Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/agent/ChangeLog 2009-12-08 16:30:33 UTC (rev 5220) @@ -1,3 +1,7 @@ +2009-12-08 Werner Koch + + * protect.c (agent_unprotect): Avoid compiler warning. + 2009-12-08 Marcus Brinkmann * call-pinentry.c (start_pinentry): Convert posix fd to assuan fd. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/common/ChangeLog 2009-12-08 16:30:33 UTC (rev 5220) @@ -1,11 +1,14 @@ 2009-12-08 Werner Koch + * userids.h, userids.c: New. + (classify_user_id): Merged from similar fucntions in sm/ and g10/. + * dns-cert.c (get_dns_cert): Add support for ADNS. 2009-12-08 Marcus Brinkmann * asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD. - + * asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing argument in assuan_socket_connect invocation. * iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/ChangeLog 2009-12-08 16:30:33 UTC (rev 5220) @@ -1,3 +1,23 @@ +2009-12-08 Werner Koch + + * keyring.h: Include userids.h. + * gpg.h (KEYDB_SEARCH_DESC): Remove. + * packet.h: Include userids.h. + (PKT_user_id): Declare using gpg_pkt_user_id_s. + * keydb.h (KeydbSearchMode, struct keydb_search_desc): Remove. We + now use those in ../kbx. + * getkey.c (classify_user_id): Remove. It is now in common/. + (key_byname): Adjust for changed classify_user_id. + * delkey.c (do_delete_key): Ditto. + * trustdb.c (register_trusted_key): Ditto. + * revoke.c (gen_desig_revoke, gen_revoke): Ditto. + * keyserver.c (parse_keyrec, keyserver_export, keyserver_import) + (keyidlist): Ditto. + * export.c (do_export_stream): Ditto. + + * pkclist.c (find_and_check_key): Replace GPG_ERR_INV_NAME by + GPG_ERR_INV_USER_ID. + 2009-12-04 Werner Koch * keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New. Modified: trunk/kbx/ChangeLog =================================================================== --- trunk/kbx/ChangeLog 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/kbx/ChangeLog 2009-12-08 16:30:33 UTC (rev 5220) @@ -1,3 +1,11 @@ +2009-12-08 Werner Koch + + * keybox-search-desc.h (keydb_search_desc): Use u32 type for + KID. Extend the skip function ptr. + (gpg_pkt_user_id_t): New. + * keybox-search.c (has_short_kid, has_long_kid): Change to use u32 + args for KID. + 2008-12-09 Werner Koch * kbxutil.c (main): Call i18n_init before init_common_subsystems. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/sm/ChangeLog 2009-12-08 16:30:33 UTC (rev 5220) @@ -1,3 +1,12 @@ +2009-12-08 Werner Koch + + * keydb.c (keydb_search_kid): Fix code even that it is not used. + (classify_user_id): Adjust for change of u.kid type. + (keydb_classify_name): Replace GPG_ERR_INV_NAME by + GPG_ERR_INV_USER_ID. + (keydb_classify_name): Remove. Replace all callers by + classify_user_id. + 2009-12-08 Marcus Brinkmann * call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/NEWS 2009-12-08 16:30:33 UTC (rev 5220) @@ -14,7 +14,7 @@ * Numerical values may now be used as an alternative to the debug-level keywords. - * Support SRV and PKA records on W32. + * Support DNS lookups for SRV, PKA and CERT on W32. Noteworthy changes in version 2.0.13 (2009-09-04) Modified: trunk/agent/protect.c =================================================================== --- trunk/agent/protect.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/agent/protect.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -775,6 +775,7 @@ if (!n) return gpg_error (GPG_ERR_INV_SEXP); + cleartext = NULL; /* Avoid cc warning. */ rc = do_decryption (s, n, passphrase, s2ksalt, s2kcount, iv, 16, Modified: trunk/common/Makefile.am =================================================================== --- trunk/common/Makefile.am 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/common/Makefile.am 2009-12-08 16:30:33 UTC (rev 5220) @@ -70,6 +70,7 @@ http.c http.h \ localename.c \ session-env.c session-env.h \ + userids.c userids.h \ helpfile.c # Sources only useful without PTH. Modified: trunk/common/dns-cert.c =================================================================== --- trunk/common/dns-cert.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/common/dns-cert.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -1,5 +1,5 @@ /* dns-cert.c - DNS CERT code - * Copyright (C) 2005, 2006 Free Software Foundation, Inc. + * Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc. * * This file is part of GNUPG. * Added: trunk/common/userids.c =================================================================== --- trunk/common/userids.c (rev 0) +++ trunk/common/userids.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -0,0 +1,322 @@ +/* userids.c - Utility functions for user ids. + * Copyright (C) 2001, 2003, 2004, 2006, + * 2009 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* This file implements a few utility functions useful when working + with canonical encrypted S-expresions (i.e. not the S-exprssion + objects from libgcrypt). */ + +#include +#include +#include +#include + +#include "util.h" +#include "userids.h" + + +/* Parse the user-id NAME and build a search description for it. + * Returns 0 on succdess or an error code. DESC may be NULL to merely + * check the validity of a user-id. + * + * Some used rules: + * - If the username starts with 8,9,16 or 17 hex-digits (the first one + * must be in the range 0..9), this is considered a keyid; depending + * on the length a short or complete one. + * - If the username starts with 32,33,40 or 41 hex-digits (the first one + * must be in the range 0..9), this is considered a fingerprint. + * - If the username starts with a left angle, we assume it is a complete + * email address and look only at this part. + * - If the username starts with a colon we assume it is a unified + * key specfification. + * - If the username starts with a '.', we assume it is the ending + * part of an email address + * - If the username starts with an '@', we assume it is a part of an + * email address + * - If the userid start with an '=' an exact compare is done. + * - If the userid starts with a '*' a case insensitive substring search is + * done (This is the default). + * - If the userid starts with a '+' we will compare individual words + * and a match requires that all the words are in the userid. + * Words are delimited by white space or "()<>[]{}. at -+_,;/&!" + * (note that you can't search for these characters). Compare + * is not case sensitive. + * - If the userid starts with a '&' a 40 hex digits keygrip is expected. + */ + +gpg_error_t +classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc) +{ + const char *s; + int hexprefix = 0; + int hexlength; + int mode = 0; + KEYDB_SEARCH_DESC dummy_desc; + + if (!desc) + desc = &dummy_desc; + + /* Clear the structure so that the mode field is set to zero unless + we set it to the correct value right at the end of this + function. */ + memset (desc, 0, sizeof *desc); + + /* Skip leading spaces. */ + for(s = name; *s && spacep (s); s++ ) + ; + + switch (*s) + { + case 0: /* Empty string is an error. */ + return gpg_error (GPG_ERR_INV_USER_ID); + + case '.': /* An email address, compare from end. Note that this + has not yet been implemented in the search code. */ + mode = KEYDB_SEARCH_MODE_MAILEND; + s++; + desc->u.name = s; + break; + + case '<': /* An email address. */ + mode = KEYDB_SEARCH_MODE_MAIL; + s++; + desc->u.name = s; + break; + + case '@': /* Part of an email address. */ + mode = KEYDB_SEARCH_MODE_MAILSUB; + s++; + desc->u.name = s; + break; + + case '=': /* Exact compare. */ + mode = KEYDB_SEARCH_MODE_EXACT; + s++; + desc->u.name = s; + break; + + case '*': /* Case insensitive substring search. */ + mode = KEYDB_SEARCH_MODE_SUBSTR; + s++; + desc->u.name = s; + break; + + case '+': /* Compare individual words. Note that this has not + yet been implemented in the search code. */ + mode = KEYDB_SEARCH_MODE_WORDS; + s++; + desc->u.name = s; + break; + + case '/': /* Subject's DN. */ + s++; + if (!*s || spacep (s)) /* No DN or prefixed with a space. */ + return gpg_error (GPG_ERR_INV_USER_ID); + desc->u.name = s; + mode = KEYDB_SEARCH_MODE_SUBJECT; + break; + + case '#': /* S/N with optional issuer id or just issuer id. */ + { + const char *si; + + s++; + if ( *s == '/') + { /* "#/" indicates an issuer's DN. */ + s++; + if (!*s || spacep (s)) /* No DN or prefixed with a space. */ + return gpg_error (GPG_ERR_INV_USER_ID); + desc->u.name = s; + mode = KEYDB_SEARCH_MODE_ISSUER; + } + else + { /* Serialnumber + optional issuer ID. */ + for (si=s; *si && *si != '/'; si++) + { + /* Check for an invalid digit in the serial number. */ + if (!strchr("01234567890abcdefABCDEF", *si)) + return gpg_error (GPG_ERR_INV_USER_ID); + } + desc->sn = (const unsigned char*)s; + desc->snlen = -1; + if (!*si) + mode = KEYDB_SEARCH_MODE_SN; + else + { + s = si+1; + if (!*s || spacep (s)) /* No DN or prefixed with a space. */ + return gpg_error (GPG_ERR_INV_USER_ID); + desc->u.name = s; + mode = KEYDB_SEARCH_MODE_ISSUER_SN; + } + } + } + break; + + case ':': /* Unified fingerprint. */ + { + const char *se, *si; + int i; + + se = strchr (++s,':'); + if (!se) + return gpg_error (GPG_ERR_INV_USER_ID); + for (i=0,si=s; si < se; si++, i++ ) + { + if (!strchr("01234567890abcdefABCDEF", *si)) + return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid digit. */ + } + if (i != 32 && i != 40) + return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid length of fpr. */ + for (i=0,si=s; si < se; i++, si +=2) + desc->u.fpr[i] = hextobyte(si); + for (; i < 20; i++) + desc->u.fpr[i]= 0; + s = se + 1; + mode = KEYDB_SEARCH_MODE_FPR; + } + break; + + case '&': /* Keygrip*/ + { + if (hex2bin (s+1, desc->u.grip, 20) < 0) + return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid. */ + mode = KEYDB_SEARCH_MODE_KEYGRIP; + } + break; + + default: + if (s[0] == '0' && s[1] == 'x') + { + hexprefix = 1; + s += 2; + } + + hexlength = strspn(s, "0123456789abcdefABCDEF"); + if (hexlength >= 8 && s[hexlength] =='!') + { + desc->exact = 1; + hexlength++; /* Just for the following check. */ + } + + /* Check if a hexadecimal number is terminated by EOS or blank. */ + if (hexlength && s[hexlength] && !spacep (s+hexlength)) + { + if (hexprefix) /* A "0x" prefix without a correct + termination is an error. */ + return gpg_error (GPG_ERR_INV_USER_ID); + /* The first characters looked like a hex number, but the + entire string is not. */ + hexlength = 0; + } + + if (desc->exact) + hexlength--; /* Remove the bang. */ + + if (hexlength == 8 + || (!hexprefix && hexlength == 9 && *s == '0')) + { + /* Short keyid. */ + if (hexlength == 9) + s++; + desc->u.kid[1] = strtoul( s, NULL, 16 ); + mode = KEYDB_SEARCH_MODE_SHORT_KID; + } + else if (hexlength == 16 + || (!hexprefix && hexlength == 17 && *s == '0')) + { + /* Long keyid. */ + char buf[9]; + if (hexlength == 17) + s++; + mem2str (buf, s, 9); + desc->u.kid[0] = strtoul (buf, NULL, 16); + desc->u.kid[1] = strtoul (s+8, NULL, 16); + mode = KEYDB_SEARCH_MODE_LONG_KID; + } + else if (hexlength == 32 + || (!hexprefix && hexlength == 33 && *s == '0')) + { + /* MD5 fingerprint. */ + int i; + if (hexlength == 33) + s++; + memset (desc->u.fpr+16, 0, 4); + for (i=0; i < 16; i++, s+=2) + { + int c = hextobyte(s); + if (c == -1) + return gpg_error (GPG_ERR_INV_USER_ID); + desc->u.fpr[i] = c; + } + mode = KEYDB_SEARCH_MODE_FPR16; + } + else if (hexlength == 40 + || (!hexprefix && hexlength == 41 && *s == '0')) + { + /* SHA1/RMD160 fingerprint. */ + int i; + if (hexlength == 41) + s++; + for (i=0; i < 20; i++, s+=2) + { + int c = hextobyte(s); + if (c == -1) + return gpg_error (GPG_ERR_INV_USER_ID); + desc->u.fpr[i] = c; + } + mode = KEYDB_SEARCH_MODE_FPR20; + } + else if (!hexprefix) + { + /* The fingerprint in an X.509 listing is often delimited by + colons, so we try to single this case out. */ + mode = 0; + hexlength = strspn (s, ":0123456789abcdefABCDEF"); + if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) + { + int i; + + for (i=0; i < 20; i++, s += 3) + { + int c = hextobyte(s); + if (c == -1 || (i < 19 && s[2] != ':')) + break; + desc->u.fpr[i] = c; + } + if (i == 20) + mode = KEYDB_SEARCH_MODE_FPR20; + } + if (!mode) /* Default to substring search. */ + { + desc->exact = 0; + desc->u.name = s; + mode = KEYDB_SEARCH_MODE_SUBSTR; + } + } + else + { + /* Hex number with a prefix but with a wrong length. */ + return gpg_error (GPG_ERR_INV_USER_ID); + } + } + + desc->mode = mode; + return 0; +} Added: trunk/common/userids.h =================================================================== --- trunk/common/userids.h (rev 0) +++ trunk/common/userids.h 2009-12-08 16:30:33 UTC (rev 5220) @@ -0,0 +1,28 @@ +/* userids.h - Utility functions for user ids. + * Copyright (C) 2009 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GNUPG_COMMON_USERIDS_H +#define GNUPG_COMMON_USERIDS_H + +#include "../kbx/keybox-search-desc.h" + +gpg_error_t classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc); + + +#endif /*GNUPG_COMMON_USERIDS_H*/ Modified: trunk/g10/delkey.c =================================================================== --- trunk/g10/delkey.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/delkey.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -63,12 +63,13 @@ *r_sec_avail = 0; - /* search the userid */ - classify_user_id (username, &desc); + /* Search the userid */ + rc = classify_user_id (username, &desc); exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR || desc.mode == KEYDB_SEARCH_MODE_FPR16 || desc.mode == KEYDB_SEARCH_MODE_FPR20); - rc = desc.mode? keydb_search (hd, &desc, 1):G10ERR_INV_USER_ID; + if (!rc) + rc = keydb_search (hd, &desc, 1); if (rc) { log_error (_("key \"%s\" not found: %s\n"), username, g10_errstr (rc)); write_status_text( STATUS_DELETE_PROBLEM, "1" ); Modified: trunk/g10/export.c =================================================================== --- trunk/g10/export.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/export.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -293,6 +293,7 @@ KBNODE *keyblock_out, unsigned int options, int *any ) { int rc = 0; + gpg_error_t err; PACKET pkt; KBNODE keyblock = NULL; KBNODE kbctx, node; @@ -318,11 +319,11 @@ desc = xmalloc ( ndesc * sizeof *desc); for (ndesc=0, sl=users; sl; sl = sl->next) { - if (classify_user_id (sl->d, desc+ndesc)) + if (!(err=classify_user_id (sl->d, desc+ndesc))) ndesc++; else log_error (_("key \"%s\" not found: %s\n"), - sl->d, g10_errstr (G10ERR_INV_USER_ID)); + sl->d, gpg_strerror (err)); } /* It would be nice to see which of the given users did Modified: trunk/g10/getkey.c =================================================================== --- trunk/g10/getkey.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/getkey.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -536,229 +536,7 @@ } -/**************** - * Return the type of the user id: - * - * Please use the constants KEYDB_SERCH_MODE_xxx - * 0 = Invalid user ID - * 1 = exact match - * 2 = match a substring - * 3 = match an email address - * 4 = match a substring of an email address - * 5 = match an email address, but compare from end - * 6 = word match mode - * 10 = it is a short KEYID (don't care about keyid[0]) - * 11 = it is a long KEYID - * 12 = it is a trustdb index (keyid is looked up) - * 16 = it is a 16 byte fingerprint - * 20 = it is a 20 byte fingerprint - * 21 = Unified fingerprint :fpr:pk_algo: - * (We don't use pk_algo yet) - * - * Rules used: - * - If the username starts with 8,9,16 or 17 hex-digits (the first one - * must be in the range 0..9), this is considered a keyid; depending - * on the length a short or complete one. - * - If the username starts with 32,33,40 or 41 hex-digits (the first one - * must be in the range 0..9), this is considered a fingerprint. - * - If the username starts with a left angle, we assume it is a complete - * email address and look only at this part. - * - If the username starts with a colon we assume it is a unified - * key specfification. - * - If the username starts with a '.', we assume it is the ending - * part of an email address - * - If the username starts with an '@', we assume it is a part of an - * email address - * - If the userid start with an '=' an exact compare is done. - * - If the userid starts with a '*' a case insensitive substring search is - * done (This is the default). - * - If the userid starts with a '+' we will compare individual words - * and a match requires that all the words are in the userid. - * Words are delimited by white space or "()<>[]{}. at -+_,;/&!" - * (note that you can't search for these characters). Compare - * is not case sensitive. - * - If the userid starts with a '&' a 40 hex digits keygrip is expected. - */ -int -classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc ) -{ - const char *s; - int hexprefix = 0; - int hexlength; - int mode = 0; - KEYDB_SEARCH_DESC dummy_desc; - - if (!desc) - desc = &dummy_desc; - - /* clear the structure so that the mode field is set to zero unless - * we set it to the correct value right at the end of this function */ - memset (desc, 0, sizeof *desc); - - /* skip leading spaces. Fixme: what is with trailing spaces? */ - for(s = name; *s && spacep (s); s++ ) - ; - - switch (*s) { - case 0: /* empty string is an error */ - return 0; - -#if 0 - case '.': /* an email address, compare from end */ - mode = KEYDB_SEARCH_MODE_MAILEND; - s++; - desc->u.name = s; - break; -#endif - - case '<': /* an email address */ - mode = KEYDB_SEARCH_MODE_MAIL; - desc->u.name = s; - break; - - case '@': /* part of an email address */ - mode = KEYDB_SEARCH_MODE_MAILSUB; - s++; - desc->u.name = s; - break; - - case '=': /* exact compare */ - mode = KEYDB_SEARCH_MODE_EXACT; - s++; - desc->u.name = s; - break; - - case '*': /* case insensitive substring search */ - mode = KEYDB_SEARCH_MODE_SUBSTR; - s++; - desc->u.name = s; - break; - -#if 0 - case '+': /* compare individual words */ - mode = KEYDB_SEARCH_MODE_WORDS; - s++; - desc->u.name = s; - break; -#endif - - case '#': /* local user id */ - return 0; /* This is now obsolete and can't not be used anymore*/ - - case ':': /*Unified fingerprint */ - { - const char *se, *si; - int i; - - se = strchr( ++s,':'); - if ( !se ) - return 0; - for (i=0,si=s; si < se; si++, i++ ) { - if ( !strchr("01234567890abcdefABCDEF", *si ) ) - return 0; /* invalid digit */ - } - if (i != 32 && i != 40) - return 0; /* invalid length of fpr*/ - for (i=0,si=s; si < se; i++, si +=2) - desc->u.fpr[i] = hextobyte(si); - for ( ; i < 20; i++) - desc->u.fpr[i]= 0; - s = se + 1; - mode = KEYDB_SEARCH_MODE_FPR; - } - break; - - case '&': /* keygrip */ - return 0; /* Not yet implememted. */ - - default: - if (s[0] == '0' && s[1] == 'x') { - hexprefix = 1; - s += 2; - } - - hexlength = strspn(s, "0123456789abcdefABCDEF"); - if (hexlength >= 8 && s[hexlength] =='!') { - desc->exact = 1; - hexlength++; /* just for the following check */ - } - - /* check if a hexadecimal number is terminated by EOS or blank */ - if (hexlength && s[hexlength] && !spacep(s+hexlength)) { - if (hexprefix) /* a "0x" prefix without correct */ - return 0; /* termination is an error */ - else /* The first chars looked like */ - hexlength = 0; /* a hex number, but really were not. */ - } - - if (desc->exact) - hexlength--; - - if (hexlength == 8 - || (!hexprefix && hexlength == 9 && *s == '0')){ - /* short keyid */ - if (hexlength == 9) - s++; - desc->u.kid[0] = 0; - desc->u.kid[1] = strtoul( s, NULL, 16 ); - mode = KEYDB_SEARCH_MODE_SHORT_KID; - } - else if (hexlength == 16 - || (!hexprefix && hexlength == 17 && *s == '0')) { - /* complete keyid */ - char buf[9]; - if (hexlength == 17) - s++; - mem2str(buf, s, 9 ); - desc->u.kid[0] = strtoul( buf, NULL, 16 ); - desc->u.kid[1] = strtoul( s+8, NULL, 16 ); - mode = KEYDB_SEARCH_MODE_LONG_KID; - } - else if (hexlength == 32 || (!hexprefix && hexlength == 33 - && *s == '0')) { - /* md5 fingerprint */ - int i; - if (hexlength == 33) - s++; - memset(desc->u.fpr+16, 0, 4); - for (i=0; i < 16; i++, s+=2) { - int c = hextobyte(s); - if (c == -1) - return 0; - desc->u.fpr[i] = c; - } - mode = KEYDB_SEARCH_MODE_FPR16; - } - else if (hexlength == 40 || (!hexprefix && hexlength == 41 - && *s == '0')) { - /* sha1/rmd160 fingerprint */ - int i; - if (hexlength == 41) - s++; - for (i=0; i < 20; i++, s+=2) { - int c = hextobyte(s); - if (c == -1) - return 0; - desc->u.fpr[i] = c; - } - mode = KEYDB_SEARCH_MODE_FPR20; - } - else { - if (hexprefix) /* This was a hex number with a prefix */ - return 0; /* and a wrong length */ - - desc->exact = 0; - desc->u.name = s; - mode = KEYDB_SEARCH_MODE_SUBSTR; /* default mode */ - } - } - - desc->mode = mode; - return mode; -} - - static int skip_unusable (void *dummy, u32 *keyid, PKT_user_id *uid) { @@ -851,14 +629,16 @@ for(n=0, r=namelist; r; r = r->next, n++ ) { - classify_user_id (r->d, &ctx->items[n]); + gpg_error_t err; + + err = classify_user_id (r->d, &ctx->items[n]); if (ctx->items[n].exact) ctx->exact = 1; - if (!ctx->items[n].mode) + if (err) { xfree (ctx); - return G10ERR_INV_USER_ID; + return gpg_err_code (err); /* FIXME: remove gpg_err_code. */ } if(!include_unusable && ctx->items[n].mode!=KEYDB_SEARCH_MODE_SHORT_KID Modified: trunk/g10/gpg.h =================================================================== --- trunk/g10/gpg.h 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/gpg.h 2009-12-08 16:30:33 UTC (rev 5220) @@ -50,11 +50,8 @@ /* Object used to describe a keyblok node. */ typedef struct kbnode_struct *KBNODE; -/* Object used for looking ob keys. */ -typedef struct keydb_search_desc KEYDB_SEARCH_DESC; - /* Session control object. This object is passed to most functions to convey the status of a session. Note that the defaults are set by gpg_init_default_ctrl(). */ Modified: trunk/g10/keydb.h =================================================================== --- trunk/g10/keydb.h 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/keydb.h 2009-12-08 16:30:33 UTC (rev 5220) @@ -115,36 +115,7 @@ typedef struct keydb_handle *KEYDB_HANDLE; -typedef enum { - KEYDB_SEARCH_MODE_NONE, - KEYDB_SEARCH_MODE_EXACT, - KEYDB_SEARCH_MODE_SUBSTR, - KEYDB_SEARCH_MODE_MAIL, - KEYDB_SEARCH_MODE_MAILSUB, - KEYDB_SEARCH_MODE_MAILEND, - KEYDB_SEARCH_MODE_WORDS, - KEYDB_SEARCH_MODE_SHORT_KID, - KEYDB_SEARCH_MODE_LONG_KID, - KEYDB_SEARCH_MODE_FPR16, - KEYDB_SEARCH_MODE_FPR20, - KEYDB_SEARCH_MODE_FPR, - KEYDB_SEARCH_MODE_FIRST, - KEYDB_SEARCH_MODE_NEXT -} KeydbSearchMode; -struct keydb_search_desc { - KeydbSearchMode mode; - int (*skipfnc)(void *,u32*,PKT_user_id*); - void *skipfncvalue; - union { - const char *name; - byte fpr[MAX_FINGERPRINT_LEN]; - u32 kid[2]; - } u; - int exact; -}; - - /* Helper type for preference fucntions. */ union pref_hint { @@ -221,7 +192,6 @@ void next_to_last_passphrase(void); /*-- getkey.c --*/ -int classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc); void cache_public_key( PKT_public_key *pk ); void getkey_disable_caches(void); int get_pubkey( PKT_public_key *pk, u32 *keyid ); Modified: trunk/g10/keyring.h =================================================================== --- trunk/g10/keyring.h 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/keyring.h 2009-12-08 16:30:33 UTC (rev 5220) @@ -20,6 +20,7 @@ #ifndef GPG_KEYRING_H #define GPG_KEYRING_H 1 +#include "../common/userids.h" typedef struct keyring_handle *KEYRING_HANDLE; Modified: trunk/g10/keyserver.c =================================================================== --- trunk/g10/keyserver.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/keyserver.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -46,6 +46,7 @@ #include "srv.h" #endif + #ifdef HAVE_W32_SYSTEM /* It seems Vista doesn't grok X_OK and so fails access() tests. Previous versions interpreted X_OK as F_OK anyway, so we'll just @@ -595,6 +596,7 @@ if(ascii_strcasecmp("pub",record)==0) { char *tok; + gpg_error_t err; if(work->desc.mode) { @@ -606,11 +608,11 @@ if((tok=strsep(&keystring,":"))==NULL) return ret; - classify_user_id(tok,&work->desc); - if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID - && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID - && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16 - && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20) + err = classify_user_id (tok, &work->desc); + if (err || (work->desc.mode != KEYDB_SEARCH_MODE_SHORT_KID + && work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID + && work->desc.mode != KEYDB_SEARCH_MODE_FPR16 + && work->desc.mode != KEYDB_SEARCH_MODE_FPR20)) { work->desc.mode=KEYDB_SEARCH_MODE_NONE; return ret; @@ -1598,6 +1600,7 @@ int keyserver_export(strlist_t users) { + gpg_error_t err; strlist_t sl=NULL; KEYDB_SEARCH_DESC desc; int rc=0; @@ -1605,11 +1608,11 @@ /* Weed out descriptors that we don't support sending */ for(;users;users=users->next) { - classify_user_id (users->d, &desc); - if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID && - desc.mode!=KEYDB_SEARCH_MODE_LONG_KID && - desc.mode!=KEYDB_SEARCH_MODE_FPR16 && - desc.mode!=KEYDB_SEARCH_MODE_FPR20) + err = classify_user_id (users->d, &desc); + if (err || (desc.mode != KEYDB_SEARCH_MODE_SHORT_KID + && desc.mode != KEYDB_SEARCH_MODE_LONG_KID + && desc.mode != KEYDB_SEARCH_MODE_FPR16 + && desc.mode != KEYDB_SEARCH_MODE_FPR20)) { log_error(_("\"%s\" not a key ID: skipping\n"),users->d); continue; @@ -1630,6 +1633,7 @@ int keyserver_import(strlist_t users) { + gpg_error_t err; KEYDB_SEARCH_DESC *desc; int num=100,count=0; int rc=0; @@ -1639,13 +1643,13 @@ for(;users;users=users->next) { - classify_user_id (users->d, &desc[count]); - if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID && - desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID && - desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 && - desc[count].mode!=KEYDB_SEARCH_MODE_FPR20) + err = classify_user_id (users->d, &desc[count]); + if (err || (desc[count].mode != KEYDB_SEARCH_MODE_SHORT_KID + && desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID + && desc[count].mode != KEYDB_SEARCH_MODE_FPR16 + && desc[count].mode != KEYDB_SEARCH_MODE_FPR20)) { - log_error(_("\"%s\" not a key ID: skipping\n"),users->d); + log_error (_("\"%s\" not a key ID: skipping\n"), users->d); continue; } @@ -1731,11 +1735,12 @@ for (ndesc=0, sl=users; sl; sl = sl->next) { - if(classify_user_id (sl->d, desc+ndesc)) + gpg_error_t err; + if (!(err = classify_user_id (sl->d, desc+ndesc))) ndesc++; else log_error (_("key \"%s\" not found: %s\n"), - sl->d, g10_errstr (G10ERR_INV_USER_ID)); + sl->d, gpg_strerror (err)); } } Modified: trunk/g10/packet.h =================================================================== --- trunk/g10/packet.h 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/packet.h 2009-12-08 16:30:33 UTC (rev 5220) @@ -27,6 +27,7 @@ #include "cipher.h" #include "filter.h" #include "../common/openpgpdefs.h" +#include "../common/userids.h" #define DEBUG_PARSE_PACKET 1 @@ -151,14 +152,16 @@ #define ATTRIB_IMAGE 1 -/* This is the cooked form of attributes */ +/* This is the cooked form of attributes. */ struct user_attribute { byte type; const byte *data; u32 len; }; -typedef struct + +/* (See also keybox-search-desc.h) */ +struct gpg_pkt_user_id_s { int ref; /* reference counter */ int len; /* length of the name */ @@ -181,13 +184,16 @@ struct { /* TODO: Move more flags here */ - unsigned mdc:1; - unsigned ks_modify:1; - unsigned compacted:1; + unsigned int mdc:1; + unsigned int ks_modify:1; + unsigned int compacted:1; } flags; char name[1]; -} PKT_user_id; +}; +typedef struct gpg_pkt_user_id_s PKT_user_id; + + struct revoke_info { /* revoked at this date */ Modified: trunk/g10/pkclist.c =================================================================== --- trunk/g10/pkclist.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/pkclist.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -787,7 +787,7 @@ int trustlevel; if (!name || !*name) - return gpg_error (GPG_ERR_INV_NAME); + return gpg_error (GPG_ERR_INV_USER_ID); pk = xtrycalloc (1, sizeof *pk); if (!pk) Modified: trunk/g10/revoke.c =================================================================== --- trunk/g10/revoke.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/revoke.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -220,8 +220,9 @@ afx = new_armor_context (); kdbhd = keydb_new (0); - classify_user_id (uname, &desc); - rc = desc.mode? keydb_search (kdbhd, &desc, 1) : G10ERR_INV_USER_ID; + rc = classify_user_id (uname, &desc); + if (!rc) + rc = keydb_search (kdbhd, &desc, 1); if (rc) { log_error (_("key \"%s\" not found: %s\n"),uname, g10_errstr (rc)); goto leave; @@ -463,8 +464,9 @@ * We don't want the whole getkey stuff here but the entire keyblock */ kdbhd = keydb_new (1); - classify_user_id (uname, &desc); - rc = desc.mode? keydb_search (kdbhd, &desc, 1) : G10ERR_INV_USER_ID; + rc = classify_user_id (uname, &desc); + if (!rc) + rc = keydb_search (kdbhd, &desc, 1); if (rc) { log_error (_("secret key \"%s\" not found: %s\n"), Modified: trunk/g10/trustdb.c =================================================================== --- trunk/g10/trustdb.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/g10/trustdb.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -214,9 +214,11 @@ void register_trusted_key( const char *string ) { + gpg_error_t err; KEYDB_SEARCH_DESC desc; - if (classify_user_id (string, &desc) != KEYDB_SEARCH_MODE_LONG_KID ) + err = classify_user_id (string, &desc); + if (err || desc.mode != KEYDB_SEARCH_MODE_LONG_KID ) { log_error(_("`%s' is not a valid long keyID\n"), string ); return; Modified: trunk/kbx/keybox-search-desc.h =================================================================== --- trunk/kbx/keybox-search-desc.h 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/kbx/keybox-search-desc.h 2009-12-08 16:30:33 UTC (rev 5220) @@ -48,24 +48,31 @@ KEYDB_SEARCH_MODE_NEXT } KeydbSearchMode; -struct keydb_search_desc { + +/* Forwward declaration. See g10/packet.h. */ +struct gpg_pkt_user_id_s; +typedef struct gpg_pkt_user_id_s *gpg_pkt_user_id_t; + +/* A search descriptor. */ +struct keydb_search_desc +{ KeydbSearchMode mode; - int (*skipfnc)(void *,void*); /* used to be: void*, u32* */ + int (*skipfnc)(void *, u32 *, gpg_pkt_user_id_t); void *skipfncvalue; const unsigned char *sn; int snlen; /* -1 := sn is a hex string */ union { const char *name; unsigned char fpr[24]; - unsigned char kid[8]; + u32 kid[2]; /* Note that this is in native endianess. */ unsigned char grip[20]; } u; + int exact; /* Use exactly this key ('!' suffix in gpg). */ }; struct keydb_search_desc; typedef struct keydb_search_desc KEYDB_SEARCH_DESC; - typedef struct keydb_search_desc KEYBOX_SEARCH_DESC; Modified: trunk/kbx/keybox-search.c =================================================================== --- trunk/kbx/keybox-search.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/kbx/keybox-search.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -530,15 +530,29 @@ The has_foo functions are used as helpers for search */ static inline int -has_short_kid (KEYBOXBLOB blob, const unsigned char *kid) +has_short_kid (KEYBOXBLOB blob, u32 lkid) { - return blob_cmp_fpr_part (blob, kid+4, 16, 4); + unsigned char buf[4]; + buf[0] = lkid >> 24; + buf[1] = lkid >> 16; + buf[2] = lkid >> 8; + buf[3] = lkid; + return blob_cmp_fpr_part (blob, buf, 16, 4); } static inline int -has_long_kid (KEYBOXBLOB blob, const unsigned char *kid) +has_long_kid (KEYBOXBLOB blob, u32 mkid, u32 lkid) { - return blob_cmp_fpr_part (blob, kid, 12, 8); + unsigned char buf[8]; + buf[0] = mkid >> 24; + buf[1] = mkid >> 16; + buf[2] = mkid >> 8; + buf[3] = mkid; + buf[4] = lkid >> 24; + buf[5] = lkid >> 16; + buf[6] = lkid >> 8; + buf[7] = lkid; + return blob_cmp_fpr_part (blob, buf, 12, 8); } static inline int @@ -877,11 +891,11 @@ goto found; break; case KEYDB_SEARCH_MODE_SHORT_KID: - if (has_short_kid (blob, desc[n].u.kid)) + if (has_short_kid (blob, desc[n].u.kid[1])) goto found; break; case KEYDB_SEARCH_MODE_LONG_KID: - if (has_long_kid (blob, desc[n].u.kid)) + if (has_long_kid (blob, desc[n].u.kid[0], desc[n].u.kid[1])) goto found; break; case KEYDB_SEARCH_MODE_FPR: @@ -909,7 +923,7 @@ for (n=any_skip?0:ndesc; n < ndesc; n++) { /* if (desc[n].skipfnc */ -/* && desc[n].skipfnc (desc[n].skipfncvalue, aki)) */ +/* && desc[n].skipfnc (desc[n].skipfncvalue, aki, NULL)) */ /* break; */ } if (n == ndesc) Modified: trunk/sm/certlist.c =================================================================== --- trunk/sm/certlist.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/sm/certlist.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -301,7 +301,7 @@ KEYDB_HANDLE kh = NULL; ksba_cert_t cert = NULL; - rc = keydb_classify_name (name, &desc); + rc = classify_user_id (name, &desc); if (!rc) { kh = keydb_new (0); @@ -480,7 +480,7 @@ KEYDB_HANDLE kh = NULL; *r_cert = NULL; - rc = keydb_classify_name (name, &desc); + rc = classify_user_id (name, &desc); if (!rc) { kh = keydb_new (0); Modified: trunk/sm/delete.c =================================================================== --- trunk/sm/delete.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/sm/delete.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -45,7 +45,7 @@ int duplicates = 0; int is_ephem = 0; - rc = keydb_classify_name (username, &desc); + rc = classify_user_id (username, &desc); if (rc) { log_error (_("certificate `%s' not found: %s\n"), Modified: trunk/sm/export.c =================================================================== --- trunk/sm/export.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/sm/export.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -180,7 +180,7 @@ { for (ndesc=0, sl=names; sl; sl = sl->next) { - rc = keydb_classify_name (sl->d, desc+ndesc); + rc = classify_user_id (sl->d, desc+ndesc); if (rc) { log_error ("key `%s' not found: %s\n", @@ -359,7 +359,7 @@ goto leave; } - rc = keydb_classify_name (name, desc); + rc = classify_user_id (name, desc); if (rc) { log_error ("key `%s' not found: %s\n", Modified: trunk/sm/import.c =================================================================== --- trunk/sm/import.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/sm/import.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -452,7 +452,7 @@ stats->count++; - err = keydb_classify_name (line, &desc); + err = classify_user_id (line, &desc); if (err) { print_import_problem (ctrl, NULL, 0); Modified: trunk/sm/keydb.c =================================================================== --- trunk/sm/keydb.c 2009-12-08 12:43:27 UTC (rev 5219) +++ trunk/sm/keydb.c 2009-12-08 16:30:33 UTC (rev 5220) @@ -949,8 +949,8 @@ memset (&desc, 0, sizeof desc); desc.mode = KEYDB_SEARCH_MODE_LONG_KID; -/* desc.u.kid[0] = kid[0]; */ -/* desc.u.kid[1] = kid[1]; */ + desc.u.kid[0] = kid[0]; + desc.u.kid[1] = kid[1]; return keydb_search (hd, &desc, 1); } @@ -1016,284 +1016,6 @@ } -static int -classify_user_id (const char *name, - KEYDB_SEARCH_DESC *desc, - int *force_exact ) -{ - const char *s; - int hexprefix = 0; - int hexlength; - int mode = 0; - - /* clear the structure so that the mode field is set to zero unless - * we set it to the correct value right at the end of this function */ - memset (desc, 0, sizeof *desc); - *force_exact = 0; - /* Skip leading spaces. Fixme: what about trailing white space? */ - for(s = name; *s && spacep (s); s++ ) - ; - - switch (*s) - { - case 0: /* empty string is an error */ - return 0; - - case '.': /* an email address, compare from end */ - mode = KEYDB_SEARCH_MODE_MAILEND; - s++; - desc->u.name = s; - break; - - case '<': /* an email address */ - mode = KEYDB_SEARCH_MODE_MAIL; - s++; - desc->u.name = s; - break; - - case '@': /* part of an email address */ - mode = KEYDB_SEARCH_MODE_MAILSUB; - s++; - desc->u.name = s; - break; - - case '=': /* exact compare */ - mode = KEYDB_SEARCH_MODE_EXACT; - s++; - desc->u.name = s; - break; - - case '*': /* case insensitive substring search */ - mode = KEYDB_SEARCH_MODE_SUBSTR; - s++; - desc->u.name = s; - break; - - case '+': /* compare individual words */ - mode = KEYDB_SEARCH_MODE_WORDS; - s++; - desc->u.name = s; - break; - - case '/': /* subject's DN */ - s++; - if (!*s || spacep (s)) - return 0; /* no DN or prefixed with a space */ - desc->u.name = s; - mode = KEYDB_SEARCH_MODE_SUBJECT; - break; - - case '#': - { - const char *si; - - s++; - if ( *s == '/') - { /* "#/" indicates an issuer's DN */ - s++; - if (!*s || spacep (s)) - return 0; /* no DN or prefixed with a space */ - desc->u.name = s; - mode = KEYDB_SEARCH_MODE_ISSUER; - } - else - { /* serialnumber + optional issuer ID */ - for (si=s; *si && *si != '/'; si++) - { - if (!strchr("01234567890abcdefABCDEF", *si)) - return 0; /* invalid digit in serial number*/ - } - desc->sn = (const unsigned char*)s; - desc->snlen = -1; - if (!*si) - mode = KEYDB_SEARCH_MODE_SN; - else - { - s = si+1; - if (!*s || spacep (s)) - return 0; /* no DN or prefixed with a space */ - desc->u.name = s; - mode = KEYDB_SEARCH_MODE_ISSUER_SN; - } - } - } - break; - - case ':': /*Unified fingerprint */ - { - const char *se, *si; - int i; - - se = strchr (++s,':'); - if (!se) - return 0; - for (i=0,si=s; si < se; si++, i++ ) - { - if (!strchr("01234567890abcdefABCDEF", *si)) - return 0; /* invalid digit */ - } - if (i != 32 && i != 40) - return 0; /* invalid length of fpr*/ - for (i=0,si=s; si < se; i++, si +=2) - desc->u.fpr[i] = hextobyte(si); - for (; i < 20; i++) - desc->u.fpr[i]= 0; - s = se + 1; - mode = KEYDB_SEARCH_MODE_FPR; - } - break; - - case '&': /* Keygrip*/ - { - if (hex2bin (s+1, desc->u.grip, 20) < 0) - return 0; /* Invalid. */ - mode = KEYDB_SEARCH_MODE_KEYGRIP; - } - break; - - default: - if (s[0] == '0' && s[1] == 'x') - { - hexprefix = 1; - s += 2; - } - - hexlength = strspn(s, "0123456789abcdefABCDEF"); - if (hexlength >= 8 && s[hexlength] =='!') - { - *force_exact = 1; - hexlength++; /* just for the following check */ - } - - /* check if a hexadecimal number is terminated by EOS or blank */ - if (hexlength && s[hexlength] && !spacep (s+hexlength)) - { - if (hexprefix) /* a "0x" prefix without correct */ - return 0; /* termination is an error */ - /* The first chars looked like a hex number, but really is - not */ - hexlength = 0; - } - - if (*force_exact) - hexlength--; /* remove the bang */ - - if (hexlength == 8 - || (!hexprefix && hexlength == 9 && *s == '0')) - { /* short keyid */ - unsigned long kid; - if (hexlength == 9) - s++; - kid = strtoul( s, NULL, 16 ); - desc->u.kid[4] = kid >> 24; - desc->u.kid[5] = kid >> 16; - desc->u.kid[6] = kid >> 8; - desc->u.kid[7] = kid; - mode = KEYDB_SEARCH_MODE_SHORT_KID; - } - else if (hexlength == 16 - || (!hexprefix && hexlength == 17 && *s == '0')) - { /* complete keyid */ - unsigned long kid0, kid1; - char buf[9]; - if (hexlength == 17) - s++; - mem2str(buf, s, 9 ); - kid0 = strtoul (buf, NULL, 16); - kid1 = strtoul (s+8, NULL, 16); - desc->u.kid[0] = kid0 >> 24; - desc->u.kid[1] = kid0 >> 16; - desc->u.kid[2] = kid0 >> 8; - desc->u.kid[3] = kid0; - desc->u.kid[4] = kid1 >> 24; - desc->u.kid[5] = kid1 >> 16; - desc->u.kid[6] = kid1 >> 8; - desc->u.kid[7] = kid1; - mode = KEYDB_SEARCH_MODE_LONG_KID; - } - else if (hexlength == 32 - || (!hexprefix && hexlength == 33 && *s == '0')) - { /* md5 fingerprint */ - int i; - if (hexlength == 33) - s++; - memset(desc->u.fpr+16, 0, 4); - for (i=0; i < 16; i++, s+=2) - { - int c = hextobyte(s); - if (c == -1) - return 0; - desc->u.fpr[i] = c; - } - mode = KEYDB_SEARCH_MODE_FPR16; - } - else if (hexlength == 40 - || (!hexprefix && hexlength == 41 && *s == '0')) - { /* sha1/rmd160 fingerprint */ - int i; - if (hexlength == 41) - s++; - for (i=0; i < 20; i++, s+=2) - { - int c = hextobyte(s); - if (c == -1) - return 0; - desc->u.fpr[i] = c; - } - mode = KEYDB_SEARCH_MODE_FPR20; - } - else if (!hexprefix) - { - /* The fingerprint in an X.509 listing is often delimited by - colons, so we try to single this case out. */ - mode = 0; - hexlength = strspn (s, ":0123456789abcdefABCDEF"); - if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) - { - int i; - - for (i=0; i < 20; i++, s += 3) - { - int c = hextobyte(s); - if (c == -1 || (i < 19 && s[2] != ':')) - break; - desc->u.fpr[i] = c; - } - if (i == 20) - mode = KEYDB_SEARCH_MODE_FPR20; - } - if (!mode) /* default is substring search */ - { - *force_exact = 0; - desc->u.name = s; - mode = KEYDB_SEARCH_MODE_SUBSTR; - } - } - else - { /* hex number with a prefix but a wrong length */ - return 0; - } - } - - desc->mode = mode; - return mode; -} - - -int -keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc) -{ - int dummy; - KEYDB_SEARCH_DESC dummy_desc; - - if (!desc) - desc = &dummy_desc; - - if (!classify_user_id (name, desc, &dummy)) - return gpg_error (GPG_ERR_INV_NAME); - return 0; -} - /* Store the certificate in the key DB but make sure that it does not already exists. We do this simply by comparing the fingerprint. @@ -1483,7 +1205,7 @@ { for (ndesc=0, sl=names; sl; sl = sl->next) { - rc = keydb_classify_name (sl->d, desc+ndesc); From cvs at cvs.gnupg.org Tue Dec 8 18:28:11 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 18:28:11 +0100 Subject: [svn] assuan - r332 - trunk/doc Message-ID: Author: marcus Date: 2009-12-08 18:28:11 +0100 (Tue, 08 Dec 2009) New Revision: 332 Modified: trunk/doc/ChangeLog trunk/doc/assuan.texi Log: 2009-12-08 Marcus Brinkmann * assuan.texi: Use our own copy of the setfont macro, as it takes an extra argument since texinfo 4.13. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2009-12-08 15:25:14 UTC (rev 331) +++ trunk/doc/ChangeLog 2009-12-08 17:28:11 UTC (rev 332) @@ -1,5 +1,8 @@ 2009-12-08 Marcus Brinkmann + * assuan.texi: Use our own copy of the setfont macro, as it takes + an extra argument since texinfo 4.13. + * assuan.texi (Contexts): Document ASSUAN_SPAWN_DETACHED. 2009-11-25 Marcus Brinkmann Modified: trunk/doc/assuan.texi =================================================================== --- trunk/doc/assuan.texi 2009-12-08 15:25:14 UTC (rev 331) +++ trunk/doc/assuan.texi 2009-12-08 17:28:11 UTC (rev 332) @@ -55,7 +55,8 @@ @c Change the font used for @def... commands, since the default @c proportional one used is bad for names starting __. @tex -\global\setfont\defbf\ttbshape{10}{\magstep1} +\gdef\mysetfont#1#2#3#4{\font#1=\fontprefix#2#3 scaled #4} +\global\mysetfont\defbf\ttbshape{10}{\magstep1} @end tex @c %**end of header From cvs at cvs.gnupg.org Tue Dec 8 19:11:48 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 19:11:48 +0100 Subject: [svn] GnuPG - r5221 - trunk/common Message-ID: Author: marcus Date: 2009-12-08 19:11:48 +0100 (Tue, 08 Dec 2009) New Revision: 5221 Modified: trunk/common/ChangeLog trunk/common/Makefile.am Log: 2009-12-08 Marcus Brinkmann * Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No longer include these rules if not in maintainer mode. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2009-12-08 16:30:33 UTC (rev 5220) +++ trunk/common/ChangeLog 2009-12-08 18:11:48 UTC (rev 5221) @@ -1,3 +1,8 @@ +2009-12-08 Marcus Brinkmann + + * Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No + longer include these rules if not in maintainer mode. + 2009-12-08 Werner Koch * userids.h, userids.c: New. Modified: trunk/common/Makefile.am =================================================================== --- trunk/common/Makefile.am 2009-12-08 16:30:33 UTC (rev 5220) +++ trunk/common/Makefile.am 2009-12-08 18:11:48 UTC (rev 5221) @@ -97,6 +97,10 @@ libgpgrl_a_SOURCES = \ gpgrlhelp.c +if MAINTAINER_MODE +# Note: Due to the dependency on Makefile, the file will always be +# rebuilt, so we allow this only in maintainer mode. + # Create the audit-events.h include file from audit.h # Note: We create the target file in the source directory because it # is a distributed built source. If we would not do that we may end @@ -112,8 +116,8 @@ $(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \ -v namespace=statusstr_ > $(srcdir)/$@ +endif - # # Module tests # From cvs at cvs.gnupg.org Tue Dec 8 21:21:25 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 21:21:25 +0100 Subject: [svn] ksba - r314 - in trunk: . m4 src Message-ID: Author: marcus Date: 2009-12-08 21:21:21 +0100 (Tue, 08 Dec 2009) New Revision: 314 Added: trunk/m4/ltoptions.m4 trunk/m4/ltsugar.m4 trunk/m4/ltversion.m4 trunk/m4/lt~obsolete.m4 Modified: trunk/ChangeLog trunk/configure.ac trunk/ltmain.sh trunk/m4/libtool.m4 trunk/src/ChangeLog trunk/src/Makefile.am Log: 2009-12-08 Marcus Brinkmann Update to libtool 2.2.6a. * configure.ac: Invoke AC_CONFIG_MACRO_DIR. (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... (LT_PREREQ, LT_INIT, LT_LANG): ... these. * config.guess, config.sub, install-sh, ltmain.sh, m4/libtool.m4: Updated to libtool 2.2.6a. * m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: New files from libtool 2.2.6a. src/ 2009-12-08 Marcus Brinkmann * src/Makefile.am (LTRCCOMPILE): Refactor with ... (RCCOMPILE): ... this new macro. Add $(libksba_la_CPPFLAGS). (SUFFIXES): Add .lo. (.rc.o): Change to ... (.rc.lo): ... this implicit rule. (ksba_res_ldflag): Removed. (libksba_la_LDFLAGS): Remove ksba_res_ldflag usage. (libksba_la_LIBADD): Add ksba_res. [The diff below has been truncated] Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-12-08 15:30:22 UTC (rev 313) +++ trunk/ChangeLog 2009-12-08 20:21:21 UTC (rev 314) @@ -1,5 +1,16 @@ 2009-12-08 Marcus Brinkmann + Update to libtool 2.2.6a. + * configure.ac: Invoke AC_CONFIG_MACRO_DIR. + (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... + (LT_PREREQ, LT_INIT, LT_LANG): ... these. + * config.guess, config.sub, install-sh, ltmain.sh, m4/libtool.m4: + Updated to libtool 2.2.6a. + * m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, + m4/lt~obsolete.m4: New files from libtool 2.2.6a. + +2009-12-08 Marcus Brinkmann + * configure.ac: Allow cross compiling to be "maybe". 2009-07-03 Werner Koch Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 15:30:22 UTC (rev 313) +++ trunk/src/ChangeLog 2009-12-08 20:21:21 UTC (rev 314) @@ -1,3 +1,14 @@ +2009-12-08 Marcus Brinkmann + + * src/Makefile.am (LTRCCOMPILE): Refactor with ... + (RCCOMPILE): ... this new macro. Add $(libksba_la_CPPFLAGS). + (SUFFIXES): Add .lo. + (.rc.o): Change to ... + (.rc.lo): ... this implicit rule. + (ksba_res_ldflag): Removed. + (libksba_la_LDFLAGS): Remove ksba_res_ldflag usage. + (libksba_la_LIBADD): Add ksba_res. + 2009-07-02 Werner Koch * util.c (_ksba_ascii_memcasecmp, ascii_toupper): New. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2009-12-08 15:30:22 UTC (rev 313) +++ trunk/configure.ac 2009-12-08 20:21:21 UTC (rev 314) @@ -55,11 +55,15 @@ AC_CONFIG_SRCDIR([src/ksba.h]) AM_INIT_AUTOMAKE($PACKAGE, $VERSION) AM_CONFIG_HEADER(config.h) +AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_HOST AB_INIT AC_GNU_SOURCE +LT_PREREQ([2.2.6]) +LT_INIT([win32-dll disable-static]) +LT_LANG([Windows Resource]) AM_MAINTAINER_MODE @@ -96,9 +100,6 @@ AC_PROG_YACC AC_C_INLINE -AC_LIBTOOL_WIN32_DLL -AC_LIBTOOL_RC -AM_PROG_LIBTOOL # This is handy for debugging so the compiler doesn't rearrange # things and eliminate variables. Modified: trunk/ltmain.sh =================================================================== --- trunk/ltmain.sh 2009-12-08 15:30:22 UTC (rev 313) +++ trunk/ltmain.sh 2009-12-08 20:21:21 UTC (rev 314) @@ -1,31 +1,175 @@ -# ltmain.sh - Provide generalized library-building support services. -# NOTE: Changing this file will not affect anything until you rerun configure. -# -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005 -# Free Software Foundation, Inc. -# Originally by Gordon Matzigkeit , 1996 -# -# This program is free software; you can redistribute it and/or modify +# Generated from ltmain.m4sh. + +# ltmain.sh (GNU libtool) 2.2.6 +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, but +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see . +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, +# or obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# Usage: $progname [OPTION]... [MODE-ARG]... # -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# Provide generalized library-building support services. +# +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print informational messages (default) +# --version print version information +# -h, --help print short or long help message +# +# MODE must be one of the following: +# +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory +# +# MODE-ARGS vary depending on the MODE. +# Try `$progname --help --mode=MODE' for a more detailed description of MODE. +# +# When reporting a bug, please describe a test case to reproduce it and +# include the following information: +# +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.2.6 Debian-2.2.6a-4 +# automake: $automake_version +# autoconf: $autoconf_version +# +# Report bugs to . -basename="s,^.*/,,g" +PROGRAM=ltmain.sh +PACKAGE=libtool +VERSION="2.2.6 Debian-2.2.6a-4" +TIMESTAMP="" +package_revision=1.3012 +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# NLS nuisances: We save the old values to restore during execute mode. +# Only set LANG and LC_ALL to C if already set. +# These must not be set unconditionally because not all systems understand +# e.g. LANG=C (notably SCO). +lt_user_locale= +lt_safe_locale= +for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test \"\${$lt_var+set}\" = set; then + save_$lt_var=\$$lt_var + $lt_var=C + export $lt_var + lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" + lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" + fi" +done + +$lt_unset CDPATH + + + + + +: ${CP="cp -f"} +: ${ECHO="echo"} +: ${EGREP="/bin/grep -E"} +: ${FGREP="/bin/grep -F"} +: ${GREP="/bin/grep"} +: ${LN_S="ln -s"} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SED="/bin/sed"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} +: ${Xsed="$SED -e 1s/^X//"} + +# Global variables: +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +exit_status=$EXIT_SUCCESS + +# Make sure IFS has a sensible default +lt_nl=' +' +IFS=" $lt_nl" + +dirname="s,/[^/]*$,," +basename="s,^.*/,," + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi + func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` +} + +# Generated shell functions inserted here. + # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special @@ -34,113 +178,175 @@ progpath="$0" # The name of this program: -progname=`echo "$progpath" | $SED $basename` -modename="$progname" +# In the unlikely event $progname began with a '-', it would play havoc with +# func_echo (imagine progname=-n), so we prepend ./ in that case: +func_dirname_and_basename "$progpath" +progname=$func_basename_result +case $progname in + -*) progname=./$progname ;; +esac -# Global variables: -EXIT_SUCCESS=0 -EXIT_FAILURE=1 +# Make sure we have an absolute path for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=$func_dirname_result + progdir=`cd "$progdir" && pwd` + progpath="$progdir/$progname" + ;; + *) + save_IFS="$IFS" + IFS=: + for progdir in $PATH; do + IFS="$save_IFS" + test -x "$progdir/$progname" && break + done + IFS="$save_IFS" + test -n "$progdir" || progdir=`pwd` + progpath="$progdir/$progname" + ;; +esac -PROGRAM=ltmain.sh -PACKAGE=libtool -VERSION="1.5.22 Debian 1.5.22-2" -TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)" +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed="${SED}"' -e 1s/^X//' +sed_quote_subst='s/$[`"$\\]$/\\\1/g' -# See if we are running on zsh, and set the options which allow our -# commands through without removal of \ escapes. -if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST -fi +# Same as above, but do not quote variable references. +double_quote_subst='s/$["`\\]$/\\\1/g' -# Check that we have a working $echo. -if test "X$1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X$1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then - # Yippee, $echo works! - : -else - # Restart under the correct shell, and then maybe $echo will work. - exec $SHELL "$progpath" --no-reexec ${1+"$@"} -fi +# Re-`\' parameter expansions in output of double_quote_subst that were +# `\'-ed in input to the same. If an odd number of `\' preceded a '$' +# in input to double_quote_subst, that '$' was protected from expansion. +# Since each input `\' is now two `\'s, look for any number of runs of +# four `\'s followed by two `\'s and then a '$'. `\' that '$'. +bs='\\' +bs2='\\\\' +bs4='\\\\\\\\' +dollar='\$' +sed_double_backslash="\ + s/$bs4/&\\ +/g + s/^$bs2$dollar/$bs&/ + s/\$[^$bs]\$$bs2$dollar/\\1$bs2$bs$dollar/g + s/\n//g" -if test "X$1" = X--fallback-echo; then - # used as fallback echo - shift - cat <&2 +} -if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then - $echo "$modename: not configured to build any kind of library" 1>&2 - $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 - exit $EXIT_FAILURE -fi +# func_warning arg... +# Echo program name prefixed warning message to standard error. +func_warning () +{ + $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2 -# Global variables. -mode=$default_mode -nonopt= -prev= -prevopt= -run= -show="$echo" -show_help= -execute_dlfiles= -duplicate_deps=no -preserve_args= -lo2o="s/\\.lo\$/.${objext}/" -o2lo="s/\\.${objext}\$/.lo/" + # bash bug again: + : +} -##################################### -# Shell function definitions: -# This seems to be the best place for them +# func_fatal_error arg... +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + func_error ${1+"$@"} + exit $EXIT_FAILURE +} +# func_fatal_help arg... +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + func_error ${1+"$@"} + func_fatal_error "$help" +} +help="Try \`$progname --help' for more information." ## default + + +# func_grep expression filename +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_mkdir_p directory-path +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + my_directory_path="$1" + my_dir_list= + + if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + + # Protect directory names starting with `-' + case $my_directory_path in + -*) my_directory_path="./$my_directory_path" ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$my_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + my_dir_list="$my_directory_path:$my_dir_list" + + # If the last portion added has no slash in it, the list is done + case $my_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"` + done + my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'` + + save_mkdir_p_IFS="$IFS"; IFS=':' + for my_dir in $my_dir_list; do + IFS="$save_mkdir_p_IFS" + # mkdir can fail with a `File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$my_dir" 2>/dev/null || : + done + IFS="$save_mkdir_p_IFS" + + # Bail out if we (or some other process) failed to create a directory. + test -d "$my_directory_path" || \ + func_fatal_error "Failed to create \`$1'" + fi +} + + # func_mktempdir [string] # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If @@ -149,7 +355,7 @@ { my_template="${TMPDIR-/tmp}/${1-$progname}" - if test "$run" = ":"; then + if test "$opt_dry_run" = ":"; then # Return a directory name, but don't create it in dry-run mode my_tmpdir="${my_template}-$$" else @@ -158,469 +364,743 @@ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` if test ! -d "$my_tmpdir"; then - # Failing that, at least try and use $RANDOM to avoid a race - my_tmpdir="${my_template}-${RANDOM-0}$$" + # Failing that, at least try and use $RANDOM to avoid a race + my_tmpdir="${my_template}-${RANDOM-0}$$" - save_mktempdir_umask=`umask` - umask 0077 - $mkdir "$my_tmpdir" - umask $save_mktempdir_umask + save_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$my_tmpdir" + umask $save_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure - test -d "$my_tmpdir" || { - $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2 - exit $EXIT_FAILURE - } + test -d "$my_tmpdir" || \ + func_fatal_error "cannot create temporary directory \`$my_tmpdir'" fi - $echo "X$my_tmpdir" | $Xsed + $ECHO "X$my_tmpdir" | $Xsed } -# func_win32_libid arg -# return the library type of file 'arg' -# -# Need a lot of goo to handle *both* DLLs and import libs -# Has to be a shell function in order to 'eat' the argument -# that is supplied when $file_magic_command is called. -func_win32_libid () +# func_quote_for_eval arg +# Aesthetically quote ARG to be evaled later. +# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT +# is double-quoted, suitable for a subsequent eval, whereas +# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters +# which are still active within double quotes backslashified. +func_quote_for_eval () { - win32_libid_type="unknown" - win32_fileres=`file -L $1 2>/dev/null` - case $win32_fileres in - *ar\ archive\ import\ library*) # definitely import - win32_libid_type="x86 archive import" - ;; - *ar\ archive*) # could be an import, or static - if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \ - $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then - win32_nmres=`eval $NM -f posix -A $1 | \ - $SED -n -e '1,100{/ I /{s,.*,import,;p;q;};}'` - case $win32_nmres in - import*) win32_libid_type="x86 archive import";; - *) win32_libid_type="x86 archive static";; - esac - fi - ;; - *DLL*) - win32_libid_type="x86 DLL" - ;; - *executable*) # but shell scripts are "executable" too... - case $win32_fileres in - *MS\ Windows\ PE\ Intel*) - win32_libid_type="x86 DLL" - ;; + case $1 in + *[\\\`\"\$]*) + func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;; + *) + func_quote_for_eval_unquoted_result="$1" ;; esac - ;; - esac - $echo $win32_libid_type + + case $func_quote_for_eval_unquoted_result in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and and variable + # expansion for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" + ;; + *) + func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" + esac } -# func_infer_tag arg -# Infer tagged configuration to use if any are available and -# if one wasn't chosen via the "--tag" command line option. -# Only attempt this if the compiler in the base compile -# command doesn't match the default compiler. -# arg is usually of the form 'gcc ...' -func_infer_tag () +# func_quote_for_expand arg +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () { - if test -n "$available_tags" && test -z "$tagname"; then - CC_quoted= - for arg in $CC; do - case $arg in - *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - CC_quoted="$CC_quoted $arg" - done - case $@ in - # Blanks in the command may have been stripped by the calling shell, - # but not from the CC environment variable when configure was run. - " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;; - # Blanks at the start of $base_compile will cause this to fail - # if we don't check for them as well. + case $1 in + *[\\\`\"]*) + my_arg=`$ECHO "X$1" | $Xsed \ + -e "$double_quote_subst" -e "$sed_double_backslash"` ;; *) - for z in $available_tags; do - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then - # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" - CC_quoted= - for arg in $CC; do - # Double-quote args containing other shell metacharacters. - case $arg in - *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - CC_quoted="$CC_quoted $arg" - done - case "$@ " in - " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) - # The compiler in the base compile command matches - # the one in the tagged configuration. - # Assume this is the tagged configuration we want. - tagname=$z - break - ;; - esac - fi - done - # If $tagname still isn't set, then no tagged configuration - # was found and let the user know that the "--tag" command - # line option must be used. - if test -z "$tagname"; then - $echo "$modename: unable to infer tagged configuration" - $echo "$modename: specify a tag with \`--tag'" 1>&2 - exit $EXIT_FAILURE -# else -# $echo "$modename: using $tagname tagged configuration" - fi - ;; - esac - fi + my_arg="$1" ;; + esac + + case $my_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + my_arg="\"$my_arg\"" + ;; + esac + + func_quote_for_expand_result="$my_arg" } -# func_extract_an_archive dir oldlib -func_extract_an_archive () +# func_show_eval cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () { - f_ex_an_ar_dir="$1"; shift - f_ex_an_ar_oldlib="$1" + my_cmd="$1" + my_fail_exp="${2-:}" - $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)" - $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $? - if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then - : - else - $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2 - exit $EXIT_FAILURE + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$my_cmd" + my_status=$? + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi fi } -# func_extract_archives gentop oldlib ... -func_extract_archives () + +# func_show_eval_locale cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () { - my_gentop="$1"; shift - my_oldlibs=${1+"$@"} - my_oldobjs="" - my_xlib="" - my_xabs="" - my_xdir="" - my_status="" + my_cmd="$1" + my_fail_exp="${2-:}" - $show "${rm}r $my_gentop" - $run ${rm}r "$my_gentop" - $show "$mkdir $my_gentop" - $run $mkdir "$my_gentop" - my_status=$? - if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then - exit $my_status + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$lt_user_locale + $my_cmd" + my_status=$? + eval "$lt_safe_locale" + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi fi +} - for my_xlib in $my_oldlibs; do - # Extract the objects. - case $my_xlib in - [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; - *) my_xabs=`pwd`"/$my_xlib" ;; - esac - my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` - my_xdir="$my_gentop/$my_xlib" - $show "${rm}r $my_xdir" - $run ${rm}r "$my_xdir" - $show "$mkdir $my_xdir" - $run $mkdir "$my_xdir" - exit_status=$? - if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then - exit $exit_status - fi - case $host in - *-darwin*) - $show "Extracting $my_xabs" - # Do not bother doing anything if just a dry run - if test -z "$run"; then - darwin_orig_dir=`pwd` - cd $my_xdir || exit $? - darwin_archive=$my_xabs - darwin_curdir=`pwd` - darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'` - darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null` - if test -n "$darwin_arches"; then - darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'` - darwin_arch= - $show "$darwin_base_archive has multiple architectures $darwin_arches" - for darwin_arch in $darwin_arches ; do - mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}" - lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" - cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" - func_extract_an_archive "`pwd`" "${darwin_base_archive}" - cd "$darwin_curdir" - $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" - done # $darwin_arches - ## Okay now we have a bunch of thin objects, gotta fatten them up :) - darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP` - darwin_file= - darwin_files= - for darwin_file in $darwin_filelist; do - darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` - lipo -create -output "$darwin_file" $darwin_files - done # $darwin_filelist - ${rm}r unfat-$$ - cd "$darwin_orig_dir" - else - cd "$darwin_orig_dir" - func_extract_an_archive "$my_xdir" "$my_xabs" - fi # $darwin_arches - fi # $run - ;; - *) - func_extract_an_archive "$my_xdir" "$my_xabs" - ;; - esac - my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` - done - func_extract_archives_result="$my_oldobjs" + + + +# func_version +# Echo version message to standard output and exit. +func_version () +{ + $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / { + s/^# // + s/^# *$// + s/$(C)$[ 0-9,-]*$ [1-9][0-9]*$/\1\2/ + p + }' < "$progpath" + exit $? } -# End of Shell function definitions -##################################### -# Darwin sucks -eval std_shrext=\"$shrext_cmds\" +# func_usage +# Echo short help message to standard output and exit. +func_usage () +{ + $SED -n '/^# Usage:/,/# -h/ { + s/^# // + s/^# *$// + s/\$progname/'$progname'/ + p + }' < "$progpath" + $ECHO + $ECHO "run \`$progname --help | more' for full usage" + exit $? +} -disable_libs=no +# func_help +# Echo long help message to standard output and exit. +func_help () +{ + $SED -n '/^# Usage:/,/# Report bugs to/ { + s/^# // + s/^# *$// + s*\$progname*'$progname'* + s*\$host*'"$host"'* + s*\$SHELL*'"$SHELL"'* + s*\$LTCC*'"$LTCC"'* + s*\$LTCFLAGS*'"$LTCFLAGS"'* + s*\$LD*'"$LD"'* + s/\$with_gnu_ld/'"$with_gnu_ld"'/ + s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + p + }' < "$progpath" + exit $? +} -# Parse our command line options once, thoroughly. -while test "$#" -gt 0 -do - arg="$1" +# func_missing_arg argname +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + func_error "missing argument for $1" + exit_cmd=exit +} + +exit_cmd=: + + + + + +# Check that we have a working $ECHO. +if test "X$1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. shift +elif test "X$1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then + # Yippee, $ECHO works! + : +else + # Restart under the correct shell, and then maybe $ECHO will work. + exec $SHELL "$progpath" --no-reexec ${1+"$@"} +fi - case $arg in - -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac +if test "X$1" = X--fallback-echo; then + # used as fallback echo + shift + cat <&2 - exit $EXIT_FAILURE - ;; - esac +# Global variables. +# $mode is unset +nonopt= +execute_dlfiles= +preserve_args= +lo2o="s/\\.lo\$/.${objext}/" +o2lo="s/\\.${objext}\$/.lo/" +extracted_archives= +extracted_serial=0 - case $tagname in - CC) - # Don't test for the "default" C tag, as we know, it's there, but - # not specially marked. - ;; - *) - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then - taglist="$taglist $tagname" - # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`" - else - $echo "$progname: ignoring unknown tag $tagname" 1>&2 - fi - ;; - esac - ;; - *) - eval "$prev=\$arg" - ;; - esac +opt_dry_run=false +opt_duplicate_deps=false +opt_silent=false +opt_debug=: - prev= - prevopt= - continue - fi +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= - # Have we seen a non-optional argument yet? - case $arg in - --help) - show_help=yes - ;; +# func_fatal_configuration arg... +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func_error ${1+"$@"} + func_error "See the $PACKAGE documentation for more information." + func_fatal_error "Fatal configuration error." +} - --version) - $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP" - $echo - $echo "Copyright (C) 2005 Free Software Foundation, Inc." - $echo "This is free software; see the source for copying conditions. There is NO" - $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - exit $? - ;; - --config) - ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath +# func_config +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + # Now print the configurations for the tags. for tagname in $taglist; do - ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath" + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" done + exit $? - ;; +} - --debug) - $echo "$progname: enabling shell trace mode" - set -x - preserve_args="$preserve_args $arg" - ;; - - --dry-run | -n) - run=: - ;; - - --features) - $echo "host: $host" +# func_features +# Display the features supported by this script. +func_features () +{ + $ECHO "host: $host" if test "$build_libtool_libs" = yes; then - $echo "enable shared libraries" + $ECHO "enable shared libraries" else - $echo "disable shared libraries" + $ECHO "disable shared libraries" fi if test "$build_old_libs" = yes; then - $echo "enable static libraries" + $ECHO "enable static libraries" else - $echo "disable static libraries" + $ECHO "disable static libraries" fi + exit $? - ;; +} - --finish) mode="finish" ;; +# func_enable_tag tagname +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname="$1" - --mode) prevopt="--mode" prev=mode ;; - --mode=*) mode="$optarg" ;; + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf="/$re_begincf/,/$re_endcf/p" - --preserve-dup-deps) duplicate_deps="yes" ;; + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac - --quiet | --silent) - show=: - preserve_args="$preserve_args $arg" - ;; + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" - --tag) - prevopt="--tag" - prev=tag - preserve_args="$preserve_args --tag" + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + +# Parse options once, thoroughly. This comes as soon as possible in +# the script to make things like `libtool --version' happen quickly. +{ + + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift ;; - --tag=*) - set tag "$optarg" ${1+"$@"} - shift - prev=tag - preserve_args="$preserve_args --tag" + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift ;; - - -dlopen) - prevopt="-dlopen" - prev=execute_dlfiles + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift ;; - - -*) - $echo "$modename: unrecognized option \`$arg'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift ;; - - *) - nonopt="$arg" - break + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; esac -done -if test -n "$prevopt"; then - $echo "$modename: option \`$prevopt' requires an argument" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE -fi + # Parse non-mode specific arguments: + while test "$#" -gt 0; do + opt="$1" + shift -case $disable_libs in -no) - ;; -shared) - build_libtool_libs=no - build_old_libs=yes - ;; -static) - build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` - ;; -esac + case $opt in + --config) func_config ;; -# If this variable is set in any of the actions, the command in it -# will be execed at the end. This prevents here-documents from being -# left over by shells. -exec_cmd= + --debug) preserve_args="$preserve_args $opt" + func_echo "enabling shell trace mode" + opt_debug='set -x' + $opt_debug + ;; -if test -z "$show_help"; then + -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break + execute_dlfiles="$execute_dlfiles $1" + shift + ;; - # Infer the operation mode. - if test -z "$mode"; then - $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2 - $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2 - case $nonopt in - *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*) - mode=link - for arg - do - case $arg in - -c) - mode=compile - break - ;; - esac - done + --dry-run | -n) opt_dry_run=: ;; + --features) func_features ;; + --finish) mode="finish" ;; + + --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break + case $1 in + # Valid mode arguments: + clean) ;; + compile) ;; + execute) ;; + finish) ;; + install) ;; + link) ;; + relink) ;; + uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $opt" + exit_cmd=exit + break + ;; + esac + + mode="$1" + shift + ;; + + --preserve-dup-deps) + opt_duplicate_deps=: ;; + + --quiet|--silent) preserve_args="$preserve_args $opt" + opt_silent=: + ;; + + --verbose| -v) preserve_args="$preserve_args $opt" + opt_silent=false + ;; + + --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break + preserve_args="$preserve_args $opt $1" + func_enable_tag "$1" # tagname is set here + shift + ;; + + # Separate optargs to long options: + -dlopen=*|--mode=*|--tag=*) + func_opt_split "$opt" + set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"} + shift + ;; + + -\?|-h) func_usage ;; + --help) opt_help=: ;; + --version) func_version ;; + + -*) func_fatal_help "unrecognized option \`$opt'" ;; + + *) nonopt="$opt" + break + ;; + esac + done + + + case $host in + *cygwin* | *mingw* | *pw32* | *cegcc*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: ;; - *db | *dbx | *strace | *truss) - mode=execute + *) + opt_duplicate_compiler_generated_deps=$opt_duplicate_deps ;; - *install*|cp|mv) - mode=install - ;; - *rm) - mode=uninstall - ;; - *) - # If we have no mode, but dlfiles were specified, then do execute mode. - test -n "$execute_dlfiles" && mode=execute + esac - # Just use the default operation mode. - if test -z "$mode"; then - if test -n "$nonopt"; then - $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2 - else - $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2 - fi + # Having warned about all mis-specified options, bail out if + # anything was wrong. + $exit_cmd $EXIT_FAILURE +} + +# func_check_version_match +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF fi - ;; - esac + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH fi +} + +## ----------- ## +## Main. ## +## ----------- ## + +$opt_help || { + # Sanity checks first: + func_check_version_match + + if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then + func_fatal_configuration "not configured to build any kind of library" + fi + + test -z "$mode" && func_fatal_error "error: you must specify a MODE." + + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. if test -n "$execute_dlfiles" && test "$mode" != execute; then - $echo "$modename: unrecognized option \`-dlopen'" 1>&2 - $echo "$help" 1>&2 + func_error "unrecognized option \`-dlopen'" + $ECHO "$help" 1>&2 exit $EXIT_FAILURE fi # Change the help message to a mode-specific one. generic_help="$help" - help="Try \`$modename --help --mode=$mode' for more information." + help="Try \`$progname --help --mode=$mode' for more information." +} - # These modes are in order of execution frequency so that they run quickly. - case $mode in - # libtool compile mode - compile) - modename="$modename: compile" + +# func_lalib_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null \ + | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if `file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case "$lalib_p_line" in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test "$lalib_p" = yes +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + func_lalib_p "$1" +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_ltwrapper_scriptname_result="" + if func_ltwrapper_executable_p "$1"; then + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" + fi +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $opt_debug From cvs at cvs.gnupg.org Tue Dec 8 21:36:39 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 21:36:39 +0100 Subject: [svn] gcry - r1409 - in trunk: . m4 src Message-ID: Author: marcus Date: 2009-12-08 21:36:35 +0100 (Tue, 08 Dec 2009) New Revision: 1409 Added: trunk/m4/ltoptions.m4 trunk/m4/ltsugar.m4 trunk/m4/ltversion.m4 trunk/m4/lt~obsolete.m4 Modified: trunk/ChangeLog trunk/configure.ac trunk/ltmain.sh trunk/m4/libtool.m4 trunk/src/ChangeLog trunk/src/Makefile.am Log: 2009-12-08 Marcus Brinkmann Update to libtool 2.2.6a. * configure.ac: Invoke AC_CONFIG_MACRO_DIR. (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... (LT_PREREQ, LT_INIT, LT_LANG): ... these. * config.guess, config.sub, install-sh, ltmain.sh, m4/libtool.m4: Updated to libtool 2.2.6a. * m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: New files from libtool 2.2.6a. src/ 2009-12-08 Marcus Brinkmann * Makefile.am (LTRCCOMPILE): Refactor with ... (RCCOMPILE): ... this new macro. Add $(libgcrypt_la_CPPFLAGS). (SUFFIXES): Add .lo. (.rc.o): Change to ... (.rc.lo): ... this implicit rule. (gcrypt_res_ldflag): Removed. (gcrypt_res): Use libtool object file name here. (libgcrypt_la_LDFLAGS): Remove gcrypt_res_ldflag usage. (libgcrypt_la_LIBADD): Add gcrypt_res. [The diff below has been truncated] Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-11-29 13:10:17 UTC (rev 1408) +++ trunk/ChangeLog 2009-12-08 20:36:35 UTC (rev 1409) @@ -1,3 +1,14 @@ +2009-12-08 Marcus Brinkmann + + Update to libtool 2.2.6a. + * configure.ac: Invoke AC_CONFIG_MACRO_DIR. + (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... + (LT_PREREQ, LT_INIT, LT_LANG): ... these. + * config.guess, config.sub, install-sh, ltmain.sh, m4/libtool.m4: + Updated to libtool 2.2.6a. + * m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, + m4/lt~obsolete.m4: New files from libtool 2.2.6a. + 2009-08-05 Werner Koch * configure.ac: Test for sys/msg.h. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-11-29 13:10:17 UTC (rev 1408) +++ trunk/src/ChangeLog 2009-12-08 20:36:35 UTC (rev 1409) @@ -1,3 +1,15 @@ +2009-12-08 Marcus Brinkmann + + * Makefile.am (LTRCCOMPILE): Refactor with ... + (RCCOMPILE): ... this new macro. Add $(libgcrypt_la_CPPFLAGS). + (SUFFIXES): Add .lo. + (.rc.o): Change to ... + (.rc.lo): ... this implicit rule. + (gcrypt_res_ldflag): Removed. + (gcrypt_res): Use libtool object file name here. + (libgcrypt_la_LDFLAGS): Remove gcrypt_res_ldflag usage. + (libgcrypt_la_LIBADD): Add gcrypt_res. + 2009-11-29 Werner Koch * hwfeatures.c (detect_ia32_gnuc): Repalce "=r" by "+r" so that Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2009-11-29 13:10:17 UTC (rev 1408) +++ trunk/configure.ac 2009-12-08 20:36:35 UTC (rev 1409) @@ -57,6 +57,7 @@ AC_CONFIG_SRCDIR([src/libgcrypt.vers]) AM_INIT_AUTOMAKE($PACKAGE, $VERSION) AM_CONFIG_HEADER(config.h) +AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_HOST AM_MAINTAINER_MODE @@ -132,9 +133,9 @@ AC_PROG_INSTALL AC_PROG_AWK -AC_LIBTOOL_WIN32_DLL -AC_LIBTOOL_RC -AM_PROG_LIBTOOL +LT_PREREQ([2.2.6]) +LT_INIT([win32-dll disable-static]) +LT_LANG([Windows Resource]) ########################## Modified: trunk/ltmain.sh =================================================================== --- trunk/ltmain.sh 2009-11-29 13:10:17 UTC (rev 1408) +++ trunk/ltmain.sh 2009-12-08 20:36:35 UTC (rev 1409) @@ -1,31 +1,175 @@ -# ltmain.sh - Provide generalized library-building support services. -# NOTE: Changing this file will not affect anything until you rerun configure. -# -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005 -# Free Software Foundation, Inc. -# Originally by Gordon Matzigkeit , 1996 -# -# This program is free software; you can redistribute it and/or modify +# Generated from ltmain.m4sh. + +# ltmain.sh (GNU libtool) 2.2.6 +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, but +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, +# or obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# Usage: $progname [OPTION]... [MODE-ARG]... # -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# Provide generalized library-building support services. +# +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print informational messages (default) +# --version print version information +# -h, --help print short or long help message +# +# MODE must be one of the following: +# +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory +# +# MODE-ARGS vary depending on the MODE. +# Try `$progname --help --mode=MODE' for a more detailed description of MODE. +# +# When reporting a bug, please describe a test case to reproduce it and +# include the following information: +# +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.2.6 Debian-2.2.6a-4 +# automake: $automake_version +# autoconf: $autoconf_version +# +# Report bugs to . -basename="s,^.*/,,g" +PROGRAM=ltmain.sh +PACKAGE=libtool +VERSION="2.2.6 Debian-2.2.6a-4" +TIMESTAMP="" +package_revision=1.3012 +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# NLS nuisances: We save the old values to restore during execute mode. +# Only set LANG and LC_ALL to C if already set. +# These must not be set unconditionally because not all systems understand +# e.g. LANG=C (notably SCO). +lt_user_locale= +lt_safe_locale= +for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test \"\${$lt_var+set}\" = set; then + save_$lt_var=\$$lt_var + $lt_var=C + export $lt_var + lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" + lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" + fi" +done + +$lt_unset CDPATH + + + + + +: ${CP="cp -f"} +: ${ECHO="echo"} +: ${EGREP="/bin/grep -E"} +: ${FGREP="/bin/grep -F"} +: ${GREP="/bin/grep"} +: ${LN_S="ln -s"} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SED="/bin/sed"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} +: ${Xsed="$SED -e 1s/^X//"} + +# Global variables: +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +exit_status=$EXIT_SUCCESS + +# Make sure IFS has a sensible default +lt_nl=' +' +IFS=" $lt_nl" + +dirname="s,/[^/]*$,," +basename="s,^.*/,," + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi + func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` +} + +# Generated shell functions inserted here. + # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special @@ -34,113 +178,175 @@ progpath="$0" # The name of this program: -progname=`echo "$progpath" | $SED $basename` -modename="$progname" +# In the unlikely event $progname began with a '-', it would play havoc with +# func_echo (imagine progname=-n), so we prepend ./ in that case: +func_dirname_and_basename "$progpath" +progname=$func_basename_result +case $progname in + -*) progname=./$progname ;; +esac -# Global variables: -EXIT_SUCCESS=0 -EXIT_FAILURE=1 +# Make sure we have an absolute path for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=$func_dirname_result + progdir=`cd "$progdir" && pwd` + progpath="$progdir/$progname" + ;; + *) + save_IFS="$IFS" + IFS=: + for progdir in $PATH; do + IFS="$save_IFS" + test -x "$progdir/$progname" && break + done + IFS="$save_IFS" + test -n "$progdir" || progdir=`pwd` + progpath="$progdir/$progname" + ;; +esac -PROGRAM=ltmain.sh -PACKAGE=libtool -VERSION="1.5.22 Debian 1.5.22-4" -TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)" +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed="${SED}"' -e 1s/^X//' +sed_quote_subst='s/$[`"$\\]$/\\\1/g' -# See if we are running on zsh, and set the options which allow our -# commands through without removal of \ escapes. -if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST -fi +# Same as above, but do not quote variable references. +double_quote_subst='s/$["`\\]$/\\\1/g' -# Check that we have a working $echo. -if test "X$1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X$1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then - # Yippee, $echo works! - : -else - # Restart under the correct shell, and then maybe $echo will work. - exec $SHELL "$progpath" --no-reexec ${1+"$@"} -fi +# Re-`\' parameter expansions in output of double_quote_subst that were +# `\'-ed in input to the same. If an odd number of `\' preceded a '$' +# in input to double_quote_subst, that '$' was protected from expansion. +# Since each input `\' is now two `\'s, look for any number of runs of +# four `\'s followed by two `\'s and then a '$'. `\' that '$'. +bs='\\' +bs2='\\\\' +bs4='\\\\\\\\' +dollar='\$' +sed_double_backslash="\ + s/$bs4/&\\ +/g + s/^$bs2$dollar/$bs&/ + s/\$[^$bs]\$$bs2$dollar/\\1$bs2$bs$dollar/g + s/\n//g" -if test "X$1" = X--fallback-echo; then - # used as fallback echo - shift - cat <&2 +} -if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then - $echo "$modename: not configured to build any kind of library" 1>&2 - $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 - exit $EXIT_FAILURE -fi +# func_warning arg... +# Echo program name prefixed warning message to standard error. +func_warning () +{ + $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2 -# Global variables. -mode=$default_mode -nonopt= -prev= -prevopt= -run= -show="$echo" -show_help= -execute_dlfiles= -duplicate_deps=no -preserve_args= -lo2o="s/\\.lo\$/.${objext}/" -o2lo="s/\\.${objext}\$/.lo/" + # bash bug again: + : +} -##################################### -# Shell function definitions: -# This seems to be the best place for them +# func_fatal_error arg... +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + func_error ${1+"$@"} + exit $EXIT_FAILURE +} +# func_fatal_help arg... +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + func_error ${1+"$@"} + func_fatal_error "$help" +} +help="Try \`$progname --help' for more information." ## default + + +# func_grep expression filename +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_mkdir_p directory-path +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + my_directory_path="$1" + my_dir_list= + + if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + + # Protect directory names starting with `-' + case $my_directory_path in + -*) my_directory_path="./$my_directory_path" ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$my_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + my_dir_list="$my_directory_path:$my_dir_list" + + # If the last portion added has no slash in it, the list is done + case $my_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"` + done + my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'` + + save_mkdir_p_IFS="$IFS"; IFS=':' + for my_dir in $my_dir_list; do + IFS="$save_mkdir_p_IFS" + # mkdir can fail with a `File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$my_dir" 2>/dev/null || : + done + IFS="$save_mkdir_p_IFS" + + # Bail out if we (or some other process) failed to create a directory. + test -d "$my_directory_path" || \ + func_fatal_error "Failed to create \`$1'" + fi +} + + # func_mktempdir [string] # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If @@ -149,7 +355,7 @@ { my_template="${TMPDIR-/tmp}/${1-$progname}" - if test "$run" = ":"; then + if test "$opt_dry_run" = ":"; then # Return a directory name, but don't create it in dry-run mode my_tmpdir="${my_template}-$$" else @@ -158,469 +364,743 @@ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` if test ! -d "$my_tmpdir"; then - # Failing that, at least try and use $RANDOM to avoid a race - my_tmpdir="${my_template}-${RANDOM-0}$$" + # Failing that, at least try and use $RANDOM to avoid a race + my_tmpdir="${my_template}-${RANDOM-0}$$" - save_mktempdir_umask=`umask` - umask 0077 - $mkdir "$my_tmpdir" - umask $save_mktempdir_umask + save_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$my_tmpdir" + umask $save_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure - test -d "$my_tmpdir" || { - $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2 - exit $EXIT_FAILURE - } + test -d "$my_tmpdir" || \ + func_fatal_error "cannot create temporary directory \`$my_tmpdir'" fi - $echo "X$my_tmpdir" | $Xsed + $ECHO "X$my_tmpdir" | $Xsed } -# func_win32_libid arg -# return the library type of file 'arg' -# -# Need a lot of goo to handle *both* DLLs and import libs -# Has to be a shell function in order to 'eat' the argument -# that is supplied when $file_magic_command is called. -func_win32_libid () +# func_quote_for_eval arg +# Aesthetically quote ARG to be evaled later. +# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT +# is double-quoted, suitable for a subsequent eval, whereas +# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters +# which are still active within double quotes backslashified. +func_quote_for_eval () { - win32_libid_type="unknown" - win32_fileres=`file -L $1 2>/dev/null` - case $win32_fileres in - *ar\ archive\ import\ library*) # definitely import - win32_libid_type="x86 archive import" - ;; - *ar\ archive*) # could be an import, or static - if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \ - $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then - win32_nmres=`eval $NM -f posix -A $1 | \ - $SED -n -e '1,100{/ I /{s,.*,import,;p;q;};}'` - case $win32_nmres in - import*) win32_libid_type="x86 archive import";; - *) win32_libid_type="x86 archive static";; - esac - fi - ;; - *DLL*) - win32_libid_type="x86 DLL" - ;; - *executable*) # but shell scripts are "executable" too... - case $win32_fileres in - *MS\ Windows\ PE\ Intel*) - win32_libid_type="x86 DLL" - ;; + case $1 in + *[\\\`\"\$]*) + func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;; + *) + func_quote_for_eval_unquoted_result="$1" ;; esac - ;; - esac - $echo $win32_libid_type + + case $func_quote_for_eval_unquoted_result in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and and variable + # expansion for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" + ;; + *) + func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" + esac } -# func_infer_tag arg -# Infer tagged configuration to use if any are available and -# if one wasn't chosen via the "--tag" command line option. -# Only attempt this if the compiler in the base compile -# command doesn't match the default compiler. -# arg is usually of the form 'gcc ...' -func_infer_tag () +# func_quote_for_expand arg +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () { - if test -n "$available_tags" && test -z "$tagname"; then - CC_quoted= - for arg in $CC; do - case $arg in - *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - CC_quoted="$CC_quoted $arg" - done - case $@ in - # Blanks in the command may have been stripped by the calling shell, - # but not from the CC environment variable when configure was run. - " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;; - # Blanks at the start of $base_compile will cause this to fail - # if we don't check for them as well. + case $1 in + *[\\\`\"]*) + my_arg=`$ECHO "X$1" | $Xsed \ + -e "$double_quote_subst" -e "$sed_double_backslash"` ;; *) - for z in $available_tags; do - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then - # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" - CC_quoted= - for arg in $CC; do - # Double-quote args containing other shell metacharacters. - case $arg in - *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - CC_quoted="$CC_quoted $arg" - done - case "$@ " in - " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) - # The compiler in the base compile command matches - # the one in the tagged configuration. - # Assume this is the tagged configuration we want. - tagname=$z - break - ;; - esac - fi - done - # If $tagname still isn't set, then no tagged configuration - # was found and let the user know that the "--tag" command - # line option must be used. - if test -z "$tagname"; then - $echo "$modename: unable to infer tagged configuration" - $echo "$modename: specify a tag with \`--tag'" 1>&2 - exit $EXIT_FAILURE -# else -# $echo "$modename: using $tagname tagged configuration" - fi - ;; - esac - fi + my_arg="$1" ;; + esac + + case $my_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + my_arg="\"$my_arg\"" + ;; + esac + + func_quote_for_expand_result="$my_arg" } -# func_extract_an_archive dir oldlib -func_extract_an_archive () +# func_show_eval cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () { - f_ex_an_ar_dir="$1"; shift - f_ex_an_ar_oldlib="$1" + my_cmd="$1" + my_fail_exp="${2-:}" - $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)" - $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $? - if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then - : - else - $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2 - exit $EXIT_FAILURE + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$my_cmd" + my_status=$? + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi fi } -# func_extract_archives gentop oldlib ... -func_extract_archives () + +# func_show_eval_locale cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () { - my_gentop="$1"; shift - my_oldlibs=${1+"$@"} - my_oldobjs="" - my_xlib="" - my_xabs="" - my_xdir="" - my_status="" + my_cmd="$1" + my_fail_exp="${2-:}" - $show "${rm}r $my_gentop" - $run ${rm}r "$my_gentop" - $show "$mkdir $my_gentop" - $run $mkdir "$my_gentop" - my_status=$? - if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then - exit $my_status + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$lt_user_locale + $my_cmd" + my_status=$? + eval "$lt_safe_locale" + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi fi +} - for my_xlib in $my_oldlibs; do - # Extract the objects. - case $my_xlib in - [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; - *) my_xabs=`pwd`"/$my_xlib" ;; - esac - my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` - my_xdir="$my_gentop/$my_xlib" - $show "${rm}r $my_xdir" - $run ${rm}r "$my_xdir" - $show "$mkdir $my_xdir" - $run $mkdir "$my_xdir" - exit_status=$? - if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then - exit $exit_status - fi - case $host in - *-darwin*) - $show "Extracting $my_xabs" - # Do not bother doing anything if just a dry run - if test -z "$run"; then - darwin_orig_dir=`pwd` - cd $my_xdir || exit $? - darwin_archive=$my_xabs - darwin_curdir=`pwd` - darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'` - darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null` - if test -n "$darwin_arches"; then - darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'` - darwin_arch= - $show "$darwin_base_archive has multiple architectures $darwin_arches" - for darwin_arch in $darwin_arches ; do - mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}" - lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" - cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" - func_extract_an_archive "`pwd`" "${darwin_base_archive}" - cd "$darwin_curdir" - $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" - done # $darwin_arches - ## Okay now we have a bunch of thin objects, gotta fatten them up :) - darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP` - darwin_file= - darwin_files= - for darwin_file in $darwin_filelist; do - darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` - lipo -create -output "$darwin_file" $darwin_files - done # $darwin_filelist - ${rm}r unfat-$$ - cd "$darwin_orig_dir" - else - cd "$darwin_orig_dir" - func_extract_an_archive "$my_xdir" "$my_xabs" - fi # $darwin_arches - fi # $run - ;; - *) - func_extract_an_archive "$my_xdir" "$my_xabs" - ;; - esac - my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` - done - func_extract_archives_result="$my_oldobjs" + + + +# func_version +# Echo version message to standard output and exit. +func_version () +{ + $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / { + s/^# // + s/^# *$// + s/$(C)$[ 0-9,-]*$ [1-9][0-9]*$/\1\2/ + p + }' < "$progpath" + exit $? } -# End of Shell function definitions -##################################### -# Darwin sucks -eval std_shrext=\"$shrext_cmds\" +# func_usage +# Echo short help message to standard output and exit. +func_usage () +{ + $SED -n '/^# Usage:/,/# -h/ { + s/^# // + s/^# *$// + s/\$progname/'$progname'/ + p + }' < "$progpath" + $ECHO + $ECHO "run \`$progname --help | more' for full usage" + exit $? +} -disable_libs=no +# func_help +# Echo long help message to standard output and exit. +func_help () +{ + $SED -n '/^# Usage:/,/# Report bugs to/ { + s/^# // + s/^# *$// + s*\$progname*'$progname'* + s*\$host*'"$host"'* + s*\$SHELL*'"$SHELL"'* + s*\$LTCC*'"$LTCC"'* + s*\$LTCFLAGS*'"$LTCFLAGS"'* + s*\$LD*'"$LD"'* + s/\$with_gnu_ld/'"$with_gnu_ld"'/ + s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + p + }' < "$progpath" + exit $? +} -# Parse our command line options once, thoroughly. -while test "$#" -gt 0 -do - arg="$1" +# func_missing_arg argname +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + func_error "missing argument for $1" + exit_cmd=exit +} + +exit_cmd=: + + + + + +# Check that we have a working $ECHO. +if test "X$1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. shift +elif test "X$1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then + # Yippee, $ECHO works! + : +else + # Restart under the correct shell, and then maybe $ECHO will work. + exec $SHELL "$progpath" --no-reexec ${1+"$@"} +fi - case $arg in - -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac +if test "X$1" = X--fallback-echo; then + # used as fallback echo + shift + cat <&2 - exit $EXIT_FAILURE - ;; - esac +# Global variables. +# $mode is unset +nonopt= +execute_dlfiles= +preserve_args= +lo2o="s/\\.lo\$/.${objext}/" +o2lo="s/\\.${objext}\$/.lo/" +extracted_archives= +extracted_serial=0 - case $tagname in - CC) - # Don't test for the "default" C tag, as we know, it's there, but - # not specially marked. - ;; - *) - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then - taglist="$taglist $tagname" - # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`" - else - $echo "$progname: ignoring unknown tag $tagname" 1>&2 - fi - ;; - esac - ;; - *) - eval "$prev=\$arg" - ;; - esac +opt_dry_run=false +opt_duplicate_deps=false +opt_silent=false +opt_debug=: - prev= - prevopt= - continue - fi +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= - # Have we seen a non-optional argument yet? - case $arg in - --help) - show_help=yes - ;; +# func_fatal_configuration arg... +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func_error ${1+"$@"} + func_error "See the $PACKAGE documentation for more information." + func_fatal_error "Fatal configuration error." +} - --version) - $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP" - $echo - $echo "Copyright (C) 2005 Free Software Foundation, Inc." - $echo "This is free software; see the source for copying conditions. There is NO" - $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - exit $? - ;; - --config) - ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath +# func_config +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + # Now print the configurations for the tags. for tagname in $taglist; do - ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath" + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" done + exit $? - ;; +} - --debug) - $echo "$progname: enabling shell trace mode" - set -x - preserve_args="$preserve_args $arg" - ;; - - --dry-run | -n) - run=: - ;; - - --features) - $echo "host: $host" +# func_features +# Display the features supported by this script. +func_features () +{ + $ECHO "host: $host" if test "$build_libtool_libs" = yes; then - $echo "enable shared libraries" + $ECHO "enable shared libraries" else - $echo "disable shared libraries" + $ECHO "disable shared libraries" fi if test "$build_old_libs" = yes; then - $echo "enable static libraries" + $ECHO "enable static libraries" else - $echo "disable static libraries" + $ECHO "disable static libraries" fi + exit $? - ;; +} - --finish) mode="finish" ;; +# func_enable_tag tagname +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname="$1" - --mode) prevopt="--mode" prev=mode ;; - --mode=*) mode="$optarg" ;; + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf="/$re_begincf/,/$re_endcf/p" - --preserve-dup-deps) duplicate_deps="yes" ;; + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac - --quiet | --silent) - show=: - preserve_args="$preserve_args $arg" - ;; + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" - --tag) - prevopt="--tag" - prev=tag - preserve_args="$preserve_args --tag" + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + +# Parse options once, thoroughly. This comes as soon as possible in +# the script to make things like `libtool --version' happen quickly. +{ + + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift ;; - --tag=*) - set tag "$optarg" ${1+"$@"} - shift - prev=tag - preserve_args="$preserve_args --tag" + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift ;; - - -dlopen) - prevopt="-dlopen" - prev=execute_dlfiles + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift ;; - - -*) - $echo "$modename: unrecognized option \`$arg'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift ;; - - *) - nonopt="$arg" - break + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; esac -done -if test -n "$prevopt"; then - $echo "$modename: option \`$prevopt' requires an argument" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE -fi + # Parse non-mode specific arguments: + while test "$#" -gt 0; do + opt="$1" + shift -case $disable_libs in -no) - ;; -shared) - build_libtool_libs=no - build_old_libs=yes - ;; -static) - build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` - ;; -esac + case $opt in + --config) func_config ;; -# If this variable is set in any of the actions, the command in it -# will be execed at the end. This prevents here-documents from being -# left over by shells. -exec_cmd= + --debug) preserve_args="$preserve_args $opt" + func_echo "enabling shell trace mode" + opt_debug='set -x' + $opt_debug + ;; -if test -z "$show_help"; then + -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break + execute_dlfiles="$execute_dlfiles $1" + shift + ;; - # Infer the operation mode. - if test -z "$mode"; then - $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2 - $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2 - case $nonopt in - *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*) - mode=link - for arg - do - case $arg in - -c) - mode=compile - break - ;; - esac - done + --dry-run | -n) opt_dry_run=: ;; + --features) func_features ;; + --finish) mode="finish" ;; + + --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break + case $1 in + # Valid mode arguments: + clean) ;; + compile) ;; + execute) ;; + finish) ;; + install) ;; + link) ;; + relink) ;; + uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $opt" + exit_cmd=exit + break + ;; + esac + + mode="$1" + shift + ;; + + --preserve-dup-deps) + opt_duplicate_deps=: ;; + + --quiet|--silent) preserve_args="$preserve_args $opt" + opt_silent=: + ;; + + --verbose| -v) preserve_args="$preserve_args $opt" + opt_silent=false + ;; + + --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break + preserve_args="$preserve_args $opt $1" + func_enable_tag "$1" # tagname is set here + shift + ;; + + # Separate optargs to long options: + -dlopen=*|--mode=*|--tag=*) + func_opt_split "$opt" + set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"} + shift + ;; + + -\?|-h) func_usage ;; + --help) opt_help=: ;; + --version) func_version ;; + + -*) func_fatal_help "unrecognized option \`$opt'" ;; + + *) nonopt="$opt" + break + ;; + esac + done + + + case $host in + *cygwin* | *mingw* | *pw32* | *cegcc*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: ;; - *db | *dbx | *strace | *truss) - mode=execute + *) + opt_duplicate_compiler_generated_deps=$opt_duplicate_deps ;; - *install*|cp|mv) - mode=install - ;; - *rm) - mode=uninstall - ;; - *) - # If we have no mode, but dlfiles were specified, then do execute mode. - test -n "$execute_dlfiles" && mode=execute + esac - # Just use the default operation mode. - if test -z "$mode"; then - if test -n "$nonopt"; then - $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2 - else - $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2 - fi + # Having warned about all mis-specified options, bail out if + # anything was wrong. + $exit_cmd $EXIT_FAILURE +} + +# func_check_version_match +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF fi - ;; - esac + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH fi +} + +## ----------- ## +## Main. ## +## ----------- ## + +$opt_help || { + # Sanity checks first: + func_check_version_match + + if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then + func_fatal_configuration "not configured to build any kind of library" + fi + + test -z "$mode" && func_fatal_error "error: you must specify a MODE." + + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. if test -n "$execute_dlfiles" && test "$mode" != execute; then - $echo "$modename: unrecognized option \`-dlopen'" 1>&2 - $echo "$help" 1>&2 + func_error "unrecognized option \`-dlopen'" + $ECHO "$help" 1>&2 exit $EXIT_FAILURE fi # Change the help message to a mode-specific one. generic_help="$help" - help="Try \`$modename --help --mode=$mode' for more information." + help="Try \`$progname --help --mode=$mode' for more information." +} - # These modes are in order of execution frequency so that they run quickly. - case $mode in - # libtool compile mode - compile) - modename="$modename: compile" + +# func_lalib_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null \ + | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if `file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case "$lalib_p_line" in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test "$lalib_p" = yes +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + func_lalib_p "$1" +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_ltwrapper_scriptname_result="" + if func_ltwrapper_executable_p "$1"; then + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" + fi +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $opt_debug + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$save_ifs + eval cmd=\"$cmd\" + func_show_eval "$cmd" "${2-:}" From cvs at cvs.gnupg.org Tue Dec 8 21:52:28 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 21:52:28 +0100 Subject: [svn] assuan - r333 - trunk/src Message-ID: Author: marcus Date: 2009-12-08 21:52:28 +0100 (Tue, 08 Dec 2009) New Revision: 333 Modified: trunk/src/ChangeLog trunk/src/assuan.h Log: 2009-12-08 Marcus Brinkmann * assuan.h (struct assuan_system_hooks): Don't use "namespace" as argument name in declaration (C++ keyword). Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 17:28:11 UTC (rev 332) +++ trunk/src/ChangeLog 2009-12-08 20:52:28 UTC (rev 333) @@ -1,5 +1,8 @@ 2009-12-08 Marcus Brinkmann + * assuan.h (struct assuan_system_hooks): Don't use "namespace" as + argument name in declaration (C++ keyword). + * client.c (assuan_client_read_response): Fix linelen. * assuan.h (ASSUAN_SPAWN_DETACHED): New macro. Modified: trunk/src/assuan.h =================================================================== --- trunk/src/assuan.h 2009-12-08 17:28:11 UTC (rev 332) +++ trunk/src/assuan.h 2009-12-08 20:52:28 UTC (rev 333) @@ -293,7 +293,7 @@ /* If action is 0, like waitpid. If action is 1, just release the PID? */ pid_t (*waitpid) (assuan_context_t ctx, pid_t pid, int action, int *status, int options); - int (*socketpair) (assuan_context_t ctx, int namespace, int style, + int (*socketpair) (assuan_context_t ctx, int _namespace, int style, int protocol, assuan_fd_t filedes[2]); }; typedef struct assuan_system_hooks *assuan_system_hooks_t; From cvs at cvs.gnupg.org Tue Dec 8 21:56:11 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 21:56:11 +0100 Subject: [svn] assuan - r334 - trunk/src Message-ID: Author: marcus Date: 2009-12-08 21:56:11 +0100 (Tue, 08 Dec 2009) New Revision: 334 Modified: trunk/src/assuan.h Log: Another one. Modified: trunk/src/assuan.h =================================================================== --- trunk/src/assuan.h 2009-12-08 20:52:28 UTC (rev 333) +++ trunk/src/assuan.h 2009-12-08 20:56:11 UTC (rev 334) @@ -517,7 +517,7 @@ assuan_fd_t *fd_child_list, void (*atfork) (void *opaque, int reserved), void *atforkvalue, unsigned int flags); -int __assuan_socketpair (assuan_context_t ctx, int namespace, int style, +int __assuan_socketpair (assuan_context_t ctx, int _namespace, int style, int protocol, assuan_fd_t filedes[2]); #ifdef _WIN32 From cvs at cvs.gnupg.org Tue Dec 8 22:23:52 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 22:23:52 +0100 Subject: [svn] w32pth - r31 - trunk Message-ID: Author: marcus Date: 2009-12-08 22:23:52 +0100 (Tue, 08 Dec 2009) New Revision: 31 Modified: trunk/ChangeLog trunk/libw32pth.def Log: 2009-12-08 Marcus Brinkmann * libw32pth.def: Add pth_cancel. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-12-08 04:01:02 UTC (rev 30) +++ trunk/ChangeLog 2009-12-08 21:23:52 UTC (rev 31) @@ -1,5 +1,7 @@ 2009-12-08 Marcus Brinkmann + * libw32pth.def: Add pth_cancel. + Update to libtool 2.2.6a. * configure.ac: Invoke AC_CONFIG_MACRO_DIR. (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... Modified: trunk/libw32pth.def =================================================================== --- trunk/libw32pth.def 2009-12-08 04:01:02 UTC (rev 30) +++ trunk/libw32pth.def 2009-12-08 21:23:52 UTC (rev 31) @@ -73,3 +73,6 @@ pth_usleep @42 pth_thread_id @43 + + pth_cancel @44 + From cvs at cvs.gnupg.org Tue Dec 8 22:38:25 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 22:38:25 +0100 Subject: [svn] gpgme - r1438 - in trunk: . m4 src Message-ID: Author: marcus Date: 2009-12-08 22:38:22 +0100 (Tue, 08 Dec 2009) New Revision: 1438 Added: trunk/m4/ltoptions.m4 trunk/m4/ltsugar.m4 trunk/m4/ltversion.m4 trunk/m4/lt~obsolete.m4 Modified: trunk/configure.ac trunk/ltmain.sh trunk/m4/libtool.m4 trunk/src/ChangeLog trunk/src/Makefile.am Log: 2009-12-08 Marcus Brinkmann Update to libtool 2.2.6a. * configure.ac: Invoke AC_CONFIG_MACRO_DIR. (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... (LT_PREREQ, LT_INIT, LT_LANG): ... these. * config.guess, config.sub, install-sh, ltmain.sh, m4/libtool.m4: Updated to libtool 2.2.6a. * m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: New files from libtool 2.2.6a. src/ 2009-12-08 Marcus Brinkmann * Makefile.am (LTRCCOMPILE): Refactor with ... (RCCOMPILE): ... this new macro. (SUFFIXES): Add .lo. (gpgme_res_ldflag): Removed. (gpgme_res): Use libtool object file name here. (libgpgme_la_LDFLAGS): Remove gpgme_res_ldflag usage. [The diff below has been truncated] Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 04:07:57 UTC (rev 1437) +++ trunk/src/ChangeLog 2009-12-08 21:38:22 UTC (rev 1438) @@ -1,5 +1,13 @@ 2009-12-08 Marcus Brinkmann + * Makefile.am (LTRCCOMPILE): Refactor with ... + (RCCOMPILE): ... this new macro. + (SUFFIXES): Add .lo. + (gpgme_res_ldflag): Removed. + (gpgme_res): Use libtool object file name here. + (libgpgme_la_LDFLAGS): Remove gpgme_res_ldflag usage. + (libgpgme_la_LIBADD): Add gpgme_res. + * ath.c (ath_self) [HAVE_W32_SYSTEM]: Fix typo. 2009-12-02 Werner Koch Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2009-12-08 04:07:57 UTC (rev 1437) +++ trunk/configure.ac 2009-12-08 21:38:22 UTC (rev 1438) @@ -66,6 +66,7 @@ dnl FIXME: Enable this with autoconf 2.59. dnl AC_CONFIG_MACRO_DIR(m4) AM_CONFIG_HEADER(config.h) +AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE($PACKAGE, $VERSION) AM_MAINTAINER_MODE AC_CANONICAL_HOST @@ -95,10 +96,9 @@ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package]) # Don't default to build static libs. -AC_DISABLE_STATIC -AC_LIBTOOL_WIN32_DLL -AC_LIBTOOL_RC -AC_PROG_LIBTOOL +LT_PREREQ([2.2.6]) +LT_INIT([win32-dll disable-static]) +LT_LANG([Windows Resource]) # For now we hardcode the use of version scripts. It would be better # to write a test for this or even implement this within libtool. Modified: trunk/ltmain.sh =================================================================== --- trunk/ltmain.sh 2009-12-08 04:07:57 UTC (rev 1437) +++ trunk/ltmain.sh 2009-12-08 21:38:22 UTC (rev 1438) @@ -1,31 +1,175 @@ -# ltmain.sh - Provide generalized library-building support services. -# NOTE: Changing this file will not affect anything until you rerun configure. -# -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004 -# Free Software Foundation, Inc. -# Originally by Gordon Matzigkeit , 1996 -# -# This program is free software; you can redistribute it and/or modify +# Generated from ltmain.m4sh. + +# ltmain.sh (GNU libtool) 2.2.6 +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, but +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, +# or obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# Usage: $progname [OPTION]... [MODE-ARG]... # -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# Provide generalized library-building support services. +# +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print informational messages (default) +# --version print version information +# -h, --help print short or long help message +# +# MODE must be one of the following: +# +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory +# +# MODE-ARGS vary depending on the MODE. +# Try `$progname --help --mode=MODE' for a more detailed description of MODE. +# +# When reporting a bug, please describe a test case to reproduce it and +# include the following information: +# +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.2.6 Debian-2.2.6a-4 +# automake: $automake_version +# autoconf: $autoconf_version +# +# Report bugs to . -basename="s,^.*/,,g" +PROGRAM=ltmain.sh +PACKAGE=libtool +VERSION="2.2.6 Debian-2.2.6a-4" +TIMESTAMP="" +package_revision=1.3012 +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# NLS nuisances: We save the old values to restore during execute mode. +# Only set LANG and LC_ALL to C if already set. +# These must not be set unconditionally because not all systems understand +# e.g. LANG=C (notably SCO). +lt_user_locale= +lt_safe_locale= +for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test \"\${$lt_var+set}\" = set; then + save_$lt_var=\$$lt_var + $lt_var=C + export $lt_var + lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" + lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" + fi" +done + +$lt_unset CDPATH + + + + + +: ${CP="cp -f"} +: ${ECHO="echo"} +: ${EGREP="/bin/grep -E"} +: ${FGREP="/bin/grep -F"} +: ${GREP="/bin/grep"} +: ${LN_S="ln -s"} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SED="/bin/sed"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} +: ${Xsed="$SED -e 1s/^X//"} + +# Global variables: +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +exit_status=$EXIT_SUCCESS + +# Make sure IFS has a sensible default +lt_nl=' +' +IFS=" $lt_nl" + +dirname="s,/[^/]*$,," +basename="s,^.*/,," + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi + func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` +} + +# Generated shell functions inserted here. + # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special @@ -34,31 +178,396 @@ progpath="$0" # The name of this program: -progname=`echo "$progpath" | $SED $basename` -modename="$progname" +# In the unlikely event $progname began with a '-', it would play havoc with +# func_echo (imagine progname=-n), so we prepend ./ in that case: +func_dirname_and_basename "$progpath" +progname=$func_basename_result +case $progname in + -*) progname=./$progname ;; +esac -# Global variables: -EXIT_SUCCESS=0 -EXIT_FAILURE=1 +# Make sure we have an absolute path for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=$func_dirname_result + progdir=`cd "$progdir" && pwd` + progpath="$progdir/$progname" + ;; + *) + save_IFS="$IFS" + IFS=: + for progdir in $PATH; do + IFS="$save_IFS" + test -x "$progdir/$progname" && break + done + IFS="$save_IFS" + test -n "$progdir" || progdir=`pwd` + progpath="$progdir/$progname" + ;; +esac -PROGRAM=ltmain.sh -PACKAGE=libtool -VERSION=1.5.4 -TIMESTAMP=" (1.1220.2.90 2004/04/03 14:10:19) Debian$Rev$" +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed="${SED}"' -e 1s/^X//' +sed_quote_subst='s/$[`"$\\]$/\\\1/g' +# Same as above, but do not quote variable references. +double_quote_subst='s/$["`\\]$/\\\1/g' -# Check that we have a working $echo. +# Re-`\' parameter expansions in output of double_quote_subst that were +# `\'-ed in input to the same. If an odd number of `\' preceded a '$' +# in input to double_quote_subst, that '$' was protected from expansion. +# Since each input `\' is now two `\'s, look for any number of runs of +# four `\'s followed by two `\'s and then a '$'. `\' that '$'. +bs='\\' +bs2='\\\\' +bs4='\\\\\\\\' +dollar='\$' +sed_double_backslash="\ + s/$bs4/&\\ +/g + s/^$bs2$dollar/$bs&/ + s/\$[^$bs]\$$bs2$dollar/\\1$bs2$bs$dollar/g + s/\n//g" + +# Standard options: +opt_dry_run=false +opt_help=false +opt_quiet=false +opt_verbose=false +opt_warning=: + +# func_echo arg... +# Echo program name prefixed message, along with the current mode +# name if it has been set yet. +func_echo () +{ + $ECHO "$progname${mode+: }$mode: $*" +} + +# func_verbose arg... +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $opt_verbose && func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + +# func_error arg... +# Echo program name prefixed message to standard error. +func_error () +{ + $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2 +} + +# func_warning arg... +# Echo program name prefixed warning message to standard error. +func_warning () +{ + $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2 + + # bash bug again: + : +} + +# func_fatal_error arg... +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + +# func_fatal_help arg... +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + func_error ${1+"$@"} + func_fatal_error "$help" +} +help="Try \`$progname --help' for more information." ## default + + +# func_grep expression filename +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_mkdir_p directory-path +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + my_directory_path="$1" + my_dir_list= + + if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + + # Protect directory names starting with `-' + case $my_directory_path in + -*) my_directory_path="./$my_directory_path" ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$my_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + my_dir_list="$my_directory_path:$my_dir_list" + + # If the last portion added has no slash in it, the list is done + case $my_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"` + done + my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'` + + save_mkdir_p_IFS="$IFS"; IFS=':' + for my_dir in $my_dir_list; do + IFS="$save_mkdir_p_IFS" + # mkdir can fail with a `File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$my_dir" 2>/dev/null || : + done + IFS="$save_mkdir_p_IFS" + + # Bail out if we (or some other process) failed to create a directory. + test -d "$my_directory_path" || \ + func_fatal_error "Failed to create \`$1'" + fi +} + + +# func_mktempdir [string] +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, STRING is the basename for that directory. +func_mktempdir () +{ + my_template="${TMPDIR-/tmp}/${1-$progname}" + + if test "$opt_dry_run" = ":"; then + # Return a directory name, but don't create it in dry-run mode + my_tmpdir="${my_template}-$$" + else + + # If mktemp works, use that first and foremost + my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` + + if test ! -d "$my_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + my_tmpdir="${my_template}-${RANDOM-0}$$" + + save_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$my_tmpdir" + umask $save_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$my_tmpdir" || \ + func_fatal_error "cannot create temporary directory \`$my_tmpdir'" + fi + + $ECHO "X$my_tmpdir" | $Xsed +} + + +# func_quote_for_eval arg +# Aesthetically quote ARG to be evaled later. +# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT +# is double-quoted, suitable for a subsequent eval, whereas +# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters +# which are still active within double quotes backslashified. +func_quote_for_eval () +{ + case $1 in + *[\\\`\"\$]*) + func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;; + *) + func_quote_for_eval_unquoted_result="$1" ;; + esac + + case $func_quote_for_eval_unquoted_result in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and and variable + # expansion for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" + ;; + *) + func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" + esac +} + + +# func_quote_for_expand arg +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + case $1 in + *[\\\`\"]*) + my_arg=`$ECHO "X$1" | $Xsed \ + -e "$double_quote_subst" -e "$sed_double_backslash"` ;; + *) + my_arg="$1" ;; + esac + + case $my_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + my_arg="\"$my_arg\"" + ;; + esac + + func_quote_for_expand_result="$my_arg" +} + + +# func_show_eval cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$my_cmd" + my_status=$? + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + + +# func_show_eval_locale cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$lt_user_locale + $my_cmd" + my_status=$? + eval "$lt_safe_locale" + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + + + + + +# func_version +# Echo version message to standard output and exit. +func_version () +{ + $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / { + s/^# // + s/^# *$// + s/$(C)$[ 0-9,-]*$ [1-9][0-9]*$/\1\2/ + p + }' < "$progpath" + exit $? +} + +# func_usage +# Echo short help message to standard output and exit. +func_usage () +{ + $SED -n '/^# Usage:/,/# -h/ { + s/^# // + s/^# *$// + s/\$progname/'$progname'/ + p + }' < "$progpath" + $ECHO + $ECHO "run \`$progname --help | more' for full usage" + exit $? +} + +# func_help +# Echo long help message to standard output and exit. +func_help () +{ + $SED -n '/^# Usage:/,/# Report bugs to/ { + s/^# // + s/^# *$// + s*\$progname*'$progname'* + s*\$host*'"$host"'* + s*\$SHELL*'"$SHELL"'* + s*\$LTCC*'"$LTCC"'* + s*\$LTCFLAGS*'"$LTCFLAGS"'* + s*\$LD*'"$LD"'* + s/\$with_gnu_ld/'"$with_gnu_ld"'/ + s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + p + }' < "$progpath" + exit $? +} + +# func_missing_arg argname +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + func_error "missing argument for $1" + exit_cmd=exit +} + +exit_cmd=: + + + + + +# Check that we have a working $ECHO. if test "X$1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X$1" = X--fallback-echo; then # Avoid inline document here, it may be left over : -elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then - # Yippee, $echo works! +elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then + # Yippee, $ECHO works! : else - # Restart under the correct shell, and then maybe $echo will work. + # Restart under the correct shell, and then maybe $ECHO will work. exec $SHELL "$progpath" --no-reexec ${1+"$@"} fi @@ -71,147 +580,461 @@ exit $EXIT_SUCCESS fi -default_mode= -help="Try \`$progname --help' for more information." magic="%%%MAGIC variable%%%" -mkdir="mkdir" -mv="mv -f" -rm="rm -f" +magic_exe="%%%MAGIC EXE variable%%%" -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -Xsed="${SED}"' -e 1s/^X//' -sed_quote_subst='s/$[\\`\\"$\\\\]$/\\\1/g' -# test EBCDIC or ASCII -case `echo A|tr A '\301'` in - A) # EBCDIC based system - SP2NL="tr '\100' '\n'" - NL2SP="tr '\r\n' '\100\100'" - ;; - *) # Assume ASCII based system - SP2NL="tr '\040' '\012'" - NL2SP="tr '\015\012' '\040\040'" - ;; -esac - -# NLS nuisances. -# Only set LANG and LC_ALL to C if already set. -# These must not be set unconditionally because not all systems understand -# e.g. LANG=C (notably SCO). -# We save the old values to restore during execute mode. -if test "${LC_ALL+set}" = set; then - save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL -fi -if test "${LANG+set}" = set; then - save_LANG="$LANG"; LANG=C; export LANG -fi - -# Make sure IFS has a sensible default -: ${IFS=" -"} - -if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then - $echo "$modename: not configured to build any kind of library" 1>&2 - $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 - exit $EXIT_FAILURE -fi - # Global variables. -mode=$default_mode +# $mode is unset nonopt= -prev= -prevopt= -run= -show="$echo" -show_help= execute_dlfiles= +preserve_args= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" +extracted_archives= +extracted_serial=0 -##################################### -# Shell function definitions: -# This seems to be the best place for them +opt_dry_run=false +opt_duplicate_deps=false +opt_silent=false +opt_debug=: -# func_win32_libid arg -# return the library type of file 'arg' -# -# Need a lot of goo to handle *both* DLLs and import libs -# Has to be a shell function in order to 'eat' the argument -# that is supplied when $file_magic_command is called. -func_win32_libid () { - win32_libid_type="unknown" - win32_fileres=`file -L $1 2>/dev/null` - case $win32_fileres in - *ar\ archive\ import\ library*) # definitely import - win32_libid_type="x86 archive import" - ;; - *ar\ archive*) # could be an import, or static - if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \ - $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then - win32_nmres=`eval $NM -f posix -A $1 | \ - sed -n -e '1,100{/ I /{x;/import/!{s/^/import/;h;p;};x;};}'` - if test "X$win32_nmres" = "Ximport" ; then - win32_libid_type="x86 archive import" +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + +# func_fatal_configuration arg... +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func_error ${1+"$@"} + func_error "See the $PACKAGE documentation for more information." + func_fatal_error "Fatal configuration error." +} + + +# func_config +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + + # Now print the configurations for the tags. + for tagname in $taglist; do + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" + done + + exit $? +} + +# func_features +# Display the features supported by this script. +func_features () +{ + $ECHO "host: $host" + if test "$build_libtool_libs" = yes; then + $ECHO "enable shared libraries" + else + $ECHO "disable shared libraries" + fi + if test "$build_old_libs" = yes; then + $ECHO "enable static libraries" + else + $ECHO "disable static libraries" + fi + + exit $? +} + +# func_enable_tag tagname +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname="$1" + + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf="/$re_begincf/,/$re_endcf/p" + + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac + + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" else - win32_libid_type="x86 archive static" + func_error "ignoring unknown tag $tagname" fi - fi + ;; + esac +} + +# Parse options once, thoroughly. This comes as soon as possible in +# the script to make things like `libtool --version' happen quickly. +{ + + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift ;; - *DLL*) - win32_libid_type="x86 DLL" + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift ;; - *executable*) # but shell scripts are "executable" too... - case $win32_fileres in - *MS\ Windows\ PE\ Intel*) - win32_libid_type="x86 DLL" - ;; - esac + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift ;; + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; esac - $echo $win32_libid_type + + # Parse non-mode specific arguments: + while test "$#" -gt 0; do + opt="$1" + shift + + case $opt in + --config) func_config ;; + + --debug) preserve_args="$preserve_args $opt" + func_echo "enabling shell trace mode" + opt_debug='set -x' + $opt_debug + ;; + + -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break + execute_dlfiles="$execute_dlfiles $1" + shift + ;; + + --dry-run | -n) opt_dry_run=: ;; + --features) func_features ;; + --finish) mode="finish" ;; + + --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break + case $1 in + # Valid mode arguments: + clean) ;; + compile) ;; + execute) ;; + finish) ;; + install) ;; + link) ;; + relink) ;; + uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $opt" + exit_cmd=exit + break + ;; + esac + + mode="$1" + shift + ;; + + --preserve-dup-deps) + opt_duplicate_deps=: ;; + + --quiet|--silent) preserve_args="$preserve_args $opt" + opt_silent=: + ;; + + --verbose| -v) preserve_args="$preserve_args $opt" + opt_silent=false + ;; + + --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break + preserve_args="$preserve_args $opt $1" + func_enable_tag "$1" # tagname is set here + shift + ;; + + # Separate optargs to long options: + -dlopen=*|--mode=*|--tag=*) + func_opt_split "$opt" + set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"} + shift + ;; + + -\?|-h) func_usage ;; + --help) opt_help=: ;; + --version) func_version ;; + + -*) func_fatal_help "unrecognized option \`$opt'" ;; + + *) nonopt="$opt" + break + ;; + esac + done + + + case $host in + *cygwin* | *mingw* | *pw32* | *cegcc*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_duplicate_deps + ;; + esac + + # Having warned about all mis-specified options, bail out if + # anything was wrong. + $exit_cmd $EXIT_FAILURE } +# func_check_version_match +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + exit $EXIT_MISMATCH + fi +} + + +## ----------- ## +## Main. ## +## ----------- ## + +$opt_help || { + # Sanity checks first: + func_check_version_match + + if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then + func_fatal_configuration "not configured to build any kind of library" + fi + + test -z "$mode" && func_fatal_error "error: you must specify a MODE." + + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$execute_dlfiles" && test "$mode" != execute; then + func_error "unrecognized option \`-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help="$help" + help="Try \`$progname --help --mode=$mode' for more information." +} + + +# func_lalib_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null \ + | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if `file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case "$lalib_p_line" in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test "$lalib_p" = yes +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + func_lalib_p "$1" +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_ltwrapper_scriptname_result="" + if func_ltwrapper_executable_p "$1"; then + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" + fi +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $opt_debug + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$save_ifs + eval cmd=\"$cmd\" + func_show_eval "$cmd" "${2-:}" + done + IFS=$save_ifs +} + + +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# `FILE.' does not work on cygwin managed mounts. +func_source () +{ + $opt_debug + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} + + # func_infer_tag arg # Infer tagged configuration to use if any are available and # if one wasn't chosen via the "--tag" command line option. # Only attempt this if the compiler in the base compile # command doesn't match the default compiler. # arg is usually of the form 'gcc ...' -func_infer_tag () { +func_infer_tag () +{ + $opt_debug if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do - case $arg in - *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - CC_quoted="$CC_quoted $arg" + func_quote_for_eval "$arg" + CC_quoted="$CC_quoted $func_quote_for_eval_result" done case $@ in # Blanks in the command may have been stripped by the calling shell, # but not from the CC environment variable when configure was run. - " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;; + " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;; # Blanks at the start of $base_compile will cause this to fail # if we don't check for them as well. *) for z in $available_tags; do - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do - # Double-quote args containing other shell metacharacters. - case $arg in - *[\[\~\#\^\&\*\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - arg="\"$arg\"" - ;; - esac - CC_quoted="$CC_quoted $arg" - done + # Double-quote args containing other shell metacharacters. + func_quote_for_eval "$arg" + CC_quoted="$CC_quoted $func_quote_for_eval_result" + done case "$@ " in - " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) + " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) # The compiler in the base compile command matches # the one in the tagged configuration. # Assume this is the tagged configuration we want. @@ -225,235 +1048,59 @@ # was found and let the user know that the "--tag" command # line option must be used. if test -z "$tagname"; then - $echo "$modename: unable to infer tagged configuration" - $echo "$modename: specify a tag with \`--tag'" 1>&2 - exit $EXIT_FAILURE -# else -# $echo "$modename: using $tagname tagged configuration" + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with \`--tag'" +# else +# func_verbose "using $tagname tagged configuration" fi ;; esac fi } -# End of Shell function definitions -##################################### -# Darwin sucks -eval std_shrext=\"$shrext_cmds\" -# Parse our command line options once, thoroughly. -while test "$#" -gt 0 -do - arg="$1" - shift - case $arg in - -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - - # If the previous option needs an argument, assign it. - if test -n "$prev"; then - case $prev in - execute_dlfiles) - execute_dlfiles="$execute_dlfiles $arg" - ;; - tag) - tagname="$arg" - preserve_args="${preserve_args}=$arg" - - # Check whether tagname contains only valid characters - case $tagname in - *[!-_A-Za-z0-9,/]*) - $echo "$progname: invalid tag name: $tagname" 1>&2 - exit $EXIT_FAILURE - ;; - esac - - case $tagname in - CC) - # Don't test for the "default" C tag, as we know, it's there, but - # not specially marked. - ;; - *) - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then - taglist="$taglist $tagname" - # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`" - else - $echo "$progname: ignoring unknown tag $tagname" 1>&2 - fi - ;; - esac - ;; - *) - eval "$prev=\$arg" - ;; - esac - - prev= - prevopt= - continue - fi - - # Have we seen a non-optional argument yet? - case $arg in - --help) - show_help=yes - ;; - - --version) - $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP" - $echo - $echo "Copyright (C) 2003 Free Software Foundation, Inc." - $echo "This is free software; see the source for copying conditions. There is NO" - $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - exit $EXIT_SUCCESS - ;; - - --config) - ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath - # Now print the configurations for the tags. - for tagname in $taglist; do - ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath" - done - exit $EXIT_SUCCESS - ;; - - --debug) - $echo "$progname: enabling shell trace mode" - set -x - preserve_args="$preserve_args $arg" - ;; - - --dry-run | -n) - run=: - ;; - - --features) - $echo "host: $host" +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=${1} if test "$build_libtool_libs" = yes; then - $echo "enable shared libraries" + write_lobj=\'${2}\' else - $echo "disable shared libraries" + write_lobj=none fi + if test "$build_old_libs" = yes; then - $echo "enable static libraries" + write_oldobj=\'${3}\' else - $echo "disable static libraries" + write_oldobj=none fi - exit $EXIT_SUCCESS - ;; - --finish) mode="finish" ;; + $opt_dry_run || { + cat >${write_libobj}T <&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - ;; - - *) - nonopt="$arg" - break - ;; - esac -done - -if test -n "$prevopt"; then - $echo "$modename: option \`$prevopt' requires an argument" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE -fi - -# If this variable is set in any of the actions, the command in it -# will be execed at the end. This prevents here-documents from being -# left over by shells. -exec_cmd= - -if test -z "$show_help"; then - - # Infer the operation mode. - if test -z "$mode"; then - $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2 - $echo "*** Future versions of Libtool will require -mode=MODE be specified." 1>&2 - case $nonopt in - *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*) - mode=link - for arg - do - case $arg in - -c) - mode=compile - break - ;; - esac - done - ;; - *db | *dbx | *strace | *truss) - mode=execute - ;; - *install*|cp|mv) - mode=install - ;; - *rm) - mode=uninstall - ;; - *) - # If we have no mode, but dlfiles were specified, then do execute mode. - test -n "$execute_dlfiles" && mode=execute - - # Just use the default operation mode. - if test -z "$mode"; then - if test -n "$nonopt"; then - $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2 - else - $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2 - fi - fi - ;; - esac - fi - - # Only execute mode is allowed to have -dlopen flags. - if test -n "$execute_dlfiles" && test "$mode" != execute; then - $echo "$modename: unrecognized option \`-dlopen'" 1>&2 - $echo "$help" 1>&2 - exit $EXIT_FAILURE - fi - - # Change the help message to a mode-specific one. - generic_help="$help" - help="Try \`$modename --help --mode=$mode' for more information." - - # These modes are in order of execution frequency so that they run quickly. - case $mode in - # libtool compile mode - compile) - modename="$modename: compile" +# func_mode_compile arg... +func_mode_compile () +{ + $opt_debug # Get the compilation command and the source file. base_compile= srcfile="$nonopt" # always keep a non-empty value in "srcfile" @@ -462,10 +1109,11 @@ arg_mode=normal libobj= later= + pie_flag= for arg do - case "$arg_mode" in + case $arg_mode in arg ) # do not "continue". Instead, add this to base_compile lastarg="$arg" @@ -482,15 +1130,18 @@ # Accept any command-line options. case $arg in -o) - if test -n "$libobj" ; then - $echo "$modename: you cannot specify \`-o' more than once" 1>&2 - exit $EXIT_FAILURE - fi + test -n "$libobj" && \ + func_fatal_error "you cannot specify \`-o' more than once" arg_mode=target continue ;; - -static | -prefer-pic | -prefer-non-pic) + -pie | -fpie | -fPIE) + pie_flag="$pie_flag $arg" + continue + ;; + + -shared | -static | -prefer-pic | -prefer-non-pic) From cvs at cvs.gnupg.org Tue Dec 8 23:32:12 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 23:32:12 +0100 Subject: [svn] GpgOL - r324 - trunk/src Message-ID: Author: marcus Date: 2009-12-08 23:32:11 +0100 (Tue, 08 Dec 2009) New Revision: 324 Modified: trunk/src/ChangeLog trunk/src/engine-assuan.c Log: 2009-12-08 Marcus Brinkmann * engine-assuan.c (getinfo_pid_cb, prep_foo_status_cb): Change return type to gpg_error_t. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-11-30 17:42:00 UTC (rev 323) +++ trunk/src/ChangeLog 2009-12-08 22:32:11 UTC (rev 324) @@ -1,3 +1,8 @@ +2009-12-08 Marcus Brinkmann + + * engine-assuan.c (getinfo_pid_cb, prep_foo_status_cb): Change + return type to gpg_error_t. + 2009-11-30 Werner Koch * message-events.cpp (OnReadComplete): Use GetInspector if none was Modified: trunk/src/engine-assuan.c =================================================================== --- trunk/src/engine-assuan.c 2009-11-30 17:42:00 UTC (rev 323) +++ trunk/src/engine-assuan.c 2009-12-08 22:32:11 UTC (rev 324) @@ -395,7 +395,7 @@ } -static int +static gpg_error_t getinfo_pid_cb (void *opaque, const void *buffer, size_t length) { pid_t *pid = opaque; @@ -1533,7 +1533,7 @@ /* Callback used to get the protocool status line form a PREP_ENCRYPT or SENDER command. */ -static assuan_error_t +static gpg_error_t prep_foo_status_cb (void *opaque, const char *line) { protocol_t *protocol = opaque; From cvs at cvs.gnupg.org Tue Dec 8 23:36:03 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 23:36:03 +0100 Subject: [svn] GpgOL - r325 - trunk Message-ID: Author: marcus Date: 2009-12-08 23:36:03 +0100 (Tue, 08 Dec 2009) New Revision: 325 Added: trunk/gpgol-assuan-abi-2.patch Log: Add patch for new API. From cvs at cvs.gnupg.org Tue Dec 8 23:39:27 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 08 Dec 2009 23:39:27 +0100 Subject: [svn] gpgme - r1439 - trunk Message-ID: Author: marcus Date: 2009-12-08 23:39:27 +0100 (Tue, 08 Dec 2009) New Revision: 1439 Modified: trunk/ChangeLog Log: Forgotten file. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-12-08 21:38:22 UTC (rev 1438) +++ trunk/ChangeLog 2009-12-08 22:39:27 UTC (rev 1439) @@ -1,3 +1,14 @@ +2009-12-08 Marcus Brinkmann + + Update to libtool 2.2.6a. + * configure.ac: Invoke AC_CONFIG_MACRO_DIR. + (AC_LIBTOOL_WIN32_DLL, AC_LIBTOOL_RC): Replace by ... + (LT_PREREQ, LT_INIT, LT_LANG): ... these. + * config.guess, config.sub, install-sh, ltmain.sh, m4/libtool.m4: + Updated to libtool 2.2.6a. + * m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, + m4/lt~obsolete.m4: New files from libtool 2.2.6a. + 2009-11-10 Marcus Brinkmann * configure.ac: Activate UIServer if FD passing is enabled and From cvs at cvs.gnupg.org Wed Dec 9 12:21:18 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 09 Dec 2009 12:21:18 +0100 Subject: [svn] gcry - r1410 - in trunk: . cipher doc src tests Message-ID: Author: wk Date: 2009-12-09 12:21:17 +0100 (Wed, 09 Dec 2009) New Revision: 1410 Added: trunk/tests/aeswrap.c Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/cipher.c trunk/doc/gcrypt.texi trunk/src/ChangeLog trunk/src/gcrypt.h.in trunk/tests/ChangeLog trunk/tests/Makefile.am trunk/tests/benchmark.c Log: Implemented the AES-Wrap algorithm Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/cipher/ChangeLog 2009-12-09 11:21:17 UTC (rev 1410) @@ -1,3 +1,16 @@ +2009-12-09 Werner Koch + + * cipher.c (gcry_cipher_open): Allow for GCRY_CIPHER_MODE_AESWRAP. + (cipher_encrypt, cipher_decrypt): Ditto. + (do_aeswrap_encrypt, do_aeswrap_decrypt): New. + (struct gcry_cipher_handle): Add field marks. + (cipher_setkey, cipher_setiv): Update marks flags. + (cipher_reset): Reset marks. + (cipher_encrypt, cipher_decrypt): Add new arg OUTBUFLEN. + (gcry_cipher_encrypt, gcry_cipher_decrypt): Pass outbuflen to + cipher_encrypt. Replace GPG_ERR_TOO_SHORT by + GPG_ERR_BUFFER_TOO_SHORT. + 2009-08-21 Werner Koch * dsa.c (dsa_generate_ext): Release retfactors array before Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/src/ChangeLog 2009-12-09 11:21:17 UTC (rev 1410) @@ -1,3 +1,7 @@ +2009-12-08 Werner Koch + + * gcrypt.h.in (GCRY_CIPHER_MODE_AESWRAP): New. + 2009-12-08 Marcus Brinkmann * Makefile.am (LTRCCOMPILE): Refactor with ... Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/tests/ChangeLog 2009-12-09 11:21:17 UTC (rev 1410) @@ -1,3 +1,7 @@ +2009-12-09 Werner Koch + + * aeswrap.c: New. + 2009-07-09 Werner Koch * benchmark.c (progress_cb): New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/NEWS 2009-12-09 11:21:17 UTC (rev 1410) @@ -1,7 +1,13 @@ Noteworthy changes in version 1.5.x (unreleased) ------------------------------------------------ + * New cipher algorithm mode for AES-WRAP. + * Interface changes relative to the 1.4.2 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GCRY_CIPHER_MODE_AESWRAP NEW. + + Noteworthy changes in version 1.4.4 (2009-01-22) ------------------------------------------------ Modified: trunk/cipher/cipher.c =================================================================== --- trunk/cipher/cipher.c 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/cipher/cipher.c 2009-12-09 11:21:17 UTC (rev 1410) @@ -192,6 +192,11 @@ int mode; unsigned int flags; + struct { + unsigned int key:1; /* Set to 1 if a key has been set. */ + unsigned int iv:1; /* Set to 1 if ae IV has been set. */ + } marks; + /* The initialization vector. To help code optimization we make sure that it is aligned on an unsigned long and u32 boundary. */ union { @@ -724,6 +729,7 @@ case GCRY_CIPHER_MODE_CFB: case GCRY_CIPHER_MODE_OFB: case GCRY_CIPHER_MODE_CTR: + case GCRY_CIPHER_MODE_AESWRAP: if ((cipher->encrypt == dummy_encrypt_block) || (cipher->decrypt == dummy_decrypt_block)) err = GPG_ERR_INV_CIPHER_MODE; @@ -882,7 +888,10 @@ memcpy ((void *) ((char *) &c->context.c + c->cipher->contextsize), (void *) &c->context.c, c->cipher->contextsize); + c->marks.key = 1; } + else + c->marks.key = 0; return gcry_error (ret); } @@ -905,7 +914,10 @@ if (ivlen > c->cipher->blocksize) ivlen = c->cipher->blocksize; memcpy (c->u_iv.iv, iv, ivlen); + c->marks.iv = 1; } + else + c->marks.iv = 0; c->unused = 0; } @@ -918,6 +930,7 @@ memcpy (&c->context.c, (char *) &c->context.c + c->cipher->contextsize, c->cipher->contextsize); + memset (&c->marks, 0, sizeof c->marks); memset (c->u_iv.iv, 0, c->cipher->blocksize); memset (c->lastiv, 0, c->cipher->blocksize); memset (c->ctr, 0, c->cipher->blocksize); @@ -1391,63 +1404,241 @@ } +/* Perform the AES-Wrap algorithm as specified by RFC3394. We + implement this as a mode usable with any cipher algorithm of + blocksize 128. */ +static gcry_err_code_t +do_aeswrap_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, + const byte *inbuf, unsigned int inbuflen ) +{ + int j, x; + unsigned int n, i; + unsigned char *r, *a, *b; + unsigned char t[8]; + +#if MAX_BLOCKSIZE < 8 +#error Invalid block size +#endif + /* We require a cipher with a 128 bit block length. */ + if (c->cipher->blocksize != 16) + return GPG_ERR_INV_LENGTH; + + /* The output buffer must be able to hold the input data plus one + additional block. */ + if (outbuflen < inbuflen + 8) + return GPG_ERR_BUFFER_TOO_SHORT; + /* Input data must be multiple of 64 bits. */ + if (inbuflen % 8) + return GPG_ERR_INV_ARG; + + n = inbuflen / 8; + + /* We need at least two 64 bit blocks. */ + if (n < 2) + return GPG_ERR_INV_ARG; + + r = outbuf; + a = outbuf; /* We store A directly in OUTBUF. */ + b = c->ctr; /* B is also used to concatenate stuff. */ + + /* If an IV has been set we use that IV as the Alternative Initial + Value; if it has not been set we use the standard value. */ + if (c->marks.iv) + memcpy (a, c->u_iv.iv, 8); + else + memset (a, 0xa6, 8); + + /* Copy the inbuf to the outbuf. */ + memmove (r+8, inbuf, inbuflen); + + memset (t, 0, sizeof t); /* t := 0. */ + + for (j = 0; j <= 5; j++) + { + for (i = 1; i <= n; i++) + { + /* B := AES_k( A | R[i] ) */ + memcpy (b, a, 8); + memcpy (b+8, r+i*8, 8); + c->cipher->encrypt (&c->context.c, b, b); + /* t := t + 1 */ + for (x = 7; x >= 0; x--) + { + t[x]++; + if (t[x]) + break; + } + /* A := MSB_64(B) ^ t */ + for (x=0; x < 8; x++) + a[x] = b[x] ^ t[x]; + /* R[i] := LSB_64(B) */ + memcpy (r+i*8, b+8, 8); + } + } + + return 0; +} + +/* Perform the AES-Unwrap algorithm as specified by RFC3394. We + implement this as a mode usable with any cipher algorithm of + blocksize 128. */ +static gcry_err_code_t +do_aeswrap_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, + const byte *inbuf, unsigned int inbuflen) +{ + int j, x; + unsigned int n, i; + unsigned char *r, *a, *b; + unsigned char t[8]; + +#if MAX_BLOCKSIZE < 8 +#error Invalid block size +#endif + /* We require a cipher with a 128 bit block length. */ + if (c->cipher->blocksize != 16) + return GPG_ERR_INV_LENGTH; + + /* The output buffer must be able to hold the input data minus one + additional block. Fixme: The caller has more restrictive checks + - we may want to fix them for this mode. */ + if (outbuflen + 8 < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + /* Input data must be multiple of 64 bits. */ + if (inbuflen % 8) + return GPG_ERR_INV_ARG; + + n = inbuflen / 8; + + /* We need at least three 64 bit blocks. */ + if (n < 3) + return GPG_ERR_INV_ARG; + + r = outbuf; + a = c->lastiv; /* We use c->LASTIV as buffer for A. */ + b = c->ctr; /* B is also used to concatenate stuff. */ + + /* Copy the inbuf to the outbuf and save A. */ + memcpy (a, inbuf, 8); + memmove (r, inbuf+8, inbuflen-8); + n--; /* Reduce to actual number of data blocks. */ + + /* t := 6 * n */ + i = n * 6; /* The range is valid because: n = inbuflen / 8 - 1. */ + for (x=0; x < 8 && x < sizeof (i); x++) + t[7-x] = i >> (8*x); + for (; x < 8; x++) + t[7-x] = 0; + + for (j = 5; j >= 0; j--) + { + for (i = n; i >= 1; i--) + { + /* B := AES_k^1( (A ^ t)| R[i] ) */ + for (x = 0; x < 8; x++) + b[x] = a[x] ^ t[x]; + memcpy (b+8, r+(i-1)*8, 8); + c->cipher->decrypt (&c->context.c, b, b); + /* t := t - 1 */ + for (x = 7; x >= 0; x--) + { + t[x]--; + if (t[x] != 0xff) + break; + } + /* A := MSB_64(B) */ + memcpy (a, b, 8); + /* R[i] := LSB_64(B) */ + memcpy (r+(i-1)*8, b+8, 8); + } + } + + /* If an IV has been set we compare against this Alternative Initial + Value; if it has not been set we compare against the standard IV. */ + if (c->marks.iv) + j = memcmp (a, c->u_iv.iv, 8); + else + { + for (j=0, x=0; x < 8; x++) + if (a[x] != 0xa6) + { + j=1; + break; + } + } + return j? GPG_ERR_CHECKSUM : 0; +} + + /**************** * Encrypt INBUF to OUTBUF with the mode selected at open. * inbuf and outbuf may overlap or be the same. - * Depending on the mode some constraints apply to NBYTES. + * Depending on the mode some constraints apply to INBUFLEN. */ static gcry_err_code_t -cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, - const byte *inbuf, unsigned int nbytes) +cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, + const byte *inbuf, unsigned int inbuflen) { - gcry_err_code_t rc = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; - switch( c->mode ) { - case GCRY_CIPHER_MODE_ECB: - if (!(nbytes%c->cipher->blocksize)) - do_ecb_encrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize ); - else - rc = GPG_ERR_INV_ARG; - break; - case GCRY_CIPHER_MODE_CBC: - if (!(nbytes%c->cipher->blocksize) - || (nbytes > c->cipher->blocksize - && (c->flags & GCRY_CIPHER_CBC_CTS))) - do_cbc_encrypt(c, outbuf, inbuf, nbytes ); - else - rc = GPG_ERR_INV_ARG; - break; - case GCRY_CIPHER_MODE_CFB: - do_cfb_encrypt(c, outbuf, inbuf, nbytes ); - break; - case GCRY_CIPHER_MODE_OFB: - do_ofb_encrypt(c, outbuf, inbuf, nbytes ); - break; - case GCRY_CIPHER_MODE_CTR: - do_ctr_encrypt(c, outbuf, inbuf, nbytes ); - break; - case GCRY_CIPHER_MODE_STREAM: - c->cipher->stencrypt ( &c->context.c, - outbuf, (byte*)/*arggg*/inbuf, nbytes ); - break; - case GCRY_CIPHER_MODE_NONE: - if (fips_mode () || !_gcry_get_debug_flag (0)) - { - fips_signal_error ("cipher mode NONE used"); - rc = GPG_ERR_INV_CIPHER_MODE; - } - else - { - if ( inbuf != outbuf ) - memmove (outbuf, inbuf, nbytes); - } - break; - default: - log_fatal("cipher_encrypt: invalid mode %d\n", c->mode ); - rc = GPG_ERR_INV_CIPHER_MODE; - break; + switch (c->mode) + { + case GCRY_CIPHER_MODE_ECB: + if (!(inbuflen % c->cipher->blocksize)) + do_ecb_encrypt(c, outbuf, inbuf, inbuflen/c->cipher->blocksize ); + else + rc = GPG_ERR_INV_ARG; + break; + + case GCRY_CIPHER_MODE_CBC: + if (!(inbuflen % c->cipher->blocksize) + || (inbuflen > c->cipher->blocksize + && (c->flags & GCRY_CIPHER_CBC_CTS))) + do_cbc_encrypt(c, outbuf, inbuf, inbuflen ); + else + rc = GPG_ERR_INV_ARG; + break; + + case GCRY_CIPHER_MODE_CFB: + do_cfb_encrypt(c, outbuf, inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_OFB: + do_ofb_encrypt(c, outbuf, inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_CTR: + do_ctr_encrypt(c, outbuf, inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_AESWRAP: + rc = do_aeswrap_encrypt (c, outbuf, outbuflen, inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_STREAM: + c->cipher->stencrypt (&c->context.c, + outbuf, (byte*)/*arggg*/inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_NONE: + if (fips_mode () || !_gcry_get_debug_flag (0)) + { + fips_signal_error ("cipher mode NONE used"); + rc = GPG_ERR_INV_CIPHER_MODE; + } + else + { + if ( inbuf != outbuf ) + memmove (outbuf, inbuf, inbuflen); + } + break; + + default: + log_fatal ("cipher_encrypt: invalid mode %d\n", c->mode ); + rc = GPG_ERR_INV_CIPHER_MODE; + break; } - return rc; + + return rc; } @@ -1463,14 +1654,12 @@ if (!in) { - /* Caller requested in-place encryption. */ - /* Actually cipher_encrypt() does not need to know about it, but - * we may change it in the future to get better performance. */ - err = cipher_encrypt (h, out, out, outsize); + /* Caller requested in-place encryption. */ + err = cipher_encrypt (h, out, outsize, out, outsize); } else if (outsize < ((h->flags & GCRY_CIPHER_CBC_MAC) ? h->cipher->blocksize : inlen)) - err = GPG_ERR_TOO_SHORT; + err = GPG_ERR_BUFFER_TOO_SHORT; else if ((h->mode == GCRY_CIPHER_MODE_ECB || (h->mode == GCRY_CIPHER_MODE_CBC && (! ((h->flags & GCRY_CIPHER_CBC_CTS) @@ -1478,12 +1667,12 @@ && (inlen % h->cipher->blocksize)) err = GPG_ERR_INV_ARG; else - err = cipher_encrypt (h, out, in, inlen); + err = cipher_encrypt (h, out, outsize, in, inlen); + /* Failsafe: Make sure that the plaintext will never make it into + OUT if the encryption returned an error. */ if (err && out) - memset (out, 0x42, outsize); /* Failsafe: Make sure that the - plaintext will never make it into - OUT. */ + memset (out, 0x42, outsize); return gcry_error (err); } @@ -1496,57 +1685,70 @@ * Depending on the mode some some contraints apply to NBYTES. */ static gcry_err_code_t -cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf, - unsigned int nbytes) +cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, + const byte *inbuf, unsigned int inbuflen) { - gcry_err_code_t rc = GPG_ERR_NO_ERROR; + gcry_err_code_t rc = 0; - switch( c->mode ) { - case GCRY_CIPHER_MODE_ECB: - if (!(nbytes%c->cipher->blocksize)) - do_ecb_decrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize ); - else - rc = GPG_ERR_INV_ARG; - break; - case GCRY_CIPHER_MODE_CBC: - if (!(nbytes%c->cipher->blocksize) - || (nbytes > c->cipher->blocksize - && (c->flags & GCRY_CIPHER_CBC_CTS))) - do_cbc_decrypt(c, outbuf, inbuf, nbytes ); - else - rc = GPG_ERR_INV_ARG; - break; - case GCRY_CIPHER_MODE_CFB: - do_cfb_decrypt(c, outbuf, inbuf, nbytes ); - break; - case GCRY_CIPHER_MODE_OFB: - do_ofb_decrypt(c, outbuf, inbuf, nbytes ); - break; - case GCRY_CIPHER_MODE_CTR: - do_ctr_decrypt(c, outbuf, inbuf, nbytes ); - break; - case GCRY_CIPHER_MODE_STREAM: - c->cipher->stdecrypt ( &c->context.c, - outbuf, (byte*)/*arggg*/inbuf, nbytes ); - break; - case GCRY_CIPHER_MODE_NONE: - if (fips_mode () || !_gcry_get_debug_flag (0)) - { - fips_signal_error ("cipher mode NONE used"); - rc = GPG_ERR_INV_CIPHER_MODE; - } - else - { - if (inbuf != outbuf) - memmove (outbuf, inbuf, nbytes); - } - break; - default: - log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode ); - rc = GPG_ERR_INV_CIPHER_MODE; - break; + switch (c->mode) + { + case GCRY_CIPHER_MODE_ECB: + if (!(inbuflen % c->cipher->blocksize)) + do_ecb_decrypt (c, outbuf, inbuf, inbuflen/c->cipher->blocksize ); + else + rc = GPG_ERR_INV_ARG; + break; + + case GCRY_CIPHER_MODE_CBC: + if (!(inbuflen % c->cipher->blocksize) + || (inbuflen > c->cipher->blocksize + && (c->flags & GCRY_CIPHER_CBC_CTS))) + do_cbc_decrypt (c, outbuf, inbuf, inbuflen ); + else + rc = GPG_ERR_INV_ARG; + break; + + case GCRY_CIPHER_MODE_CFB: + do_cfb_decrypt (c, outbuf, inbuf, inbuflen ); + + break; + case GCRY_CIPHER_MODE_OFB: + do_ofb_decrypt (c, outbuf, inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_CTR: + do_ctr_decrypt (c, outbuf, inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_AESWRAP: + rc = do_aeswrap_decrypt (c, outbuf, outbuflen, inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_STREAM: + c->cipher->stdecrypt (&c->context.c, + outbuf, (byte*)/*arggg*/inbuf, inbuflen ); + break; + + case GCRY_CIPHER_MODE_NONE: + if (fips_mode () || !_gcry_get_debug_flag (0)) + { + fips_signal_error ("cipher mode NONE used"); + rc = GPG_ERR_INV_CIPHER_MODE; + } + else + { + if (inbuf != outbuf) + memmove (outbuf, inbuf, inbuflen); + } + break; + + default: + log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode ); + rc = GPG_ERR_INV_CIPHER_MODE; + break; } - return rc; + + return rc; } @@ -1559,12 +1761,15 @@ if (!in) { /* Caller requested in-place encryption. */ - /* Actually cipher_encrypt() does not need to know about it, but - * we may change it in the future to get better performance. */ - err = cipher_decrypt (h, out, out, outsize); + err = cipher_decrypt (h, out, outsize, out, outsize); } - else if (outsize < inlen) - err = GPG_ERR_TOO_SHORT; + else if (outsize < inlen && h->mode != GCRY_CIPHER_MODE_AESWRAP) + { + /* Note that do_aeswrap_decrypt does its own length checking. + Fixme: we should move all buffer length checkings to teh + actual decryption functions. */ + err = GPG_ERR_BUFFER_TOO_SHORT; + } else if (((h->mode == GCRY_CIPHER_MODE_ECB) || ((h->mode == GCRY_CIPHER_MODE_CBC) && (! ((h->flags & GCRY_CIPHER_CBC_CTS) @@ -1572,7 +1777,7 @@ && (inlen % h->cipher->blocksize) != 0) err = GPG_ERR_INV_ARG; else - err = cipher_decrypt (h, out, in, inlen); + err = cipher_decrypt (h, out, outsize, in, inlen); return gcry_error (err); } Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/doc/gcrypt.texi 2009-12-09 11:21:17 UTC (rev 1410) @@ -1644,6 +1644,20 @@ @cindex CTR, Counter mode Counter mode. + at item GCRY_CIPHER_MODE_AESWRAP + at cindex AES-Wrap mode +This mode is used to implement the AES-Wrap algorithm according to +RFC-3394. It may be used with any 128 bit block length algorithm, +however the specs require one of the 3 AES algorithms. These special +conditions apply: If @code{gcry_cipher_setiv} has not been used the +standard IV is used; if it has been used the lower 64 bit of the IV +are used as the Alternative Initial Value. On encryption the provided +output buffer must be 64 bit (8 byte) larger than the input buffer; +in-place encryption is still allowed. On decryption the output buffer +may be specified 64 bit (8 byte) shorter than then input buffer. As +per specs the input length must be at least 128 bits and the length +must be a multiple of 64 bits. + @end table @node Working with cipher handles Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/src/gcrypt.h.in 2009-12-09 11:21:17 UTC (rev 1410) @@ -849,7 +849,8 @@ GCRY_CIPHER_MODE_CBC = 3, /* Cipher block chaining. */ GCRY_CIPHER_MODE_STREAM = 4, /* Used with stream ciphers. */ GCRY_CIPHER_MODE_OFB = 5, /* Outer feedback. */ - GCRY_CIPHER_MODE_CTR = 6 /* Counter. */ + GCRY_CIPHER_MODE_CTR = 6, /* Counter. */ + GCRY_CIPHER_MODE_AESWRAP= 7 /* AES-WRAP algorithm. */ }; /* Flags used with the open function. */ Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/tests/Makefile.am 2009-12-09 11:21:17 UTC (rev 1410) @@ -19,7 +19,7 @@ ## Process this file with automake to produce Makefile.in TESTS = version t-mpi-bit prime register ac ac-schemes ac-data basic \ - mpitests tsexp keygen pubkey hmac keygrip fips186-dsa + mpitests tsexp keygen pubkey hmac keygrip fips186-dsa aeswrap # random.c uses fork() thus a test for W32 does not make any sense. Added: trunk/tests/aeswrap.c =================================================================== --- trunk/tests/aeswrap.c (rev 0) +++ trunk/tests/aeswrap.c 2009-12-09 11:21:17 UTC (rev 1410) @@ -0,0 +1,259 @@ +/* aeswrap.c - AESWRAP mode regression tests + * Copyright (C) 2009 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include + +#include "../src/gcrypt.h" + +static int verbose; +static int error_count; + +static void +fail (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + error_count++; +} + +static void +die (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + exit (1); +} + + + +static void +check (int algo, + const void *kek, size_t keklen, + const void *data, size_t datalen, + const void *expected, size_t expectedlen) +{ + gcry_error_t err; + gcry_cipher_hd_t hd; + unsigned char outbuf[32+8]; + size_t outbuflen; + + err = gcry_cipher_open (&hd, algo, GCRY_CIPHER_MODE_AESWRAP, 0); + if (err) + { + fail ("gcrypt_cipher_open failed: %s\n", gpg_strerror (err)); + return; + } + + err = gcry_cipher_setkey (hd, kek, keklen); + if (err) + { + fail ("grcy_cipher_setkey failed: %s\n", gpg_strerror (err)); + return; + } + + outbuflen = datalen + 8; + if (outbuflen > sizeof outbuf) + err = gpg_error (GPG_ERR_INTERNAL); + else + err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, datalen); + if (err) + { + fail ("grcy_cipher_encrypt failed: %s\n", gpg_strerror (err)); + return; + } + + if (outbuflen != expectedlen || memcmp (outbuf, expected, expectedlen)) + { + const unsigned char *s; + int i; + + fail ("mismatch at encryption!\n"); + fprintf (stderr, "computed: "); + for (i = 0; i < outbuflen; i++) + fprintf (stderr, "%02x ", outbuf[i]); + fprintf (stderr, "\nexpected: "); + for (s = expected, i = 0; i < expectedlen; s++, i++) + fprintf (stderr, "%02x ", *s); + putc ('\n', stderr); + } + + + outbuflen = expectedlen - 8; + if (outbuflen > sizeof outbuf) + err = gpg_error (GPG_ERR_INTERNAL); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen); + if (err) + { + fail ("grcy_cipher_decrypt failed: %s\n", gpg_strerror (err)); + return; + } + + if (outbuflen != datalen || memcmp (outbuf, data, datalen)) + { + const unsigned char *s; + int i; + + fail ("mismatch at decryption!\n"); + fprintf (stderr, "computed: "); + for (i = 0; i < outbuflen; i++) + fprintf (stderr, "%02x ", outbuf[i]); + fprintf (stderr, "\nexpected: "); + for (s = data, i = 0; i < datalen; s++, i++) + fprintf (stderr, "%02x ", *s); + putc ('\n', stderr); + } + + /* Now the last step again with a key reset. */ + gcry_cipher_reset (hd); + + outbuflen = expectedlen - 8; + if (outbuflen > sizeof outbuf) + err = gpg_error (GPG_ERR_INTERNAL); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen); + if (err) + { + fail ("grcy_cipher_decrypt(2) failed: %s\n", gpg_strerror (err)); + return; + } + + if (outbuflen != datalen || memcmp (outbuf, data, datalen)) + fail ("mismatch at decryption(2)!\n"); + + /* And once ore without a key reset. */ + outbuflen = expectedlen - 8; + if (outbuflen > sizeof outbuf) + err = gpg_error (GPG_ERR_INTERNAL); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen); + if (err) + { + fail ("grcy_cipher_decrypt(3) failed: %s\n", gpg_strerror (err)); + return; + } + + if (outbuflen != datalen || memcmp (outbuf, data, datalen)) + fail ("mismatch at decryption(3)!\n"); + + gcry_cipher_close (hd); +} + + +static void +check_all (void) +{ + if (verbose) + fprintf (stderr, "4.1 Wrap 128 bits of Key Data with a 128-bit KEK\n"); + check + (GCRY_CIPHER_AES128, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 16, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", 16, + "\x1F\xA6\x8B\x0A\x81\x12\xB4\x47\xAE\xF3\x4B\xD8\xFB\x5A\x7B\x82" + "\x9D\x3E\x86\x23\x71\xD2\xCF\xE5", 24); + + if (verbose) + fprintf (stderr, "4.2 Wrap 128 bits of Key Data with a 192-bit KEK\n"); + check + (GCRY_CIPHER_AES192, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17", 24, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", 16, + "\x96\x77\x8B\x25\xAE\x6C\xA4\x35\xF9\x2B\x5B\x97\xC0\x50\xAE\xD2" + "\x46\x8A\xB8\xA1\x7A\xD8\x4E\x5D", 24); + + if (verbose) + fprintf (stderr, "4.3 Wrap 128 bits of Key Data with a 256-bit KEK\n"); + check + (GCRY_CIPHER_AES256, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", 32, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", 16, + "\x64\xE8\xC3\xF9\xCE\x0F\x5B\xA2\x63\xE9\x77\x79\x05\x81\x8A\x2A" + "\x93\xC8\x19\x1E\x7D\x6E\x8A\xE7", 24); + + if (verbose) + fprintf (stderr, "4.4 Wrap 192 bits of Key Data with a 192-bit KEK\n"); + check + (GCRY_CIPHER_AES192, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17", 24, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + "\x00\x01\x02\x03\x04\x05\x06\x07", 24, + "\x03\x1D\x33\x26\x4E\x15\xD3\x32\x68\xF2\x4E\xC2\x60\x74\x3E\xDC" + "\xE1\xC6\xC7\xDD\xEE\x72\x5A\x93\x6B\xA8\x14\x91\x5C\x67\x62\xD2", 32); + + if (verbose) + fprintf (stderr, "4.5 Wrap 192 bits of Key Data with a 256-bit KEK\n"); + check + (GCRY_CIPHER_AES256, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", 32, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + "\x00\x01\x02\x03\x04\x05\x06\x07", 24, + "\xA8\xF9\xBC\x16\x12\xC6\x8B\x3F\xF6\xE6\xF4\xFB\xE3\x0E\x71\xE4" + "\x76\x9C\x8B\x80\xA3\x2C\xB8\x95\x8C\xD5\xD1\x7D\x6B\x25\x4D\xA1", 32); + + if (verbose) + fprintf (stderr, "4.6 Wrap 256 bits of Key Data with a 256-bit KEK\n"); + check + (GCRY_CIPHER_AES, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", 32, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 32, + "\x28\xC9\xF4\x04\xC4\xB8\x10\xF4\xCB\xCC\xB3\x5C\xFB\x87\xF8\x26" + "\x3F\x57\x86\xE2\xD8\x0E\xD3\x26\xCB\xC7\xF0\xE7\x1A\x99\xF4\x3B" + "\xFB\x98\x8B\x9B\x7A\x02\xDD\x21", 40); +} + +int +main (int argc, char **argv) +{ + int debug = 0; + + if (argc > 1 && !strcmp (argv[1], "--verbose")) + verbose = 1; + else if (argc > 1 && !strcmp (argv[1], "--debug")) + verbose = debug = 1; + + if (!gcry_check_version (GCRYPT_VERSION)) + die ("version mismatch\n"); + + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + check_all (); + + return error_count ? 1 : 0; +} Modified: trunk/tests/benchmark.c =================================================================== --- trunk/tests/benchmark.c 2009-12-08 20:36:35 UTC (rev 1409) +++ trunk/tests/benchmark.c 2009-12-09 11:21:17 UTC (rev 1410) @@ -1092,7 +1092,8 @@ if (use_random_daemon) gcry_control (GCRYCTL_USE_RANDOM_DAEMON, 1); - gcry_set_progress_handler (progress_cb, NULL); + if (with_progress) + gcry_set_progress_handler (progress_cb, NULL); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); From cvs at cvs.gnupg.org Wed Dec 9 16:53:26 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 09 Dec 2009 16:53:26 +0100 Subject: [svn] gcry - r1411 - trunk/mpi Message-ID: Author: wk Date: 2009-12-09 16:53:26 +0100 (Wed, 09 Dec 2009) New Revision: 1411 Modified: trunk/mpi/ChangeLog trunk/mpi/config.links Log: Disable all sparc64 asm stuff Modified: trunk/mpi/ChangeLog =================================================================== --- trunk/mpi/ChangeLog 2009-12-09 11:21:17 UTC (rev 1410) +++ trunk/mpi/ChangeLog 2009-12-09 15:53:26 UTC (rev 1411) @@ -1,3 +1,8 @@ +2009-12-09 Werner Koch + + * config.links: Remove asm modules for all sparc64. This is + debian#560028. + 2009-05-26 Werner Koch * mpicoder.c (mpi_read_from_buffer): Allow zero-sized MPIs (i.e a Modified: trunk/mpi/config.links =================================================================== --- trunk/mpi/config.links 2009-12-09 11:21:17 UTC (rev 1410) +++ trunk/mpi/config.links 2009-12-09 15:53:26 UTC (rev 1411) @@ -138,17 +138,12 @@ mpi_extra_modules="udiv-qrnnd" ;; sparc64-*-linux-gnu) - # An extra rule because we have an report for this one only. - # Should be compared against the next GMP version - echo '/* configured for sparc64-*-linux-gnu */' >>./mpi/asm-syntax.h - path="sparc32v8 sparc32" - mpi_extra_modules="udiv" + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" ;; sparc64-sun-solaris2*) - # Got a report that udiv is missing, so we try this one - echo '/* configured for sparc64-sun-solaris2 */' >>./mpi/asm-syntax.h - path="sparc32v8 sparc32" - mpi_extra_modules="udiv" + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" ;; sparc64-*-netbsd* | sparc64-*-freebsd* | sparc64-*-openbsd*) # There are no sparc64 assembler modules that work on the @@ -156,8 +151,11 @@ echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h path="" ;; + sparc64*-*-*) + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" + ;; sparc9*-*-* | \ - sparc64*-*-* | \ ultrasparc*-*-* ) echo '/* configured for sparc9 or higher */' >>./mpi/asm-syntax.h path="sparc32v8 sparc32" From cvs at cvs.gnupg.org Wed Dec 9 16:56:45 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 09 Dec 2009 16:56:45 +0100 Subject: [svn] GnuPG - r5222 - in branches/STABLE-BRANCH-1-4: . mpi Message-ID: Author: wk Date: 2009-12-09 16:56:45 +0100 (Wed, 09 Dec 2009) New Revision: 5222 Modified: branches/STABLE-BRANCH-1-4/TODO branches/STABLE-BRANCH-1-4/mpi/ChangeLog branches/STABLE-BRANCH-1-4/mpi/config.links Log: Remove sparc64 asm modules Modified: branches/STABLE-BRANCH-1-4/mpi/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/mpi/ChangeLog 2009-12-08 18:11:48 UTC (rev 5221) +++ branches/STABLE-BRANCH-1-4/mpi/ChangeLog 2009-12-09 15:56:45 UTC (rev 5222) @@ -1,3 +1,8 @@ +2009-12-09 Werner Koch + + * config.links: Remove asm modules for all sparc64. This is + related to debian#560028. + 2008-03-25 Werner Koch * config.links (mpi_sflags): Powerpc64 needs to come even before Modified: branches/STABLE-BRANCH-1-4/TODO =================================================================== --- branches/STABLE-BRANCH-1-4/TODO 2009-12-08 18:11:48 UTC (rev 5221) +++ branches/STABLE-BRANCH-1-4/TODO 2009-12-09 15:56:45 UTC (rev 5222) @@ -1,73 +1,83 @@ - * Using an expired key for signing should give an error message - "expired key" and not "unusable key'. Furthermore the error should - also be thrown when the default key has expired. Reported by - Eric.VanBuggenhaut add AdValvas.be. + -*- org -*- - * pause scrolling help in --edit-key and elsewhere. +* Using an expired key for signing should give an error message + "expired key" and not "unusable key'. Furthermore the error should + also be thrown when the default key has expired. Reported by + Eric.VanBuggenhaut add AdValvas.be. - * getkey does not return revoked/expired keys - therefore it is not - possible to override it. +* pause scrolling help in --edit-key and elsewhere. - * Selection using +wordlist does not work. - What about adding a feature -word to the +wordlist search mode. +* getkey does not return revoked/expired keys - therefore it is not + possible to override it. - * Check the changes to the gpg random gatherer on all W32 platforms. +* Selection using +wordlist does not work. + What about adding a feature -word to the +wordlist search mode. - * Show more info does not work from edit->trust. We should give more - information on the user ID under question while running - --update-trustdb. +* Check the changes to the gpg random gatherer on all W32 platforms. - * Check that no secret temporary results are stored in the result parameter - of the mpi functions. We have already done this for mpi-mul.c +* Show more info does not work from edit->trust. We should give more + information on the user ID under question while running + --update-trustdb. - * We need another special packet at the end of a clearsign message to mark - it's end and allow for multiple signature for one message. And - add a real grammar to the code in mainproc.c +* Check that no secret temporary results are stored in the result parameter + of the mpi functions. We have already done this for mpi-mul.c - * Fix the bug in the mips assembler code +* We need another special packet at the end of a clearsign message to mark + it's end and allow for multiple signature for one message. And + add a real grammar to the code in mainproc.c - * Add a way to show the fingerprint of an key signator's keys +* Fix the bug in the mips assembler code - * Concatenated encryption messages don't work corectly - only the - first one is processed. +* Add a way to show the fingerprint of an key signator's keys - * Add option to put the list of recipients (from the encryption - layer) into the signatures notation data. +* Concatenated encryption messages don't work corectly - only the + first one is processed. - * --disable-asm should still assemble _udiv_qrnnd when needed +* Add option to put the list of recipients (from the encryption + layer) into the signatures notation data. - * the pubkey encrypt functions should do some sanity checks. +* --disable-asm should still assemble _udiv_qrnnd when needed - * "gpg filename.tar.gz.asc" should work like --verify (-sab). +* the pubkey encrypt functions should do some sanity checks. - * for messages created with "-t", it might make sense to append the - verification status of the message to the output (i.e. write something to - the --output file and not only to stderr. However the problem is - that we consider the message transpatrent and don't have any - indication of the used character set. To implement this feature - we need to make sure that all output is plain 7 bit ascii but - given that we need to print a user name, this does not make sense - at all. The only way this can be implemented is by assuming that - the message is encoded in utf8 and hope tht everyone starts to use - utf8 instead of latin-1 or whatever RSN. Hmmm, I myself should - start with this. +* "gpg filename.tar.gz.asc" should work like --verify (-sab). - * keyflags don't distinguish between {certify,signature}-only. +* for messages created with "-t", it might make sense to append the + verification status of the message to the output (i.e. write something to + the --output file and not only to stderr. However the problem is + that we consider the message transpatrent and don't have any + indication of the used character set. To implement this feature + we need to make sure that all output is plain 7 bit ascii but + given that we need to print a user name, this does not make sense + at all. The only way this can be implemented is by assuming that + the message is encoded in utf8 and hope tht everyone starts to use + utf8 instead of latin-1 or whatever RSN. Hmmm, I myself should + start with this. - * cat foo | gpg --sign | gpg --list-packets - Does not list the signature packet. +* keyflags don't distinguish between {certify,signature}-only. - * When presenting the result of a verification show the user ID with - the highest trust level first instead of the primary one. +* cat foo | gpg --sign | gpg --list-packets + Does not list the signature packet. - * allow the use of option in gpg.conf. +* When presenting the result of a verification show the user ID with + the highest trust level first instead of the primary one. - * Add the NEWSIG status. +* allow the use of option in gpg.conf. - * Delete a card key as well as a wiping. +* Add the NEWSIG status. - * passphrase_to_dek does not return NULL after a cancel. There is +* Delete a card key as well as a wiping. + +* passphrase_to_dek does not return NULL after a cancel. There is no way to issue a cancel when unsing the CLI - this would however be a Good Thing when used with mixed symkey/pubkey encrypted messages. See comment in mainproc.c:proc_symkey_enc. Note, that this has been fixed in 2.0.2 - we should backport it. + +* Backport from GnuPG-2: + + 2009-09-04 Werner Koch + + * keyedit.c (menu_select_uid): Use IDX ==-1 t select all. + (menu_select_key): Ditto. + (keyedit_menu) : Allow '*' to select all. Modified: branches/STABLE-BRANCH-1-4/mpi/config.links =================================================================== --- branches/STABLE-BRANCH-1-4/mpi/config.links 2009-12-08 18:11:48 UTC (rev 5221) +++ branches/STABLE-BRANCH-1-4/mpi/config.links 2009-12-09 15:56:45 UTC (rev 5222) @@ -124,26 +124,24 @@ mpi_extra_modules="udiv-qrnnd" ;; sparc64-*-linux-gnu) - # An extra rule because we have an report for this one only. - # Should be compared against the next GMP version - echo '/* configured for sparc64-*-linux-gnu */' >>./mpi/asm-syntax.h - path="sparc32v8 sparc32" - mpi_extra_modules="udiv" - ;; + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" + ;; sparc64-sun-solaris2*) - # Got a report that udiv is missing, so we try this one - echo '/* configured for sparc64-sun-solaris2 */' >>./mpi/asm-syntax.h - path="sparc32v8 sparc32" - mpi_extra_modules="udiv" - ;; + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" + ;; sparc64-*-netbsd* | sparc64-*-freebsd* | sparc64-*-openbsd*) # There are no sparc64 assembler modules that work on the # *BSDs, so use the generic C functions. echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h path="" ;; + sparc64*-*-*) + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" + ;; sparc9*-*-* | \ - sparc64*-*-* | \ ultrasparc*-*-* ) echo '/* configured for sparc9 or higher */' >>./mpi/asm-syntax.h path="sparc32v8 sparc32" From cvs at cvs.gnupg.org Wed Dec 9 16:57:10 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 09 Dec 2009 16:57:10 +0100 Subject: [svn] gcry - r1412 - branches/LIBGCRYPT-1-4-BRANCH/mpi Message-ID: Author: wk Date: 2009-12-09 16:57:10 +0100 (Wed, 09 Dec 2009) New Revision: 1412 Modified: branches/LIBGCRYPT-1-4-BRANCH/mpi/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/mpi/config.links Log: Remove sparc64 asm modules Modified: branches/LIBGCRYPT-1-4-BRANCH/mpi/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/mpi/ChangeLog 2009-12-09 15:53:26 UTC (rev 1411) +++ branches/LIBGCRYPT-1-4-BRANCH/mpi/ChangeLog 2009-12-09 15:57:10 UTC (rev 1412) @@ -1,3 +1,8 @@ +2009-12-09 Werner Koch + + * config.links: Remove asm modules for all sparc64. This is + debian#560028. + 2008-12-05 Werner Koch * mpicoder.c (mpi_read_from_buffer): Do not bail out if the mpi is Modified: branches/LIBGCRYPT-1-4-BRANCH/mpi/config.links =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/mpi/config.links 2009-12-09 15:53:26 UTC (rev 1411) +++ branches/LIBGCRYPT-1-4-BRANCH/mpi/config.links 2009-12-09 15:57:10 UTC (rev 1412) @@ -138,17 +138,12 @@ mpi_extra_modules="udiv-qrnnd" ;; sparc64-*-linux-gnu) - # An extra rule because we have an report for this one only. - # Should be compared against the next GMP version - echo '/* configured for sparc64-*-linux-gnu */' >>./mpi/asm-syntax.h - path="sparc32v8 sparc32" - mpi_extra_modules="udiv" + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" ;; sparc64-sun-solaris2*) - # Got a report that udiv is missing, so we try this one - echo '/* configured for sparc64-sun-solaris2 */' >>./mpi/asm-syntax.h - path="sparc32v8 sparc32" - mpi_extra_modules="udiv" + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" ;; sparc64-*-netbsd* | sparc64-*-freebsd* | sparc64-*-openbsd*) # There are no sparc64 assembler modules that work on the @@ -156,8 +151,11 @@ echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h path="" ;; + sparc64*-*-*) + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" + ;; sparc9*-*-* | \ - sparc64*-*-* | \ ultrasparc*-*-* ) echo '/* configured for sparc9 or higher */' >>./mpi/asm-syntax.h path="sparc32v8 sparc32" From cvs at cvs.gnupg.org Thu Dec 10 10:49:47 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 10 Dec 2009 10:49:47 +0100 Subject: [svn] gpgme - r1440 - in trunk: . src Message-ID: Author: wk Date: 2009-12-10 10:49:47 +0100 (Thu, 10 Dec 2009) New Revision: 1440 Modified: trunk/ChangeLog trunk/configure.ac trunk/src/ChangeLog trunk/src/debug.c Log: Test on sgid process Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-12-08 22:39:27 UTC (rev 1439) +++ trunk/ChangeLog 2009-12-10 09:49:47 UTC (rev 1440) @@ -1,3 +1,7 @@ +2009-12-10 Werner Koch + + * configure.ac: Check for getgid and getegid. + 2009-12-08 Marcus Brinkmann Update to libtool 2.2.6a. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 22:39:27 UTC (rev 1439) +++ trunk/src/ChangeLog 2009-12-10 09:49:47 UTC (rev 1440) @@ -1,3 +1,7 @@ +2009-12-10 Werner Koch + + * debug.c (debug_init): Test on sgid process. + 2009-12-08 Marcus Brinkmann * Makefile.am (LTRCCOMPILE): Refactor with ... @@ -5810,7 +5814,7 @@ * wait.c: Include `engine.h'. (run_idle): Call _gpgme_engine_housecleaning(), not _gpgme_gpg_housecleaning(). - + 2001-12-18 Marcus Brinkmann * key.c (_gpgme_key_append_name): Append, not prepend, the uid. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2009-12-08 22:39:27 UTC (rev 1439) +++ trunk/configure.ac 2009-12-10 09:49:47 UTC (rev 1440) @@ -746,6 +746,10 @@ fi fi +# Check for getgid etc +AC_CHECK_FUNCS(getgid getegid) + + # Replacement functions. AC_REPLACE_FUNCS(stpcpy) # Check for unistd.h for setenv replacement function. Modified: trunk/src/debug.c =================================================================== --- trunk/src/debug.c 2009-12-08 22:39:27 UTC (rev 1439) +++ trunk/src/debug.c 2009-12-10 09:49:47 UTC (rev 1440) @@ -131,7 +131,11 @@ if (s1) { #ifndef HAVE_DOSISH_SYSTEM - if (getuid () == geteuid ()) + if (getuid () == geteuid () +#if defined(HAVE_GETGID) && defined(HAVE_GETEGID) + && getgid () == getegid () +#endif + ) { #endif char *p; From cvs at cvs.gnupg.org Thu Dec 10 12:43:47 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 10 Dec 2009 12:43:47 +0100 Subject: [svn] gcry - r1413 - in branches/LIBGCRYPT-1-4-BRANCH: . random Message-ID: Author: wk Date: 2009-12-10 12:43:47 +0100 (Thu, 10 Dec 2009) New Revision: 1413 Modified: branches/LIBGCRYPT-1-4-BRANCH/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/NEWS branches/LIBGCRYPT-1-4-BRANCH/configure.ac branches/LIBGCRYPT-1-4-BRANCH/random/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/random/rndw32.c Log: Try a fix for bug#1167 Modified: branches/LIBGCRYPT-1-4-BRANCH/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/ChangeLog 2009-12-09 15:57:10 UTC (rev 1412) +++ branches/LIBGCRYPT-1-4-BRANCH/ChangeLog 2009-12-10 11:43:47 UTC (rev 1413) @@ -1,7 +1,7 @@ 2009-01-22 Werner Koch Release 1.4.4. - + * configure.ac: Bump LT version to C16/A5/R2. 2008-10-30 Werner Koch Modified: branches/LIBGCRYPT-1-4-BRANCH/random/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/random/ChangeLog 2009-12-09 15:57:10 UTC (rev 1412) +++ branches/LIBGCRYPT-1-4-BRANCH/random/ChangeLog 2009-12-10 11:43:47 UTC (rev 1413) @@ -1,3 +1,10 @@ +2009-12-10 Werner Koch + + * rndw32.c (system_is_w2000): New. + (_gcry_rndw32_gather_random): Set it. + (slow_gatherer): Ignore SystemObjectInformation on W2000. Fixes + bug#1167. + 2009-06-24 Werner Koch * rndhw.c (poll_padlock): Asm change from Fedora. @@ -129,4 +136,4 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - \ No newline at end of file + Modified: branches/LIBGCRYPT-1-4-BRANCH/NEWS =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/NEWS 2009-12-09 15:57:10 UTC (rev 1412) +++ branches/LIBGCRYPT-1-4-BRANCH/NEWS 2009-12-10 11:43:47 UTC (rev 1413) @@ -1,3 +1,15 @@ +Noteworthy changes in version 1.4.5 (unreleased) +------------------------------------------------ + + * Fix minor memory leak in DSA key generation. + + * No switch into FIPS mode if /proc/version is not readable. + + * Fix sigill during Padlock detection on old CPUs. + + * Fix a hang on some W2000 machines. + + Noteworthy changes in version 1.4.4 (2009-01-22) ------------------------------------------------ Modified: branches/LIBGCRYPT-1-4-BRANCH/configure.ac =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/configure.ac 2009-12-09 15:57:10 UTC (rev 1412) +++ branches/LIBGCRYPT-1-4-BRANCH/configure.ac 2009-12-10 11:43:47 UTC (rev 1413) @@ -26,8 +26,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.4.4]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.4.5]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) Modified: branches/LIBGCRYPT-1-4-BRANCH/random/rndw32.c =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/random/rndw32.c 2009-12-09 15:57:10 UTC (rev 1412) +++ branches/LIBGCRYPT-1-4-BRANCH/random/rndw32.c 2009-12-10 11:43:47 UTC (rev 1413) @@ -245,8 +245,10 @@ static int debug_me; /* Debug flag. */ +static int system_is_w2000; /* True if running on W2000. */ + /* Try and connect to the system RNG if there's one present. */ static void @@ -643,6 +645,12 @@ { switch (dwType) { + /* ID 17 = SystemObjectInformation hangs on some win2k systems. */ + case 17: + if (system_is_w2000) + continue; + break; + /* Some information types are write-only (the IDs are shared with a set-information call), we skip these. */ case 26: case 27: case 38: case 46: case 47: case 48: case 52: @@ -768,6 +776,7 @@ GetVersionEx( &osvi ); if ( osvi.dwPlatformId != VER_PLATFORM_WIN32_NT) log_fatal ("can only run on a Windows NT platform\n" ); + system_is_w2000 = (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0); init_system_rng (); is_initialized = 1; } From cvs at cvs.gnupg.org Thu Dec 10 14:00:09 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 10 Dec 2009 14:00:09 +0100 Subject: [svn] GnuPG - r5223 - in branches/STABLE-BRANCH-2-0: . doc sm Message-ID: Author: wk Date: 2009-12-10 14:00:09 +0100 (Thu, 10 Dec 2009) New Revision: 5223 Modified: branches/STABLE-BRANCH-2-0/NEWS branches/STABLE-BRANCH-2-0/doc/gpgsm.texi branches/STABLE-BRANCH-2-0/sm/ChangeLog branches/STABLE-BRANCH-2-0/sm/certchain.c branches/STABLE-BRANCH-2-0/sm/gpgsm.c branches/STABLE-BRANCH-2-0/sm/gpgsm.h Log: Add option --ignore-cert-extension Modified: branches/STABLE-BRANCH-2-0/sm/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/sm/ChangeLog 2009-12-09 15:56:45 UTC (rev 5222) +++ branches/STABLE-BRANCH-2-0/sm/ChangeLog 2009-12-10 13:00:09 UTC (rev 5223) @@ -1,3 +1,9 @@ +2009-12-10 Werner Koch + + * gpgsm.c: Add option --ignore-cert-extension. + * gpgsm.h (opt): Add field IGNORED_CERT_EXTENSIONS. + * certchain.c (unknown_criticals): Handle ignored extensions, + 2009-12-03 Werner Koch From trunk: Modified: branches/STABLE-BRANCH-2-0/NEWS =================================================================== --- branches/STABLE-BRANCH-2-0/NEWS 2009-12-09 15:56:45 UTC (rev 5222) +++ branches/STABLE-BRANCH-2-0/NEWS 2009-12-10 13:00:09 UTC (rev 5223) @@ -9,9 +9,11 @@ * The GPGSM --audit-log feature is now more complete. - * Support DNS lookups for SRV, PKA and CERT on W32. + * GPG now supports DNS lookups for SRV, PKA and CERT on W32. + * New GPGSM option --ignore-cert-extension. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: branches/STABLE-BRANCH-2-0/doc/gpgsm.texi =================================================================== --- branches/STABLE-BRANCH-2-0/doc/gpgsm.texi 2009-12-09 15:56:45 UTC (rev 5222) +++ branches/STABLE-BRANCH-2-0/doc/gpgsm.texi 2009-12-10 13:00:09 UTC (rev 5223) @@ -446,8 +446,17 @@ the @file{trustlist.txt} or an attribute of the certificate requests it. However the standard model (shell) is in that case always tried first. + at item --ignore-cert-extension @var{oid} + at opindex ignore-cert-extension +Add @var{oid} to the list of ignored certificate extensions. The + at var{oid} is expected to be in dotted decimal form, like + at code{2.5.29.3}. This option may used more than once. Critical +flagged certificate extensions matching one of the OIDs in the list +are treated as if they are actually handled and thus the certificate +won't be rejected due to an unknown critical extension. Use this +option with care because extensions are usually flagged as critical +for a reason. - @end table @c ******************************************* Modified: branches/STABLE-BRANCH-2-0/sm/certchain.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/certchain.c 2009-12-09 15:56:45 UTC (rev 5222) +++ branches/STABLE-BRANCH-2-0/sm/certchain.c 2009-12-10 13:00:09 UTC (rev 5223) @@ -229,6 +229,8 @@ int rc = 0, i, idx, crit; const char *oid; gpg_error_t err; + int unsupported; + strlist_t sl; for (idx=0; !(err=ksba_cert_get_extension (cert, idx, &oid, &crit, NULL, NULL));idx++) @@ -237,8 +239,21 @@ continue; for (i=0; known[i] && strcmp (known[i],oid); i++) ; - if (!known[i]) + unsupported = !known[i]; + + /* If this critical extension is not supoported, check the list + of to be ignored extensions to se whether we claim that it is + supported. */ + if (unsupported && opt.ignored_cert_extensions) { + for (sl=opt.ignored_cert_extensions; + sl && strcmp (sl->d, oid); sl = sl->next) + ; + if (sl) + unsupported = 0; + } + if (unsupported) + { do_list (1, listmode, fp, _("critical certificate extension %s is not supported"), oid); Modified: branches/STABLE-BRANCH-2-0/sm/gpgsm.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2009-12-09 15:56:45 UTC (rev 5222) +++ branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2009-12-10 13:00:09 UTC (rev 5223) @@ -176,7 +176,8 @@ oDisablePubkeyAlgo, oIgnoreTimeConflict, oNoRandomSeedFile, - oNoCommonCertsImport + oNoCommonCertsImport, + oIgnoreCertExtension }; @@ -376,6 +377,7 @@ ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"), ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"), ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"), + ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"), /* Command aliases. */ ARGPARSE_c (aListKeys, "list-key", "@"), @@ -1381,6 +1383,10 @@ } break; + case oIgnoreCertExtension: + add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str); + break; + default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; break; Modified: branches/STABLE-BRANCH-2-0/sm/gpgsm.h =================================================================== --- branches/STABLE-BRANCH-2-0/sm/gpgsm.h 2009-12-09 15:56:45 UTC (rev 5222) +++ branches/STABLE-BRANCH-2-0/sm/gpgsm.h 2009-12-10 13:00:09 UTC (rev 5223) @@ -134,9 +134,14 @@ runtime. */ struct keyserver_spec *keyserver; + + /* A list of certificate extension OIDs which are ignored so that + one can claim that a critical extension has been handled. One + OID per string. */ + strlist_t ignored_cert_extensions; + } opt; - /* Debug values and macros. */ #define DBG_X509_VALUE 1 /* debug x.509 data reading/writing */ #define DBG_MPI_VALUE 2 /* debug mpi details */ From cvs at cvs.gnupg.org Thu Dec 10 14:00:30 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 10 Dec 2009 14:00:30 +0100 Subject: [svn] GnuPG - r5224 - in trunk: . doc sm Message-ID: Author: wk Date: 2009-12-10 14:00:30 +0100 (Thu, 10 Dec 2009) New Revision: 5224 Modified: trunk/NEWS trunk/doc/gpgsm.texi trunk/sm/ChangeLog trunk/sm/certchain.c trunk/sm/gpgsm.c trunk/sm/gpgsm.h Log: Add option --cert-extension. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2009-12-10 13:00:09 UTC (rev 5223) +++ trunk/sm/ChangeLog 2009-12-10 13:00:30 UTC (rev 5224) @@ -1,3 +1,9 @@ +2009-12-10 Werner Koch + + * gpgsm.c: Add option --ignore-cert-extension. + * gpgsm.h (opt): Add field IGNORED_CERT_EXTENSIONS. + * certchain.c (unknown_criticals): Handle ignored extensions, + 2009-12-08 Werner Koch * keydb.c (keydb_search_kid): Fix code even that it is not used. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-10 13:00:09 UTC (rev 5223) +++ trunk/NEWS 2009-12-10 13:00:30 UTC (rev 5224) @@ -16,7 +16,9 @@ * Support DNS lookups for SRV, PKA and CERT on W32. + * New GPGSM option --ignore-cert-extension. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: trunk/doc/gpgsm.texi =================================================================== --- trunk/doc/gpgsm.texi 2009-12-10 13:00:09 UTC (rev 5223) +++ trunk/doc/gpgsm.texi 2009-12-10 13:00:30 UTC (rev 5224) @@ -446,8 +446,17 @@ the @file{trustlist.txt} or an attribute of the certificate requests it. However the standard model (shell) is in that case always tried first. + at item --ignore-cert-extension @var{oid} + at opindex ignore-cert-extension +Add @var{oid} to the list of ignored certificate extensions. The + at var{oid} is expected to be in dotted decimal form, like + at code{2.5.29.3}. This option may used more than once. Critical +flagged certificate extensions matching one of the OIDs in the list +are treated as if they are actually handled and thus the certificate +won't be rejected due to an unknown critical extension. Use this +option with care because extensions are usually flagged as critical +for a reason. - @end table @c ******************************************* Modified: trunk/sm/certchain.c =================================================================== --- trunk/sm/certchain.c 2009-12-10 13:00:09 UTC (rev 5223) +++ trunk/sm/certchain.c 2009-12-10 13:00:30 UTC (rev 5224) @@ -229,6 +229,8 @@ int rc = 0, i, idx, crit; const char *oid; gpg_error_t err; + int unsupported; + strlist_t sl; for (idx=0; !(err=ksba_cert_get_extension (cert, idx, &oid, &crit, NULL, NULL));idx++) @@ -237,8 +239,21 @@ continue; for (i=0; known[i] && strcmp (known[i],oid); i++) ; - if (!known[i]) + unsupported = !known[i]; + + /* If this critical extension is not supoported, check the list + of to be ignored extensions to se whether we claim that it is + supported. */ + if (unsupported && opt.ignored_cert_extensions) { + for (sl=opt.ignored_cert_extensions; + sl && strcmp (sl->d, oid); sl = sl->next) + ; + if (sl) + unsupported = 0; + } + if (unsupported) + { do_list (1, listmode, fp, _("critical certificate extension %s is not supported"), oid); Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2009-12-10 13:00:09 UTC (rev 5223) +++ trunk/sm/gpgsm.c 2009-12-10 13:00:30 UTC (rev 5224) @@ -176,7 +176,8 @@ oDisablePubkeyAlgo, oIgnoreTimeConflict, oNoRandomSeedFile, - oNoCommonCertsImport + oNoCommonCertsImport, + oIgnoreCertExtension }; @@ -376,6 +377,7 @@ ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"), ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"), ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"), + ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"), /* Command aliases. */ ARGPARSE_c (aListKeys, "list-key", "@"), @@ -1391,6 +1393,10 @@ } break; + case oIgnoreCertExtension: + add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str); + break; + default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; break; Modified: trunk/sm/gpgsm.h =================================================================== --- trunk/sm/gpgsm.h 2009-12-10 13:00:09 UTC (rev 5223) +++ trunk/sm/gpgsm.h 2009-12-10 13:00:30 UTC (rev 5224) @@ -134,9 +134,14 @@ runtime. */ struct keyserver_spec *keyserver; + + /* A list of certificate extension OIDs which are ignored so that + one can claim that a critical extension has been handled. One + OID per string. */ + strlist_t ignored_cert_extensions; + } opt; - /* Debug values and macros. */ #define DBG_X509_VALUE 1 /* debug x.509 data reading/writing */ #define DBG_MPI_VALUE 2 /* debug mpi details */ From cvs at cvs.gnupg.org Thu Dec 10 17:51:26 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 10 Dec 2009 17:51:26 +0100 Subject: [svn] gcry - r1414 - in trunk: . cipher random tests Message-ID: Author: wk Date: 2009-12-10 17:51:25 +0100 (Thu, 10 Dec 2009) New Revision: 1414 Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/cipher.c trunk/random/ChangeLog trunk/random/rndw32.c trunk/tests/ChangeLog trunk/tests/basic.c trunk/tests/benchmark.c Log: Cleaned up the cipher encrypy/decrypt constraints checks. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2009-12-10 11:43:47 UTC (rev 1413) +++ trunk/cipher/ChangeLog 2009-12-10 16:51:25 UTC (rev 1414) @@ -1,3 +1,18 @@ +2009-12-10 Werner Koch + + * cipher.c (do_ctr_encrypt): Add arg OUTBUFLEN. Check for + suitable value. Add check for valid inputlen. Wipe temporary + memory. + (do_ctr_decrypt): Likewise. + (do_cbc_encrypt, do_cbc_decrypt): Add arg OUTBUFLEN. Check for + suitable value. Move check for valid inputlen to here; change + returned error from INV_ARG to INV_LENGTH. + (do_ecb_encrypt, do_ecb_decrypt): Ditto. + (do_cfb_encrypt, do_cfb_decrypt): Ditto. + (do_ofb_encrypt, do_ofb_decrypt): Ditto. + (cipher_encrypt, cipher_encrypt): Adjust for above changes. + (gcry_cipher_encrypt, gcry_cipher_decrypt): Simplify. + 2009-12-09 Werner Koch * cipher.c (gcry_cipher_open): Allow for GCRY_CIPHER_MODE_AESWRAP. Modified: trunk/random/ChangeLog =================================================================== --- trunk/random/ChangeLog 2009-12-10 11:43:47 UTC (rev 1413) +++ trunk/random/ChangeLog 2009-12-10 16:51:25 UTC (rev 1414) @@ -1,3 +1,10 @@ +2009-12-10 Werner Koch + + * rndw32.c (system_is_w2000): New. + (_gcry_rndw32_gather_random): Set it. + (slow_gatherer): Ignore SystemObjectInformation on W2000. Fixes + bug#1167. + 2009-07-09 Werner Koch * rndlinux.c (_gcry_rndlinux_gather_random): Print real values for Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2009-12-10 11:43:47 UTC (rev 1413) +++ trunk/tests/ChangeLog 2009-12-10 16:51:25 UTC (rev 1414) @@ -1,3 +1,9 @@ +2009-12-10 Werner Koch + + * basic.c (check_ctr_cipher): Add some return code checks. + + * benchmark.c (cipher_bench): Merge Stream with ECB column. + 2009-12-09 Werner Koch * aeswrap.c: New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-10 11:43:47 UTC (rev 1413) +++ trunk/NEWS 2009-12-10 16:51:25 UTC (rev 1414) @@ -3,6 +3,14 @@ * New cipher algorithm mode for AES-WRAP. + * Fix minor memory leak in DSA key generation. + + * No switch into FIPS mode if /proc/version is not readable. + + * Fix sigill during Padlock detection on old CPUs. + + * Fix a hang on some W2000 machines. + * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_CIPHER_MODE_AESWRAP NEW. Modified: trunk/cipher/cipher.c =================================================================== --- trunk/cipher/cipher.c 2009-12-10 11:43:47 UTC (rev 1413) +++ trunk/cipher/cipher.c 2009-12-10 16:51:25 UTC (rev 1414) @@ -1,6 +1,6 @@ /* cipher.c - cipher dispatcher * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 - * 2005, 2007, 2008 Free Software Foundation, Inc. + * 2005, 2007, 2008, 2009 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -937,48 +937,78 @@ } -static void -do_ecb_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf, - unsigned int nblocks ) + +static gcry_err_code_t +do_ecb_encrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { - unsigned int n; + unsigned int blocksize = c->cipher->blocksize; + unsigned int n, nblocks; + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + if ((inbuflen % blocksize)) + return GPG_ERR_INV_LENGTH; + + nblocks = inbuflen / c->cipher->blocksize; + for (n=0; n < nblocks; n++ ) { - c->cipher->encrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf ); - inbuf += c->cipher->blocksize; - outbuf += c->cipher->blocksize; + c->cipher->encrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf); + inbuf += blocksize; + outbuf += blocksize; } + return 0; } -static void -do_ecb_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf, - unsigned int nblocks ) +static gcry_err_code_t +do_ecb_decrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { - unsigned int n; + unsigned int blocksize = c->cipher->blocksize; + unsigned int n, nblocks; + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + if ((inbuflen % blocksize)) + return GPG_ERR_INV_LENGTH; + nblocks = inbuflen / c->cipher->blocksize; + for (n=0; n < nblocks; n++ ) { - c->cipher->decrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf ); - inbuf += c->cipher->blocksize; - outbuf += c->cipher->blocksize; + c->cipher->decrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf ); + inbuf += blocksize; + outbuf += blocksize; } + + return 0; } -static void -do_cbc_encrypt (gcry_cipher_hd_t c, unsigned char *outbuf, - const unsigned char *inbuf, unsigned int nbytes ) +static gcry_err_code_t +do_cbc_encrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { unsigned int n; unsigned char *ivp; int i; size_t blocksize = c->cipher->blocksize; - unsigned nblocks = nbytes / blocksize; + unsigned nblocks = inbuflen / blocksize; - if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) + if (outbuflen < ((c->flags & GCRY_CIPHER_CBC_MAC)? blocksize : inbuflen)) + return GPG_ERR_BUFFER_TOO_SHORT; + + if ((inbuflen % c->cipher->blocksize) + && !(inbuflen > c->cipher->blocksize + && (c->flags & GCRY_CIPHER_CBC_CTS))) + return GPG_ERR_INV_LENGTH; + + if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize) { - if ((nbytes % blocksize) == 0) + if ((inbuflen % blocksize) == 0) nblocks--; } @@ -1004,17 +1034,17 @@ } } - if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) + if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize) { /* We have to be careful here, since outbuf might be equal to inbuf. */ int restbytes; unsigned char b; - if ((nbytes % blocksize) == 0) + if ((inbuflen % blocksize) == 0) restbytes = blocksize; else - restbytes = nbytes % blocksize; + restbytes = inbuflen % blocksize; outbuf -= blocksize; for (ivp = c->u_iv.iv, i = 0; i < restbytes; i++) @@ -1029,23 +1059,34 @@ c->cipher->encrypt (&c->context.c, outbuf, outbuf); memcpy (c->u_iv.iv, outbuf, blocksize); } + + return 0; } -static void -do_cbc_decrypt (gcry_cipher_hd_t c, unsigned char *outbuf, - const unsigned char *inbuf, unsigned int nbytes) +static gcry_err_code_t +do_cbc_decrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { unsigned int n; unsigned char *ivp; int i; size_t blocksize = c->cipher->blocksize; - unsigned int nblocks = nbytes / blocksize; + unsigned int nblocks = inbuflen / blocksize; - if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + + if ((inbuflen % c->cipher->blocksize) + && !(inbuflen > c->cipher->blocksize + && (c->flags & GCRY_CIPHER_CBC_CTS))) + return GPG_ERR_INV_LENGTH; + + if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize) { nblocks--; - if ((nbytes % blocksize) == 0) + if ((inbuflen % blocksize) == 0) nblocks--; memcpy (c->lastiv, c->u_iv.iv, blocksize); } @@ -1073,14 +1114,14 @@ } } - if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) + if ((c->flags & GCRY_CIPHER_CBC_CTS) && inbuflen > blocksize) { int restbytes; - if ((nbytes % blocksize) == 0) + if ((inbuflen % blocksize) == 0) restbytes = blocksize; else - restbytes = nbytes % blocksize; + restbytes = inbuflen % blocksize; memcpy (c->lastiv, c->u_iv.iv, blocksize ); /* Save Cn-2. */ memcpy (c->u_iv.iv, inbuf + blocksize, restbytes ); /* Save Cn. */ @@ -1097,32 +1138,38 @@ outbuf[i] ^= *ivp++; /* c->lastiv is now really lastlastiv, does this matter? */ } + + return 0; } -static void -do_cfb_encrypt( gcry_cipher_hd_t c, unsigned char *outbuf, - const unsigned char *inbuf, unsigned int nbytes ) +static gcry_err_code_t +do_cfb_encrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { unsigned char *ivp; size_t blocksize = c->cipher->blocksize; size_t blocksize_x_2 = blocksize + blocksize; - if ( nbytes <= c->unused ) + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + + if ( inbuflen <= c->unused ) { /* Short enough to be encoded by the remaining XOR mask. */ /* XOR the input with the IV and store input into IV. */ for (ivp=c->u_iv.iv+c->cipher->blocksize - c->unused; - nbytes; - nbytes--, c->unused-- ) + inbuflen; + inbuflen--, c->unused-- ) *outbuf++ = (*ivp++ ^= *inbuf++); - return; + return 0; } if ( c->unused ) { /* XOR the input with the IV and store input into IV */ - nbytes -= c->unused; + inbuflen -= c->unused; for(ivp=c->u_iv.iv+blocksize - c->unused; c->unused; c->unused-- ) *outbuf++ = (*ivp++ ^= *inbuf++); } @@ -1130,17 +1177,17 @@ /* Now we can process complete blocks. We use a loop as long as we have at least 2 blocks and use conditions for the rest. This also allows to use a bulk encryption function if available. */ - if (nbytes >= blocksize_x_2 && c->bulk.cfb_enc) + if (inbuflen >= blocksize_x_2 && c->bulk.cfb_enc) { - unsigned int nblocks = nbytes / blocksize; + unsigned int nblocks = inbuflen / blocksize; c->bulk.cfb_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks); outbuf += nblocks * blocksize; inbuf += nblocks * blocksize; - nbytes -= nblocks * blocksize; + inbuflen -= nblocks * blocksize; } else { - while ( nbytes >= blocksize_x_2 ) + while ( inbuflen >= blocksize_x_2 ) { int i; /* Encrypt the IV. */ @@ -1148,11 +1195,11 @@ /* XOR the input with the IV and store input into IV. */ for(ivp=c->u_iv.iv,i=0; i < blocksize; i++ ) *outbuf++ = (*ivp++ ^= *inbuf++); - nbytes -= blocksize; + inbuflen -= blocksize; } } - if ( nbytes >= blocksize ) + if ( inbuflen >= blocksize ) { int i; /* Save the current IV and then encrypt the IV. */ @@ -1161,25 +1208,27 @@ /* XOR the input with the IV and store input into IV */ for(ivp=c->u_iv.iv,i=0; i < blocksize; i++ ) *outbuf++ = (*ivp++ ^= *inbuf++); - nbytes -= blocksize; + inbuflen -= blocksize; } - if ( nbytes ) + if ( inbuflen ) { /* Save the current IV and then encrypt the IV. */ memcpy( c->lastiv, c->u_iv.iv, blocksize ); c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); c->unused = blocksize; /* Apply the XOR. */ - c->unused -= nbytes; - for(ivp=c->u_iv.iv; nbytes; nbytes-- ) + c->unused -= inbuflen; + for(ivp=c->u_iv.iv; inbuflen; inbuflen-- ) *outbuf++ = (*ivp++ ^= *inbuf++); } + return 0; } -static void -do_cfb_decrypt( gcry_cipher_hd_t c, unsigned char *outbuf, - const unsigned char *inbuf, unsigned int nbytes ) +static gcry_err_code_t +do_cfb_decrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { unsigned char *ivp; unsigned long temp; @@ -1187,25 +1236,28 @@ size_t blocksize = c->cipher->blocksize; size_t blocksize_x_2 = blocksize + blocksize; - if (nbytes <= c->unused) + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + + if (inbuflen <= c->unused) { /* Short enough to be encoded by the remaining XOR mask. */ /* XOR the input with the IV and store input into IV. */ for (ivp=c->u_iv.iv+blocksize - c->unused; - nbytes; - nbytes--, c->unused--) + inbuflen; + inbuflen--, c->unused--) { temp = *inbuf++; *outbuf++ = *ivp ^ temp; *ivp++ = temp; } - return; + return 0; } if (c->unused) { /* XOR the input with the IV and store input into IV. */ - nbytes -= c->unused; + inbuflen -= c->unused; for (ivp=c->u_iv.iv+blocksize - c->unused; c->unused; c->unused-- ) { temp = *inbuf++; @@ -1217,17 +1269,17 @@ /* Now we can process complete blocks. We use a loop as long as we have at least 2 blocks and use conditions for the rest. This also allows to use a bulk encryption function if available. */ - if (nbytes >= blocksize_x_2 && c->bulk.cfb_dec) + if (inbuflen >= blocksize_x_2 && c->bulk.cfb_dec) { - unsigned int nblocks = nbytes / blocksize; + unsigned int nblocks = inbuflen / blocksize; c->bulk.cfb_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks); outbuf += nblocks * blocksize; inbuf += nblocks * blocksize; - nbytes -= nblocks * blocksize; + inbuflen -= nblocks * blocksize; } else { - while (nbytes >= blocksize_x_2 ) + while (inbuflen >= blocksize_x_2 ) { /* Encrypt the IV. */ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); @@ -1238,11 +1290,11 @@ *outbuf++ = *ivp ^ temp; *ivp++ = temp; } - nbytes -= blocksize; + inbuflen -= blocksize; } } - if (nbytes >= blocksize ) + if (inbuflen >= blocksize ) { /* Save the current IV and then encrypt the IV. */ memcpy ( c->lastiv, c->u_iv.iv, blocksize); @@ -1254,54 +1306,59 @@ *outbuf++ = *ivp ^ temp; *ivp++ = temp; } - nbytes -= blocksize; + inbuflen -= blocksize; } - if (nbytes) + if (inbuflen) { /* Save the current IV and then encrypt the IV. */ memcpy ( c->lastiv, c->u_iv.iv, blocksize ); c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); c->unused = blocksize; /* Apply the XOR. */ - c->unused -= nbytes; - for (ivp=c->u_iv.iv; nbytes; nbytes-- ) + c->unused -= inbuflen; + for (ivp=c->u_iv.iv; inbuflen; inbuflen-- ) { temp = *inbuf++; *outbuf++ = *ivp ^ temp; *ivp++ = temp; } } + return 0; } -static void -do_ofb_encrypt( gcry_cipher_hd_t c, - byte *outbuf, const byte *inbuf, unsigned nbytes ) +static gcry_err_code_t +do_ofb_encrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { - byte *ivp; + unsigned char *ivp; size_t blocksize = c->cipher->blocksize; - if ( nbytes <= c->unused ) + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + + if ( inbuflen <= c->unused ) { /* Short enough to be encoded by the remaining XOR mask. */ /* XOR the input with the IV */ for (ivp=c->u_iv.iv+c->cipher->blocksize - c->unused; - nbytes; - nbytes--, c->unused-- ) + inbuflen; + inbuflen--, c->unused-- ) *outbuf++ = (*ivp++ ^ *inbuf++); - return; + return 0; } if( c->unused ) { - nbytes -= c->unused; + inbuflen -= c->unused; for(ivp=c->u_iv.iv+blocksize - c->unused; c->unused; c->unused-- ) *outbuf++ = (*ivp++ ^ *inbuf++); } /* Now we can process complete blocks. */ - while ( nbytes >= blocksize ) + while ( inbuflen >= blocksize ) { int i; /* Encrypt the IV (and save the current one). */ @@ -1310,43 +1367,48 @@ for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ ) *outbuf++ = (*ivp++ ^ *inbuf++); - nbytes -= blocksize; + inbuflen -= blocksize; } - if ( nbytes ) + if ( inbuflen ) { /* process the remaining bytes */ memcpy( c->lastiv, c->u_iv.iv, blocksize ); c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); c->unused = blocksize; - c->unused -= nbytes; - for(ivp=c->u_iv.iv; nbytes; nbytes-- ) + c->unused -= inbuflen; + for(ivp=c->u_iv.iv; inbuflen; inbuflen-- ) *outbuf++ = (*ivp++ ^ *inbuf++); } + return 0; } -static void -do_ofb_decrypt( gcry_cipher_hd_t c, - byte *outbuf, const byte *inbuf, unsigned int nbytes ) +static gcry_err_code_t +do_ofb_decrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { - byte *ivp; + unsigned char *ivp; size_t blocksize = c->cipher->blocksize; - if( nbytes <= c->unused ) + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + + if( inbuflen <= c->unused ) { /* Short enough to be encoded by the remaining XOR mask. */ - for (ivp=c->u_iv.iv+blocksize - c->unused; nbytes; nbytes--,c->unused--) + for (ivp=c->u_iv.iv+blocksize - c->unused; inbuflen; inbuflen--,c->unused--) *outbuf++ = *ivp++ ^ *inbuf++; - return; + return 0; } if ( c->unused ) { - nbytes -= c->unused; + inbuflen -= c->unused; for (ivp=c->u_iv.iv+blocksize - c->unused; c->unused; c->unused-- ) *outbuf++ = *ivp++ ^ *inbuf++; } /* Now we can process complete blocks. */ - while ( nbytes >= blocksize ) + while ( inbuflen >= blocksize ) { int i; /* Encrypt the IV (and save the current one). */ @@ -1354,36 +1416,45 @@ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ ) *outbuf++ = *ivp++ ^ *inbuf++; - nbytes -= blocksize; + inbuflen -= blocksize; } - if ( nbytes ) + if ( inbuflen ) { /* Process the remaining bytes. */ /* Encrypt the IV (and save the current one). */ memcpy( c->lastiv, c->u_iv.iv, blocksize ); c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv ); c->unused = blocksize; - c->unused -= nbytes; - for (ivp=c->u_iv.iv; nbytes; nbytes-- ) + c->unused -= inbuflen; + for (ivp=c->u_iv.iv; inbuflen; inbuflen-- ) *outbuf++ = *ivp++ ^ *inbuf++; } + return 0; } -static void -do_ctr_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf, - unsigned int nbytes ) +static gcry_err_code_t +do_ctr_encrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { unsigned int n; - byte tmp[MAX_BLOCKSIZE]; + unsigned char tmp[MAX_BLOCKSIZE]; int i; + unsigned int blocksize = c->cipher->blocksize; - for(n=0; n < nbytes; n++) + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + + if ((inbuflen % blocksize)) + return GPG_ERR_INV_LENGTH; + + for (n=0; n < inbuflen; n++) { - if ((n % c->cipher->blocksize) == 0) + if ((n % blocksize) == 0) { c->cipher->encrypt (&c->context.c, tmp, c->ctr); - for (i = c->cipher->blocksize; i > 0; i--) + for (i = blocksize; i > 0; i--) { c->ctr[i-1]++; if (c->ctr[i-1] != 0) @@ -1391,16 +1462,20 @@ } } - /* XOR input with encrypted counter and store in output. */ - outbuf[n] = inbuf[n] ^ tmp[n % c->cipher->blocksize]; + /* XOR input with encrypted counter and store in output. */ + outbuf[n] = inbuf[n] ^ tmp[n % blocksize]; } + + wipememory (tmp, sizeof tmp); + return 0; } -static void -do_ctr_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf, - unsigned int nbytes ) +static gcry_err_code_t +do_ctr_decrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, unsigned int outbuflen, + const unsigned char *inbuf, unsigned int inbuflen) { - do_ctr_encrypt (c, outbuf, inbuf, nbytes); + return do_ctr_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); } @@ -1578,45 +1653,38 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, const byte *inbuf, unsigned int inbuflen) { - gcry_err_code_t rc = 0; + gcry_err_code_t rc; switch (c->mode) { case GCRY_CIPHER_MODE_ECB: - if (!(inbuflen % c->cipher->blocksize)) - do_ecb_encrypt(c, outbuf, inbuf, inbuflen/c->cipher->blocksize ); - else - rc = GPG_ERR_INV_ARG; + rc = do_ecb_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_CBC: - if (!(inbuflen % c->cipher->blocksize) - || (inbuflen > c->cipher->blocksize - && (c->flags & GCRY_CIPHER_CBC_CTS))) - do_cbc_encrypt(c, outbuf, inbuf, inbuflen ); - else - rc = GPG_ERR_INV_ARG; + rc = do_cbc_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_CFB: - do_cfb_encrypt(c, outbuf, inbuf, inbuflen ); + rc = do_cfb_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_OFB: - do_ofb_encrypt(c, outbuf, inbuf, inbuflen ); + rc = do_ofb_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_CTR: - do_ctr_encrypt(c, outbuf, inbuf, inbuflen ); + rc = do_ctr_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_AESWRAP: - rc = do_aeswrap_encrypt (c, outbuf, outbuflen, inbuf, inbuflen ); + rc = do_aeswrap_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_STREAM: c->cipher->stencrypt (&c->context.c, - outbuf, (byte*)/*arggg*/inbuf, inbuflen ); + outbuf, (byte*)/*arggg*/inbuf, inbuflen); + rc = 0; break; case GCRY_CIPHER_MODE_NONE: @@ -1627,8 +1695,9 @@ } else { - if ( inbuf != outbuf ) + if (inbuf != outbuf) memmove (outbuf, inbuf, inbuflen); + rc = 0; } break; @@ -1652,20 +1721,8 @@ { gcry_err_code_t err; - if (!in) - { - /* Caller requested in-place encryption. */ - err = cipher_encrypt (h, out, outsize, out, outsize); - } - else if (outsize < ((h->flags & GCRY_CIPHER_CBC_MAC) ? - h->cipher->blocksize : inlen)) - err = GPG_ERR_BUFFER_TOO_SHORT; - else if ((h->mode == GCRY_CIPHER_MODE_ECB - || (h->mode == GCRY_CIPHER_MODE_CBC - && (! ((h->flags & GCRY_CIPHER_CBC_CTS) - && (inlen > h->cipher->blocksize))))) - && (inlen % h->cipher->blocksize)) - err = GPG_ERR_INV_ARG; + if (!in) /* Caller requested in-place encryption. */ + err = cipher_encrypt (h, out, outsize, out, outsize); else err = cipher_encrypt (h, out, outsize, in, inlen); @@ -1682,51 +1739,44 @@ /**************** * Decrypt INBUF to OUTBUF with the mode selected at open. * inbuf and outbuf may overlap or be the same. - * Depending on the mode some some contraints apply to NBYTES. + * Depending on the mode some some contraints apply to INBUFLEN. */ static gcry_err_code_t cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, const byte *inbuf, unsigned int inbuflen) { - gcry_err_code_t rc = 0; + gcry_err_code_t rc; switch (c->mode) { case GCRY_CIPHER_MODE_ECB: - if (!(inbuflen % c->cipher->blocksize)) - do_ecb_decrypt (c, outbuf, inbuf, inbuflen/c->cipher->blocksize ); - else - rc = GPG_ERR_INV_ARG; + rc = do_ecb_decrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_CBC: - if (!(inbuflen % c->cipher->blocksize) - || (inbuflen > c->cipher->blocksize - && (c->flags & GCRY_CIPHER_CBC_CTS))) - do_cbc_decrypt (c, outbuf, inbuf, inbuflen ); - else - rc = GPG_ERR_INV_ARG; + rc = do_cbc_decrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_CFB: - do_cfb_decrypt (c, outbuf, inbuf, inbuflen ); + rc = do_cfb_decrypt (c, outbuf, outbuflen, inbuf, inbuflen); + break; - break; case GCRY_CIPHER_MODE_OFB: - do_ofb_decrypt (c, outbuf, inbuf, inbuflen ); + rc = do_ofb_decrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_CTR: - do_ctr_decrypt (c, outbuf, inbuf, inbuflen ); + rc = do_ctr_decrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_AESWRAP: - rc = do_aeswrap_decrypt (c, outbuf, outbuflen, inbuf, inbuflen ); + rc = do_aeswrap_decrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_STREAM: c->cipher->stdecrypt (&c->context.c, - outbuf, (byte*)/*arggg*/inbuf, inbuflen ); + outbuf, (byte*)/*arggg*/inbuf, inbuflen); + rc = 0; break; case GCRY_CIPHER_MODE_NONE: @@ -1739,6 +1789,7 @@ { if (inbuf != outbuf) memmove (outbuf, inbuf, inbuflen); + rc = 0; } break; @@ -1756,26 +1807,10 @@ gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize, const void *in, size_t inlen) { - gcry_err_code_t err = 0; + gcry_err_code_t err; - if (!in) - { - /* Caller requested in-place encryption. */ - err = cipher_decrypt (h, out, outsize, out, outsize); - } - else if (outsize < inlen && h->mode != GCRY_CIPHER_MODE_AESWRAP) - { - /* Note that do_aeswrap_decrypt does its own length checking. - Fixme: we should move all buffer length checkings to teh - actual decryption functions. */ - err = GPG_ERR_BUFFER_TOO_SHORT; - } - else if (((h->mode == GCRY_CIPHER_MODE_ECB) - || ((h->mode == GCRY_CIPHER_MODE_CBC) - && (! ((h->flags & GCRY_CIPHER_CBC_CTS) - && (inlen > h->cipher->blocksize))))) - && (inlen % h->cipher->blocksize) != 0) - err = GPG_ERR_INV_ARG; + if (!in) /* Caller requested in-place encryption. */ + err = cipher_decrypt (h, out, outsize, out, outsize); else err = cipher_decrypt (h, out, outsize, in, inlen); Modified: trunk/random/rndw32.c =================================================================== --- trunk/random/rndw32.c 2009-12-10 11:43:47 UTC (rev 1413) +++ trunk/random/rndw32.c 2009-12-10 16:51:25 UTC (rev 1414) @@ -245,8 +245,10 @@ static int debug_me; /* Debug flag. */ +static int system_is_w2000; /* True if running on W2000. */ + /* Try and connect to the system RNG if there's one present. */ static void @@ -643,6 +645,12 @@ { switch (dwType) { + /* ID 17 = SystemObjectInformation hangs on some win2k systems. */ + case 17: + if (system_is_w2000) + continue; + break; + /* Some information types are write-only (the IDs are shared with a set-information call), we skip these. */ case 26: case 27: case 38: case 46: case 47: case 48: case 52: @@ -768,6 +776,7 @@ GetVersionEx( &osvi ); if ( osvi.dwPlatformId != VER_PLATFORM_WIN32_NT) log_fatal ("can only run on a Windows NT platform\n" ); + system_is_w2000 = (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0); init_system_rng (); is_initialized = 1; } Modified: trunk/tests/basic.c =================================================================== --- trunk/tests/basic.c 2009-12-10 11:43:47 UTC (rev 1413) +++ trunk/tests/basic.c 2009-12-10 16:51:25 UTC (rev 1414) @@ -1,5 +1,6 @@ /* basic.c - basic regression tests - * Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2003, 2005, 2008, + * 2009 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -459,7 +460,7 @@ } if (verbose) - fprintf (stderr, " checking CTR mode for for %s [%i]\n", + fprintf (stderr, " checking CTR mode for %s [%i]\n", gcry_cipher_algo_name (tv[i].algo), tv[i].algo); for (j = 0; tv[i].data[j].inlen; j++) @@ -493,8 +494,82 @@ if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) fail ("aes-ctr, decrypt mismatch entry %d:%d\n", i, j); - } + } + + /* Now check that we get valid return codes back for good and + bad inputs. */ + err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, + "1234567890123456", 16); + if (err) + fail ("aes-ctr, encryption failed for valid input"); + + err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, + "1234567890123456", 15); + if (gpg_err_code (err) != GPG_ERR_INV_LENGTH) + fail ("aes-ctr, too short input returned wrong error: %s\n", + gpg_strerror (err)); + + err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, + "12345678901234567", 17); + if (gpg_err_code (err) != GPG_ERR_INV_LENGTH) + fail ("aes-ctr, too long input returned wrong error: %s\n", + gpg_strerror (err)); + + err = gcry_cipher_encrypt (hde, out, 15, + "1234567890123456", 16); + if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) + fail ("aes-ctr, too short output buffer returned wrong error: %s\n", + gpg_strerror (err)); + + err = gcry_cipher_encrypt (hde, out, 0, + "1234567890123456", 16); + if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) + fail ("aes-ctr, 0 length output buffer returned wrong error: %s\n", + gpg_strerror (err)); + + err = gcry_cipher_encrypt (hde, out, 16, + "1234567890123456", 16); + if (err) + fail ("aes-ctr, correct length output buffer returned error: %s\n", + gpg_strerror (err)); + + /* Again, now for decryption. */ + err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN, + "1234567890123456", 16); + if (err) + fail ("aes-ctr, decryption failed for valid input"); + + err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN, + "1234567890123456", 15); + if (gpg_err_code (err) != GPG_ERR_INV_LENGTH) + fail ("aes-ctr, too short input returned wrong error: %s\n", + gpg_strerror (err)); + + err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN, + "12345678901234567", 17); + if (gpg_err_code (err) != GPG_ERR_INV_LENGTH) + fail ("aes-ctr, too long input returned wrong error: %s\n", + gpg_strerror (err)); + + err = gcry_cipher_decrypt (hde, out, 15, + "1234567890123456", 16); + if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) + fail ("aes-ctr, too short output buffer returned wrong error: %s\n", + gpg_strerror (err)); + + err = gcry_cipher_decrypt (hde, out, 0, + "1234567890123456", 16); + if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) + fail ("aes-ctr, 0 length output buffer returned wrong error: %s\n", + gpg_strerror (err)); + + err = gcry_cipher_decrypt (hde, out, 16, + "1234567890123456", 16); + if (err) + fail ("aes-ctr, correct length output buffer returned error: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hde); gcry_cipher_close (hdd); } Modified: trunk/tests/benchmark.c =================================================================== --- trunk/tests/benchmark.c 2009-12-10 11:43:47 UTC (rev 1413) +++ trunk/tests/benchmark.c 2009-12-10 16:51:25 UTC (rev 1414) @@ -460,12 +460,12 @@ size_t allocated_buflen, buflen; int repetitions; static struct { int mode; const char *name; int blocked; } modes[] = { - { GCRY_CIPHER_MODE_ECB, " ECB", 1 }, + { GCRY_CIPHER_MODE_ECB, " ECB/Stream", 1 }, { GCRY_CIPHER_MODE_CBC, " CBC", 1 }, { GCRY_CIPHER_MODE_CFB, " CFB", 0 }, { GCRY_CIPHER_MODE_OFB, " OFB", 0 }, { GCRY_CIPHER_MODE_CTR, " CTR", 0 }, - { GCRY_CIPHER_MODE_STREAM, " STREAM", 0 }, + { GCRY_CIPHER_MODE_STREAM, "", 0 }, {0} }; int modeidx; @@ -501,11 +501,13 @@ printf ("Running each test %d times.\n", cipher_repetitions); printf ("%-12s", ""); for (modeidx=0; modes[modeidx].mode; modeidx++) - printf (" %-15s", modes[modeidx].name ); + if (*modes[modeidx].name) + printf (" %-15s", modes[modeidx].name ); putchar ('\n'); printf ("%-12s", ""); for (modeidx=0; modes[modeidx].mode; modeidx++) - printf (" ---------------" ); + if (*modes[modeidx].name) + printf (" ---------------" ); putchar ('\n'); header_printed = 1; } @@ -548,10 +550,7 @@ { if ((blklen > 1 && modes[modeidx].mode == GCRY_CIPHER_MODE_STREAM) | (blklen == 1 && modes[modeidx].mode != GCRY_CIPHER_MODE_STREAM)) - { - printf (" " ); - continue; - } + continue; for (i=0; i < sizeof buf; i++) buf[i] = i; From cvs at cvs.gnupg.org Thu Dec 10 18:27:55 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 10 Dec 2009 18:27:55 +0100 Subject: [svn] gcry - r1415 - in trunk: . cipher Message-ID: Author: wk Date: 2009-12-10 18:27:55 +0100 (Thu, 10 Dec 2009) New Revision: 1415 Modified: trunk/ChangeLog trunk/README trunk/cipher/ChangeLog trunk/cipher/Makefile.am trunk/configure.ac Log: Add option --disable-O-flag-munging. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2009-12-10 16:51:25 UTC (rev 1414) +++ trunk/ChangeLog 2009-12-10 17:27:55 UTC (rev 1415) @@ -1,3 +1,7 @@ +2009-12-10 Werner Koch + + * configure.ac: Add option --disable-O-flag-munging. + 2009-12-08 Marcus Brinkmann Update to libtool 2.2.6a. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2009-12-10 16:51:25 UTC (rev 1414) +++ trunk/cipher/ChangeLog 2009-12-10 17:27:55 UTC (rev 1415) @@ -1,5 +1,8 @@ 2009-12-10 Werner Koch + * Makefile.am (o_flag_munging): New. + (tiger.o, tiger.lo): Use it. + * cipher.c (do_ctr_encrypt): Add arg OUTBUFLEN. Check for suitable value. Add check for valid inputlen. Wipe temporary memory. Modified: trunk/README =================================================================== --- trunk/README 2009-12-10 16:51:25 UTC (rev 1414) +++ trunk/README 2009-12-10 17:27:55 UTC (rev 1415) @@ -170,7 +170,19 @@ available. Try this if you get problems with assembler code. + --disable-O-flag-munging + Some code is too complex for some compilers while + in higher optimization modes, thus the compiler + invocation is modified to use a lower + optimization level. Usually this works very well + but on some platforms these rules break the + invocation. This option may be used to disable + the feature under the assumption that either good + CFLAGS are given or the compiler can grok the code. + + + Build Problems -------------- Modified: trunk/cipher/Makefile.am =================================================================== --- trunk/cipher/Makefile.am 2009-12-10 16:51:25 UTC (rev 1414) +++ trunk/cipher/Makefile.am 2009-12-10 17:27:55 UTC (rev 1415) @@ -67,10 +67,16 @@ rfc2268.c \ camellia.c camellia.h camellia-glue.c +if ENABLE_O_FLAG_MUNGING +o_flag_munging = sed -e 's/-O[2-9s]*/-O1/g' +else +o_flag_munging = cat +endif + # We need to lower the optimization for this module. tiger.o: $(srcdir)/tiger.c - `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' ` + `echo $(COMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) ` tiger.lo: $(srcdir)/tiger.c - `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' ` + `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) ` Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2009-12-10 16:51:25 UTC (rev 1414) +++ trunk/configure.ac 2009-12-10 17:27:55 UTC (rev 1415) @@ -477,8 +477,18 @@ [Enable support for the PadLock engine.]) fi +# Implementation of the --disable-O-flag-munging switch. +AC_MSG_CHECKING([whether a -O flag munging is requested]) +AC_ARG_ENABLE([O-flag-munging], + AC_HELP_STRING([--disable-O-flag-munging], + [Disable modification of the cc -O flag]), + [enable_o_flag_munging=$enableval], + [enable_o_flag_munging=yes]) +AC_MSG_RESULT($enable_o_flag_munging) +AM_CONDITIONAL(ENABLE_O_FLAG_MUNGING, test "$enable_o_flag_munging" = "yes") + AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME", [A human readable text with the name of the OS]) @@ -506,6 +516,7 @@ AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, "$NAME_OF_DEV_URANDOM", [defined to the name of the weaker random device]) + ############################### #### Checks for libraries. #### ############################### From cvs at cvs.gnupg.org Fri Dec 11 17:32:05 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 11 Dec 2009 17:32:05 +0100 Subject: [svn] gcry - r1416 - in trunk: . cipher tests Message-ID: Author: wk Date: 2009-12-11 17:32:04 +0100 (Fri, 11 Dec 2009) New Revision: 1416 Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/sha256.c trunk/cipher/sha512.c trunk/tests/benchmark.c Log: Boost performance of SHA-512 and SHA-256. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2009-12-10 17:27:55 UTC (rev 1415) +++ trunk/cipher/ChangeLog 2009-12-11 16:32:04 UTC (rev 1416) @@ -1,3 +1,14 @@ +2009-12-11 Werner Koch + + * sha256.c (Cho, Maj, Sum0, Sum1): Turn macros into inline + functions. + (transform): Partly unroll to interweave the chain variables + + * sha512.c (ROTR, Ch, Maj, Sum0, Sum1): Turn macros into inline + functions. + (transform): Partly Unroll to interweave the chain variables. + Suggested by Christian Grothoff. + 2009-12-10 Werner Koch * Makefile.am (o_flag_munging): New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-10 17:27:55 UTC (rev 1415) +++ trunk/NEWS 2009-12-11 16:32:04 UTC (rev 1416) @@ -11,6 +11,9 @@ * Fix a hang on some W2000 machines. + * Boost SHA-512 performance by 30% on ia32 boxes and gcc 4.3; SHA-256 + goes up by 25%. + * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_CIPHER_MODE_AESWRAP NEW. Modified: trunk/cipher/sha256.c =================================================================== --- trunk/cipher/sha256.c 2009-12-10 17:27:55 UTC (rev 1415) +++ trunk/cipher/sha256.c 2009-12-11 16:32:04 UTC (rev 1416) @@ -94,10 +94,6 @@ /* Transform the message X which consists of 16 32-bit-words. See FIPS 180-2 for details. */ -#define Cho(x,y,z) (z ^ (x & (y ^ z))) /* (4.2) same as SHA-1's F1 */ -#define Maj(x,y,z) ((x & y) | (z & (x|y))) /* (4.3) same as SHA-1's F3 */ -#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22)) /* (4.4) */ -#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25)) /* (4.5) */ #define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */ #define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */ #define R(a,b,c,d,e,f,g,h,k,w) do \ @@ -113,6 +109,35 @@ b = a; \ a = t1 + t2; \ } while (0) + +/* (4.2) same as SHA-1's F1. */ +static inline u32 +Cho (u32 x, u32 y, u32 z) +{ + return (z ^ (x & (y ^ z))); +} + +/* (4.3) same as SHA-1's F3 */ +static inline u32 +Maj (u32 x, u32 y, u32 z) +{ + return ((x & y) | (z & (x|y))); +} + +/* (4.4) */ +static inline u32 +Sum0 (u32 x) +{ + return (ror (x, 2) ^ ror (x, 13) ^ ror (x, 22)); +} + +/* (4.5) */ +static inline u32 +Sum1 (u32 x) +{ + return (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25)); +} + static void transform (SHA256_CONTEXT *hd, const unsigned char *data) @@ -171,9 +196,56 @@ for (; i < 64; i++) w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16]; - for (i=0; i < 64; i++) - R(a,b,c,d,e,f,g,h,K[i],w[i]); + for (i=0; i < 64;) + { +#if 0 + R(a,b,c,d,e,f,g,h,K[i],w[i]); + i++; +#else + t1 = h + Sum1 (e) + Cho (e, f, g) + K[i] + w[i]; + t2 = Sum0 (a) + Maj (a, b, c); + d += t1; + h = t1 + t2; + t1 = g + Sum1 (d) + Cho (d, e, f) + K[i+1] + w[i+1]; + t2 = Sum0 (h) + Maj (h, a, b); + c += t1; + g = t1 + t2; + + t1 = f + Sum1 (c) + Cho (c, d, e) + K[i+2] + w[i+2]; + t2 = Sum0 (g) + Maj (g, h, a); + b += t1; + f = t1 + t2; + + t1 = e + Sum1 (b) + Cho (b, c, d) + K[i+3] + w[i+3]; + t2 = Sum0 (f) + Maj (f, g, h); + a += t1; + e = t1 + t2; + + t1 = d + Sum1 (a) + Cho (a, b, c) + K[i+4] + w[i+4]; + t2 = Sum0 (e) + Maj (e, f, g); + h += t1; + d = t1 + t2; + + t1 = c + Sum1 (h) + Cho (h, a, b) + K[i+5] + w[i+5]; + t2 = Sum0 (d) + Maj (d, e, f); + g += t1; + c = t1 + t2; + + t1 = b + Sum1 (g) + Cho (g, h, a) + K[i+6] + w[i+6]; + t2 = Sum0 (c) + Maj (c, d, e); + f += t1; + b = t1 + t2; + + t1 = a + Sum1 (f) + Cho (f, g, h) + K[i+7] + w[i+7]; + t2 = Sum0 (b) + Maj (b, c, d); + e += t1; + a = t1 + t2; + + i += 8; +#endif + } + hd->h0 += a; hd->h1 += b; hd->h2 += c; @@ -183,10 +255,6 @@ hd->h6 += g; hd->h7 += h; } -#undef Cho -#undef Maj -#undef Sum0 -#undef Sum1 #undef S0 #undef S1 #undef R Modified: trunk/cipher/sha512.c =================================================================== --- trunk/cipher/sha512.c 2009-12-10 17:27:55 UTC (rev 1415) +++ trunk/cipher/sha512.c 2009-12-11 16:32:04 UTC (rev 1416) @@ -98,6 +98,36 @@ } +static inline u64 +ROTR (u64 x, u64 n) +{ + return ((x >> n) | (x << (64 - n))); +} + +static inline u64 +Ch (u64 x, u64 y, u64 z) +{ + return ((x & y) ^ ( ~x & z)); +} + +static inline u64 +Maj (u64 x, u64 y, u64 z) +{ + return ((x & y) ^ (x & z) ^ (y & z)); +} + +static inline u64 +Sum0 (u64 x) +{ + return (ROTR (x, 28) ^ ROTR (x, 34) ^ ROTR (x, 39)); +} + +static inline u64 +Sum1 (u64 x) +{ + return (ROTR (x, 14) ^ ROTR (x, 18) ^ ROTR (x, 41)); +} + /**************** * Transform the message W which consists of 16 64-bit-words */ @@ -182,21 +212,26 @@ } #endif -#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n)))) -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) #define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) #define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) for (t = 16; t < 80; t++) w[t] = S1 (w[t - 2]) + w[t - 7] + S0 (w[t - 15]) + w[t - 16]; - for (t = 0; t < 80; t++) + + for (t = 0; t < 80; ) { u64 t1, t2; + /* Performance on a AMD Athlon(tm) Dual Core Processor 4050e + with gcc 4.3.3 using gcry_md_hash_buffer of each 10000 bytes + initialized to 0,1,2,3...255,0,... and 1000 iterations: + + Not unrolled with macros: 440ms + Unrolled with macros: 350ms + Unrolled with inline: 330ms + */ +#if 0 /* Not unrolled. */ t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t]; t2 = Sum0 (a) + Maj (a, b, c); h = g; @@ -207,12 +242,53 @@ c = b; b = a; a = t1 + t2; + t++; +#else /* Unrolled to interweave the chain variables. */ + t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t]; + t2 = Sum0 (a) + Maj (a, b, c); + d += t1; + h = t1 + t2; - /* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX " - "e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */ + t1 = g + Sum1 (d) + Ch (d, e, f) + k[t+1] + w[t+1]; + t2 = Sum0 (h) + Maj (h, a, b); + c += t1; + g = t1 + t2; + + t1 = f + Sum1 (c) + Ch (c, d, e) + k[t+2] + w[t+2]; + t2 = Sum0 (g) + Maj (g, h, a); + b += t1; + f = t1 + t2; + + t1 = e + Sum1 (b) + Ch (b, c, d) + k[t+3] + w[t+3]; + t2 = Sum0 (f) + Maj (f, g, h); + a += t1; + e = t1 + t2; + + t1 = d + Sum1 (a) + Ch (a, b, c) + k[t+4] + w[t+4]; + t2 = Sum0 (e) + Maj (e, f, g); + h += t1; + d = t1 + t2; + + t1 = c + Sum1 (h) + Ch (h, a, b) + k[t+5] + w[t+5]; + t2 = Sum0 (d) + Maj (d, e, f); + g += t1; + c = t1 + t2; + + t1 = b + Sum1 (g) + Ch (g, h, a) + k[t+6] + w[t+6]; + t2 = Sum0 (c) + Maj (c, d, e); + f += t1; + b = t1 + t2; + + t1 = a + Sum1 (f) + Ch (f, g, h) + k[t+7] + w[t+7]; + t2 = Sum0 (b) + Maj (b, c, d); + e += t1; + a = t1 + t2; + + t += 8; +#endif } - /* update chaining vars */ + /* Update chaining vars. */ hd->h0 += a; hd->h1 += b; hd->h2 += c; Modified: trunk/tests/benchmark.c =================================================================== --- trunk/tests/benchmark.c 2009-12-10 17:27:55 UTC (rev 1415) +++ trunk/tests/benchmark.c 2009-12-11 16:32:04 UTC (rev 1416) @@ -47,6 +47,9 @@ /* Number of cipher repetitions. */ static int cipher_repetitions; +/* Number of hash repetitions. */ +static int hash_repetitions; + /* Whether fips mode was active at startup. */ static int in_fips_mode; @@ -387,8 +390,10 @@ { int algo; gcry_md_hd_t hd; - int i; + int i, repcount; char buf[1000]; + char *largebuf; + char digest[512/8]; gcry_error_t err = GPG_ERR_NO_ERROR; if (!algoname) @@ -421,30 +426,57 @@ printf ("%-12s", gcry_md_algo_name (algo)); start_timer (); - for (i=0; i < 1000; i++) - gcry_md_write (hd, buf, sizeof buf); + for (repcount=0; repcount < hash_repetitions; repcount++) + for (i=0; i < 1000; i++) + gcry_md_write (hd, buf, sizeof buf); gcry_md_final (hd); stop_timer (); printf (" %s", elapsed_time ()); + fflush (stdout); gcry_md_reset (hd); start_timer (); - for (i=0; i < 10000; i++) - gcry_md_write (hd, buf, sizeof buf/10); + for (repcount=0; repcount < hash_repetitions; repcount++) + for (i=0; i < 10000; i++) + gcry_md_write (hd, buf, sizeof buf/10); gcry_md_final (hd); stop_timer (); printf (" %s", elapsed_time ()); + fflush (stdout); gcry_md_reset (hd); start_timer (); - for (i=0; i < 1000000; i++) - gcry_md_write (hd, "", 1); + for (repcount=0; repcount < hash_repetitions; repcount++) + for (i=0; i < 1000000; i++) + gcry_md_write (hd, "", 1); gcry_md_final (hd); stop_timer (); printf (" %s", elapsed_time ()); + fflush (stdout); gcry_md_close (hd); + + /* Now 100 hash operations on 10000 bytes using the fast function. + We initialize the buffer so that all memory pages are committed + and we have repeatable values. */ + if (gcry_md_get_algo_dlen (algo) > sizeof digest) + die ("digest buffer too short\n"); + + largebuf = malloc (10000); + if (!largebuf) + die ("out of core\n"); + for (i=0; i < 10000; i++) + largebuf[i] = i; + start_timer (); + for (repcount=0; repcount < hash_repetitions; repcount++) + for (i=0; i < 100; i++) + gcry_md_hash_buffer (algo, digest, largebuf, 10000); + stop_timer (); + printf (" %s", elapsed_time ()); + free (largebuf); + putchar ('\n'); + fflush (stdout); } static void @@ -1053,7 +1085,7 @@ large_buffers = 1; argc--; argv++; } - else if (!strcmp (*argv, "--cipher-repetition")) + else if (!strcmp (*argv, "--cipher-repetitions")) { argc--; argv++; if (argc) @@ -1062,6 +1094,15 @@ argc--; argv++; } } + else if (!strcmp (*argv, "--hash-repetitions")) + { + argc--; argv++; + if (argc) + { + hash_repetitions = atoi(*argv); + argc--; argv++; + } + } else if (!strcmp (*argv, "--fips")) { argc--; argv++; @@ -1096,10 +1137,10 @@ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); - - if (cipher_repetitions < 1) cipher_repetitions = 1; + if (hash_repetitions < 1) + hash_repetitions = 1; if ( !argc ) { From cvs at cvs.gnupg.org Fri Dec 11 18:05:20 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 11 Dec 2009 18:05:20 +0100 Subject: [svn] gcry - r1417 - in branches/LIBGCRYPT-1-4-BRANCH: . cipher Message-ID: Author: wk Date: 2009-12-11 18:05:20 +0100 (Fri, 11 Dec 2009) New Revision: 1417 Modified: branches/LIBGCRYPT-1-4-BRANCH/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/NEWS branches/LIBGCRYPT-1-4-BRANCH/README branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/cipher/Makefile.am branches/LIBGCRYPT-1-4-BRANCH/cipher/sha256.c branches/LIBGCRYPT-1-4-BRANCH/cipher/sha512.c branches/LIBGCRYPT-1-4-BRANCH/configure.ac Log: Backported some chnages from trunk. Modified: branches/LIBGCRYPT-1-4-BRANCH/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/ChangeLog 2009-12-11 16:32:04 UTC (rev 1416) +++ branches/LIBGCRYPT-1-4-BRANCH/ChangeLog 2009-12-11 17:05:20 UTC (rev 1417) @@ -1,3 +1,11 @@ +2009-12-11 Werner Koch + + Release 1.4.5. + + * configure.ac: Bump LT version to C16/A5/R3. + + * configure.ac: Add option --disable-O-flag-munging. + 2009-01-22 Werner Koch Release 1.4.4. Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog 2009-12-11 16:32:04 UTC (rev 1416) +++ branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog 2009-12-11 17:05:20 UTC (rev 1417) @@ -1,3 +1,17 @@ +2009-12-11 Werner Koch + + * Makefile.am (o_flag_munging): New. + (tiger.o, tiger.lo): Use it. + + * sha256.c (Cho, Maj, Sum0, Sum1): Turn macros into inline + functions. + (transform): Partly unroll to interweave the chain variables. + + * sha512.c (ROTR, Ch, Maj, Sum0, Sum1): Turn macros into inline + functions. + (transform): Partly unroll to interweave the chain variables. + Suggested by Christian Grothoff. + 2009-08-21 Werner Koch * dsa.c (dsa_generate_ext): Release retfactors array before Modified: branches/LIBGCRYPT-1-4-BRANCH/NEWS =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/NEWS 2009-12-11 16:32:04 UTC (rev 1416) +++ branches/LIBGCRYPT-1-4-BRANCH/NEWS 2009-12-11 17:05:20 UTC (rev 1417) @@ -1,15 +1,18 @@ -Noteworthy changes in version 1.4.5 (unreleased) +Noteworthy changes in version 1.4.5 (2009-12-11) ------------------------------------------------ - * Fix minor memory leak in DSA key generation. + * Fixed minor memory leak in DSA key generation. - * No switch into FIPS mode if /proc/version is not readable. + * No more switching to FIPS mode if /proc/version is not readable. - * Fix sigill during Padlock detection on old CPUs. + * Fixed a sigill during Padlock detection on old CPUs. - * Fix a hang on some W2000 machines. + * Fixed a hang on some W2000 machines. + * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; + SHA-256 went up by 25%. + Noteworthy changes in version 1.4.4 (2009-01-22) ------------------------------------------------ Modified: branches/LIBGCRYPT-1-4-BRANCH/README =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/README 2009-12-11 16:32:04 UTC (rev 1416) +++ branches/LIBGCRYPT-1-4-BRANCH/README 2009-12-11 17:05:20 UTC (rev 1417) @@ -1,6 +1,6 @@ Libgcrypt - The GNU Crypto Library ------------------------------------ - Version 1.4.4 + Version 1.4.5 Copyright 2000, 2002, 2003, 2004, 2007, 2008, @@ -130,7 +130,7 @@ time. This is helpful to create OS X fat binaries. --enable-random-daemon - Include support for a global random damon and + Include support for a global random dawmon and build the daemon. This is an experimental feature. --enable-mpi-path=EXTRA_PATH @@ -168,9 +168,63 @@ available. Try this if you get problems with assembler code. - + --disable-O-flag-munging + Some code is too complex for some compilers while + in higher optimization modes, thus the compiler + invocation is modified to use a lower + optimization level. Usually this works very well + but on some platforms these rules break the + invocation. This option may be used to disable + the feature under the assumption that either good + CFLAGS are given or the compiler can grok the code. + + Build Problems + -------------- + We can't check all assembler files, so if you have problems + assembling them (or the program crashes) use --disable-asm with + ./configure. If you opt to delete individual replacement files in + hopes of using the remaining ones, be aware that the configure + scripts may consider several subdirectories to get all available + assembler files; be sure to delete the correct ones. Never delete + udiv-qrnnd.S in any CPU directory, because there may be no C + substitute (in mpi/genereic). Don't forget to delete + "config.cache" and run "./config.status --recheck". We got a few + reports about problems using versions of gcc earlier than 2.96 + along with a non-GNU assembler (as). If this applies to your + platform, you can either upgrade gcc to a more recent version, or + use the GNU assembler. + + Some make tools are broken - the best solution is to use GNU's + make. Try gmake or grab the sources from a GNU archive and + install them. + + Specific problems on some machines: + + * IBM RS/6000 running AIX + + Due to a change in gcc (since version 2.8) the MPI stuff may + not build. In this case try to run configure using: + CFLAGS="-g -O2 -mcpu=powerpc" ./configure + + * SVR4.2 (ESIX V4.2 cc) + + Due to problems with the ESIX as(1), you probably want to do: + CFLAGS="-O -K pentium" ./configure --disable-asm + + * SunOS 4.1.4 + + ./configure ac_cv_sys_symbol_underscore=yes + + * Sparc64 CPUs + + We have reports about failures in the AES module when + compiling using gcc (e.g. version 4.1.2) and the option -O3; + using -O2 solves the problem. + + + License ------- Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/Makefile.am =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/cipher/Makefile.am 2009-12-11 16:32:04 UTC (rev 1416) +++ branches/LIBGCRYPT-1-4-BRANCH/cipher/Makefile.am 2009-12-11 17:05:20 UTC (rev 1417) @@ -1,6 +1,6 @@ # Makefile for cipher modules # Copyright (C) 1998, 1999, 2000, 2001, 2002, -# 2003 Free Software Foundation, Inc. +# 2003, 2009 Free Software Foundation, Inc. # # This file is part of Libgcrypt. # @@ -67,10 +67,16 @@ rfc2268.c \ camellia.c camellia.h camellia-glue.c +if ENABLE_O_FLAG_MUNGING +o_flag_munging = sed -e 's/-O[2-9s]*/-O1/g' +else +o_flag_munging = cat +endif + # We need to lower the optimization for this module. tiger.o: $(srcdir)/tiger.c - `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' ` + `echo $(COMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) ` tiger.lo: $(srcdir)/tiger.c - `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' ` + `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) ` Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/sha256.c =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/cipher/sha256.c 2009-12-11 16:32:04 UTC (rev 1416) +++ branches/LIBGCRYPT-1-4-BRANCH/cipher/sha256.c 2009-12-11 17:05:20 UTC (rev 1417) @@ -1,5 +1,5 @@ /* sha256.c - SHA256 hash function - * Copyright (C) 2003, 2006, 2008 Free Software Foundation, Inc. + * Copyright (C) 2003, 2006, 2008, 2009 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -41,7 +41,6 @@ #include #include "g10lib.h" -#include "memory.h" #include "bithelp.h" #include "cipher.h" #include "hash-common.h" @@ -95,10 +94,6 @@ /* Transform the message X which consists of 16 32-bit-words. See FIPS 180-2 for details. */ -#define Cho(x,y,z) (z ^ (x & (y ^ z))) /* (4.2) same as SHA-1's F1 */ -#define Maj(x,y,z) ((x & y) | (z & (x|y))) /* (4.3) same as SHA-1's F3 */ -#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22)) /* (4.4) */ -#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25)) /* (4.5) */ #define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */ #define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */ #define R(a,b,c,d,e,f,g,h,k,w) do \ @@ -114,6 +109,35 @@ b = a; \ a = t1 + t2; \ } while (0) + +/* (4.2) same as SHA-1's F1. */ +static inline u32 +Cho (u32 x, u32 y, u32 z) +{ + return (z ^ (x & (y ^ z))); +} + +/* (4.3) same as SHA-1's F3 */ +static inline u32 +Maj (u32 x, u32 y, u32 z) +{ + return ((x & y) | (z & (x|y))); +} + +/* (4.4) */ +static inline u32 +Sum0 (u32 x) +{ + return (ror (x, 2) ^ ror (x, 13) ^ ror (x, 22)); +} + +/* (4.5) */ +static inline u32 +Sum1 (u32 x) +{ + return (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25)); +} + static void transform (SHA256_CONTEXT *hd, const unsigned char *data) @@ -172,9 +196,56 @@ for (; i < 64; i++) w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16]; - for (i=0; i < 64; i++) - R(a,b,c,d,e,f,g,h,K[i],w[i]); + for (i=0; i < 64;) + { +#if 0 + R(a,b,c,d,e,f,g,h,K[i],w[i]); + i++; +#else + t1 = h + Sum1 (e) + Cho (e, f, g) + K[i] + w[i]; + t2 = Sum0 (a) + Maj (a, b, c); + d += t1; + h = t1 + t2; + t1 = g + Sum1 (d) + Cho (d, e, f) + K[i+1] + w[i+1]; + t2 = Sum0 (h) + Maj (h, a, b); + c += t1; + g = t1 + t2; + + t1 = f + Sum1 (c) + Cho (c, d, e) + K[i+2] + w[i+2]; + t2 = Sum0 (g) + Maj (g, h, a); + b += t1; + f = t1 + t2; + + t1 = e + Sum1 (b) + Cho (b, c, d) + K[i+3] + w[i+3]; + t2 = Sum0 (f) + Maj (f, g, h); + a += t1; + e = t1 + t2; + + t1 = d + Sum1 (a) + Cho (a, b, c) + K[i+4] + w[i+4]; + t2 = Sum0 (e) + Maj (e, f, g); + h += t1; + d = t1 + t2; + + t1 = c + Sum1 (h) + Cho (h, a, b) + K[i+5] + w[i+5]; + t2 = Sum0 (d) + Maj (d, e, f); + g += t1; + c = t1 + t2; + + t1 = b + Sum1 (g) + Cho (g, h, a) + K[i+6] + w[i+6]; + t2 = Sum0 (c) + Maj (c, d, e); + f += t1; + b = t1 + t2; + + t1 = a + Sum1 (f) + Cho (f, g, h) + K[i+7] + w[i+7]; + t2 = Sum0 (b) + Maj (b, c, d); + e += t1; + a = t1 + t2; + + i += 8; +#endif + } + hd->h0 += a; hd->h1 += b; hd->h2 += c; @@ -184,10 +255,6 @@ hd->h6 += g; hd->h7 += h; } -#undef Cho -#undef Maj -#undef Sum0 -#undef Sum1 #undef S0 #undef S1 #undef R Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/sha512.c =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/cipher/sha512.c 2009-12-11 16:32:04 UTC (rev 1416) +++ branches/LIBGCRYPT-1-4-BRANCH/cipher/sha512.c 2009-12-11 17:05:20 UTC (rev 1417) @@ -1,5 +1,5 @@ /* sha512.c - SHA384 and SHA512 hash functions - * Copyright (C) 2003, 2008 Free Software Foundation, Inc. + * Copyright (C) 2003, 2008, 2009 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -98,6 +98,36 @@ } +static inline u64 +ROTR (u64 x, u64 n) +{ + return ((x >> n) | (x << (64 - n))); +} + +static inline u64 +Ch (u64 x, u64 y, u64 z) +{ + return ((x & y) ^ ( ~x & z)); +} + +static inline u64 +Maj (u64 x, u64 y, u64 z) +{ + return ((x & y) ^ (x & z) ^ (y & z)); +} + +static inline u64 +Sum0 (u64 x) +{ + return (ROTR (x, 28) ^ ROTR (x, 34) ^ ROTR (x, 39)); +} + +static inline u64 +Sum1 (u64 x) +{ + return (ROTR (x, 14) ^ ROTR (x, 18) ^ ROTR (x, 41)); +} + /**************** * Transform the message W which consists of 16 64-bit-words */ @@ -182,21 +212,26 @@ } #endif -#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n)))) -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) #define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) #define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) for (t = 16; t < 80; t++) w[t] = S1 (w[t - 2]) + w[t - 7] + S0 (w[t - 15]) + w[t - 16]; - for (t = 0; t < 80; t++) + + for (t = 0; t < 80; ) { u64 t1, t2; + /* Performance on a AMD Athlon(tm) Dual Core Processor 4050e + with gcc 4.3.3 using gcry_md_hash_buffer of each 10000 bytes + initialized to 0,1,2,3...255,0,... and 1000 iterations: + + Not unrolled with macros: 440ms + Unrolled with macros: 350ms + Unrolled with inline: 330ms + */ +#if 0 /* Not unrolled. */ t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t]; t2 = Sum0 (a) + Maj (a, b, c); h = g; @@ -207,12 +242,53 @@ c = b; b = a; a = t1 + t2; + t++; +#else /* Unrolled to interweave the chain variables. */ + t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t]; + t2 = Sum0 (a) + Maj (a, b, c); + d += t1; + h = t1 + t2; - /* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX " - "e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */ + t1 = g + Sum1 (d) + Ch (d, e, f) + k[t+1] + w[t+1]; + t2 = Sum0 (h) + Maj (h, a, b); + c += t1; + g = t1 + t2; + + t1 = f + Sum1 (c) + Ch (c, d, e) + k[t+2] + w[t+2]; + t2 = Sum0 (g) + Maj (g, h, a); + b += t1; + f = t1 + t2; + + t1 = e + Sum1 (b) + Ch (b, c, d) + k[t+3] + w[t+3]; + t2 = Sum0 (f) + Maj (f, g, h); + a += t1; + e = t1 + t2; + + t1 = d + Sum1 (a) + Ch (a, b, c) + k[t+4] + w[t+4]; + t2 = Sum0 (e) + Maj (e, f, g); + h += t1; + d = t1 + t2; + + t1 = c + Sum1 (h) + Ch (h, a, b) + k[t+5] + w[t+5]; + t2 = Sum0 (d) + Maj (d, e, f); + g += t1; + c = t1 + t2; + + t1 = b + Sum1 (g) + Ch (g, h, a) + k[t+6] + w[t+6]; + t2 = Sum0 (c) + Maj (c, d, e); + f += t1; + b = t1 + t2; + + t1 = a + Sum1 (f) + Ch (f, g, h) + k[t+7] + w[t+7]; + t2 = Sum0 (b) + Maj (b, c, d); + e += t1; + a = t1 + t2; + + t += 8; +#endif } - /* update chaining vars */ + /* Update chaining vars. */ hd->h0 += a; hd->h1 += b; hd->h2 += c; Modified: branches/LIBGCRYPT-1-4-BRANCH/configure.ac =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/configure.ac 2009-12-11 16:32:04 UTC (rev 1416) +++ branches/LIBGCRYPT-1-4-BRANCH/configure.ac 2009-12-11 17:05:20 UTC (rev 1417) @@ -27,7 +27,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.4.5]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -40,7 +40,7 @@ # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=16 LIBGCRYPT_LT_AGE=5 -LIBGCRYPT_LT_REVISION=2 +LIBGCRYPT_LT_REVISION=3 # If the API is changed in an incompatible way: increment the next counter. @@ -475,6 +475,15 @@ [Enable support for the PadLock engine.]) fi +# Implementation of the --disable-O-flag-munging switch. +AC_MSG_CHECKING([whether a -O flag munging is requested]) +AC_ARG_ENABLE([O-flag-munging], + AC_HELP_STRING([--disable-O-flag-munging], + [Disable modification of the cc -O flag]), + [enable_o_flag_munging=$enableval], + [enable_o_flag_munging=yes]) +AC_MSG_RESULT($enable_o_flag_munging) +AM_CONDITIONAL(ENABLE_O_FLAG_MUNGING, test "$enable_o_flag_munging" = "yes") AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME", From cvs at cvs.gnupg.org Fri Dec 11 18:48:06 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 11 Dec 2009 18:48:06 +0100 Subject: [svn] gcry - r1418 - tags Message-ID: Author: wk Date: 2009-12-11 18:48:06 +0100 (Fri, 11 Dec 2009) New Revision: 1418 Added: tags/libgcrypt-1.4.5/ Log: Release tag From cvs at cvs.gnupg.org Mon Dec 14 13:16:30 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 14 Dec 2009 13:16:30 +0100 Subject: [svn] assuan - r335 - trunk/src Message-ID: Author: wk Date: 2009-12-14 13:16:30 +0100 (Mon, 14 Dec 2009) New Revision: 335 Modified: trunk/src/ChangeLog trunk/src/assuan.h trunk/src/client.c Log: Return and parse comment lines with the assuan_client_ functions. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-08 20:56:11 UTC (rev 334) +++ trunk/src/ChangeLog 2009-12-14 12:16:30 UTC (rev 335) @@ -1,3 +1,10 @@ +2009-12-14 Werner Koch + + * assuan.h (ASSUAN_RESPONSE_COMMENT): New. + * client.c (assuan_client_read_response): Return comment lines. + (assuan_client_parse_response): Return ASSUAN_RESPONSE_COMMENT. + (_assuan_read_from_server): Skip comment lines. + 2009-12-08 Marcus Brinkmann * assuan.h (struct assuan_system_hooks): Don't use "namespace" as Modified: trunk/src/assuan.h =================================================================== --- trunk/src/assuan.h 2009-12-08 20:56:11 UTC (rev 334) +++ trunk/src/assuan.h 2009-12-14 12:16:30 UTC (rev 335) @@ -431,6 +431,7 @@ #define ASSUAN_RESPONSE_INQUIRE 3 #define ASSUAN_RESPONSE_STATUS 4 #define ASSUAN_RESPONSE_END 5 +#define ASSUAN_RESPONSE_COMMENT 6 typedef int assuan_response_t; /* This already de-escapes data lines. */ Modified: trunk/src/client.c =================================================================== --- trunk/src/client.c 2009-12-08 20:56:11 UTC (rev 334) +++ trunk/src/client.c 2009-12-14 12:16:30 UTC (rev 335) @@ -91,7 +91,7 @@ line = ctx->inbound.line; linelen = ctx->inbound.linelen; } - while (*line == '#' || !linelen); + while (!linelen); /* For data lines, we deescape immediately. The user will never have to worry about it. */ @@ -181,6 +181,11 @@ *response = ASSUAN_RESPONSE_END; *off = 3; } + else if (linelen >= 1 && line[0] == '#') + { + *response = ASSUAN_RESPONSE_COMMENT; + *off = 1; + } else return _assuan_error (ctx, GPG_ERR_ASS_INV_RESPONSE); @@ -196,11 +201,16 @@ char *line; int linelen; - *response = ASSUAN_RESPONSE_ERROR; - *off = 0; - rc = assuan_client_read_response (ctx, &line, &linelen); - if (!rc) - rc = assuan_client_parse_response (ctx, line, linelen, response, off); + do + { + *response = ASSUAN_RESPONSE_ERROR; + *off = 0; + rc = assuan_client_read_response (ctx, &line, &linelen); + if (!rc) + rc = assuan_client_parse_response (ctx, line, linelen, response, off); + } + while (!rc && *response == ASSUAN_RESPONSE_COMMENT); + return rc; } From cvs at cvs.gnupg.org Mon Dec 14 13:33:24 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 14 Dec 2009 13:33:24 +0100 Subject: [svn] GnuPG - r5225 - trunk/sm Message-ID: Author: wk Date: 2009-12-14 13:33:23 +0100 (Mon, 14 Dec 2009) New Revision: 5225 Modified: trunk/sm/ChangeLog trunk/sm/server.c Log: add new gpgsm server command PASSWD Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2009-12-10 13:00:30 UTC (rev 5224) +++ trunk/sm/ChangeLog 2009-12-14 12:33:23 UTC (rev 5225) @@ -1,3 +1,8 @@ +2009-12-14 Werner Koch + + * server.c (cmd_passwd): New. + (register_commands): Register new command. + 2009-12-10 Werner Koch * gpgsm.c: Add option --ignore-cert-extension. Modified: trunk/sm/server.c =================================================================== --- trunk/sm/server.c 2009-12-10 13:00:30 UTC (rev 5224) +++ trunk/sm/server.c 2009-12-14 12:33:23 UTC (rev 5225) @@ -1068,7 +1068,6 @@ return rc; } - static const char hlp_getinfo[] = "GETINFO \n" "\n" @@ -1141,6 +1140,39 @@ } +static const char hlp_passwd[] = + "PASSWD \n" + "\n" + "Change the passphrase of the secret key for USERID."; +static gpg_error_t +cmd_passwd (assuan_context_t ctx, char *line) +{ + ctrl_t ctrl = assuan_get_pointer (ctx); + gpg_error_t err; + ksba_cert_t cert = NULL; + char *grip = NULL; + + line = skip_options (line); + + err = gpgsm_find_cert (line, NULL, &cert); + if (err) + ; + else if (!(grip = gpgsm_get_keygrip_hexstring (cert))) + err = gpg_error (GPG_ERR_INTERNAL); + else + { + char *desc = gpgsm_format_keydesc (cert); + err = gpgsm_agent_passwd (ctrl, grip, desc); + xfree (desc); + } + + xfree (grip); + ksba_cert_release (cert); + + return err; +} + + /* Return true if the command CMD implements the option OPT. */ static int @@ -1184,6 +1216,7 @@ { "DELKEYS", cmd_delkeys, hlp_delkeys }, { "GETAUDITLOG", cmd_getauditlog, hlp_getauditlog }, { "GETINFO", cmd_getinfo, hlp_getinfo }, + { "PASSWD", cmd_passwd, hlp_passwd }, { NULL } }; int i, rc; From cvs at cvs.gnupg.org Mon Dec 14 21:12:57 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 14 Dec 2009 21:12:57 +0100 Subject: [svn] GnuPG - r5226 - in trunk: . agent g10 Message-ID: Author: wk Date: 2009-12-14 21:12:56 +0100 (Mon, 14 Dec 2009) New Revision: 5226 Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/agent.h trunk/agent/protect-tool.c trunk/agent/protect.c trunk/g10/server.c Log: Implement dynamic S2K count computation. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2009-12-14 12:33:23 UTC (rev 5225) +++ trunk/agent/ChangeLog 2009-12-14 20:12:56 UTC (rev 5226) @@ -1,3 +1,12 @@ +2009-12-14 Werner Koch + + * protect.c (agent_unprotect): Decode the S2K count here and take + care of the new unencoded values. Add a lower limit sanity check. + (hash_passphrase): Do not decode here. + (get_standard_s2k_count, calibrate_s2k_count): New. + (calibrate_get_time, calibrate_elapsed_time): New. + (do_encryption): Use get_standard_s2k_count. + 2009-12-08 Werner Koch * protect.c (agent_unprotect): Avoid compiler warning. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2009-12-14 12:33:23 UTC (rev 5225) +++ trunk/NEWS 2009-12-14 20:12:56 UTC (rev 5226) @@ -18,7 +18,10 @@ * New GPGSM option --ignore-cert-extension. + * New and changed passphrases are now created with an iteration count + requiring about 100ms of CPU work. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: trunk/agent/agent.h =================================================================== --- trunk/agent/agent.h 2009-12-14 12:33:23 UTC (rev 5225) +++ trunk/agent/agent.h 2009-12-14 20:12:56 UTC (rev 5226) @@ -285,6 +285,7 @@ int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); /*-- protect.c --*/ +unsigned long get_standard_s2k_count (void); int agent_protect (const unsigned char *plainkey, const char *passphrase, unsigned char **result, size_t *resultlen); int agent_unprotect (const unsigned char *protectedkey, const char *passphrase, Modified: trunk/agent/protect-tool.c =================================================================== --- trunk/agent/protect-tool.c 2009-12-14 12:33:23 UTC (rev 5225) +++ trunk/agent/protect-tool.c 2009-12-14 20:12:56 UTC (rev 5226) @@ -61,6 +61,7 @@ oShadow, oShowShadowInfo, oShowKeygrip, + oS2Kcalibration, oCanonical, oP12Import, @@ -120,6 +121,8 @@ "import a pkcs#12 encoded private key"), ARGPARSE_c (oP12Export, "p12-export", "export a private key pkcs#12 encoded"), + + ARGPARSE_c (oS2Kcalibration, "s2k-calibration", "@"), ARGPARSE_group (301, N_("@\nOptions:\n ")), @@ -1061,6 +1064,8 @@ case oP12Export: cmd = oP12Export; break; case oP12Charset: opt_p12_charset = pargs.r.ret_str; break; + case oS2Kcalibration: cmd = oS2Kcalibration; break; + case oPassphrase: opt_passphrase = pargs.r.ret_str; break; case oStore: opt_store = 1; break; case oForce: opt_force = 1; break; @@ -1105,6 +1110,12 @@ import_p12_file (fname); else if (cmd == oP12Export) export_p12_file (fname); + else if (cmd == oS2Kcalibration) + { + if (!opt.verbose) + opt.verbose++; /* We need to see something. */ + get_standard_s2k_count (); + } else show_file (fname); Modified: trunk/agent/protect.c =================================================================== --- trunk/agent/protect.c 2009-12-14 12:33:23 UTC (rev 5225) +++ trunk/agent/protect.c 2009-12-14 20:12:56 UTC (rev 5226) @@ -27,6 +27,11 @@ #include #include #include +#ifdef HAVE_W32_SYSTEM +# include +#else +# include +#endif #include "agent.h" @@ -51,13 +56,134 @@ }; +/* A helper object for time measurement. */ +struct calibrate_time_s +{ +#ifdef HAVE_W32_SYSTEM + FILETIME creation_time, exit_time, kernel_time, user_time; +#else + clock_t ticks; +#endif +}; + + static int hash_passphrase (const char *passphrase, int hashalgo, int s2kmode, const unsigned char *s2ksalt, unsigned long s2kcount, unsigned char *key, size_t keylen); +/* Get the process time and store it in DATA. */ +static void +calibrate_get_time (struct calibrate_time_s *data) +{ +#ifdef HAVE_W32_SYSTEM + GetProcessTimes (GetCurrentProcess (), + &data->creation_time, &data->exit_time, + &data->kernel_time, &data->user_time); +#else + struct tms tmp; + + times (&tmp); + data->ticks = tmp.tms_utime; +#endif +} + +static unsigned long +calibrate_elapsed_time (struct calibrate_time_s *starttime) +{ + struct calibrate_time_s stoptime; + + calibrate_get_time (&stoptime); +#ifdef HAVE_W32_SYSTEM + { + unsigned long long t1, t2; + + t1 = (((unsigned long long)starttime->kernel_time.dwHighDateTime << 32) + + starttime->kernel_time.dwLowDateTime); + t1 += (((unsigned long long)starttime->user_time.dwHighDateTime << 32) + + starttime->user_time.dwLowDateTime); + t2 = (((unsigned long long)stoptime.kernel_time.dwHighDateTime << 32) + + stoptime.kernel_time.dwLowDateTime); + t2 += (((unsigned long long)stoptime.user_time.dwHighDateTime << 32) + + stoptime.user_time.dwLowDateTime); + return (unsigned long)((t2 - t1)/10000); + } +#else + return (unsigned long)((((double) (stoptime.ticks - starttime->ticks)) + /CLOCKS_PER_SEC)*10000000); +#endif +} + + +/* Run a test hashing for COUNT and return the time required in + milliseconds. */ +static unsigned long +calibrate_s2k_count_one (unsigned long count) +{ + int rc; + char keybuf[PROT_CIPHER_KEYLEN]; + struct calibrate_time_s starttime; + + calibrate_get_time (&starttime); + rc = hash_passphrase ("123456789abcdef0", GCRY_MD_SHA1, + 3, "saltsalt", count, keybuf, sizeof keybuf); + if (rc) + BUG (); + return calibrate_elapsed_time (&starttime); +} + + +/* Measure the time we need to do the hash operations and deduce an + S2K count which requires about 100ms of time. */ +static unsigned long +calibrate_s2k_count (void) +{ + unsigned long count; + unsigned long ms; + + for (count = 65536; count; count *= 2) + { + ms = calibrate_s2k_count_one (count); + if (opt.verbose > 1) + log_info ("S2K calibration: %lu -> %lums\n", count, ms); + if (ms > 100) + break; + } + + count = (unsigned long)(((double)count / ms) * 100); + count /= 1024; + count *= 1024; + if (count < 65536) + count = 65536; + + if (opt.verbose) + { + ms = calibrate_s2k_count_one (count); + log_info ("S2K calibration: %lu iterations for %lums\n", count, ms); + } + + return count; +} + + + +/* Return the standard S2K count. */ +unsigned long +get_standard_s2k_count (void) +{ + static unsigned long count; + + if (!count) + count = calibrate_s2k_count (); + + /* Enforce a lower limit. */ + return count < 65536 ? 65536 : count; +} + + + /* Calculate the MIC for a private key S-Exp. SHA1HASH should point to a 20 byte buffer. This function is suitable for any algorithms. */ @@ -193,7 +319,8 @@ else { rc = hash_passphrase (passphrase, GCRY_MD_SHA1, - 3, iv+2*blklen, 96, key, keylen); + 3, iv+2*blklen, + get_standard_s2k_count (), key, keylen); if (!rc) rc = gcry_cipher_setkey (hd, key, keylen); xfree (key); @@ -757,9 +884,23 @@ is nothing we should worry about */ if (s[n] != ')' ) return gpg_error (GPG_ERR_INV_SEXP); + + /* Old versions of gpg-agent used the funny floating point number in + a byte encoding as specified by OpenPGP. However this is not + needed and thus we now store it as a plain unsigned integer. We + can easily distinguish the old format by looking at its value: + Less than 256 is an old-style encoded number; other values are + plain integers. In any case we check that they are at least + 65536 because we never used a lower value in the past and we + should have a lower limit. */ s2kcount = strtoul ((const char*)s, NULL, 10); if (!s2kcount) return gpg_error (GPG_ERR_CORRUPTED_PROTECTION); + if (s2kcount < 256) + s2kcount = (16ul + (s2kcount & 15)) << ((s2kcount >> 4) + 6); + if (s2kcount < 65536) + return gpg_error (GPG_ERR_CORRUPTED_PROTECTION); + s += n; s++; /* skip list end */ @@ -848,8 +989,7 @@ /* Transform a passphrase into a suitable key of length KEYLEN and store this key in the caller provided buffer KEY. The caller must provide an HASHALGO, a valid S2KMODE (see rfc-2440) and depending on - that mode an S2KSALT of 8 random bytes and an S2KCOUNT (a suitable - value is 96). + that mode an S2KSALT of 8 random bytes and an S2KCOUNT. Returns an error code on failure. */ static int @@ -891,7 +1031,7 @@ if (s2kmode == 3) { - count = (16ul + (s2kcount & 15)) << ((s2kcount >> 4) + 6); + count = s2kcount; if (count < len2) count = len2; } Modified: trunk/g10/server.c =================================================================== --- trunk/g10/server.c 2009-12-14 12:33:23 UTC (rev 5225) +++ trunk/g10/server.c 2009-12-14 20:12:56 UTC (rev 5226) @@ -601,7 +601,25 @@ return rc; } +static const char hlp_passwd[] = + "PASSWD \n" + "\n" + "Change the passphrase of the secret key for USERID."; +static gpg_error_t +cmd_passwd (assuan_context_t ctx, char *line) +{ + ctrl_t ctrl = assuan_get_pointer (ctx); + gpg_error_t err; + line = skip_options (line); + + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + + return err; +} + + + /* Helper to register our commands with libassuan. */ static int @@ -611,6 +629,7 @@ { const char *name; assuan_handler_t handler; + assuan_handler_t help; } table[] = { { "RECIPIENT", cmd_recipient }, { "SIGNER", cmd_signer }, @@ -628,13 +647,15 @@ { "GENKEY", cmd_genkey }, { "DELKEYS", cmd_delkeys }, { "GETINFO", cmd_getinfo }, + { "PASSWD", cmd_passwd, hlp_passwd}, { NULL } }; int i, rc; for (i=0; table[i].name; i++) { - rc = assuan_register_command (ctx, table[i].name, table[i].handler, NULL); + rc = assuan_register_command (ctx, table[i].name, + table[i].handler, table[i].help); if (rc) return rc; } From cvs at cvs.gnupg.org Mon Dec 14 21:18:53 2009 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 14 Dec 2009 21:18:53 +0100 Subject: [svn] GnuPG - r5227 - in branches/STABLE-BRANCH-2-0: . agent Message-ID: Author: wk Date: 2009-12-14 21:18:53 +0100 (Mon, 14 Dec 2009) New Revision: 5227 Modified: branches/STABLE-BRANCH-2-0/NEWS branches/STABLE-BRANCH-2-0/agent/ChangeLog branches/STABLE-BRANCH-2-0/agent/agent.h branches/STABLE-BRANCH-2-0/agent/protect-tool.c branches/STABLE-BRANCH-2-0/agent/protect.c Log: Implement dynamic S2K count computation for GPGSM Modified: branches/STABLE-BRANCH-2-0/agent/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/agent/ChangeLog 2009-12-14 20:12:56 UTC (rev 5226) +++ branches/STABLE-BRANCH-2-0/agent/ChangeLog 2009-12-14 20:18:53 UTC (rev 5227) @@ -1,3 +1,12 @@ +2009-12-14 Werner Koch + + * protect.c (agent_unprotect): Decode the S2K count here and take + care of the new unencoded values. Add a lower limit sanity check. + (hash_passphrase): Do not decode here. + (get_standard_s2k_count, calibrate_s2k_count): New. + (calibrate_get_time, calibrate_elapsed_time): New. + (do_encryption): Use get_standard_s2k_count. + 2009-12-03 Werner Koch * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print @@ -42,7 +51,7 @@ * genkey.c (agent_protect_and_store): Return RC and not 0. * protect.c (do_encryption): Fix ignored error code from malloc. Reported by Fabian Keil. - + 2009-06-17 Werner Koch * call-pinentry.c (agent_get_confirmation): Add arg WITH_CANCEL. Modified: branches/STABLE-BRANCH-2-0/NEWS =================================================================== --- branches/STABLE-BRANCH-2-0/NEWS 2009-12-14 20:12:56 UTC (rev 5226) +++ branches/STABLE-BRANCH-2-0/NEWS 2009-12-14 20:18:53 UTC (rev 5227) @@ -13,7 +13,10 @@ * New GPGSM option --ignore-cert-extension. + * New and changed passphrases for gpg-agent protected keys are now + created with an iteration count requiring about 100ms of CPU work. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: branches/STABLE-BRANCH-2-0/agent/agent.h =================================================================== --- branches/STABLE-BRANCH-2-0/agent/agent.h 2009-12-14 20:12:56 UTC (rev 5226) +++ branches/STABLE-BRANCH-2-0/agent/agent.h 2009-12-14 20:18:53 UTC (rev 5227) @@ -285,6 +285,7 @@ int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); /*-- protect.c --*/ +unsigned long get_standard_s2k_count (void); int agent_protect (const unsigned char *plainkey, const char *passphrase, unsigned char **result, size_t *resultlen); int agent_unprotect (const unsigned char *protectedkey, const char *passphrase, Modified: branches/STABLE-BRANCH-2-0/agent/protect-tool.c =================================================================== --- branches/STABLE-BRANCH-2-0/agent/protect-tool.c 2009-12-14 20:12:56 UTC (rev 5226) +++ branches/STABLE-BRANCH-2-0/agent/protect-tool.c 2009-12-14 20:18:53 UTC (rev 5227) @@ -61,6 +61,7 @@ oShadow, oShowShadowInfo, oShowKeygrip, + oS2Kcalibration, oCanonical, oP12Import, @@ -120,6 +121,8 @@ "import a pkcs#12 encoded private key"), ARGPARSE_c (oP12Export, "p12-export", "export a private key pkcs#12 encoded"), + + ARGPARSE_c (oS2Kcalibration, "s2k-calibration", "@"), ARGPARSE_group (301, N_("@\nOptions:\n ")), @@ -1061,6 +1064,8 @@ case oP12Export: cmd = oP12Export; break; case oP12Charset: opt_p12_charset = pargs.r.ret_str; break; + case oS2Kcalibration: cmd = oS2Kcalibration; break; + case oPassphrase: opt_passphrase = pargs.r.ret_str; break; case oStore: opt_store = 1; break; case oForce: opt_force = 1; break; @@ -1105,6 +1110,12 @@ import_p12_file (fname); else if (cmd == oP12Export) export_p12_file (fname); + else if (cmd == oS2Kcalibration) + { + if (!opt.verbose) + opt.verbose++; /* We need to see something. */ + get_standard_s2k_count (); + } else show_file (fname); Modified: branches/STABLE-BRANCH-2-0/agent/protect.c =================================================================== --- branches/STABLE-BRANCH-2-0/agent/protect.c 2009-12-14 20:12:56 UTC (rev 5226) +++ branches/STABLE-BRANCH-2-0/agent/protect.c 2009-12-14 20:18:53 UTC (rev 5227) @@ -27,6 +27,11 @@ #include #include #include +#ifdef HAVE_W32_SYSTEM +# include +#else +# include +#endif #include "agent.h" @@ -51,13 +56,134 @@ }; +/* A helper object for time measurement. */ +struct calibrate_time_s +{ +#ifdef HAVE_W32_SYSTEM + FILETIME creation_time, exit_time, kernel_time, user_time; +#else + clock_t ticks; +#endif +}; + + static int hash_passphrase (const char *passphrase, int hashalgo, int s2kmode, const unsigned char *s2ksalt, unsigned long s2kcount, unsigned char *key, size_t keylen); +/* Get the process time and store it in DATA. */ +static void +calibrate_get_time (struct calibrate_time_s *data) +{ +#ifdef HAVE_W32_SYSTEM + GetProcessTimes (GetCurrentProcess (), + &data->creation_time, &data->exit_time, + &data->kernel_time, &data->user_time); +#else + struct tms tmp; + + times (&tmp); + data->ticks = tmp.tms_utime; +#endif +} + +static unsigned long +calibrate_elapsed_time (struct calibrate_time_s *starttime) +{ + struct calibrate_time_s stoptime; + + calibrate_get_time (&stoptime); +#ifdef HAVE_W32_SYSTEM + { + unsigned long long t1, t2; + + t1 = (((unsigned long long)starttime->kernel_time.dwHighDateTime << 32) + + starttime->kernel_time.dwLowDateTime); + t1 += (((unsigned long long)starttime->user_time.dwHighDateTime << 32) + + starttime->user_time.dwLowDateTime); + t2 = (((unsigned long long)stoptime.kernel_time.dwHighDateTime << 32) + + stoptime.kernel_time.dwLowDateTime); + t2 += (((unsigned long long)stoptime.user_time.dwHighDateTime << 32) + + stoptime.user_time.dwLowDateTime); + return (unsigned long)((t2 - t1)/10000); + } +#else + return (unsigned long)((((double) (stoptime.ticks - starttime->ticks)) + /CLOCKS_PER_SEC)*10000000); +#endif +} + + +/* Run a test hashing for COUNT and return the time required in + milliseconds. */ +static unsigned long +calibrate_s2k_count_one (unsigned long count) +{ + int rc; + char keybuf[PROT_CIPHER_KEYLEN]; + struct calibrate_time_s starttime; + + calibrate_get_time (&starttime); + rc = hash_passphrase ("123456789abcdef0", GCRY_MD_SHA1, + 3, "saltsalt", count, keybuf, sizeof keybuf); + if (rc) + BUG (); + return calibrate_elapsed_time (&starttime); +} + + +/* Measure the time we need to do the hash operations and deduce an + S2K count which requires about 100ms of time. */ +static unsigned long +calibrate_s2k_count (void) +{ + unsigned long count; + unsigned long ms; + + for (count = 65536; count; count *= 2) + { + ms = calibrate_s2k_count_one (count); + if (opt.verbose > 1) + log_info ("S2K calibration: %lu -> %lums\n", count, ms); + if (ms > 100) + break; + } + + count = (unsigned long)(((double)count / ms) * 100); + count /= 1024; + count *= 1024; + if (count < 65536) + count = 65536; + + if (opt.verbose) + { + ms = calibrate_s2k_count_one (count); + log_info ("S2K calibration: %lu iterations for %lums\n", count, ms); + } + + return count; +} + + + +/* Return the standard S2K count. */ +unsigned long +get_standard_s2k_count (void) +{ + static unsigned long count; + + if (!count) + count = calibrate_s2k_count (); + + /* Enforce a lower limit. */ + return count < 65536 ? 65536 : count; +} + + + /* Calculate the MIC for a private key S-Exp. SHA1HASH should point to a 20 byte buffer. This function is suitable for any algorithms. */ @@ -193,7 +319,8 @@ else { rc = hash_passphrase (passphrase, GCRY_MD_SHA1, - 3, iv+2*blklen, 96, key, keylen); + 3, iv+2*blklen, + get_standard_s2k_count (), key, keylen); if (!rc) rc = gcry_cipher_setkey (hd, key, keylen); xfree (key); @@ -757,9 +884,23 @@ is nothing we should worry about */ if (s[n] != ')' ) return gpg_error (GPG_ERR_INV_SEXP); + + /* Old versions of gpg-agent used the funny floating point number in + a byte encoding as specified by OpenPGP. However this is not + needed and thus we now store it as a plain unsigned integer. We + can easily distinguish the old format by looking at its value: + Less than 256 is an old-style encoded number; other values are + plain integers. In any case we check that they are at least + 65536 because we never used a lower value in the past and we + should have a lower limit. */ s2kcount = strtoul ((const char*)s, NULL, 10); if (!s2kcount) return gpg_error (GPG_ERR_CORRUPTED_PROTECTION); + if (s2kcount < 256) + s2kcount = (16ul + (s2kcount & 15)) << ((s2kcount >> 4) + 6); + if (s2kcount < 65536) + return gpg_error (GPG_ERR_CORRUPTED_PROTECTION); + s += n; s++; /* skip list end */ @@ -847,8 +988,7 @@ /* Transform a passphrase into a suitable key of length KEYLEN and store this key in the caller provided buffer KEY. The caller must provide an HASHALGO, a valid S2KMODE (see rfc-2440) and depending on - that mode an S2KSALT of 8 random bytes and an S2KCOUNT (a suitable - value is 96). + that mode an S2KSALT of 8 random bytes and an S2KCOUNT. Returns an error code on failure. */ static int @@ -890,7 +1030,7 @@ if (s2kmode == 3) { - count = (16ul + (s2kcount & 15)) << ((s2kcount >> 4) + 6); + count = s2kcount; if (count < len2) count = len2; } From cvs at cvs.gnupg.org Tue Dec 15 02:01:40 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 15 Dec 2009 02:01:40 +0100 Subject: [svn] gpgme - r1441 - trunk/src Message-ID: Author: marcus Date: 2009-12-15 02:01:40 +0100 (Tue, 15 Dec 2009) New Revision: 1441 Modified: trunk/src/ChangeLog trunk/src/assuan-support.c Log: 2009-12-15 Marcus Brinkmann * assuan-support.c (my_spawn): Calloc, not malloc, the fd_items. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2009-12-10 09:49:47 UTC (rev 1440) +++ trunk/src/ChangeLog 2009-12-15 01:01:40 UTC (rev 1441) @@ -1,3 +1,7 @@ +2009-12-15 Marcus Brinkmann + + * assuan-support.c (my_spawn): Calloc, not malloc, the fd_items. + 2009-12-10 Werner Koch * debug.c (debug_init): Test on sgid process. Modified: trunk/src/assuan-support.c =================================================================== --- trunk/src/assuan-support.c 2009-12-10 09:49:47 UTC (rev 1440) +++ trunk/src/assuan-support.c 2009-12-15 01:01:40 UTC (rev 1441) @@ -130,7 +130,7 @@ } /* fd_in, fd_out, terminator */ i += 3; - fd_items = malloc (sizeof (struct spawn_fd_item_s) * i); + fd_items = calloc (i, sizeof (struct spawn_fd_item_s)); if (! fd_items) return -1; i = 0; From cvs at cvs.gnupg.org Tue Dec 15 02:23:07 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 15 Dec 2009 02:23:07 +0100 Subject: [svn] assuan - r336 - trunk Message-ID: Author: marcus Date: 2009-12-15 02:23:07 +0100 (Tue, 15 Dec 2009) New Revision: 336 Modified: trunk/AUTHORS trunk/README trunk/THANKS trunk/TODO Log: Just some pre-release clean ups. Modified: trunk/AUTHORS =================================================================== --- trunk/AUTHORS 2009-12-14 12:16:30 UTC (rev 335) +++ trunk/AUTHORS 2009-12-15 01:23:07 UTC (rev 336) @@ -13,7 +13,7 @@ - Code cleanup, descriptor passing and bug fixes. Marcus Brinkmann - - Bug fixes. + - Shared library version, bug fixes. g10 Code GmbH - all work indicated by mail addresses in ChangeLogs Modified: trunk/README =================================================================== --- trunk/README 2009-12-14 12:16:30 UTC (rev 335) +++ trunk/README 2009-12-15 01:23:07 UTC (rev 336) @@ -2,12 +2,8 @@ =========== This is the IPC library used by GnuPG 2, GPGME and a few other -packages. It used to be included with the latter packages but we -decided to make your life not too easy and separated it out to a stand -alone library. +packages. -It is currently not intended to be used as a shared library. - See COPYING.LIB on how to share, modify and distribute the software itself (LGPLv2.1+) and COPYING for the documentation (GPLv3+). @@ -17,5 +13,3 @@ The primary FTP site is ftp://ftp.gnupg.org/gcrypt/libassuan. - - Modified: trunk/THANKS =================================================================== --- trunk/THANKS 2009-12-14 12:16:30 UTC (rev 335) +++ trunk/THANKS 2009-12-15 01:23:07 UTC (rev 336) @@ -1,12 +1,10 @@ - -Alain Guibert alguibert+gpd at free.fr -Marc Mutz mutz at kde.org -Michael Nottebrock michaelnottebrock at gmx.net +Alain Guibert alguibert+gpd at free dot fr +Ben Kibbey bjk at luxsci dot net +Frank Osterfeld frank at kdab dot net +Marc Mutz mutz at kde dot org +Michael Nottebrock michaelnottebrock at gmx dot net Nelson H. F. Beebe beebe at math dot utah dot edu Peter O'Gorman gnupg-devel at mlists dot thewrittenword dot com Rex Dieter rdieter at math dot unl dot edu -Ville Skytt? ville.skytta at iki.fi +Ville Skytt? ville dot skytta at iki dot fi - - - Modified: trunk/TODO =================================================================== --- trunk/TODO 2009-12-14 12:16:30 UTC (rev 335) +++ trunk/TODO 2009-12-15 01:23:07 UTC (rev 336) @@ -1,4 +1,5 @@ -*- outline -*- +* More tests. * Check that we have Pth-ed all blocking fucntions. * Introduce a spawn wrapper program as gpgme has to not leak fds under W32. * assuan_transact returns immediately on an error in the callback @@ -12,3 +13,4 @@ * W32 ** Check what kind of fd we use with inbound.fd etc. + From cvs at cvs.gnupg.org Tue Dec 15 02:36:40 2009 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 15 Dec 2009 02:36:40 +0100 Subject: [svn] assuan - r337 - in trunk: . doc Message-ID: