From cvs at cvs.gnupg.org Fri Jul 9 10:21:45 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 09 Jul 2010 10:21:45 +0200 Subject: [svn] gcry - r1436 - in trunk: . src Message-ID: Author: wk Date: 2010-07-09 10:21:44 +0200 (Fri, 09 Jul 2010) New Revision: 1436 Modified: trunk/ChangeLog trunk/configure.ac trunk/src/ChangeLog trunk/src/gcrypt.h.in Log: Minor changes for MSVC. Bumped LT version because we need to add an inetrface in the 1.4 branch. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-06-29 17:14:35 UTC (rev 1435) +++ trunk/ChangeLog 2010-07-09 08:21:44 UTC (rev 1436) @@ -1,3 +1,8 @@ +2010-07-09 Werner Koch + + * configure.ac: Bump LT version to C18/A7/R0 to prepare a backport + of a new API to the 1.4 series. + 2010-04-19 Marcus Brinkmann * configure.ac: Check for -fno-strict-aliasing. @@ -59,7 +64,7 @@ 2009-01-22 Werner Koch - * configure.ac: Bump LT version to C17/A7/R0 to mark the start of + * configure.ac: Bump LT version to C17/A6/R0 to mark the start of a new development series. 2009-01-22 Werner Koch Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-06-29 17:14:35 UTC (rev 1435) +++ trunk/src/ChangeLog 2010-07-09 08:21:44 UTC (rev 1436) @@ -1,3 +1,8 @@ +2010-07-09 Werner Koch + + * gcrypt.h.in [!__GNUC__ && W32]: Typedef ssize_t and pid_t to + help building with MSVC. + 2010-06-24 Werner Koch * gcrypt.h.in [W32]: Include time.h and not sys/time.h. @@ -8,7 +13,8 @@ 2010-04-16 Marcus Brinkmann - * sexp.c: (sexp_sscan): Make it variable length, and rename the old version to ... + * sexp.c: (sexp_sscan): Make it variable length, and rename the + old version to ... (vsexp_sscan): ... this new function. Also swap last two arguments. (gcry_sexp_create): Remove dummy va_list. (gcry_sexp_build): Use vsexp_sscan instead of sexp_sscan. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-06-29 17:14:35 UTC (rev 1435) +++ trunk/configure.ac 2010-07-09 08:21:44 UTC (rev 1436) @@ -41,9 +41,11 @@ # (Interfaces removed: CURRENT++, AGE=0, REVISION=0) # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) -# NOTE: As an exception the the LT versions are already set for 1.5.0! -LIBGCRYPT_LT_CURRENT=17 -LIBGCRYPT_LT_AGE=6 + +# NOTE: As an exception during development of this branch the LT +# versions are already set for 1.5.0! +LIBGCRYPT_LT_CURRENT=18 +LIBGCRYPT_LT_AGE=7 LIBGCRYPT_LT_REVISION=0 Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2010-06-29 17:14:35 UTC (rev 1435) +++ trunk/src/gcrypt.h.in 2010-07-09 08:21:44 UTC (rev 1436) @@ -1,6 +1,6 @@ /* gcrypt.h - GNU Cryptographic Library Interface -*- c -*- Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006 - 2007, 2008, 2009 Free Software Foundation, Inc. + 2007, 2008, 2009, 2010 Free Software Foundation, Inc. This file is part of Libgcrypt. @@ -34,7 +34,10 @@ # include # include # include +# ifndef __GNUC__ typedef long ssize_t; + typedef int pid_t; +# endif /*!__GNUC__*/ #else # include # include From cvs at cvs.gnupg.org Tue Jul 13 16:25:04 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 13 Jul 2010 16:25:04 +0200 Subject: [svn] gcry - r1437 - in branches/LIBGCRYPT-1-4-BRANCH: . cipher doc src tests Message-ID: Author: wk Date: 2010-07-13 16:25:01 +0200 (Tue, 13 Jul 2010) New Revision: 1437 Added: branches/LIBGCRYPT-1-4-BRANCH/tests/aeswrap.c Modified: branches/LIBGCRYPT-1-4-BRANCH/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/NEWS branches/LIBGCRYPT-1-4-BRANCH/README branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/cipher/cipher.c branches/LIBGCRYPT-1-4-BRANCH/cipher/md.c branches/LIBGCRYPT-1-4-BRANCH/cipher/tiger.c branches/LIBGCRYPT-1-4-BRANCH/configure.ac branches/LIBGCRYPT-1-4-BRANCH/doc/announce.txt branches/LIBGCRYPT-1-4-BRANCH/src/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/src/cipher.h branches/LIBGCRYPT-1-4-BRANCH/src/gcrypt.h.in branches/LIBGCRYPT-1-4-BRANCH/tests/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/tests/Makefile.am branches/LIBGCRYPT-1-4-BRANCH/tests/basic.c Log: Add new algorithms and modes. Prepare a release. Modified: branches/LIBGCRYPT-1-4-BRANCH/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/ChangeLog 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/ChangeLog 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,3 +1,9 @@ +2010-07-13 Werner Koch + + Release 1.4.6. + + * configure.ac: Bump LT version to C17/A6/R0. + 2009-12-11 Werner Koch Release 1.4.5. @@ -45,7 +51,7 @@ 2008-08-19 Werner Koch Release 1.4.2rc1. - + * configure.ac: Bump LT version to C16/A5/R0. 2008-08-18 Werner Koch @@ -65,7 +71,7 @@ 2008-04-25 Werner Koch Release 1.4.1. - + * configure.ac: Bump LT version to C15/A4/R4. 2008-04-22 Werner Koch @@ -103,7 +109,7 @@ 2007-12-10 Werner Koch Released 1.4.0. - + * configure.ac: Set LT to C15/A4/R3. 2007-12-05 Werner Koch @@ -143,7 +149,7 @@ in the test program which lurked there for 4 years. Adjusted name of libtools global_system_pipe variable and add extra cut stage. Reported by Gregor Riepl. - + 2007-06-15 Werner Koch * autogen.sh (FORCE): Use = and not == in test to be POSIXly correct. @@ -180,7 +186,7 @@ Released 1.3.0. * configure.ac: Set LT to C15/A4/R0. - + * configure.ac: Require automake 1.10 (AM_PROG_CC_C_O): New. @@ -190,7 +196,7 @@ 2007-05-02 Werner Koch - * configure.ac (LIBGCRYPT_DIGESTS, LIBGCRYPT_CIPHERS) + * configure.ac (LIBGCRYPT_DIGESTS, LIBGCRYPT_CIPHERS) (LIBGCRYPT_PUBKEY_CIPHERS): Ac_define lists of algorithms. (default_ciphers): Don't make camellia a default. @@ -234,7 +240,7 @@ * configure.ac: Bump LT version to C14/A3/R0 in preparation for a release. - + * autogen.sh: Add option --force. * configure.ac: New option --disable-endian-check. Use a real noexecstack test instead of requiring an option. Add SVN version @@ -287,7 +293,7 @@ 2006-07-26 Werner Koch * configure.ac: New options --enable-noexecstack and - --disable-optimization. + --disable-optimization. 2006-07-04 Marcus Brinkmann @@ -329,7 +335,7 @@ * configure.ac: Move detection of basic stuff to the top. For example we need to know whether gcc is used before testing for it. Reported by Ralf Fassel. - + 2005-04-23 Moritz Schulte * acinclude.m4 (TYPE_SOCKLEN_T): New type definition test; @@ -351,9 +357,9 @@ 2005-01-04 Werner Koch Updated to automake 1.9. - - * acinclude.m4: Updated for use with automake 1.9. + * acinclude.m4: Updated for use with automake 1.9. + * configure.ac: Require libgpg-error 1.0; not really needed but that is the first stable version. @@ -387,7 +393,7 @@ 2004-04-15 Werner Koch Released 1.2.0. - + * configure.ac: Set LT to C12/A1/R1. 2004-04-06 Werner Koch @@ -412,7 +418,7 @@ Released 1.1.93. - * configure.ac (LIBGCRYPT_CONFIG_SONAME_NUMBER): Replaced by + * configure.ac (LIBGCRYPT_CONFIG_SONAME_NUMBER): Replaced by LIBGCRYPT_CONPIG_API_VERSION. Set it to 1. Set LT to C11/A0/R1. 2004-03-05 Werner Koch @@ -422,7 +428,7 @@ 2004-02-20 Werner Koch Released 1.1.92. - + * configure.ac: Set LT to C11/A0/R0. 2004-02-11 Werner Koch @@ -440,7 +446,7 @@ 2003-12-19 Werner Koch Released 1.1.91. - + * configure.ac: Bumbed LT version to C10/A3/R1. 2003-12-08 Werner Koch @@ -458,9 +464,9 @@ 2003-11-14 Werner Koch Released 1.1.90. - + * configure.ac: Bumbed LT version to C10/A3/R0. - + * configure.ac (have_ld_version_script): Set the default in a separate test. (PRINTABLE_OS_NAME): Don't handle the Hurd extra, this leads to @@ -478,7 +484,7 @@ development Released 1.1.44. - + * acinclude.m4 (AC_CHECK_PTH): Added. * configure.ac: Use it here instead of the generic lib test. Bumbed LT vesion to C9/A2/R0. @@ -521,7 +527,7 @@ 2003-07-31 Werner Koch Released 1.1.42. - + * configure.ac: Set LT version to 7/0/0. 2003-07-30 Werner Koch @@ -545,7 +551,7 @@ 2003-07-05 Moritz Schulte * README: Few changes, mention libgpg-error. - + 2003-06-18 Moritz Schulte * configure.ac (available_ciphers): Removed Serpent, hrrm. @@ -558,7 +564,7 @@ GNUPG_SYS_SYMBOL_UNDERSCORE, GNUPG_FUNC_MKDIR_TAKES_ONE_ARG, GPH_PROG_DB2ANY. Added macro definitions: AM_PATH_GPG_ERROR. - + * configure.ac: Use alternative approach for building based on conditional sources, which does not make automake eat all your memory, etc. @@ -633,8 +639,8 @@ * configure.ac: Removed code for generating contruct.c. Remove digest modules from the static_modules list, only handle random module selection. - + 2003-03-24 Moritz Schulte * NEWS: Mention new CBC_MAC flag. @@ -650,7 +656,7 @@ 2003-01-21 Werner Koch - * README (Configure options): New. + * README (Configure options): New. * configure.ac (have_ld_version_script): New option --enable-ld-version-script. @@ -661,13 +667,13 @@ 2003-01-20 Werner Koch Released 1.1.12. - + * configure.ac (LIBGCRYPT_LT_REVISION): Bumbed up. 2002-12-21 Werner Koch Released 1.1.11. - + * configure.ac (LIBGCRYPT_LT_CURRENT: Bumbed to 6/5/0 due to a new interface @@ -692,7 +698,7 @@ 2002-09-18 Timo Schulz * configure.ac: Added makefile for the W32 DLL. - + 2002-09-17 Werner Koch * configure.ac: Check for Pth and Pthreads. @@ -700,7 +706,7 @@ 2002-08-23 Werner Koch Released 1.1.9. - + * configure.ac (LIBGCRYPT_CONFIG_CFLAGS): Renamed from LIBGCRYPT_CFLAGS and removed the libpath because it is set by the config script. @@ -709,13 +715,13 @@ 2002-06-25 Werner Koch Released 1.1.8. - - * configure.ac: Set LT version to 5/4/0. + * configure.ac: Set LT version to 5/4/0. + 2002-05-21 Werner Koch Released 1.1.7. - + * configure.ac: Set LT version to 4/3/0. 2002-05-17 Werner Koch @@ -741,7 +747,7 @@ * configure.ac (jnlib/Makefile): Removed. * configure.ac: Define _REENTRANT. - + 2002-02-18 Werner Koch * configure.ac (MPI_EXTRA_ASM_OBJS): Use .lo suffix. @@ -749,7 +755,7 @@ 2002-02-07 Werner Koch - Released 1.1.6. + Released 1.1.6. 2002-01-24 Werner Koch @@ -778,7 +784,7 @@ Released 1.1.4. * acinclude.m4 (GNUPG_CHECK_TYPEDEF): Define GNU Source. - + Migrated to autoconf 2.52. * acinclude.m4: Removed GNUPG_LINK_FILES and converted. * acconfig.h: Removed @@ -789,7 +795,7 @@ * tests/: New. * Makefile.am: Included tests directory - + * configure.in (DYNLINK_MOD_CFLAGS): Use -shared with dec-osf. Reported by Chris Adams. Merged some cases. @@ -1339,9 +1345,9 @@ * configure.in : Fixed zlib stuff * Makefile.am: Likewise - + Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006, - 2007, 2008, 2009 Free Software Foundation, Inc. + 2007, 2008, 2009, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -1350,4 +1356,3 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,3 +1,26 @@ +2010-07-13 Werner Koch + + * cipher.c (do_aeswrap_encrypt, do_aeswrap_decrypt): New. Take + from current SVN trunk. + (gcry_cipher_open, gcry_cipher_encrypt, gcry_cipher_decrypt): Hook + them in. + (struct gcry_cipher_handle): Add field MARKS. + (cipher_setkey, cipher_setiv): Set MARKS. + (cipher_reset): Clear MARKS. + +2010-07-09 Werner Koch + + * tiger.c (asn): Unfetter the old TIGER from an OID. + (TIGER_CONTEXT): Add field VARIANT. + (tiger_init): Factor code out to ... + (do_init): ... new. + (tiger1_init, tiger2_init): New. + (_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): New. + * md.c (digest_table): Add TIGER1 and TIGER2 variants. + + * md.c (md_read): Fix incomplete check for NULL. Reported by + Fabian Kail. + 2009-12-11 Werner Koch * Makefile.am (o_flag_munging): New. Modified: branches/LIBGCRYPT-1-4-BRANCH/src/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/src/ChangeLog 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/src/ChangeLog 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,3 +1,15 @@ +2010-07-13 Werner Koch + + * gcrypt.h.in (GCRY_CIPHER_MODE_AESWRAP): New. + +2010-07-09 Werner Koch + + * gcrypt.h.in (GCRY_MD_TIGER1, GCRY_MD_TIGER2): New. + + * gcrypt.h.in [!__GNUC__ && W32]: Typedef ssize_t and pid_t to + help building with MSVC. + * gcrypt.h.in [W32]: Include time.h and not sys/time.h. + 2009-11-29 Werner Koch * hwfeatures.c (detect_ia32_gnuc): Replace "=r" by "+r" so that Modified: branches/LIBGCRYPT-1-4-BRANCH/tests/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/tests/ChangeLog 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/tests/ChangeLog 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,3 +1,12 @@ +2010-07-13 Werner Koch + + * aeswrap.c: New. Take from trunk. + +2010-07-09 Werner Koch + + * basic.c (check_digests): Add tests for TIGER1 and TIGER2 from + the NESSIE project. + 2010-06-10 Werner Koch * t-mpi-bit.c (mpi2bitstr_nlz): Handle case for LENGTH==0. Modified: branches/LIBGCRYPT-1-4-BRANCH/NEWS =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/NEWS 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/NEWS 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,3 +1,17 @@ +Noteworthy changes in version 1.4.6 (2010-07-13) +------------------------------------------------ + + * New variants of the TIGER algorithm. + + * New cipher algorithm mode for AES-WRAP. + + * Interface changes relative to the 1.4.2 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GCRY_MD_TIGER1 NEW. + GCRY_MD_TIGER2 NEW. + GCRY_CIPHER_MODE_AESWRAP NEW. + + Noteworthy changes in version 1.4.5 (2009-12-11) ------------------------------------------------ @@ -601,7 +615,7 @@ Copyright 2001, 2002, 2003, 2004, 2007, 2008, - 2009 Free Software Foundation, Inc. + 2009, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: branches/LIBGCRYPT-1-4-BRANCH/README =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/README 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/README 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,10 +1,10 @@ Libgcrypt - The GNU Crypto Library ------------------------------------ - Version 1.4.5 + Version 1.4.6 Copyright 2000, 2002, 2003, 2004, 2007, 2008, - 2009 Free Software Foundation, Inc. + 2009, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/cipher.c =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/cipher/cipher.c 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/cipher/cipher.c 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,6 +1,6 @@ /* cipher.c - cipher dispatcher * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 - * 2005, 2007, 2008 Free Software Foundation, Inc. + * 2005, 2007, 2008, 2010 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -192,6 +192,11 @@ int mode; unsigned int flags; + struct { + unsigned int key:1; /* Set to 1 if a key has been set. */ + unsigned int iv:1; /* Set to 1 if a IV has been set. */ + } marks; + /* The initialization vector. To help code optimization we make sure that it is aligned on an unsigned long and u32 boundary. */ union { @@ -724,6 +729,7 @@ case GCRY_CIPHER_MODE_CFB: case GCRY_CIPHER_MODE_OFB: case GCRY_CIPHER_MODE_CTR: + case GCRY_CIPHER_MODE_AESWRAP: if ((cipher->encrypt == dummy_encrypt_block) || (cipher->decrypt == dummy_decrypt_block)) err = GPG_ERR_INV_CIPHER_MODE; @@ -882,7 +888,10 @@ memcpy ((void *) ((char *) &c->context.c + c->cipher->contextsize), (void *) &c->context.c, c->cipher->contextsize); + c->marks.key = 1; } + else + c->marks.key = 0; return gcry_error (ret); } @@ -905,7 +914,11 @@ if (ivlen > c->cipher->blocksize) ivlen = c->cipher->blocksize; memcpy (c->u_iv.iv, iv, ivlen); + c->marks.iv = 1; } + else + c->marks.iv = 0; + c->unused = 0; } @@ -918,6 +931,7 @@ memcpy (&c->context.c, (char *) &c->context.c + c->cipher->contextsize, c->cipher->contextsize); + memset (&c->marks, 0, sizeof c->marks); memset (c->u_iv.iv, 0, c->cipher->blocksize); memset (c->lastiv, 0, c->cipher->blocksize); memset (c->ctr, 0, c->cipher->blocksize); @@ -1391,6 +1405,171 @@ } +/* Perform the AES-Wrap algorithm as specified by RFC3394. We + implement this as a mode usable with any cipher algorithm of + blocksize 128. */ +static gcry_err_code_t +do_aeswrap_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, + const byte *inbuf, unsigned int inbuflen ) +{ + int j, x; + unsigned int n, i; + unsigned char *r, *a, *b; + unsigned char t[8]; + +#if MAX_BLOCKSIZE < 8 +#error Invalid block size +#endif + /* We require a cipher with a 128 bit block length. */ + if (c->cipher->blocksize != 16) + return GPG_ERR_INV_LENGTH; + + /* The output buffer must be able to hold the input data plus one + additional block. */ + if (outbuflen < inbuflen + 8) + return GPG_ERR_BUFFER_TOO_SHORT; + /* Input data must be multiple of 64 bits. */ + if (inbuflen % 8) + return GPG_ERR_INV_ARG; + + n = inbuflen / 8; + + /* We need at least two 64 bit blocks. */ + if (n < 2) + return GPG_ERR_INV_ARG; + + r = outbuf; + a = outbuf; /* We store A directly in OUTBUF. */ + b = c->ctr; /* B is also used to concatenate stuff. */ + + /* If an IV has been set we use that IV as the Alternative Initial + Value; if it has not been set we use the standard value. */ + if (c->marks.iv) + memcpy (a, c->u_iv.iv, 8); + else + memset (a, 0xa6, 8); + + /* Copy the inbuf to the outbuf. */ + memmove (r+8, inbuf, inbuflen); + + memset (t, 0, sizeof t); /* t := 0. */ + + for (j = 0; j <= 5; j++) + { + for (i = 1; i <= n; i++) + { + /* B := AES_k( A | R[i] ) */ + memcpy (b, a, 8); + memcpy (b+8, r+i*8, 8); + c->cipher->encrypt (&c->context.c, b, b); + /* t := t + 1 */ + for (x = 7; x >= 0; x--) + { + t[x]++; + if (t[x]) + break; + } + /* A := MSB_64(B) ^ t */ + for (x=0; x < 8; x++) + a[x] = b[x] ^ t[x]; + /* R[i] := LSB_64(B) */ + memcpy (r+i*8, b+8, 8); + } + } + + return 0; +} + +/* Perform the AES-Unwrap algorithm as specified by RFC3394. We + implement this as a mode usable with any cipher algorithm of + blocksize 128. */ +static gcry_err_code_t +do_aeswrap_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, + const byte *inbuf, unsigned int inbuflen) +{ + int j, x; + unsigned int n, i; + unsigned char *r, *a, *b; + unsigned char t[8]; + +#if MAX_BLOCKSIZE < 8 +#error Invalid block size +#endif + /* We require a cipher with a 128 bit block length. */ + if (c->cipher->blocksize != 16) + return GPG_ERR_INV_LENGTH; + + /* The output buffer must be able to hold the input data minus one + additional block. Fixme: The caller has more restrictive checks + - we may want to fix them for this mode. */ + if (outbuflen + 8 < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + /* Input data must be multiple of 64 bits. */ + if (inbuflen % 8) + return GPG_ERR_INV_ARG; + + n = inbuflen / 8; + + /* We need at least three 64 bit blocks. */ + if (n < 3) + return GPG_ERR_INV_ARG; + + r = outbuf; + a = c->lastiv; /* We use c->LASTIV as buffer for A. */ + b = c->ctr; /* B is also used to concatenate stuff. */ + + /* Copy the inbuf to the outbuf and save A. */ + memcpy (a, inbuf, 8); + memmove (r, inbuf+8, inbuflen-8); + n--; /* Reduce to actual number of data blocks. */ + + /* t := 6 * n */ + i = n * 6; /* The range is valid because: n = inbuflen / 8 - 1. */ + for (x=0; x < 8 && x < sizeof (i); x++) + t[7-x] = i >> (8*x); + for (; x < 8; x++) + t[7-x] = 0; + + for (j = 5; j >= 0; j--) + { + for (i = n; i >= 1; i--) + { + /* B := AES_k^1( (A ^ t)| R[i] ) */ + for (x = 0; x < 8; x++) + b[x] = a[x] ^ t[x]; + memcpy (b+8, r+(i-1)*8, 8); + c->cipher->decrypt (&c->context.c, b, b); + /* t := t - 1 */ + for (x = 7; x >= 0; x--) + { + t[x]--; + if (t[x] != 0xff) + break; + } + /* A := MSB_64(B) */ + memcpy (a, b, 8); + /* R[i] := LSB_64(B) */ + memcpy (r+(i-1)*8, b+8, 8); + } + } + + /* If an IV has been set we compare against this Alternative Initial + Value; if it has not been set we compare against the standard IV. */ + if (c->marks.iv) + j = memcmp (a, c->u_iv.iv, 8); + else + { + for (j=0, x=0; x < 8; x++) + if (a[x] != 0xa6) + { + j=1; + break; + } + } + return j? GPG_ERR_CHECKSUM : 0; +} + + /**************** * Encrypt INBUF to OUTBUF with the mode selected at open. * inbuf and outbuf may overlap or be the same. @@ -1461,8 +1640,19 @@ { gcry_err_code_t err; - if (!in) + if (h->mode == GCRY_CIPHER_MODE_AESWRAP) { + /* Hack to implement AESWRAP without touching the other modes. + The actual function has been taken from the current + development version which does all error checking in each + mode function. */ + if (!in) + err = do_aeswrap_encrypt (h, out, outsize, out, outsize); + else + err = do_aeswrap_encrypt (h, out, outsize, in, inlen); + } + else if (!in) + { /* Caller requested in-place encryption. */ /* Actually cipher_encrypt() does not need to know about it, but * we may change it in the future to get better performance. */ @@ -1556,8 +1746,19 @@ { gcry_err_code_t err = 0; - if (!in) + if (h->mode == GCRY_CIPHER_MODE_AESWRAP) { + /* Hack to implement AESWRAP without touching the other modes. + The actual function has been taken from the current + development version which does all error checking in each + mode function. */ + if (!in) + err = do_aeswrap_decrypt (h, out, outsize, out, outsize); + else + err = do_aeswrap_decrypt (h, out, outsize, in, inlen); + } + else if (!in) + { /* Caller requested in-place encryption. */ /* Actually cipher_encrypt() does not need to know about it, but * we may change it in the future to get better performance. */ Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/md.c =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/cipher/md.c 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/cipher/md.c 2010-07-13 14:25:01 UTC (rev 1437) @@ -87,6 +87,10 @@ #if USE_TIGER { &_gcry_digest_spec_tiger, &dummy_extra_spec, GCRY_MD_TIGER }, + { &_gcry_digest_spec_tiger1, + &dummy_extra_spec, GCRY_MD_TIGER1 }, + { &_gcry_digest_spec_tiger2, + &dummy_extra_spec, GCRY_MD_TIGER2 }, #endif #if USE_WHIRLPOOL { &_gcry_digest_spec_whirlpool, @@ -948,10 +952,13 @@ if (! algo) { - /* return the first algorithm */ - if (r && r->next) - log_debug ("more than one algorithm in md_read(0)\n"); - return r->digest->read( &r->context.c ); + /* Return the first algorithm. */ + if (r) + { + if (r->next) + log_debug ("more than one algorithm in md_read(0)\n"); + return r->digest->read( &r->context.c ); + } } else { Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/tiger.c =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/cipher/tiger.c 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/cipher/tiger.c 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,5 +1,5 @@ /* tiger.c - The TIGER hash function - * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc. + * Copyright (C) 1998, 2001, 2002, 2003, 2010 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -14,10 +14,11 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see . */ +/* See http://www.cs.technion.ac.il/~biham/Reports/Tiger/ */ + #include #include #include @@ -37,6 +38,7 @@ byte buf[64]; int count; u32 nblocks; + int variant; /* 0 = old code, 1 = fixed code, 2 - TIGER2. */ } TIGER_CONTEXT; @@ -588,7 +590,7 @@ }; static void -tiger_init( void *context ) +do_init (void *context, int variant) { TIGER_CONTEXT *hd = context; @@ -597,9 +599,28 @@ hd->c = 0xf096a5b4c3b2e187LL; hd->nblocks = 0; hd->count = 0; + hd->variant = variant; } static void +tiger_init( void *context ) +{ + do_init (context, 0); +} + +static void +tiger1_init( void *context ) +{ + do_init (context, 1); +} + +static void +tiger2_init( void *context ) +{ + do_init (context, 2); +} + +static void tiger_round( u64 *ra, u64 *rb, u64 *rc, u64 x, int mul ) { u64 a = *ra; @@ -763,6 +784,7 @@ TIGER_CONTEXT *hd = context; u32 t, msb, lsb; byte *p; + byte pad = hd->variant == 2? 0x80 : 0x01; tiger_write(hd, NULL, 0); /* flush */; @@ -782,13 +804,13 @@ if( hd->count < 56 ) /* enough room */ { - hd->buf[hd->count++] = 0x01; /* pad */ + hd->buf[hd->count++] = pad; while( hd->count < 56 ) hd->buf[hd->count++] = 0; /* pad */ } else /* need one extra block */ { - hd->buf[hd->count++] = 0x01; /* pad character */ + hd->buf[hd->count++] = pad; while( hd->count < 64 ) hd->buf[hd->count++] = 0; tiger_write(hd, NULL, 0); /* flush */; @@ -815,10 +837,24 @@ *p++ = hd->a >> 24; *p++ = hd->a >> 16; \ *p++ = hd->a >> 8; *p++ = hd->a; } while(0) #endif - X(a); - X(b); - X(c); +#define Y(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \ + *p++ = hd->a >> 16; *p++ = hd->a >> 24; \ + *p++ = hd->a >> 32; *p++ = hd->a >> 40; \ + *p++ = hd->a >> 48; *p++ = hd->a >> 56; } while(0) + if (hd->variant == 0) + { + X(a); + X(b); + X(c); + } + else + { + Y(a); + Y(b); + Y(c); + } #undef X +#undef Y } static byte * @@ -829,23 +865,49 @@ return hd->buf; } -static byte asn[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */ + +/* This is the old TIGER variant based on the unfixed reference + implementation. It was used in GnuPG up to 1.3.2. We don't provide + an OID anymore because that would not be correct. */ +gcry_md_spec_t _gcry_digest_spec_tiger = + { + "TIGER192", NULL, 0, NULL, 24, + tiger_init, tiger_write, tiger_final, tiger_read, + sizeof (TIGER_CONTEXT) + }; + + + +/* This is the fixed TIGER implementation. */ +static byte asn1[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */ { 0x30, 0x29, 0x30, 0x0d, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0c, 0x02, 0x05, 0x00, 0x04, 0x18 }; -static gcry_md_oid_spec_t oid_spec_tiger[] = +static gcry_md_oid_spec_t oid_spec_tiger1[] = { /* GNU.digestAlgorithm TIGER */ { "1.3.6.1.4.1.11591.12.2" }, { NULL } }; -gcry_md_spec_t _gcry_digest_spec_tiger = +gcry_md_spec_t _gcry_digest_spec_tiger1 = { - "TIGER192", asn, DIM (asn), oid_spec_tiger, 24, - tiger_init, tiger_write, tiger_final, tiger_read, + "TIGER", asn1, DIM (asn1), oid_spec_tiger1, 24, + tiger1_init, tiger_write, tiger_final, tiger_read, sizeof (TIGER_CONTEXT) }; + + +/* This is TIGER2 which uses a changed padding algorithm. */ +gcry_md_spec_t _gcry_digest_spec_tiger2 = + { + "TIGER2", NULL, 0, NULL, 24, + tiger2_init, tiger_write, tiger_final, tiger_read, + sizeof (TIGER_CONTEXT) + }; + + + #endif /* HAVE_U64_TYPEDEF */ Modified: branches/LIBGCRYPT-1-4-BRANCH/configure.ac =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/configure.ac 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/configure.ac 2010-07-13 14:25:01 UTC (rev 1437) @@ -26,7 +26,7 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.4.5]) +m4_define([my_version], [1.4.6]) m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ @@ -38,9 +38,9 @@ # (Interfaces removed: CURRENT++, AGE=0, REVISION=0) # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) -LIBGCRYPT_LT_CURRENT=16 -LIBGCRYPT_LT_AGE=5 -LIBGCRYPT_LT_REVISION=3 +LIBGCRYPT_LT_CURRENT=17 +LIBGCRYPT_LT_AGE=7 +LIBGCRYPT_LT_REVISION=0 # If the API is changed in an incompatible way: increment the next counter. Modified: branches/LIBGCRYPT-1-4-BRANCH/doc/announce.txt =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/doc/announce.txt 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/doc/announce.txt 2010-07-13 14:25:01 UTC (rev 1437) @@ -5,70 +5,63 @@ Hello! The GNU project is pleased to announce the availability of Libgcrypt -version 1.4.3. +version 1.4.5. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough -understanding of applied cryptography is required to use Libgcrypt. +understanding of applied cryptography is required to use Libgcrypt. -Noteworthy changes in version 1.4.3: +Noteworthy changes in version 1.4.5: - * Try to auto-initialize Libgcrypt to minimize the effect of - applications not doing that correctly. This is not a perfect - solution but given that many applicationion would totally fail - without such a hack, we try to help at least with the most common - cases. Folks, please read the manual to learn how to properly - initialize Libgcrypt! + * Fixed minor memory leak in DSA key generation. - * Auto-initialize the secure memory to 32k instead of aborting the - process. + * No more switching to FIPS mode if /proc/version is not readable. - * Log fatal errors via syslog. + * Fixed a sigill during Padlock detection on old CPUs. - * Changed the name and the semantics of the fips mode config file. + * Fixed a hang on some W2000 machines. - * Add convenience macro gcry_fips_mode_active. + * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; + SHA-256 went up by 25%. - * More self-tests. - * Documentation cleanups. - - Source code is hosted at the GnuPG FTP server and its mirrors as -listed at http://www.gnupg.org/download/mirrors.html . On the primary -server the source file and its digital signatures is: +listed at . On the +primary server the source file and its digital signature is: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2 (1062k) - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2.sig + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.bz2 (1121k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz (1325k) - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz.sig + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.gz (1386k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.gz.sig -Alternativley you may upgrade version 1.4.2 using this patch file: +Alternativley you may upgrade version 1.4.4 using this patch file: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2-1.4.3.diff.bz2 (42k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.4-1.4.5.diff.bz2 (93k) The SHA-1 checksums are: -bdc67c1fdcec464a94dca691615f2335a12db5ce libgcrypt-1.4.3.tar.bz2 -3d9d583501ce951596fa7dd3667afd357ac7d056 libgcrypt-1.4.3.tar.gz -e28b74c5824364e20ae7f147f1b89925f5426669 libgcrypt-1.4.2-1.4.3.diff.bz2 +ef7ecbd3a03a7978094366bcd1257b3654608d28 libgcrypt-1.4.5.tar.bz2 +8d83a60ca55f2ea40b5d5bc99463905b7a1dcb56 libgcrypt-1.4.5.tar.gz +5307e361da5232cd771c300adddc69e57f0e366d libgcrypt-1.4.4-1.4.5.diff.bz2 For help on developing with Libgcrypt you should read the included -manual and optional ask on the gcrypt-devel mailing list [1]. +manual and optional ask on the gcrypt-devel mailing list [1]. Note +that this version is from the stable branch; the current development +version is available at . Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [2], order extensions or support or more general by donating money to the Free -Software movement [3]. +Software movement (e.g. ). -Commercial support contracts for Libgcrypt are available [4], and they +Commercial support contracts for Libgcrypt are available [3], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company, is currently funding Libgcrypt development. We are always looking for interesting development projects. @@ -83,9 +76,6 @@ - -[1] See http://www.gnupg.org/documentation/mailing-lists.html . +[1] See . [2] Note that copyright assignments to the FSF are required. -[3] For example see http://donate.fsf.org . -[4] See the service directory at http://www.gnupg.org/service.html . - +[3] See the service directory at . Modified: branches/LIBGCRYPT-1-4-BRANCH/src/cipher.h =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/src/cipher.h 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/src/cipher.h 2010-07-13 14:25:01 UTC (rev 1437) @@ -114,6 +114,8 @@ extern gcry_md_spec_t _gcry_digest_spec_sha512; extern gcry_md_spec_t _gcry_digest_spec_sha384; extern gcry_md_spec_t _gcry_digest_spec_tiger; +extern gcry_md_spec_t _gcry_digest_spec_tiger1; +extern gcry_md_spec_t _gcry_digest_spec_tiger2; extern gcry_md_spec_t _gcry_digest_spec_whirlpool; extern md_extra_spec_t _gcry_digest_extraspec_sha1; Modified: branches/LIBGCRYPT-1-4-BRANCH/src/gcrypt.h.in =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/src/gcrypt.h.in 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/src/gcrypt.h.in 2010-07-13 14:25:01 UTC (rev 1437) @@ -1,6 +1,6 @@ /* gcrypt.h - GNU Cryptographic Library Interface -*- c -*- Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006 - 2007, 2008, 2009 Free Software Foundation, Inc. + 2007, 2008, 2009, 2010 Free Software Foundation, Inc. This file is part of Libgcrypt. @@ -33,13 +33,18 @@ #if defined _WIN32 || defined __WIN32__ # include # include +# include +# ifndef __GNUC__ + typedef long ssize_t; + typedef int pid_t; +# endif /*!__GNUC__*/ #else # include +# include #endif /*!_WIN32*/ @FALLBACK_SOCKLEN_T@ -#include /* This is required for error code compatibility. */ #define _GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GCRYPT @@ -849,7 +854,8 @@ GCRY_CIPHER_MODE_CBC = 3, /* Cipher block chaining. */ GCRY_CIPHER_MODE_STREAM = 4, /* Used with stream ciphers. */ GCRY_CIPHER_MODE_OFB = 5, /* Outer feedback. */ - GCRY_CIPHER_MODE_CTR = 6 /* Counter. */ + GCRY_CIPHER_MODE_CTR = 6, /* Counter. */ + GCRY_CIPHER_MODE_AESWRAP= 7 /* AES-WRAP algorithm. */ }; /* Flags used with the open function. */ @@ -909,7 +915,7 @@ void *out, size_t outsize, const void *in, size_t inlen); -/* Set KEY of length KEYLEN for the cipher handle HD. */ +/* Set KEY of length KEYLEN bytes for the cipher handle HD. */ gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd, const void *key, size_t keylen); @@ -935,10 +941,10 @@ gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen); -/* Retrieved the key length used with algorithm A. */ +/* Retrieved the key length in bytes used with algorithm A. */ size_t gcry_cipher_get_algo_keylen (int algo); -/* Retrieve the block length used with algorithm A. */ +/* Retrieve the block length in bytes used with algorithm A. */ size_t gcry_cipher_get_algo_blklen (int algo); /* Return 0 if the algorithm A is available for use. */ @@ -1059,7 +1065,7 @@ GCRY_MD_SHA1 = 2, GCRY_MD_RMD160 = 3, GCRY_MD_MD2 = 5, - GCRY_MD_TIGER = 6, /* TIGER/192. */ + GCRY_MD_TIGER = 6, /* TIGER/192 as used by GnuPG <= 1.3.2. */ GCRY_MD_HAVAL = 7, /* HAVAL, 5 pass, 160 bit. */ GCRY_MD_SHA256 = 8, GCRY_MD_SHA384 = 9, @@ -1069,7 +1075,9 @@ GCRY_MD_CRC32 = 302, GCRY_MD_CRC32_RFC1510 = 303, GCRY_MD_CRC24_RFC2440 = 304, - GCRY_MD_WHIRLPOOL = 305 + GCRY_MD_WHIRLPOOL = 305, + GCRY_MD_TIGER1 = 306, /* TIGER (fixed). */ + GCRY_MD_TIGER2 = 307 /* TIGER2 variant. */ }; /* Flags used with the open function. */ @@ -1174,7 +1182,7 @@ int gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE; /* For use with the HMAC feature, the set MAC key to the KEY of - KEYLEN. */ + KEYLEN bytes. */ gcry_error_t gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen); /* Start or stop debugging for digest handle HD; i.e. create a file Modified: branches/LIBGCRYPT-1-4-BRANCH/tests/Makefile.am =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/tests/Makefile.am 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/tests/Makefile.am 2010-07-13 14:25:01 UTC (rev 1437) @@ -19,7 +19,7 @@ ## Process this file with automake to produce Makefile.in TESTS = version t-mpi-bit prime register ac ac-schemes ac-data basic \ - mpitests tsexp keygen pubkey hmac keygrip fips186-dsa + mpitests tsexp keygen pubkey hmac keygrip fips186-dsa aeswrap # random.c uses fork() thus a test for W32 does not make any sense. Added: branches/LIBGCRYPT-1-4-BRANCH/tests/aeswrap.c =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/tests/aeswrap.c (rev 0) +++ branches/LIBGCRYPT-1-4-BRANCH/tests/aeswrap.c 2010-07-13 14:25:01 UTC (rev 1437) @@ -0,0 +1,259 @@ +/* aeswrap.c - AESWRAP mode regression tests + * Copyright (C) 2009 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include + +#include "../src/gcrypt.h" + +static int verbose; +static int error_count; + +static void +fail (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + error_count++; +} + +static void +die (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + exit (1); +} + + + +static void +check (int algo, + const void *kek, size_t keklen, + const void *data, size_t datalen, + const void *expected, size_t expectedlen) +{ + gcry_error_t err; + gcry_cipher_hd_t hd; + unsigned char outbuf[32+8]; + size_t outbuflen; + + err = gcry_cipher_open (&hd, algo, GCRY_CIPHER_MODE_AESWRAP, 0); + if (err) + { + fail ("gcry_cipher_open failed: %s\n", gpg_strerror (err)); + return; + } + + err = gcry_cipher_setkey (hd, kek, keklen); + if (err) + { + fail ("gcry_cipher_setkey failed: %s\n", gpg_strerror (err)); + return; + } + + outbuflen = datalen + 8; + if (outbuflen > sizeof outbuf) + err = gpg_error (GPG_ERR_INTERNAL); + else + err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, datalen); + if (err) + { + fail ("gcry_cipher_encrypt failed: %s\n", gpg_strerror (err)); + return; + } + + if (outbuflen != expectedlen || memcmp (outbuf, expected, expectedlen)) + { + const unsigned char *s; + int i; + + fail ("mismatch at encryption!\n"); + fprintf (stderr, "computed: "); + for (i = 0; i < outbuflen; i++) + fprintf (stderr, "%02x ", outbuf[i]); + fprintf (stderr, "\nexpected: "); + for (s = expected, i = 0; i < expectedlen; s++, i++) + fprintf (stderr, "%02x ", *s); + putc ('\n', stderr); + } + + + outbuflen = expectedlen - 8; + if (outbuflen > sizeof outbuf) + err = gpg_error (GPG_ERR_INTERNAL); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen); + if (err) + { + fail ("gcry_cipher_decrypt failed: %s\n", gpg_strerror (err)); + return; + } + + if (outbuflen != datalen || memcmp (outbuf, data, datalen)) + { + const unsigned char *s; + int i; + + fail ("mismatch at decryption!\n"); + fprintf (stderr, "computed: "); + for (i = 0; i < outbuflen; i++) + fprintf (stderr, "%02x ", outbuf[i]); + fprintf (stderr, "\nexpected: "); + for (s = data, i = 0; i < datalen; s++, i++) + fprintf (stderr, "%02x ", *s); + putc ('\n', stderr); + } + + /* Now the last step again with a key reset. */ + gcry_cipher_reset (hd); + + outbuflen = expectedlen - 8; + if (outbuflen > sizeof outbuf) + err = gpg_error (GPG_ERR_INTERNAL); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen); + if (err) + { + fail ("gcry_cipher_decrypt(2) failed: %s\n", gpg_strerror (err)); + return; + } + + if (outbuflen != datalen || memcmp (outbuf, data, datalen)) + fail ("mismatch at decryption(2)!\n"); + + /* And once ore without a key reset. */ + outbuflen = expectedlen - 8; + if (outbuflen > sizeof outbuf) + err = gpg_error (GPG_ERR_INTERNAL); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen); + if (err) + { + fail ("gcry_cipher_decrypt(3) failed: %s\n", gpg_strerror (err)); + return; + } + + if (outbuflen != datalen || memcmp (outbuf, data, datalen)) + fail ("mismatch at decryption(3)!\n"); + + gcry_cipher_close (hd); +} + + +static void +check_all (void) +{ + if (verbose) + fprintf (stderr, "4.1 Wrap 128 bits of Key Data with a 128-bit KEK\n"); + check + (GCRY_CIPHER_AES128, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 16, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", 16, + "\x1F\xA6\x8B\x0A\x81\x12\xB4\x47\xAE\xF3\x4B\xD8\xFB\x5A\x7B\x82" + "\x9D\x3E\x86\x23\x71\xD2\xCF\xE5", 24); + + if (verbose) + fprintf (stderr, "4.2 Wrap 128 bits of Key Data with a 192-bit KEK\n"); + check + (GCRY_CIPHER_AES192, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17", 24, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", 16, + "\x96\x77\x8B\x25\xAE\x6C\xA4\x35\xF9\x2B\x5B\x97\xC0\x50\xAE\xD2" + "\x46\x8A\xB8\xA1\x7A\xD8\x4E\x5D", 24); + + if (verbose) + fprintf (stderr, "4.3 Wrap 128 bits of Key Data with a 256-bit KEK\n"); + check + (GCRY_CIPHER_AES256, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", 32, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF", 16, + "\x64\xE8\xC3\xF9\xCE\x0F\x5B\xA2\x63\xE9\x77\x79\x05\x81\x8A\x2A" + "\x93\xC8\x19\x1E\x7D\x6E\x8A\xE7", 24); + + if (verbose) + fprintf (stderr, "4.4 Wrap 192 bits of Key Data with a 192-bit KEK\n"); + check + (GCRY_CIPHER_AES192, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17", 24, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + "\x00\x01\x02\x03\x04\x05\x06\x07", 24, + "\x03\x1D\x33\x26\x4E\x15\xD3\x32\x68\xF2\x4E\xC2\x60\x74\x3E\xDC" + "\xE1\xC6\xC7\xDD\xEE\x72\x5A\x93\x6B\xA8\x14\x91\x5C\x67\x62\xD2", 32); + + if (verbose) + fprintf (stderr, "4.5 Wrap 192 bits of Key Data with a 256-bit KEK\n"); + check + (GCRY_CIPHER_AES256, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", 32, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + "\x00\x01\x02\x03\x04\x05\x06\x07", 24, + "\xA8\xF9\xBC\x16\x12\xC6\x8B\x3F\xF6\xE6\xF4\xFB\xE3\x0E\x71\xE4" + "\x76\x9C\x8B\x80\xA3\x2C\xB8\x95\x8C\xD5\xD1\x7D\x6B\x25\x4D\xA1", 32); + + if (verbose) + fprintf (stderr, "4.6 Wrap 256 bits of Key Data with a 256-bit KEK\n"); + check + (GCRY_CIPHER_AES, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", 32, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF" + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 32, + "\x28\xC9\xF4\x04\xC4\xB8\x10\xF4\xCB\xCC\xB3\x5C\xFB\x87\xF8\x26" + "\x3F\x57\x86\xE2\xD8\x0E\xD3\x26\xCB\xC7\xF0\xE7\x1A\x99\xF4\x3B" + "\xFB\x98\x8B\x9B\x7A\x02\xDD\x21", 40); +} + +int +main (int argc, char **argv) +{ + int debug = 0; + + if (argc > 1 && !strcmp (argv[1], "--verbose")) + verbose = 1; + else if (argc > 1 && !strcmp (argv[1], "--debug")) + verbose = debug = 1; + + if (!gcry_check_version (GCRYPT_VERSION)) + die ("version mismatch\n"); + + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + check_all (); + + return error_count ? 1 : 0; +} Modified: branches/LIBGCRYPT-1-4-BRANCH/tests/basic.c =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/tests/basic.c 2010-07-09 08:21:44 UTC (rev 1436) +++ branches/LIBGCRYPT-1-4-BRANCH/tests/basic.c 2010-07-13 14:25:01 UTC (rev 1437) @@ -1280,6 +1280,74 @@ "TUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", "\x00\xB8\x3E\xB4\xE5\x34\x40\xC5\x76\xAC\x6A\xAE" "\xE0\xA7\x48\x58\x25\xFD\x15\xE7\x0A\x59\xFF\xE4" }, + + { GCRY_MD_TIGER1, "", + "\x32\x93\xAC\x63\x0C\x13\xF0\x24\x5F\x92\xBB\xB1" + "\x76\x6E\x16\x16\x7A\x4E\x58\x49\x2D\xDE\x73\xF3" }, + { GCRY_MD_TIGER1, "a", + "\x77\xBE\xFB\xEF\x2E\x7E\xF8\xAB\x2E\xC8\xF9\x3B" + "\xF5\x87\xA7\xFC\x61\x3E\x24\x7F\x5F\x24\x78\x09" }, + { GCRY_MD_TIGER1, "abc", + "\x2A\xAB\x14\x84\xE8\xC1\x58\xF2\xBF\xB8\xC5\xFF" + "\x41\xB5\x7A\x52\x51\x29\x13\x1C\x95\x7B\x5F\x93" }, + { GCRY_MD_TIGER1, "message digest", + "\xD9\x81\xF8\xCB\x78\x20\x1A\x95\x0D\xCF\x30\x48" + "\x75\x1E\x44\x1C\x51\x7F\xCA\x1A\xA5\x5A\x29\xF6" }, + { GCRY_MD_TIGER1, "abcdefghijklmnopqrstuvwxyz", + "\x17\x14\xA4\x72\xEE\xE5\x7D\x30\x04\x04\x12\xBF" + "\xCC\x55\x03\x2A\x0B\x11\x60\x2F\xF3\x7B\xEE\xE9" }, + { GCRY_MD_TIGER1, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "\x0F\x7B\xF9\xA1\x9B\x9C\x58\xF2\xB7\x61\x0D\xF7" + "\xE8\x4F\x0A\xC3\xA7\x1C\x63\x1E\x7B\x53\xF7\x8E" }, + { GCRY_MD_TIGER1, + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" "0123456789", + "\x8D\xCE\xA6\x80\xA1\x75\x83\xEE\x50\x2B\xA3\x8A" + "\x3C\x36\x86\x51\x89\x0F\xFB\xCC\xDC\x49\xA8\xCC" }, + { GCRY_MD_TIGER1, + "1234567890" "1234567890" "1234567890" "1234567890" + "1234567890" "1234567890" "1234567890" "1234567890", + "\x1C\x14\x79\x55\x29\xFD\x9F\x20\x7A\x95\x8F\x84" + "\xC5\x2F\x11\xE8\x87\xFA\x0C\xAB\xDF\xD9\x1B\xFD" }, + { GCRY_MD_TIGER1, "!", + "\x6D\xB0\xE2\x72\x9C\xBE\xAD\x93\xD7\x15\xC6\xA7" + "\xD3\x63\x02\xE9\xB3\xCE\xE0\xD2\xBC\x31\x4B\x41" }, + + { GCRY_MD_TIGER2, "", + "\x44\x41\xBE\x75\xF6\x01\x87\x73\xC2\x06\xC2\x27" + "\x45\x37\x4B\x92\x4A\xA8\x31\x3F\xEF\x91\x9F\x41" }, + { GCRY_MD_TIGER2, "a", + "\x67\xE6\xAE\x8E\x9E\x96\x89\x99\xF7\x0A\x23\xE7" + "\x2A\xEA\xA9\x25\x1C\xBC\x7C\x78\xA7\x91\x66\x36" }, + { GCRY_MD_TIGER2, "abc", + "\xF6\x8D\x7B\xC5\xAF\x4B\x43\xA0\x6E\x04\x8D\x78" + "\x29\x56\x0D\x4A\x94\x15\x65\x8B\xB0\xB1\xF3\xBF" }, + { GCRY_MD_TIGER2, "message digest", + "\xE2\x94\x19\xA1\xB5\xFA\x25\x9D\xE8\x00\x5E\x7D" + "\xE7\x50\x78\xEA\x81\xA5\x42\xEF\x25\x52\x46\x2D" }, + { GCRY_MD_TIGER2, "abcdefghijklmnopqrstuvwxyz", + "\xF5\xB6\xB6\xA7\x8C\x40\x5C\x85\x47\xE9\x1C\xD8" + "\x62\x4C\xB8\xBE\x83\xFC\x80\x4A\x47\x44\x88\xFD" }, + { GCRY_MD_TIGER2, + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "\xA6\x73\x7F\x39\x97\xE8\xFB\xB6\x3D\x20\xD2\xDF" + "\x88\xF8\x63\x76\xB5\xFE\x2D\x5C\xE3\x66\x46\xA9" }, + { GCRY_MD_TIGER2, + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" "0123456789", + "\xEA\x9A\xB6\x22\x8C\xEE\x7B\x51\xB7\x75\x44\xFC" + "\xA6\x06\x6C\x8C\xBB\x5B\xBA\xE6\x31\x95\x05\xCD" }, + { GCRY_MD_TIGER2, + "1234567890" "1234567890" "1234567890" "1234567890" + "1234567890" "1234567890" "1234567890" "1234567890", + "\xD8\x52\x78\x11\x53\x29\xEB\xAA\x0E\xEC\x85\xEC" + "\xDC\x53\x96\xFD\xA8\xAA\x3A\x58\x20\x94\x2F\xFF" }, + { GCRY_MD_TIGER2, "!", + "\xE0\x68\x28\x1F\x06\x0F\x55\x16\x28\xCC\x57\x15" + "\xB9\xD0\x22\x67\x96\x91\x4D\x45\xF7\x71\x7C\xF4" }, + + { GCRY_MD_WHIRLPOOL, "", "\x19\xFA\x61\xD7\x55\x22\xA4\x66\x9B\x44\xE3\x9C\x1D\x2E\x17\x26" "\xC5\x30\x23\x21\x30\xD4\x07\xF8\x9A\xFE\xE0\x96\x49\x97\xF7\xA7" From cvs at cvs.gnupg.org Tue Jul 13 17:41:50 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 13 Jul 2010 17:41:50 +0200 Subject: [svn] gcry - r1438 - branches/LIBGCRYPT-1-4-BRANCH Message-ID: Author: wk Date: 2010-07-13 17:41:49 +0200 (Tue, 13 Jul 2010) New Revision: 1438 Modified: branches/LIBGCRYPT-1-4-BRANCH/configure.ac Log: Fix LT version Modified: branches/LIBGCRYPT-1-4-BRANCH/configure.ac =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/configure.ac 2010-07-13 14:25:01 UTC (rev 1437) +++ branches/LIBGCRYPT-1-4-BRANCH/configure.ac 2010-07-13 15:41:49 UTC (rev 1438) @@ -39,7 +39,7 @@ # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=17 -LIBGCRYPT_LT_AGE=7 +LIBGCRYPT_LT_AGE=6 LIBGCRYPT_LT_REVISION=0 From cvs at cvs.gnupg.org Tue Jul 13 18:04:24 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 13 Jul 2010 18:04:24 +0200 Subject: [svn] gcry - r1439 - tags Message-ID: Author: wk Date: 2010-07-13 18:04:24 +0200 (Tue, 13 Jul 2010) New Revision: 1439 Added: tags/libgcrypt-1.4.6/ Log: Release tag. From cvs at cvs.gnupg.org Thu Jul 15 19:53:04 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 15 Jul 2010 19:53:04 +0200 Subject: [svn] ksba - r318 - in trunk: . src tests Message-ID: Author: wk Date: 2010-07-15 19:53:02 +0200 (Thu, 15 Jul 2010) New Revision: 318 Modified: trunk/NEWS trunk/src/ChangeLog trunk/src/ber-decoder.c trunk/src/ber-decoder.h trunk/src/cert.c trunk/src/cms-parser.c trunk/src/crl.c trunk/src/dn.c trunk/tests/ChangeLog trunk/tests/t-cms-parser.c Log: Fixed parsing bug. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/src/ChangeLog 2010-07-15 17:53:02 UTC (rev 318) @@ -1,3 +1,13 @@ +2010-07-15 Werner Koch + + * cms-parser.c (create_and_run_decoder): Add arg flags. + (_ksba_cms_parse_enveloped_data_part_1): Handle NDEF recipientInfo + sets. + + * ber-decoder.h (BER_DECODER_FLAG_FAST_STOP): New. + * ber-decoder.c (_ksba_ber_decoder_decode): Add arg FLAGS. + (decoder_next): Implement fast stop hack. + 2010-05-06 Werner Koch * gen-help.c, gen-help.h: New. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/tests/ChangeLog 2010-07-15 17:53:02 UTC (rev 318) @@ -1,3 +1,8 @@ +2010-07-15 Werner Koch + + * t-cms-parser.c (dummy_writer_cb): New. + (one_file): Use the dummy writer. + 2010-01-22 Werner Koch * cert-basic.c (getenv) [__MINGW32CE__]: Add dummy. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/NEWS 2010-07-15 17:53:02 UTC (rev 318) @@ -3,9 +3,11 @@ * Support for WindowsCE. - * Builds cleaning from SVN even when cross-compiling. + * Builds cleanly from SVN even when cross-compiling. + * Fixed a CMS parsing bug exhibited by Lotus Notes. + Noteworthy changes in version 1.0.7 (2009-07-03) ------------------------------------------------ Modified: trunk/src/ber-decoder.c =================================================================== --- trunk/src/ber-decoder.c 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/src/ber-decoder.c 2010-07-15 17:53:02 UTC (rev 318) @@ -68,10 +68,11 @@ use a hack to ignore this garbage. This hack is enabled for data starting with a fixed length sequence and this variable takes the length of this sequence. If it is 0, the hack is not - acticated. */ + activated. */ unsigned long outer_sequence_length; - int ignore_garbage; /* Set to indicate that garpage should be + int ignore_garbage; /* Set to indicate that garbage should be ignored. */ + int fast_stop; /* Yet another hack. */ int first_tag_seen; /* Indicates whether the first tag of a decoder run has been read. */ @@ -596,7 +597,7 @@ if (ds->cur.node->flags.in_array) fputs (" This is in an array!\n", stderr); if (ds->cur.went_up) - fputs (" And we going up!\n", stderr); + fputs (" And we are going up!\n", stderr); } ds->cur.in_seq_of = 0; @@ -772,6 +773,19 @@ DECODER_STATE ds = d->ds; int debug = d->debug; + if (d->ignore_garbage && d->fast_stop) + { + /* I am not anymore sure why we have this ignore_garbage + machinery: The whole decoder needs and overhaul; it seems not + to honor the length specification and runs for longer than + expected. + + This here is another hack to not eat up an end tag - this is + required in in some cases and in theory should be used always + but we want to avoid any regression, thus this flag. */ + return gpg_error (GPG_ERR_EOF); + } + err = _ksba_ber_read_tl (d->reader, &ti); if (err) { @@ -1112,6 +1126,7 @@ gpg_error_t _ksba_ber_decoder_decode (BerDecoder d, const char *start_name, + unsigned int flags, AsnNode *r_root, unsigned char **r_image, size_t *r_imagelen) { @@ -1135,6 +1150,7 @@ d->honor_module_end = 1; d->use_image = 1; d->image.buf = NULL; + d->fast_stop = !!(flags & BER_DECODER_FLAG_FAST_STOP); startoff = ksba_reader_tell (d->reader); Modified: trunk/src/ber-decoder.h =================================================================== --- trunk/src/ber-decoder.h 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/src/ber-decoder.h 2010-07-15 17:53:02 UTC (rev 318) @@ -33,10 +33,12 @@ gpg_error_t _ksba_ber_decoder_dump (BerDecoder d, FILE *fp); gpg_error_t _ksba_ber_decoder_decode (BerDecoder d, const char *start_name, + unsigned int flags, AsnNode *r_root, unsigned char **r_image, size_t *r_imagelen); +#define BER_DECODER_FLAG_FAST_STOP 1 #endif /*BER_DECODER_H*/ Modified: trunk/src/cert.c =================================================================== --- trunk/src/cert.c 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/src/cert.c 2010-07-15 17:53:02 UTC (rev 318) @@ -288,7 +288,7 @@ if (err) goto leave; - err = _ksba_ber_decoder_decode (decoder, "TMTTv2.Certificate", + err = _ksba_ber_decoder_decode (decoder, "TMTTv2.Certificate", 0, &cert->root, &cert->image, &cert->imagelen); if (!err) cert->initialized = 1; Modified: trunk/src/cms-parser.c =================================================================== --- trunk/src/cms-parser.c 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/src/cms-parser.c 2010-07-15 17:53:02 UTC (rev 318) @@ -71,6 +71,7 @@ /* Create a new decoder and run it for the given element */ static gpg_error_t create_and_run_decoder (ksba_reader_t reader, const char *elem_name, + unsigned int flags, AsnNode *r_root, unsigned char **r_image, size_t *r_imagelen) { @@ -105,7 +106,7 @@ return err; } - err = _ksba_ber_decoder_decode (decoder, elem_name, + err = _ksba_ber_decoder_decode (decoder, elem_name, flags, r_root, r_image, r_imagelen); _ksba_ber_decoder_release (decoder); @@ -335,7 +336,7 @@ return err; } - /* Note: the tag may eithe denote a constructed or a primitve + /* Note: the tag may either denote a constructed or a primitve object. Actually this should match the use of NDEF header but we don't ceck that */ if ( ti.class == CLASS_CONTEXT && ti.tag == 0 ) @@ -746,6 +747,7 @@ err = create_and_run_decoder (cms->reader, "CryptographicMessageSyntax.SignerInfo", + 0, &si->root, &si->image, &si->imagelen); /* The signerInfo might be an empty set in the case of a certs-only signature. Thus we have to allow for EOF here */ @@ -844,29 +846,74 @@ return gpg_error (GPG_ERR_INV_CMS_OBJ); vtend = &cms->recp_info; - while (ti.length) + if (ti.ndef) { - size_t off1, off2; + for (;;) + { + struct tag_info ti2; - off1 = ksba_reader_tell (cms->reader); - vt = xtrycalloc (1, sizeof *vt); - if (!vt) - return gpg_error (GPG_ERR_ENOMEM); + err = _ksba_ber_read_tl (cms->reader, &ti2); + if (err) + return err; - err = create_and_run_decoder (cms->reader, - "CryptographicMessageSyntax.KeyTransRecipientInfo", - &vt->root, &vt->image, &vt->imagelen); - if (err) - return err; + if (!ti2.class && !ti2.tag) + break; /* End tag found: ready. */ - *vtend = vt; - vtend = &vt->next; + /* Not an end tag: Push it back and run the decoder. */ + err = ksba_reader_unread (cms->reader, ti2.buf, ti2.nhdr); + if (err) + return err; + + vt = xtrycalloc (1, sizeof *vt); + if (!vt) + return gpg_error_from_syserror (); + + err = create_and_run_decoder + (cms->reader, + "CryptographicMessageSyntax.KeyTransRecipientInfo", + BER_DECODER_FLAG_FAST_STOP, + &vt->root, &vt->image, &vt->imagelen); + if (err) + { + xfree (vt); + return err; + } + + *vtend = vt; + vtend = &vt->next; + } + } + else + { + while (ti.length) + { + size_t off1, off2; + + off1 = ksba_reader_tell (cms->reader); + vt = xtrycalloc (1, sizeof *vt); + if (!vt) + return gpg_error_from_syserror (); + + err = create_and_run_decoder + (cms->reader, + "CryptographicMessageSyntax.KeyTransRecipientInfo", + 0, + &vt->root, &vt->image, &vt->imagelen); + if (err) + { + xfree (vt); + return err; + } + + *vtend = vt; + vtend = &vt->next; - off2 = ksba_reader_tell (cms->reader); - if ( (off2 - off1) > ti.length ) - ti.length = 0; - else - ti.length -= off2 - off1; + off2 = ksba_reader_tell (cms->reader); + if ( (off2 - off1) > ti.length ) + ti.length = 0; + else + ti.length -= off2 - off1; + } } /* Now for the encryptedContentInfo */ Modified: trunk/src/crl.c =================================================================== --- trunk/src/crl.c 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/src/crl.c 2010-07-15 17:53:02 UTC (rev 318) @@ -714,7 +714,7 @@ return err; } - err = _ksba_ber_decoder_decode (decoder, elem_name, + err = _ksba_ber_decoder_decode (decoder, elem_name, 0, r_root, r_image, r_imagelen); _ksba_ber_decoder_release (decoder); Modified: trunk/src/dn.c =================================================================== --- trunk/src/dn.c 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/src/dn.c 2010-07-15 17:53:02 UTC (rev 318) @@ -722,7 +722,7 @@ return err; } - err = _ksba_ber_decoder_decode (decoder, elem_name, + err = _ksba_ber_decoder_decode (decoder, elem_name, 0, r_root, r_image, r_imagelen); _ksba_ber_decoder_release (decoder); Modified: trunk/tests/t-cms-parser.c =================================================================== --- trunk/tests/t-cms-parser.c 2010-05-06 12:29:31 UTC (rev 317) +++ trunk/tests/t-cms-parser.c 2010-07-15 17:53:02 UTC (rev 318) @@ -36,13 +36,24 @@ (void)length; } +static int +dummy_writer_cb (void *cb_value, const void *buffer, size_t count) +{ + (void)cb_value; + (void)buffer; + (void)count; + return 0; +} + + static void one_file (const char *fname) { gpg_error_t err; FILE *fp; ksba_reader_t r; + ksba_writer_t w; ksba_cms_t cms; int i; const char *algoid; @@ -67,6 +78,13 @@ fail_if_err (err); err = ksba_reader_set_file (r, fp); fail_if_err (err); + /* Also create a writer so that cms.c won't return an error when + writing processed content. */ + err = ksba_writer_new (&w); + if (err) + fail_if_err (err); + err = ksba_writer_set_cb (w, dummy_writer_cb, NULL); + fail_if_err (err); switch (ksba_cms_identify (r)) { @@ -84,7 +102,7 @@ if (err) fail_if_err (err); - err = ksba_cms_set_reader_writer (cms, r, NULL); + err = ksba_cms_set_reader_writer (cms, r, w); fail_if_err (err); err = ksba_cms_parse (cms, &stopreason); From cvs at cvs.gnupg.org Thu Jul 15 20:21:24 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 15 Jul 2010 20:21:24 +0200 Subject: [svn] ksba - r319 - in trunk: . src Message-ID: Author: wk Date: 2010-07-15 20:21:24 +0200 (Thu, 15 Jul 2010) New Revision: 319 Modified: trunk/ChangeLog trunk/NEWS trunk/README trunk/configure.ac trunk/src/ksba.h Log: Prepare a release Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-07-15 17:53:02 UTC (rev 318) +++ trunk/ChangeLog 2010-07-15 18:21:24 UTC (rev 319) @@ -1,3 +1,9 @@ +2010-07-15 Werner Koch + + Release 1.0.8. + + * configure.ac: Bump LT version to C17/A9/R8. + 2010-01-22 Werner Koch * autogen.sh: Support --build-w32ce. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-07-15 17:53:02 UTC (rev 318) +++ trunk/NEWS 2010-07-15 18:21:24 UTC (rev 319) @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.0.8 (unreleased) +Noteworthy changes in version 1.0.8 (2010-07-15) ------------------------------------------------ * Support for WindowsCE. Modified: trunk/README =================================================================== --- trunk/README 2010-07-15 17:53:02 UTC (rev 318) +++ trunk/README 2010-07-15 18:21:24 UTC (rev 319) @@ -1,7 +1,7 @@ LIBKSBA --------- - Copyright 2001, 2006, 2007, 2008, 2009 g10 Code GmbH + Copyright 2001, 2006, 2007, 2008, 2009, 2010 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-07-15 17:53:02 UTC (rev 318) +++ trunk/configure.ac 2010-07-15 18:21:24 UTC (rev 319) @@ -25,7 +25,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.0.8]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -40,7 +40,7 @@ # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=17 LIBKSBA_LT_AGE=9 -LIBKSBA_LT_REVISION=7 +LIBKSBA_LT_REVISION=8 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 Modified: trunk/src/ksba.h =================================================================== --- trunk/src/ksba.h 2010-07-15 17:53:02 UTC (rev 318) +++ trunk/src/ksba.h 2010-07-15 18:21:24 UTC (rev 319) @@ -1,5 +1,5 @@ -/* ksba.h - X509 library for the Aegypten project - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 g10 Code GmbH +/* ksba.h - X.509 library used by GnuPG + * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2010 g10 Code GmbH * * This file is part of KSBA. * From cvs at cvs.gnupg.org Thu Jul 15 20:28:06 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 15 Jul 2010 20:28:06 +0200 Subject: [svn] ksba - r320 - tags Message-ID: Author: wk Date: 2010-07-15 20:28:05 +0200 (Thu, 15 Jul 2010) New Revision: 320 Added: tags/libksba-1.0.8/ Log: Release! From cvs at cvs.gnupg.org Thu Jul 15 20:29:51 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 15 Jul 2010 20:29:51 +0200 Subject: [svn] ksba - r321 - trunk Message-ID: Author: wk Date: 2010-07-15 20:29:50 +0200 (Thu, 15 Jul 2010) New Revision: 321 Modified: trunk/NEWS trunk/configure.ac Log: Post release updates Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-07-15 18:28:05 UTC (rev 320) +++ trunk/NEWS 2010-07-15 18:29:50 UTC (rev 321) @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.0.9 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.0.8 (2010-07-15) ------------------------------------------------ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-07-15 18:28:05 UTC (rev 320) +++ trunk/configure.ac 2010-07-15 18:29:50 UTC (rev 321) @@ -24,8 +24,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.0.8]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.0.9]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) From cvs at cvs.gnupg.org Fri Jul 16 15:19:48 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 16 Jul 2010 15:19:48 +0200 Subject: [svn] GnuPG - r5366 - in trunk: . common dirmngr doc scripts/gpg-w32-dev tools Message-ID: Author: wk Date: 2010-07-16 15:19:45 +0200 (Fri, 16 Jul 2010) New Revision: 5366 Added: trunk/dirmngr/dirmngr-err.h Removed: trunk/dirmngr/b64dec.c trunk/dirmngr/b64enc.c trunk/dirmngr/http.c trunk/dirmngr/http.h Modified: trunk/autogen.sh trunk/common/ChangeLog trunk/common/b64enc.c trunk/common/estream.c trunk/common/http.c trunk/common/http.h trunk/common/util.h trunk/dirmngr/ChangeLog trunk/dirmngr/Makefile.am trunk/dirmngr/cdblib.c trunk/dirmngr/certcache.c trunk/dirmngr/crlcache.c trunk/dirmngr/crlcache.h trunk/dirmngr/crlfetch.c trunk/dirmngr/dirmngr-client.c trunk/dirmngr/dirmngr.c trunk/dirmngr/dirmngr.h trunk/dirmngr/dirmngr_ldap.c trunk/dirmngr/ocsp.c trunk/dirmngr/server.c trunk/doc/gpg.texi trunk/scripts/gpg-w32-dev/GNUmakefile trunk/tools/ChangeLog trunk/tools/Makefile.am trunk/tools/gpgtar-create.c trunk/tools/gpgtar-extract.c trunk/tools/gpgtar-list.c trunk/tools/gpgtar.c trunk/tools/gpgtar.h Log: Some work on porting dirmngr (unfinished) Ported gpgtar to W32. [The diff below has been truncated] Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/common/ChangeLog 2010-07-16 13:19:45 UTC (rev 5366) @@ -1,3 +1,32 @@ +2010-07-16 Werner Koch + + * http.h (HTTP_FLAG_IGNORE_CL): Add flag . + * http.c (WITHOUT_GNU_PTH): Test macro for Pth support. + (http_parse_uri): s/xcalloc/xtrycalloc/. + (send_request): Replace of discrete allocation and sprintf by + xtryasprintf. + (http_wait_response): Replace HTTP_FLAG_NO_SHUTDOWN by + HTTP_FLAG_SHUTDOWN to change the default to no shutdown. + (cookie_read) [HAVE_PTH]: Use pth_read. + (longcounter_t): New. + (struct cookie_s): Add support for content length. Turn flag + fields into bit types. + (parse_response): Parse content length header. + (cookie_read): Take care of the content length. + +2010-07-08 Werner Koch + + * estream.c (estream_functions_file): Remove and replace by + identical estream_functions_fd. + +2010-07-06 Werner Koch + + * util.h (b64state): Add field STREAM. + * b64enc.c (b64enc_start): Factor code out to .. + (enc_start): new. + (b64enc_start_es, my_fputs): New. + (b64enc_write, b64enc_finish): Support estream. + 2010-06-24 Werner Koch * asshelp.c (lock_agent_spawning) [W32]: Use CreateMutexW. Modified: trunk/dirmngr/ChangeLog =================================================================== --- trunk/dirmngr/ChangeLog 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/dirmngr/ChangeLog 2010-07-16 13:19:45 UTC (rev 5366) @@ -1,3 +1,26 @@ +2010-07-16 Werner Koch + + * http.c, http.h: Remove. + + * dirmngr-err.h: New. + * dirmngr.h: Include dirmngr-err.h instead of gpg-error.h + + * cdblib.c: Replace assignments to ERRNO by a call to + gpg_err_set_errno. Include dirmngr-err.h. + (cdb_free) [__MINGW32CE__]: Do not use get_osfhandle. + + * dirmngr.c [!HAVE_SIGNAL_H]: Don't include signal.h. + (USE_W32_SERVICE): New. Use this to control the use of the W32 + service system. + +2010-07-06 Werner Koch + + * dirmngr.c (main): Print note on directory name changes. + + Replace almost all uses of stdio by estream. + + * b64dec.c, b64enc.c: Remove. They are duplicated in ../common/. + 2010-06-28 Werner Koch * dirmngr_ldap.c (my_i18n_init): Remove. Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/tools/ChangeLog 2010-07-16 13:19:45 UTC (rev 5366) @@ -1,3 +1,11 @@ +2010-07-16 Werner Koch + + * gpgtar-create.c: Rewrite to better support W32. + +2010-07-01 Werner Koch + + * gpgtar.c: Add option --set-filename. + 2010-06-24 Werner Koch * gpgconf-comp.c (gpg_agent_runtime_change) Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/autogen.sh 2010-07-16 13:19:45 UTC (rev 5366) @@ -103,13 +103,13 @@ w32root="$w32ce_root" [ -z "$w32root" ] && w32root="$HOME/w32ce_root" toolprefixes="$w32ce_toolprefixes arm-mingw32ce" - extraoptions="--disable-scdaemon --disable-zip --disable-ldap --disable-dirmngr $w32ce_extraoptions" + extraoptions="--disable-scdaemon --disable-zip $w32ce_extraoptions" ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" toolprefixes="$w32_toolprefixes i586-mingw32msvc" toolprefixes="$toolprefixes i386-mingw32msvc mingw32" - extraoptions="$w32_extraoptions" + extraoptions="--enable-gpgtar $w32_extraoptions" ;; esac echo "Using $w32root as standard install directory" >&2 Modified: trunk/common/b64enc.c =================================================================== --- trunk/common/b64enc.c 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/common/b64enc.c 2010-07-16 13:19:45 UTC (rev 5366) @@ -1,5 +1,5 @@ /* b64enc.c - Simple Base64 encoder. - * Copyright (C) 2001, 2003, 2004, 2008 Free Software Foundation, Inc. + * Copyright (C) 2001, 2003, 2004, 2008, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -136,20 +136,13 @@ }; -/* Prepare for base-64 writing to the stream FP. If TITLE is not NULL - and not an empty string, this string will be used as the title for - the armor lines, with TITLE being an empty string, we don't write - the header lines and furthermore even don't write any linefeeds. - If TITLE starts with "PGP " the OpenPGP CRC checksum will be - written as well. With TITLE beeing NULL, we merely don't write - header but make sure that lines are not too long. Note, that we - don't write any output unless at least one byte get written using - b64enc_write. */ -gpg_error_t -b64enc_start (struct b64state *state, FILE *fp, const char *title) +static gpg_error_t +enc_start (struct b64state *state, FILE *fp, estream_t stream, + const char *title) { memset (state, 0, sizeof *state); state->fp = fp; + state->stream = stream; if (title && !*title) state->flags |= B64ENC_NO_LINEFEEDS; else if (title) @@ -167,6 +160,39 @@ } +/* Prepare for base-64 writing to the stream FP. If TITLE is not NULL + and not an empty string, this string will be used as the title for + the armor lines, with TITLE being an empty string, we don't write + the header lines and furthermore even don't write any linefeeds. + If TITLE starts with "PGP " the OpenPGP CRC checksum will be + written as well. With TITLE beeing NULL, we merely don't write + header but make sure that lines are not too long. Note, that we + don't write any output unless at least one byte get written using + b64enc_write. */ +gpg_error_t +b64enc_start (struct b64state *state, FILE *fp, const char *title) +{ + return enc_start (state, fp, NULL, title); +} + +/* Same as b64enc_start but takes an estream. */ +gpg_error_t +b64enc_start_es (struct b64state *state, estream_t fp, const char *title) +{ + return enc_start (state, NULL, fp, title); +} + + +static int +my_fputs (const char *string, struct b64state *state) +{ + if (state->stream) + return es_fputs (string, state->stream); + else + return fputs (string, state->fp); +} + + /* Write NBYTES from BUFFER to the Base 64 stream identified by STATE. With BUFFER and NBYTES being 0, merely do a fflush on the stream. */ @@ -176,13 +202,13 @@ unsigned char radbuf[4]; int idx, quad_count; const unsigned char *p; - FILE *fp = state->fp; if (!nbytes) { - if (buffer && fflush (fp)) - goto write_error; + if (buffer) + if (state->stream? es_fflush (state->stream) : fflush (state->fp)) + goto write_error; return 0; } @@ -190,12 +216,12 @@ { if (state->title) { - if ( fputs ("-----BEGIN ", fp) == EOF - || fputs (state->title, fp) == EOF - || fputs ("-----\n", fp) == EOF) + if ( my_fputs ("-----BEGIN ", state) == EOF + || my_fputs (state->title, state) == EOF + || my_fputs ("-----\n", state) == EOF) goto write_error; if ( (state->flags & B64ENC_USE_PGPCRC) - && fputs ("\n", fp) == EOF) + && my_fputs ("\n", state) == EOF) goto write_error; } @@ -228,16 +254,27 @@ tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077]; tmp[2] = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077]; tmp[3] = bintoasc[radbuf[2]&077]; - for (idx=0; idx < 4; idx++) - putc (tmp[idx], fp); - idx = 0; - if (ferror (fp)) - goto write_error; + if (state->stream) + { + for (idx=0; idx < 4; idx++) + es_putc (tmp[idx], state->stream); + idx = 0; + if (es_ferror (state->stream)) + goto write_error; + } + else + { + for (idx=0; idx < 4; idx++) + putc (tmp[idx], state->fp); + idx = 0; + if (ferror (state->fp)) + goto write_error; + } if (++quad_count >= (64/4)) { quad_count = 0; if (!(state->flags & B64ENC_NO_LINEFEEDS) - && fputs ("\n", fp) == EOF) + && my_fputs ("\n", state) == EOF) goto write_error; } } @@ -251,20 +288,19 @@ return gpg_error_from_syserror (); } + gpg_error_t b64enc_finish (struct b64state *state) { gpg_error_t err = 0; unsigned char radbuf[4]; int idx, quad_count; - FILE *fp; char tmp[4]; if (!(state->flags & B64ENC_DID_HEADER)) goto cleanup; /* Flush the base64 encoding */ - fp = state->fp; idx = state->idx; quad_count = state->quad_count; assert (idx < 4); @@ -285,17 +321,28 @@ tmp[2] = bintoasc[((radbuf[1] << 2) & 074) & 077]; tmp[3] = '='; } - for (idx=0; idx < 4; idx++) - putc (tmp[idx], fp); - idx = 0; - if (ferror (fp)) - goto write_error; - + if (state->stream) + { + for (idx=0; idx < 4; idx++) + es_putc (tmp[idx], state->stream); + idx = 0; + if (es_ferror (state->stream)) + goto write_error; + } + else + { + for (idx=0; idx < 4; idx++) + putc (tmp[idx], state->fp); + idx = 0; + if (ferror (state->fp)) + goto write_error; + } + if (++quad_count >= (64/4)) { quad_count = 0; if (!(state->flags & B64ENC_NO_LINEFEEDS) - && fputs ("\n", fp) == EOF) + && my_fputs ("\n", state) == EOF) goto write_error; } } @@ -303,13 +350,13 @@ /* Finish the last line and write the trailer. */ if (quad_count && !(state->flags & B64ENC_NO_LINEFEEDS) - && fputs ("\n", fp) == EOF) + && my_fputs ("\n", state) == EOF) goto write_error; if ( (state->flags & B64ENC_USE_PGPCRC) ) { /* Write the CRC. */ - putc ('=', fp); + my_fputs ("=", state); radbuf[0] = state->crc >>16; radbuf[1] = state->crc >> 8; radbuf[2] = state->crc; @@ -317,20 +364,30 @@ tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077]; tmp[2] = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077]; tmp[3] = bintoasc[radbuf[2]&077]; - for (idx=0; idx < 4; idx++) - putc (tmp[idx], fp); - if (ferror (fp)) - goto write_error; + if (state->stream) + { + for (idx=0; idx < 4; idx++) + es_putc (tmp[idx], state->stream); + if (es_ferror (state->stream)) + goto write_error; + } + else + { + for (idx=0; idx < 4; idx++) + putc (tmp[idx], state->fp); + if (ferror (state->fp)) + goto write_error; + } if (!(state->flags & B64ENC_NO_LINEFEEDS) - && fputs ("\n", fp) == EOF) + && my_fputs ("\n", state) == EOF) goto write_error; } if (state->title) { - if ( fputs ("-----END ", fp) == EOF - || fputs (state->title, fp) == EOF - || fputs ("-----\n", fp) == EOF) + if ( my_fputs ("-----END ", state) == EOF + || my_fputs (state->title, state) == EOF + || my_fputs ("-----\n", state) == EOF) goto write_error; } @@ -346,6 +403,7 @@ state->title = NULL; } state->fp = NULL; + state->stream = NULL; return err; } Modified: trunk/common/estream.c =================================================================== --- trunk/common/estream.c 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/common/estream.c 2010-07-16 13:19:45 UTC (rev 5366) @@ -994,7 +994,7 @@ return 0; } -/* Destroy function for fd objects. */ +/* Destroy function for FILE* objects. */ static int es_func_fp_destroy (void *cookie) { @@ -1076,14 +1076,6 @@ return err; } -static es_cookie_io_functions_t estream_functions_file = - { - es_func_fd_read, - es_func_fd_write, - es_func_fd_seek, - es_func_fd_destroy - }; - static int es_convert_mode (const char *mode, unsigned int *modeflags) @@ -2197,7 +2189,7 @@ goto out; create_called = 1; - err = es_create (&stream, cookie, fd, estream_functions_file, modeflags, 0); + err = es_create (&stream, cookie, fd, estream_functions_fd, modeflags, 0); if (err) goto out; @@ -2207,7 +2199,7 @@ out: if (err && create_called) - (*estream_functions_file.func_close) (cookie); + (*estream_functions_fd.func_close) (cookie); return stream; } @@ -2519,7 +2511,7 @@ goto leave; create_called = 1; - es_initialize (stream, cookie, fd, estream_functions_file, modeflags); + es_initialize (stream, cookie, fd, estream_functions_fd, modeflags); leave: Modified: trunk/common/http.c =================================================================== --- trunk/common/http.c 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/common/http.c 2010-07-16 13:19:45 UTC (rev 5366) @@ -1,6 +1,6 @@ /* http.c - HTTP protocol handler * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, - * 2009 Free Software Foundation, Inc. + * 2009, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -57,6 +57,16 @@ # include #endif /*!HAVE_W32_SYSTEM*/ +#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth. */ +# undef HAVE_PTH +# undef USE_GNU_PTH +#endif + +#ifdef HAVE_PTH +# include +#endif + + #ifdef HTTP_USE_GNUTLS # include /* For non-understandable reasons GNUTLS dropped the _t suffix from @@ -75,13 +85,13 @@ #include "i18n.h" #include "http.h" #ifdef USE_DNS_SRV -#include "srv.h" +# include "srv.h" #else /*!USE_DNS_SRV*/ -/* If we are not compiling with SRV record support we provide stub - data structures. */ -#ifndef MAXDNAME -#define MAXDNAME 1025 -#endif + /* If we are not compiling with SRV record support we provide stub + data structures. */ +# ifndef MAXDNAME +# define MAXDNAME 1025 +# endif struct srventry { unsigned short priority; @@ -110,6 +120,15 @@ "01234567890@" \ "!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~" +/* A long counter type. */ +#ifdef HAVE_STRTOULL +typedef unsigned long long longcounter_t; +# define counter_strtoul(a) strtoull ((a), NULL, 10) +#else +typedef unsigned long longcounter_t; +# define counter_strtoul(a) strtoul ((a), NULL, 10) +#endif + /* Define a prefix to map stream functions to the estream library. */ #ifdef HTTP_USE_ESTREAM #define P_ES(a) es_ ## a @@ -152,9 +171,19 @@ struct cookie_s { - int fd; /* File descriptor or -1 if already closed. */ - gnutls_session_t tls_session; /* TLS session context or NULL if not used. */ - int keep_socket; /* Flag to communicate with teh close handler. */ + /* File descriptor or -1 if already closed. */ + int fd; + + /* TLS session context or NULL if not used. */ + gnutls_session_t tls_session; + + /* The remaining content length and a flag telling whether to use + the content length. */ + longcounter_t content_length; + unsigned int content_length_valid:1; + + /* Flag to communicate with the close handler. */ + unsigned int keep_socket:1; }; typedef struct cookie_s *cookie_t; @@ -180,17 +209,18 @@ { unsigned int status_code; int sock; - int in_data; + unsigned int in_data:1; + unsigned int is_http_0_9:1; #ifdef HTTP_USE_ESTREAM estream_t fp_read; estream_t fp_write; void *write_cookie; + void *read_cookie; #else /*!HTTP_USE_ESTREAM*/ FILE *fp_read; FILE *fp_write; #endif /*!HTTP_USE_ESTREAM*/ void *tls_context; - int is_http_0_9; parsed_uri_t uri; http_req_t req_type; char *buffer; /* Line buffer. */ @@ -417,7 +447,10 @@ hd->write_cookie = NULL; #endif - if (!(hd->flags & HTTP_FLAG_NO_SHUTDOWN)) + /* Shutdown one end of the socket is desired. As per HTTP/1.0 this + is not required but some very old servers (e.g. the original pksd + key server didn't worked without it. */ + if ((hd->flags & HTTP_FLAG_SHUTDOWN)) shutdown (hd->sock, 1); hd->in_data = 0; @@ -537,7 +570,9 @@ gpg_error_t http_parse_uri (parsed_uri_t * ret_uri, const char *uri) { - *ret_uri = xcalloc (1, sizeof **ret_uri + strlen (uri)); + *ret_uri = xtrycalloc (1, sizeof **ret_uri + strlen (uri)); + if (!*ret_uri) + return gpg_error_from_syserror (); strcpy ((*ret_uri)->buffer, uri); return do_parse_uri (*ret_uri, 0); } @@ -980,29 +1015,16 @@ if (!p) return gpg_error_from_syserror (); - request = xtrymalloc (2 * strlen (server) - + strlen (p) - + (authstr?strlen(authstr):0) - + (proxy_authstr?strlen(proxy_authstr):0) - + 100); - if (!request) - { - err = gpg_error_from_syserror (); - xfree (p); - xfree (authstr); - xfree (proxy_authstr); - return err; - } - if (http_proxy && *http_proxy) { - sprintf (request, "%s http://%s:%hu%s%s HTTP/1.0\r\n%s%s", - hd->req_type == HTTP_REQ_GET ? "GET" : - hd->req_type == HTTP_REQ_HEAD ? "HEAD" : - hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS", - server, port, *p == '/' ? "" : "/", p, - authstr ? authstr : "", - proxy_authstr ? proxy_authstr : ""); + request = xtryasprintf + ("%s http://%s:%hu%s%s HTTP/1.0\r\n%s%s", + hd->req_type == HTTP_REQ_GET ? "GET" : + hd->req_type == HTTP_REQ_HEAD ? "HEAD" : + hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS", + server, port, *p == '/' ? "" : "/", p, + authstr ? authstr : "", + proxy_authstr ? proxy_authstr : ""); } else { @@ -1011,16 +1033,24 @@ if (port == 80) *portstr = 0; else - sprintf (portstr, ":%u", port); + snprintf (portstr, sizeof portstr, ":%u", port); - sprintf (request, "%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s", - hd->req_type == HTTP_REQ_GET ? "GET" : - hd->req_type == HTTP_REQ_HEAD ? "HEAD" : - hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS", - *p == '/' ? "" : "/", p, server, portstr, - authstr? authstr:""); + request = xtryasprintf + ("%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s", + hd->req_type == HTTP_REQ_GET ? "GET" : + hd->req_type == HTTP_REQ_HEAD ? "HEAD" : + hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS", + *p == '/' ? "" : "/", p, server, portstr, + authstr? authstr:""); } xfree (p); + if (!request) + { + err = gpg_error_from_syserror (); + xfree (authstr); + xfree (proxy_authstr); + return err; + } #ifdef HTTP_USE_ESTREAM @@ -1072,18 +1102,16 @@ function and only then assign a stdio stream. This allows for better error reporting that through standard stdio means. */ err = write_server (hd->sock, request, strlen (request)); - - if(err==0) - for(;headers;headers=headers->next) + if (!err) + for (;headers;headers=headers->next) { - err = write_server( hd->sock, headers->d, strlen(headers->d) ); - if(err) + err = write_server (hd->sock, headers->d, strlen(headers->d)); + if (err) break; - err = write_server( hd->sock, "\r\n", 2 ); - if(err) + err = write_server (hd->sock, "\r\n", 2); + if (err) break; } - if (!err) { hd->fp_write = fdopen (hd->sock, "w"); @@ -1351,9 +1379,7 @@ is valid as along as HD has not been closed and no othe request has been send. If the header was not found, NULL is returned. Name must be canonicalized, that is the first letter of each dash - delimited part must be uppercase and all other letters lowercase. - Note that the context must have been opened with the - HTTP_FLAG_NEED_HEADER. */ + delimited part must be uppercase and all other letters lowercase. */ const char * http_get_header (http_t hd, const char *name) { @@ -1376,6 +1402,8 @@ { char *line, *p, *p2; size_t maxlen, len; + cookie_t cookie = hd->read_cookie; + const char *s; /* Delete old header lines. */ while (hd->headers) @@ -1447,7 +1475,7 @@ if ( (hd->flags & HTTP_FLAG_LOG_RESP) ) log_info ("RESP: `%.*s'\n", (int)strlen(line)-(*line&&line[1]?2:0),line); - if ( (hd->flags & HTTP_FLAG_NEED_HEADER) && *line ) + if (*line) { gpg_error_t err = store_header (hd, line); if (err) @@ -1456,6 +1484,17 @@ } while (len && *line); + cookie->content_length_valid = 0; + if (!(hd->flags & HTTP_FLAG_IGNORE_CL)) + { + s = http_get_header (hd, "Content-Length"); + if (s) + { + cookie->content_length_valid = 1; + cookie->content_length = counter_strtoul (s); + } + } + return 0; } @@ -1601,6 +1640,7 @@ } } #else + (void)flags; (void)srvtag; #endif /*USE_DNS_SRV*/ @@ -1739,6 +1779,7 @@ { int nleft; + /* FIXME: We would better use pth I/O functions. */ nleft = length; while (nleft > 0) { @@ -1787,6 +1828,14 @@ cookie_t c = cookie; int nread; + if (c->content_length_valid) + { + if (!c->content_length) + return 0; /* EOF */ + if (c->content_length < size) + size = c->content_length; + } + #ifdef HTTP_USE_GNUTLS if (c->tls_session) { @@ -1817,7 +1866,9 @@ { do { -#ifdef HAVE_W32_SYSTEM +#ifdef HAVE_PTH + nread = pth_read (c->fd, buffer, size); +#elif defined(HAVE_W32_SYSTEM) /* Under Windows we need to use recv for a socket. */ nread = recv (c->fd, buffer, size, 0); #else @@ -1827,6 +1878,14 @@ while (nread == -1 && errno == EINTR); } + if (c->content_length_valid && nread > 0) + { + if (nread < c->content_length) + c->content_length -= nread; + else + c->content_length = 0; + } + return nread; } @@ -2028,9 +2087,7 @@ http_release_parsed_uri (uri); uri = NULL; - rc = http_open_document (&hd, *argv, NULL, - HTTP_FLAG_NO_SHUTDOWN | HTTP_FLAG_NEED_HEADER, - NULL, tls_session); + rc = http_open_document (&hd, *argv, NULL, 0, NULL, tls_session); if (rc) { log_error ("can't get `%s': %s\n", *argv, gpg_strerror (rc)); Modified: trunk/common/http.h =================================================================== --- trunk/common/http.h 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/common/http.h 2010-07-16 13:19:45 UTC (rev 5366) @@ -1,6 +1,6 @@ /* http.h - HTTP protocol handler - * Copyright (C) 1999, 2000, 2001, 2003, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1999, 2000, 2001, 2003, 2006, + * 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -62,9 +62,9 @@ enum { HTTP_FLAG_TRY_PROXY = 1, - HTTP_FLAG_NO_SHUTDOWN = 2, - HTTP_FLAG_LOG_RESP = 4, - HTTP_FLAG_NEED_HEADER = 8 + HTTP_FLAG_SHUTDOWN = 2, + HTTP_FLAG_LOG_RESP = 8, + HTTP_FLAG_IGNORE_CL = 32 }; struct http_context_s; Modified: trunk/common/util.h =================================================================== --- trunk/common/util.h 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/common/util.h 2010-07-16 13:19:45 UTC (rev 5366) @@ -27,6 +27,9 @@ #ifndef GPG_ERR_MISSING_KEY #define GPG_ERR_MISSING_KEY 181 #endif +#ifndef GPG_ERR_LIMIT_REACHED +#define GPG_ERR_LIMIT_REACHED 183 +#endif /* Hash function used with libksba. */ #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) @@ -128,6 +131,7 @@ int idx; int quad_count; FILE *fp; + estream_t stream; char *title; unsigned char radbuf[4]; u32 crc; @@ -136,6 +140,8 @@ }; gpg_error_t b64enc_start (struct b64state *state, FILE *fp, const char *title); +gpg_error_t b64enc_start_es (struct b64state *state, estream_t fp, + const char *title); gpg_error_t b64enc_write (struct b64state *state, const void *buffer, size_t nbytes); gpg_error_t b64enc_finish (struct b64state *state); Modified: trunk/dirmngr/Makefile.am =================================================================== --- trunk/dirmngr/Makefile.am 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/dirmngr/Makefile.am 2010-07-16 13:19:45 UTC (rev 5366) @@ -38,7 +38,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ ldapserver.h ldapserver.c certcache.c certcache.h \ - b64dec.c cdb.h cdblib.c ldap.c http.c http.h misc.c \ + cdb.h cdblib.c ldap.c misc.c dirmngr-err.h \ ocsp.c ocsp.h validate.c validate.h dirmngr_LDADD = $(libcommonpth) ../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \ @@ -56,7 +56,7 @@ dirmngr_ldap_LDADD = $(libcommon) ../gl/libgnu.a $(DNSLIBS) \ $(GPG_ERROR_LIBS) $(LDAPLIBS) $(LIBINTL) $(LIBICONV) -dirmngr_client_SOURCES = dirmngr-client.c b64enc.c no-libgcrypt.c +dirmngr_client_SOURCES = dirmngr-client.c no-libgcrypt.c dirmngr_client_LDADD = $(libcommon) ../gl/libgnu.a $(LIBASSUAN_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) Modified: trunk/dirmngr/cdblib.c =================================================================== --- trunk/dirmngr/cdblib.c 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/dirmngr/cdblib.c 2010-07-16 13:19:45 UTC (rev 5366) @@ -73,6 +73,8 @@ # endif #endif #include + +#include "dirmngr-err.h" #include "cdb.h" #ifndef EPROTO @@ -123,13 +125,17 @@ return -1; /* trivial sanity check: at least toc should be here */ if (st.st_size < 2048) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } fsize = (unsigned)(st.st_size & 0xffffffffu); /* memory-map file */ #ifdef _WIN32 +# ifdef __MINGW32CE__ + hFile = fd; +# else hFile = (HANDLE) _get_osfhandle(fd); +#endif if (hFile == (HANDLE) -1) return -1; hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); @@ -177,7 +183,11 @@ HANDLE hFile, hMapping; #endif #ifdef _WIN32 +#ifdef __MINGW32CE__ + hFile = cdbp->cdb_fd; +#else hFile = (HANDLE) _get_osfhandle(cdbp->cdb_fd); +#endif hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); UnmapViewOfFile((void*) cdbp->cdb_mem); CloseHandle(hMapping); @@ -199,7 +209,7 @@ cdb_read(const struct cdb *cdbp, void *buf, unsigned len, cdbi_t pos) { if (pos > cdbp->cdb_fsize || cdbp->cdb_fsize - pos < len) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } memcpy(buf, cdbp->cdb_mem + pos, len); @@ -243,7 +253,7 @@ || pos > cdbp->cdb_fsize /* htab start within file ? */ || httodo > cdbp->cdb_fsize - pos) /* entrie htab within file ? */ { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } @@ -258,19 +268,19 @@ return 0; if (cdb_unpack(htp) == hval) { if (pos > cdbp->cdb_fsize - 8) { /* key+val lengths */ - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } if (cdb_unpack(cdbp->cdb_mem + pos) == klen) { if (cdbp->cdb_fsize - klen < pos + 8) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } if (memcmp(key, cdbp->cdb_mem + pos + 8, klen) == 0) { n = cdb_unpack(cdbp->cdb_mem + pos + 4); pos += 8 + klen; if (cdbp->cdb_fsize < n || cdbp->cdb_fsize - n < pos) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } cdbp->cdb_vpos = pos; @@ -331,7 +341,7 @@ || pos > cdbp->cdb_fsize || cdbfp->cdb_httodo > cdbp->cdb_fsize - pos) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } @@ -368,12 +378,12 @@ cdbfp->cdb_httodo -= 8; if (n) { if (pos > cdbp->cdb_fsize - 8) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } if (cdb_unpack(cdbp->cdb_mem + pos) == cdbfp->cdb_klen) { if (cdbp->cdb_fsize - cdbfp->cdb_klen < pos + 8) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } if (memcmp(cdbfp->cdb_key, @@ -381,7 +391,7 @@ n = cdb_unpack(cdbp->cdb_mem + pos + 4); pos += 8 + cdbfp->cdb_klen; if (cdbp->cdb_fsize < n || cdbp->cdb_fsize - n < pos) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } cdbp->cdb_vpos = pos; @@ -410,7 +420,7 @@ || pos > cdbp->cdb_fsize || cdbfp->cdb_httodo > cdbp->cdb_fsize - pos) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } @@ -425,7 +435,7 @@ while (!pos); if (pos > cdbp->cdb_fsize - 8) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } @@ -436,7 +446,7 @@ n = 8 + cdbp->cdb_klen + cdbp->cdb_vlen; if ( pos > cdbp->cdb_fsize || pos > cdbp->cdb_fsize - n) { - errno = EPROTO; + gpg_err_set_errno (EPROTO); return -1; } return 1; /* Found. */ @@ -454,7 +464,7 @@ while(l < 0 && errno == EINTR); if (l <= 0) { if (!l) - errno = EIO; + gpg_err_set_errno (EIO); return -1; } buf = (char*)buf + l; @@ -555,7 +565,7 @@ struct cdb_rl *rl; if (klen > 0xffffffff - (cdbmp->cdb_dpos + 8) || vlen > 0xffffffff - (cdbmp->cdb_dpos + klen + 8)) { - errno = ENOMEM; + gpg_err_set_errno (ENOMEM); return -1; } hval = cdb_hash(key, klen); @@ -563,7 +573,7 @@ if (!rl || rl->cnt >= sizeof(rl->rec)/sizeof(rl->rec[0])) { rl = (struct cdb_rl*)malloc(sizeof(struct cdb_rl)); if (!rl) { - errno = ENOMEM; + gpg_err_set_errno (ENOMEM); return -1; } rl->cnt = 0; @@ -603,7 +613,7 @@ return -1; if (c) { if (flags == CDB_PUT_INSERT) { - errno = EEXIST; + gpg_err_set_errno (EEXIST); return 1; } else if (flags == CDB_PUT_REPLACE) { @@ -621,7 +631,7 @@ if (!rl || rl->cnt >= sizeof(rl->rec)/sizeof(rl->rec[0])) { rl = (struct cdb_rl*)malloc(sizeof(struct cdb_rl)); if (!rl) { - errno = ENOMEM; + gpg_err_set_errno (ENOMEM); return -1; } rl->cnt = 0; @@ -633,13 +643,13 @@ break; default: - errno = EINVAL; + gpg_err_set_errno (EINVAL); return -1; } if (klen > 0xffffffff - (cdbmp->cdb_dpos + 8) || vlen > 0xffffffff - (cdbmp->cdb_dpos + klen + 8)) { - errno = ENOMEM; + gpg_err_set_errno (ENOMEM); return -1; } rl->rec[c].hval = hval; @@ -812,7 +822,7 @@ unsigned t, i; if (((0xffffffff - cdbmp->cdb_dpos) >> 3) < cdbmp->cdb_rcnt) { - errno = ENOMEM; + gpg_err_set_errno (ENOMEM); return -1; } @@ -837,7 +847,7 @@ /* allocate memory to hold max htable */ htab = (struct cdb_rec*)malloc((hsize + 2) * sizeof(struct cdb_rec)); if (!htab) { - errno = ENOENT; + gpg_err_set_errno (ENOENT); return -1; } p = (unsigned char *)htab; Modified: trunk/dirmngr/certcache.c =================================================================== --- trunk/dirmngr/certcache.c 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/dirmngr/certcache.c 2010-07-16 13:19:45 UTC (rev 5366) @@ -328,7 +328,7 @@ struct dirent *ep; char *p; size_t n; - FILE *fp; + estream_t fp; ksba_reader_t reader; ksba_cert_t cert; char *fname = NULL; @@ -353,7 +353,7 @@ xfree (fname); fname = make_filename (dirname, p, NULL); - fp = fopen (fname, "rb"); + fp = es_fopen (fname, "rb"); if (!fp) { log_error (_("can't open `%s': %s\n"), @@ -367,7 +367,7 @@ { log_error (_("can't setup KSBA reader: %s\n"), gpg_strerror (err)); ksba_reader_release (reader); - fclose (fp); + es_fclose (fp); continue; } @@ -375,7 +375,7 @@ if (!err) err = ksba_cert_read_der (cert, reader); ksba_reader_release (reader); - fclose (fp); + es_fclose (fp); if (err) { log_error (_("can't parse certificate `%s': %s\n"), Modified: trunk/dirmngr/crlcache.c =================================================================== --- trunk/dirmngr/crlcache.c 2010-06-28 13:37:44 UTC (rev 5365) +++ trunk/dirmngr/crlcache.c 2010-07-16 13:19:45 UTC (rev 5366) @@ -218,7 +218,7 @@ log_error (_("error creating directory `%s': %s\n"), fname, strerror (errno)); xfree (fname); - errno = save_errno; + gpg_err_set_errno (save_errno); return -1; } } @@ -298,7 +298,7 @@ removed, the function will read the last line of a file, even if that is not terminated by a LF. */ static char * -next_line_from_file (FILE *fp, gpg_error_t *r_err) +next_line_from_file (estream_t fp, gpg_error_t *r_err) { char buf[300]; char *largebuf = NULL; @@ -311,7 +311,7 @@ *r_err = 0; p = buf; buflen = sizeof buf - 1; - while ((c=getc (fp)) != EOF && c != '\n') + while ((c=es_getc (fp)) != EOF && c != '\n') { if (len >= buflen) { @@ -401,12 +401,12 @@ /* Open the dir file FNAME or create a new one if it does not yet exist. */ -static FILE * +static estream_t open_dir_file (const char *fname) { - FILE *fp; + estream_t fp; - fp = fopen (fname, "r"); + fp = es_fopen (fname, "r"); if (!fp) { log_error (_("failed to open cache dir file `%s': %s\n"), @@ -416,22 +416,22 @@ if (create_directory_if_needed (NULL) || create_directory_if_needed (DBDIR_D)) return NULL; - fp = fopen (fname, "w"); + fp = es_fopen (fname, "w"); if (!fp) { log_error (_("error creating new cache dir file `%s': %s\n"), fname, strerror (errno)); return NULL; } - fprintf (fp, "v:%d:\n", DBDIRVERSION); - if (ferror (fp)) + es_fprintf (fp, "v:%d:\n", DBDIRVERSION); + if (es_ferror (fp)) { log_error (_("error writing new cache dir file `%s': %s\n"), fname, strerror (errno)); - fclose (fp); + es_fclose (fp); return NULL; } - if (fclose (fp)) + if (es_fclose (fp)) { log_error (_("error closing new cache dir file `%s': %s\n"), fname, strerror (errno)); @@ -440,7 +440,7 @@ log_info (_("new cache dir file `%s' created\n"), fname); - fp = fopen (fname, "r"); + fp = es_fopen (fname, "r"); if (!fp) { log_error (_("failed to re-open cache dir file `%s': %s\n"), @@ -454,13 +454,13 @@ /* Helper for open_dir. */ static gpg_error_t -check_dir_version (FILE **fpadr, const char *fname, +check_dir_version (estream_t *fpadr, const char *fname, unsigned int *lineno, int cleanup_on_mismatch) { char *line; gpg_error_t lineerr = 0; - FILE *fp = *fpadr; + estream_t fp = *fpadr; int created = 0; retry: @@ -485,7 +485,7 @@ if (!created && cleanup_on_mismatch) { log_error (_("old version of cache directory - cleaning up\n")); - fclose (fp); + es_fclose (fp); *fpadr = NULL; if (!cleanup_cache_dir (1)) { @@ -521,7 +521,7 @@ char *fname; char *line = NULL; gpg_error_t lineerr = 0; - FILE *fp; + estream_t fp; crl_cache_entry_t entry, *entrytail; unsigned int lineno; gpg_error_t err = 0; @@ -649,7 +649,7 @@ log_error (_("error reading `%s': %s\n"), fname, gpg_strerror (err)); goto leave; } - if (ferror (fp)) + if (es_ferror (fp)) { log_error (_("error reading `%s': %s\n"), fname, strerror (errno)); err = gpg_error (GPG_ERR_CONFIGURATION); @@ -695,8 +695,7 @@ leave: - if (fp) - fclose (fp); + es_fclose (fp); xfree (line); xfree (fname); if (err) @@ -709,54 +708,54 @@ } static void -write_percented_string (const char *s, FILE *fp) +write_percented_string (const char *s, estream_t fp) { for (; *s; s++) if (*s == ':') - fputs ("%3A", fp); + es_fputs ("%3A", fp); else if (*s == '\n') - fputs ("%0A", fp); + es_fputs ("%0A", fp); else if (*s == '\r') - fputs ("%0D", fp); + es_fputs ("%0D", fp); else - putc (*s, fp); + es_putc (*s, fp); } static void -write_dir_line_crl (FILE *fp, crl_cache_entry_t e) +write_dir_line_crl (estream_t fp, crl_cache_entry_t e) { if (e->invalid) - fprintf (fp, "i%d", e->invalid); + es_fprintf (fp, "i%d", e->invalid); else if (e->user_trust_req) - putc ('u', fp); + es_putc ('u', fp); else - putc ('c', fp); - putc (':', fp); - fputs (e->issuer_hash, fp); - putc (':', fp); + es_putc ('c', fp); + es_putc (':', fp); + es_fputs (e->issuer_hash, fp); + es_putc (':', fp); write_percented_string (e->issuer, fp); - putc (':', fp); + es_putc (':', fp); write_percented_string (e->url, fp); - putc (':', fp); - fwrite (e->this_update, 15, 1, fp); - putc (':', fp); - fwrite (e->next_update, 15, 1, fp); - putc (':', fp); - fputs (e->dbfile_hash, fp); - putc (':', fp); + es_putc (':', fp); + es_fwrite (e->this_update, 15, 1, fp); + es_putc (':', fp); + es_fwrite (e->next_update, 15, 1, fp); + es_putc (':', fp); + es_fputs (e->dbfile_hash, fp); + es_putc (':', fp); if (e->crl_number) - fputs (e->crl_number, fp); - putc (':', fp); + es_fputs (e->crl_number, fp); + es_putc (':', fp); if (e->authority_issuer) write_percented_string (e->authority_issuer, fp); - putc (':', fp); + es_putc (':', fp); if (e->authority_serialno) - fputs (e->authority_serialno, fp); - putc (':', fp); + es_fputs (e->authority_serialno, fp); + es_putc (':', fp); if (e->check_trust_anchor && e->user_trust_req) - fputs (e->check_trust_anchor, fp); - putc ('\n', fp); + es_fputs (e->check_trust_anchor, fp); + es_putc ('\n', fp); } @@ -768,7 +767,8 @@ char *tmpfname = NULL; char *line = NULL; gpg_error_t lineerr = 0; - FILE *fp, *fpout = NULL; + estream_t fp; + estream_t fpout = NULL; crl_cache_entry_t e; unsigned int lineno; gpg_error_t err = 0; @@ -781,7 +781,7 @@ e->mark = 1; lineno = 0; - fp = fopen (fname, "r"); + fp = es_fopen (fname, "r"); if (!fp) { err = gpg_error_from_errno (errno); @@ -792,7 +792,7 @@ err = check_dir_version (&fp, fname, &lineno, 0); if (err) goto leave; - rewind (fp); + es_rewind (fp); lineno = 0; /* Create a temporary DIR file. */ @@ -827,7 +827,7 @@ tmpfname = make_filename (opt.homedir_cache, DBDIR_D, tmpbuf, NULL); xfree (tmpbuf); } - fpout = fopen (tmpfname, "w"); + fpout = es_fopen (tmpfname, "w"); if (!fpout) { err = gpg_error_from_errno (errno); @@ -868,30 +868,30 @@ { /* We ignore entries we don't have in our cache because they may have been added in the meantime by other instances of dirmngr. */ - fprintf (fpout, "# Next line added by " - "another process; our pid is %lu\n", - (unsigned long)getpid ()); - fputs (line, fpout); - putc ('\n', fpout); + es_fprintf (fpout, "# Next line added by " + "another process; our pid is %lu\n", + (unsigned long)getpid ()); + es_fputs (line, fpout); + es_putc ('\n', fpout); } } else { - fputs ("# Invalid line detected: ", fpout); - fputs (line, fpout); - putc ('\n', fpout); + es_fputs ("# Invalid line detected: ", fpout); + es_fputs (line, fpout); + es_putc ('\n', fpout); } } else { /* Write out all non CRL lines as they are. */ - fputs (line, fpout); - putc ('\n', fpout); + es_fputs (line, fpout); + es_putc ('\n', fpout); } xfree (line); } - if (!ferror (fp) && !ferror (fpout) && !lineerr) + if (!es_ferror (fp) && !ferror (es_fpout) && !lineerr) { /* Write out the remaining entries. */ for (e= cache->entries; e; e = e->next) @@ -908,12 +908,12 @@ log_error (_("error reading `%s': %s\n"), fname, gpg_strerror (err)); goto leave; } - if (ferror (fp)) + if (es_ferror (fp)) { err = gpg_error_from_errno (errno); log_error (_("error reading `%s': %s\n"), fname, strerror (errno)); } - if (ferror (fpout)) + if (es_ferror (fpout)) { err = gpg_error_from_errno (errno); log_error (_("error writing `%s': %s\n"), tmpfname, strerror (errno)); @@ -922,9 +922,9 @@ goto leave; /* Rename the files. */ - fclose (fp); + es_fclose (fp); fp = NULL; - if (fclose (fpout)) + if (es_fclose (fpout)) { err = gpg_error_from_errno (errno); log_error (_("error closing `%s': %s\n"), tmpfname, strerror (errno)); @@ -947,14 +947,13 @@ leave: /* Fixme: Relinquish update lock. */ xfree (line); - if (fp) - fclose (fp); + es_fclose (fp); xfree (fname); if (fpout) { - fclose (fpout); + es_fclose (fpout); if (err && tmpfname) - remove (tmpfname); + gnupg_remove (tmpfname); } xfree (tmpfname); return err; @@ -984,14 +983,14 @@ static int hash_dbfile (const char *fname, unsigned char *md5buffer) { - FILE *fp; + estream_t fp; char *buffer; size_t n; gcry_md_hd_t md5; gpg_err_code_t err; buffer = xtrymalloc (65536); - fp = buffer? fopen (fname, "rb") : NULL; + fp = buffer? es_fopen (fname, "rb") : NULL; if (!fp) { log_error (_("can't hash `%s': %s\n"), fname, strerror (errno)); @@ -1005,7 +1004,7 @@ log_error (_("error setting up MD5 hash context: %s\n"), gpg_strerror (err)); xfree (buffer); - fclose (fp); + es_fclose (fp); return -1; } @@ -1015,12 +1014,12 @@ for (;;) { - n = fread (buffer, 1, 65536, fp); - if (n < 65536 && ferror (fp)) + n = es_fread (buffer, 1, 65536, fp); + if (n < 65536 && es_ferror (fp)) { log_error (_("error hashing `%s': %s\n"), fname, strerror (errno)); xfree (buffer); - fclose (fp); + es_fclose (fp); gcry_md_close (md5); return -1; } @@ -1028,7 +1027,7 @@ break; gcry_md_write (md5, buffer, n); } - fclose (fp); + es_fclose (fp); xfree (buffer); gcry_md_final (md5); @@ -2017,7 +2016,7 @@ *p = '.'; fname = make_filename (opt.homedir_cache, DBDIR_D, tmpfname, NULL); xfree (tmpfname); - if (!remove (fname)) + if (!gnupg_remove (fname)) log_info (_("removed stale temporary cache file `%s'\n"), fname); else if (errno != ENOENT) { @@ -2198,7 +2197,7 @@ close (fd_cdb); if (fname) { - remove (fname); + gnupg_remove (fname); xfree (fname); } xfree (newfname); @@ -2214,7 +2213,7 @@ /* Print one cached entry E in a human readable format to stream FP. Return 0 on success. */ static gpg_error_t -list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, FILE *fp) +list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp) { struct cdb_find cdbfp; struct cdb *cdb; @@ -2222,44 +2221,46 @@ int warn = 0; const unsigned char *s; - fputs ("--------------------------------------------------------\n", fp ); - fprintf (fp, _("Begin CRL dump (retrieved via %s)\n"), e->url ); - fprintf (fp, " Issuer:\t%s\n", e->issuer ); - fprintf (fp, " Issuer Hash:\t%s\n", e->issuer_hash ); - fprintf (fp, " This Update:\t%s\n", e->this_update ); - fprintf (fp, " Next Update:\t%s\n", e->next_update ); - fprintf (fp, " CRL Number :\t%s\n", e->crl_number? e->crl_number: "none"); - fprintf (fp, " AuthKeyId :\t%s\n", - e->authority_serialno? e->authority_serialno:"none"); + es_fputs ("--------------------------------------------------------\n", fp ); + es_fprintf (fp, _("Begin CRL dump (retrieved via %s)\n"), e->url ); + es_fprintf (fp, " Issuer:\t%s\n", e->issuer ); + es_fprintf (fp, " Issuer Hash:\t%s\n", e->issuer_hash ); + es_fprintf (fp, " This Update:\t%s\n", e->this_update ); + es_fprintf (fp, " Next Update:\t%s\n", e->next_update ); + es_fprintf (fp, " CRL Number :\t%s\n", e->crl_number? e->crl_number: "none"); + es_fprintf (fp, " AuthKeyId :\t%s\n", + e->authority_serialno? e->authority_serialno:"none"); if (e->authority_serialno && e->authority_issuer) { - fputs (" \t", fp); + es_fputs (" \t", fp); for (s=e->authority_issuer; *s; s++) if (*s == '\x01') - fputs ("\n \t", fp); + es_fputs ("\n \t", fp); else - putc (*s, fp); - putc ('\n', fp); + es_putc (*s, fp); + es_putc ('\n', fp); } - fprintf (fp, " Trust Check:\t%s\n", - !e->user_trust_req? "[system]" : - e->check_trust_anchor? e->check_trust_anchor:"[missing]"); + es_fprintf (fp, " Trust Check:\t%s\n", + !e->user_trust_req? "[system]" : + e->check_trust_anchor? e->check_trust_anchor:"[missing]"); if ((e->invalid & 1)) - fprintf (fp, _(" ERROR: The CRL will not be used because it was still too old after an update!\n")); From cvs at cvs.gnupg.org Mon Jul 19 09:05:38 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 19 Jul 2010 09:05:38 +0200 Subject: [svn] GnuPG - r5367 - in branches/STABLE-BRANCH-2-0: . po Message-ID: Author: wk Date: 2010-07-19 09:05:30 +0200 (Mon, 19 Jul 2010) New Revision: 5367 Modified: branches/STABLE-BRANCH-2-0/ChangeLog branches/STABLE-BRANCH-2-0/NEWS branches/STABLE-BRANCH-2-0/configure.ac branches/STABLE-BRANCH-2-0/po/be.po branches/STABLE-BRANCH-2-0/po/ca.po branches/STABLE-BRANCH-2-0/po/cs.po branches/STABLE-BRANCH-2-0/po/da.po branches/STABLE-BRANCH-2-0/po/de.po branches/STABLE-BRANCH-2-0/po/el.po branches/STABLE-BRANCH-2-0/po/eo.po branches/STABLE-BRANCH-2-0/po/es.po branches/STABLE-BRANCH-2-0/po/et.po branches/STABLE-BRANCH-2-0/po/fi.po branches/STABLE-BRANCH-2-0/po/fr.po branches/STABLE-BRANCH-2-0/po/gl.po branches/STABLE-BRANCH-2-0/po/hu.po branches/STABLE-BRANCH-2-0/po/id.po branches/STABLE-BRANCH-2-0/po/it.po branches/STABLE-BRANCH-2-0/po/ja.po branches/STABLE-BRANCH-2-0/po/nb.po branches/STABLE-BRANCH-2-0/po/pl.po branches/STABLE-BRANCH-2-0/po/pt.po branches/STABLE-BRANCH-2-0/po/pt_BR.po branches/STABLE-BRANCH-2-0/po/ro.po branches/STABLE-BRANCH-2-0/po/ru.po branches/STABLE-BRANCH-2-0/po/sk.po branches/STABLE-BRANCH-2-0/po/sv.po branches/STABLE-BRANCH-2-0/po/tr.po branches/STABLE-BRANCH-2-0/po/zh_CN.po branches/STABLE-BRANCH-2-0/po/zh_TW.po Log: Prepare a release Modified: branches/STABLE-BRANCH-2-0/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/ChangeLog 2010-07-16 13:19:45 UTC (rev 5366) +++ branches/STABLE-BRANCH-2-0/ChangeLog 2010-07-19 07:05:30 UTC (rev 5367) @@ -1,3 +1,10 @@ +2010-07-19 Werner Koch + + Release 2.0.16. + + * configure.ac: Require libgpg-error 1.7 and libksba 1.0.7 to + force building with more recent versions. + 2010-05-04 Werner Koch * configure.ac: Add option --enable-standard-socket. Modified: branches/STABLE-BRANCH-2-0/NEWS =================================================================== --- branches/STABLE-BRANCH-2-0/NEWS 2010-07-16 13:19:45 UTC (rev 5366) +++ branches/STABLE-BRANCH-2-0/NEWS 2010-07-19 07:05:30 UTC (rev 5367) @@ -1,4 +1,4 @@ -Noteworthy changes in version 2.0.16 (unreleased) +Noteworthy changes in version 2.0.16 (2010-07-19) ------------------------------------------------- * If the agent's --use-standard-socket option is active, all tools Modified: branches/STABLE-BRANCH-2-0/configure.ac =================================================================== --- branches/STABLE-BRANCH-2-0/configure.ac 2010-07-16 13:19:45 UTC (rev 5366) +++ branches/STABLE-BRANCH-2-0/configure.ac 2010-07-19 07:05:30 UTC (rev 5367) @@ -25,7 +25,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [2.0.16]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -37,7 +37,7 @@ # sufficient. development_version=no -NEED_GPG_ERROR_VERSION=1.4 +NEED_GPG_ERROR_VERSION=1.7 NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.4.0 @@ -46,7 +46,7 @@ NEED_LIBASSUAN_VERSION=2.0.0 NEED_KSBA_API=1 -NEED_KSBA_VERSION=1.0.2 +NEED_KSBA_VERSION=1.0.7 PACKAGE=$PACKAGE_NAME Modified: branches/STABLE-BRANCH-2-0/po/be.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/ca.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/cs.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/da.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/de.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/el.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/eo.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/es.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/et.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/fi.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/fr.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/gl.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/hu.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/id.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/it.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/ja.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/nb.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/pl.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/pt.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/pt_BR.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/ro.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/ru.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/sk.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/sv.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/tr.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/zh_CN.po [not shown] Modified: branches/STABLE-BRANCH-2-0/po/zh_TW.po [not shown] From cvs at cvs.gnupg.org Mon Jul 19 10:31:01 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 19 Jul 2010 10:31:01 +0200 Subject: [svn] GnuPG - r5368 - tags Message-ID: Author: wk Date: 2010-07-19 10:31:01 +0200 (Mon, 19 Jul 2010) New Revision: 5368 Added: tags/gnupg-2.0.16/ Log: Tag the release From cvs at cvs.gnupg.org Mon Jul 19 13:35:45 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 19 Jul 2010 13:35:45 +0200 Subject: [svn] GnuPG - r5369 - branches/STABLE-BRANCH-2-0/po Message-ID: Author: wk Date: 2010-07-19 13:35:44 +0200 (Mon, 19 Jul 2010) New Revision: 5369 Modified: branches/STABLE-BRANCH-2-0/po/ChangeLog branches/STABLE-BRANCH-2-0/po/zh_TW.po Log: Update Modified: branches/STABLE-BRANCH-2-0/po/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/po/ChangeLog 2010-07-19 08:31:01 UTC (rev 5368) +++ branches/STABLE-BRANCH-2-0/po/ChangeLog 2010-07-19 11:35:44 UTC (rev 5369) @@ -1,3 +1,7 @@ +2010-07-19 Jedi (wk) + + * zh_TW.po: Update. + 2010-05-12 Jedi (wk) * zh_TW.po: Update (dated 2010-03-10). Modified: branches/STABLE-BRANCH-2-0/po/zh_TW.po [not shown] From cvs at cvs.gnupg.org Mon Jul 19 15:56:05 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 19 Jul 2010 15:56:05 +0200 Subject: [svn] gcry - r1440 - in branches/LIBGCRYPT-1-4-BRANCH: doc tests Message-ID: Author: wk Date: 2010-07-19 15:56:04 +0200 (Mon, 19 Jul 2010) New Revision: 1440 Modified: branches/LIBGCRYPT-1-4-BRANCH/doc/announce.txt branches/LIBGCRYPT-1-4-BRANCH/tests/ChangeLog branches/LIBGCRYPT-1-4-BRANCH/tests/Makefile.am Log: Help gold Modified: branches/LIBGCRYPT-1-4-BRANCH/tests/ChangeLog =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/tests/ChangeLog 2010-07-13 16:04:24 UTC (rev 1439) +++ branches/LIBGCRYPT-1-4-BRANCH/tests/ChangeLog 2010-07-19 13:56:04 UTC (rev 1440) @@ -1,3 +1,7 @@ +2010-07-19 Werner Koch + + * Makefile.am (LDADD): Add GPG_ERROR_LIBS to help a new wannabe ld. + 2010-07-13 Werner Koch * aeswrap.c: New. Take from trunk. Modified: branches/LIBGCRYPT-1-4-BRANCH/doc/announce.txt =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/doc/announce.txt 2010-07-13 16:04:24 UTC (rev 1439) +++ branches/LIBGCRYPT-1-4-BRANCH/doc/announce.txt 2010-07-19 13:56:04 UTC (rev 1440) @@ -5,51 +5,42 @@ Hello! The GNU project is pleased to announce the availability of Libgcrypt -version 1.4.5. +version 1.4.6. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. -Noteworthy changes in version 1.4.5: +Noteworthy changes in version 1.4.6: - * Fixed minor memory leak in DSA key generation. + * New variants of the TIGER algorithm. - * No more switching to FIPS mode if /proc/version is not readable. + * New cipher algorithm mode for AES-WRAP. - * Fixed a sigill during Padlock detection on old CPUs. - - * Fixed a hang on some W2000 machines. - - * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; - SHA-256 went up by 25%. - - Source code is hosted at the GnuPG FTP server and its mirrors as listed at . On the primary server the source file and its digital signature is: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.bz2 (1121k) - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.bz2.sig + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.6.tar.bz2 (1125k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.6.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.gz (1386k) - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5.tar.gz.sig + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.6.tar.gz (1391k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.6.tar.gz.sig -Alternativley you may upgrade version 1.4.4 using this patch file: +Alternativley you may upgrade version 1.4.5 using this patch file: - ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.4-1.4.5.diff.bz2 (93k) + ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.5-1.4.6.diff.bz2 (16k) The SHA-1 checksums are: -ef7ecbd3a03a7978094366bcd1257b3654608d28 libgcrypt-1.4.5.tar.bz2 -8d83a60ca55f2ea40b5d5bc99463905b7a1dcb56 libgcrypt-1.4.5.tar.gz -5307e361da5232cd771c300adddc69e57f0e366d libgcrypt-1.4.4-1.4.5.diff.bz2 +445b9e158aaf91e24eae3d1040c6213e9d9f5ba6 libgcrypt-1.4.6.tar.bz2 +dbe3fee0a9eea8128a1e47c973e0f432a62bfaa2 libgcrypt-1.4.6.tar.gz +9361c5ee7861548a4822e58baba95c81ec878384 libgcrypt-1.4.5-1.4.6.diff.bz2 - For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. Note that this version is from the stable branch; the current development Modified: branches/LIBGCRYPT-1-4-BRANCH/tests/Makefile.am =================================================================== --- branches/LIBGCRYPT-1-4-BRANCH/tests/Makefile.am 2010-07-13 16:04:24 UTC (rev 1439) +++ branches/LIBGCRYPT-1-4-BRANCH/tests/Makefile.am 2010-07-19 13:56:04 UTC (rev 1440) @@ -36,7 +36,7 @@ AM_CPPFLAGS = -I../src -I$(top_srcdir)/src AM_CFLAGS = $(GPG_ERROR_CFLAGS) -LDADD = ../src/libgcrypt.la $(DL_LIBS) +LDADD = ../src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS) EXTRA_PROGRAMS = testapi pkbench noinst_PROGRAMS = $(TESTS) fipsdrv From cvs at cvs.gnupg.org Wed Jul 21 10:00:11 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 21 Jul 2010 10:00:11 +0200 Subject: [svn] gpg-error - r245 - in trunk: . po src Message-ID: Author: wk Date: 2010-07-21 10:00:09 +0200 (Wed, 21 Jul 2010) New Revision: 245 Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac trunk/po/cs.po trunk/po/de.po trunk/po/fr.po trunk/po/it.po trunk/po/libgpg-error.pot trunk/po/nl.po trunk/po/pl.po trunk/po/ro.po trunk/po/sv.po trunk/po/vi.po trunk/po/zh_CN.po trunk/src/err-codes.h.in trunk/src/gpg-error.def.in trunk/src/gpg-error.h.in trunk/src/init.c Log: Add gpg_err_deinit Prepare a new release. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-06-29 17:12:30 UTC (rev 244) +++ trunk/ChangeLog 2010-07-21 08:00:09 UTC (rev 245) @@ -1,3 +1,21 @@ +2010-07-21 Werner Koch + + Release 1.9. + + * configure.ac: Set LT version to C7/A7/R0. + +2010-07-20 Werner Koch + + * src/init.c (DllMain) [!DLL_EXPORT]: Do not build. + (gpg_err_init) [W32][!DLL_EXPORT]: Init TLS. + (gpg_err_deinit): New. + * src/gpg-error.def.in: Add gpg_err_deinit. + * src/gpg-error.h.in: Add gpg_err_deinit. + +2010-07-05 Werner Koch + + * src/err-codes.h.in (GPG_ERR_TOO_MANY, GPG_ERR_LIMIT_REACHED): New. + 2010-06-18 Werner Koch * src/err-codes.h.in (GPG_ERR_MISSING_KEY): New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-06-29 17:12:30 UTC (rev 244) +++ trunk/NEWS 2010-07-21 08:00:09 UTC (rev 245) @@ -1,10 +1,16 @@ -Noteworthy changes in version 1.9 +Noteworthy changes in version 1.9 (2010-07-21) ---------------------------------------------- + * New function gpg_err_deinit. + * Fix building of static lib under W32. + * Interface changes relative to the 1.8 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPG_ERR_MISSING_KEY NEW. + GPG_ERR_TOO_MANY NEW. + GPG_ERR_LIMIT_REACHED NEW. + gpg_err_deinit NEW. Noteworthy changes in version 1.8 (2010-05-06) Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-06-29 17:12:30 UTC (rev 244) +++ trunk/configure.ac 2010-07-21 08:00:09 UTC (rev 245) @@ -25,7 +25,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.9]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -38,8 +38,8 @@ # (Interfaces added: AGE++) # (Interfaces removed: AGE=0) # Note that added error codes don't constitute an interface change. -LIBGPG_ERROR_LT_CURRENT=6 -LIBGPG_ERROR_LT_AGE=6 +LIBGPG_ERROR_LT_CURRENT=7 +LIBGPG_ERROR_LT_AGE=7 LIBGPG_ERROR_LT_REVISION=0 AC_SUBST(LIBGPG_ERROR_LT_CURRENT) AC_SUBST(LIBGPG_ERROR_LT_AGE) Modified: trunk/po/cs.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/libgpg-error.pot =================================================================== --- trunk/po/libgpg-error.pot 2010-06-29 17:12:30 UTC (rev 244) +++ trunk/po/libgpg-error.pot 2010-07-21 08:00:09 UTC (rev 245) @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"POT-Creation-Date: 2010-01-21 12:09+0100\n" +"POT-Creation-Date: 2010-07-20 18:05+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -825,238 +825,250 @@ msgstr "" #: src/err-codes.h:209 +msgid "Missing key" +msgstr "" + +#: src/err-codes.h:210 +msgid "Too many objects" +msgstr "" + +#: src/err-codes.h:211 +msgid "Limit reached" +msgstr "" + +#: src/err-codes.h:212 msgid "Operation not yet finished" msgstr "" -#: src/err-codes.h:210 +#: src/err-codes.h:213 msgid "Buffer too short" msgstr "" -#: src/err-codes.h:211 +#: src/err-codes.h:214 msgid "Invalid length specifier in S-expression" msgstr "" -#: src/err-codes.h:212 +#: src/err-codes.h:215 msgid "String too long in S-expression" msgstr "" -#: src/err-codes.h:213 +#: src/err-codes.h:216 msgid "Unmatched parentheses in S-expression" msgstr "" -#: src/err-codes.h:214 +#: src/err-codes.h:217 msgid "S-expression not canonical" msgstr "" -#: src/err-codes.h:215 +#: src/err-codes.h:218 msgid "Bad character in S-expression" msgstr "" -#: src/err-codes.h:216 +#: src/err-codes.h:219 msgid "Bad quotation in S-expression" msgstr "" -#: src/err-codes.h:217 +#: src/err-codes.h:220 msgid "Zero prefix in S-expression" msgstr "" -#: src/err-codes.h:218 +#: src/err-codes.h:221 msgid "Nested display hints in S-expression" msgstr "" -#: src/err-codes.h:219 +#: src/err-codes.h:222 msgid "Unmatched display hints" msgstr "" -#: src/err-codes.h:220 +#: src/err-codes.h:223 msgid "Unexpected reserved punctuation in S-expression" msgstr "" -#: src/err-codes.h:221 +#: src/err-codes.h:224 msgid "Bad hexadecimal character in S-expression" msgstr "" -#: src/err-codes.h:222 +#: src/err-codes.h:225 msgid "Odd hexadecimal numbers in S-expression" msgstr "" -#: src/err-codes.h:223 +#: src/err-codes.h:226 msgid "Bad octal character in S-expression" msgstr "" -#: src/err-codes.h:224 +#: src/err-codes.h:227 msgid "General IPC error" msgstr "" -#: src/err-codes.h:225 +#: src/err-codes.h:228 msgid "IPC accept call failed" msgstr "" -#: src/err-codes.h:226 +#: src/err-codes.h:229 msgid "IPC connect call failed" msgstr "" -#: src/err-codes.h:227 +#: src/err-codes.h:230 msgid "Invalid IPC response" msgstr "" -#: src/err-codes.h:228 +#: src/err-codes.h:231 msgid "Invalid value passed to IPC" msgstr "" -#: src/err-codes.h:229 +#: src/err-codes.h:232 msgid "Incomplete line passed to IPC" msgstr "" -#: src/err-codes.h:230 +#: src/err-codes.h:233 msgid "Line passed to IPC too long" msgstr "" -#: src/err-codes.h:231 +#: src/err-codes.h:234 msgid "Nested IPC commands" msgstr "" -#: src/err-codes.h:232 +#: src/err-codes.h:235 msgid "No data callback in IPC" msgstr "" -#: src/err-codes.h:233 +#: src/err-codes.h:236 msgid "No inquire callback in IPC" msgstr "" -#: src/err-codes.h:234 +#: src/err-codes.h:237 msgid "Not an IPC server" msgstr "" -#: src/err-codes.h:235 +#: src/err-codes.h:238 msgid "Not an IPC client" msgstr "" -#: src/err-codes.h:236 +#: src/err-codes.h:239 msgid "Problem starting IPC server" msgstr "" -#: src/err-codes.h:237 +#: src/err-codes.h:240 msgid "IPC read error" msgstr "" -#: src/err-codes.h:238 +#: src/err-codes.h:241 msgid "IPC write error" msgstr "" -#: src/err-codes.h:239 +#: src/err-codes.h:242 msgid "Too much data for IPC layer" msgstr "" -#: src/err-codes.h:240 +#: src/err-codes.h:243 msgid "Unexpected IPC command" msgstr "" -#: src/err-codes.h:241 +#: src/err-codes.h:244 msgid "Unknown IPC command" msgstr "" -#: src/err-codes.h:242 +#: src/err-codes.h:245 msgid "IPC syntax error" msgstr "" -#: src/err-codes.h:243 +#: src/err-codes.h:246 msgid "IPC call has been cancelled" msgstr "" -#: src/err-codes.h:244 +#: src/err-codes.h:247 msgid "No input source for IPC" msgstr "" -#: src/err-codes.h:245 +#: src/err-codes.h:248 msgid "No output source for IPC" msgstr "" -#: src/err-codes.h:246 +#: src/err-codes.h:249 msgid "IPC parameter error" msgstr "" -#: src/err-codes.h:247 +#: src/err-codes.h:250 msgid "Unknown IPC inquire" msgstr "" -#: src/err-codes.h:248 +#: src/err-codes.h:251 msgid "User defined error code 1" msgstr "" -#: src/err-codes.h:249 +#: src/err-codes.h:252 msgid "User defined error code 2" msgstr "" -#: src/err-codes.h:250 +#: src/err-codes.h:253 msgid "User defined error code 3" msgstr "" -#: src/err-codes.h:251 +#: src/err-codes.h:254 msgid "User defined error code 4" msgstr "" -#: src/err-codes.h:252 +#: src/err-codes.h:255 msgid "User defined error code 5" msgstr "" -#: src/err-codes.h:253 +#: src/err-codes.h:256 msgid "User defined error code 6" msgstr "" -#: src/err-codes.h:254 +#: src/err-codes.h:257 msgid "User defined error code 7" msgstr "" -#: src/err-codes.h:255 +#: src/err-codes.h:258 msgid "User defined error code 8" msgstr "" -#: src/err-codes.h:256 +#: src/err-codes.h:259 msgid "User defined error code 9" msgstr "" -#: src/err-codes.h:257 +#: src/err-codes.h:260 msgid "User defined error code 10" msgstr "" -#: src/err-codes.h:258 +#: src/err-codes.h:261 msgid "User defined error code 11" msgstr "" -#: src/err-codes.h:259 +#: src/err-codes.h:262 msgid "User defined error code 12" msgstr "" -#: src/err-codes.h:260 +#: src/err-codes.h:263 msgid "User defined error code 13" msgstr "" -#: src/err-codes.h:261 +#: src/err-codes.h:264 msgid "User defined error code 14" msgstr "" -#: src/err-codes.h:262 +#: src/err-codes.h:265 msgid "User defined error code 15" msgstr "" -#: src/err-codes.h:263 +#: src/err-codes.h:266 msgid "User defined error code 16" msgstr "" -#: src/err-codes.h:264 +#: src/err-codes.h:267 msgid "System error w/o errno" msgstr "" -#: src/err-codes.h:265 +#: src/err-codes.h:268 msgid "Unknown system error" msgstr "" -#: src/err-codes.h:266 +#: src/err-codes.h:269 msgid "End of file" msgstr "" -#: src/err-codes.h:267 +#: src/err-codes.h:270 msgid "Unknown error code" msgstr "" Modified: trunk/po/nl.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/vi.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/src/err-codes.h.in =================================================================== --- trunk/src/err-codes.h.in 2010-06-29 17:12:30 UTC (rev 244) +++ trunk/src/err-codes.h.in 2010-07-21 08:00:09 UTC (rev 245) @@ -211,7 +211,9 @@ 179 GPG_ERR_NOT_ENABLED Not enabled 180 GPG_ERR_NO_ENGINE No crypto engine 181 GPG_ERR_MISSING_KEY Missing key -# 182 to 198 are free to be used. +182 GPG_ERR_TOO_MANY Too many objects +183 GPG_ERR_LIMIT_REACHED Limit reached +# 184 to 198 are free to be used. 199 GPG_ERR_UNFINISHED Operation not yet finished 200 GPG_ERR_BUFFER_TOO_SHORT Buffer too short Modified: trunk/src/gpg-error.def.in =================================================================== --- trunk/src/gpg-error.def.in 2010-06-29 17:12:30 UTC (rev 244) +++ trunk/src/gpg-error.def.in 2010-07-21 08:00:09 UTC (rev 245) @@ -26,3 +26,4 @@ _gpg_w32_gettext_localename @16 _gpg_w32_gettext_use_utf8 @17 #endif + gpg_err_deinit @18 Modified: trunk/src/gpg-error.h.in =================================================================== --- trunk/src/gpg-error.h.in 2010-06-29 17:12:30 UTC (rev 244) +++ trunk/src/gpg-error.h.in 2010-07-21 08:00:09 UTC (rev 245) @@ -152,6 +152,10 @@ #define GPG_ERR_INITIALIZED 1 #endif +/* See the source on how to use the deinit function; it is usually not + required. */ +void gpg_err_deinit (int mode); + /* Constructor and accessor functions. */ Modified: trunk/src/init.c =================================================================== --- trunk/src/init.c 2010-06-29 17:12:30 UTC (rev 244) +++ trunk/src/init.c 2010-07-21 08:00:09 UTC (rev 245) @@ -40,8 +40,10 @@ #if HAVE_W32_SYSTEM -static int tls_index; /* Index for the TLS functions. */ +#include +static int tls_index = TLS_OUT_OF_INDEXES; /* Index for the TLS functions. */ + static char *get_locale_dir (void); static void drop_locale_dir (char *locale_dir); @@ -74,12 +76,29 @@ gpg_err_init (void) { #ifdef HAVE_W32_SYSTEM +# ifdef DLL_EXPORT /* We always have a constructor and thus this function is called automatically. Due to the way the C init code of mingw works, the constructors are called before our DllMain function is called. The problem with that is that the TLS has not been setup and w32-gettext.c requires TLS. To solve this we do nothing here but call the actual init code from our DllMain. */ +# else /*!DLL_EXPORT*/ + /* Note that if the TLS is actually used, we can't release the TLS + as there is no way to know when a thread terminates (i.e. no + thread-specific-atexit). You are really better off to use the + DLL! */ + if (tls_index == TLS_OUT_OF_INDEXES) + { + tls_index = TlsAlloc (); + if (tls_index == TLS_OUT_OF_INDEXES) + { + /* No way to continue - commit suicide. */ + abort (); + } + real_init (); + } +# endif /*!DLL_EXPORT*/ #else real_init (); #endif @@ -87,11 +106,41 @@ } +/* Deinitialize libgpg-error. This function is only used in special + circumstances. No gpg-error function should be used after this + function has been called. A value of 0 passed for MODE + deinitializes the entire libgpg-error, a value of 1 releases + resources allocated for the current thread and only that thread may + not anymore access libgpg-error after such a call. Under Windows + this function may be called from the DllMain function of a DLL + which statically links to libgpg-error. */ +void +gpg_err_deinit (int mode) +{ +#if defined (HAVE_W32_SYSTEM) && !defined(DLL_EXPORT) + struct tls_space_s *tls; + + tls = TlsGetValue (tls_index); + if (tls) + { + TlsSetValue (tls_index, NULL); + LocalFree (tls); + } + + if (mode == 0) + { + TlsFree (tls_index); + tls_index = TLS_OUT_OF_INDEXES; + } +#else + (void)mode; +#endif +} + + #ifdef HAVE_W32_SYSTEM -#include - /* Return a malloced string encoded in UTF-8 from the wide char input string STRING. Caller must free this value. Returns NULL on failure. Caller may use GetLastError to get the actual error @@ -292,6 +341,7 @@ /* Entry point called by the DLL loader. */ +#ifdef DLL_EXPORT int WINAPI DllMain (HINSTANCE hinst, DWORD reason, LPVOID reserved) { @@ -336,8 +386,8 @@ return TRUE; } +#endif /*DLL_EXPORT*/ - #else /*!HAVE_W32_SYSTEM*/ void From cvs at cvs.gnupg.org Wed Jul 21 10:07:13 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 21 Jul 2010 10:07:13 +0200 Subject: [svn] GpgEX - r84 - in trunk: . po src Message-ID: Author: wk Date: 2010-07-21 10:07:12 +0200 (Wed, 21 Jul 2010) New Revision: 84 Added: trunk/po/pt.po Modified: trunk/ChangeLog trunk/configure.ac trunk/po/LINGUAS trunk/src/ChangeLog trunk/src/main.cc Log: Fix for latest libgpg-error. Add Portuguese translation Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-04-21 03:04:44 UTC (rev 83) +++ trunk/ChangeLog 2010-07-21 08:07:12 UTC (rev 84) @@ -1,3 +1,12 @@ +2010-07-21 Marco A.G.Pinto (wk) + + * po/pt.po: New. + * po/LINGUAS: Add pt. + +2010-07-21 Werner Koch + + * configure.ac: Require libgpg-error 1.9. + 2010-04-21 Marcus Brinkmann Release 0.9.6. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-04-21 03:04:44 UTC (rev 83) +++ trunk/src/ChangeLog 2010-07-21 08:07:12 UTC (rev 84) @@ -1,3 +1,7 @@ +2010-07-21 Werner Koch + + * main.cc (DllMain): Add explicit init and deinit of libgpg-error. + 2010-04-20 Marcus Brinkmann * client.cc (getinfo_pid_cb): Return gpg_error_t. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-04-21 03:04:44 UTC (rev 83) +++ trunk/configure.ac 2010-07-21 08:07:12 UTC (rev 84) @@ -29,7 +29,7 @@ PACKAGE_GT=${PACKAGE_NAME} VERSION=$PACKAGE_VERSION -NEED_GPG_ERROR_VERSION=1.4 +NEED_GPG_ERROR_VERSION=1.9 NEED_LIBASSUAN_API=2 NEED_LIBASSUAN_VERSION=2.0.0 Modified: trunk/po/LINGUAS =================================================================== --- trunk/po/LINGUAS 2010-04-21 03:04:44 UTC (rev 83) +++ trunk/po/LINGUAS 2010-07-21 08:07:12 UTC (rev 84) @@ -1,2 +1,2 @@ # Set of available languages. -de ar es ru +de ar es pt ru Added: trunk/po/pt.po =================================================================== --- trunk/po/pt.po (rev 0) +++ trunk/po/pt.po 2010-07-21 08:07:12 UTC (rev 84) @@ -0,0 +1,118 @@ +# translation of GPGex. +# Copyright (C) 2008 g10 Code GmbH +# This file is distributed under the same license as the FIXME:GPGex package. +# Diego Escalante Urrelo , 2008. +# +# +msgid "" +msgstr "" +"Project-Id-Version: GpgEX\n" +"Report-Msgid-Bugs-To: bug-gpgex at g10code.com\n" +"POT-Creation-Date: 2009-03-24 20:00+0100\n" +"PO-Revision-Date: 2010-07-18 18:51-0000\n" +"Last-Translator: Marco A.G.Pinto \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Portuguese\n" +"X-Poedit-Country: PORTUGAL\n" +"X-Poedit-SourceCharset: iso-8859-1\n" + +#: src/client.cc:350 +#, c-format +msgid "" +"Can not access Kleopatra:\r\n" +"%s" +msgstr "" +"N?o ? poss?vel aceder a Kleopatra:\r\n" +"%s" + +#: src/gpgex.cc:58 +msgid "Help on GpgEX" +msgstr "Ajuda de GpgEX" + +#: src/gpgex.cc:59 +msgid "Decrypt and verify" +msgstr "Desencriptar e verificar" + +#: src/gpgex.cc:60 +msgid "Decrypt" +msgstr "Desencriptar" + +#: src/gpgex.cc:61 +msgid "Verify" +msgstr "Verificar" + +#: src/gpgex.cc:62 +msgid "Sign and encrypt" +msgstr "Assinar e encriptar" + +#: src/gpgex.cc:63 +msgid "Encrypt" +msgstr "Encriptar" + +#: src/gpgex.cc:64 +msgid "Sign" +msgstr "Assinar" + +#: src/gpgex.cc:65 +msgid "Import keys" +msgstr "Importar chaves" + +#: src/gpgex.cc:66 +msgid "Create checksums" +msgstr "Criar checksums" + +#: src/gpgex.cc:67 +msgid "Verify checksums" +msgstr "Verificar checksums" + +#: src/gpgex.cc:311 +msgid "More GpgEX options" +msgstr "Mais op??es do GpgEX" + +#: src/gpgex.cc:407 +msgid "Invoke the GpgEX documentation." +msgstr "Invocar a documenta??o do GpgEX." + +#: src/gpgex.cc:411 +msgid "Decrypt and verify the marked files." +msgstr "Desencriptar e verificar os ficheiros marcados." + +#: src/gpgex.cc:415 +msgid "Decrypt the marked files." +msgstr "Desencriptar os ficheiros marcados." + +#: src/gpgex.cc:419 +msgid "Verify the marked files." +msgstr "Verificar os ficheiros marcados." + +#: src/gpgex.cc:423 +msgid "Sign and encrypt the marked files." +msgstr "Assinar e encriptar os ficheiros marcados." + +#: src/gpgex.cc:427 +msgid "Encrypt the marked files." +msgstr "Encriptar os ficheiros marcados." + +#: src/gpgex.cc:431 +msgid "Sign the marked files." +msgstr "Assinar os ficheiros marcados." + +#: src/gpgex.cc:435 +msgid "Import the marked files." +msgstr "Importar os ficheiros marcados." + +#: src/gpgex.cc:439 +msgid "Create checksums." +msgstr "Criar checksums." + +#: src/gpgex.cc:443 +msgid "Verify checksums." +msgstr "Verificar checksums." + +#: src/gpgex.cc:447 +msgid "Show more GpgEX options." +msgstr "Mostrar mais op??es do GpgEX." + Modified: trunk/src/main.cc =================================================================== --- trunk/src/main.cc 2010-04-21 03:04:44 UTC (rev 83) +++ trunk/src/main.cc 2010-07-21 08:07:12 UTC (rev 84) @@ -210,6 +210,8 @@ gpgex_server::instance = hinst; /* Early initializations of our subsystems. */ + gpg_err_init (); + i18n_init (); debug_init (); @@ -238,6 +240,10 @@ "reason=DLL_PROCESS_DETACH"); debug_deinit (); + /* We are linking statically to libgpg-error which means there + is no DllMain in libgpg-error. Thus we call the deinit + function to cleanly deinitialize libgpg-error. */ + gpg_err_deinit (0); } return TRUE; From cvs at cvs.gnupg.org Wed Jul 21 10:11:31 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 21 Jul 2010 10:11:31 +0200 Subject: [svn] GpgEX - r85 - in trunk: . po Message-ID: Author: wk Date: 2010-07-21 10:11:30 +0200 (Wed, 21 Jul 2010) New Revision: 85 Modified: trunk/AUTHORS trunk/ChangeLog trunk/NEWS trunk/configure.ac trunk/po/ar.po trunk/po/de.po trunk/po/es.po trunk/po/pt.po trunk/po/ru.po Log: Prepare a release Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-07-21 08:07:12 UTC (rev 84) +++ trunk/ChangeLog 2010-07-21 08:11:30 UTC (rev 85) @@ -1,3 +1,7 @@ +2010-07-21 Werner Koch + + Release 0.9.7. + 2010-07-21 Marco A.G.Pinto (wk) * po/pt.po: New. Modified: trunk/AUTHORS =================================================================== --- trunk/AUTHORS 2010-07-21 08:07:12 UTC (rev 84) +++ trunk/AUTHORS 2010-07-21 08:11:30 UTC (rev 85) @@ -15,3 +15,6 @@ Sergei Smirnov Russian translations. +Marco A.G.Pinto + Portuguese translations. + Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-07-21 08:07:12 UTC (rev 84) +++ trunk/NEWS 2010-07-21 08:11:30 UTC (rev 85) @@ -1,3 +1,11 @@ +Noteworthy changes for version 0.9.7 (2010-07-21) +------------------------------------------------- + +* Fix building with latest libgpg-error. + +* Add Portuguese translation. + + Noteworthy changes for version 0.9.6 (2010-04-21) ------------------------------------------------- Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-07-21 08:07:12 UTC (rev 84) +++ trunk/configure.ac 2010-07-21 08:11:30 UTC (rev 85) @@ -17,7 +17,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [0.9.7]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) Modified: trunk/po/ar.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/ru.po [not shown] From cvs at cvs.gnupg.org Wed Jul 21 10:12:26 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 21 Jul 2010 10:12:26 +0200 Subject: [svn] gpg-error - r246 - tags Message-ID: Author: wk Date: 2010-07-21 10:12:25 +0200 (Wed, 21 Jul 2010) New Revision: 246 Added: tags/libgpg-error-1.9/ Log: From cvs at cvs.gnupg.org Wed Jul 21 10:20:41 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 21 Jul 2010 10:20:41 +0200 Subject: [svn] GpgEX - r86 - tags Message-ID: Author: wk Date: 2010-07-21 10:20:41 +0200 (Wed, 21 Jul 2010) New Revision: 86 Added: tags/gpgex-0.9.7/ Log: From cvs at cvs.gnupg.org Wed Jul 21 11:06:26 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 21 Jul 2010 11:06:26 +0200 Subject: [svn] GpgOL - r335 - in trunk: . po src Message-ID: Author: wk Date: 2010-07-21 11:06:25 +0200 (Wed, 21 Jul 2010) New Revision: 335 Added: trunk/po/pt.po Modified: trunk/AUTHORS trunk/ChangeLog trunk/NEWS trunk/configure.ac trunk/po/LINGUAS trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/main.c Log: Add Portuguese translation Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-04-21 03:23:36 UTC (rev 334) +++ trunk/ChangeLog 2010-07-21 09:06:25 UTC (rev 335) @@ -1,3 +1,16 @@ +2010-07-21 Werner Koch + + Release 1.1.2. + +2010-07-21 Marco A.G.Pinto (wk) + + * po/pt.po: New. + * po/LINGUAS: Add pt. + +2010-07-21 Werner Koch + + * configure.ac: Require libgpg-error 1.9 due to gpg_err_deinit. + 2010-04-21 Marcus Brinkmann * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): Bump Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-04-21 03:23:36 UTC (rev 334) +++ trunk/src/ChangeLog 2010-07-21 09:06:25 UTC (rev 335) @@ -1,3 +1,8 @@ +2010-07-21 Werner Koch + + * main.c (DllMain): Init and deinit libgpg-error which is now + required due to our use of a static libgpg-error. + 2010-04-21 Marcus Brinkmann * engine-assuan.c (connect_uiserver): Update to new libassuan Modified: trunk/AUTHORS =================================================================== --- trunk/AUTHORS 2010-04-21 03:23:36 UTC (rev 334) +++ trunk/AUTHORS 2010-07-21 09:06:25 UTC (rev 335) @@ -13,6 +13,8 @@ Daniel Nylander Swedish translation. +Marco A.G.Pinto + Portuguese translation. Some files may still contain code from the orginal plugin: Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-04-21 03:23:36 UTC (rev 334) +++ trunk/NEWS 2010-07-21 09:06:25 UTC (rev 335) @@ -1,3 +1,11 @@ +Noteworthy changes for version 1.1.2 (2010-07-21) +================================================= + + * Add Portuguese translation + + * Fixed linking problems with latest libgpg-error. + + Noteworthy changes for version 1.1.1 (2010-01-13) ================================================= Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-04-21 03:23:36 UTC (rev 334) +++ trunk/configure.ac 2010-07-21 09:06:25 UTC (rev 335) @@ -17,7 +17,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.1.2]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) @@ -25,7 +25,7 @@ [my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision])], [bug-gpgol at g10code.com]) -NEED_GPG_ERROR_VERSION=1.4 +NEED_GPG_ERROR_VERSION=1.9 NEED_GPGME_API=1 NEED_GPGME_VERSION=1.1.0 NEED_LIBASSUAN_API=2 Modified: trunk/po/LINGUAS =================================================================== --- trunk/po/LINGUAS 2010-04-21 03:23:36 UTC (rev 334) +++ trunk/po/LINGUAS 2010-07-21 09:06:25 UTC (rev 335) @@ -1,5 +1,6 @@ # Set of available languages. de sv +pt Modified: trunk/po/de.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/src/main.c =================================================================== --- trunk/src/main.c 2010-04-21 03:23:36 UTC (rev 334) +++ trunk/src/main.c 2010-07-21 09:06:25 UTC (rev 335) @@ -159,6 +159,9 @@ if (reason == DLL_PROCESS_ATTACH) { set_global_hinstance (hinst); + + gpg_err_init (); + /* The next call initializes subsystems of gpgme and should be done as early as possible. The actual return value (the version string) is not used here. It may be called at any @@ -181,6 +184,7 @@ } else if (reason == DLL_PROCESS_DETACH) { + gpg_err_deinit (0); } return TRUE; From cvs at cvs.gnupg.org Wed Jul 21 11:10:29 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 21 Jul 2010 11:10:29 +0200 Subject: [svn] GpgOL - r336 - tags Message-ID: Author: wk Date: 2010-07-21 11:10:29 +0200 (Wed, 21 Jul 2010) New Revision: 336 Added: tags/gpgol-1.1.2/ Log: From cvs at cvs.gnupg.org Fri Jul 23 14:19:36 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 23 Jul 2010 14:19:36 +0200 Subject: [svn] GnuPG - r5370 - trunk/tests/samplekeys Message-ID: Author: wk Date: 2010-07-23 14:19:35 +0200 (Fri, 23 Jul 2010) New Revision: 5370 Added: trunk/tests/samplekeys/cert-with-117-akas.pem Modified: trunk/tests/samplekeys/README Log: From cvs at cvs.gnupg.org Fri Jul 23 14:30:34 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 23 Jul 2010 14:30:34 +0200 Subject: [svn] GnuPG - r5371 - trunk/kbx Message-ID: Author: wk Date: 2010-07-23 14:30:34 +0200 (Fri, 23 Jul 2010) New Revision: 5371 Modified: trunk/kbx/ChangeLog trunk/kbx/keybox-blob.c Log: fix reallocation bug Modified: trunk/kbx/ChangeLog =================================================================== --- trunk/kbx/ChangeLog 2010-07-23 12:19:35 UTC (rev 5370) +++ trunk/kbx/ChangeLog 2010-07-23 12:30:34 UTC (rev 5371) @@ -1,3 +1,7 @@ +2010-07-23 Werner Koch + + * keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug. + 2010-04-20 Marcus Brinkmann * keybox-update.c [!HAVE_DOSISH_SYSTEM]: Include Modified: trunk/kbx/keybox-blob.c =================================================================== --- trunk/kbx/keybox-blob.c 2010-07-23 12:19:35 UTC (rev 5370) +++ trunk/kbx/keybox-blob.c 2010-07-23 12:30:34 UTC (rev 5371) @@ -889,6 +889,7 @@ rc = gpg_error_from_syserror (); goto leave; } + names = tmp; } names[blob->nuids++] = p; if (!i && (p=x509_email_kludge (p))) From cvs at cvs.gnupg.org Fri Jul 23 14:30:54 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 23 Jul 2010 14:30:54 +0200 Subject: [svn] GnuPG - r5372 - branches/STABLE-BRANCH-2-0/kbx Message-ID: Author: wk Date: 2010-07-23 14:30:53 +0200 (Fri, 23 Jul 2010) New Revision: 5372 Modified: branches/STABLE-BRANCH-2-0/kbx/ChangeLog branches/STABLE-BRANCH-2-0/kbx/keybox-blob.c Log: Fix reallocation bug Modified: branches/STABLE-BRANCH-2-0/kbx/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/kbx/ChangeLog 2010-07-23 12:30:34 UTC (rev 5371) +++ branches/STABLE-BRANCH-2-0/kbx/ChangeLog 2010-07-23 12:30:53 UTC (rev 5372) @@ -1,3 +1,7 @@ +2010-07-23 Werner Koch + + * keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug. + 2008-12-09 Werner Koch * kbxutil.c (main): Call i18n_init before init_common_subsystems. Modified: branches/STABLE-BRANCH-2-0/kbx/keybox-blob.c =================================================================== --- branches/STABLE-BRANCH-2-0/kbx/keybox-blob.c 2010-07-23 12:30:34 UTC (rev 5371) +++ branches/STABLE-BRANCH-2-0/kbx/keybox-blob.c 2010-07-23 12:30:53 UTC (rev 5372) @@ -898,6 +898,7 @@ rc = gpg_error_from_syserror (); goto leave; } + names = tmp; } names[blob->nuids++] = p; if (!i && (p=x509_email_kludge (p))) From cvs at cvs.gnupg.org Fri Jul 23 14:31:26 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 23 Jul 2010 14:31:26 +0200 Subject: [svn] GnuPG - r5373 - trunk/doc Message-ID: Author: wk Date: 2010-07-23 14:31:25 +0200 (Fri, 23 Jul 2010) New Revision: 5373 Added: trunk/doc/vuln-announce-2010-kbx-realloc.txt Log: From cvs at cvs.gnupg.org Fri Jul 23 18:16:16 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 23 Jul 2010 18:16:16 +0200 Subject: [svn] GnuPG - r5374 - in trunk: . common dirmngr doc g10 Message-ID: Author: wk Date: 2010-07-23 18:16:14 +0200 (Fri, 23 Jul 2010) New Revision: 5374 Added: trunk/dirmngr/ldap-wrapper-ce.c trunk/dirmngr/ldap-wrapper.c trunk/dirmngr/ldap-wrapper.h Modified: trunk/NEWS trunk/common/ChangeLog trunk/common/utf8conv.c trunk/dirmngr/ChangeLog trunk/dirmngr/Makefile.am trunk/dirmngr/crlcache.c trunk/dirmngr/crlfetch.h trunk/dirmngr/dirmngr.c trunk/dirmngr/ldap.c trunk/dirmngr/ldapserver.h trunk/doc/vuln-announce-2010-kbx-realloc.txt trunk/g10/ChangeLog trunk/g10/mainproc.c Log: Some work on the dirmngr [The diff below has been truncated] Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/common/ChangeLog 2010-07-23 16:16:14 UTC (rev 5374) @@ -1,3 +1,7 @@ +2010-07-19 Werner Koch + + * utf8conv.c (utf8_to_wchar): s/malloc/jnlib_malloc/. + 2010-07-16 Werner Koch * http.h (HTTP_FLAG_IGNORE_CL): Add flag . Modified: trunk/dirmngr/ChangeLog =================================================================== --- trunk/dirmngr/ChangeLog 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/dirmngr/ChangeLog 2010-07-23 16:16:14 UTC (rev 5374) @@ -1,3 +1,23 @@ +2010-07-19 Werner Koch + + * dirmngr.c: Include ldap-wrapper.h. + (launch_reaper_thread): Move code to ... + * ldap-wrapper.c (ldap_wrapper_launch_thread): .. here. Change + callers. + (ldap_wrapper_thread): Rename to ... + (wrapper_thread): this and make local. + + * ldap.c (destroy_wrapper, print_log_line) + (read_log_data, ldap_wrapper_thread) + (ldap_wrapper_wait_connections, ldap_wrapper_release_context) + (ldap_wrapper_connection_cleanup, reader_callback, ldap_wrapper): + Factor code out to ... + * ldap-wrapper.c: new. + (ldap_wrapper): Make public. + (read_buffer): Copy from ldap.c. + * ldap-wrapper.h: New. + * Makefile.am (dirmngr_SOURCES): Add new files. + 2010-07-16 Werner Koch * http.c, http.h: Remove. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/g10/ChangeLog 2010-07-23 16:16:14 UTC (rev 5374) @@ -1,3 +1,8 @@ +2010-07-20 Werner Koch + + * mainproc.c (print_pkenc_list): Write a STATUS_ERROR. Fixes + bug#1255. + 2010-06-17 Werner Koch * gpg.c (main): Use CAST5 as default s2k algo. The macro Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/NEWS 2010-07-23 16:16:14 UTC (rev 5374) @@ -26,8 +26,8 @@ * If the agent's --use-standard-socket option is active, all tools try to start and daemonize the agent on the fly. In the past this was only supported on W32; on non-W32 systems the new configure - option --use-standard-socket may now be used to use this feature by - default. + option --enable-standard-socket may now be used to use this feature + by default. * Dirmngr is now a part of this package. Modified: trunk/common/utf8conv.c =================================================================== --- trunk/common/utf8conv.c 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/common/utf8conv.c 2010-07-23 16:16:14 UTC (rev 5374) @@ -802,7 +802,7 @@ jnlib_set_errno (ENOMEM); return NULL; } - result = malloc (nbytes); + result = jnlib_malloc (nbytes); if (!result) return NULL; Modified: trunk/dirmngr/Makefile.am =================================================================== --- trunk/dirmngr/Makefile.am 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/dirmngr/Makefile.am 2010-07-23 16:16:14 UTC (rev 5374) @@ -39,7 +39,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ ldapserver.h ldapserver.c certcache.c certcache.h \ cdb.h cdblib.c ldap.c misc.c dirmngr-err.h \ - ocsp.c ocsp.h validate.c validate.h + ocsp.c ocsp.h validate.c validate.h ldap-wrapper.c ldap-wrapper.h dirmngr_LDADD = $(libcommonpth) ../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(PTH_LIBS) $(LIBINTL) $(LIBICONV) Modified: trunk/dirmngr/crlcache.c =================================================================== --- trunk/dirmngr/crlcache.c 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/dirmngr/crlcache.c 2010-07-23 16:16:14 UTC (rev 5374) @@ -891,7 +891,7 @@ xfree (line); } - if (!es_ferror (fp) && !ferror (es_fpout) && !lineerr) + if (!es_ferror (fp) && !es_ferror (fpout) && !lineerr) { /* Write out the remaining entries. */ for (e= cache->entries; e; e = e->next) Modified: trunk/dirmngr/crlfetch.h =================================================================== --- trunk/dirmngr/crlfetch.h 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/dirmngr/crlfetch.h 2010-07-23 16:16:14 UTC (rev 5374) @@ -61,11 +61,6 @@ /*-- ldap.c --*/ -void *ldap_wrapper_thread (void*); -void ldap_wrapper_wait_connections (void); -void ldap_wrapper_release_context (ksba_reader_t reader); -void ldap_wrapper_connection_cleanup (ctrl_t); - gpg_error_t url_fetch_ldap (ctrl_t ctrl, const char *url, const char *host, int port, ksba_reader_t *reader); Modified: trunk/dirmngr/dirmngr.c =================================================================== --- trunk/dirmngr/dirmngr.c 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/dirmngr/dirmngr.c 2010-07-23 16:16:14 UTC (rev 5374) @@ -54,6 +54,7 @@ #include "misc.h" #include "ldapserver.h" #include "asshelp.h" +#include "ldap-wrapper.h" /* The plain Windows version uses the windows service system. For example to start the service you may use "sc start dirmngr". @@ -393,32 +394,6 @@ } -/* Helper to start the reaper thread for the ldap wrapper. */ -static void -launch_reaper_thread (void) -{ - static int done; - pth_attr_t tattr; - - if (done) - return; - done = 1; - - tattr = pth_attr_new(); - pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); - pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024); - pth_attr_set (tattr, PTH_ATTR_NAME, "ldap-reaper"); - - if (!pth_spawn (tattr, ldap_wrapper_thread, NULL)) - { - log_error (_("error spawning ldap wrapper reaper thread: %s\n"), - strerror (errno) ); - dirmngr_exit (1); - } - pth_attr_destroy (tattr); -} - - /* Helper to stop the reaper thread for the ldap wrapper. */ static void shutdown_reaper (void) @@ -938,7 +913,7 @@ log_debug ("... okay\n"); } - launch_reaper_thread (); + ldap_wrapper_launch_thread (); cert_cache_init (); crl_cache_init (); start_command_handler (ASSUAN_INVALID_FD); @@ -1101,7 +1076,7 @@ } #endif - launch_reaper_thread (); + ldap_wrapper_launch_thread (); cert_cache_init (); crl_cache_init (); #ifdef USE_W32_SERVICE @@ -1127,7 +1102,7 @@ /* Just list the CRL cache and exit. */ if (argc) wrong_args ("--list-crls"); - launch_reaper_thread (); + ldap_wrapper_launch_thread (); crl_cache_init (); crl_cache_list (es_stdout); } @@ -1138,7 +1113,7 @@ memset (&ctrlbuf, 0, sizeof ctrlbuf); dirmngr_init_default_ctrl (&ctrlbuf); - launch_reaper_thread (); + ldap_wrapper_launch_thread (); cert_cache_init (); crl_cache_init (); if (!argc) @@ -1160,7 +1135,7 @@ memset (&ctrlbuf, 0, sizeof ctrlbuf); dirmngr_init_default_ctrl (&ctrlbuf); - launch_reaper_thread (); + ldap_wrapper_launch_thread (); cert_cache_init (); crl_cache_init (); rc = crl_fetch (&ctrlbuf, argv[0], &reader); Added: trunk/dirmngr/ldap-wrapper-ce.c =================================================================== --- trunk/dirmngr/ldap-wrapper-ce.c (rev 0) +++ trunk/dirmngr/ldap-wrapper-ce.c 2010-07-23 16:16:14 UTC (rev 5374) @@ -0,0 +1,333 @@ +/* ldap-wrapper-ce.c - LDAP access via W32 threads + * Copyright (C) 2010 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* + Alternative wrapper for use with WindowsCE. Under WindowsCE the + number of processes is strongly limited (32 processes including the + kernel processes) and thus we don't use the process approach but + implement a wrapper based on native threads. + + See ldap-wrapper.c for the standard wrapper interface. + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "dirmngr.h" +#include "misc.h" +#include "ldap-wrapper.h" + + + +/* To keep track of the LDAP wrapper state we use this structure. */ +struct wrapper_context_s +{ + struct wrapper_context_s *next; + + pid_t pid; /* The pid of the wrapper process. */ + int printable_pid; /* Helper to print diagnostics after the process has + been cleaned up. */ + int fd; /* Connected with stdout of the ldap wrapper. */ + gpg_error_t fd_error; /* Set to the gpg_error of the last read error + if any. */ + int log_fd; /* Connected with stderr of the ldap wrapper. */ + pth_event_t log_ev; + ctrl_t ctrl; /* Connection data. */ + int ready; /* Internally used to mark to be removed contexts. */ + ksba_reader_t reader; /* The ksba reader object or NULL. */ + char *line; /* Used to print the log lines (malloced). */ + size_t linesize;/* Allocated size of LINE. */ + size_t linelen; /* Use size of LINE. */ + time_t stamp; /* The last time we noticed ativity. */ +}; + + + +/* We keep a global list of spawed wrapper process. A separate thread + makes use of this list to log error messages and to watch out for + finished processes. */ +static struct wrapper_context_s *wrapper_list; + +/* We need to know whether we are shutting down the process. */ +static int shutting_down; + + + +/* Start the reaper thread for this wrapper. */ +void +ldap_wrapper_launch_thread (void) +{ + static int done; + pth_attr_t tattr; + + if (done) + return; + done = 1; + + tattr = pth_attr_new(); + pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); + pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024); + pth_attr_set (tattr, PTH_ATTR_NAME, "ldap-reaper"); + + if (!pth_spawn (tattr, ldap_wrapper_thread, NULL)) + { + log_error (_("error spawning ldap wrapper reaper thread: %s\n"), + strerror (errno) ); + dirmngr_exit (1); + } + pth_attr_destroy (tattr); +} + + + + + +/* Wait until all ldap wrappers have terminated. We assume that the + kill has already been sent to all of them. */ +void +ldap_wrapper_wait_connections () +{ + shutting_down = 1; + while (wrapper_list) + pth_yield (NULL); +} + + +/* This function is to be used to release a context associated with the + given reader object. */ +void +ldap_wrapper_release_context (ksba_reader_t reader) +{ + if (!reader ) + return; + + for (ctx=wrapper_list; ctx; ctx=ctx->next) + if (ctx->reader == reader) + { + if (DBG_LOOKUP) + log_info ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n", + ctx, + (int)ctx->pid, (int)ctx->printable_pid, + ctx->reader, + ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0); + + ctx->reader = NULL; + SAFE_PTH_CLOSE (ctx->fd); + if (ctx->ctrl) + { + ctx->ctrl->refcount--; + ctx->ctrl = NULL; + } + if (ctx->fd_error) + log_info (_("reading from ldap wrapper %d failed: %s\n"), + ctx->printable_pid, gpg_strerror (ctx->fd_error)); + break; + } +} + +/* Cleanup all resources held by the connection associated with + CTRL. This is used after a cancel to kill running wrappers. */ +void +ldap_wrapper_connection_cleanup (ctrl_t ctrl) +{ + struct wrapper_context_s *ctx; + + for (ctx=wrapper_list; ctx; ctx=ctx->next) + if (ctx->ctrl && ctx->ctrl == ctrl) + { + ctx->ctrl->refcount--; + ctx->ctrl = NULL; + if (ctx->pid != (pid_t)(-1)) + gnupg_kill_process (ctx->pid); + if (ctx->fd_error) + log_info (_("reading from ldap wrapper %d failed: %s\n"), + ctx->printable_pid, gpg_strerror (ctx->fd_error)); + } +} + +/* Fork and exec the LDAP wrapper and returns a new libksba reader + object at READER. ARGV is a NULL terminated list of arguments for + the wrapper. The function returns 0 on success or an error code. + + Special hack to avoid passing a password through the command line + which is globally visible: If the first element of ARGV is "--pass" + it will be removed and instead the environment variable + DIRMNGR_LDAP_PASS will be set to the next value of ARGV. On modern + OSes the environment is not visible to other users. For those old + systems where it can't be avoided, we don't want to go into the + hassle of passing the password via stdin; it's just too complicated + and an LDAP password used for public directory lookups should not + be that confidential. */ +gpg_error_t +ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[]) +{ + gpg_error_t err; + pid_t pid; + struct wrapper_context_s *ctx; + int i; + int j; + const char **arg_list; + const char *pgmname; + int outpipe[2], errpipe[2]; + + /* It would be too simple to connect stderr just to our logging + stream. The problem is that if we are running multi-threaded + everything gets intermixed. Clearly we don't want this. So the + only viable solutions are either to have another thread + responsible for logging the messages or to add an option to the + wrapper module to do the logging on its own. Given that we anyway + need a way to rip the child process and this is best done using a + general ripping thread, that thread can do the logging too. */ + + *reader = NULL; + + /* Files: We need to prepare stdin and stdout. We get stderr from + the function. */ + if (!opt.ldap_wrapper_program || !*opt.ldap_wrapper_program) + pgmname = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR_LDAP); + else + pgmname = opt.ldap_wrapper_program; + + /* Create command line argument array. */ + for (i = 0; argv[i]; i++) + ; + arg_list = xtrycalloc (i + 2, sizeof *arg_list); + if (!arg_list) + { + err = gpg_error_from_syserror (); + log_error (_("error allocating memory: %s\n"), strerror (errno)); + return err; + } + for (i = j = 0; argv[i]; i++, j++) + if (!i && argv[i + 1] && !strcmp (*argv, "--pass")) + { + arg_list[j] = "--env-pass"; + setenv ("DIRMNGR_LDAP_PASS", argv[1], 1); + i++; + } + else + arg_list[j] = (char*) argv[i]; + + ctx = xtrycalloc (1, sizeof *ctx); + if (!ctx) + { + err = gpg_error_from_syserror (); + log_error (_("error allocating memory: %s\n"), strerror (errno)); + xfree (arg_list); + return err; + } + + err = gnupg_create_inbound_pipe (outpipe); + if (!err) + { + err = gnupg_create_inbound_pipe (errpipe); + if (err) + { + close (outpipe[0]); + close (outpipe[1]); + } + } + if (err) + { + log_error (_("error creating pipe: %s\n"), gpg_strerror (err)); + xfree (arg_list); + xfree (ctx); + return err; + } + + err = gnupg_spawn_process_fd (pgmname, arg_list, + -1, outpipe[1], errpipe[1], &pid); + xfree (arg_list); + close (outpipe[1]); + close (errpipe[1]); + if (err) + { + close (outpipe[0]); + close (errpipe[0]); + xfree (ctx); + return err; + } + + ctx->pid = pid; + ctx->printable_pid = (int) pid; + ctx->fd = outpipe[0]; + ctx->log_fd = errpipe[0]; + ctx->log_ev = pth_event (PTH_EVENT_FD | PTH_UNTIL_FD_READABLE, ctx->log_fd); + if (! ctx->log_ev) + { + xfree (ctx); + return gpg_error_from_syserror (); + } + ctx->ctrl = ctrl; + ctrl->refcount++; + ctx->stamp = time (NULL); + + err = ksba_reader_new (reader); + if (!err) + err = ksba_reader_set_cb (*reader, reader_callback, ctx); + if (err) + { + log_error (_("error initializing reader object: %s\n"), + gpg_strerror (err)); + destroy_wrapper (ctx); + ksba_reader_release (*reader); + *reader = NULL; + return err; + } + + /* Hook the context into our list of running wrappers. */ + ctx->reader = *reader; + ctx->next = wrapper_list; + wrapper_list = ctx; + if (opt.verbose) + log_info ("ldap wrapper %d started (reader %p)\n", + (int)ctx->pid, ctx->reader); + + /* Need to wait for the first byte so we are able to detect an empty + output and not let the consumer see an EOF without further error + indications. The CRL loading logic assumes that after return + from this function, a failed search (e.g. host not found ) is + indicated right away. */ + { + unsigned char c; + + err = read_buffer (*reader, &c, 1); + if (err) + { + ldap_wrapper_release_context (*reader); + ksba_reader_release (*reader); + *reader = NULL; + if (gpg_err_code (err) == GPG_ERR_EOF) + return gpg_error (GPG_ERR_NO_DATA); + else + return err; + } + ksba_reader_unread (*reader, &c, 1); + } + + return 0; +} Added: trunk/dirmngr/ldap-wrapper.c =================================================================== --- trunk/dirmngr/ldap-wrapper.c (rev 0) +++ trunk/dirmngr/ldap-wrapper.c 2010-07-23 16:16:14 UTC (rev 5374) @@ -0,0 +1,747 @@ +/* ldap-wrapper.c - LDAP access via a wrapper process + * Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH + * Copyright (C) 2010 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* + We can't use LDAP directly for these reasons: + + 1. On some systems the LDAP library uses (indirectly) pthreads and + that is not compatible with PTh. + + 2. It is huge library in particular if TLS comes into play. So + problems with unfreed memory might turn up and we don't want + this in a long running daemon. + + 3. There is no easy way for timeouts. In particular the timeout + value does not work for DNS lookups (well, this is usual) and it + seems not to work while loading a large attribute like a + CRL. Having a separate process allows us to either tell the + process to commit suicide or have our own housekepping function + kill it after some time. The latter also allows proper + cancellation of a query at any point of time. + + 4. Given that we are going out to the network and usually get back + a long response, the fork/exec overhead is acceptable. + + Note that under WindowsCE the number of processes is strongly + limited (32 processes including the kernel processes) and thus we + don't use the process approach but implement a different wrapper in + ldap-wrapper-ce.c. +*/ + + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "dirmngr.h" +#include "exechelp.h" +#include "misc.h" +#include "ldap-wrapper.h" + + +#ifdef HAVE_W32_SYSTEM +#define setenv(a,b,c) SetEnvironmentVariable ((a),(b)) +#else +#define pth_close(fd) close(fd) +#endif + + +/* In case sysconf does not return a value we need to have a limit. */ +#ifdef _POSIX_OPEN_MAX +#define MAX_OPEN_FDS _POSIX_OPEN_MAX +#else +#define MAX_OPEN_FDS 20 +#endif + +#define INACTIVITY_TIMEOUT (opt.ldaptimeout + 60*5) /* seconds */ + + + +/* To keep track of the LDAP wrapper state we use this structure. */ +struct wrapper_context_s +{ + struct wrapper_context_s *next; + + pid_t pid; /* The pid of the wrapper process. */ + int printable_pid; /* Helper to print diagnostics after the process has + been cleaned up. */ + int fd; /* Connected with stdout of the ldap wrapper. */ + gpg_error_t fd_error; /* Set to the gpg_error of the last read error + if any. */ + int log_fd; /* Connected with stderr of the ldap wrapper. */ + pth_event_t log_ev; + ctrl_t ctrl; /* Connection data. */ + int ready; /* Internally used to mark to be removed contexts. */ + ksba_reader_t reader; /* The ksba reader object or NULL. */ + char *line; /* Used to print the log lines (malloced). */ + size_t linesize;/* Allocated size of LINE. */ + size_t linelen; /* Use size of LINE. */ + time_t stamp; /* The last time we noticed ativity. */ +}; + + + +/* We keep a global list of spawed wrapper process. A separate thread + makes use of this list to log error messages and to watch out for + finished processes. */ +static struct wrapper_context_s *wrapper_list; + +/* We need to know whether we are shutting down the process. */ +static int shutting_down; + +/* Close the pth file descriptor FD and set it to -1. */ +#define SAFE_PTH_CLOSE(fd) \ + do { int _fd = fd; if (_fd != -1) { pth_close (_fd); fd = -1;} } while (0) + + + + +/* Read a fixed amount of data from READER into BUFFER. */ +static gpg_error_t +read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count) +{ + gpg_error_t err; + size_t nread; + + while (count) + { + err = ksba_reader_read (reader, buffer, count, &nread); + if (err) + return err; + buffer += nread; + count -= nread; + } + return 0; +} + + +/* Release the wrapper context and kill a running wrapper process. */ +static void +destroy_wrapper (struct wrapper_context_s *ctx) +{ + if (ctx->pid != (pid_t)(-1)) + { + gnupg_kill_process (ctx->pid); + gnupg_release_process (ctx->pid); + } + ksba_reader_release (ctx->reader); + SAFE_PTH_CLOSE (ctx->fd); + SAFE_PTH_CLOSE (ctx->log_fd); + if (ctx->log_ev) + pth_event_free (ctx->log_ev, PTH_FREE_THIS); + xfree (ctx->line); + xfree (ctx); +} + + +/* Print the content of LINE to thye log stream but make sure to only + print complete lines. Using NULL for LINE will flush any pending + output. LINE may be modified by this fucntion. */ +static void +print_log_line (struct wrapper_context_s *ctx, char *line) +{ + char *s; + size_t n; + + if (!line) + { + if (ctx->line && ctx->linelen) + { + + log_info ("%s\n", ctx->line); + ctx->linelen = 0; + } + return; + } + + while ((s = strchr (line, '\n'))) + { + *s = 0; + if (ctx->line && ctx->linelen) + { + log_info ("%s", ctx->line); + ctx->linelen = 0; + log_printf ("%s\n", line); + } + else + log_info ("%s\n", line); + line = s + 1; + } + n = strlen (line); + if (n) + { + if (ctx->linelen + n + 1 >= ctx->linesize) + { + char *tmp; + size_t newsize; + + newsize = ctx->linesize + ((n + 255) & ~255) + 1; + tmp = (ctx->line ? xtryrealloc (ctx->line, newsize) + : xtrymalloc (newsize)); + if (!tmp) + { + log_error (_("error printing log line: %s\n"), strerror (errno)); + return; + } + ctx->line = tmp; + ctx->linesize = newsize; + } + memcpy (ctx->line + ctx->linelen, line, n); + ctx->linelen += n; + ctx->line[ctx->linelen] = 0; + } +} + + +/* Read data from the log stream. Returns true if the log stream + indicated EOF or error. */ +static int +read_log_data (struct wrapper_context_s *ctx) +{ + int n; + char line[256]; + + /* We must use the pth_read function for pipes, always. */ + do + n = pth_read (ctx->log_fd, line, sizeof line - 1); + while (n < 0 && errno == EINTR); + + if (n <= 0) /* EOF or error. */ + { + if (n < 0) + log_error (_("error reading log from ldap wrapper %d: %s\n"), + ctx->pid, strerror (errno)); + print_log_line (ctx, NULL); + SAFE_PTH_CLOSE (ctx->log_fd); + pth_event_free (ctx->log_ev, PTH_FREE_THIS); + ctx->log_ev = NULL; + return 1; + } + + line[n] = 0; + print_log_line (ctx, line); + if (ctx->stamp != (time_t)(-1)) + ctx->stamp = time (NULL); + return 0; +} + + +/* This function is run by a separate thread to maintain the list of + wrappers and to log error messages from these wrappers. */ +void * +ldap_wrapper_thread (void *dummy) +{ + int nfds; + struct wrapper_context_s *ctx; + struct wrapper_context_s *ctx_prev; + time_t current_time; + + (void)dummy; + + for (;;) + { + pth_event_t timeout_ev; + int any_action = 0; + + timeout_ev = pth_event (PTH_EVENT_TIME, pth_timeout (1, 0)); + if (! timeout_ev) + { + log_error (_("pth_event failed: %s\n"), strerror (errno)); + pth_sleep (10); + continue; + } + + for (ctx = wrapper_list; ctx; ctx = ctx->next) + { + if (ctx->log_fd != -1) + { + pth_event_isolate (ctx->log_ev); + pth_event_concat (timeout_ev, ctx->log_ev, NULL); + } + } + + /* Note that the read FDs are actually handles. Thus, we can + not use pth_select, but have to use pth_wait. */ + nfds = pth_wait (timeout_ev); + if (nfds < 0) + { + pth_event_free (timeout_ev, PTH_FREE_THIS); + log_error (_("pth_wait failed: %s\n"), strerror (errno)); + pth_sleep (10); + continue; + } + if (pth_event_status (timeout_ev) == PTH_STATUS_OCCURRED) + nfds--; + pth_event_free (timeout_ev, PTH_FREE_THIS); + + current_time = time (NULL); + if (current_time > INACTIVITY_TIMEOUT) + current_time -= INACTIVITY_TIMEOUT; + + /* Note that there is no need to lock the list because we always + add entries at the head (with a pending event status) and + thus traversing the list will even work if we have a context + switch in waitpid (which should anyway only happen with Pth's + hard system call mapping). */ + for (ctx = wrapper_list; ctx; ctx = ctx->next) + { + /* Check whether there is any logging to be done. */ + if (nfds && ctx->log_fd != -1 + && pth_event_status (ctx->log_ev) == PTH_STATUS_OCCURRED) + { + if (read_log_data (ctx)) + any_action = 1; + } + + /* Check whether the process is still running. */ + if (ctx->pid != (pid_t)(-1)) + { + gpg_error_t err; + int status; + + err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0, + &status); + if (!err) + { + log_info (_("ldap wrapper %d ready"), (int)ctx->pid); + ctx->ready = 1; + gnupg_release_process (ctx->pid); + ctx->pid = (pid_t)(-1); + any_action = 1; + } + else if (gpg_err_code (err) == GPG_ERR_GENERAL) + { + if (status == 10) + log_info (_("ldap wrapper %d ready: timeout\n"), + (int)ctx->pid); + else + log_info (_("ldap wrapper %d ready: exitcode=%d\n"), + (int)ctx->pid, status); + ctx->ready = 1; + gnupg_release_process (ctx->pid); + ctx->pid = (pid_t)(-1); + any_action = 1; + } + else if (gpg_err_code (err) != GPG_ERR_TIMEOUT) + { + log_error (_("waiting for ldap wrapper %d failed: %s\n"), + (int)ctx->pid, gpg_strerror (err)); + any_action = 1; + } + } + + /* Check whether we should terminate the process. */ + if (ctx->pid != (pid_t)(-1) + && ctx->stamp != (time_t)(-1) && ctx->stamp < current_time) + { + gnupg_kill_process (ctx->pid); + ctx->stamp = (time_t)(-1); + log_info (_("ldap wrapper %d stalled - killing\n"), + (int)ctx->pid); + /* We need to close the log fd because the cleanup loop + waits for it. */ + SAFE_PTH_CLOSE (ctx->log_fd); + any_action = 1; + } + } + + /* If something has been printed to the log file or we got an + EOF from a wrapper, we now print the list of active + wrappers. */ + if (any_action && DBG_LOOKUP) + { + log_info ("ldap worker stati:\n"); + for (ctx = wrapper_list; ctx; ctx = ctx->next) + log_info (" c=%p pid=%d/%d rdr=%p ctrl=%p/%d la=%lu rdy=%d\n", + ctx, + (int)ctx->pid, (int)ctx->printable_pid, + ctx->reader, + ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0, + (unsigned long)ctx->stamp, ctx->ready); + } + + + /* Use a separate loop to check whether ready marked wrappers + may be removed. We may only do so if the ksba reader object + is not anymore in use or we are in shutdown state. */ + again: + for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next) + if (ctx->ready + && ((ctx->log_fd == -1 && !ctx->reader) || shutting_down)) + { + if (ctx_prev) + ctx_prev->next = ctx->next; + else + wrapper_list = ctx->next; + destroy_wrapper (ctx); + /* We need to restart because destroy_wrapper might have + done a context switch. */ + goto again; + } + } + /*NOTREACHED*/ + return NULL; /* Make the compiler happy. */ +} + + + +/* Start the reaper thread for the ldap wrapper. */ +void +ldap_wrapper_launch_thread (void) +{ + static int done; + pth_attr_t tattr; + + if (done) + return; + done = 1; + + tattr = pth_attr_new(); + pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); + pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024); + pth_attr_set (tattr, PTH_ATTR_NAME, "ldap-reaper"); + + if (!pth_spawn (tattr, ldap_wrapper_thread, NULL)) + { + log_error (_("error spawning ldap wrapper reaper thread: %s\n"), + strerror (errno) ); + dirmngr_exit (1); + } + pth_attr_destroy (tattr); +} + + + + + +/* Wait until all ldap wrappers have terminated. We assume that the + kill has already been sent to all of them. */ +void +ldap_wrapper_wait_connections () +{ + shutting_down = 1; + while (wrapper_list) + pth_yield (NULL); +} + + +/* This function is to be used to release a context associated with the + given reader object. */ +void +ldap_wrapper_release_context (ksba_reader_t reader) +{ + struct wrapper_context_s *ctx; + + if (!reader ) + return; + + for (ctx=wrapper_list; ctx; ctx=ctx->next) + if (ctx->reader == reader) + { + if (DBG_LOOKUP) + log_info ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n", + ctx, + (int)ctx->pid, (int)ctx->printable_pid, + ctx->reader, + ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0); + + ctx->reader = NULL; + SAFE_PTH_CLOSE (ctx->fd); + if (ctx->ctrl) + { + ctx->ctrl->refcount--; + ctx->ctrl = NULL; + } + if (ctx->fd_error) + log_info (_("reading from ldap wrapper %d failed: %s\n"), + ctx->printable_pid, gpg_strerror (ctx->fd_error)); + break; + } +} + +/* Cleanup all resources held by the connection associated with + CTRL. This is used after a cancel to kill running wrappers. */ +void +ldap_wrapper_connection_cleanup (ctrl_t ctrl) +{ + struct wrapper_context_s *ctx; + + for (ctx=wrapper_list; ctx; ctx=ctx->next) + if (ctx->ctrl && ctx->ctrl == ctrl) + { + ctx->ctrl->refcount--; + ctx->ctrl = NULL; + if (ctx->pid != (pid_t)(-1)) + gnupg_kill_process (ctx->pid); + if (ctx->fd_error) + log_info (_("reading from ldap wrapper %d failed: %s\n"), + ctx->printable_pid, gpg_strerror (ctx->fd_error)); + } +} + +/* This is the callback used by the ldap wrapper to feed the ksba + reader with the wrappers stdout. See the description of + ksba_reader_set_cb for details. */ +static int +reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread) +{ + struct wrapper_context_s *ctx = cb_value; + size_t nleft = count; + + /* FIXME: We might want to add some internal buffering because the + ksba code does not do any buffering for itself (because a ksba + reader may be detached from another stream to read other data and + the it would be cumbersome to get back already buffered + stuff). */ + + if (!buffer && !count && !nread) + return -1; /* Rewind is not supported. */ + + /* If we ever encountered a read error don't allow to continue and + possible overwrite the last error cause. Bail out also if the + file descriptor has been closed. */ + if (ctx->fd_error || ctx->fd == -1) + { + *nread = 0; + return -1; + } + + while (nleft > 0) + { + int n; + pth_event_t evt; + gpg_error_t err; + + evt = pth_event (PTH_EVENT_TIME, pth_timeout (1, 0)); + n = pth_read_ev (ctx->fd, buffer, nleft, evt); + if (n < 0 && evt && pth_event_occurred (evt)) + { + n = 0; + err = dirmngr_tick (ctx->ctrl); + if (err) + { + ctx->fd_error = err; + SAFE_PTH_CLOSE (ctx->fd); + if (evt) + pth_event_free (evt, PTH_FREE_THIS); + return -1; + } + + } + else if (n < 0) + { + ctx->fd_error = gpg_error_from_errno (errno); + SAFE_PTH_CLOSE (ctx->fd); + if (evt) + pth_event_free (evt, PTH_FREE_THIS); + return -1; + } + else if (!n) + { + if (nleft == count) + { + if (evt) + pth_event_free (evt, PTH_FREE_THIS); + return -1; /* EOF. */ + } + break; + } + nleft -= n; + buffer += n; + if (evt) + pth_event_free (evt, PTH_FREE_THIS); + if (n > 0 && ctx->stamp != (time_t)(-1)) + ctx->stamp = time (NULL); + } + *nread = count - nleft; + + return 0; + +} + +/* Fork and exec the LDAP wrapper and returns a new libksba reader + object at READER. ARGV is a NULL terminated list of arguments for + the wrapper. The function returns 0 on success or an error code. + + Special hack to avoid passing a password through the command line + which is globally visible: If the first element of ARGV is "--pass" + it will be removed and instead the environment variable + DIRMNGR_LDAP_PASS will be set to the next value of ARGV. On modern + OSes the environment is not visible to other users. For those old + systems where it can't be avoided, we don't want to go into the + hassle of passing the password via stdin; it's just too complicated + and an LDAP password used for public directory lookups should not + be that confidential. */ +gpg_error_t +ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[]) +{ + gpg_error_t err; + pid_t pid; + struct wrapper_context_s *ctx; + int i; + int j; + const char **arg_list; + const char *pgmname; + int outpipe[2], errpipe[2]; + + /* It would be too simple to connect stderr just to our logging + stream. The problem is that if we are running multi-threaded + everything gets intermixed. Clearly we don't want this. So the + only viable solutions are either to have another thread + responsible for logging the messages or to add an option to the + wrapper module to do the logging on its own. Given that we anyway + need a way to rip the child process and this is best done using a + general ripping thread, that thread can do the logging too. */ + + *reader = NULL; + + /* Files: We need to prepare stdin and stdout. We get stderr from + the function. */ + if (!opt.ldap_wrapper_program || !*opt.ldap_wrapper_program) + pgmname = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR_LDAP); + else + pgmname = opt.ldap_wrapper_program; + + /* Create command line argument array. */ + for (i = 0; argv[i]; i++) + ; + arg_list = xtrycalloc (i + 2, sizeof *arg_list); + if (!arg_list) + { + err = gpg_error_from_syserror (); + log_error (_("error allocating memory: %s\n"), strerror (errno)); + return err; + } + for (i = j = 0; argv[i]; i++, j++) + if (!i && argv[i + 1] && !strcmp (*argv, "--pass")) + { + arg_list[j] = "--env-pass"; + setenv ("DIRMNGR_LDAP_PASS", argv[1], 1); + i++; + } + else + arg_list[j] = (char*) argv[i]; + + ctx = xtrycalloc (1, sizeof *ctx); + if (!ctx) + { + err = gpg_error_from_syserror (); + log_error (_("error allocating memory: %s\n"), strerror (errno)); + xfree (arg_list); + return err; + } + + err = gnupg_create_inbound_pipe (outpipe); + if (!err) + { + err = gnupg_create_inbound_pipe (errpipe); + if (err) + { + close (outpipe[0]); + close (outpipe[1]); + } + } + if (err) + { + log_error (_("error creating pipe: %s\n"), gpg_strerror (err)); + xfree (arg_list); + xfree (ctx); + return err; + } + + err = gnupg_spawn_process_fd (pgmname, arg_list, + -1, outpipe[1], errpipe[1], &pid); + xfree (arg_list); + close (outpipe[1]); + close (errpipe[1]); + if (err) + { + close (outpipe[0]); + close (errpipe[0]); + xfree (ctx); + return err; + } + + ctx->pid = pid; + ctx->printable_pid = (int) pid; + ctx->fd = outpipe[0]; + ctx->log_fd = errpipe[0]; + ctx->log_ev = pth_event (PTH_EVENT_FD | PTH_UNTIL_FD_READABLE, ctx->log_fd); + if (! ctx->log_ev) + { + xfree (ctx); + return gpg_error_from_syserror (); + } + ctx->ctrl = ctrl; + ctrl->refcount++; + ctx->stamp = time (NULL); + + err = ksba_reader_new (reader); + if (!err) + err = ksba_reader_set_cb (*reader, reader_callback, ctx); + if (err) + { + log_error (_("error initializing reader object: %s\n"), + gpg_strerror (err)); + destroy_wrapper (ctx); + ksba_reader_release (*reader); + *reader = NULL; + return err; + } + + /* Hook the context into our list of running wrappers. */ + ctx->reader = *reader; + ctx->next = wrapper_list; + wrapper_list = ctx; + if (opt.verbose) + log_info ("ldap wrapper %d started (reader %p)\n", + (int)ctx->pid, ctx->reader); + + /* Need to wait for the first byte so we are able to detect an empty + output and not let the consumer see an EOF without further error + indications. The CRL loading logic assumes that after return + from this function, a failed search (e.g. host not found ) is + indicated right away. */ + { + unsigned char c; + + err = read_buffer (*reader, &c, 1); + if (err) + { + ldap_wrapper_release_context (*reader); + ksba_reader_release (*reader); + *reader = NULL; + if (gpg_err_code (err) == GPG_ERR_EOF) + return gpg_error (GPG_ERR_NO_DATA); + else + return err; + } + ksba_reader_unread (*reader, &c, 1); + } + + return 0; +} Added: trunk/dirmngr/ldap-wrapper.h =================================================================== --- trunk/dirmngr/ldap-wrapper.h (rev 0) +++ trunk/dirmngr/ldap-wrapper.h 2010-07-23 16:16:14 UTC (rev 5374) @@ -0,0 +1,33 @@ +/* ldap-wrapper.h - Interface to an LDAP access wrapper. + * Copyright (C) 2010 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef LDAP_WRAPPER_H +#define LDAP_WRAPPER_H + +void ldap_wrapper_launch_thread (void); +void ldap_wrapper_wait_connections (void); +void ldap_wrapper_release_context (ksba_reader_t reader); +void ldap_wrapper_connection_cleanup (ctrl_t); +gpg_error_t ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, + const char *argv[]); + + + + +#endif /*LDAP_WRAPPER_H*/ Modified: trunk/dirmngr/ldap.c =================================================================== --- trunk/dirmngr/ldap.c 2010-07-23 12:31:25 UTC (rev 5373) +++ trunk/dirmngr/ldap.c 2010-07-23 16:16:14 UTC (rev 5374) @@ -35,23 +35,9 @@ #include "crlfetch.h" #include "ldapserver.h" #include "misc.h" +#include "ldap-wrapper.h" -#ifdef HAVE_W32_SYSTEM -#define setenv(a,b,c) SetEnvironmentVariable ((a),(b)) -#else -#define pth_close(fd) close(fd) -#endif - -/* In case sysconf does not return a value we need to have a limit. */ -#ifdef _POSIX_OPEN_MAX -#define MAX_OPEN_FDS _POSIX_OPEN_MAX -#else -#define MAX_OPEN_FDS 20 -#endif - -#define INACTIVITY_TIMEOUT (opt.ldaptimeout + 60*5) /* seconds */ - #define UNENCODED_URL_CHARS "abcdefghijklmnopqrstuvwxyz" \ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ "01234567890" \ @@ -72,51 +58,7 @@ }; -/* To keep track of the LDAP wrapper state we use this structure. */ -struct wrapper_context_s -{ - struct wrapper_context_s *next; - pid_t pid; /* The pid of the wrapper process. */ - int printable_pid; /* Helper to print diagnostics after the process has - been cleaned up. */ - int fd; /* Connected with stdout of the ldap wrapper. */ - gpg_error_t fd_error; /* Set to the gpg_error of the last read error - if any. */ - int log_fd; /* Connected with stderr of the ldap wrapper. */ - pth_event_t log_ev; - ctrl_t ctrl; /* Connection data. */ - int ready; /* Internally used to mark to be removed contexts. */ - ksba_reader_t reader; /* The ksba reader object or NULL. */ - char *line; /* Used to print the log lines (malloced). */ - size_t linesize;/* Allocated size of LINE. */ - size_t linelen; /* Use size of LINE. */ - time_t stamp; /* The last time we noticed ativity. */ -}; - - - - - -/* We keep a global list of spawed wrapper process. A separate thread - makes use of this list to log error messages and to watch out for - finished processes. */ -static struct wrapper_context_s *wrapper_list; - -/* We need to know whether we are shutting down the process. */ -static int shutting_down; - -/* Close the pth file descriptor FD and set it to -1. */ -#define SAFE_PTH_CLOSE(fd) \ - do { int _fd = fd; if (_fd != -1) { pth_close (_fd); fd = -1;} } while (0) - - -/* Prototypes. */ -static gpg_error_t read_buffer (ksba_reader_t reader, - unsigned char *buffer, size_t count); - - - /* Add HOST and PORT to our list of LDAP servers. Fixme: We should better use an extra list of servers. */ @@ -165,606 +107,8 @@ } -/* Release the wrapper context and kill a running wrapper process. */ -static void -destroy_wrapper (struct wrapper_context_s *ctx) -{ - if (ctx->pid != (pid_t)(-1)) - { - gnupg_kill_process (ctx->pid); - gnupg_release_process (ctx->pid); - } - ksba_reader_release (ctx->reader); - SAFE_PTH_CLOSE (ctx->fd); - SAFE_PTH_CLOSE (ctx->log_fd); - if (ctx->log_ev) - pth_event_free (ctx->log_ev, PTH_FREE_THIS); - xfree (ctx->line); - xfree (ctx); -} -/* Print the content of LINE to thye log stream but make sure to only - print complete lines. Using NULL for LINE will flush any pending - output. LINE may be modified by this fucntion. */ -static void -print_log_line (struct wrapper_context_s *ctx, char *line) -{ - char *s; - size_t n; - - if (!line) - { - if (ctx->line && ctx->linelen) - { - - log_info ("%s\n", ctx->line); - ctx->linelen = 0; - } - return; - } - - while ((s = strchr (line, '\n'))) - { - *s = 0; - if (ctx->line && ctx->linelen) - { - log_info ("%s", ctx->line); - ctx->linelen = 0; - log_printf ("%s\n", line); - } - else - log_info ("%s\n", line); - line = s + 1; - } - n = strlen (line); - if (n) - { - if (ctx->linelen + n + 1 >= ctx->linesize) - { - char *tmp; - size_t newsize; - - newsize = ctx->linesize + ((n + 255) & ~255) + 1; - tmp = (ctx->line ? xtryrealloc (ctx->line, newsize) - : xtrymalloc (newsize)); - if (!tmp) - { - log_error (_("error printing log line: %s\n"), strerror (errno)); - return; - } - ctx->line = tmp; - ctx->linesize = newsize; - } - memcpy (ctx->line + ctx->linelen, line, n); - ctx->linelen += n; - ctx->line[ctx->linelen] = 0; - } -} - - -/* Read data from the log stream. Returns true if the log stream - indicated EOF or error. */ -static int -read_log_data (struct wrapper_context_s *ctx) -{ - int n; - char line[256]; - - /* We must use the pth_read function for pipes, always. */ - do - n = pth_read (ctx->log_fd, line, sizeof line - 1); - while (n < 0 && errno == EINTR); - - if (n <= 0) /* EOF or error. */ - { - if (n < 0) - log_error (_("error reading log from ldap wrapper %d: %s\n"), - ctx->pid, strerror (errno)); - print_log_line (ctx, NULL); - SAFE_PTH_CLOSE (ctx->log_fd); - pth_event_free (ctx->log_ev, PTH_FREE_THIS); - ctx->log_ev = NULL; - return 1; - } - - line[n] = 0; - print_log_line (ctx, line); - if (ctx->stamp != (time_t)(-1)) - ctx->stamp = time (NULL); - return 0; -} - - -/* This function is run by a separate thread to maintain the list of - wrappers and to log error messages from these wrappers. */ -void * -ldap_wrapper_thread (void *dummy) -{ - int nfds; - struct wrapper_context_s *ctx; From cvs at cvs.gnupg.org Fri Jul 23 18:17:38 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 23 Jul 2010 18:17:38 +0200 Subject: [svn] w32pth - r38 - trunk Message-ID: Author: wk Date: 2010-07-23 18:17:38 +0200 (Fri, 23 Jul 2010) New Revision: 38 Modified: trunk/ChangeLog trunk/NEWS trunk/pth.h trunk/w32-pth.c Log: Add pth_enter and pth_leave functions. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-04-19 09:26:56 UTC (rev 37) +++ trunk/ChangeLog 2010-07-23 16:17:38 UTC (rev 38) @@ -1,3 +1,8 @@ +2010-07-21 Werner Koch + + * w32-pth.c (enter_leave_api_sentinel): New. + (pth_enter, pth_leave): New. + 2010-04-19 Werner Koch * w32-pth.c (is_socket_2): New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-04-19 09:26:56 UTC (rev 37) +++ trunk/NEWS 2010-07-23 16:17:38 UTC (rev 38) @@ -1,9 +1,11 @@ -Noteworthy changes in version 2.0.3 +Noteworthy changes in version 2.0.3 ------------------------------------------------ * Support WindowsCE. + * New functions pth_enter and pth_leave. + Noteworthy changes in version 2.0.2 (2008-10-17) ------------------------------------------------ Modified: trunk/pth.h =================================================================== --- trunk/pth.h 2010-04-19 09:26:56 UTC (rev 37) +++ trunk/pth.h 2010-07-23 16:17:38 UTC (rev 38) @@ -277,7 +277,10 @@ int pth_yield (pth_t tid); +void pth_enter (void); +void pth_leave (void); + /* Special W32 function to cope with the problem that pth_self returns just a pseudo handle which is not very useful for debugging. */ unsigned long pth_thread_id (void); Modified: trunk/w32-pth.c =================================================================== --- trunk/w32-pth.c 2010-04-19 09:26:56 UTC (rev 37) +++ trunk/w32-pth.c 2010-07-23 16:17:38 UTC (rev 38) @@ -76,6 +76,9 @@ /* Mutex to make sure only one thread is running. */ static CRITICAL_SECTION pth_shd; +/* A sentinel to catch bogus use of pth_enter/pth_leave. */ +static int enter_leave_api_sentinel; + /* Counter to track the number of PTH threads. */ static int thread_counter; @@ -762,7 +765,7 @@ if (!dbgfp) dbgfp = stderr; if (debug_level) - _pth_debug (DEBUG_ERROR, "pth_init called\n"); + _pth_debug (DEBUG_ERROR, "pth_init called (level=%d)\n", debug_level); if (WSAStartup (0x202, &wsadat)) return FALSE; @@ -832,6 +835,33 @@ } +void +pth_enter (void) +{ + implicit_init (); + if (enter_leave_api_sentinel) + { + fprintf (stderr, "pth_enter called while already in pth\n"); + abort (); + } + enter_leave_api_sentinel++; + enter_pth (__FUNCTION__); +} + + +void +pth_leave (void) +{ + leave_pth (__FUNCTION__); + if (enter_leave_api_sentinel != 1) + { + fprintf (stderr, "pth_leave was called while not in pth\n"); + abort (); + } + enter_leave_api_sentinel--; +} + + long pth_ctrl (unsigned long query, ...) { @@ -945,6 +975,8 @@ HANDLE hd; int use_readfile = 0; + TRACE_BEG (DEBUG_INFO, "do_pth_read", fd); + /* We have to check for internal pipes first, as socket operations can block on these. */ hd = _pth_get_reader_ev (fd); @@ -970,7 +1002,12 @@ DWORD nread = 0; do - n = ReadFile ((HANDLE)fd, buffer, size, &nread, NULL); + { + + TRACE_LOG2 (" ReadFile on %p size=%d", (HANDLE)fd, (int)size); + n = ReadFile ((HANDLE)fd, buffer, size, &nread, NULL); + TRACE_LOG2 (" n=%d nread=%d", n, (int)nread); + } while (!n && pipe_is_not_connected ()); if (!n) { @@ -995,6 +1032,7 @@ } } + TRACE_SYSRES (n); return n; } From cvs at cvs.gnupg.org Sat Jul 24 11:18:43 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Sat, 24 Jul 2010 11:18:43 +0200 Subject: [svn] GnuPG - r5375 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: wk Date: 2010-07-24 11:18:42 +0200 (Sat, 24 Jul 2010) New Revision: 5375 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/cardglue.c branches/STABLE-BRANCH-1-4/g10/cardglue.h Log: support more hash algorithms to support the v2 card Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-07-23 16:16:14 UTC (rev 5374) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-07-24 09:18:42 UTC (rev 5375) @@ -1,3 +1,9 @@ +2010-07-24 Werner Koch + + * cardglue.c (agent_scd_pksign): Allow more hash algorithms when + using with scdaemon. + * cardglue.h (GCRY_MD_MD5): New. + 2010-06-18 Werner Koch * parse-packet.c (skip_packet, parse_gpg_control): Take care of Modified: branches/STABLE-BRANCH-1-4/g10/cardglue.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/cardglue.c 2010-07-23 16:16:14 UTC (rev 5374) +++ branches/STABLE-BRANCH-1-4/g10/cardglue.c 2010-07-24 09:18:42 UTC (rev 5375) @@ -1323,7 +1323,13 @@ { init_membuf (&data, 1024); snprintf (line, DIM(line)-1, "SCD PKSIGN %s%s", - hashalgo == GCRY_MD_RMD160? "--hash=rmd160 ": "", + hashalgo == GCRY_MD_SHA1? "--hash=sha1 ": + hashalgo == GCRY_MD_SHA224? "--hash=sha224 ": + hashalgo == GCRY_MD_SHA256? "--hash=sha256 ": + hashalgo == GCRY_MD_SHA384? "--hash=sha384 ": + hashalgo == GCRY_MD_SHA512? "--hash=sha512 ": + hashalgo == GCRY_MD_RMD160? "--hash=rmd160 ": + hashalgo == GCRY_MD_MD5? "--hash=md5 " : "", serialno); line[DIM(line)-1] = 0; rc = test_transact (assuan_transact (app->assuan_ctx, line, Modified: branches/STABLE-BRANCH-1-4/g10/cardglue.h =================================================================== --- branches/STABLE-BRANCH-1-4/g10/cardglue.h 2010-07-23 16:16:14 UTC (rev 5374) +++ branches/STABLE-BRANCH-1-4/g10/cardglue.h 2010-07-24 09:18:42 UTC (rev 5375) @@ -181,6 +181,7 @@ #define GCRY_MD_SHA384 DIGEST_ALGO_SHA384 #define GCRY_MD_SHA512 DIGEST_ALGO_SHA512 #define GCRY_MD_SHA224 DIGEST_ALGO_SHA224 +#define GCRY_MD_MD5 DIGEST_ALGO_MD5 void gcry_mpi_release (MPI a); MPI gcry_mpi_set_opaque (MPI a, void *p, unsigned int len); From cvs at cvs.gnupg.org Sat Jul 24 15:33:04 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Sat, 24 Jul 2010 15:33:04 +0200 Subject: [svn] GnuPG - r5376 - in trunk: common dirmngr Message-ID: Author: wk Date: 2010-07-24 15:33:03 +0200 (Sat, 24 Jul 2010) New Revision: 5376 Modified: trunk/common/ChangeLog trunk/common/estream.c trunk/common/estream.h trunk/dirmngr/ChangeLog trunk/dirmngr/dirmngr_ldap.c Log: Add new set_binary feature to estream Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-07-24 09:18:42 UTC (rev 5375) +++ trunk/common/ChangeLog 2010-07-24 13:33:03 UTC (rev 5376) @@ -1,3 +1,7 @@ +2010-07-24 Werner Koch + + * estream.c (es_set_binary): New. + 2010-07-19 Werner Koch * utf8conv.c (utf8_to_wchar): s/malloc/jnlib_malloc/. Modified: trunk/dirmngr/ChangeLog =================================================================== --- trunk/dirmngr/ChangeLog 2010-07-24 09:18:42 UTC (rev 5375) +++ trunk/dirmngr/ChangeLog 2010-07-24 13:33:03 UTC (rev 5376) @@ -1,3 +1,8 @@ +2010-07-24 Werner Koch + + * dirmngr_ldap.c (main): Init common subsystems. Call + es_set_binary. + 2010-07-19 Werner Koch * dirmngr.c: Include ldap-wrapper.h. Modified: trunk/common/estream.c =================================================================== --- trunk/common/estream.c 2010-07-24 09:18:42 UTC (rev 5375) +++ trunk/common/estream.c 2010-07-24 13:33:03 UTC (rev 5376) @@ -3399,7 +3399,40 @@ ESTREAM_UNLOCK (stream); } + +/* Put a stream into binary mode. This is only needed for the + standard streams if they are to be used in a binary way. On Unix + systems it is never needed but MSDOS based systems require such a + call. It needs to be called before any I/O is done on STREAM. */ void +es_set_binary (estream_t stream) +{ + ESTREAM_LOCK (stream); + if (!(stream->intern->modeflags & O_BINARY)) + { + stream->intern->modeflags |= O_BINARY; +#ifdef HAVE_DOSISH_SYSTEM + if (stream->intern->func_dest.func_read == es_func_fd_read) + { + estream_cookie_fd_t fd_cookie; + + if (!IS_INVALID_FD (fd_cookie->fd)) + setmode (fd, O_BINARY); + } + else if (stream->intern->func_dest.func_read == es_func_fp_read) + { + estream_cookie_fp_t fp_cookie; + + if (fp_cookie->fd) + setmode (fileno (fp_cookie->fp), O_BINARY); + } +#endif + } + ESTREAM_UNLOCK (stream); +} + + +void es_opaque_set (estream_t stream, void *opaque) { ESTREAM_LOCK (stream); Modified: trunk/common/estream.h =================================================================== --- trunk/common/estream.h 2010-07-24 09:18:42 UTC (rev 5375) +++ trunk/common/estream.h 2010-07-24 13:33:03 UTC (rev 5376) @@ -125,6 +125,7 @@ #define es_vfprintf_unlocked _ESTREAM_PREFIX(es_vfprint_unlocked) #define es_setvbuf _ESTREAM_PREFIX(es_setvbuf) #define es_setbuf _ESTREAM_PREFIX(es_setbuf) +#define es_set_binary _ESTREAM_PREFIX(es_set_binary) #define es_tmpfile _ESTREAM_PREFIX(es_tmpfile) #define es_opaque_set _ESTREAM_PREFIX(es_opaque_set) #define es_opaque_get _ESTREAM_PREFIX(es_opaque_get) @@ -355,6 +356,9 @@ char *ES__RESTRICT buf, int mode, size_t size); void es_setbuf (estream_t ES__RESTRICT stream, char *ES__RESTRICT buf); +void es_set_binary (estream_t stream); + + estream_t es_tmpfile (void); void es_opaque_set (estream_t ES__RESTRICT stream, void *ES__RESTRICT opaque); Modified: trunk/dirmngr/dirmngr_ldap.c =================================================================== --- trunk/dirmngr/dirmngr_ldap.c 2010-07-24 09:18:42 UTC (rev 5375) +++ trunk/dirmngr/dirmngr_ldap.c 2010-07-24 13:33:03 UTC (rev 5376) @@ -171,18 +171,17 @@ char *p; int only_search_timeout = 0; -#ifdef HAVE_W32_SYSTEM - /* Yeah, right. Sigh. */ -#error FIXME - _setmode (_fileno (stdout), _O_BINARY); -#endif - set_strusage (my_strusage); log_set_prefix ("dirmngr_ldap", JNLIB_LOG_WITH_PREFIX); - /* Setup I18N. */ + /* Setup I18N and common subsystems. */ i18n_init(); + init_common_subsystems (&argc, &argv); + + es_set_binary (es_stdout); + + /* LDAP defaults */ opt.timeout.tv_sec = DEFAULT_LDAP_TIMEOUT; opt.timeout.tv_usec = 0; From cvs at cvs.gnupg.org Mon Jul 26 16:01:33 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 26 Jul 2010 16:01:33 +0200 Subject: [svn] GnuPG - r5377 - in trunk: . common dirmngr Message-ID: Author: wk Date: 2010-07-26 16:01:32 +0200 (Mon, 26 Jul 2010) New Revision: 5377 Modified: trunk/ChangeLog trunk/common/ChangeLog trunk/common/argparse.c trunk/configure.ac trunk/dirmngr/ChangeLog trunk/dirmngr/Makefile.am trunk/dirmngr/dirmngr_ldap.c trunk/dirmngr/ldap-wrapper-ce.c trunk/dirmngr/ldap-wrapper.c trunk/dirmngr/ldap-wrapper.h Log: Some work on the dirmngr Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/ChangeLog 2010-07-26 14:01:32 UTC (rev 5377) @@ -1,3 +1,7 @@ +2010-07-25 Werner Koch + + * configure.ac (USE_LDAPWRAPPER): AC_DEFINE and AM_CONDITIONAL it. + 2010-06-09 Werner Koch * configure.ac (GNUPG_DIRMNGR_LDAP_PGM): Add option Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/common/ChangeLog 2010-07-26 14:01:32 UTC (rev 5377) @@ -1,3 +1,7 @@ +2010-07-25 Werner Koch + + * argparse.c (initialize): Use ARGPARSE_PRINT_WARNING constant. + 2010-07-24 Werner Koch * estream.c (es_set_binary): New. Modified: trunk/dirmngr/ChangeLog =================================================================== --- trunk/dirmngr/ChangeLog 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/dirmngr/ChangeLog 2010-07-26 14:01:32 UTC (rev 5377) @@ -1,3 +1,16 @@ +2010-07-25 Werner Koch + + * Makefile.am (dirmngr_SOURCES) [!USE_LDAPWRAPPER]: Build + ldap-wrapper-ce. + * ldap-wrapper-ce.c: New. + + * dirmngr_ldap.c (opt): Remove global variable ... + (my_opt_t): ... and declare a type instead. + (main): Define a MY_OPT variable and change all references to OPT + to this. + (set_timeout, print_ldap_entries, fetch_ldap, process_url): Pass + MYOPT arg. + 2010-07-24 Werner Koch * dirmngr_ldap.c (main): Init common subsystems. Call Modified: trunk/common/argparse.c =================================================================== --- trunk/common/argparse.c 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/common/argparse.c 2010-07-26 14:01:32 UTC (rev 5377) @@ -267,7 +267,7 @@ else jnlib_log_error (_("invalid option \"%.50s\"\n"), s); } - if ( arg->err != 1 ) + if (arg->err != ARGPARSE_PRINT_WARNING) exit (2); arg->err = 0; } Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/configure.ac 2010-07-26 14:01:32 UTC (rev 5377) @@ -540,6 +540,7 @@ have_w32_system=no have_w32ce_system=no use_simple_gettext=no +use_ldapwrapper=yes mmap_needed=yes case "${host}" in *-mingw32*) @@ -554,6 +555,7 @@ disable_keyserver_path=yes have_dosish_system=yes have_w32_system=yes + use_ldapwrapper=no # Fixme: Do this only for CE. case "${host}" in *-mingw32ce*) have_w32ce_system=yes @@ -636,6 +638,11 @@ AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes) +if test "$use_ldapwrapper" = yes; then + AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process]) +fi +AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes) + if test "$disable_keyserver_path" = yes; then AC_DEFINE(DISABLE_KEYSERVER_PATH,1, [Defined to disable exec-path for keyserver helpers]) Modified: trunk/dirmngr/Makefile.am =================================================================== --- trunk/dirmngr/Makefile.am 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/dirmngr/Makefile.am 2010-07-26 14:01:32 UTC (rev 5377) @@ -23,7 +23,9 @@ bin_PROGRAMS = dirmngr dirmngr-client +if USE_LDAPWRAPPER libexec_PROGRAMS = dirmngr_ldap +endif AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common @@ -39,8 +41,15 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ ldapserver.h ldapserver.c certcache.c certcache.h \ cdb.h cdblib.c ldap.c misc.c dirmngr-err.h \ - ocsp.c ocsp.h validate.c validate.h ldap-wrapper.c ldap-wrapper.h + ocsp.c ocsp.h validate.c validate.h ldap-wrapper.h +if USE_LDAPWRAPPER +dirmngr_SOURCES += ldap-wrapper.c +else +dirmngr_SOURCES += ldap-wrapper-ce.c dirmngr_ldap.c +endif + + dirmngr_LDADD = $(libcommonpth) ../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(PTH_LIBS) $(LIBINTL) $(LIBICONV) @@ -50,11 +59,13 @@ ldap_url = endif +if USE_LDAPWRAPPER dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url) no-libgcrypt.c dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) dirmngr_ldap_LDFLAGS = dirmngr_ldap_LDADD = $(libcommon) ../gl/libgnu.a $(DNSLIBS) \ $(GPG_ERROR_LIBS) $(LDAPLIBS) $(LIBINTL) $(LIBICONV) +endif dirmngr_client_SOURCES = dirmngr-client.c no-libgcrypt.c dirmngr_client_LDADD = $(libcommon) ../gl/libgnu.a $(LIBASSUAN_LIBS) \ Modified: trunk/dirmngr/dirmngr_ldap.c =================================================================== --- trunk/dirmngr/dirmngr_ldap.c 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/dirmngr/dirmngr_ldap.c 2010-07-26 14:01:32 UTC (rev 5377) @@ -55,6 +55,12 @@ #include "i18n.h" #include "util.h" +/* If we are not using the ldap wrapper process we need to include the + prototype for our module's main function. */ +#ifndef USE_LDAPWRAPPER +#include "./ldap-wrapper.h" +#endif + #define DEFAULT_LDAP_TIMEOUT 100 /* Arbitrary long timeout. */ @@ -105,8 +111,10 @@ }; -/* The usual structure for the program flags. */ -static struct +/* A structure with module options. This is not a static variable + because if we are not build as a standalone binary, each thread + using this module needs to handle its own values. */ +struct my_opt_s { int quiet; int verbose; @@ -114,6 +122,8 @@ unsigned int alarm_timeout; /* And for the alarm based timeout. */ int multi; + estream_t outstream; /* Send output to thsi stream. */ + /* Note that we can't use const for the strings because ldap_* are not defined that way. */ char *proxy; /* Host and Port override. */ @@ -124,12 +134,13 @@ char *dn; /* Override DN. */ char *filter;/* Override filter. */ char *attr; /* Override attribute. */ -} opt; +}; +typedef struct my_opt_s my_opt_t; /* Prototypes. */ static void catch_alarm (int dummy); -static int process_url (const char *url); +static int process_url (my_opt_t myopt, const char *url); @@ -164,13 +175,25 @@ int -main (int argc, char **argv ) +#ifdef USE_LDAPWRAPPER +main (int argc, char **argv) +#else +ldap_wrapper_main (char **argv, estream_t outstream) +#endif { +#ifndef USE_LDAPWRAPPER + int argc; +#endif ARGPARSE_ARGS pargs; int any_err = 0; char *p; int only_search_timeout = 0; + struct my_opt_s my_opt_buffer; + my_opt_t myopt = &my_opt_buffer; + + memset (&my_opt_buffer, 0, sizeof my_opt_buffer); +#ifdef USE_LDAPWRAPPER set_strusage (my_strusage); log_set_prefix ("dirmngr_ldap", JNLIB_LOG_WITH_PREFIX); @@ -180,12 +203,17 @@ init_common_subsystems (&argc, &argv); es_set_binary (es_stdout); + myopt->outstream = es_stdout; +#else /*!USE_LDAPWRAPPER*/ + myopt->outstream = outstream; + for (argc=0; argv[argc]; argc++) + ; +#endif /*!USE_LDAPWRAPPER*/ - /* LDAP defaults */ - opt.timeout.tv_sec = DEFAULT_LDAP_TIMEOUT; - opt.timeout.tv_usec = 0; - opt.alarm_timeout = 0; + myopt->timeout.tv_sec = DEFAULT_LDAP_TIMEOUT; + myopt->timeout.tv_usec = 0; + myopt->alarm_timeout = 0; /* Parse the command line. */ pargs.argc = &argc; @@ -195,26 +223,26 @@ { switch (pargs.r_opt) { - case oVerbose: opt.verbose++; break; - case oQuiet: opt.quiet++; break; + case oVerbose: myopt->verbose++; break; + case oQuiet: myopt->quiet++; break; case oTimeout: - opt.timeout.tv_sec = pargs.r.ret_int; - opt.timeout.tv_usec = 0; - opt.alarm_timeout = pargs.r.ret_int; + myopt->timeout.tv_sec = pargs.r.ret_int; + myopt->timeout.tv_usec = 0; + myopt->alarm_timeout = pargs.r.ret_int; break; case oOnlySearchTimeout: only_search_timeout = 1; break; - case oMulti: opt.multi = 1; break; - case oUser: opt.user = pargs.r.ret_str; break; - case oPass: opt.pass = pargs.r.ret_str; break; + case oMulti: myopt->multi = 1; break; + case oUser: myopt->user = pargs.r.ret_str; break; + case oPass: myopt->pass = pargs.r.ret_str; break; case oEnvPass: - opt.pass = getenv ("DIRMNGR_LDAP_PASS"); + myopt->pass = getenv ("DIRMNGR_LDAP_PASS"); break; - case oProxy: opt.proxy = pargs.r.ret_str; break; - case oHost: opt.host = pargs.r.ret_str; break; - case oPort: opt.port = pargs.r.ret_int; break; - case oDN: opt.dn = pargs.r.ret_str; break; - case oFilter: opt.filter = pargs.r.ret_str; break; - case oAttr: opt.attr = pargs.r.ret_str; break; + case oProxy: myopt->proxy = pargs.r.ret_str; break; + case oHost: myopt->host = pargs.r.ret_str; break; + case oPort: myopt->port = pargs.r.ret_int; break; + case oDN: myopt->dn = pargs.r.ret_str; break; + case oFilter: myopt->filter = pargs.r.ret_str; break; + case oAttr: myopt->attr = pargs.r.ret_str; break; case oLogWithPID: { unsigned int oldflags; @@ -223,36 +251,47 @@ } break; - default : pargs.err = 2; break; + default : +#ifdef USE_LDAPWRAPPER + pargs.err = ARGPARSE_PRINT_ERROR; +#else + pargs.err = ARGPARSE_PRINT_WARNING; /* No exit() please. */ +#endif + break; } } if (only_search_timeout) - opt.alarm_timeout = 0; + myopt->alarm_timeout = 0; - if (opt.proxy) + if (myopt->proxy) { - opt.host = xstrdup (opt.proxy); - p = strchr (opt.host, ':'); + myopt->host = xstrdup (myopt->proxy); + p = strchr (myopt->host, ':'); if (p) { *p++ = 0; - opt.port = atoi (p); + myopt->port = atoi (p); } - if (!opt.port) - opt.port = 389; /* make sure ports gets overridden. */ + if (!myopt->port) + myopt->port = 389; /* make sure ports gets overridden. */ } - if (opt.port < 0 || opt.port > 65535) - log_error (_("invalid port number %d\n"), opt.port); + if (myopt->port < 0 || myopt->port > 65535) + log_error (_("invalid port number %d\n"), myopt->port); +#ifdef USE_LDAPWRAPPER if (log_get_errorcount (0)) exit (2); - if (argc < 1) usage (1); +#else + /* All passed arguments should be fine in this case. */ + assert (argc); +#endif - if (opt.alarm_timeout) +#ifdef USE_LDAPWRAPPER + if (myopt->alarm_timeout) { #ifndef HAVE_W32_SYSTEM # if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION) @@ -268,11 +307,14 @@ log_fatal ("unable to register timeout handler\n"); #endif } +#endif /*USE_LDAPWRAPPER*/ for (; argc; argc--, argv++) - if (process_url (*argv)) + if (process_url (myopt, *argv)) any_err = 1; + + /* FIXME: Do we need to release stuff? */ return any_err; } @@ -286,19 +328,19 @@ static void -set_timeout (void) +set_timeout (my_opt_t myopt) { #ifndef HAVE_W32_SYSTEM /* FIXME for W32. */ - if (opt.alarm_timeout) - alarm (opt.alarm_timeout); + if (myopt->alarm_timeout) + alarm (myopt->alarm_timeout); #endif } /* Helper for fetch_ldap(). */ static int -print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr) +print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr) { LDAPMessage *item; int any = 0; @@ -309,13 +351,13 @@ BerElement *berctx; char *attr; - if (opt.verbose > 1) + if (myopt->verbose > 1) log_info (_("scanning result for attribute `%s'\n"), want_attr? want_attr : "[all]"); - if (opt.multi) + if (myopt->multi) { /* Write item marker. */ - if (es_fwrite ("I\0\0\0\0", 5, 1, es_stdout) != 1) + if (es_fwrite ("I\0\0\0\0", 5, 1, myopt->oustream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -330,10 +372,10 @@ struct berval **values; int idx; - if (opt.verbose > 1) + if (myopt->verbose > 1) log_info (_(" available attribute `%s'\n"), attr); - set_timeout (); + set_timeout (myopt); /* I case we want only one attribute we do a case insensitive compare without the optional extension @@ -366,23 +408,23 @@ if (!values) { - if (opt.verbose) + if (myopt->verbose) log_info (_("attribute `%s' not found\n"), attr); ldap_memfree (attr); continue; } - if (opt.verbose) + if (myopt->verbose) { log_info (_("found attribute `%s'\n"), attr); - if (opt.verbose > 1) + if (myopt->verbose > 1) for (idx=0; values[idx]; idx++) log_info (" length[%d]=%d\n", idx, (int)values[0]->bv_len); } - if (opt.multi) + if (myopt->multi) { /* Write attribute marker. */ unsigned char tmp[5]; size_t n = strlen (attr); @@ -392,8 +434,8 @@ tmp[2] = (n >> 16); tmp[3] = (n >> 8); tmp[4] = (n); - if (es_fwrite (tmp, 5, 1, es_stdout) != 1 - || es_fwrite (attr, n, 1, es_stdout) != 1) + if (es_fwrite (tmp, 5, 1, myopt->oustream) != 1 + || es_fwrite (attr, n, 1, myopt->oustream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -406,7 +448,7 @@ for (idx=0; values[idx]; idx++) { - if (opt.multi) + if (myopt->multi) { /* Write value marker. */ unsigned char tmp[5]; size_t n = values[0]->bv_len; @@ -417,7 +459,7 @@ tmp[3] = (n >> 8); tmp[4] = (n); - if (es_fwrite (tmp, 5, 1, es_stdout) != 1) + if (es_fwrite (tmp, 5, 1, myopt->oustream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -433,7 +475,7 @@ CRLs which are 52 KB or larger. */ #warning still true - implement in estream if (es_fwrite (values[0]->bv_val, values[0]->bv_len, - 1, es_stdout) != 1) + 1, myopt->oustream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -456,7 +498,7 @@ cnt = MAX_CNT; if (es_fwrite (((char *) values[0]->bv_val) + n, cnt, 1, - es_stdout) != 1) + myopt->oustream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -470,18 +512,18 @@ } #endif any = 1; - if (!opt.multi) + if (!myopt->multi) break; /* Print only the first value. */ } ldap_value_free_len (values); ldap_memfree (attr); - if (want_attr || !opt.multi) + if (want_attr || !myopt->multi) break; /* We only want to return the first attribute. */ } ber_free (berctx, 0); } - if (opt.verbose > 1 && any) + if (myopt->verbose > 1 && any) log_info ("result has been printed\n"); return any?0:-1; @@ -491,7 +533,7 @@ /* Helper for the URL based LDAP query. */ static int -fetch_ldap (const char *url, const LDAPURLDesc *ludp) +fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp) { LDAP *ld; LDAPMessage *msg; @@ -499,24 +541,24 @@ char *host, *dn, *filter, *attrs[2], *attr; int port; - host = opt.host? opt.host : ludp->lud_host; - port = opt.port? opt.port : ludp->lud_port; - dn = opt.dn? opt.dn : ludp->lud_dn; - filter = opt.filter? opt.filter : ludp->lud_filter; - attrs[0] = opt.attr? opt.attr : ludp->lud_attrs? ludp->lud_attrs[0]:NULL; + host = myopt->host? myopt->host : ludp->lud_host; + port = myopt->port? myopt->port : ludp->lud_port; + dn = myopt->dn? myopt->dn : ludp->lud_dn; + filter = myopt->filter? myopt->filter : ludp->lud_filter; + attrs[0] = myopt->attr? myopt->attr : ludp->lud_attrs? ludp->lud_attrs[0]:NULL; attrs[1] = NULL; attr = attrs[0]; if (!port) port = (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))? 636:389; - if (opt.verbose) + if (myopt->verbose) { log_info (_("processing url `%s'\n"), url); - if (opt.user) - log_info (_(" user `%s'\n"), opt.user); - if (opt.pass) - log_info (_(" pass `%s'\n"), *opt.pass?"*****":""); + if (myopt->user) + log_info (_(" user `%s'\n"), myopt->user); + if (myopt->pass) + log_info (_(" pass `%s'\n"), *myopt->pass?"*****":""); if (host) log_info (_(" host `%s'\n"), host); log_info (_(" port %d\n"), port); @@ -524,7 +566,7 @@ log_info (_(" DN `%s'\n"), dn); if (filter) log_info (_(" filter `%s'\n"), filter); - if (opt.multi && !opt.attr && ludp->lud_attrs) + if (myopt->multi && !myopt->attr && ludp->lud_attrs) { int i; for (i=0; ludp->lud_attrs[i]; i++) @@ -540,18 +582,18 @@ log_error (_("no host name in `%s'\n"), url); return -1; } - if (!opt.multi && !attr) + if (!myopt->multi && !attr) { log_error (_("no attribute given for query `%s'\n"), url); return -1; } - if (!opt.multi && !opt.attr + if (!myopt->multi && !myopt->attr && ludp->lud_attrs && ludp->lud_attrs[0] && ludp->lud_attrs[1]) log_info (_("WARNING: using first attribute only\n")); - set_timeout (); + set_timeout (myopt); ld = ldap_init (host, port); if (!ld) { @@ -559,7 +601,7 @@ host, port, strerror (errno)); return -1; } - if (ldap_simple_bind_s (ld, opt.user, opt.pass)) + if (ldap_simple_bind_s (ld, myopt->user, myopt->pass)) { log_error (_("binding to `%s:%d' failed: %s\n"), host, port, strerror (errno)); @@ -567,18 +609,17 @@ return -1; } - set_timeout (); + set_timeout (myopt); rc = ldap_search_st (ld, dn, ludp->lud_scope, filter, - opt.multi && !opt.attr && ludp->lud_attrs? + myopt->multi && !myopt->attr && ludp->lud_attrs? ludp->lud_attrs:attrs, 0, - &opt.timeout, &msg); - if (rc == LDAP_SIZELIMIT_EXCEEDED && opt.multi) + &myopt->timeout, &msg); + if (rc == LDAP_SIZELIMIT_EXCEEDED && myopt->multi) { - if (es_fwrite ("E\0\0\0\x09truncated", 14, 1, es_stdout) != 1) + if (es_fwrite ("E\0\0\0\x09truncated", 14, 1, myopt->oustream) != 1) { - log_error (_("error writing to stdout: %s\n"), - strerror (errno)); + log_error (_("error writing to stdout: %s\n"), strerror (errno)); return -1; } } @@ -594,7 +635,7 @@ } } - rc = print_ldap_entries (ld, msg, opt.multi? NULL:attr); + rc = print_ldap_entries (myopt, ld, msg, myopt->multi? NULL:attr); ldap_msgfree (msg); /* FIXME: Need deinit (ld)? */ @@ -607,7 +648,7 @@ /* Main processing. Take the URL and run the LDAP query. The result is printed to stdout, errors are logged to the log stream. */ static int -process_url (const char *url) +process_url (my_opt_t myopt, const char *url) { int rc; LDAPURLDesc *ludp = NULL; @@ -625,7 +666,7 @@ return -1; } - rc = fetch_ldap (url, ludp); + rc = fetch_ldap (myopt, url, ludp); ldap_free_urldesc (ludp); return rc; Modified: trunk/dirmngr/ldap-wrapper-ce.c =================================================================== --- trunk/dirmngr/ldap-wrapper-ce.c 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/dirmngr/ldap-wrapper-ce.c 2010-07-26 14:01:32 UTC (rev 5377) @@ -41,6 +41,9 @@ #include "misc.h" #include "ldap-wrapper.h" +#ifdef USE_LDAPWRAPPER +# error This module is not expected to be build. +#endif /* To keep track of the LDAP wrapper state we use this structure. */ @@ -169,19 +172,9 @@ } } -/* Fork and exec the LDAP wrapper and returns a new libksba reader +/* Start a new LDAP thread and returns a new libksba reader object at READER. ARGV is a NULL terminated list of arguments for - the wrapper. The function returns 0 on success or an error code. - - Special hack to avoid passing a password through the command line - which is globally visible: If the first element of ARGV is "--pass" - it will be removed and instead the environment variable - DIRMNGR_LDAP_PASS will be set to the next value of ARGV. On modern - OSes the environment is not visible to other users. For those old - systems where it can't be avoided, we don't want to go into the - hassle of passing the password via stdin; it's just too complicated - and an LDAP password used for public directory lookups should not - be that confidential. */ + the wrapper. The function returns 0 on success or an error code. */ gpg_error_t ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[]) { Modified: trunk/dirmngr/ldap-wrapper.c =================================================================== --- trunk/dirmngr/ldap-wrapper.c 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/dirmngr/ldap-wrapper.c 2010-07-26 14:01:32 UTC (rev 5377) @@ -69,6 +69,9 @@ #define pth_close(fd) close(fd) #endif +#ifndef USE_LDAPWRAPPER +# error This module is not expected to be build. +#endif /* In case sysconf does not return a value we need to have a limit. */ #ifdef _POSIX_OPEN_MAX Modified: trunk/dirmngr/ldap-wrapper.h =================================================================== --- trunk/dirmngr/ldap-wrapper.h 2010-07-24 13:33:03 UTC (rev 5376) +++ trunk/dirmngr/ldap-wrapper.h 2010-07-26 14:01:32 UTC (rev 5377) @@ -20,6 +20,7 @@ #ifndef LDAP_WRAPPER_H #define LDAP_WRAPPER_H +/* ldap-wrapper.c or ldap-wrapper-ce.c */ void ldap_wrapper_launch_thread (void); void ldap_wrapper_wait_connections (void); void ldap_wrapper_release_context (ksba_reader_t reader); @@ -28,6 +29,10 @@ const char *argv[]); +/* dirmngr_ldap.c */ +#ifndef USE_LDAPWRAPPER +int ldap_wrapper_main (int argc, char **argv, estream_t outstream); +#endif #endif /*LDAP_WRAPPER_H*/ From cvs at cvs.gnupg.org Mon Jul 26 16:28:00 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 26 Jul 2010 16:28:00 +0200 Subject: [svn] GnuPG - r5378 - in trunk: common dirmngr Message-ID: Author: wk Date: 2010-07-26 16:27:59 +0200 (Mon, 26 Jul 2010) New Revision: 5378 Modified: trunk/common/estream.c trunk/dirmngr/dirmngr_ldap.c trunk/dirmngr/ldap-wrapper.h Log: Fixed couple of build problems. However the W32 version is currently under work. Modified: trunk/common/estream.c =================================================================== --- trunk/common/estream.c 2010-07-26 14:01:32 UTC (rev 5377) +++ trunk/common/estream.c 2010-07-26 14:27:59 UTC (rev 5378) @@ -3412,18 +3412,18 @@ { stream->intern->modeflags |= O_BINARY; #ifdef HAVE_DOSISH_SYSTEM - if (stream->intern->func_dest.func_read == es_func_fd_read) + if (stream->intern->func_read == es_func_fd_read) { - estream_cookie_fd_t fd_cookie; + estream_cookie_fd_t fd_cookie = stream->intern->cookie; if (!IS_INVALID_FD (fd_cookie->fd)) - setmode (fd, O_BINARY); + setmode (fd_cookie->fd, O_BINARY); } - else if (stream->intern->func_dest.func_read == es_func_fp_read) + else if (stream->intern->func_read == es_func_fp_read) { - estream_cookie_fp_t fp_cookie; + estream_cookie_fp_t fp_cookie = stream->intern->cookie; - if (fp_cookie->fd) + if (fp_cookie->fp) setmode (fileno (fp_cookie->fp), O_BINARY); } #endif Modified: trunk/dirmngr/dirmngr_ldap.c =================================================================== --- trunk/dirmngr/dirmngr_ldap.c 2010-07-26 14:01:32 UTC (rev 5377) +++ trunk/dirmngr/dirmngr_ldap.c 2010-07-26 14:27:59 UTC (rev 5378) @@ -135,7 +135,7 @@ char *filter;/* Override filter. */ char *attr; /* Override attribute. */ }; -typedef struct my_opt_s my_opt_t; +typedef struct my_opt_s *my_opt_t; /* Prototypes. */ @@ -357,7 +357,7 @@ if (myopt->multi) { /* Write item marker. */ - if (es_fwrite ("I\0\0\0\0", 5, 1, myopt->oustream) != 1) + if (es_fwrite ("I\0\0\0\0", 5, 1, myopt->outstream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -434,8 +434,8 @@ tmp[2] = (n >> 16); tmp[3] = (n >> 8); tmp[4] = (n); - if (es_fwrite (tmp, 5, 1, myopt->oustream) != 1 - || es_fwrite (attr, n, 1, myopt->oustream) != 1) + if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1 + || es_fwrite (attr, n, 1, myopt->outstream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -459,7 +459,7 @@ tmp[3] = (n >> 8); tmp[4] = (n); - if (es_fwrite (tmp, 5, 1, myopt->oustream) != 1) + if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -475,7 +475,7 @@ CRLs which are 52 KB or larger. */ #warning still true - implement in estream if (es_fwrite (values[0]->bv_val, values[0]->bv_len, - 1, myopt->oustream) != 1) + 1, myopt->outstream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -498,7 +498,7 @@ cnt = MAX_CNT; if (es_fwrite (((char *) values[0]->bv_val) + n, cnt, 1, - myopt->oustream) != 1) + myopt->outstream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); @@ -617,7 +617,7 @@ &myopt->timeout, &msg); if (rc == LDAP_SIZELIMIT_EXCEEDED && myopt->multi) { - if (es_fwrite ("E\0\0\0\x09truncated", 14, 1, myopt->oustream) != 1) + if (es_fwrite ("E\0\0\0\x09truncated", 14, 1, myopt->outstream) != 1) { log_error (_("error writing to stdout: %s\n"), strerror (errno)); return -1; Modified: trunk/dirmngr/ldap-wrapper.h =================================================================== --- trunk/dirmngr/ldap-wrapper.h 2010-07-26 14:01:32 UTC (rev 5377) +++ trunk/dirmngr/ldap-wrapper.h 2010-07-26 14:27:59 UTC (rev 5378) @@ -20,6 +20,8 @@ #ifndef LDAP_WRAPPER_H #define LDAP_WRAPPER_H +#include + /* ldap-wrapper.c or ldap-wrapper-ce.c */ void ldap_wrapper_launch_thread (void); void ldap_wrapper_wait_connections (void); @@ -31,7 +33,7 @@ /* dirmngr_ldap.c */ #ifndef USE_LDAPWRAPPER -int ldap_wrapper_main (int argc, char **argv, estream_t outstream); +int ldap_wrapper_main (char **argv, estream_t outstream); #endif From cvs at cvs.gnupg.org Tue Jul 27 12:08:23 2010 From: cvs at cvs.gnupg.org (cvs user werner) Date: Tue, 27 Jul 2010 12:08:23 +0200 Subject: misc-scripts (5 files) Message-ID: Date: Tuesday, July 27, 2010 @ 12:08:23 Author: werner Path: /cvs/wk/misc-scripts Added: heating-control.c Modified: ChangeLog mkdiff sha1sum.c sks-stats.sh Collected changes. From cvs at cvs.gnupg.org Fri Jul 30 09:45:23 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 30 Jul 2010 09:45:23 +0200 Subject: [svn] w32pth - r39 - trunk Message-ID: Author: wk Date: 2010-07-30 09:45:22 +0200 (Fri, 30 Jul 2010) New Revision: 39 Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac Log: Prepare a release Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-07-23 16:17:38 UTC (rev 38) +++ trunk/ChangeLog 2010-07-30 07:45:22 UTC (rev 39) @@ -1,3 +1,9 @@ +2010-07-30 Werner Koch + + Release 2.0.3. + + * configure.ac: Set LT version to C2/A2/R0. + 2010-07-21 Werner Koch * w32-pth.c (enter_leave_api_sentinel): New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-07-23 16:17:38 UTC (rev 38) +++ trunk/NEWS 2010-07-30 07:45:22 UTC (rev 39) @@ -1,4 +1,4 @@ -Noteworthy changes in version 2.0.3 +Noteworthy changes in version 2.0.3 (2010-07-30) ------------------------------------------------ * Support WindowsCE. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-07-23 16:17:38 UTC (rev 38) +++ trunk/configure.ac 2010-07-30 07:45:22 UTC (rev 39) @@ -27,7 +27,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [2.0.3]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) @@ -39,8 +39,8 @@ # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) # Please remember to document interface changes in the NEWS file. -W32PTH_LT_CURRENT=1 -W32PTH_LT_AGE=1 +W32PTH_LT_CURRENT=2 +W32PTH_LT_AGE=2 W32PTH_LT_REVISION=0 #------------------- # If the API is changed in an incompatible way: increment the next counter. From cvs at cvs.gnupg.org Fri Jul 30 10:01:33 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 30 Jul 2010 10:01:33 +0200 Subject: [svn] w32pth - r40 - tags Message-ID: Author: wk Date: 2010-07-30 10:01:33 +0200 (Fri, 30 Jul 2010) New Revision: 40 Added: tags/w32pth-2.0.3/ Log: