From cvs at cvs.gnupg.org Fri Apr 1 10:46:35 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 01 Apr 2011 10:46:35 +0200 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-22-g934d270 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 934d270ff8193a5931b143ce850f66f50d03dedf (commit) from ec033383618c4b3739783d31ca4dc70c9bb4fcfe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 934d270ff8193a5931b143ce850f66f50d03dedf Author: Werner Koch Date: Fri Apr 1 10:16:31 2011 +0200 Make sure that gcry_realloc (NULL, n) works on all platforms. realloc (NULL, n) shall behave exactly like malloc (n) and realloc (p, 0) like free. Not all platforms implement this correctly thus we now handle this directly in gcry_realloc. diff --git a/src/ChangeLog b/src/ChangeLog index 9ef6c5d..9476e82 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2011-04-01 Werner Koch + + * global.c (gcry_realloc): Divert to gcry_malloc or gcry_free. + 2011-03-09 Werner Koch * gcrypt.h.in (gcry_kdf_algos): New. diff --git a/src/global.c b/src/global.c index cbb7eb8..d65b068 100644 --- a/src/global.c +++ b/src/global.c @@ -833,6 +833,16 @@ gcry_realloc (void *a, size_t n) { void *p; + /* To avoid problems with non-standard realloc implementations and + our own secmem_realloc, we divert to malloc and free here. */ + if (!a) + return gcry_malloc (n); + if (!n) + { + gcry_free (a); + return NULL; + } + if (realloc_func) p = realloc_func (a, n); else ----------------------------------------------------------------------- Summary of changes: src/ChangeLog | 4 ++++ src/global.c | 10 ++++++++++ 2 files changed, 14 insertions(+), 0 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 4 16:57:57 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 04 Apr 2011 16:57:57 +0200 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-24-gd9db921 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d9db9210b67b613f60c2f73923c53336abb74438 (commit) via 63c752291c448deabc4e7ea2e2c317e1d2c1bd46 (commit) from 934d270ff8193a5931b143ce850f66f50d03dedf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d9db9210b67b613f60c2f73923c53336abb74438 Author: Werner Koch Date: Mon Apr 4 16:27:36 2011 +0200 Fix a small memory leak in gcry_pk_get_keygrip. These are two memory leaks, one in the generic code and one ECC specific. For an RSA key the first one accounted for 10 bytes, which is not that small if applied on a large key database. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 8961676..df27bab 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,10 @@ +2011-04-04 Werner Koch + + * ecc.c (compute_keygrip): Release L1 while parsing "curve". + + * pubkey.c (gcry_pk_get_keygrip): Always release NAME and L2. + Reported by Ben Kibbey. + 2011-03-28 Werner Koch * primegen.c (_gcry_generate_elg_prime): Make sure that PRIME is diff --git a/cipher/ecc.c b/cipher/ecc.c index f809b53..bbff7ee 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1620,6 +1620,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam) tmpvalues[idx] = NULL; curve = _gcry_sexp_nth_string (l1, 1); + gcry_sexp_release (l1); if (!curve) { ec = GPG_ERR_INV_OBJ; /* Name missing or out of core. */ diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 02eeecc..27fb7f7 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -2401,6 +2401,7 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) int idx; const char *elems; gcry_md_hd_t md = NULL; + int okay = 0; REGISTER_DEFAULT_PUBKEYS; @@ -2479,16 +2480,14 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) } memcpy (array, gcry_md_read (md, GCRY_MD_SHA1), 20); - gcry_md_close (md); - gcry_sexp_release (list); - return array; + okay = 1; fail: gcry_free (name); gcry_sexp_release (l2); gcry_md_close (md); gcry_sexp_release (list); - return NULL; + return okay? array : NULL; } commit 63c752291c448deabc4e7ea2e2c317e1d2c1bd46 Author: Werner Koch Date: Mon Apr 4 16:26:41 2011 +0200 Add a test option to help finding memory leaks. diff --git a/tests/ChangeLog b/tests/ChangeLog index e25f134..0f5918a 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,8 @@ +2011-04-04 Werner Koch + + * keygrip.c (main): Add option --repetitions. + (check): Make use of it. + 2011-03-28 Werner Koch * random.c (readn): Remove used var P. diff --git a/tests/keygrip.c b/tests/keygrip.c index a33053f..adc72e7 100644 --- a/tests/keygrip.c +++ b/tests/keygrip.c @@ -31,6 +31,7 @@ #include "../src/gcrypt.h" static int verbose; +static int repetitions; @@ -143,6 +144,7 @@ check (void) gcry_error_t err; gcry_sexp_t sexp; unsigned int i; + int repn; for (i = 0; i < (sizeof (key_grips) / sizeof (*key_grips)); i++) { @@ -157,14 +159,18 @@ check (void) strlen (key_grips[i].key)); if (err) die ("scanning data %d failed: %s\n", i, gpg_strerror (err)); - ret = gcry_pk_get_keygrip (sexp, buf); - if (!ret) - die ("gcry_pk_get_keygrip failed for %d\n", i); - if ( memcmp (key_grips[i].grip, buf, sizeof (buf)) ) + for (repn=0; repn < repetitions; repn++) { - print_hex ("keygrip: ", buf, sizeof buf); - die ("keygrip for %d does not match\n", i); + ret = gcry_pk_get_keygrip (sexp, buf); + if (!ret) + die ("gcry_pk_get_keygrip failed for %d\n", i); + + if ( memcmp (key_grips[i].grip, buf, sizeof (buf)) ) + { + print_hex ("keygrip: ", buf, sizeof buf); + die ("keygrip for %d does not match\n", i); + } } gcry_sexp_release (sexp); @@ -188,12 +194,44 @@ progress_handler (void *cb_data, const char *what, int printchar, int main (int argc, char **argv) { + int last_argc = -1; int debug = 0; - if (argc > 1 && !strcmp (argv[1], "--verbose")) - verbose = 1; - else if (argc > 1 && !strcmp (argv[1], "--debug")) - verbose = debug = 1; + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose = 1; + debug = 1; + argc--; argv++; + } + else if (!strcmp (*argv, "--repetitions")) + { + argc--; argv++; + if (argc) + { + repetitions = atoi(*argv); + argc--; argv++; + } + } + } + + if (repetitions < 1) + repetitions = 1; if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); ----------------------------------------------------------------------- Summary of changes: cipher/ChangeLog | 7 ++++++ cipher/ecc.c | 1 + cipher/pubkey.c | 7 ++--- tests/ChangeLog | 5 ++++ tests/keygrip.c | 58 ++++++++++++++++++++++++++++++++++++++++++++--------- 5 files changed, 64 insertions(+), 14 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 06:06:24 2011 From: cvs at cvs.gnupg.org (by David Shaw) Date: Wed, 06 Apr 2011 06:06:24 +0200 Subject: [git] GnuPG - branch, 1.4, created. gnupg-1.4.11-14-gd64aa7b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, 1.4 has been created at d64aa7b37e840d973ff1c92b9fd27d8448cfcc5d (commit) - Log ----------------------------------------------------------------- commit d64aa7b37e840d973ff1c92b9fd27d8448cfcc5d Author: David Shaw Date: Tue Apr 5 23:27:50 2011 -0400 * photoid.c (generate_photo_id): Check for the JPEG magic numbers instead of JFIF since some programs generate an EXIF header first. This is issue 1331. diff --git a/g10/ChangeLog b/g10/ChangeLog index 8479663..19db8a4 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2011-04-05 David Shaw + + * photoid.c (generate_photo_id): Check for the JPEG magic numbers + instead of JFIF since some programs generate an EXIF header first. + This is issue 1331. + 2011-02-23 Werner Koch * Makefile.am (LDADD): Move LIBREADLINE to .. diff --git a/g10/photoid.c b/g10/photoid.c index 727a9ff..30c8f7f 100644 --- a/g10/photoid.c +++ b/g10/photoid.c @@ -1,5 +1,5 @@ /* photoid.c - photo ID handling code - * Copyright (C) 2001, 2002, 2005, 2006, 2008 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2005, 2006, 2008, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -139,8 +139,7 @@ generate_photo_id(PKT_public_key *pk,const char *photo_name) iobuf_close(file); /* Is it a JPEG? */ - if(photo[0]!=0xFF || photo[1]!=0xD8 || - photo[6]!='J' || photo[7]!='F' || photo[8]!='I' || photo[9]!='F') + if(photo[0]!=0xFF || photo[1]!=0xD8) { log_error(_("`%s' is not a JPEG file\n"),filename); xfree(photo); ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 06:17:47 2011 From: cvs at cvs.gnupg.org (by David Shaw) Date: Wed, 06 Apr 2011 06:17:47 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.11-14-gfc1680a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via fc1680abdfb02f332cfec33e9ca78a4872d9be2a (commit) from d0a9b8a9fb19c69620c91d531810397b7b34ea67 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fc1680abdfb02f332cfec33e9ca78a4872d9be2a Author: David Shaw Date: Tue Apr 5 23:47:58 2011 -0400 * photoid.c (generate_photo_id): Check for the JPEG magic numbers instead of JFIF since some programs generate an EXIF header first. This is issue 1331. diff --git a/g10/ChangeLog b/g10/ChangeLog index 8479663..19db8a4 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2011-04-05 David Shaw + + * photoid.c (generate_photo_id): Check for the JPEG magic numbers + instead of JFIF since some programs generate an EXIF header first. + This is issue 1331. + 2011-02-23 Werner Koch * Makefile.am (LDADD): Move LIBREADLINE to .. diff --git a/g10/photoid.c b/g10/photoid.c index 727a9ff..30c8f7f 100644 --- a/g10/photoid.c +++ b/g10/photoid.c @@ -1,5 +1,5 @@ /* photoid.c - photo ID handling code - * Copyright (C) 2001, 2002, 2005, 2006, 2008 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2005, 2006, 2008, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -139,8 +139,7 @@ generate_photo_id(PKT_public_key *pk,const char *photo_name) iobuf_close(file); /* Is it a JPEG? */ - if(photo[0]!=0xFF || photo[1]!=0xD8 || - photo[6]!='J' || photo[7]!='F' || photo[8]!='I' || photo[9]!='F') + if(photo[0]!=0xFF || photo[1]!=0xD8) { log_error(_("`%s' is not a JPEG file\n"),filename); xfree(photo); ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 6 ++++++ g10/photoid.c | 5 ++--- 2 files changed, 8 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 06:20:08 2011 From: cvs at cvs.gnupg.org (by David Shaw) Date: Wed, 06 Apr 2011 06:20:08 +0200 Subject: [git] GnuPG - branch, 1.4, deleted. gnupg-1.4.11-14-gd64aa7b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, 1.4 has been deleted was d64aa7b37e840d973ff1c92b9fd27d8448cfcc5d ----------------------------------------------------------------------- d64aa7b37e840d973ff1c92b9fd27d8448cfcc5d * photoid.c (generate_photo_id): Check for the JPEG magic numbers instead of JFIF since some programs generate an EXIF header first. This is issue 1331. ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 10:47:44 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Apr 2011 10:47:44 +0200 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-25-gff10bd8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ff10bd860da982d8ecad39a02156816998951e67 (commit) from d9db9210b67b613f60c2f73923c53336abb74438 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ff10bd860da982d8ecad39a02156816998951e67 Author: Werner Koch Date: Wed Apr 6 10:17:48 2011 +0200 Move an AC_SUBST to avoid an Emacs warning Recent versions of Emacs seem to have a not so strict check for local buffer variables and thus detect our emacs_local_vars subs as improper local variables. Moving them more to the top of the file helps. Another solution would have been to use m4 tricks. diff --git a/ChangeLog b/ChangeLog index e3ff5db..6df65b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2011-04-06 Werner Koch + + * configure.ac (emacs_local_vars_begin): Move more to the top to + avoid Emacs warnings. + 2011-03-30 Werner Koch * compat/compat.c (_gcry_compat_identification): Add version string. diff --git a/configure.ac b/configure.ac index f9e3593..155d679 100644 --- a/configure.ac +++ b/configure.ac @@ -338,6 +338,11 @@ default_ciphers="$available_ciphers" default_pubkey_ciphers="$available_pubkey_ciphers" default_digests="$available_digests" +# Substitutions to set generated files in a Emacs buffer to read-only. +AC_SUBST(emacs_local_vars_begin, ['Local Variables:']) +AC_SUBST(emacs_local_vars_read_only, ['buffer-read-only: t']) +AC_SUBST(emacs_local_vars_end, ['End:']) + ############################ ## Command line switches. ## ############################ @@ -1187,11 +1192,6 @@ AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", [Subversion revision used to build this package]) -# Substitutions to set generated files in a Emacs buffer to read-only. -AC_SUBST(emacs_local_vars_begin, ['Local Variables:']) -AC_SUBST(emacs_local_vars_read_only, ['buffer-read-only: t']) -AC_SUBST(emacs_local_vars_end, ['End:']) - # And create the files. AC_CONFIG_FILES([ ----------------------------------------------------------------------- Summary of changes: ChangeLog | 5 +++++ configure.ac | 10 +++++----- 2 files changed, 10 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 15:12:28 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Apr 2011 15:12:28 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.10-21-g2a9687f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 2a9687fced289571f19c95e0c759ac9eac41940c (commit) from bde039281416791eafd64bc3a7d40252e278c25a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2a9687fced289571f19c95e0c759ac9eac41940c Author: Werner Koch Date: Wed Apr 6 14:41:14 2011 +0200 Extra test for gpg-error-config script If the path to gpg-error-config was explicitly given by the user it may happen that it does not exists but AC_CHECK_TOOL may assume it still exists because it is somewhere in the PATH. The extra check avoids extra sh warnings. Note that we can't use test -x because that is not defined on some old systems. diff --git a/ChangeLog b/ChangeLog index 3745c67..9334c75 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-04-06 Werner Koch + + * src/gpg-error.m4: Test whether gpg-error-config exists. + 2011-02-23 Werner Koch * autogen.sh: Check git setup. diff --git a/src/gpg-error.m4 b/src/gpg-error.m4 index 2e5a0ab..ef07fd7 100644 --- a/src/gpg-error.m4 +++ b/src/gpg-error.m4 @@ -29,7 +29,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR], min_gpg_error_version=ifelse([$1], ,0.0,$1) AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) ok=no - if test "$GPG_ERROR_CONFIG" != "no" ; then + if test "$GPG_ERROR_CONFIG" != "no" \ + && test -f "$GPG_ERROR_CONFIG" ; then req_major=`echo $min_gpg_error_version | \ sed 's/$[[0-9]]*$\.$[[0-9]]*$/\1/'` req_minor=`echo $min_gpg_error_version | \ ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 ++++ src/gpg-error.m4 | 3 ++- 2 files changed, 6 insertions(+), 1 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 15:55:37 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Apr 2011 15:55:37 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-169-ge54fe47 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via e54fe47db8862b44a4fb669f55b45d9ec28b244d (commit) via 7e547d87d2d3c170f9e035399f4afe56c999a923 (commit) from b001a8df68c8eb33abbe879f6c7fb4db4909b6f6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e54fe47db8862b44a4fb669f55b45d9ec28b244d Author: Werner Koch Date: Wed Apr 6 14:16:52 2011 +0200 Update gpg-error.m4 diff --git a/m4/ChangeLog b/m4/ChangeLog index 21a9833..1a0cd1c 100644 --- a/m4/ChangeLog +++ b/m4/ChangeLog @@ -1,3 +1,7 @@ +2011-04-06 Werner Koch + + * gpg-error.m4: Update from current libgpg-error repo. + 2010-05-07 Werner Koch * libassuan.m4: Update from libassuan svn. diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 index e85f511..ef07fd7 100644 --- a/m4/gpg-error.m4 +++ b/m4/gpg-error.m4 @@ -1,5 +1,5 @@ # gpg-error.m4 - autoconf macro to detect libgpg-error. -# Copyright (C) 2002, 2003, 2004 g10 Code GmbH +# Copyright (C) 2002, 2003, 2004, 2011 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -14,7 +14,8 @@ dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS dnl AC_DEFUN([AM_PATH_GPG_ERROR], -[ AC_ARG_WITH(gpg-error-prefix, +[ AC_REQUIRE([AC_CANONICAL_HOST]) + AC_ARG_WITH(gpg-error-prefix, AC_HELP_STRING([--with-gpg-error-prefix=PFX], [prefix where GPG Error is installed (optional)]), gpg_error_config_prefix="$withval", gpg_error_config_prefix="") @@ -24,11 +25,12 @@ AC_DEFUN([AM_PATH_GPG_ERROR], fi fi - AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no) + AC_PATH_TOOL(GPG_ERROR_CONFIG, gpg-error-config, no) min_gpg_error_version=ifelse([$1], ,0.0,$1) AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) ok=no - if test "$GPG_ERROR_CONFIG" != "no" ; then + if test "$GPG_ERROR_CONFIG" != "no" \ + && test -f "$GPG_ERROR_CONFIG" ; then req_major=`echo $min_gpg_error_version | \ sed 's/$[[0-9]]*$\.$[[0-9]]*$/\1/'` req_minor=`echo $min_gpg_error_version | \ @@ -40,7 +42,7 @@ AC_DEFUN([AM_PATH_GPG_ERROR], sed 's/$[[0-9]]*$\.$[[0-9]]*$.*/\2/'` if test "$major" -gt "$req_major"; then ok=yes - else + else if test "$major" -eq "$req_major"; then if test "$minor" -ge "$req_minor"; then ok=yes @@ -51,8 +53,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR], if test $ok = yes; then GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` - AC_MSG_RESULT(yes) + AC_MSG_RESULT([yes ($gpg_error_config_version)]) ifelse([$2], , :, [$2]) + gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` + if test x"$gpg_error_config_host" != xnone ; then + if test x"$gpg_error_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $GPG_ERROR_CONFIG was +*** built for $gpg_error_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-gpg-error-prefix +*** to specify a matching config script. +***]]) + fi + fi else GPG_ERROR_CFLAGS="" GPG_ERROR_LIBS="" @@ -62,4 +77,3 @@ AC_DEFUN([AM_PATH_GPG_ERROR], AC_SUBST(GPG_ERROR_CFLAGS) AC_SUBST(GPG_ERROR_LIBS) ]) - commit 7e547d87d2d3c170f9e035399f4afe56c999a923 Author: Werner Koch Date: Wed Apr 6 13:45:15 2011 +0200 Insert platform dependent typedefs into gpgme.h We already modify gpgme.h per playform and thus we can also get rid of some #ifdefs. The change does not change anything for current platforms but should do the right think for W64. Note that as per MS specs ssize_t is to be defined as LONG_PTR which translates to a long on 32 bit platforms and to __int64 on 64 bit Windows platforms. We already used long in the past. There seems to be a problem with some versions of mingw32 which includes a ssize_t type typedefed to int. O(n 32 bit W32 platforms int and long are identically. diff --git a/ChangeLog b/ChangeLog index 27e7374..3163b54 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2011-04-06 Werner Koch + + * autogen.sh (--build-w32): Support option --build-w64. + * configure.ac (HAVE_W64_SYSTEM): Define. + (INSERT__TYPEDEFS_FOR_GPGME_H): New. + 2011-02-02 Marcus Brinkmann * configure.ac (NEED_LIBASSUAN_VERSION): Bump to 2.0.2 for system hooks. @@ -168,12 +174,12 @@ 2008-09-16 Marcus Brinkmann - * configure.ac (_XOPEN_SOURCE) [apple-darwin]: Define it. + * configure.ac (_XOPEN_SOURCE) [apple-darwin]: Define it. 2008-07-04 Werner Koch * config.guess, config.sub: Update to 2007-11-19. Also update - missing et al scripts. + missing et al scripts. 2008-04-01 Werner Koch @@ -252,7 +258,7 @@ * assuan/Makefile.am (INCLUDES): Include $(top_srcdir)/gpgme. * assuan/assuan.h: Include instead of trying to duplicate the definitions. - + * assuan/: Update files to 2007-07-04 version of assuan. * autogen.sh: Use = not == in test. @@ -268,7 +274,7 @@ 2007-01-29 Marcus Brinkmann Released 1.1.3. - + * configure.ac (LIBGPGME_LT_REVISION): Bump for release. 2007-01-26 Werner Koch @@ -515,7 +521,7 @@ 2004-04-06 Werner Koch Released 0.4.6. - + * config.guess, config.sub, ltmain.sh: Updated to those from libtools 1.5.4. @@ -552,8 +558,8 @@ 2004-01-12 Werner Koch Released 0.4.4. - - * configure.ac: Bumbed LT_Revision; now at C12/A1/R1. + + * configure.ac: Bumbed LT_Revision; now at C12/A1/R1. (NEED_GPGSM_VERSION): Set to 1.9.3. (min_automake_version): Added. * README.CVS: New. @@ -650,7 +656,7 @@ (AC_CONFIG_FILES): Remove bonobo/Makefile. * Makefile.am (bonobo): Remove variable. (SUBDIRS): Remove ${bonobo}. - + * configure.ac: Remove all uses of GNUPG_CHECK_TYPEDEF, for byte, ushort, ulong, u16 and u32. * acinclude.m4 (GNUPG_CHECK_TYPEDEF): Remove macro. @@ -663,7 +669,7 @@ 2002-12-23 Marcus Brinkmann * configure.ac: Bump up to 0.4.1. - + Released 0.4.0. 2002-12-23 Marcus Brinkmann @@ -708,7 +714,7 @@ 2002-09-20 Werner Koch Released 0.3.11. - + * configure.ac: Bump up LIBGPGME_LT_REVISION. * configure.ac (AC_CHECK_HEADERS): Check for sys/select.h. @@ -788,7 +794,7 @@ 2002-06-25 Werner Koch Released 0.3.8. - + * configure.ac: Bumbed LT version to 9/3/0. (NEED_GPGSM_VERSION): Need 0.3.8 due to fixed export command. @@ -844,7 +850,7 @@ * configure.ac: Bumbed version to 0.3.4-cvs to continue development. Released 0.3.4. - + * configure.ac: Bumbed LT version numbers to (7,1,0), requires gpgsm 0.3.1. @@ -863,7 +869,7 @@ * jnlib/Makefile.am: Rever to older version that includes xmalloc but not dotlock and some other files. Reported by St?phane Corth?sy. - + 2002-02-10 Marcus Brinkmann * Released 0.3.2. @@ -957,7 +963,7 @@ 2001-09-17 Werner Koch Released 0.2.3. - + * configure.in (NEED_GPG_VERSION): Set to 1.0.6. Incremented LT current and age. @@ -969,14 +975,14 @@ 2001-04-05 Werner Koch - * configure.in (NEED_GPG_VERSION): Set to 1.0.4g + * configure.in (NEED_GPG_VERSION): Set to 1.0.4g 2001-04-02 Werner Koch Released 0.2.1. Changed the copyright notices all over the place. - + 2001-02-28 Werner Koch Released 0.2.0. diff --git a/autogen.sh b/autogen.sh index 23d672a..2d07948 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,5 +1,5 @@ #! /bin/sh -# Run this to generate all the initial makefiles, etc. +# Run this to generate all the initial makefiles, etc. # # Copyright (C) 2003 g10 Code GmbH # @@ -43,7 +43,7 @@ w32ce_toolprefixes= w32ce_extraoptions= amd64_toolprefixes= # End list of optional variables sourced from ~/.gnupg-autogen.rc -# What follows are variables which are sourced but default to +# What follows are variables which are sourced but default to # environment variables or lacking them hardcoded values. #w32root= #w32ce_root= @@ -55,7 +55,7 @@ if [ -f "$HOME/.gnupg-autogen.rc" ]; then fi # Convenience option to use certain configure options for some hosts. -myhost="" +myhost="" myhostsub="" case "$1" in --build-w32) @@ -65,6 +65,10 @@ case "$1" in myhost="w32" myhostsub="ce" ;; + --build-w64) + myhost="w32" + myhostsub="64" + ;; --build-amd64) myhost="amd64" ;; @@ -95,13 +99,18 @@ if [ "$myhost" = "w32" ]; then [ -z "$w32root" ] && w32root="$HOME/w32ce_root" toolprefixes="arm-mingw32ce" ;; + 64) + w32root="$w64root" + [ -z "$w32root" ] && w32root="$HOME/w64root" + toolprefixes="amd64-mingw32msvc" + ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" toolprefixes="i586-mingw32msvc i386-mingw32msvc" ;; esac echo "Using $w32root as standard install directory" >&2 - + crossbindir= for host in $toolprefixes; do if ${host}-gcc --version >/dev/null 2>&1 ; then @@ -112,14 +121,14 @@ if [ "$myhost" = "w32" ]; then done if [ -z "$crossbindir" ]; then echo "Cross compiler kit not installed" >&2 - if [ -z "$sub" ]; then + if [ -z "$myhostsub" ]; then echo "Under Debian GNU/Linux, you may install it using" >&2 - echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 + echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 fi echo "Stop." >&2 exit 1 fi - + if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then echo "Pease run a 'make distclean' first" >&2 @@ -151,7 +160,7 @@ if [ "$myhost" = "amd64" ]; then [ -z "$amd64root" ] && amd64root="$HOME/amd64root" echo "Using $amd64root as standard install directory" >&2 - + # Locate the cross compiler crossbindir= for host in x86_64-linux-gnu amd64-linux-gnu; do @@ -166,7 +175,7 @@ if [ "$myhost" = "amd64" ]; then echo "Stop." >&2 exit 1 fi - + if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then echo "Please run a 'make distclean' first" >&2 @@ -175,7 +184,7 @@ if [ "$myhost" = "amd64" ]; then fi $tsdir/configure --enable-maintainer-mode --prefix=${amd64root} \ - --host=${host} --build=${build} + --host=${host} --build=${build} rc=$? exit $rc fi @@ -184,19 +193,19 @@ fi # Grep the required versions from configure.ac -autoconf_vers=`sed -n '/^AC_PREREQ(/ { +autoconf_vers=`sed -n '/^AC_PREREQ(/ { s/^.*($.*$)/\1/p q }' ${configure_ac}` autoconf_vers_num=`echo "$autoconf_vers" | cvtver` -automake_vers=`sed -n '/^min_automake_version=/ { +automake_vers=`sed -n '/^min_automake_version=/ { s/^.*="$.*$"/\1/p q }' ${configure_ac}` automake_vers_num=`echo "$automake_vers" | cvtver` -#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { +#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { #s/^.*($.*$)/\1/p #q #}' ${configure_ac}` @@ -233,9 +242,9 @@ fi if test "$DIE" = "yes"; then cat </dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) -AC_INIT([gpgme], +AC_INIT([gpgme], [my_version[]m4_if(my_issvn,[yes], [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])], [bug-gpgme at gnupg.org]) @@ -132,16 +132,19 @@ G13_DEFAULT=no component_system=None have_dosish_system=no have_w32_system=no +have_w64_system=no build_w32_glib=no build_w32_qt=no case "${host}" in + x86_64-*mingw32*) + have_w64_system=yes + ;; *-mingw32ce*) have_w32ce_system=yes ;; esac case "${host}" in *-mingw32ce*|*-mingw32*) - # special stuff for Windoze NT have_dosish_system=yes have_w32_system=yes GPG_DEFAULT='c:\\gnupg\\gpg.exe' @@ -187,20 +190,31 @@ esac if test "$have_dosish_system" = yes; then AC_DEFINE(HAVE_DOSISH_SYSTEM,1, - [Defined if we run on some of the PCDOS like systems + [Defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2) with special properties like no file modes]) fi AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes) if test "$have_w32_system" = yes; then - AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) + AC_DEFINE(HAVE_W32_SYSTEM,1, + [Defined if we run on any kind of W32 API based system]) + ACSUBST fi AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) + +if test "$have_w64_system" = yes; then + AC_DEFINE(HAVE_W64_SYSTEM,1, + [Defined if we run on a 64 bit W32 API based system]) +fi +AM_CONDITIONAL(HAVE_W64_SYSTEM, test "$have_w64_system" = yes) + if test "$have_w32ce_system" = yes; then - AC_DEFINE(HAVE_W32CE_SYSTEM,1, [Defined if we run on a W32 CE API based system]) + AC_DEFINE(HAVE_W32CE_SYSTEM,1, + [Defined if we run on a W32 CE API based system]) fi AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes) + AM_CONDITIONAL(BUILD_W32_GLIB, test "$build_w32_glib" = yes) AM_CONDITIONAL(BUILD_W32_QT, test "$build_w32_qt" = yes) @@ -233,6 +247,22 @@ case "$ac_cv_sys_file_offset_bits" in esac AC_SUBST(NEED__FILE_OFFSET_BITS) +# Figure out platform dependent typedefs for gpgme.h +if test "$have_w32_system" = yes; then + if test "$have_w64_system" = yes; then + INSERT__TYPEDEFS_FOR_GPGME_H="/* Typedefs for the 64 bit W32 API. */ +#include +typedef long off_t; +typedef __int64 ssize_t;" + else + INSERT__TYPEDEFS_FOR_GPGME_H="/* Typedefs for the 32 bit W32 API. */ +typedef long off_t; +typedef long ssize_t;" + fi +else + INSERT__TYPEDEFS_FOR_GPGME_H="#include " +fi +AC_SUBST(INSERT__TYPEDEFS_FOR_GPGME_H) # Checks for compiler features. if test "$GCC" = yes; then @@ -835,7 +865,7 @@ AM_CONDITIONAL(BUILD_COMPLUS, test "$component_system" = "COM+") # Generate values for the DLL version info if test "$have_w32_system" = yes; then BUILD_TIMESTAMP=`date --iso-8601=minutes` - changequote(,)dnl + changequote(,)dnl BUILD_FILEVERSION=`echo "$VERSION" | sed 's/$[0-9.]*$.*/\1./;s/\./,/g'` changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}${BUILD_REVISION}" @@ -857,7 +887,7 @@ AH_VERBATIM([SEPCONSTANTS], AH_BOTTOM([ /* Definition of GCC specific attributes. */ -#if __GNUC__ > 2 +#if __GNUC__ > 2 # define GPGME_GCC_A_PURE __attribute__ ((__pure__)) #else # define GPGME_GCC_A_PURE @@ -868,7 +898,7 @@ AH_BOTTOM([ ]) -# Substitution used for gpgme-config +# Substitution used for gpgme-config GPGME_CONFIG_LIBS="-lgpgme" GPGME_CONFIG_CFLAGS="" AC_SUBST(GPGME_CONFIG_API_VERSION) @@ -917,10 +947,10 @@ fi # -# Create config files +# Create config files AC_CONFIG_FILES(Makefile src/Makefile - tests/Makefile + tests/Makefile tests/gpg/Makefile tests/gpgsm/Makefile tests/opassuan/Makefile diff --git a/src/ChangeLog b/src/ChangeLog index 94200bc..07b62bd 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2011-04-06 Werner Koch + + * gpgme.h.in: Use INSERT__TYPEDEFS_FOR_GPGME_H to include platform + specific typedefs. + 2011-02-03 Werner Koch * extra-stati.h: New. @@ -18,7 +23,7 @@ (is_socket): Remove function. (_gpgme_io_spawn) [HAVE_W32CE_SYSTEM]: Remove some dead code. (_gpgme_io_spawn): Translate handles before DuplicateHandle them. - + 2011-02-02 Marcus Brinkmann * w32-util.c (mkstemp): Don't use CreateFile instead of open (the @@ -7074,7 +7079,8 @@ * data.c (gpgme_data_rewind): Allow to rewind data_type_none. - Copyright 2001,2002,2003,2004,2005,2006,2007,2008,2009 g10 Code GmbH + Copyright 2001,2002,2003,2004,2005,2006,2007,2008,2009,2010, + 2011 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/src/gpgme.h.in b/src/gpgme.h.in index a70ff2a..e75de19 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -4,20 +4,20 @@ 2010 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, see . - + File: @configure_input@ */ #ifndef GPGME_H @@ -34,12 +34,7 @@ /* Include stdio.h for the FILE type definition. */ #include -#ifdef _WIN32 - typedef long off_t; - typedef long ssize_t; -#else -# include -#endif + at INSERT__TYPEDEFS_FOR_GPGME_H@ #include @@ -233,7 +228,7 @@ gpgme_pubkey_algo_t; /* Hash algorithms from libgcrypt. */ typedef enum { - GPGME_MD_NONE = 0, + GPGME_MD_NONE = 0, GPGME_MD_MD5 = 1, GPGME_MD_SHA1 = 2, GPGME_MD_RMD160 = 3, @@ -341,7 +336,7 @@ typedef enum GPGME_PROTOCOL_GPGCONF = 2, /* Special code for gpgconf. */ GPGME_PROTOCOL_ASSUAN = 3, /* Low-level access to an Assuan server. */ GPGME_PROTOCOL_G13 = 4, - GPGME_PROTOCOL_UISERVER= 5, + GPGME_PROTOCOL_UISERVER= 5, GPGME_PROTOCOL_DEFAULT = 254, GPGME_PROTOCOL_UNKNOWN = 255 } @@ -367,7 +362,7 @@ typedef unsigned int gpgme_export_mode_t; /* Flags for the audit log functions. */ -#define GPGME_AUDITLOG_HTML 1 +#define GPGME_AUDITLOG_HTML 1 #define GPGME_AUDITLOG_WITH_HELP 128 @@ -523,7 +518,7 @@ struct _gpgme_engine_info /* The file name of the engine binary. */ char *file_name; - + /* The version string of the installed engine. */ char *version; @@ -576,7 +571,7 @@ struct _gpgme_subkey /* Internal to GPGME, do not use. */ unsigned int _unused : 21; - + /* Public key algorithm supported by this subkey. */ gpgme_pubkey_algo_t pubkey_algo; @@ -688,7 +683,7 @@ struct _gpgme_user_id unsigned int _unused : 30; /* The validity of the user ID. */ - gpgme_validity_t validity; + gpgme_validity_t validity; /* The user ID string. */ char *uid; @@ -1718,7 +1713,7 @@ struct _gpgme_trust_item /* The calculated validity. */ char *validity; - + /* Internal to GPGME, do not use. */ char _validity[2]; @@ -1772,13 +1767,13 @@ int gpgme_trust_item_get_int_attr (gpgme_trust_item_t item, _gpgme_attr_t what, available GPG_ERR_NO_DATA is returned. */ gpgme_error_t gpgme_op_getauditlog_start (gpgme_ctx_t ctx, gpgme_data_t output, unsigned int flags); -gpgme_error_t gpgme_op_getauditlog (gpgme_ctx_t ctx, gpgme_data_t output, +gpgme_error_t gpgme_op_getauditlog (gpgme_ctx_t ctx, gpgme_data_t output, unsigned int flags); /* Low-level Assuan protocol access. */ -typedef gpgme_error_t (*gpgme_assuan_data_cb_t) +typedef gpgme_error_t (*gpgme_assuan_data_cb_t) (void *opaque, const void *data, size_t datalen); typedef gpgme_error_t (*gpgme_assuan_inquire_cb_t) @@ -1790,7 +1785,7 @@ typedef gpgme_error_t (*gpgme_assuan_status_cb_t) /* Send the Assuan COMMAND and return results via the callbacks. Asynchronous variant. */ -gpgme_error_t gpgme_op_assuan_transact_start (gpgme_ctx_t ctx, +gpgme_error_t gpgme_op_assuan_transact_start (gpgme_ctx_t ctx, const char *command, gpgme_assuan_data_cb_t data_cb, void *data_cb_value, @@ -1801,7 +1796,7 @@ gpgme_error_t gpgme_op_assuan_transact_start (gpgme_ctx_t ctx, /* Send the Assuan COMMAND and return results via the callbacks. Synchronous variant. */ -gpgme_error_t gpgme_op_assuan_transact_ext (gpgme_ctx_t ctx, +gpgme_error_t gpgme_op_assuan_transact_ext (gpgme_ctx_t ctx, const char *command, gpgme_assuan_data_cb_t data_cb, void *data_cb_value, @@ -1931,7 +1926,7 @@ typedef struct gpgme_conf_arg typedef struct gpgme_conf_opt { struct gpgme_conf_opt *next; - + /* The option name. */ char *name; @@ -1954,7 +1949,7 @@ typedef struct gpgme_conf_opt /* The default value. */ gpgme_conf_arg_t default_value; char *default_description; - + /* The default value if the option is not set. */ gpgme_conf_arg_t no_arg_value; char *no_arg_description; @@ -1987,7 +1982,7 @@ typedef struct gpgme_conf_comp char *description; /* The program name (an absolute path to the program). */ - char *program_name; + char *program_name; /* A linked list of options for this component. */ struct gpgme_conf_opt *options; @@ -2013,7 +2008,7 @@ gpgme_error_t gpgme_conf_opt_change (gpgme_conf_opt_t opt, int reset, /* Release a set of configurations. */ void gpgme_conf_release (gpgme_conf_comp_t conf); - + /* Retrieve the current configurations. */ gpgme_error_t gpgme_op_conf_load (gpgme_ctx_t ctx, gpgme_conf_comp_t *conf_p); ----------------------------------------------------------------------- Summary of changes: ChangeLog | 38 +++++++++++++++++++-------------- autogen.sh | 41 ++++++++++++++++++++++-------------- configure.ac | 62 ++++++++++++++++++++++++++++++++++++++++-------------- m4/ChangeLog | 4 +++ m4/gpg-error.m4 | 28 ++++++++++++++++++------ src/ChangeLog | 10 +++++++- src/gpgme.h.in | 45 +++++++++++++++++---------------------- 7 files changed, 146 insertions(+), 82 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 20:39:43 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Apr 2011 20:39:43 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-170-gcdefec0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via cdefec02b385dcf3302e47d380812c3450e8713c (commit) from e54fe47db8862b44a4fb669f55b45d9ec28b244d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cdefec02b385dcf3302e47d380812c3450e8713c Author: Werner Koch Date: Wed Apr 6 20:10:45 2011 +0200 gpgme-config cleanups and --host option gpgme-config.in: Add option --host. Change options --cflags and --libs to collapse duplicate include and lib dirs. Try to put extra libs at the end. Note that gpgme.m4 has not yet been extended. diff --git a/ChangeLog b/ChangeLog index 3163b54..cb88a8b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ * autogen.sh (--build-w32): Support option --build-w64. * configure.ac (HAVE_W64_SYSTEM): Define. (INSERT__TYPEDEFS_FOR_GPGME_H): New. + (GPGME_CONFIG_HOST): New. 2011-02-02 Marcus Brinkmann @@ -992,7 +993,7 @@ * autogen.sh: Added option --build-w32. - Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 g10 Code GmbH + Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2011 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/configure.ac b/configure.ac index b0f6e48..3aed5f7 100644 --- a/configure.ac +++ b/configure.ac @@ -901,9 +901,11 @@ AH_BOTTOM([ # Substitution used for gpgme-config GPGME_CONFIG_LIBS="-lgpgme" GPGME_CONFIG_CFLAGS="" +GPGME_CONFIG_HOST="$host" AC_SUBST(GPGME_CONFIG_API_VERSION) AC_SUBST(GPGME_CONFIG_LIBS) AC_SUBST(GPGME_CONFIG_CFLAGS) +AC_SUBST(GPGME_CONFIG_HOST) # Frob'da Variables LTLIBOBJS=`echo "$LIB@&t at OBJS" | diff --git a/src/ChangeLog b/src/ChangeLog index 07b62bd..cf5a5ef 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-04-06 Werner Koch + * gpgme-config.in: Add option --host. Change options --cflags and + --libs to collapse duplicate include and lib dirs. Try to put + extra libs at the end. + * gpgme.h.in: Use INSERT__TYPEDEFS_FOR_GPGME_H to include platform specific typedefs. diff --git a/src/gpgme-config.in b/src/gpgme-config.in index 33ab456..db8c7ef 100644 --- a/src/gpgme-config.in +++ b/src/gpgme-config.in @@ -11,14 +11,16 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ -includedir=@includedir@ -libdir=@libdir@ # Make sure that no weird locale setting messes up our sed regexps etc. LC_COLLATE=C LC_ALL=C LANG=C +# GPGME's own cflags and libs +cflags="-I at includedir@" +libs="-L at libdir@" + # Network libraries. assuan_cflags="@LIBASSUAN_CFLAGS@" assuan_libs="@LIBASSUAN_LIBS@" @@ -55,6 +57,7 @@ Options: [--exec-prefix] [--version] [--api-version] + [--host] [--libs] [--cflags] [--get-gpg] @@ -101,46 +104,75 @@ while test $# -gt 0; do echo "@GPGME_CONFIG_API_VERSION@" exit 0 ;; + --host) + echo "@GPGME_CONFIG_HOST@" + exit 0 + ;; --cflags) - if test "x$includedir" != "x/usr/include" -a "x$includedir" != "x/include"; then - output="$output -I$includedir" - fi + result= + tmp_c= + tmp_g= case "$thread_module" in - pthread) - output="$output $cflags_pthread" - ;; - pth) - output="$output $cflags_pth" - ;; + pthread) tmp_c="$cflags_pthread" ;; + pth) tmp_c="$cflags_pth" ;; esac - output="$output $assuan_cflags $gpg_error_cflags" - if test "x$with_glib" = "xyes"; then - output="$output $glib_cflags" - fi - ;; + test "x$with_glib" = "xyes" && tmp_g="$cflags_glib" + for i in $cflags $tmp_c $assuan_cflags $gpg_error_cflags $tmp_g ; do + skip=no + case $i in + -I/usr/include|-I/include) + skip=yes + ;; + -I*) + for j in $result ; do + if test x"$j" = x"$i" ; then + skip=yes + break; + fi + done + ;; + esac + if test $skip = no ; then + result="$result $i" + fi + done + output="$output $result" + ;; --libs) - if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib"; then - output="$output -L$libdir" - fi + result= + tmp_x= case "$thread_module" in - pthread) - output="$output -lgpgme-pthread $libs_pthread" - ;; - pth) - output="$output -lgpgme-pth $libs_pth" - ;; + pthread) tmp_l="-lgpgme-pthread"; tmp_x="$libs_pthread" ;; + pth) tmp_l="-lgpgme-pth"; tmp_x="$libs_pth" ;; *) - if test "x$with_glib" = "xyes"; then - output="$output -lgpgme-glib" + if test "x$with_glib" = "xyes" ; then + tmp_l="-lgpgme-glib" + tmp_x="$libs_glib" else - output="$output -lgpgme" + tmp_l="-lgpgme" fi ;; esac - output="$output $assuan_libs $gpg_error_libs" - if test "x$with_glib" = "xyes"; then - output="$output $glib_cflags" - fi + for i in $libs $tmp_l $assuan_libs $gpg_error_libs $tmp_x; do + skip=no + case $i in + -L/usr/lib|-L/lib) + skip=yes + ;; + -L*|-l*) + for j in $result ; do + if test x"$j" = x"$i" ; then + skip=yes + break; + fi + done + ;; + esac + if test $skip = no ; then + result="$result $i" + fi + done + output="$output $result" ;; --thread=*) for thread_mod in $thread_modules; do ----------------------------------------------------------------------- Summary of changes: ChangeLog | 3 +- configure.ac | 2 + src/ChangeLog | 4 ++ src/gpgme-config.in | 96 ++++++++++++++++++++++++++++++++++----------------- 4 files changed, 72 insertions(+), 33 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 21:07:22 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Apr 2011 21:07:22 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.1-36-ga0e05ba Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via a0e05baf1b11fa30e1dd949350b2066a902deab8 (commit) via 2b00b4753c05922eea07a89aee42da1be0ef3ee2 (commit) from b20e8f085cec6465b64a0d17772e663418791d5f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a0e05baf1b11fa30e1dd949350b2066a902deab8 Author: Werner Koch Date: Wed Apr 6 17:09:13 2011 +0200 Prepare for building for a W64 host. diff --git a/ChangeLog b/ChangeLog index d460fce..821ab7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2011-04-06 Werner Koch + * autogen.sh: Check the git setup. Add option --build-w64. + * configure.ac (HAVE_W64_SYSTEM): Define. + * m4/gpg-error.m4: Update from current libgpg-error repo. 2011-03-28 Werner Koch diff --git a/autogen.sh b/autogen.sh index fa8005c..30a247a 100755 --- a/autogen.sh +++ b/autogen.sh @@ -65,6 +65,10 @@ case "$1" in myhost="w32" myhostsub="ce" ;; + --build-w64) + myhost="w32" + myhostsub="64" + ;; --build-amd64) myhost="amd64" ;; @@ -95,6 +99,11 @@ if [ "$myhost" = "w32" ]; then [ -z "$w32root" ] && w32root="$HOME/w32ce_root" toolprefixes="arm-mingw32ce" ;; + 64) + w32root="$w64root" + [ -z "$w32root" ] && w32root="$HOME/w64root" + toolprefixes="amd64-mingw32msvc" + ;; *) [ -z "$w32root" ] && w32root="$HOME/w32root" toolprefixes="i586-mingw32msvc i386-mingw32msvc" @@ -112,7 +121,7 @@ if [ "$myhost" = "w32" ]; then done if [ -z "$crossbindir" ]; then echo "Cross compiler kit not installed" >&2 - if [ -z "$sub" ]; then + if [ -z "$myhostsub" ]; then echo "Under Debian GNU/Linux, you may install it using" >&2 echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 fi diff --git a/configure.ac b/configure.ac index d29c82e..582c01e 100644 --- a/configure.ac +++ b/configure.ac @@ -169,6 +169,7 @@ fi # have_dosish_system=no have_w32_system=no +have_w64_system=no have_w32ce_system=no case "${host}" in *-linux*) @@ -176,6 +177,10 @@ case "${host}" in CFLAGS="$CFLAGS -fPIC -DPIC" fi ;; + x86_64-*mingw32*) + have_w32_system=yes + have_w64_system=yes + ;; *-mingw32ce*) have_dosish_system=yes have_w32_system=yes @@ -202,6 +207,10 @@ dnl AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes) if test "$have_w32_system" = yes; then AC_DEFINE(HAVE_W32_SYSTEM,1,[Defined if we run on a W32 API based system]) + if test "$have_w64_system" = yes; then + AC_DEFINE(HAVE_W64_SYSTEM,1, + [Defined if we run on a 64 bit W32 API based system]) + fi if test "$have_w32ce_system" = yes; then AC_DEFINE(HAVE_W32CE_SYSTEM,1,[Defined if we run on WindowsCE]) fi @@ -222,6 +231,7 @@ AC_SUBST(BUILD_TIMESTAMP) AC_SUBST(BUILD_FILEVERSION) AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes) +AM_CONDITIONAL(HAVE_W64_SYSTEM, test "$have_w64_system" = yes) # Check for network libraries. They are needed for tests. commit 2b00b4753c05922eea07a89aee42da1be0ef3ee2 Author: Werner Koch Date: Wed Apr 6 17:00:42 2011 +0200 Update gpg-error.me and add check for the git hook diff --git a/ChangeLog b/ChangeLog index c26fbf7..d460fce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-04-06 Werner Koch + + * m4/gpg-error.m4: Update from current libgpg-error repo. + 2011-03-28 Werner Koch * configure.ac (AC_CHECK_HEADERS): Check for sys/select.h which is diff --git a/README.SVN b/README.GIT similarity index 70% rename from README.SVN rename to README.GIT index bf8d002..ee2c638 100644 --- a/README.SVN +++ b/README.GIT @@ -1,9 +1,11 @@ -If you are building from Subversion, run the script +If you are building from GIT, run the script ./autogen.sh first, to make sure that you have all the necessary maintainer tools -are installed and to build the actual configuration files. Then run +are installed and to build the actual configuration files. If you +have just checked out from GIT, you should add the option "--force" to +autogen.sh so that meta data is noticed by autom4te.cache. Then run ./configure --enable-maintainer-mode @@ -14,7 +16,7 @@ tools, or the tools are not installed, you may use environment variables to override the default tool names: AUTOMAKE_SUFFIX is used as a suffix for all tools from the automake - package. For example + package. For example AUTOMAKE_SUFFIX="-1.7" ./autogen.sh uses "automake-1.7" and "aclocal-1.7. AUTOMAKE_PREFIX is used as a prefix for all tools from the automake @@ -35,17 +37,13 @@ It is also possible to use the variable name AUTOMAKE, AUTOCONF, ACLOCAL, AUTOHEADER, GETTEXT and MSGMERGE to directly specify the name of the programs to run. It is however better to use the suffix and prefix forms as described above because that does not require -knowledge about the actual tools used by autgen.sh. +knowledge about the actual tools used by autogen.sh. Please don't use autopoint, libtoolize or autoreconf unless you are the current maintainer and want to update the standard configuration -files. All those files should be in the repository and only updated -manually if the maintainer decides that newer versions are required. -The maintainer should also make sure that the required version of -automake et al. are properly indicated at the top of configure.ac and -take care to copy the files and not merely use symlinks. - - - - +files. All those files should be in GIT and only updated manually +if the maintainer decides that newer versions are required. The +maintainer should also make sure that the required version of automake +et al. are properly indicated at the top of configure.ac and take care +to copy the files and not merely use symlinks. diff --git a/autogen.sh b/autogen.sh index cb2ee93..fa8005c 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,5 +1,5 @@ #! /bin/sh -# Run this to generate all the initial makefiles, etc. +# Run this to generate all the initial makefiles, etc. # # Copyright (C) 2003 g10 Code GmbH # @@ -43,7 +43,7 @@ w32ce_toolprefixes= w32ce_extraoptions= amd64_toolprefixes= # End list of optional variables sourced from ~/.gnupg-autogen.rc -# What follows are variables which are sourced but default to +# What follows are variables which are sourced but default to # environment variables or lacking them hardcoded values. #w32root= #w32ce_root= @@ -55,7 +55,7 @@ if [ -f "$HOME/.gnupg-autogen.rc" ]; then fi # Convenience option to use certain configure options for some hosts. -myhost="" +myhost="" myhostsub="" case "$1" in --build-w32) @@ -101,7 +101,7 @@ if [ "$myhost" = "w32" ]; then ;; esac echo "Using $w32root as standard install directory" >&2 - + crossbindir= for host in $toolprefixes; do if ${host}-gcc --version >/dev/null 2>&1 ; then @@ -112,14 +112,14 @@ if [ "$myhost" = "w32" ]; then done if [ -z "$crossbindir" ]; then echo "Cross compiler kit not installed" >&2 - if [ -z "$sub" ]; then + if [ -z "$sub" ]; then echo "Under Debian GNU/Linux, you may install it using" >&2 - echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 + echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 fi echo "Stop." >&2 exit 1 fi - + if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then echo "Pease run a 'make distclean' first" >&2 @@ -150,7 +150,7 @@ if [ "$myhost" = "amd64" ]; then [ -z "$amd64root" ] && amd64root="$HOME/amd64root" echo "Using $amd64root as standard install directory" >&2 - + # Locate the cross compiler crossbindir= for host in x86_64-linux-gnu amd64-linux-gnu; do @@ -165,7 +165,7 @@ if [ "$myhost" = "amd64" ]; then echo "Stop." >&2 exit 1 fi - + if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then echo "Please run a 'make distclean' first" >&2 @@ -174,7 +174,7 @@ if [ "$myhost" = "amd64" ]; then fi $tsdir/configure --enable-maintainer-mode --prefix=${amd64root} \ - --host=${host} --build=${build} + --host=${host} --build=${build} rc=$? exit $rc fi @@ -183,19 +183,19 @@ fi # Grep the required versions from configure.ac -autoconf_vers=`sed -n '/^AC_PREREQ(/ { +autoconf_vers=`sed -n '/^AC_PREREQ(/ { s/^.*($.*$)/\1/p q }' ${configure_ac}` autoconf_vers_num=`echo "$autoconf_vers" | cvtver` -automake_vers=`sed -n '/^min_automake_version=/ { +automake_vers=`sed -n '/^min_automake_version=/ { s/^.*="$.*$"/\1/p q }' ${configure_ac}` automake_vers_num=`echo "$automake_vers" | cvtver` -#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { +#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { #s/^.*($.*$)/\1/p #q #}' ${configure_ac}` @@ -232,13 +232,29 @@ fi if test "$DIE" = "yes"; then cat <&2 +*** Activating trailing whitespace git pre-commit hook. *** + For more information see this thread: + http://mail.gnome.org/archives/desktop-devel-list/2009-May/msg00084html + To deactivate this pre-commit hook again move .git/hooks/pre-commit + and .git/hooks/pre-commit.sample out of the way. +EOF + cp -av .git/hooks/pre-commit.sample .git/hooks/pre-commit + chmod -c +x .git/hooks/pre-commit + fi +fi + + echo "Running aclocal -I m4 ${ACLOCAL_FLAGS:+$ACLOCAL_FLAGS }..." $ACLOCAL -I m4 $ACLOCAL_FLAGS echo "Running autoheader..." @@ -248,6 +264,6 @@ $AUTOMAKE --gnu; echo "Running autoconf${FORCE} ..." $AUTOCONF${FORCE} -echo "You may now run +echo "You may now run ./configure --enable-maintainer-mode && make " diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 index e85f511..ef07fd7 100644 --- a/m4/gpg-error.m4 +++ b/m4/gpg-error.m4 @@ -1,5 +1,5 @@ # gpg-error.m4 - autoconf macro to detect libgpg-error. -# Copyright (C) 2002, 2003, 2004 g10 Code GmbH +# Copyright (C) 2002, 2003, 2004, 2011 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -14,7 +14,8 @@ dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS dnl AC_DEFUN([AM_PATH_GPG_ERROR], -[ AC_ARG_WITH(gpg-error-prefix, +[ AC_REQUIRE([AC_CANONICAL_HOST]) + AC_ARG_WITH(gpg-error-prefix, AC_HELP_STRING([--with-gpg-error-prefix=PFX], [prefix where GPG Error is installed (optional)]), gpg_error_config_prefix="$withval", gpg_error_config_prefix="") @@ -24,11 +25,12 @@ AC_DEFUN([AM_PATH_GPG_ERROR], fi fi - AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no) + AC_PATH_TOOL(GPG_ERROR_CONFIG, gpg-error-config, no) min_gpg_error_version=ifelse([$1], ,0.0,$1) AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) ok=no - if test "$GPG_ERROR_CONFIG" != "no" ; then + if test "$GPG_ERROR_CONFIG" != "no" \ + && test -f "$GPG_ERROR_CONFIG" ; then req_major=`echo $min_gpg_error_version | \ sed 's/$[[0-9]]*$\.$[[0-9]]*$/\1/'` req_minor=`echo $min_gpg_error_version | \ @@ -40,7 +42,7 @@ AC_DEFUN([AM_PATH_GPG_ERROR], sed 's/$[[0-9]]*$\.$[[0-9]]*$.*/\2/'` if test "$major" -gt "$req_major"; then ok=yes - else + else if test "$major" -eq "$req_major"; then if test "$minor" -ge "$req_minor"; then ok=yes @@ -51,8 +53,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR], if test $ok = yes; then GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` - AC_MSG_RESULT(yes) + AC_MSG_RESULT([yes ($gpg_error_config_version)]) ifelse([$2], , :, [$2]) + gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` + if test x"$gpg_error_config_host" != xnone ; then + if test x"$gpg_error_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $GPG_ERROR_CONFIG was +*** built for $gpg_error_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-gpg-error-prefix +*** to specify a matching config script. +***]]) + fi + fi else GPG_ERROR_CFLAGS="" GPG_ERROR_LIBS="" @@ -62,4 +77,3 @@ AC_DEFUN([AM_PATH_GPG_ERROR], AC_SUBST(GPG_ERROR_CFLAGS) AC_SUBST(GPG_ERROR_LIBS) ]) - ----------------------------------------------------------------------- Summary of changes: ChangeLog | 7 +++++ README.SVN => README.GIT | 24 ++++++++---------- autogen.sh | 59 ++++++++++++++++++++++++++++++++------------- configure.ac | 10 +++++++ m4/gpg-error.m4 | 28 ++++++++++++++++----- 5 files changed, 91 insertions(+), 37 deletions(-) rename README.SVN => README.GIT (70%) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 6 21:25:35 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 06 Apr 2011 21:25:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-171-g3bd6538 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 3bd6538bf504e49200eed46438a19d385f866a06 (commit) from cdefec02b385dcf3302e47d380812c3450e8713c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3bd6538bf504e49200eed46438a19d385f866a06 Author: Werner Koch Date: Wed Apr 6 20:57:23 2011 +0200 Add an AC_SUBST_NOTMAKE Without that the multiline INSERT__TYPEDEFS_FOR_GPGME_H would be expanded in the Makefiles and mess them up. diff --git a/configure.ac b/configure.ac index 3aed5f7..3ab7708 100644 --- a/configure.ac +++ b/configure.ac @@ -263,6 +263,7 @@ else INSERT__TYPEDEFS_FOR_GPGME_H="#include " fi AC_SUBST(INSERT__TYPEDEFS_FOR_GPGME_H) +AM_SUBST_NOTMAKE(INSERT__TYPEDEFS_FOR_GPGME_H) # Checks for compiler features. if test "$GCC" = yes; then ----------------------------------------------------------------------- Summary of changes: configure.ac | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 8 15:34:11 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 08 Apr 2011 15:34:11 +0200 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-26-g50c35d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 50c35d1f2a0c8cb1f7480ba0bd046088b636afb9 (commit) from ff10bd860da982d8ecad39a02156816998951e67 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 50c35d1f2a0c8cb1f7480ba0bd046088b636afb9 Author: Werner Koch Date: Fri Apr 8 14:59:25 2011 +0200 Add a few comments to explain the generation of k. diff --git a/cipher/dsa.c b/cipher/dsa.c index d7631a1..0d8abcf 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -141,6 +141,11 @@ gen_k( gcry_mpi_t q ) unsigned int nbytes = (nbits+7)/8; char *rndbuf = NULL; + /* To learn why we don't use mpi_mod to get the requested bit size, + read the paper: "The Insecurity of the Digital Signature + Algorithm with Partially Known Nonces" by Nguyen and Shparlinski. + Journal of Cryptology, New York. Vol 15, nr 3 (2003) */ + if ( DBG_CIPHER ) log_debug("choosing a random k "); for (;;) @@ -156,13 +161,20 @@ gen_k( gcry_mpi_t q ) else { /* Change only some of the higher bits. We could improve this by directly requesting more memory at the first call - to get_random_bytes() and use this the here maybe it is - easier to do this directly in random.c. */ + to get_random_bytes() and use these extra bytes here. + However the required management code is more complex and + thus we better use this simple method. */ char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM ); memcpy( rndbuf,pp, 4 ); gcry_free(pp); } _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 ); + + /* Make sure we have the requested number of bits. This code + looks a bit funny but it is easy to understand if you + consider that mpi_set_highbit clears all higher bits. We + don't have a clear_highbit, thus we first set the high bit + and then clear it again. */ if ( mpi_test_bit( k, nbits-1 ) ) mpi_set_highbit( k, nbits-1 ); else ----------------------------------------------------------------------- Summary of changes: cipher/dsa.c | 16 ++++++++++++++-- 1 files changed, 14 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 11 22:09:11 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 Apr 2011 22:09:11 +0200 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-29-g8ecc561 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 8ecc5614cc40a2d37c3ca704d06470a38c76983d (commit) via eaee23fe56ca2d6bbbde8e883568b6b46445a240 (commit) via 3c18377a55085faf4df745034056bac53565effa (commit) from 50c35d1f2a0c8cb1f7480ba0bd046088b636afb9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8ecc5614cc40a2d37c3ca704d06470a38c76983d Author: Werner Koch Date: Mon Apr 11 21:39:55 2011 +0200 Fix double free in gcry_pk_get_keygrip. This was introduced by the previous memleak change. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index ce955a1..2a28b20 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,5 +1,7 @@ 2011-04-11 Werner Koch + * pubkey.c (gcry_pk_get_keygrip): Avoid double free of L2. + * cipher.c (_gcry_cipher_setctr): Clear unused lastiv info. (gcry_cipher_ctl) : Implement by calling _gcry_cipher_setctr. diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 27fb7f7..0fd87f9 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -2468,6 +2468,7 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) gcry_md_write (md, buf, strlen (buf)); gcry_md_write (md, data, datalen); gcry_sexp_release (l2); + l2 = NULL; gcry_md_write (md, ")", 1); } } commit eaee23fe56ca2d6bbbde8e883568b6b46445a240 Author: Werner Koch Date: Mon Apr 11 21:36:48 2011 +0200 CTR mode may now be used with arbitrary long data chunks. diff --git a/NEWS b/NEWS index add5152..b8d50e5 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,8 @@ Noteworthy changes in version 1.5.x (unreleased) * New cipher algorithm mode for AES-WRAP. [also in 1.4.6] + * CTR mode may now be used with data chunks of arbitrary length. + * Fixed minor memory leak in DSA key generation. [also in 1.4.5] * No more switching to FIPS mode if /proc/version is not diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 4cde857..ce955a1 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,5 +1,10 @@ 2011-04-11 Werner Koch + * cipher.c (_gcry_cipher_setctr): Clear unused lastiv info. + (gcry_cipher_ctl) : Implement by calling + _gcry_cipher_setctr. + (do_ctr_encrypt): Save last counter and reuse it. + * cipher.c (do_ctr_encrypt): Allow arbitrary length inputs to match the 1.4 behaviour. diff --git a/cipher/cipher.c b/cipher/cipher.c index e5bb2e0..90fdb17 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -219,8 +219,9 @@ struct gcry_cipher_handle unsigned char ctr[MAX_BLOCKSIZE]; } u_ctr; + /* Space to save an IV or CTR for chaining operations. */ unsigned char lastiv[MAX_BLOCKSIZE]; - int unused; /* Number of unused bytes in the IV. */ + int unused; /* Number of unused bytes in LASTIV. */ /* What follows are two contexts of the cipher in use. The first one needs to be aligned well enough for the cipher operation @@ -1456,6 +1457,22 @@ do_ctr_encrypt (gcry_cipher_hd_t c, if (outbuflen < inbuflen) return GPG_ERR_BUFFER_TOO_SHORT; + /* First process a left over encrypted counter. */ + if (c->unused) + { + gcry_assert (c->unused < blocksize); + i = blocksize - c->unused; + for (n=0; c->unused && n < inbuflen; c->unused--, n++, i++) + { + /* XOR input with encrypted counter and store in output. */ + outbuf[n] = inbuf[n] ^ c->lastiv[i]; + } + inbuf += n; + outbuf += n; + inbuflen -= n; + } + + /* Use a bulk method if available. */ nblocks = inbuflen / blocksize; if (nblocks && c->bulk.ctr_enc) @@ -1490,6 +1507,12 @@ do_ctr_encrypt (gcry_cipher_hd_t c, outbuf[n] = inbuf[n] ^ tmp[n % blocksize]; } + /* Save the unused bytes of the counter. */ + n %= blocksize; + c->unused = (blocksize - n) % blocksize; + if (c->unused) + memcpy (c->lastiv+n, tmp+n, c->unused); + wipememory (tmp, sizeof tmp); } @@ -1884,9 +1907,15 @@ gpg_error_t _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen) { if (ctr && ctrlen == hd->cipher->blocksize) - memcpy (hd->u_ctr.ctr, ctr, hd->cipher->blocksize); + { + memcpy (hd->u_ctr.ctr, ctr, hd->cipher->blocksize); + hd->unused = 0; + } else if (!ctr || !ctrlen) - memset (hd->u_ctr.ctr, 0, hd->cipher->blocksize); + { + memset (hd->u_ctr.ctr, 0, hd->cipher->blocksize); + hd->unused = 0; + } else return gpg_error (GPG_ERR_INV_ARG); return 0; @@ -1945,12 +1974,7 @@ gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) break; case GCRYCTL_SET_CTR: /* Deprecated; use gcry_cipher_setctr. */ - if (buffer && buflen == h->cipher->blocksize) - memcpy (h->u_ctr.ctr, buffer, h->cipher->blocksize); - else if (buffer == NULL || buflen == 0) - memset (h->u_ctr.ctr, 0, h->cipher->blocksize); - else - rc = GPG_ERR_INV_ARG; + rc = gpg_err_code (_gcry_cipher_setctr (h, buffer, buflen)); break; case 61: /* Disable weak key detection (private). */ diff --git a/tests/ChangeLog b/tests/ChangeLog index 3793149..ccaf3bd 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -2,7 +2,7 @@ * basic.c (mismatch): New. (check_ctr_cipher): Remove length error code checks. Add - truncation checks. + truncation and streaming checks. 2011-04-04 Werner Koch diff --git a/tests/basic.c b/tests/basic.c index a20e731..2216476 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -365,7 +365,7 @@ check_ctr_cipher (void) unsigned char plaintext[MAX_DATA_LEN]; int inlen; char out[MAX_DATA_LEN]; - } data[5]; + } data[8]; } tv[] = { /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ @@ -470,6 +470,54 @@ check_ctr_cipher (void) {"", 0, "" } } }, + /* Tests to see whether it works correctly as a stream cipher. */ + { GCRY_CIPHER_AES, + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + 16, + "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, + {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", + 15, + "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, + {"\x51\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", + 17, + "\xff\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e\x5b\x4f\x09\x02\x0d\xb0\x3e\xab" }, + {"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + 16, + "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" }, + + { "", 0, "" } + } + }, + { GCRY_CIPHER_AES, + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + {{"\x6b", + 1, + "\x87" }, + {"\xc1\xbe", + 2, + "\x4d\x61" }, + {"\xe2\x2e\x40", + 3, + "\x91\xb6\x20" }, + {"\x9f", + 1, + "\xe3" }, + {"\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + 9, + "\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, + {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", + 15, + "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, + {"\x51\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", + 9, + "\xff\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e" }, + + { "", 0, "" } + } + }, #if USE_CAST5 /* A selfmade test vector using an 64 bit block cipher. */ { GCRY_CIPHER_CAST5, commit 3c18377a55085faf4df745034056bac53565effa Author: Werner Koch Date: Mon Apr 11 19:21:47 2011 +0200 Allow for truncation in CTR mode. This re-enables the behaviour of Libgcrypt 1.4. Such truncation is used by libotr and the current error-ed out here. The bug was introduced due to a rewrite of the function and the undocumented feature of truncating OTR data. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index df27bab..4cde857 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,8 @@ +2011-04-11 Werner Koch + + * cipher.c (do_ctr_encrypt): Allow arbitrary length inputs to + match the 1.4 behaviour. + 2011-04-04 Werner Koch * ecc.c (compute_keygrip): Release L1 while parsing "curve". diff --git a/cipher/cipher.c b/cipher/cipher.c index a2f8bb9..e5bb2e0 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -1453,22 +1453,22 @@ do_ctr_encrypt (gcry_cipher_hd_t c, unsigned int blocksize = c->cipher->blocksize; unsigned int nblocks; - /* FIXME: This code does only work on complete blocks. */ - if (outbuflen < inbuflen) return GPG_ERR_BUFFER_TOO_SHORT; - if ((inbuflen % blocksize)) - return GPG_ERR_INV_LENGTH; - + /* Use a bulk method if available. */ nblocks = inbuflen / blocksize; if (nblocks && c->bulk.ctr_enc) { c->bulk.ctr_enc (&c->context.c, c->u_ctr.ctr, outbuf, inbuf, nblocks); inbuf += nblocks * blocksize; outbuf += nblocks * blocksize; + inbuflen -= nblocks * blocksize; } - else + + /* If we don't have a bulk method use the standard method. We also + use this method for the a remaining partial block. */ + if (inbuflen) { unsigned char tmp[MAX_BLOCKSIZE]; diff --git a/tests/ChangeLog b/tests/ChangeLog index 0f5918a..3793149 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,9 @@ +2011-04-11 Werner Koch + + * basic.c (mismatch): New. + (check_ctr_cipher): Remove length error code checks. Add + truncation checks. + 2011-04-04 Werner Koch * keygrip.c (main): Add option --repetitions. diff --git a/tests/basic.c b/tests/basic.c index 185091e..a20e731 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -69,6 +69,22 @@ fail (const char *format, ...) } static void +mismatch (const void *expected, size_t expectedlen, + const void *computed, size_t computedlen) +{ + const unsigned char *p; + + fprintf (stderr, "expected:"); + for (p = expected; expectedlen; p++, expectedlen--) + fprintf (stderr, " %02x", *p); + fprintf (stderr, "\ncomputed:"); + for (p = computed; computedlen; p++, computedlen--) + fprintf (stderr, " %02x", *p); + fprintf (stderr, "\n"); +} + + +static void die (const char *format, ...) { va_list arg_ptr; @@ -349,8 +365,7 @@ check_ctr_cipher (void) unsigned char plaintext[MAX_DATA_LEN]; int inlen; char out[MAX_DATA_LEN]; - } - data[MAX_DATA_LEN]; + } data[5]; } tv[] = { /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ @@ -369,6 +384,8 @@ check_ctr_cipher (void) { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 16, "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" }, + + { "", 0, "" } } }, { GCRY_CIPHER_AES192, @@ -387,6 +404,7 @@ check_ctr_cipher (void) { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 16, "\x4f\x78\xa7\xf6\xd2\x98\x09\x58\x5a\x97\xda\xec\x58\xc6\xb0\x50" }, + { "", 0, "" } } }, { GCRY_CIPHER_AES256, @@ -404,7 +422,80 @@ check_ctr_cipher (void) "\x2b\x09\x30\xda\xa2\x3d\xe9\x4c\xe8\x70\x17\xba\x2d\x84\x98\x8d" }, { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 16, - "\xdf\xc9\xc5\x8d\xb6\x7a\xad\xa6\x13\xc2\xdd\x08\x45\x79\x41\xa6" } + "\xdf\xc9\xc5\x8d\xb6\x7a\xad\xa6\x13\xc2\xdd\x08\x45\x79\x41\xa6" }, + { "", 0, "" } + } + }, + /* Some truncation tests. With a truncated second block and + also with a single truncated block. */ + { GCRY_CIPHER_AES, + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + 16, + "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, + {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", + 15, + "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, + {"", 0, "" } + } + }, + { GCRY_CIPHER_AES, + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + 16, + "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, + {"\xae", + 1, + "\x98" }, + {"", 0, "" } + } + }, + { GCRY_CIPHER_AES, + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17", + 15, + "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6" }, + {"", 0, "" } + } + }, + { GCRY_CIPHER_AES, + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + {{"\x6b", + 1, + "\x87" }, + {"", 0, "" } + } + }, +#if USE_CAST5 + /* A selfmade test vector using an 64 bit block cipher. */ + { GCRY_CIPHER_CAST5, + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8", + {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + 16, + "\xe8\xa7\xac\x68\xca\xca\xa0\x20\x10\xcb\x1b\xcc\x79\x2c\xc4\x48" }, + {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c", + 8, + "\x16\xe8\x72\x77\xb0\x98\x29\x68" }, + {"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", + 8, + "\x9a\xb3\xa8\x03\x3b\xb4\x14\xba" }, + {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\xa1\x00", + 10, + "\x31\x5e\xd3\xfb\x1b\x8d\xd1\xf9\xb0\x83" }, + { "", 0, "" } + } + }, +#endif /*USE_CAST5*/ + { 0, + "", + "", + { + {"", 0, "" } } } }; @@ -417,6 +508,9 @@ check_ctr_cipher (void) fprintf (stderr, " Starting CTR cipher checks.\n"); for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) { + if (!tv[i].algo) + continue; + err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0); if (!err) err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0); @@ -485,7 +579,11 @@ check_ctr_cipher (void) } if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) - fail ("aes-ctr, encrypt mismatch entry %d:%d\n", i, j); + { + fail ("aes-ctr, encrypt mismatch entry %d:%d\n", i, j); + mismatch (tv[i].data[j].out, tv[i].data[j].inlen, + out, tv[i].data[j].inlen); + } err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0); if (err) @@ -498,7 +596,11 @@ check_ctr_cipher (void) } if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) - fail ("aes-ctr, decrypt mismatch entry %d:%d\n", i, j); + { + fail ("aes-ctr, decrypt mismatch entry %d:%d\n", i, j); + mismatch (tv[i].data[j].plaintext, tv[i].data[j].inlen, + out, tv[i].data[j].inlen); + } } @@ -509,18 +611,6 @@ check_ctr_cipher (void) if (err) fail ("aes-ctr, encryption failed for valid input"); - err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, - "1234567890123456", 15); - if (gpg_err_code (err) != GPG_ERR_INV_LENGTH) - fail ("aes-ctr, too short input returned wrong error: %s\n", - gpg_strerror (err)); - - err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, - "12345678901234567", 17); - if (gpg_err_code (err) != GPG_ERR_INV_LENGTH) - fail ("aes-ctr, too long input returned wrong error: %s\n", - gpg_strerror (err)); - err = gcry_cipher_encrypt (hde, out, 15, "1234567890123456", 16); if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) @@ -545,18 +635,6 @@ check_ctr_cipher (void) if (err) fail ("aes-ctr, decryption failed for valid input"); - err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN, - "1234567890123456", 15); - if (gpg_err_code (err) != GPG_ERR_INV_LENGTH) - fail ("aes-ctr, too short input returned wrong error: %s\n", - gpg_strerror (err)); - - err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN, - "12345678901234567", 17); - if (gpg_err_code (err) != GPG_ERR_INV_LENGTH) - fail ("aes-ctr, too long input returned wrong error: %s\n", - gpg_strerror (err)); - err = gcry_cipher_decrypt (hde, out, 15, "1234567890123456", 16); if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) ----------------------------------------------------------------------- Summary of changes: NEWS | 2 + cipher/ChangeLog | 12 ++++ cipher/cipher.c | 52 +++++++++++---- cipher/pubkey.c | 1 + tests/ChangeLog | 6 ++ tests/basic.c | 184 +++++++++++++++++++++++++++++++++++++++++++++--------- 6 files changed, 214 insertions(+), 43 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 12 18:49:25 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 Apr 2011 18:49:25 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-42-gf8c5395 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f8c5395fbd24b9811807d7601e22b38af9f5126c (commit) via a9edbfb3a316e8c1bfa0373c39ad69a1e1c29080 (commit) via 944bf8f5b550bdbab292e7fadd0016b341c7bef9 (commit) via 893b455a3da5b5af2214657ead0a4994102c2714 (commit) via f1e9f510ec70f2bb64f1b61b2b040d8d3103af32 (commit) via 4206a2bd486f02072c8ba2731f4fade46c2a5581 (commit) from b9bcc77d6ca13463c2e4bede91fc1782795f1eae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f8c5395fbd24b9811807d7601e22b38af9f5126c Author: Werner Koch Date: Tue Apr 12 18:20:46 2011 +0200 Use macros for the 120 and 900s cache TTLs. diff --git a/agent/ChangeLog b/agent/ChangeLog index d4cea79..21cd0c4 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,15 +1,18 @@ -2011-04-10 Ben Kibbey +2011-04-12 Werner Koch - * command.c: (cmd_passwd): Add option --preset. + * agent.h (CACHE_TTL_NONCE, CACHE_TTL_OPT_PRESET): New. + * command.c (cmd_passwd, cmd_import_key): Use new macros. + * genkey.c (agent_genkey): Ditto. 2011-04-10 Ben Kibbey - * command.c: (cmd_genkey): Add option --preset. - * genkey.c: (agent_genkey): Add parameter preset. + * command.c (cmd_passwd): Add option --preset. + * command.c (cmd_genkey): Add option --preset. + * genkey.c (agent_genkey): Add parameter preset. 2011-04-06 Ben Kibbey - * command.c: (do_one_keyinfo): Add protection type field. + * command.c (do_one_keyinfo): Add protection type field. 2011-03-10 Werner Koch diff --git a/agent/agent.h b/agent/agent.h index d5aaec8..20a617f 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -217,6 +217,12 @@ typedef enum } cache_mode_t; +/* The TTL is seconds used for adding a new nonce mode cache item. */ +#define CACHE_TTL_NONCE 120 + +/* The TTL in seconds used by the --preset option of some commands. */ +#define CACHE_TTL_OPT_PRESET 900 + /* The type of a function to lookup a TTL by a keygrip. */ typedef int (*lookup_ttl_t)(const char *hexgrip); diff --git a/agent/command.c b/agent/command.c index 8655c99..e5243ed 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1411,7 +1411,7 @@ cmd_learn (assuan_context_t ctx, char *line) static const char hlp_passwd[] = - "PASSWD [--cache-nonce=] [--passwd-nonce=] [--preset] \n" + "PASSWD [--cache-nonce=] [--passwd-nonce=] [--preset] \n" "\n" "Change the passphrase/PIN for the key identified by keygrip in LINE. When\n" "--preset is used then the new passphrase will be added to the cache.\n"; @@ -1501,7 +1501,7 @@ cmd_passwd (assuan_context_t ctx, char *line) } if (cache_nonce && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, - passphrase, 120 /*seconds*/)) + passphrase, CACHE_TTL_NONCE)) { assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); xfree (ctrl->server_local->last_cache_nonce); @@ -1521,7 +1521,7 @@ cmd_passwd (assuan_context_t ctx, char *line) } if (passwd_nonce && !agent_put_cache (passwd_nonce, CACHE_MODE_NONCE, - newpass, 120 /*seconds*/)) + newpass, CACHE_TTL_NONCE)) { assuan_write_status (ctx, "PASSWD_NONCE", passwd_nonce); xfree (ctrl->server_local->last_passwd_nonce); @@ -1532,7 +1532,8 @@ cmd_passwd (assuan_context_t ctx, char *line) { char hexgrip[40+1]; bin2hex(grip, 20, hexgrip); - err = agent_put_cache (hexgrip, CACHE_MODE_ANY, newpass, 900); + err = agent_put_cache (hexgrip, CACHE_MODE_ANY, newpass, + CACHE_TTL_OPT_PRESET); } } } @@ -1844,7 +1845,7 @@ cmd_import_key (assuan_context_t ctx, char *line) } if (cache_nonce && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, - passphrase, 120 /*seconds*/)) + passphrase, CACHE_TTL_NONCE)) assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); } } diff --git a/agent/genkey.c b/agent/genkey.c index 95e0a64..30e698f 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -432,7 +432,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, if (cache_nonce && !no_protection && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, - passphrase, 900 /*seconds*/)) + passphrase, CACHE_TTL_OPT_PRESET)) agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); if (preset && !no_protection) { @@ -441,7 +441,8 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, if (gcry_pk_get_keygrip (s_private, grip)) { bin2hex(grip, 20, hexgrip); - rc = agent_put_cache (hexgrip, CACHE_MODE_ANY, passphrase, 900); + rc = agent_put_cache (hexgrip, CACHE_MODE_ANY, passphrase, + CACHE_TTL_OPT_PRESET); } } } commit a9edbfb3a316e8c1bfa0373c39ad69a1e1c29080 Author: Ben Kibbey Date: Sun Apr 10 16:06:18 2011 -0400 Added PASSWD --preset. diff --git a/agent/ChangeLog b/agent/ChangeLog index 83ad651..d4cea79 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,5 +1,9 @@ 2011-04-10 Ben Kibbey + * command.c: (cmd_passwd): Add option --preset. + +2011-04-10 Ben Kibbey + * command.c: (cmd_genkey): Add option --preset. * genkey.c: (agent_genkey): Add parameter preset. diff --git a/agent/command.c b/agent/command.c index 0121a20..8655c99 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1411,9 +1411,10 @@ cmd_learn (assuan_context_t ctx, char *line) static const char hlp_passwd[] = - "PASSWD [--cache-nonce=] [--passwd-nonce=] \n" + "PASSWD [--cache-nonce=] [--passwd-nonce=] [--preset] \n" "\n" - "Change the passphrase/PIN for the key identified by keygrip in LINE."; + "Change the passphrase/PIN for the key identified by keygrip in LINE. When\n" + "--preset is used then the new passphrase will be added to the cache.\n"; static gpg_error_t cmd_passwd (assuan_context_t ctx, char *line) { @@ -1427,7 +1428,9 @@ cmd_passwd (assuan_context_t ctx, char *line) unsigned char *shadow_info = NULL; char *passphrase = NULL; char *pend; + int opt_preset; + opt_preset = has_option (line, "--preset"); cache_nonce = option_value (line, "--cache-nonce"); if (cache_nonce) { @@ -1525,6 +1528,12 @@ cmd_passwd (assuan_context_t ctx, char *line) ctrl->server_local->last_passwd_nonce = passwd_nonce; passwd_nonce = NULL; } + if (opt_preset) + { + char hexgrip[40+1]; + bin2hex(grip, 20, hexgrip); + err = agent_put_cache (hexgrip, CACHE_MODE_ANY, newpass, 900); + } } } xfree (newpass); commit 944bf8f5b550bdbab292e7fadd0016b341c7bef9 Author: Ben Kibbey Date: Sun Apr 10 09:37:18 2011 -0400 Added GENKEY --preset to add the passphrase of the generated key to the cache. diff --git a/agent/ChangeLog b/agent/ChangeLog index b05c174..83ad651 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2011-04-10 Ben Kibbey + + * command.c: (cmd_genkey): Add option --preset. + * genkey.c: (agent_genkey): Add parameter preset. + 2011-04-06 Ben Kibbey * command.c: (do_one_keyinfo): Add protection type field. diff --git a/agent/agent.h b/agent/agent.h index 3e01897..d5aaec8 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -313,7 +313,7 @@ gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, char **r_passphrase); int agent_genkey (ctrl_t ctrl, const char *cache_nonce, const char *keyparam, size_t keyparmlen, - int no_protection, membuf_t *outbuf); + int no_protection, int preset, membuf_t *outbuf); gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, char **passphrase_addr); diff --git a/agent/command.c b/agent/command.c index d53ca5e..0121a20 100644 --- a/agent/command.c +++ b/agent/command.c @@ -831,7 +831,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) static const char hlp_genkey[] = - "GENKEY [--no-protection] []\n" + "GENKEY [--no-protection] [--preset] []\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" @@ -843,6 +843,9 @@ static const char hlp_genkey[] = " S: D (public-key\n" " S: D (rsa (n 326487324683264) (e 10001)))\n" " S: OK key created\n" + "\n" + "When the --preset option is used the passphrase for the generated\n" + "key will be added to the cache.\n" "\n"; static gpg_error_t cmd_genkey (assuan_context_t ctx, char *line) @@ -854,8 +857,10 @@ cmd_genkey (assuan_context_t ctx, char *line) size_t valuelen; membuf_t outbuf; char *cache_nonce = NULL; + int opt_preset; char *p; + opt_preset = has_option (line, "--preset"); no_protection = has_option (line, "--no-protection"); line = skip_options (line); @@ -874,7 +879,7 @@ cmd_genkey (assuan_context_t ctx, char *line) init_membuf (&outbuf, 512); rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection, - &outbuf); + opt_preset, &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); diff --git a/agent/genkey.c b/agent/genkey.c index f70526d..95e0a64 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -357,7 +357,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, int agent_genkey (ctrl_t ctrl, const char *cache_nonce, const char *keyparam, size_t keyparamlen, int no_protection, - membuf_t *outbuf) + int preset, membuf_t *outbuf) { gcry_sexp_t s_keyparam, s_key, s_private, s_public; char *passphrase; @@ -434,6 +434,16 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 900 /*seconds*/)) agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); + if (preset && !no_protection) + { + unsigned char grip[20]; + char hexgrip[40+1]; + if (gcry_pk_get_keygrip (s_private, grip)) + { + bin2hex(grip, 20, hexgrip); + rc = agent_put_cache (hexgrip, CACHE_MODE_ANY, passphrase, 900); + } + } } xfree (passphrase); passphrase = NULL; commit 893b455a3da5b5af2214657ead0a4994102c2714 Author: Ben Kibbey Date: Wed Apr 6 19:23:05 2011 -0400 Added KEYINFO field to show the protection type of a key. This differs from the second field which shows the location of the key. diff --git a/agent/ChangeLog b/agent/ChangeLog index 5f14306..b05c174 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,7 @@ +2011-04-06 Ben Kibbey + + * command.c: (do_one_keyinfo): Add protection type field. + 2011-03-10 Werner Koch * protect.c (hash_passphrase): Use the new gcry_kdf_derive. diff --git a/agent/command.c b/agent/command.c index 9df72aa..d53ca5e 100644 --- a/agent/command.c +++ b/agent/command.c @@ -938,7 +938,7 @@ static const char hlp_keyinfo[] = "available keys are returned. The information is returned as a\n" "status line unless --data was specified, with this format:\n" "\n" - " KEYINFO \n" + " KEYINFO \n" "\n" "KEYGRIP is the keygrip.\n" "\n" @@ -957,6 +957,11 @@ static const char hlp_keyinfo[] = "CACHED is 1 if the passphrase for the key was found in the key cache.\n" " If not, a '-' is used instead.\n" "\n" + "PROTECTION describes the key protection type:\n" + " 'P' - The key is protected with a passphrase,\n" + " 'C' - The key is not protected,\n" + " '-' - Unknown protection.\n" + "\n" "More information may be added in the future."; static gpg_error_t do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, @@ -970,6 +975,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, char *idstr = NULL; const char *keytypestr; const char *cached; + const char *protectionstr; char *pw; err = agent_key_info_from_file (ctrl, grip, &keytype, &shadow_info); @@ -979,13 +985,17 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, /* Reformat the grip so that we use uppercase as good style. */ bin2hex (grip, 20, hexgrip); - if (keytype == PRIVATE_KEY_CLEAR - || keytype == PRIVATE_KEY_PROTECTED) - keytypestr = "D"; - else if (keytype == PRIVATE_KEY_SHADOWED) - keytypestr = "T"; - else - keytypestr = "-"; + switch (keytype) + { + case PRIVATE_KEY_CLEAR: protectionstr = "C"; keytypestr = "D"; + break; + case PRIVATE_KEY_PROTECTED: protectionstr = "P"; keytypestr = "D"; + break; + case PRIVATE_KEY_SHADOWED: protectionstr = "-"; keytypestr = "T"; + break; + default: protectionstr = "-"; keytypestr = "-"; + break; + } /* Here we have a little race by doing the cache check separately from the retrieval function. Given that the cache flag is only a @@ -1008,15 +1018,16 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, serialno? serialno : "-", idstr? idstr : "-", cached, + protectionstr, NULL); else { char *string; - string = xtryasprintf ("%s %s %s %s %s\n", + string = xtryasprintf ("%s %s %s %s %s %s\n", hexgrip, keytypestr, serialno? serialno : "-", - idstr? idstr : "-", cached); + idstr? idstr : "-", cached, protectionstr); if (!string) err = gpg_error_from_syserror (); else commit f1e9f510ec70f2bb64f1b61b2b040d8d3103af32 Author: Werner Koch Date: Tue Apr 12 16:30:08 2011 +0200 Add code for explicit selection of pooled A records. To better cope with round robin pooled A records like keys.gnupg.net we need to keep some information on unresponsive hosts etc. What we do now is to resolve the hostnames, remember them and select a random one. If a host is dead it will be marked and a different one selected. This is intended to solve the problem of long timeouts due to unresponsive hosts. The code is not yet finished but selection works. diff --git a/common/ChangeLog b/common/ChangeLog index 6253867..ba7794e 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,7 @@ +2011-04-01 Werner Koch + + * sysutils.c (get_uint_nonce): New. + 2011-03-03 Werner Koch * estream.c (struct estream_list): Rename to estream_list_s and diff --git a/common/sysutils.c b/common/sysutils.c index a94d1fc..648e70f 100644 --- a/common/sysutils.c +++ b/common/sysutils.c @@ -150,6 +150,17 @@ get_session_marker (size_t *rlen) return marker; } +/* Return a random number in an unsigned int. */ +unsigned int +get_uint_nonce (void) +{ + unsigned int value; + + gcry_create_nonce (&value, sizeof value); + return value; +} + + #if 0 /* not yet needed - Note that this will require inclusion of cmacros.am in Makefile.am */ diff --git a/common/sysutils.h b/common/sysutils.h index a2f74f9..3559b34 100644 --- a/common/sysutils.h +++ b/common/sysutils.h @@ -41,6 +41,7 @@ void trap_unaligned (void); int disable_core_dumps (void); int enable_core_dumps (void); const unsigned char *get_session_marker (size_t *rlen); +unsigned int get_uint_nonce (void); /*int check_permissions (const char *path,int extension,int checkonly);*/ void gnupg_sleep (unsigned int seconds); int translate_sys2libc_fd (gnupg_fd_t fd, int for_write); diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index bb40fe1..f7ac887 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,3 +1,13 @@ +2011-04-12 Werner Koch + + * ks-engine-hkp.c (ks_hkp_search, ks_hkp_get, ks_hkp_put): Factor + code out to .. + (make_host_part): new. + (hostinfo_s): New. + (create_new_hostinfo, find_hostinfo, sort_hostpool) + (select_random_host, map_host, mark_host_dead) + (ks_hkp_print_hosttable): New. + 2011-02-23 Werner Koch * certcache.c (get_cert_bysubject): Take care of a NULL argument. diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index 1f876d0..14de4d6 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -76,7 +76,7 @@ ks_action_help (ctrl_t ctrl, const char *url) return err; } - /* Call all engines to geive them a chance to print a help sting. */ + /* Call all engines to give them a chance to print a help sting. */ err = ks_hkp_help (ctrl, parsed_uri); if (!err) err = ks_http_help (ctrl, parsed_uri); diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 5ad61fd..0dd9a64 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -17,12 +17,20 @@ * along with this program; if not, see . */ +#warning fixme Windows part not yet done #include #include #include #include #include +#ifdef HAVE_W32_SYSTEM +# include +#else /*!HAVE_W32_SYSTEM*/ +# include +# include +# include +#endif /*!HAVE_W32_SYSTEM*/ #include "dirmngr.h" #include "misc.h" @@ -36,6 +44,359 @@ /* How many redirections do we allow. */ #define MAX_REDIRECTS 2 +/* Objects used to maintain information about hosts. */ +struct hostinfo_s; +typedef struct hostinfo_s *hostinfo_t; +struct hostinfo_s +{ + time_t lastfail; /* Time we tried to connect and failed. */ + time_t lastused; /* Time of last use. */ + int *pool; /* A -1 terminated array with indices into + HOSTTABLE or NULL if NAME is not a pool + name. */ + int poolidx; /* Index into POOL with the used host. */ + unsigned int v4:1; /* Host supports AF_INET. */ + unsigned int v6:1; /* Host supports AF_INET6. */ + unsigned int dead:1; /* Host is currently unresponsive. */ + char name[1]; /* The hostname. */ +}; + + +/* An array of hostinfo_t for all hosts requested by the caller or + resolved from a pool name and its allocated size.*/ +static hostinfo_t *hosttable; +static int hosttable_size; + +/* The number of host slots we initally allocate for HOSTTABLE. */ +#define INITIAL_HOSTTABLE_SIZE 10 + + +/* Create a new hostinfo object, fill in NAME and put it into + HOSTTABLE. Return the index into hosttable on success or -1 on + error. */ +static int +create_new_hostinfo (const char *name) +{ + hostinfo_t hi, *newtable; + int newsize; + int idx, rc; + + hi = xtrymalloc (sizeof *hi + strlen (name)); + if (!hi) + return -1; + strcpy (hi->name, name); + hi->pool = NULL; + hi->poolidx = -1; + hi->lastused = (time_t)(-1); + hi->lastfail = (time_t)(-1); + hi->v4 = 0; + hi->v6 = 0; + + /* Add it to the hosttable. */ + for (idx=0; idx < hosttable_size; idx++) + if (!hosttable[idx]) + { + hosttable[idx] = hi; + return idx; + } + /* Need to extend the hosttable. */ + newsize = hosttable_size + INITIAL_HOSTTABLE_SIZE; + newtable = xtryrealloc (hosttable, newsize * sizeof *hosttable); + if (!newtable) + { + xfree (hi); + return -1; + } + hosttable = newtable; + idx = hosttable_size; + hosttable_size = newsize; + rc = idx; + hosttable[idx++] = hi; + while (idx < hosttable_size) + hosttable[idx++] = NULL; + + return rc; +} + + +/* Find the host NAME in our table. Return the index into the + hosttable or -1 if not found. */ +static int +find_hostinfo (const char *name) +{ + int idx; + + for (idx=0; idx < hosttable_size; idx++) + if (hosttable[idx] && !ascii_strcasecmp (hosttable[idx]->name, name)) + return idx; + return -1; +} + + +static int +sort_hostpool (const void *xa, const void *xb) +{ + int a = *(int *)xa; + int b = *(int *)xb; + + assert (a >= 0 && a < hosttable_size); + assert (b >= 0 && b < hosttable_size); + assert (hosttable[a]); + assert (hosttable[b]); + + return ascii_strcasecmp (hosttable[a]->name, hosttable[b]->name); +} + + +/* Select a random host. Consult TABLE which indices into the global + hosttable. Returns index into TABLE or -1 if no host could be + selected. */ +static int +select_random_host (int *table) +{ + int *tbl; + size_t tblsize; + int pidx, idx; + + /* We create a new table so that we select only from currently alive + hosts. */ + for (idx=0, tblsize=0; (pidx = table[idx]) != -1; idx++) + if (hosttable[pidx] && !hosttable[pidx]->dead) + tblsize++; + if (!tblsize) + return -1; /* No hosts. */ + + tbl = xtrymalloc (tblsize * sizeof *tbl); + if (!tbl) + return -1; + for (idx=0, tblsize=0; (pidx = table[idx]) != -1; idx++) + if (hosttable[pidx] && !hosttable[pidx]->dead) + tbl[tblsize++] = pidx; + + if (tblsize == 1) /* Save a get_uint_nonce. */ + pidx = tbl[0]; + else + pidx = get_uint_nonce () % tblsize; + + xfree (tbl); + return pidx; +} + + +/* Map the host name NAME to the actual to be used host name. This + allows us to manage round robin DNS names. We use our own strategy + to choose one of the hosts. For example we skip those hosts which + failed for some time and we stick to one host for a time + independent of DNS retry times. */ +static char * +map_host (const char *name) +{ + hostinfo_t hi; + int idx; + + /* No hostname means localhost. */ + if (!name || !*name) + return xtrystrdup ("localhost"); + + /* See whether the host is in our table. */ + idx = find_hostinfo (name); + if (idx == -1) + { + /* We never saw this host. Allocate a new entry. */ + struct addrinfo hints, *aibuf, *ai; + int *reftbl; + size_t reftblsize; + int refidx; + + reftblsize = 100; + reftbl = xmalloc (reftblsize * sizeof *reftbl); + if (!reftbl) + return NULL; + refidx = 0; + + idx = create_new_hostinfo (name); + if (idx == -1) + { + xfree (reftbl); + return NULL; + } + hi = hosttable[idx]; + + /* Find all A records for this entry and put them into the pool + list - if any. */ + memset (&hints, 0, sizeof (hints)); + hints.ai_socktype = SOCK_STREAM; + if (!getaddrinfo (name, NULL, &hints, &aibuf)) + { + for (ai = aibuf; ai; ai = ai->ai_next) + { + char tmphost[NI_MAXHOST]; + int tmpidx; + int ec; + int i; + + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + log_printhex ("getaddrinfo returned", ai->ai_addr,ai->ai_addrlen); + if ((ec=getnameinfo (ai->ai_addr, ai->ai_addrlen, + tmphost, sizeof tmphost, + NULL, 0, NI_NAMEREQD))) + log_info ("getnameinfo failed while checking `%s': %s\n", + name, gai_strerror (ec)); + else if (refidx+1 >= reftblsize) + { + log_error ("getnameinfo returned for `%s': `%s'" + " [index table full - ignored]\n", name, tmphost); + } + else + { + + if ((tmpidx = find_hostinfo (tmphost)) != -1) + { + log_info ("getnameinfo returned for `%s': `%s'" + " [already known]\n", name, tmphost); + if (ai->ai_family == AF_INET) + hosttable[tmpidx]->v4 = 1; + if (ai->ai_family == AF_INET6) + hosttable[tmpidx]->v6 = 1; + + for (i=0; i < refidx; i++) + if (reftbl[i] == tmpidx) + break; + if (!(i < refidx) && tmpidx != idx) + reftbl[refidx++] = tmpidx; + } + else + { + log_info ("getnameinfo returned for `%s': `%s'\n", + name, tmphost); + /* Create a new entry. */ + tmpidx = create_new_hostinfo (tmphost); + if (tmpidx == -1) + log_error ("map_host for `%s' problem: %s - `%s'" + " [ignored]\n", + name, strerror (errno), tmphost); + else + { + if (ai->ai_family == AF_INET) + hosttable[tmpidx]->v4 = 1; + if (ai->ai_family == AF_INET6) + hosttable[tmpidx]->v6 = 1; + + for (i=0; i < refidx; i++) + if (reftbl[i] == tmpidx) + break; + if (!(i < refidx) && tmpidx != idx) + reftbl[refidx++] = tmpidx; + } + } + } + } + } + reftbl[refidx] = -1; + if (refidx) + { + assert (!hi->pool); + hi->pool = xtryrealloc (reftbl, (refidx+1) * sizeof *reftbl); + if (!hi->pool) + { + log_error ("shrinking index table in map_host failed: %s\n", + strerror (errno)); + xfree (reftbl); + } + qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool); + } + else + xfree (reftbl); + } + + hi = hosttable[idx]; + if (hi->pool) + { + /* If the currently selected host is now marked dead, force a + re-selection . */ + if (hi->poolidx >= 0 && hi->poolidx < hosttable_size + && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) + hi->poolidx = -1; + + /* Select a host if needed. */ + if (hi->poolidx == -1) + { + hi->poolidx = select_random_host (hi->pool); + if (hi->poolidx == -1) + { + log_error ("no alive host found in pool `%s'\n", name); + return NULL; + } + } + + assert (hi->poolidx >= 0 && hi->poolidx < hosttable_size); + hi = hosttable[hi->poolidx]; + assert (hi); + } + + if (hi->dead) + { + log_error ("host `%s' marked as dead\n", hi->name); + return NULL; + } + + return xtrystrdup (hi->name); +} + + +/* Mark the host NAME as dead. */ +static void +mark_host_dead (const char *name) +{ + hostinfo_t hi; + int idx; + + if (!name || !*name || !strcmp (name, "localhost")) + return; + + idx = find_hostinfo (name); + if (idx == -1) + return; + hi = hosttable[idx]; + log_info ("marking host `%s' as dead%s\n", hi->name, hi->dead? " (again)":""); + hi->dead = 1; +} + + +/* Debug function to print the entire hosttable. */ +void +ks_hkp_print_hosttable (void) +{ + int idx, idx2; + hostinfo_t hi; + + for (idx=0; idx < hosttable_size; idx++) + if ((hi=hosttable[idx])) + { + log_info ("hosttable %3d %s %s %s %s\n", + idx, hi->v4? "4":" ", hi->v6? "6":" ", + hi->dead? "d":" ", hi->name); + if (hi->pool) + { + log_info (" -->"); + for (idx2=0; hi->pool[idx2] != -1; idx2++) + { + log_printf (" %d", hi->pool[idx2]); + if (hi->poolidx == idx2) + log_printf ("*"); + } + log_printf ("\n"); + /* for (idx2=0; hi->pool[idx2] != -1; idx2++) */ + /* log_info (" (%s)\n", */ + /* hosttable[hi->pool[idx2]]->name); */ + } + } +} + + + /* Print a help output for the schemata supported by this module. */ gpg_error_t ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri) @@ -57,6 +418,44 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri) } +/* Build the remote part or the URL from SCHEME, HOST and an optional + PORT. Returns an allocated string or NULL on failure and sets + ERRNO. */ +static char * +make_host_part (const char *scheme, const char *host, unsigned short port) +{ + char portstr[10]; + char *hostname; + char *hostport; + + /* Map scheme and port. */ + if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https")) + { + scheme = "https"; + strcpy (portstr, "443"); + } + else /* HKP or HTTP. */ + { + scheme = "http"; + strcpy (portstr, "11371"); + } + if (port) + snprintf (portstr, sizeof portstr, "%hu", port); + else + { + /*fixme_do_srv_lookup ()*/ + } + + hostname = map_host (host); + if (!hostname) + return NULL; + + hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL); + xfree (hostname); + return hostport; +} + + /* Send an HTTP request. On success returns an estream object at R_FP. HOSTPORTSTR is only used for diagnostics. If POST_CB is not NULL a post request is used and that callback is called to allow @@ -73,6 +472,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, char *request_buffer = NULL; *r_fp = NULL; + return gpg_error (GPG_ERR_NOT_SUPPORTED); once_more: err = http_open (&http, post_cb? HTTP_REQ_POST : HTTP_REQ_GET, @@ -244,8 +644,6 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, gpg_error_t err; KEYDB_SEARCH_DESC desc; char fprbuf[2+40+1]; - const char *scheme; - char portstr[10]; char *hostport = NULL; char *request = NULL; estream_t fp = NULL; @@ -289,29 +687,11 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, return gpg_error (GPG_ERR_INV_USER_ID); } - /* Map scheme and port. */ - if (!strcmp (uri->scheme,"hkps") || !strcmp (uri->scheme,"https")) - { - scheme = "https"; - strcpy (portstr, "443"); - } - else /* HKP or HTTP. */ - { - scheme = "http"; - strcpy (portstr, "11371"); - } - if (uri->port) - snprintf (portstr, sizeof portstr, "%hu", uri->port); - else - {} /*fixme_do_srv_lookup ()*/ - /* Build the request string. */ { char *searchkey; - hostport = strconcat (scheme, "://", - *uri->host? uri->host: "localhost", - ":", portstr, NULL); + hostport = make_host_part (uri->scheme, uri->host, uri->port); if (!hostport) { err = gpg_error_from_syserror (); @@ -382,8 +762,6 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) gpg_error_t err; KEYDB_SEARCH_DESC desc; char kidbuf[8+1]; - const char *scheme; - char portstr[10]; char *hostport = NULL; char *request = NULL; estream_t fp = NULL; @@ -416,43 +794,23 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) return gpg_error (GPG_ERR_INV_USER_ID); } - /* Map scheme and port. */ - if (!strcmp (uri->scheme,"hkps") || !strcmp (uri->scheme,"https")) + /* Build the request string. */ + hostport = make_host_part (uri->scheme, uri->host, uri->port); + if (!hostport) { - scheme = "https"; - strcpy (portstr, "443"); + err = gpg_error_from_syserror (); + goto leave; } - else /* HKP or HTTP. */ + + request = strconcat (hostport, + "/pks/lookup?op=get&options=mr&search=0x", + kidbuf, + NULL); + if (!request) { - scheme = "http"; - strcpy (portstr, "11371"); + err = gpg_error_from_syserror (); + goto leave; } - if (uri->port) - snprintf (portstr, sizeof portstr, "%hu", uri->port); - else - {} /*fixme_do_srv_lookup ()*/ - - /* Build the request string. */ - { - hostport = strconcat (scheme, "://", - *uri->host? uri->host: "localhost", - ":", portstr, NULL); - if (!hostport) - { - err = gpg_error_from_syserror (); - goto leave; - } - - request = strconcat (hostport, - "/pks/lookup?op=get&options=mr&search=0x", - kidbuf, - NULL); - if (!request) - { - err = gpg_error_from_syserror (); - goto leave; - } - } /* Send the request. */ err = send_request (ctrl, request, hostport, NULL, NULL, &fp); @@ -507,8 +865,6 @@ gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) { gpg_error_t err; - const char *scheme; - char portstr[10]; char *hostport = NULL; char *request = NULL; estream_t fp = NULL; @@ -517,22 +873,6 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) parm.datastring = NULL; - /* Map scheme and port. */ - if (!strcmp (uri->scheme,"hkps") || !strcmp (uri->scheme,"https")) - { - scheme = "https"; - strcpy (portstr, "443"); - } - else /* HKP or HTTP. */ - { - scheme = "http"; - strcpy (portstr, "11371"); - } - if (uri->port) - snprintf (portstr, sizeof portstr, "%hu", uri->port); - else - {} /*fixme_do_srv_lookup ()*/ - err = armor_data (&armored, data, datalen); if (err) goto leave; @@ -547,9 +887,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) armored = NULL; /* Build the request string. */ - hostport = strconcat (scheme, "://", - *uri->host? uri->host: "localhost", - ":", portstr, NULL); + hostport = make_host_part (uri->scheme, uri->host, uri->port); if (!hostport) { err = gpg_error_from_syserror (); diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h index 8b55144..cda31a7 100644 --- a/dirmngr/ks-engine.h +++ b/dirmngr/ks-engine.h @@ -27,6 +27,7 @@ gpg_error_t ks_print_help (ctrl_t ctrl, const char *text); /*-- ks-engine-hkp.c --*/ +void ks_hkp_print_hosttable (void); gpg_error_t ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri); gpg_error_t ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, estream_t *r_fp); diff --git a/dirmngr/server.c b/dirmngr/server.c index 1a244c8..76d36c1 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -42,6 +42,7 @@ #include "misc.h" #include "ldap-wrapper.h" #include "ks-action.h" +#include "ks-engine.h" /* (ks_hkp_print_hosttable) */ /* To avoid DoS attacks we limit the size of a certificate to something reasonable. */ @@ -1374,12 +1375,13 @@ cmd_keyserver (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; - int clear_flag, add_flag, help_flag; + int clear_flag, add_flag, help_flag, host_flag; uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it is always initialized. */ clear_flag = has_option (line, "--clear"); help_flag = has_option (line, "--help"); + host_flag = has_option (line, "--print-hosttable"); line = skip_options (line); add_flag = !!*line; @@ -1389,6 +1391,13 @@ cmd_keyserver (assuan_context_t ctx, char *line) goto leave; } + if (host_flag) + { + ks_hkp_print_hosttable (); + err = 0; + goto leave; + } + if (add_flag) { item = xtrymalloc (sizeof *item + strlen (line)); commit 4206a2bd486f02072c8ba2731f4fade46c2a5581 Author: Werner Koch Date: Wed Mar 23 10:07:59 2011 +0100 Detect premature EOF while parsing corrupted key packets. This helps in the case of an unknown key algorithm with a corrupted packet which claims a longer packet length. This used to allocate the announced packet length and then tried to fill it up without detecting an EOF, thus taking quite some time. IT is easy to fix, thus we do it. However, there are many other ways to force gpg to use large amount of resources; thus as before it is strongly suggested that the sysadm uses ulimit do assign suitable resource limits to the gpg process. Suggested by Timo Schulz. diff --git a/g10/ChangeLog b/g10/ChangeLog index f9edf57..ed958c5 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-03-23 Werner Koch + + * parse-packet.c (read_rest): Drop unsed PARTIAL arg. Rewrite to + detect premature EOF. Suggested by Timo Schulz. + 2011-03-10 Werner Koch * passphrase.c (hash_passphrase): Remove. diff --git a/g10/parse-packet.c b/g10/parse-packet.c index fc11e9d..1171443 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -49,7 +49,7 @@ static int copy_packet (IOBUF inp, IOBUF out, int pkttype, unsigned long pktlen, int partial); static void skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial); -static void *read_rest (IOBUF inp, size_t pktlen, int partial); +static void *read_rest (IOBUF inp, size_t pktlen); static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen); static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet); @@ -720,24 +720,35 @@ skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial) } +/* Read PKTLEN bytes form INP and return them in a newly allocated + buffer. In case of an error NULL is returned and a error messages + printed. */ static void * -read_rest (IOBUF inp, size_t pktlen, int partial) +read_rest (IOBUF inp, size_t pktlen) { - byte *p; - int i; + int c; + byte *buf, *p; - if (partial) + buf = xtrymalloc (pktlen); + if (!buf) { - log_error ("read_rest: can't store stream data\n"); - p = NULL; + gpg_error_t err = gpg_error_from_syserror (); + log_error ("error reading rest of packet: %s\n", gpg_strerror (err)); + return NULL; } - else + for (p = buf; pktlen; pktlen--) { - p = xmalloc (pktlen); - for (i = 0; pktlen; pktlen--, i++) - p[i] = iobuf_get (inp); + c = iobuf_get (inp); + if (c == -1) + { + log_error ("premature eof while reading rest of packet\n"); + xfree (buf); + return NULL; + } + *p++ = c; } - return p; + + return buf; } @@ -1749,8 +1760,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, else { sig->data[0] = - gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen, 0), - pktlen * 8); + gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8); pktlen = 0; } } @@ -1982,8 +1992,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, { /* Unknown algorithm - put data into an opaque MPI. */ pk->pkey[0] = gcry_mpi_set_opaque (NULL, - read_rest (inp, pktlen, 0), - pktlen * 8); + read_rest (inp, pktlen), pktlen * 8); pktlen = 0; goto leave; } @@ -2227,7 +2236,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, * up to the end of the packet into the first SKEY * element. */ pk->pkey[npkey] = gcry_mpi_set_opaque (NULL, - read_rest (inp, pktlen, 0), + read_rest (inp, pktlen), pktlen * 8); pktlen = 0; if (list_mode) ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 16 ++ agent/agent.h | 8 +- agent/command.c | 60 ++++-- agent/genkey.c | 15 ++- common/ChangeLog | 4 + common/sysutils.c | 11 + common/sysutils.h | 1 + dirmngr/ChangeLog | 10 + dirmngr/ks-action.c | 2 +- dirmngr/ks-engine-hkp.c | 492 +++++++++++++++++++++++++++++++++++++++-------- dirmngr/ks-engine.h | 1 + dirmngr/server.c | 11 +- g10/ChangeLog | 5 + g10/parse-packet.c | 43 +++-- 14 files changed, 563 insertions(+), 116 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 13 14:43:17 2011 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Wed, 13 Apr 2011 14:43:17 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-43-gb3c71eb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b3c71eb26b4420bd79ce72b94ac773c6636c525a (commit) from f8c5395fbd24b9811807d7601e22b38af9f5126c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b3c71eb26b4420bd79ce72b94ac773c6636c525a Author: Ben Kibbey Date: Tue Apr 12 20:02:05 2011 -0400 Fixed PASSWD --preset. The previous patch required that the keygrip be cached before adding the new passphrase to the cache. No more. diff --git a/agent/ChangeLog b/agent/ChangeLog index 21cd0c4..cd781e2 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,7 @@ +2011-04-12 Ben Kibbey + + * command.c (cmd_passwd): Fixed --preset when not previously cached. + 2011-04-12 Werner Koch * agent.h (CACHE_TTL_NONCE, CACHE_TTL_OPT_PRESET): New. diff --git a/agent/command.c b/agent/command.c index e5243ed..d2ed23a 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1528,15 +1528,15 @@ cmd_passwd (assuan_context_t ctx, char *line) ctrl->server_local->last_passwd_nonce = passwd_nonce; passwd_nonce = NULL; } - if (opt_preset) - { - char hexgrip[40+1]; - bin2hex(grip, 20, hexgrip); - err = agent_put_cache (hexgrip, CACHE_MODE_ANY, newpass, - CACHE_TTL_OPT_PRESET); - } } } + if (opt_preset) + { + char hexgrip[40+1]; + bin2hex(grip, 20, hexgrip); + err = agent_put_cache (hexgrip, CACHE_MODE_ANY, newpass, + CACHE_TTL_OPT_PRESET); + } xfree (newpass); } ctrl->in_passwd--; ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 4 ++++ agent/command.c | 14 +++++++------- 2 files changed, 11 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 14 19:51:50 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 14 Apr 2011 19:51:50 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-172-g7929e89 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7929e89093dfdae3a97edd48e138ad09f5016bd1 (commit) from 3bd6538bf504e49200eed46438a19d385f866a06 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7929e89093dfdae3a97edd48e138ad09f5016bd1 Author: Werner Koch Date: Thu Apr 14 19:23:04 2011 +0200 Require autoconf 1.11 This is because AM_SUBST_NOTMAKE is only offically supported since this version of automake. diff --git a/ChangeLog b/ChangeLog index cb88a8b..505ea40 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-04-14 Werner Koch + + * configure.ac: Require automake 1.11. + 2011-04-06 Werner Koch * autogen.sh (--build-w32): Support option --build-w64. diff --git a/configure.ac b/configure.ac index 3ab7708..a27f033 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # (Process this file with autoconf to produce a configure script.) AC_PREREQ(2.59) -min_automake_version="1.10" +min_automake_version="1.11" # Version number: Remember to change it immediately *after* a release. # Make sure to run "svn up" and "./autogen.sh --force" ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 18 11:55:06 2011 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Mon, 18 Apr 2011 11:55:06 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-44-gb5f585f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b5f585f7d796313cf7ae3d3fd35ed462a1f3d574 (commit) from b3c71eb26b4420bd79ce72b94ac773c6636c525a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b5f585f7d796313cf7ae3d3fd35ed462a1f3d574 Author: Ben Kibbey Date: Sun Apr 17 16:48:44 2011 -0400 Another PASSWD --preset fix. Check for an error before presetting the passphrase. diff --git a/agent/ChangeLog b/agent/ChangeLog index cd781e2..e8570f7 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,7 @@ +2011-04-17 Ben Kibbey + + * command.c (cmd_passwd): Check for an error before presetting. + 2011-04-12 Ben Kibbey * command.c (cmd_passwd): Fixed --preset when not previously cached. diff --git a/agent/command.c b/agent/command.c index d2ed23a..9f45afb 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1530,7 +1530,7 @@ cmd_passwd (assuan_context_t ctx, char *line) } } } - if (opt_preset) + if (!err && opt_preset) { char hexgrip[40+1]; bin2hex(grip, 20, hexgrip); ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 4 ++++ agent/command.c | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 19 16:55:05 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 19 Apr 2011 16:55:05 +0200 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-30-g1351cc9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 1351cc95b5ee70fde396f8d5754214ef6db4baec (commit) from 8ecc5614cc40a2d37c3ca704d06470a38c76983d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1351cc95b5ee70fde396f8d5754214ef6db4baec Author: Werner Koch Date: Tue Apr 19 16:22:48 2011 +0200 Make sure to return correct error codes for secmem failures. ERRNO was not always set and thus it could happen that a misleading error code was returned form a malloc functions. Fix was to set ERRNO. At one place we also switched to the newer gpg_err_code_from_syserror which makes sure to return a special error code in case ERRNO is not set at all. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 2a28b20..fb05141 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,8 @@ +2011-04-19 Werner Koch + + * cipher.c (gcry_cipher_open): Replace gpg_err_code_from_errno by + gpg_err_code_from_syserror. + 2011-04-11 Werner Koch * pubkey.c (gcry_pk_get_keygrip): Avoid double free of L2. diff --git a/cipher/cipher.c b/cipher/cipher.c index 90fdb17..b0a532a 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -786,7 +786,7 @@ gcry_cipher_open (gcry_cipher_hd_t *handle, h = gcry_calloc (1, size); if (! h) - err = gpg_err_code_from_errno (errno); + err = gpg_err_code_from_syserror (); else { size_t off = 0; diff --git a/src/ChangeLog b/src/ChangeLog index 9476e82..2907e85 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,10 @@ +2011-04-19 Werner Koch + + * stdmem.c (_gcry_private_malloc_secure, _gcry_private_malloc): + Set ERRNO on failure. + * secmem.c (mb_get_new): Set ERRNO on failure. + (_gcry_secmem_malloc_internal): Ditto. + 2011-04-01 Werner Koch * global.c (gcry_realloc): Divert to gcry_malloc or gcry_free. diff --git a/src/secmem.c b/src/secmem.c index 30c2777..2beb234 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -217,7 +217,10 @@ mb_get_new (memblock_t *block, size_t size) } if (! ptr_into_pool_p (mb)) - mb = NULL; + { + gpg_err_set_errno (ENOMEM); + mb = NULL; + } return mb; } @@ -516,12 +519,14 @@ _gcry_secmem_malloc_internal (size_t size) { log_info (_("operation is not possible without " "initialized secure memory\n")); + gpg_err_set_errno (ENOMEM); return NULL; } } if (not_locked && fips_mode ()) { log_info (_("secure memory pool is not locked while in FIPS mode\n")); + gpg_err_set_errno (ENOMEM); return NULL; } if (show_warning && !suspend_warning) diff --git a/src/stdmem.c b/src/stdmem.c index c20c4b4..189da37 100644 --- a/src/stdmem.c +++ b/src/stdmem.c @@ -49,6 +49,7 @@ #include #include #include +#include #include "g10lib.h" #include "stdmem.h" @@ -88,8 +89,12 @@ void * _gcry_private_malloc (size_t n) { if (!n) - return NULL; /* Allocating 0 bytes is undefined - we better return - an error to detect such coding errors. */ + { + gpg_err_set_errno (EINVAL); + return NULL; /* Allocating 0 bytes is undefined - we better return + an error to detect such coding errors. */ + } + if (use_m_guard) { char *p; @@ -118,8 +123,12 @@ void * _gcry_private_malloc_secure (size_t n) { if (!n) - return NULL; /* Allocating 0 bytes is undefined - better return an - error to detect such coding errors. */ + { + gpg_err_set_errno (EINVAL); + return NULL; /* Allocating 0 bytes is undefined - better return an + error to detect such coding errors. */ + } + if (use_m_guard) { char *p; ----------------------------------------------------------------------- Summary of changes: cipher/ChangeLog | 5 +++++ cipher/cipher.c | 2 +- src/ChangeLog | 7 +++++++ src/secmem.c | 7 ++++++- src/stdmem.c | 17 +++++++++++++---- 5 files changed, 32 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 20 12:02:32 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 20 Apr 2011 12:02:32 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-45-g70b871a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 70b871abbc4ec0968152968c10269cee72286df3 (commit) from b5f585f7d796313cf7ae3d3fd35ed462a1f3d574 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 70b871abbc4ec0968152968c10269cee72286df3 Author: Marcus Brinkmann Date: Wed Apr 20 11:33:09 2011 +0200 Fix gpg-agent secure memory leak in OpenPGP private key import. 2011-04-20 Marcus Brinkmann * command.c (cmd_import_key): Release key from failed import before converting openpgp private key in the openpgp-private-key case. diff --git a/agent/ChangeLog b/agent/ChangeLog index e8570f7..e342b57 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,9 @@ +2011-04-20 Marcus Brinkmann + + * command.c (cmd_import_key): Release key from failed import + before converting openpgp private key in the openpgp-private-key + case. + 2011-04-17 Ben Kibbey * command.c (cmd_passwd): Check for an error before presetting. diff --git a/agent/command.c b/agent/command.c index 9f45afb..34617ad 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1827,6 +1827,8 @@ cmd_import_key (assuan_context_t ctx, char *line) used to protect the key using the same code as for regular key import. */ + xfree (key); + key = NULL; err = convert_from_openpgp (ctrl, openpgp_sexp, grip, ctrl->server_local->keydesc, cache_nonce, &key, &passphrase); ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 6 ++++++ agent/command.c | 2 ++ 2 files changed, 8 insertions(+), 0 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 20 14:34:22 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 20 Apr 2011 14:34:22 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.1-38-g2adbf87 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 2adbf87bd18c6a7fe78fcd849026871f7a1603d1 (commit) via 76d3001b1fe28f64bb78ff27c748c97362208534 (commit) from a0e05baf1b11fa30e1dd949350b2066a902deab8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2adbf87bd18c6a7fe78fcd849026871f7a1603d1 Author: Werner Koch Date: Wed Apr 20 14:05:24 2011 +0200 Fix Makefile for rename of README.SVN to README.GIT. diff --git a/ChangeLog b/ChangeLog index 39a7d0f..64145a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-04-20 Werner Koch + + * Makefile.am (EXTRA_DIST): s/README.SVN/README.GIT/ + 2011-04-06 Werner Koch * autogen.sh: Check the git setup. Add option --build-w64. diff --git a/Makefile.am b/Makefile.am index b97a1be..55040e7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -21,7 +21,7 @@ ACLOCAL_AMFLAGS = -I m4 AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip -EXTRA_DIST = config.rpath autogen.sh README.SVN +EXTRA_DIST = config.rpath autogen.sh README.GIT SUBDIRS = m4 src doc tests @@ -30,5 +30,5 @@ dist-hook: echo "$(VERSION)" > $(distdir)/VERSION -stowinstall: +stowinstall: $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/libassuan commit 76d3001b1fe28f64bb78ff27c748c97362208534 Author: Werner Koch Date: Mon Apr 11 14:33:59 2011 +0200 Add option --host to libassuan-config. Also enhanced the m4 test marcos and removed some cruft. diff --git a/ChangeLog b/ChangeLog index 821ab7e..39a7d0f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ * autogen.sh: Check the git setup. Add option --build-w64. * configure.ac (HAVE_W64_SYSTEM): Define. + (LIBGCRYPT_CONFIG_HOST): New. * m4/gpg-error.m4: Update from current libgpg-error repo. diff --git a/configure.ac b/configure.ac index 582c01e..c371a37 100644 --- a/configure.ac +++ b/configure.ac @@ -252,12 +252,14 @@ fi # For src/libassuan-config.in LIBASSUAN_CONFIG_LIB="-lassuan" LIBASSUAN_CONFIG_CFLAGS="" +LIBASSUAN_CONFIG_HOST="$host" LIBASSUAN_CONFIG_EXTRA_LIBS= if test x"$NETLIBS" != x; then LIBASSUAN_CONFIG_EXTRA_LIBS="$LIBASSUAN_CONFIG_EXTRA_LIBS $NETLIBS" fi AC_SUBST(LIBASSUAN_CONFIG_LIB) AC_SUBST(LIBASSUAN_CONFIG_CFLAGS) +AC_SUBST(LIBASSUAN_CONFIG_HOST) AC_SUBST(LIBASSUAN_CONFIG_API_VERSION) AC_SUBST(LIBASSUAN_CONFIG_EXTRA_LIBS) diff --git a/src/ChangeLog b/src/ChangeLog index a552201..261c605 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2011-04-06 Werner Koch + + * libassuan-config.in: Add option --host. + * libassuan.m4: Remove cruft. Add check for correct HOST. + 2011-03-30 Werner Koch * sysutils.c (_assuan_sysutils_blurb): Add version string. diff --git a/src/libassuan-config.in b/src/libassuan-config.in index 561ff96..dd25a4c 100644 --- a/src/libassuan-config.in +++ b/src/libassuan-config.in @@ -18,6 +18,7 @@ lib="@LIBASSUAN_CONFIG_LIB@" extralibs="@LIBASSUAN_CONFIG_EXTRA_LIBS@ $gpg_error_libs" cflags="@LIBASSUAN_CONFIG_CFLAGS@ $gpg_error_cflags" api_version="@LIBASSUAN_CONFIG_API_VERSION@" +my_host="@LIBASSUAN_CONFIG_HOST@" prefix=@prefix@ exec_prefix=@exec_prefix@ includes="" @@ -27,6 +28,7 @@ echo_libs=no echo_cflags=no echo_prefix=no echo_exec_prefix=no +echo_host=no usage() @@ -39,6 +41,7 @@ Options: [--version] [--libs] [--cflags] + [--host] EOF exit $1 } @@ -79,6 +82,9 @@ while test $# -gt 0; do --libs) echo_libs=yes ;; + --host) + echo_host=yes + ;; *) usage 1 1>&2 ;; @@ -98,6 +104,9 @@ if test "$echo_api_version" = "yes"; then echo $api_version fi +if test "$echo_host" = "yes"; then + echo "$my_host" +fi if test "$echo_cflags" = "yes"; then if test "@includedir@" != "/usr/include" ; then diff --git a/src/libassuan.m4 b/src/libassuan.m4 index bac1be8..4b196a5 100644 --- a/src/libassuan.m4 +++ b/src/libassuan.m4 @@ -1,5 +1,5 @@ dnl Autoconf macros for libassuan -dnl Copyright (C) 2002, 2003 Free Software Foundation, Inc. +dnl Copyright (C) 2002, 2003, 2011 Free Software Foundation, Inc. dnl dnl This file is free software; as a special exception the author gives dnl unlimited permission to copy and/or distribute it, with or without @@ -14,7 +14,8 @@ dnl Common code used for libassuan detection [internal] dnl Returns ok set to yes or no. dnl AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], -[ AC_ARG_WITH(libassuan-prefix, +[ AC_REQUIRE([AC_CANONICAL_HOST]) + AC_ARG_WITH(libassuan-prefix, AC_HELP_STRING([--with-libassuan-prefix=PFX], [prefix where LIBASSUAN is installed (optional)]), libassuan_config_prefix="$withval", libassuan_config_prefix="") @@ -24,7 +25,8 @@ AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], LIBASSUAN_CONFIG=$libassuan_config_prefix/bin/libassuan-config fi fi - AC_PATH_PROG(LIBASSUAN_CONFIG, libassuan-config, no) + + AC_PATH_TOOL(LIBASSUAN_CONFIG, libassuan-config, no) tmp=ifelse([$1], ,1:0.9.2,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then @@ -35,46 +37,44 @@ AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], min_libassuan_version="$tmp" fi - if test "$LIBASSUAN_CONFIG" != "no" ; then - libassuan_version=`$LIBASSUAN_CONFIG --version` - fi - libassuan_version_major=`echo $libassuan_version | \ - sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\1/'` - libassuan_version_minor=`echo $libassuan_version | \ - sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\2/'` - libassuan_version_micro=`echo $libassuan_version | \ - sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\3/'` - - AC_MSG_CHECKING(for LIBASSUAN ifelse([$2], ,,[$2 ])- version >= $min_libassuan_version) + AC_MSG_CHECKING(for LIBASSUAN - version >= $min_libassuan_version) ok=no - if test "$LIBASSUAN_CONFIG" != "no" ; then - ifelse([$2], ,,[if `$LIBASSUAN_CONFIG --thread=$2 2> /dev/null` ; then]) + if test "$LIBASSUAN_CONFIG" != "no" \ + && test -f "$LIBASSUAN_CONFIG" ; then req_major=`echo $min_libassuan_version | \ sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$/\1/'` req_minor=`echo $min_libassuan_version | \ sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$/\2/'` req_micro=`echo $min_libassuan_version | \ sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$/\3/'` - if test "$libassuan_version_major" -gt "$req_major"; then + + libassuan_config_version=`$LIBASSUAN_CONFIG --version` + major=`echo $libassuan_config_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\1/'` + minor=`echo $libassuan_config_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\2/'` + micro=`echo $libassuan_config_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\3/'` + + if test "$major" -gt "$req_major"; then ok=yes else - if test "$libassuan_version_major" -eq "$req_major"; then - if test "$libassuan_version_minor" -gt "$req_minor"; then + if test "$major" -eq "$req_major"; then + if test "$minor" -gt "$req_minor"; then ok=yes else - if test "$libassuan_version_minor" -eq "$req_minor"; then - if test "$libassuan_version_micro" -ge "$req_micro"; then + if test "$minor" -eq "$req_minor"; then + if test "$micro" -ge "$req_micro"; then ok=yes fi fi fi fi fi - ifelse([$2], ,,[fi]) fi if test $ok = yes; then - AC_MSG_RESULT([yes ($libassuan_version)]) + AC_MSG_RESULT([yes ($libassuan_config_version)]) else AC_MSG_RESULT(no) fi @@ -83,7 +83,7 @@ AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], if test "$req_libassuan_api" -gt 0 ; then tmp=`$LIBASSUAN_CONFIG --api-version 2>/dev/null || echo 0` if test "$tmp" -gt 0 ; then - AC_MSG_CHECKING([LIBASSUAN ifelse([$2], ,,[$2 ])API version]) + AC_MSG_CHECKING([LIBASSUAN API version]) if test "$req_libassuan_api" -eq "$tmp" ; then AC_MSG_RESULT(okay) else @@ -94,6 +94,23 @@ AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], fi fi + if test $ok = yes; then + if test x"$host" != x ; then + libassuan_config_host=`$LIBASSUAN_CONFIG --host 2>/dev/null || echo none` + if test x"$libassuan_config_host" != xnone ; then + if test x"$libassuan_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $LIBASSUAN_CONFIG was +*** built for $libassuan_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libassuan-prefix +*** to specify a matching config script. +***]]) + fi + fi + fi + fi ]) dnl AM_CHECK_LIBASSUAN([MINIMUM-VERSION, ----------------------------------------------------------------------- Summary of changes: ChangeLog | 5 +++ Makefile.am | 4 +- configure.ac | 2 + src/ChangeLog | 5 +++ src/libassuan-config.in | 9 ++++++ src/libassuan.m4 | 65 +++++++++++++++++++++++++++++----------------- 6 files changed, 64 insertions(+), 26 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 20 23:10:11 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 20 Apr 2011 23:10:11 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-46-gdd491d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via dd491d290ad973fd1b73ab83ad0139449008c62a (commit) from 70b871abbc4ec0968152968c10269cee72286df3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd491d290ad973fd1b73ab83ad0139449008c62a Author: Marcus Brinkmann Date: Wed Apr 20 22:41:22 2011 +0200 2011-04-20 Marcus Brinkmann * keylist.c (list_keyblock_colon): Use get_ownertrust_info, not get_ownertrust (which lead to binary zeroes in the output!). diff --git a/g10/ChangeLog b/g10/ChangeLog index ed958c5..a1c608f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-04-20 Marcus Brinkmann + + * keylist.c (list_keyblock_colon): Use get_ownertrust_info, not + get_ownertrust (which lead to binary zeroes in the output!). + 2011-03-23 Werner Koch * parse-packet.c (read_rest): Drop unsed PARTIAL arg. Rewrite to diff --git a/g10/keylist.c b/g10/keylist.c index 968aa95..db7467d 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1161,7 +1161,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr) colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) - es_putc (get_ownertrust (pk), es_stdout); + es_putc (get_ownertrust_info (pk), es_stdout); es_putc (':', es_stdout); es_putc (':', es_stdout); ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 5 +++++ g10/keylist.c | 2 +- 2 files changed, 6 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 21 16:10:36 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 21 Apr 2011 16:10:36 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-47-g4caa768 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4caa768f1d3388f36a6de4be9f71d916696b9e2d (commit) from dd491d290ad973fd1b73ab83ad0139449008c62a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4caa768f1d3388f36a6de4be9f71d916696b9e2d Author: Werner Koch Date: Thu Apr 21 15:40:48 2011 +0200 Add OPTION:cache-ttl-opt-preset to gpg-agent. This option may be used to change the default ttl values use with the --preset option of GENKEY and PASSWD. diff --git a/agent/ChangeLog b/agent/ChangeLog index e342b57..9a6134d 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,11 @@ +2011-04-21 Werner Koch + + * agent.h (server_control_s): Add field cache_ttl_opt_preset. + * gpg-agent.c (agent_init_default_ctrl): Init this field. + * genkey.c (agent_genkey): Use this new variable. + * command.c (cmd_passwd): Ditto. + (option_handler): Add new option cache-ttl-opt-preset. + 2011-04-20 Marcus Brinkmann * command.c (cmd_import_key): Release key from failed import diff --git a/agent/agent.h b/agent/agent.h index 20a617f..16c9aba 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -1,5 +1,5 @@ /* agent.h - Global definitions for the agent - * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2003, 2005, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -164,6 +164,10 @@ struct server_control_s /* The current pinentry mode. */ pinentry_mode_t pinentry_mode; + /* The TTL used for the --preset option of certain commands. */ + int cache_ttl_opt_preset; + + /* Information on the currently used digest (for signing commands). */ struct { int algo; unsigned char value[MAX_DIGEST_LEN]; @@ -220,7 +224,8 @@ cache_mode_t; /* The TTL is seconds used for adding a new nonce mode cache item. */ #define CACHE_TTL_NONCE 120 -/* The TTL in seconds used by the --preset option of some commands. */ +/* The TTL in seconds used by the --preset option of some commands. + This is the default value changeable by an OPTION command. */ #define CACHE_TTL_OPT_PRESET 900 diff --git a/agent/command.c b/agent/command.c index 34617ad..62bf145 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1,6 +1,6 @@ /* command.c - gpg-agent command handler - * Copyright (C) 2001, 2002, 2003, 2004, 2005, - * 2006, 2008, 2009, 2010 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010, + * 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1535,7 +1535,7 @@ cmd_passwd (assuan_context_t ctx, char *line) char hexgrip[40+1]; bin2hex(grip, 20, hexgrip); err = agent_put_cache (hexgrip, CACHE_MODE_ANY, newpass, - CACHE_TTL_OPT_PRESET); + ctrl->cache_ttl_opt_preset); } xfree (newpass); } @@ -2470,6 +2470,10 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) else err = gpg_error (GPG_ERR_INV_VALUE); } + else if (!strcmp (key, "cache-ttl-opt-preset")) + { + ctrl->cache_ttl_opt_preset = *value? atoi (value) : 0; + } else err = gpg_error (GPG_ERR_UNKNOWN_OPTION); diff --git a/agent/genkey.c b/agent/genkey.c index 30e698f..79b99e6 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -432,7 +432,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, if (cache_nonce && !no_protection && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, - passphrase, CACHE_TTL_OPT_PRESET)) + passphrase, ctrl->cache_ttl_opt_preset)) agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); if (preset && !no_protection) { @@ -442,7 +442,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, { bin2hex(grip, 20, hexgrip); rc = agent_put_cache (hexgrip, CACHE_MODE_ANY, passphrase, - CACHE_TTL_OPT_PRESET); + ctrl->cache_ttl_opt_preset); } } } diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index c64b32f..87a4299 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1315,6 +1315,7 @@ agent_init_default_ctrl (ctrl_t ctrl) ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages) /**/ : NULL; + ctrl->cache_ttl_opt_preset = CACHE_TTL_OPT_PRESET; } diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 280670b..e965c52 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -1348,6 +1348,12 @@ following values are defined: Use the @xref{option --allow-loopback-pinentry}. @end table + + at item cache-ttl-opt-preset +This option sets the cache TTL for new entries created by GENKEY and +PASSWD commands when using the @option{--preset} option. It it is not +used a default value is used. + @end table ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 8 ++++++++ agent/agent.h | 9 +++++++-- agent/command.c | 10 +++++++--- agent/genkey.c | 4 ++-- agent/gpg-agent.c | 1 + doc/gpg-agent.texi | 6 ++++++ 6 files changed, 31 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 26 00:28:46 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 26 Apr 2011 00:28:46 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-48-g5da1267 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5da12674eaae11969b22e6f80e4957217ad406d6 (commit) from 4caa768f1d3388f36a6de4be9f71d916696b9e2d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5da12674eaae11969b22e6f80e4957217ad406d6 Author: Werner Koch Date: Mon Apr 25 23:56:47 2011 +0200 Fix regression in gpg's mail address parsing. Since 2009-12-08 gpg was not able to find email addresses indicated by a leading '<'. This happened when I merged the user id classification code of gpgsm and gpg. diff --git a/common/ChangeLog b/common/ChangeLog index ba7794e..a68246e 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,8 @@ +2011-04-25 Werner Koch + + * userids.c (classify_user_id): Add arg OPENPGP_HACK to fix + regression from 2009-12-08. + 2011-04-01 Werner Koch * sysutils.c (get_uint_nonce): New. diff --git a/common/userids.c b/common/userids.c index 9cc29f3..8c89c32 100644 --- a/common/userids.c +++ b/common/userids.c @@ -61,7 +61,7 @@ */ gpg_error_t -classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc) +classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) { const char *s; int hexprefix = 0; @@ -95,7 +95,12 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc) case '<': /* An email address. */ mode = KEYDB_SEARCH_MODE_MAIL; - s++; + /* FIXME: The keyring code in g10 assumes that the mail name is + prefixed with an '<'. However the keybox code used for sm/ + assumes it has been removed. For now we use this simple hack + to overcome the problem. */ + if (!openpgp_hack) + s++; desc->u.name = s; break; diff --git a/common/userids.h b/common/userids.h index 246b107..9b3a2c3 100644 --- a/common/userids.h +++ b/common/userids.h @@ -22,7 +22,8 @@ #include "../kbx/keybox-search-desc.h" -gpg_error_t classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc); +gpg_error_t classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, + int openpgp_hack); #endif /*GNUPG_COMMON_USERIDS_H*/ diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index f7ac887..e024bab 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,3 +1,9 @@ +2011-04-25 Werner Koch + + * ks-engine-hkp.c (ks_hkp_search): Mark classify_user_id for use + with OpenPGP. + (ks_hkp_get): Ditto. + 2011-04-12 Werner Koch * ks-engine-hkp.c (ks_hkp_search, ks_hkp_get, ks_hkp_put): Factor diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 0dd9a64..d4a1211 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -654,7 +654,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, Note that HKP keyservers like the 0x to be present when searching by keyid. We need to re-format the fingerprint and keyids so to remove the gpg specific force-use-of-this-key flag ("!"). */ - err = classify_user_id (pattern, &desc); + err = classify_user_id (pattern, &desc, 1); if (err) return err; switch (desc.mode) @@ -772,7 +772,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) Note that HKP keyservers like the 0x to be present when searching by keyid. We need to re-format the fingerprint and keyids so to remove the gpg specific force-use-of-this-key flag ("!"). */ - err = classify_user_id (keyspec, &desc); + err = classify_user_id (keyspec, &desc, 1); if (err) return err; switch (desc.mode) diff --git a/g10/ChangeLog b/g10/ChangeLog index a1c608f..8b22df8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,13 @@ +2011-04-25 Werner Koch + + * delkey.c (do_delete_key): Mark classify_user_id for use with + OpenPGP. + * trustdb.c (register_trusted_key): Ditto. + * revoke.c (gen_revoke): Ditto. + * keyserver.c (keyserver_export, keyidlist, keyserver_export): Ditto. + * getkey.c (key_byname): Ditto. + * export.c (do_export_stream): Ditto. + 2011-04-20 Marcus Brinkmann * keylist.c (list_keyblock_colon): Use get_ownertrust_info, not diff --git a/g10/delkey.c b/g10/delkey.c index 9785498..3b47c40 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -63,7 +63,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) *r_sec_avail = 0; /* Search the userid */ - rc = classify_user_id (username, &desc); + rc = classify_user_id (username, &desc, 1); exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR || desc.mode == KEYDB_SEARCH_MODE_FPR16 || desc.mode == KEYDB_SEARCH_MODE_FPR20); diff --git a/g10/export.c b/g10/export.c index 191f68b..9f4959e 100644 --- a/g10/export.c +++ b/g10/export.c @@ -752,7 +752,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, for (ndesc=0, sl=users; sl; sl = sl->next) { - if (!(err=classify_user_id (sl->d, desc+ndesc))) + if (!(err=classify_user_id (sl->d, desc+ndesc, 1))) ndesc++; else log_error (_("key \"%s\" not found: %s\n"), diff --git a/g10/getkey.c b/g10/getkey.c index 6464f9e..171f177 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -617,7 +617,7 @@ key_byname (GETKEY_CTX *retctx, strlist_t namelist, { gpg_error_t err; - err = classify_user_id (r->d, &ctx->items[n]); + err = classify_user_id (r->d, &ctx->items[n], 1); if (ctx->items[n].exact) ctx->exact = 1; diff --git a/g10/keyserver.c b/g10/keyserver.c index 31c7133..5cc7438 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -626,7 +626,7 @@ parse_keyrec(char *keystring) if((tok=strsep(&keystring,":"))==NULL) return ret; - err = classify_user_id (tok, &work->desc); + err = classify_user_id (tok, &work->desc, 1); if (err || (work->desc.mode != KEYDB_SEARCH_MODE_SHORT_KID && work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID && work->desc.mode != KEYDB_SEARCH_MODE_FPR16 @@ -996,7 +996,7 @@ keyserver_export (ctrl_t ctrl, strlist_t users) /* Weed out descriptors that we don't support sending */ for(;users;users=users->next) { - err = classify_user_id (users->d, &desc); + err = classify_user_id (users->d, &desc, 1); if (err || (desc.mode != KEYDB_SEARCH_MODE_SHORT_KID && desc.mode != KEYDB_SEARCH_MODE_LONG_KID && desc.mode != KEYDB_SEARCH_MODE_FPR16 @@ -1031,7 +1031,7 @@ keyserver_import (ctrl_t ctrl, strlist_t users) for(;users;users=users->next) { - err = classify_user_id (users->d, &desc[count]); + err = classify_user_id (users->d, &desc[count], 1); if (err || (desc[count].mode != KEYDB_SEARCH_MODE_SHORT_KID && desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID && desc[count].mode != KEYDB_SEARCH_MODE_FPR16 @@ -1125,7 +1125,7 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) for (ndesc=0, sl=users; sl; sl = sl->next) { gpg_error_t err; - if (!(err = classify_user_id (sl->d, desc+ndesc))) + if (!(err = classify_user_id (sl->d, desc+ndesc, 1))) ndesc++; else log_error (_("key \"%s\" not found: %s\n"), diff --git a/g10/revoke.c b/g10/revoke.c index 3beeacf..c18dfb9 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -220,7 +220,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr ) afx = new_armor_context (); kdbhd = keydb_new (); - rc = classify_user_id (uname, &desc); + rc = classify_user_id (uname, &desc, 1); if (!rc) rc = keydb_search (kdbhd, &desc, 1); if (rc) { @@ -463,7 +463,7 @@ gen_revoke (const char *uname) /* Search the userid; we don't want the whole getkey stuff here. */ kdbhd = keydb_new (); - rc = classify_user_id (uname, &desc); + rc = classify_user_id (uname, &desc, 1); if (!rc) rc = keydb_search (kdbhd, &desc, 1); if (rc) diff --git a/g10/trustdb.c b/g10/trustdb.c index c896432..c6ff692 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -217,7 +217,7 @@ register_trusted_key( const char *string ) gpg_error_t err; KEYDB_SEARCH_DESC desc; - err = classify_user_id (string, &desc); + err = classify_user_id (string, &desc, 1); if (err || desc.mode != KEYDB_SEARCH_MODE_LONG_KID ) { log_error(_("`%s' is not a valid long keyID\n"), string ); diff --git a/sm/ChangeLog b/sm/ChangeLog index 30e71ba..7127fb5 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,14 @@ +2011-04-25 Werner Koch + + * certlist.c (gpgsm_add_to_certlist): Mark classify_user_id for + use with non-OpenPGP. + (gpgsm_find_cert): Ditto. + * sign.c (get_default_signer): Ditto. + * keylist.c (list_internal_keys): Ditto. + * import.c (reimport_one): Ditto. + * export.c (gpgsm_export): Ditto. + * delete.c (delete_one): Ditto. + 2011-03-10 Werner Koch * minip12.c (oid_pkcs5PBKDF2, oid_pkcs5PBES2, oid_aes128_CBC): New. diff --git a/sm/certlist.c b/sm/certlist.c index 299d075..0e90319 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -301,7 +301,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, KEYDB_HANDLE kh = NULL; ksba_cert_t cert = NULL; - rc = classify_user_id (name, &desc); + rc = classify_user_id (name, &desc, 0); if (!rc) { kh = keydb_new (0); @@ -480,7 +480,7 @@ gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert) KEYDB_HANDLE kh = NULL; *r_cert = NULL; - rc = classify_user_id (name, &desc); + rc = classify_user_id (name, &desc, 0); if (!rc) { kh = keydb_new (0); diff --git a/sm/delete.c b/sm/delete.c index 10ec965..97fadfa 100644 --- a/sm/delete.c +++ b/sm/delete.c @@ -45,7 +45,7 @@ delete_one (ctrl_t ctrl, const char *username) int duplicates = 0; int is_ephem = 0; - rc = classify_user_id (username, &desc); + rc = classify_user_id (username, &desc, 0); if (rc) { log_error (_("certificate `%s' not found: %s\n"), diff --git a/sm/export.c b/sm/export.c index 7884adf..2e4fed9 100644 --- a/sm/export.c +++ b/sm/export.c @@ -178,7 +178,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) { for (ndesc=0, sl=names; sl; sl = sl->next) { - rc = classify_user_id (sl->d, desc+ndesc); + rc = classify_user_id (sl->d, desc+ndesc, 0); if (rc) { log_error ("key `%s' not found: %s\n", @@ -348,7 +348,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream) goto leave; } - err = classify_user_id (name, desc); + err = classify_user_id (name, desc, 0); if (err) { log_error ("key `%s' not found: %s\n", diff --git a/sm/import.c b/sm/import.c index 7b58524..3635525 100644 --- a/sm/import.c +++ b/sm/import.c @@ -433,7 +433,7 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd) stats->count++; - err = classify_user_id (line, &desc); + err = classify_user_id (line, &desc, 0); if (err) { print_import_problem (ctrl, NULL, 0); diff --git a/sm/keydb.c b/sm/keydb.c index 35343f3..d3b911e 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -1205,7 +1205,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names) { for (ndesc=0, sl=names; sl; sl = sl->next) { - rc = classify_user_id (sl->d, desc+ndesc); + rc = classify_user_id (sl->d, desc+ndesc, 0); if (rc) { log_error ("key `%s' not found: %s\n", diff --git a/sm/keylist.c b/sm/keylist.c index fc903ba..e67c2d8 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -1345,7 +1345,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp, { for (ndesc=0, sl=names; sl; sl = sl->next) { - rc = classify_user_id (sl->d, desc+ndesc); + rc = classify_user_id (sl->d, desc+ndesc, 0); if (rc) { log_error ("key `%s' not found: %s\n", diff --git a/sm/sign.c b/sm/sign.c index 0f83db6..a3005ca 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -211,7 +211,7 @@ get_default_signer (ctrl_t ctrl) return cert; } - rc = classify_user_id (opt.local_user, &desc); + rc = classify_user_id (opt.local_user, &desc, 0); if (rc) { log_error ("failed to find default signer: %s\n", gpg_strerror (rc)); ----------------------------------------------------------------------- Summary of changes: common/ChangeLog | 5 +++++ common/userids.c | 9 +++++++-- common/userids.h | 3 ++- dirmngr/ChangeLog | 6 ++++++ dirmngr/ks-engine-hkp.c | 4 ++-- g10/ChangeLog | 10 ++++++++++ g10/delkey.c | 2 +- g10/export.c | 2 +- g10/getkey.c | 2 +- g10/keyserver.c | 8 ++++---- g10/revoke.c | 4 ++-- g10/trustdb.c | 2 +- sm/ChangeLog | 11 +++++++++++ sm/certlist.c | 4 ++-- sm/delete.c | 2 +- sm/export.c | 4 ++-- sm/import.c | 2 +- sm/keydb.c | 2 +- sm/keylist.c | 2 +- sm/sign.c | 2 +- 20 files changed, 62 insertions(+), 24 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 26 21:09:12 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 26 Apr 2011 21:09:12 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-49-g817f071 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 817f07173cda59565c179bde6c3edcf2508bbc98 (commit) from 5da12674eaae11969b22e6f80e4957217ad406d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 817f07173cda59565c179bde6c3edcf2508bbc98 Author: Werner Koch Date: Tue Apr 26 20:33:46 2011 +0200 Fixed regression in OpenPGP secret key export. The protection used in the exported key used a different iteration count than given in the S2K field. Thus all OpenPGP keys exported from GnuPG 2.1-beta can't be imported again. Given that the actual secret key material is kept in private-keys-v1.d/ the can be re-exported with this fixed version. diff --git a/NEWS b/NEWS index beadfc3..f37deb2 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ Noteworthy changes in version 2.1.0beta3 ----------------------------------------------------- + * Fixed regression in GPG'S secret key export function. + Noteworthy changes in version 2.1.0beta2 (2011-03-08) ----------------------------------------------------- diff --git a/agent/ChangeLog b/agent/ChangeLog index 9a6134d..78ddf8d 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,10 @@ +2011-04-26 Werner Koch + + * cvt-openpgp.c (convert_to_openpgp): Use rfc4880 encoded S2K count. + * protect.c (get_standard_s2k_count_rfc4880): New. + (S2K_DECODE_COUNT): New. + (s2k_hash_passphrase): Use the new macro. + 2011-04-21 Werner Koch * agent.h (server_control_s): Add field cache_ttl_opt_preset. diff --git a/agent/agent.h b/agent/agent.h index 16c9aba..9aaf264 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -330,6 +330,7 @@ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, /*-- protect.c --*/ unsigned long get_standard_s2k_count (void); +unsigned char get_standard_s2k_count_rfc4880 (void); int agent_protect (const unsigned char *plainkey, const char *passphrase, unsigned char **result, size_t *resultlen); int agent_unprotect (const unsigned char *protectedkey, const char *passphrase, diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 1595a32..0f31728 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -1046,7 +1046,10 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, gcry_create_nonce (protect_iv, sizeof protect_iv); gcry_create_nonce (salt, sizeof salt); - s2k_count = get_standard_s2k_count (); + /* We need to use the encoded S2k count. It is not possible to + encode it after it has been used because the encoding procedure + may round the value up. */ + s2k_count = get_standard_s2k_count_rfc4880 (); err = apply_protection (array, npkey, nskey, passphrase, GCRY_CIPHER_AES, protect_iv, sizeof protect_iv, 3, GCRY_MD_SHA1, salt, s2k_count); diff --git a/agent/protect.c b/agent/protect.c index 0b8c9b4..7df82de 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -41,6 +41,9 @@ #define PROT_CIPHER_STRING "aes" #define PROT_CIPHER_KEYLEN (128/8) +/* Decode an rfc4880 encoded S2K count. */ +#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6)) + /* A table containing the information needed to create a protected private key. */ @@ -192,6 +195,33 @@ get_standard_s2k_count (void) } +/* Same as get_standard_s2k_count but return the count in the encoding + as described by rfc4880. */ +unsigned char +get_standard_s2k_count_rfc4880 (void) +{ + unsigned long iterations; + unsigned int count; + unsigned char result; + unsigned char c=0; + + iterations = get_standard_s2k_count (); + if (iterations >= 65011712) + return 255; + + /* Need count to be in the range 16-31 */ + for (count=iterations>>6; count>=32; count>>=1) + c++; + + result = (c<<4)|(count-16); + + if (S2K_DECODE_COUNT(result) < iterations) + result++; + + return result; + +} + /* Calculate the MIC for a private key or shared secret S-expression. @@ -1041,7 +1071,7 @@ s2k_hash_passphrase (const char *passphrase, int hashalgo, unsigned char *key, size_t keylen) { return hash_passphrase (passphrase, hashalgo, s2kmode, s2ksalt, - (16ul + (s2kcount & 15)) << ((s2kcount >> 4) + 6), + S2K_DECODE_COUNT (s2kcount), key, keylen); } diff --git a/g10/ChangeLog b/g10/ChangeLog index 8b22df8..86c9b98 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-04-26 Werner Koch + + * export.c (transfer_format_to_openpgp): Do not apply + encode_s2k_iterations to S2K_COUNT. + 2011-04-25 Werner Koch * delkey.c (do_delete_key): Mark classify_user_id for use with diff --git a/g10/export.c b/g10/export.c index 9f4959e..2e35eea 100644 --- a/g10/export.c +++ b/g10/export.c @@ -626,10 +626,9 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) } /* Do some sanity checks. */ - if (s2k_count <= 1024) + if (s2k_count > 255) { - /* The count must be larger so that encode_s2k_iterations does - not fall into a backward compatibility mode. */ + /* We expect an already encoded S2K count. */ err = gpg_error (GPG_ERR_INV_DATA); goto leave; } @@ -682,7 +681,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) ski->s2k.hash_algo = s2k_algo; assert (sizeof ski->s2k.salt == sizeof s2k_salt); memcpy (ski->s2k.salt, s2k_salt, sizeof s2k_salt); - ski->s2k.count = encode_s2k_iterations (s2k_count); + ski->s2k.count = s2k_count; assert (ivlen <= sizeof ski->iv); memcpy (ski->iv, iv, ivlen); ski->ivlen = ivlen; ----------------------------------------------------------------------- Summary of changes: NEWS | 2 ++ agent/ChangeLog | 7 +++++++ agent/agent.h | 1 + agent/cvt-openpgp.c | 5 ++++- agent/protect.c | 32 +++++++++++++++++++++++++++++++- g10/ChangeLog | 5 +++++ g10/export.c | 7 +++---- 7 files changed, 53 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 27 18:33:38 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 27 Apr 2011 18:33:38 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-173-g43f38db Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 43f38db1afe9830b888076adeec1eec21f32335c (commit) from 7929e89093dfdae3a97edd48e138ad09f5016bd1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 43f38db1afe9830b888076adeec1eec21f32335c Author: Marcus Brinkmann Date: Wed Apr 27 12:56:19 2011 +0200 Update GPGME test suite for use with GnuPG 2.1. diff --git a/tests/ChangeLog b/tests/ChangeLog index 5d929a9..1a4494d 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,22 @@ +2011-04-27 Marcus Brinkmann + + * gpg/Makefile.am (DISTCLEANFILES): Add S.gpg-agent. + (mkdemodirs, ./Alpha/Secret.gpg): Remove targets. + (GNUPGHOME): Export as absolute build directory (for gpg-agent). + (./pubring.gpg): Remove --homedir option, import secdemo.asc. + (clean-local): Rewrite. + * gpg/secdemo.asc: New file. + * gpg/pubkey-1.asc, gpg/seckey-1.asc: Change passphrase to + "abc" (now needed as GnuPG 2.1 asks for secret key passphrase on + import). + * gpg/t-keylist.c (keys): Update key info for Joe Random Hacker. + (main): Disable check for can_encrypt, as this is now in a + different subkey. + * gpg/t-encrypt-sign.c (check_result): Allow RMD160 hash + algorithm. + * gpg/t-import.c (check_result): One secret key pair now counts as + two secret keys, allow that. + 2009-11-03 Werner Koch * run-support.h (fail_if_err): Include program name. diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index 5da0bbb..3ca00cf 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -38,7 +38,7 @@ TESTS = t-encrypt t-encrypt-sym t-encrypt-sign t-sign t-signers \ t-encrypt-large t-file-name t-gpgconf $(tests_unix) CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf -DISTCLEANFILES = pubring.gpg~ pubring.kbx~ random_seed gpg.conf gpg-agent.conf +DISTCLEANFILES = pubring.gpg~ pubring.kbx~ random_seed gpg.conf gpg-agent.conf S.gpg-agent EXTRA_DIST = mkdemodirs.in pubdemo.asc secdemo.asc cipher-1.asc cipher-2.asc \ geheim.txt pubkey-1.asc seckey-1.asc pinentry @@ -52,24 +52,18 @@ t_thread1_LDADD = ../../src/libgpgme-pthread.la # We don't run t-genkey in the test suite, because it takes too long noinst_PROGRAMS = $(TESTS) t-genkey -mkdemodirs: mkdemodirs.in Makefile - sed -e 's,[@]GPG[@],$(GPG),g' < $(srcdir)/mkdemodirs.in > mkdemodirs - chmod +x mkdemodirs - clean-local: - -./mkdemodirs --clean - -rm -f mkdemodirs + -rm -fR private-keys-v1.d -all-local: ./pubring.gpg ./gpg.conf ./gpg-agent.conf +all-local: ./gpg.conf ./gpg-agent.conf ./pubring.gpg -./pubring.gpg: $(srcdir)/pubdemo.asc ./Alpha/Secret.gpg - -$(GPG) --homedir . --no-permission-warning \ - --import $(srcdir)/pubdemo.asc - -$(GPG) --homedir . --no-permission-warning \ - --import Alpha/Secret.gpg Zulu/Secret.gpg +export GNUPGHOME := $(abs_builddir) -./Alpha/Secret.gpg: mkdemodirs secdemo.asc - srcdir=$(srcdir) ./mkdemodirs +./pubring.gpg: $(srcdir)/pubdemo.asc + -$(GPG) --no-permission-warning \ + --import $(srcdir)/pubdemo.asc + -$(GPG) --no-permission-warning \ + --import $(srcdir)/secdemo.asc ./gpg.conf: # This is required for t-sig-notations. diff --git a/tests/gpg/pubkey-1.asc b/tests/gpg/pubkey-1.asc index bed1da3..5f913e5 100644 --- a/tests/gpg/pubkey-1.asc +++ b/tests/gpg/pubkey-1.asc @@ -1,6 +1,5 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.0.4b (GNU/Linux) -Comment: For info see http://www.gnupg.org +Version: GnuPG v2.1.0-gitb3c71eb (GNU/Linux) mQGiBDo41NoRBADSfQazKGYf8nokq6zUKH/6INtV6MypSzSGmX2XErnARkIIPPYj cQRQ8zCbGV7ZU2ezVbzhFLUSJveE8PZUzzCrLp1O2NSyBTRcR5HVSXW95nJfY8eV @@ -10,17 +9,18 @@ WUVi9HoT2HCLY7p7oig5hEcEALdCJal0UYomX3nJapIVLVZg3vkidr1RICYMb2vz fnVXdmU8L/oVWABat8v1V7QQhjMMf+41fuzVwDMMGqjVPLhu4X6wp3A8uyM3YDnQ VMN1A/4n2G5gHoOvjqxn8Ch5tBAdMGfO8gH4RjQOwzm2R1wPQss/yzUN1+tlMZGX K2dQ2FCWC/hDUSNaEQRlI15wxxBNZ2RQwlzE2A8v113DpvyzOtv0QO95gJ1teCXC -7j/BN9asgHaBBc39JLO/TcpuI7Hf8PQ5VcP2F0UE3lczGhXbLLQ/Sm9lIFJhbmRv -bSBIYWNrZXIgKHRlc3Qga2V5IHdpdGggcGFzc3BocmFzZSAieCIpIDxqb2VAc2V0 -cS5vcmc+iFcEExECABcFAjo41NoFCwcKAwQDFQMCAxYCAQIXgAAKCRCvgiRPnNn9 -VXm9AJ0auCQID9AQ4ic48A05OI4tcvs24ACgjsLML1iIYUtrSP1o6QSIYdnTUZy5 -AQ0EOjjU3RAEAJ50lvtCGbnQlI97VX6tJkosdPmdzeXaTWfv//A2wmSANbYnuych -GMa1LN43Ew+H6FXMWJ3MB/exs6UBFCgGsw88qmcla2bosQN/aVLA7fqXT9ujqoNG -aIVEmgdbK1MkSPFXBFyVW3hteod83D0UqFlltwp4A3ageCYFVJTp50d3AAMFA/44 -YCQQbg9x9JvzHX3VH7CRX+raEDkDL3Pbz0PHas7bwI7gzZ+GFyNKaCvrHQOyuR8R -IKIbjtQYnXr1675ConCTceIXhysY32sTn5V6UFUW2t0xaRfas8sZBbLDyIJkpt4f -yD+6OaRoui9KZqXMNwt7i/XFIto/sWd/OK3SIgZkAYhGBBgRAgAGBQI6ONTdAAoJ -EK+CJE+c2f1VVJoAn36uPWUhCdGXbSLxGibYfBt7et71AJ9JgWeRlTDTIoXYN8J+ -qsPN0YCxtg== -=4+Yp +7j/BN9asgHaBBc39JLO/TcpuI7Hf8PQ5VcP2F0UE3lczGhXbLLRESm9lIFJhbmRv +bSBIYWNrZXIgKHRlc3Qga2V5IHdpdGggcGFzc3BocmFzZSAiYWJjIikgPGpvZUBl +eGFtcGxlLmNvbT6IYgQTEQIAIgUCTbdXqQIbIwYLCQgHAwIGFQgCCQoLBBYCAwEC +HgECF4AACgkQr4IkT5zZ/VUcCACfQvSPi//9/gBv8SVrK6O4DiyD+jAAn3LEnfF1 +4j6MjwlqXTqol2VgQn1yuQENBDo41N0QBACedJb7Qhm50JSPe1V+rSZKLHT5nc3l +2k1n7//wNsJkgDW2J7snIRjGtSzeNxMPh+hVzFidzAf3sbOlARQoBrMPPKpnJWtm +6LEDf2lSwO36l0/bo6qDRmiFRJoHWytTJEjxVwRclVt4bXqHfNw9FKhZZbcKeAN2 +oHgmBVSU6edHdwADBQP+OGAkEG4PcfSb8x191R+wkV/q2hA5Ay9z289Dx2rO28CO +4M2fhhcjSmgr6x0DsrkfESCiG47UGJ169eu+QqJwk3HiF4crGN9rE5+VelBVFtrd +MWkX2rPLGQWyw8iCZKbeH8g/ujmkaLovSmalzDcLe4v1xSLaP7Fnfzit0iIGZAGI +RgQYEQIABgUCOjjU3QAKCRCvgiRPnNn9VVSaAJ9+rj1lIQnRl20i8Rom2Hwbe3re +9QCfSYFnkZUw0yKF2DfCfqrDzdGAsbaIRgQYEQIABgUCOjjU3gAKCRCvgiRPnNn9 +Ve4iAJ9FrGMlFR7s+GWf1scTeeyrthKrPQCfSpc/Yps72aFI7hPfyIa9MuerVZ4= +=QRit -----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/gpg/secdemo.asc b/tests/gpg/secdemo.asc index 1a697f8..f9d1456 100644 --- a/tests/gpg/secdemo.asc +++ b/tests/gpg/secdemo.asc @@ -1,70 +1,7 @@ -26 demo keys (passphrase is "abc") [2005-10-18] - -sec 1024D/68697734 1999-03-08 Alpha Test (demo key) -uid Alice (demo key) -uid Alfa Test (demo key) -ssb 1024g/46A871F8 1999-03-08 -sec 1024D/A9E3B0B2 1999-03-08 Bravo Test (demo key) -uid Bob (demo key) -ssb 1024g/E29BA37F 1999-03-08 -sec 1024D/1AFDAB6C 1999-03-08 Charlie Test (demo key) -ssb 1024g/BC43DA60 1999-03-08 -sec 1024D/EB9DC9E6 1999-03-08 Delta Test (demo key) -ssb 1024g/B0C45424 1999-03-08 -sec 1024D/FAEF6D1B 1999-03-08 Echo Test (demo key) -uid Eve (demo key) -uid Echelon (demo key) -ssb 1024g/7272144D 1999-03-08 -sec 1024D/7372E243 1999-03-08 Foxtrot Test (demo key) -ssb 1024g/EE45198E 1999-03-08 -sec 1024D/8FC282E6 1999-03-08 Golf Test (demo key) -ssb 1024g/9DCAD354 1999-03-08 -sec 1024D/34C6E3F1 1999-03-08 Hotel Test (demo key) -ssb 1024g/D622AD0A 1999-03-08 -sec 1024D/04259677 1999-03-08 India Test (demo key) -ssb 1024g/61F76C73 1999-03-08 -sec 1024D/D2699313 1999-03-08 Juliet Test (demo key) -ssb 1024g/35F8F136 1999-03-08 -sec 1024D/43C2D0C7 1999-03-08 Kilo Test (demo key) -ssb 1024g/9AF64D02 1999-03-08 -sec 1024D/B79103F8 1999-03-08 Lima Test (demo key) -ssb 1024g/FE56350C 1999-03-08 -sec 1024D/BE5CF886 1999-03-08 Mike Test (demo key) -uid Mallory (demo key) -ssb 1024g/4F31EAE8 1999-03-08 -sec 1024D/30CEC684 1999-03-08 November Test (demo key) -ssb 1024g/8B70E472 1999-03-08 -sec 1024D/6D9732AC 1999-03-08 Oscar Test (demo key) -ssb 1024g/2681619F 1999-03-08 -sec 1024D/3FF13206 1999-03-08 Papa test (demo key) -ssb 1024g/63330D9C 1999-03-08 -sec 1024D/3C661C84 1999-03-08 Quebec Test (demo key) -ssb 1024g/A029ACF4 1999-03-08 -sec 1024D/777FBED3 1999-03-08 Romeo Test (demo key) -ssb 1024g/11D102EA 1999-03-08 -sec 1024D/A3AE3EA1 1999-03-08 Sierra Test (demo key) -ssb 1024g/0F1B50B4 1999-03-08 -sec 1024D/85A81F38 1999-03-08 Tango Test (demo key) -ssb 1024g/101C0402 1999-03-08 -sec 1024D/653244D6 1999-03-08 Uniform Test (demo key) -ssb 1024g/5522BDB9 1999-03-08 -sec 1024D/61F04784 1999-03-08 Victor Test (demo key) -ssb 1024g/07287134 1999-03-08 -sec 1024D/EC67DBDE 1999-03-08 Whisky Test (demo key) -ssb 1024g/FD6E27F6 1999-03-08 -ssb 1024D/E51987C9 2005-10-18 -ssb 1024R/40DB9D43 2005-10-18 -sec 1024D/567FB34A 1999-03-08 XRay Test (demo key) -ssb 1024g/41E408BE 1999-03-08 -sec 1024D/4B11B25F 1999-03-08 Yankee Test (demo key) -ssb 1024g/F7B080AD 1999-03-08 -sec 1024D/54ACD246 1999-03-08 Zulu Test (demo key) -ssb 1024g/A172C881 1999-03-08 - - -----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v2.1.0-gitb3c71eb (GNU/Linux) -lQHOBDbjjp4RBAC2ZbFDX0wmJI8yLDYQdIiZeAuHLmfyHsqXaLGUMZtWiAvn/hNp +lQHpBDbjjp4RBAC2ZbFDX0wmJI8yLDYQdIiZeAuHLmfyHsqXaLGUMZtWiAvn/hNp ctwahmzKm5oXinHUvUkLOQ0s8rOlu15nhw4azc30rTP1LsIkn5zORNnFdgYC6RKy hOeim/63+/yGtdnTm49lVfaCqwsEmBCEkXaeWDGq+ie1b89J89T6n/JquwCgoQkj VeVGG+B/SzJ6+yifdHWQVkcD/RXDyLXX4+WHGP2aet51XlKojWGwsZmc9LPPYhwU @@ -72,628 +9,54 @@ VeVGG+B/SzJ6+yifdHWQVkcD/RXDyLXX4+WHGP2aet51XlKojWGwsZmc9LPPYhwU +SHhGIyLTXKpAYTq46AwvllZ5Cpvf02Cp/+W1aVyA0qnBWMyeIxXmR9HOi6lxxn5 cjajA/9VZufOXWqCXkBvz4Oy3Q5FbjQQ0/+ty8rDn8OTaiPi41FyUnEi6LO+qyBS 09FjnZj++PkcRcXW99SNxmEJRY7MuNHt5wIvEH2jNEOJ9lszzZFBDbuwsjXHK35+ -lPbGEy69xCP26iEafysKKbRXJhE1C+tk8SnK+Gm62sivmK/5av8EAQNuYiCeVh4Q -pF3i4v6LDa82cNBI92zOHLJAu1nbeJ6bl86f/lrm6DuHtClBbHBoYSBUZXN0IChk -ZW1vIGtleSkgPGFscGhhQGV4YW1wbGUubmV0PohVBBMRAgAVBQI2446eAwsKAwMV -AwIDFgIBAheAAAoJEC1yfMdoaXc0OXgAniui4cH4ukKQ2LkLn2McRrWRsA3MAKCZ -122s1KPXI/JMLBTBGCE9SiYQJLQQQWxpY2UgKGRlbW8ga2V5KYhVBBMRAgAVBQI2 -47arAwsKAwMVAwIDFgIBAheAAAoJEC1yfMdoaXc0J4wAn0x5RWtqCjklzo93B143 -k4zBvLftAKCFbrlxlNCUPVsGUir9AzxvP0A3gbQnQWxmYSBUZXN0IChkZW1vIGtl -eSkgPGFsZmFAZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjuFgDCwoDAxUDAgMWAgEC -F4AACgkQLXJ8x2hpdzS3wgCgk/BrqP5WblWLc2+6jwlmuLg8n8MAn12puZol0HwV -0mcd8aHWtcrfL8lynQGlBDbjjw8QBACcjdcfV/S7I319mfDvbOwczDvTqDsRbb2c -PhQNAbg7NFlWJKtRrmff14jtCt9M77WZ5W+zTLwX8+8Wy3mMfrys8ucZKtfPixOX -VPhyinUUGSq68IArA8vLSUTuOO0LIi05LAg6jzGhN9jgkQReZyqxub4oe/3JhIX9 -grgJ/tsjNwADBwP9GeXmMrGi5wMD3qkPbzb1MqwsVBJq75eLLxu85JIN2XIAGw6Q -0FJp4o7d4BAQqAMzt3ONU1OcCWlDQRDxj1nynE5ZgRBiVoyudEELgNnYhp3MSEuU -g7PkFWn+N+GuvyhVUHApleyvP09kvP57hif6yJRS+V6L1ugP0vZmBI4dqQ//BAED -bmIgnlYeEKRd4uL+iw2vNnOO9Y3cRSExyy8unuzNvx5GFG6KNtxoFCDzMMzUa0ED -H1x/QJA3CgqMpS282nLdk/5O+AphiEVeGv8+c6pL/t7falIfSgKZ0j2nvCKH12So -bwiNflTGJB+jLnnesjqYJD7h0SVLjToP/vtKPYlXOU1ZpKzDwP5YcQQuRhF9Tj8S -UxScIIhGBBgRAgAGBQI2448PAAoJEC1yfMdoaXc0IKkAoJ/NQGlvFv5clcDIf1AX -jLlTFG9uAJ9rs8IOzHfNWuUSNxdhRvO+O7fYF5UBzgQ246LiEQQAip3HOFHnnO3V -mlQEctkpjVbn3knp2LOALCDz9L+fYxJeySNK2/uCWyCaAM1v4XJtuhkv1G26UMIo -PPz4DFFeUHwUk+AhDpX+/8dmuBypPbQ1eAJ+6tmja9W3lvrcMX1BllleSNKNW/4i -lZPy4kEYmjK/KSV2Nuupuv9j5/S5g7cAoPiKn8fILCtj2Qlr/O7hCgDi8x17A/9X -kcS6grdYU/fIHQy8pEU5SN5DKuhCtyPs//KQyDA7jyCatXjOvGHRWa/LO4tcntUK -Q5bT2B4Fp1Au997owCgDXcsm5tx6wN00gYxAITX3LvJ5K1aK7wEkFAwiyWrVkViU -1Fazx/hlyFzAPzouiw7IDQziWp8M87wwgpvIVkKlvQP+MWAGeDVRa0KvILUDyVrj -CH0hUr6WVjYEIGGZ7Yl0lBmDlbNvE//O0aEcdNrbFQ8NjwPM+vKv10bjPTXXrcW1 -F0BwfXrMxS4t1tYnbF4XfwuEsok4BBVxvGPLPeBGnYJNTwGBzehnd0mO45nr6mBl -S5gae6n4+WPV0jOUhNE4fnz/BAEDZ+eT3rtPNfpwG0QtNEjpDuT92icLuwCL1zfT -YKyXVFu00JkCvnB8k7QpQnJhdm8gVGVzdCAoZGVtbyBrZXkpIDxicmF2b0BleGFt -cGxlLm5ldD6IVQQTEQIAFQUCNuOi4wMLCgMDFQMCAxYCAQIXgAAKCRD+GAsdqeOw -smzHAJ4/wZXBeYHYY/IbohYo5IGWYv2IAACg8aZj+CQpLM/lDyrEPFG7bkz26T20 -DkJvYiAoZGVtbyBrZXkpiFUEExECABUFAjbjtzsDCwoDAxUDAgMWAgECF4AACgkQ -/hgLHanjsLIa4QCgityK8zajBOqAN0ZZTq8fOzgiEYIAn1ZEfjX+jefZUuY+4zFz -rpO/fX0OnQGlBDbjowcQBACVSdXxUWlz81FjqHgR4b1EtmhmW89CmpsHfKlSwlYv -BtbB/y7TFIfvAr4ZFbpuqew6JvtjIEZoXvolTWwHVPEFkuG0LAa03olaYpzC6ZBD -uLkb09RukCD4zdY6xwbAMRsOzZgv597LZXtOLLLnmOyTpsjRDLztWsuNglm5rffO -TwADBwP/SyVZvFEdEVn5/dQTp7eAtXdrbZEM379ctCJ2663RbTZd55lIBev1fTnK -QkvDTY2e58yIQ4E+Nzr99qg9Cyf6e3OhErTUqEBOhusBge4/7E5LrIVMvo6AFU9q -gn0Sgsnu/ww2txVw3XEjqL8Hgl+4Q/57YRvJOe+q29Ye9LL8eaj/BAEDZ+eT3rtP -NfpwG0QtNEjpDueclWEU7qldXMk8f3YzKKAvQfYWIlwPJHFJ/0Tt4c7R1RRkmEFm -DYThgT3vha1BX2Osoxnkva5SykN6Ghgq+qb2WHSAXc5LVvkyLQz2JkWmgUyqwcPI -5nHLJ+8ZxK4lXIJEk0zHe9OiPHAiEIf4iojOaRWRjz4IUD5+qWkui/snT9GTZYhG -BBgRAgAGBQI246MHAAoJEP4YCx2p47CyMrkAnRZD571KWLq1aD44YNacOFM7mlWM -AJ0Tm/dzklD/T2cX+F1ScBylNj5wlJUBzgQ245BnEQQAvwwkLp4Dtoie4/fvandn -K4wVPCvgJkIbNuyQZCarQGwv8RapBwbANT4vGW+ky2vzgptj21xYjOcdNMIhJ1Sj -c7hjs1PLhwepMFrS4/Ple1TljpEgxLZ5UxertMvSTr7OxsA76jjOQt0B+y2vs5zX -gLtedux4+pdFxkgM8r6fjZMAoJ5LVNdVRaSkiHaKZWQWsjfTs0/LA/wMHP/PdH4k -jFmDRqOPp+iB8YYwQTPZS/gwHtUbQhLcFEljaxrCMRZw0ZDMbzKWk+BrrBvgz4Wk -3XawwUshYgi8SgwWIDG0jusEPYOs1hBIdWTEzFVP2pK/NQzhAqJV5/390OLEY8SN -4bts/LY1XsADzU7lhE0Oohx6FanaZCuGgAQAn2zK53yuk7o8UrPdTHygVn2McsPY -YzOvlVfHCSXQ14oXjCs1nK1XnMIGGM7pJjYpzv/wUZkHLNcHX4uVHXxyzRQ4oMPe -kncmaR8fu/YIQ9zag5s2GpKESKAynGQCKwI4H5eYn+ryIgOHNS44UnXFUwbEsonP -5pJNNRIM7VimNGn/BAEDIklsjKh5E70pJ77zKAq/uP+EnBQq0tCcyqQgQiG1n28i -MQy45N5zv7QtQ2hhcmxpZSBUZXN0IChkZW1vIGtleSkgPGNoYXJsaWVAZXhhbXBs -ZS5uZXQ+iFUEExECABUFAjbjkGcDCwoDAxUDAgMWAgECF4AACgkQQT9K8xr9q2w+ -RACghpiwPnn7F3HJsm9VXM8SwBjWThIAnjHZulQw9Tee9XDT5STui+ZG+WN3nQGl -BDbjkIIQBAChY8NSvu6sK0p4D0AVBsRz8iVXYqbRlRTZAHS4LCXwx/i8FmfdIXna -NLOoyi44YruSCnlZdh4YWquCx2mgywG589AzcFhahmqElNbKb7m4F//EGIZK0zTg -W13tQwG9hTXOhYeqchnOOaDDwPEK1Gr+2o/5ANqhqrin0TFFBWLgdwADBwP/R009 -s61X/FkUUAh8w4Tua6qndN/2GsqXsyPYjdF5E3gErK8jDcDLniOHqkswV17bJG81 -czCRE5JcVFLLWQJg9cpeoTpP+YcF+m9whtswaOJ/LPrx888i/OmluSD81VP+6zBh -hTUbpazfLEdt3XczpW7CNdNbyiEcgT+6Cr+W2Gb/BAEDIklsjKh5E70pJ77zKAq/ -uPsbfaq2h50JWrb/wQiufxaUrYRvo5FjMBLnoUE+L/yG/Hp2ZRZuA5EzBpZ3ON5L -aFadahL98oQe/W3IXFZwxyYfGCtVrV16zx6cFTJQK/iIqp3TNp/fA6TRE3syS1FQ -ZIZMiFLvgSy4Tsu4vAadP290Tc62LP9ivC3PiIxt3aqW2l/NLohGBBgRAgAGBQI2 -45CCAAoJEEE/SvMa/atsta0An3ZMmv9EVWVwEvf/Rwf7nbFsgGhuAJ0bP+lAOCRS -YziWSIDf+BJ9F19H3ZUBzgQ246OHEQQA3mc7VzzWMKaCH+gX6nqSJmaoVXdql7mQ -SZxL8GhaAJe3q+NqV1y2YViLu/4Fjg33MjcbFCoDG3kPp1jto3XGULbfoJkQBpdR -eS28bD+mkcON1uzwJG5mID2ObWP3YYBRj+abqFfZoYo6RXCv3I3oOsDYJo7hLAr/ -AReRV+P6drMAoMJoHMfPBKSRd/xA605OP/F6+mfPBAC/fSVoJ5dMNkzYj/U93OZr -VXXGLN9p7SR/Nk4kENC0dAO80WOa7qIzWQvS7E4beSuvQCWpKwwPxbuZq9sWKBSX -FuG+66XilMv8GIn3joWGOU9jQ2L2mZ0CV2ejvJRixYAMQpp2RDeCERWoSrP4AJhv -Onenwr7kq6IUmb0Pi7K9OgQAhU+LY37i+jGdFYbApcXgT58tgDNdPmwwzOXjpeTg -yzfTcX/kkbuQHSKI89jqg/SXeeVqG6VFxs0yPtINt+t+iLibh+1RghfdpxcJI3SA -25UaKmDwLCUZDIguBZEWnqhdA6YCWnGEgZx3WN2HeyPnL4JCu6AY804lP2bOYWQH -ivH/BAEDYa6EPLwGsFGwSRgJuxOczaFyt5cvcleOf0qIVWQ8zg7zpaOi1spi6rQp -RGVsdGEgVGVzdCAoZGVtbyBrZXkpIDxkZWx0YUBleGFtcGxlLm5ldD6IVQQTEQIA -FQUCNuOjhwMLCgMDFQMCAxYCAQIXgAAKCRDrqfJA653J5q4mAKC2XzshPCkG6gim -QNpS28Zwl69htQCgp1gHi/+kS47sk+3XRt6nfoIBJwedAaUENuOjqhAEAI+1nWji -Y8yTbNhvK76w2bw/7mgC0PT7Xb2AKfw66e8TB+U+tviik5SnTt7PCEAT4rhaHCTY -q+bLf55vF5foHDmTr7a+OXP3JeeHxjtYDowWTn4G5HQVSvyzMLkFiHmyuKgmZwDp -Qy2DRlVILhi5xEAUn54YZIIdFgNJKre32L6XAAMFA/93DhKj5THWHi5xhBuMD8bc -lSHIcBjr9GEVuWqW89n3Tu6LY9QBVDeVsxcNAOflh82tTiFIYOdGXKOh58Csehfi -22eWjnN+xAL2hYD7jMQX5GlmGoAqH94wRdAm01lF1fw+f3RZiHrhk7lDDbBlR/jk -jFtoQTf+/miSuSyxy/oc6f8EAQNhroQ8vAawUbBJGAm7E5zNohCGfow8evYur7Yi -tpkufrndPvf1xHdX6BzF6AcqIU7CXlL28F7wLuxbw3X66Kt1xr0o2fnM0zCHpMwW -2EcQvqT2BDTbgZ/3ui0ykA+KFVvrkGHD2seQL2XkebZvUT8bkNRGDQJh0djhLZhO -M0m6hra57Kf2tPe20wp5sR+j7ENfR0rHiEYEGBECAAYFAjbjo6oACgkQ66nyQOud -yeZzTQCfUnuDgUMiEoBukTDNnuvn62NNR/sAniZp9Uhila1p2XiARI/o0eTkgDAw -lQHOBDbjkc0RBACKzsZMOq0QzqW6inp5azEWL36qFRWn03pL7GVvDNBlUDgWMKp/ -VVH0lfx/CMt5ybFPnFOFBVxGqB4VVoLKTLY2B78VwUw9lB5o/mO/kZFZzk+8f1LD -ym8Y5MHnpXhl5HhxAsMGbkIXm0q7UEJZarYwsd9y3tNd7pALNkpyPN3DywCg31W+ -so34RtAL5MfN1ZpRal1x9acEAIVYTItU9OkjWM2ygJnTQXwVq7/ZtpeTyZ1E6Ull -LpurniSx85BDNF4FZx7fmHRbs14FGn7J6hJ/tjeLSNM7ias6Iv/Q0JxLyoo2cYob -WKt0t6zelCENmlxR7Yb1bcWcaHGXpbmGlhz3nnSZSPYfcjm2Z9JixVxWOk1Ih0GL -PETYA/9IjW3qrsscxCnSHcw9DbPt1oyFQZWJedWXb6sqNvlPtu9IV1XSLLK7Kiq9 -Q8EZbAkUsDGPp6wdGVDpby2iAe6gkJHtwvZsrv3yaBg4TGTmAF7GrVUdBBk3V50r -gsajYRIqsJW2RjAHMBTvqFgUoBsoxTx0zEjsNF0uNne91DcU2v8EAQP7HKVodZwE -5NkEJ3i6Lo0iwuRAu/m4Vbrq1Zgq9zYA8B7ygrGHlgyntCdFY2hvIFRlc3QgKGRl -bW8ga2V5KSA8ZWNob0BleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOkfwMLCgMDFQMC -AxYCAQIXgAAKCRAxjB+u+u9tG2cDAKCzaFoiAm79QSmYISeiM7XMKhoHDACaA8CU -1j8+20C7rNipOHYz3KfUMhe0DkV2ZSAoZGVtbyBrZXkpiFUEExECABUFAjbjuAAD -CwoDAxUDAgMWAgECF4AACgkQMYwfrvrvbRsg3QCeOMf0g3znbc8IBiTrIPUgUz9p -3WoAoJ6eRZTZk7z+hTyx4JDceReQbYlGtBJFY2hlbG9uIChkZW1vIGtleSmIVQQT -EQIAFQUCNuO4HwMLCgMDFQMCAxYCAQIXgAAKCRAxjB+u+u9tG16mAJ46lQbmtWRZ -UldQtp4ZnOptP7ZJtQCfceYMZfMAnqUKJiHk2tMhvwDvAh2dAaUENuOR/xAEALSl -7SaNEf8mYovea5tJNEwoZx3vv6XymyXga1wDqKo2PeDrnRDbHGBb5BvWIv1J6Igk -/wq4R+Pq989UpkcqREB+yOeluE3zPPtZBrbLySSaqiMegYiHnAAPc0TqjH7UPZa+ -fJKZTUk64BCUQN9ELkL2FKtAGQ7RNQJYvbCq4O/XAAMFBACXdO4a3ZIK5hJejhHZ -01mkHa6Sqoc6PuedNC7tlWiLU62BljGiv/DvzcbMsnvk991AxJ3pP4ZvKr5CClqI -G+WZa1zmtwXdmCfGJb2fbNSVD4zp16e5slPr8Cp+fvIv2/SyvwruROs+oAzSVvoM -AzAGSk3yj5nT5oikbn+M62fC5P8EAQP7HKVodZwE5NkEJ3i6Lo0iwYcZv7GfkzxH -BBuVK1coW7Tsa6CI42qeo2AH6zLC3Wi2fh0VRaj/gXMnO8S0FDoSNyFYBUqhViPk -fsTE4/gEo0M1v0l87O70i0eTxO9DlfsehX+v14zSLoxHM06W9yEHU/cePDhrY+Pp -PCkQEZm65ip7XhQAY+VSMdKf4u6G0akTTrO5iEYEGBECAAYFAjbjkf8ACgkQMYwf -rvrvbRuPkACfZP1v+fVPYJNr5DmgYosCwEhyB4YAn2QLgRNZ9jyK1qvLvt0qbJUl -62CXlQHOBDbjpSYRBADdWzld1lyDWDqGPSzGOsehXyTSa0pOfVTLckpJpDpErcn8 -jS8cKrXkVUowI7SlZhPRmYI+5pqGaG5FZ5VJd1TfKWihc7O+JDHoK3yamOnh6OFQ -FPZUF1+WlAGiFXLc+WODzbgOSMy/8yXA6n0ze+v3et5n9Kzib3sDGjw5DMmiYwCg -mUwnofqskHVv1S6tDg08mXALKKMEAIVGyf9ij3BzNb0fVYGUOLU07nqQ3RpNQPaK -tPQpBobRknQ/ZSdzuiALcCB+Q664f1cKGA+Ogtm0L/f1xUmKRW3rT9lzMtcCy6kc -udCI2OHm/gOcPzKqjj5onpD84fgR4BdbsehT8+urmxFiK/bFFI6eC1L5edBQcRLs -7TF2jY3SBACdXy9yHg6iDTJhysvR7UuLWE/1s9ysirhZgPb0vyIFwHfRzM96AYIP -pLZr/jvkrDawTxYGfGIZrj7UyGePu7RCeFRVVX55B6evNv3fAqbmwQ1GHTX7WHCN -dAkP07yTxZ/wnZudPAzQwRkEfZ39TdccbOhHfHvbv3RNQ0VxbWtQUv8EAQO595ah -JXcubqawgYCOwcKTNBJVjftg9mvS4BJQhejHk5xuGHGpqOBmtC1Gb3h0cm90IFRl -c3QgKGRlbW8ga2V5KSA8Zm94dHJvdEBleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOl -JgMLCgMDFQMCAxYCAQIXgAAKCRDUv1fzc3LiQ3ctAJ9QF57VC7tHkxX6KiI9oCKE -Uepf5ACdFSF2rDZ+XDAug7Xbh/wpdwQhVtudAaUENuOlUBAEAN9UI9jBnn0wqBdM -fg/vVDMWekbgT8yOoM19bc3FD1mMt/DSKvpTWAYO4SxZFH59Lk7AJt94dkPM+Pwx -k+45kFqaCIO8jU6+uvNS/4GKORYYQvqhEWdYjzMnzMMA+668/W7YVBk6goVdoejY -j1DzO4nPw/a8SSAl8vHbKI9HUOnbAAMFA/9IIIpkE1AhpjRx8qaK/xmNFwAC+Fcv -IwLAtBR9VGqg1U60wx9ali0Z0vbsRLDiSBkizEncQtBWRGKuIwpuwmI0zh0x772A -24bPUIb1va+FQ9nn2xERUhGDIh+vQEkCxg6fzuZDmU4EDr5eaMc77KzjGkRUlnJ+ -urlADDkZhys9YP8EAQO595ahJXcubqawgYCOwcKTMLJiwDbUjYSnvlZhZLzfZrMp -pGf18gON07NxKYCP0aD9geBkvS8rggtugxKhp7GrbPvsmnv8A6Fs9ZjPbauFHDC+ -IUhyG2ZxtjhGQyIrtauWktSNu1HloQPPqj4T6LMPXCd2N7ECIHSBIiswHX7I4ZhO -/GkqZY4Rpxbpk1b/af5QjbgBiEYEGBECAAYFAjbjpVAACgkQ1L9X83Ny4kOO+QCf -WgIpdCqnp6C84k3sRHHNhJxZkbsAnRI8ATqCRceqpbSDP7SXMakYu6rtlQHOBDbj -ktERBAC5tQ53QHtwXMkcXm+jk3CIxnUlc+PI2ovY5YT9d9p4mIHnmgyZUQ+YrUkX -r3BTtkGmjWXg8QhZw/tZEyq8EQWX7wud6VGRJb3mTAWvcPxNGdqtnLeR+IEXW3fd -2eRVNpljEIMo4F1n9mJG8trqBn8oeEhN/NpLuHfobYxsCUaWPwCgpA8WwQ+MHIph -3Hvabn/Ym7/h3iMD+gI0Apokfs3xjccuKzVKGGnK0k/XIL0YmO15ze6DNhILtEpX -c0lwF4JfiibcqGINI3phhUgJ/jB2rPpMChyio/NHa3sXPr66nEiCHlYaecKzZ7u4 -7V5dQJJc41+IMQPNEoZNCOR2/AWj7zzQOSIaWf+qZGtwgsDnrx3A2c6sGKjlA/91 -uSlQGGoYOvYtyGmShjJCWrNu9SlcnXGV9mKbWN+uZ1+yTzd0TeIHO+ZPwHIhlwyi -oMQeKX3kuYmnerDXJV4Ck/9lZH7ReIEsQX0aFwA5zmKEfYAJJctaJFenIyYrb96t -O9NfdCQByqhDVwVYLA00KuWDJwHzgd2bkZd1qOntwP8EAQMzOMJjiSv9DeOHKJqc -uHe89G2I204zUEBdWXIIWswBYzjC93U29DM6tCdHb2xmIFRlc3QgKGRlbW8ga2V5 -KSA8Z29sZkBleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOS0QMLCgMDFQMCAxYCAQIX -gAAKCRAWhBCkj8KC5iLjAKCZdUQInKOR+kkkFN0bMKOFSrg3+wCfcKC7DVHitfTf -3V7WkBS7Izg6wWedAaUENuOS/BAEALbBqf1JwNcuAKo3sJZJEzkHry8Lc8Jt6Ziy -45dmN03xp/DYtIfFndu5Fd9jFGck2jWmbg8aQxDtmlCKRllUJlr5aghVdhdGdgCP -EeG8dbQtpA++fIVL0fktoZ/ZSuxNZUD7r3nNixJpfrr1cVv1ZuIgwYHjJSJc+9DB -QvS1J36TAAMFA/wLewpaOw+HTZONwTL4UPFYCfiDct+w4/Dx19rAmWf7SH0sDSFN -5tsoEla3k5QyqONOr+kJnn7P5vXR/ZbARP/EC+NBJN0mOsVf0M01TeOEIJ6USlqX -2jGxs1iVV3nM5TZE3iGWaP54Q5vmjLnDLv3uxCmxuuAZ60JOy8+i0im9sf8EAQMz -OMJjiSv9DeOHKJqcuHe88M29HoyPcFtrcllVBMqQ95IHdcEmBDyyzOdky/GU10Y+ -XpI6WkFg9yZS6ja7r19L4tTOrEzS6eMsL9ZFE9avlALKDeQkVelnkNyx1dQ+KR9p -EPhda5U9NK1y7s0LdhG35A3TLiZ1p1kyNIDAzIeD+ipkcXoegr9MDllNUc2VpuP7 -M2nJiEYEGBECAAYFAjbjkv0ACgkQFoQQpI/CguZK5QCdFyMPKuMhs4IORB8Kuk+9 -uqIehAwAoJhITUNWoGT5GVVSnxG4+aC/MgoLlQHOBDbjpdoRBACnji9qSHWfs0LX -ocXS/Zf7gwRUk7jfay2/A4C4sPGfY/FOQhB/zN/Fsx9ZxyipWSoxlWWIsoUXwBvN -8Lx50/N5avgHdJYGmU0eM+p63eVYjpRz5X6qOET2T8z3vrhexHw5e/drCXq1xgGr -C6LJip8SgMiclY4e3mXI00v4VITvcwCg1cixyf4EJTGJPLxOV2C+z8OHdvMD/1bC -lZI5cbF6XKwkCKCng14CjVb/S/tD3m7Kc69ljmofIgTdUDpG7XsSCgm2/Zpr4hJy -VNBRceTCMOJoqb2OBKQmh9zHBsCaQs1pncyA/GeqCElMirLj+z145gEm6IFeiKst -pv9kQ7X2yJW8KLX24jk/U69yD2x/rRwGQcjEcr8SA/0TfdFjj0qTg8a/QB/W7Zni -Q9AXzbffddevqncL1q06H3G5AYM7wd+Lyyw2jClSMop8c9pWMgu2kqQN7s42b6D7 -z60CRSxNHcew0pFE7Vm0BgckWm6cq12HSmc7BVy2/i0k1sBd7EC2sdAuHGE+ziz5 -cYw1avwNI4M7WmVVmt+yGP8EAQOGra5cBw9i1UFlvGlJ9eyL42cZ6dmeRJuqta7M -7bO5va1wr/nylBRftClIb3RlbCBUZXN0IChkZW1vIGtleSkgPGhvdGVsQGV4YW1w -bGUubmV0PohVBBMRAgAVBQI246XaAwsKAwMVAwIDFgIBAheAAAoJEBPbllU0xuPx -7NQAnRTmLEOKTUnU/YK3YZjjVyl4FUc5AKCJm5Qv4sEbYt/8mfC43NLRHOB0z50B -pQQ246YdEAQAzpO6UuCWWpP9up5GVhLPoSCBfSIA9JWm5Ap6/hjQ5hia7CcS8E41 -PjaGl6Pkh5lj2qkSUBa892SXyQMYqMqEq/h7+BW7+n62SCRMtYOHRYZPA4hvs0d7 -jznGQlMsltx7qamoVNP0XF+ws1wHLjyQl3qMnkrAQ8lAJP+jg7P5Hq8AAwcD/A61 -qQLRXsSFr7LMBnaUSR0o6+4/HCdh8t+mnAeQBDAkne5DTPiwqzqsjoYekX6JK7wk -+mbsJTd/Zw55Jkq9xVm6nEUo/JIbN7cPlMqfCLaoS+ttbxZ9fNCO3WTNdWxAr/mG -ZZiBfy9yTcxUfo5qTg0ffWy40CNHaVKk+iIcktGz/wQBA4atrlwHD2LVQWW8aUn1 -7IvgBwLos11Jv+dIDqgz5/fwL4EJz88YHle9TmlM1Cr2RFSAuwPHjW5i16KDNynO -qaWlTstZegVTXBwPogHRDpxi/XuOjQC8Bc/gx67drpmNm2p77epGMlqgoZ6er55P -DuAg/Lnyp0OHN830rpevbrlAPpeHuWRvFeclKIpEz+5G+/+z0jKIRgQYEQIABgUC -NuOmHQAKCRAT25ZVNMbj8SZoAJ488ZCSBKz8PYif1pS7+ILz2PyISwCfVke9uQJi -IzxHvGKoTX8eW/lWvQqVAc4ENuOUsREEAMhuJkVEGWoIw4JdMQJ2kmywkOcCamKv -7J8ApfiGw5V3KB6l0DTvUCazysCkAFL9zb5O5qmVp3zD6LJCzgEq7Op5Ar9haPQM -OrJjYszuolu8V3qcL8Y4aOIS5xNNKBjwg4VJwFNOSztqUwaMcB1bNKOr7WmlYl5N -LOnThQqFXX/TAKC44hpSv9wxVqFK6iIrhN2i34JHXQQAq6dbJydQbYhoZio7ewJ+ -kKHOS1Z1ONSf0RIkCMorVBQLz1/n4qsw8hN1Q/Kl/770y6YGQmL7xHQZUnzPCHAp -9f0IeGsPSR87rykIPFnJb50PM6v+0VfSe4f2kvyiIQySKRoYumH4343Uiny2GH69 -0uE1SvcQ9GWtwB+/5a06lvID/36SlrvHycifZKh8mKyP4+MpLeUCgY97R46gr+xU -G+BWPLcZzd3y8wbb2v7ZZEikbC6G4sY2VBhfrkEdXUwr9ONi8WemhFKq1MrcalHN -OaQkgLxGVfG19h/+frpUsHcShM7NYdjb0kwImeeM8yhoxzZhIrXQGjw//bucXQIq -jxcR/wQBAwmIVrocZ3iWL9mYXF6ltdajZSzt7R3+EFj2DmfW0QoZtFM1uQkYpPG0 -KUluZGlhIFRlc3QgKGRlbW8ga2V5KSA8aW5kaWFAZXhhbXBsZS5uZXQ+iFUEExEC -ABUFAjbjlLEDCwoDAxUDAgMWAgECF4AACgkQH+j8bwQllndaWACeJb8gwlf5faF5 -CTszXhi9w3+bvO4An1puRe2LCIYvj0ewVWnxVAbFk8PrnQGlBDbjlRIQBACDDIJP -3vJbFfyhJHeP4zSuMhY+YsvxWqJ/NNCNxlMxE7kANgE94HrUfhrleKW2VhP/NG/Y -ZzVudFCRoj9fkl31bWOb0/Kf4DRcJ+XdDv6at26YBUSZqGsE88fEhQ8AlTxxHMDh -xNo+S73670QTsilN9ra/e+q4vlKMLdPvdi7gOwADBQP9GKPXQ6oY0dlKDXGHxGcF -oUR2miXpz9890G84yZAEm+R/OMQkxKb9HahLVUyVKCKPC4eVY24gsKJOEDy1Um0B -Xh6kym+zfej43r5GdQqOjqywjTnD0b18YAsEhm7rizJECRLrZ1y7tAziqrmPeCl1 -4e/S2u5U4I0XhP9Vs24HNfr/BAEDCYhWuhxneJYv2ZhcXqW11qA65iKv4k3bInmf -WEWAPqyeDgbW9rI6ldi+lmDTqnNqg0o/UAyESfMog8rAP+GIrq/lDQakbSUBq6Ho -A1xuPjR7LnZ1cxl2kLIBKgI2fT2RLbKxH/A/PTXmdN8kBZAF0N5/mgn+vY5mrv2H -9mAF+w/G65MYEKdzwlHDoBr/BD6Pa/gHkYhGBBgRAgAGBQI245USAAoJEB/o/G8E -JZZ3CXgAmgKk+ky+Dd4BtpS0Dc1eoDHf6d3YAJ9v9phIBW9wpKK1sHVvvsH/2E4X -tJUBzgQ246f/EQQAl65ub9rEKS7XsXwNkvGtj1K7gnql2H1bJ5GF9bGCWhWmB8WF -tsAy9XUeC3WbrcuWFgTsbtTfXZ5I7j7HSG6ukf6Ycusb+bA1IoT+GAQGWpFeWoXe -16wXZFl0pEc2iUnx9ThtoQF0fO5YlbvHJPEQ3kvoqcdb52WOOfOuCAJxc6sAoNqo -5w0YxgJ9jkj7J4cmR+OFUEKXA/wO0jrvYE7eiZeFUjGNiRotxzhTzh53rxtz2/DW -G3D+IBFOt4qqxxp3WCSNO5SnBZWUW50hDkhTxS7jSmsfPBmCinmQ6EF5FaFPyLQB -q0uKwhMaWficdrQS9syXFlPuzQ5jOS3kVAxOmtDd7CMTC8892dj02qzAE46QNNUI -91kZXAP+PINfoJ8hV2zvlGZ9tVlo+Lgsl1BOvxvEgmYV14gyTmMWga5sNq7TdMdW -i8Fz0Vy7sI4S+RMJ96rMws2iTzWLi2jGO44itoWttCwqmGJmlSWurRsvYhSBgvNC -LXFGGaQn5ncO1tqKnWSDf625UnAipsgW8P4Agd5qJZiwXfJ67Hj/BAEDu6tMael+ -rX7E/usFH0MyFQczfHWCg6VkC9TYfdLwbBVtdcq/lugvQLQrSnVsaWV0IFRlc3Qg -KGRlbW8ga2V5KSA8anVsaWV0QGV4YW1wbGUubmV0PohVBBMRAgAVBQI246f/AwsK -AwMVAwIDFgIBAheAAAoJEAyCDHHSaZMTQPYAnj5F4su5N516+dcXYBl7cLVDPp1J -AJ9d2mO76rlmINaaTtH5lhApIjQjEZ0BpQQ246gqEAQAkdlSJYfTiZH/CkfV8tnh -I6IDz+SgiZKcneEBnO+hAJottARGAojdbURlOIeZqRCgKpdTXBK7MdHAz4RKFnAA -XPDBZgA5q+Coqn580t/O/AKGb8kKn9n52z9lC8A5KnHaRAsOKVyPTIU5vq6FLmsW -mMB55iz826Dk9kMhV7mmdQcABA0EAI8Jq3Jnqf0HqqaX7CZuNKHJgag14bTaBw0n -iZK0KSB6FBpzitEoyst5JBPCl0ayQEw0Hn4jhZAqcZybI//pC1CNQBBO47VUi0y1 -UVjExtaNmmWxugzkzWHHx4WmyWsCQwGN4B9riUws4g3dgC007l+aonKzj5QEo1Xi -iMNTFFmP/wQBA7urTGnpfq1+xP7rBR9DMhUEbuQV+5mF3JEYDt0dr9Ej9Ccl8GT/ -tOi0QsPNbtaWED6pY70iZMVJSk0TG7pZ47FNx8UHI2bJKWWjCF1nuXV+mW/xLMM1 -GgFMwK44bX2IsEJVqFjB7alBd/uj0ugnj2feFeTao2xDuSQ71IjGy/lFtOkcdJOo -v7L4tNh2/8ag6bbuZKiIRgQYEQIABgUCNuOoKgAKCRAMggxx0mmTE4+uAJ4+Jbld -pmIpRDEuE8tFCnHacQr0/QCeLU0G5RaI4jZI+QUKtYiXq0ITUnGVAc4ENuOVJREE -AJynQGiC6MydOFemfhSMEBGP2heBBaySSHPrnsBe7pGZf+7lGaksaps2Y26ooMjB -RsmyUjGuk6cDdAShuQiXtOEf5lQiEbM9SceWF3szd1BbDVTRN+kfJfHcVhvsII9p -utILuFZaHXKVTHP5EYklIClH4P8Zj50Xt0iWUpRtpQZvAKDXP6+Q1vOqJtzB1ivA -KMob1V4VrwP8DnI8eoH00yn7c6UAYThdFNHwt56UAum74y40wYUIwt1l+a38CajJ -q7nUWxDtbBas0zkD7W/cWrTHlak3Douvsds313rOJ034vS4Ktc/B4RPy55LcMWcc -j3jl6l7vTdNtyMkE7+5gufQtcTGZODzjr/VmVBs+AvObNv/YkyQn5DMD/jEVtEvZ -h5orK7gmOkw1RXNdiiBTCD0plmr+oFumwgAPsCB35nEskejB4i1doLSdL0LqoMln -3k4msT6H9O3YPaWbFex5NWVIRJpaHjnH2ZsLR5EYVhhGxLHfPSFjAyZcDSe2PSWd -0Lyu7weNm0Fb8oXRUHRFx9LJb5b7ICrQnGjm/wQBA3NCmZyGwaocX3hYb9Uj7Whi -UDisj8phP8MH7MdcGq4iXYpmhRF5vJu0J0tpbG8gVGVzdCAoZGVtbyBrZXkpIDxr -aWxvQGV4YW1wbGUubmV0PohVBBMRAgAVBQI245UlAwsKAwMVAwIDFgIBAheAAAoJ -EK0bD61DwtDH1RIAniwQsiPwhnGW+TCqaYQxe2bWQiFCAJ9kSky1OmRFtP6sQcyy -x6LvYkmL450BpQQ245VIEAQAuZli0/vYbs6h1HhF9HbvRHFMePjQ99Sk8h/dTx7P -I7eSqMHXYh0PZghchlbrMSPnemxfwMbJrmdK9WN0Wh9BJUe2ycH8ftUcGRo5CdES -giceziF6Vg4PQz9FlxtEhvrl7q8R6y7O+j03QAJKUGwBdt540oZ8YYKiDvgZUZxn -oecAAwcD/1b2fYzAnuWrQZXhXQQ4cNVxMBVFKHScH24oFVbuEWLgM/tdgF+CPw2V -tzba8ySR1K80VSgsQfs6n2wyCVd+II8lKHTZT/pfICFcPJlHKs4ge+JNn1IcxBAi -q0QRNW5hGTO9KdJ8MFWrWn2Bbp5k32roAzuCagoielFo4MVFZTsN/wQBA3NCmZyG -waocX3hYb9Uj7WhhNmbxLh2adi8RjvsHqFo8xA3mcKO5up8cYYgwnFFEb8gfNerS -02Lh+6ygsgu1VtSC1r73i7OCeytQmplt+bCsh33pTnacbzZkyEulfjWVn90tmi4K -v+Mw7S68X5ZgyM7Th98F9yc2R5C/SntYMfTNlmO4nRqhTAEz3HFTeVhODOVpmLyI -RgQYEQIABgUCNuOVSAAKCRCtGw+tQ8LQx479AJ41i0UNeuvbU1mUu7Q58B6U8Ezn -UACgqCWi5kbR/j2yb20eDUZz+fCPPOGVAc4ENuOo3REEAMFaZuaYHLD67UlMCLHG -Pk1dFdAn3Mu2TFFDUYfEtA/JDOiNZacPiQSZ7zK+wVe66Vs9fzNkyeXqpwLzC35v -kTx0K1m69Ave9LnXIZ70zvpVEL/UeCuITRiocxNglPgn4dyJ+2V0cWJ36NGcZmkv -BW0vGItpYCbpIGLzYVOfiVUbAKC2Nze79Iyw+DKU9HI39B4fz85nkwP9HbIb9z5k -XiRZyCaXOMnFBQ3bAZh4Og5ZQxdLyZ/rIX4Mu3DGjqg6UtosdVNHr6ofZWHPXNqq -TUivoUmOS5Qa8dtUW3YGa8vbpK1OMnjMLhQVJZg/eou99s9OFP5GgPh5r5Vw/EYQ -Z6qzS6YiYnqzSt5LcolL2+Ae0ajXUizic/UD/0TNXtCRfkS4SeVSkZXarb1oZjHd -Glw6ENiLGiA0e5b4r0rByW4EQQGZPvg3DFXMjqp0lVVmfmXFPggLkbTP+SJ1/VGS -C/wSqPkMiKSCenRqwHwWIdKxv7f13hyeTZXR7P8uaSddSXaakqmT99v6pdZOo8Ns -VQTx3PzPKpEVciPB/wQBA3B94sZ4BXVUUYZFifR1y3VNINM8s1ZkPHDNwxOmQwK5 -PkcxqfpPpGu0J0xpbWEgVGVzdCAoZGVtbyBrZXkpIDxsaW1hQGV4YW1wbGUubmV0 -PohVBBMRAgAVBQI246jdAwsKAwMVAwIDFgIBAheAAAoJEDfKtR+3kQP4ilwAn2q9 -qdnkpFPi1neWFi0OEOr5le7lAJ40e+wQHgKIE+Fn7sjYQ0Liwn7oip0BpQQ246j1 -EAQAp/Ccn5EzxXIGljKVKZ5Pp0xJA3uBoQBvXzu2pU4HU+vmgwnX1313x+4BsHVE -bw7+lfyhKnDD0TSwIAHj/xeE+jraCTU8X1iwe49eAyTaWF4wTyTzdZKQ9mrfBnFg -dWlRjLALcTMJaOE2Zasn8wgAEHgi4QWyBPS1il+aFE6oizsAAwYD/RpvJnfv8Vqf -bCxOYt7meLfTLrvcPlGNynv1nEgNgjbYRGIRzbXDDz+jwcLc9MeNuZgtaXvUbsQ8 -s0X1dP6vq43VmQTQPlU1TQx10o+YYn73ptyhbwOkyIDGmyf6uFhO0+B5/MY0KRLC -xo0lwMxvVkYNd6k804pSJPqwusWBm2R0/wQBA3B94sZ4BXVUUYZFifR1y3VOfk4w -3PRZvIRE/y8bsqADpUHOrpzhg45mVJx0XUD9jUsufCzZg7wHdE3KlnZW2cJ+HHoh -up28Ie38bbaUVgfofuur31BiAVojpu8KhTncGAMb64oNfdRJapHzzBcuUigQ9ETt -6OPgUE/thuHws+GpxQe8KhGQcVfJwuRernhyJhW+BEeIRgQYEQIABgUCNuOo9gAK -CRA3yrUft5ED+PJaAKCkicGM/NGxdTvpyHhtVSSkTRV/6gCgsnKOr6ziNIo/Bbdf -RfYDd1dL4lOVAc4ENuOqZBEEAKLUF5GqBMWJQtBs1t1Sp+NIOGuMLgJOhINbMU6t -k2jzeUt6ooNd+c8P0TexsbSETwhrU4ntpvIISb7I8Twhcled7bi5KCABJOzz7Fw+ -Ydxo5Yjm1DQH7+gEtPx3n4AjZUfRAN0nqcFizDpRYPqVaN1QYiGWn9yPF3pubQhV -n8zzAKCpx1LUlQl2e5t1YJhmom2qy38EeQP+IB45FBfDf5KKtyS64alQ0vHYIssU -p806PQorw/ZOuoiscUQj/WeZ4vn7rCdu60uR1EuHpGp7n0t7igEgAOcxDjrxJmpg -SdD79V+oJAFLATo2msj1IklVvJeI7ZsImyPchIU1lqn/GvpAam9N+FiIB1KUMFqT -Jzc6zUn1Qqag1w0EAIiRHPYRW8ojd9Uh4Ed3X0daAnClyMWL82t2bj/bJRmhupQn -4aVJ5D0pFB9izTiJEWciHpqiMdsi/zExYYIDS1Zu94+WFbNIxyMFfHrJ5fUQtAqL -b7E5LrlxZONUnrRwshqR4X2TmW2mz1Wop542eUQ1UWp4Gr3VlH6giswY0CnQ/wQB -A5YOFNcg/BY3BMnzmbEa9r4DVqdF0faqHCAPM1GU/o1rZ++VSNJruLO0J01pa2Ug -VGVzdCAoZGVtbyBrZXkpIDxtaWtlQGV4YW1wbGUubmV0PohVBBMRAgAVBQI246pk -AwsKAwMVAwIDFgIBAheAAAoJEL55SFK+XPiG8SMAmQEeRej4CyoP+wmpdhNm+c9f -amN9AJ9nKsCqRWJ/ufezi0YqAcbgbaNQ5rQSTWFsbG9yeSAoZGVtbyBrZXkpiFUE -ExECABUFAjbjt7cDCwoDAxUDAgMWAgECF4AACgkQvnlIUr5c+IaZ1QCgqGtz7Pnb -id5+UylHAn40bwpXE7EAmwVmqbtsG1iWWt1xOo2oyTj0t8E5nQGlBDbjqn4QBACm -e9aNjmsy/D0vLzEUvj2kaMBgVv3MWKO+Abi0yKsjdP0QEt+UosnybgpahGhPZ42b -L8kYsfJmO95pWHxN6sNX67FmQQa+/vTafPw04SVBOMdYejLSfqmhyLoXGF8l3Vuc -6MMraZkS58RA1KfY+EDjqCMItFMA+7AumK1JIvm5uwADBgP+KP0pE7r38nHf5b0N -lDFYhAGIqdgdWvW6zZal2lNXiOkKok4I6AH+GUGYJjULX+2mwCPUDdllqYlFZVmg -2iSRF4i1ktd8ZpymsZuaaNyDz2AUzlXecRQ0JT+abYFBannyHg04K/rR0avkYCoc -PEBK0+TfzzNvER3IWznsI9Dhkm3/BAEDlg4U1yD8FjcEyfOZsRr2vgAw2DSsek1W -QcJVSrTcrl4DmC6JoYKNZxcZxkz+azXGMzU6P/gruBQX4ldaWq8ObvjrdF+g032G -Xju9Olh9Wx82E+lc4O2K5kwNe0fveQQG7vFrmajyXnIB4myEx8jSGNcEUcl/6pMm -wjzIOMcU1lPVYNkZU8cFQpZHJ2dY0OO9MXpawIhGBBgRAgAGBQI246p+AAoJEL55 -SFK+XPiGkTIAnj6CpWQaP+vvx+HhzcjTcL/VKlZQAJ9Nk+d40+pCqkNEZDcV/xO6 -vXHbbZUBzgQ246rjEQQArXimh2e6XDO0Lo/BHPEsdHyd7tDXS7KOcZ/RJOBVjCwb -uo8O2/+SowdlrVzmUlihzs3k31AMe/TTCiaw/Y2Vv9JBABVXmacGRdZfHwbERC0f -XMQGoxN0bxZIAmAIV7BdSZ6PqolOUzb2nRlOEs5j+Lzp546yFk8vN5rWYsKBSHMA -oIGmmgpRPEONTciH1bY0t3/jZvMdA/4nB/bsDN76QdkFdvSCAams4Gha+7waKIBa -AJZWgkGzy4sh19TJN5BGYOcXsJg0v7VOKxqo+1HC/TpWcdSAg/HKfNMjWH6COyuV -zOrGDjJnyTkRjhLKjLaGG6N5Zbg4A5INug2Tcp1HhR2UayFs9nCqk7mgd3cNPZvL -CTbrN6aBLQP/UNSg7Iyj4vPtpFMyaCt1etUIJVwFQ5X8yugeSjhGehkf4F/TObss -i40RMmxUkjT5by0ddfpleBkeQHK1UDphNEKRcqNTK/rg7G6sJMxEb0ata+aTsqjO -Vj14ZV2uaKOJ2tXwRF++iBMyusSFRtOxpzZ2mPnZT4LC6uCPPgNtGRv/BAEDsc7Y -SdD9O4gyqEDz+24vfhBH5b1jnJJ9MOulZipNjfbpG+Tocn1wYbQvTm92ZW1iZXIg -VGVzdCAoZGVtbyBrZXkpIDxub3ZlbWJlckBleGFtcGxlLm5ldD6IVQQTEQIAFQUC -NuOq4wMLCgMDFQMCAxYCAQIXgAAKCRAlsA/UMM7GhJjYAJ96+gRNnRtFX68Wbsix -2VqHsXeLugCfVbbEonL55bC9BBQ89XY+6AFNSgGdAaUENuOrHBAEAOGceVg3PC6F -tgrZrnofohzWnui6FVBzeai1DZ5MMKmdN6/QMv1eeHoMOb33fbfhwA51n+kPuhap -r6QqTzx62RGA/gK1m7vjU2OfYxSO65GN/rSUXN/kE83jR7Hux4MocRXZ+/8ngqL7 -JAjw1LZdJyOniJpeRvrckPNC/bKaua77AAMFA/95VjAjJIAU/gOMwtbqTgV+cmHe -52Aa1CJEalV88yKG86nnqHuL4xxUTTZljyjbbKleJD/Ah7R1BxBhSEDy8WuTuonE -VHVxTcL9Yig4pZ/OzYZf5fkl1eLNaSLb8XZMT0JbP02b//OMpAr29lcaga1o1RtW -vrlUyIYOTm2RcTxkf/8EAQOxzthJ0P07iDKoQPP7bi9+FNgB92LCXMeilHSPeArG -JblD4lyK8pp+jwjSCaWJrWQO/OJJOzhTh6Betn6H6C6bapoEaQ8TuKbHEnOMUfax -tx/yzDtWu4EWGMyG9sSPjXRr/lChDsi5OMcYnrxK3foQYMEHBMb1fIqqtRZmqWPc -FixNLKLjBalB2cMRuYaY8o2V3ZyKiEYEGBECAAYFAjbjqxwACgkQJbAP1DDOxoQg -5wCfbgzOK8WkgR8iruUOQagMIqwMr6gAn1iBQ2TJM5znLHzYgLX+D0k5IG/plQHO -BDbjq1sRBACVaJ7JCEOyjZmcPbBv6CrpqqTWtFSFzB0HAJNuITVosCye4yXycsfh -++FpPPZX8B6OgvTR7bx24Dmiv0mIF+ZVuWulMAgZay7QBTq4RCxaBnBF2yjc0f8p -8fxnmXHAm2Rn+GUCIQeiGYagPfyYk2yCebrdFdp1QfvqKs7oxy9aVwCg414fuLbk -BysyiXg7sFnCoarbmJsD/0hGErsAWF+BpGsNPPzg9oiyzGnV1YpqVGu4wlgZArYs -O4SXndD53WudgE+WI9uNav/0aSPHcrgHQJ9ZZALSxSXvts1EWqvwVeSNFly+QKjH -Ecbs8gUbvust3ZKJD55L52nlCKO64wLyySS9C67FLp4iTSD6OMaU2GO673thrrF5 -A/9nF6Tfunw/W71NOY3uc+2XMZcat8pWL0O0nfUTzTmu5cWpO6gV9w4FGu19j4M5 -5tfxHEjBBX9MSbLHChd2aS/TcRjAPoAlKbHda5WLn+t69wf2d9IQcPLuwULwIGnh -pq8AVFA2uGiZIH2VKblyUYtmIPieWMXUQUAHBAVyHseGU/8EAQMb786noBSUDw4m -7xGDnWduktairbapLv/ColtFylU7mo8tzwPJ9N6MtClPc2NhciBUZXN0IChkZW1v -IGtleSkgPG9zY2FyQGV4YW1wbGUubmV0PohVBBMRAgAVBQI246tbAwsKAwMVAwID -FgIBAheAAAoJEF9jVrptlzKssC8An32a3EYMFU3dvYtqymOZk1G6qdElAJ9XrILy -cL0GM22u75KkQfVlZReszp0BpQQ246uOEAQAnQtV0TzPQjBa4FVL4qFO0koX3y54 -4FgWd4amzmK7ILV37kHb+pQIsZzT3Z5P5OJoy/MNaam41Jn5m6aVQ8c7IolEJSWr -cxg31NYA3O5LJ16Rf784IW7nMvBzTtEh4t7jPxlwue+ImdaMWvwNeHypwlWE9U4a -lGtbrAuWEFx5uCMAAwUD/3+C2YDd3Wy+Iy6lxwzaQCBI4k2yl8QyhzpwKH//+EhN -JqWjVRy7t58SOewrV30iNpDEEpv96aqUys2gZTPwmzACVGp4ZpSzwEQ3Cf4UHA7Q -bBeZxRu83y33tEgcILDNR8S/evFb2u1rG2KUmvfPtx0g7svVcKYRae4uB25wm0iu -/wQBAxvvzqegFJQPDibvEYOdZ26Rt9GjNyo0jdE5rAxUvk0VBw7TW+V6uxtqp+fK -rP3W/ewR4mUXo1jq29kicdAtO/nI0uEWiMuascrL4lCWWcrEK2n4AX7KbzJ9W3HD -upQhHHwYga7LFg+ZAc+6m9k+cn6M8SycsbQt90IMqon/jpYnSialNZilcMpFfYCn -qBDTVKpBReiIRgQYEQIABgUCNuOrjgAKCRBfY1a6bZcyrA3hAKCPwFgK2ukTx/0R -6o/BN6HFJh7Y+ACeIB2LqEi2uOknmyef7JveVqldPTyVAc4ENuOsQxEEAIQRmJhs -JniNi/bRff/YGrZ9aFWt81G93W8WhV51qq+ntUHgUNY55Yyos4XLOa2tS+K8zP6X -15FesVBPYIQa5BIC10mAsLfJ+1rbnGJPuNBA2U2MoEaRxo/JtXQ//5jiTRlYwLDR -nBzuaMCPdsirveu+JBw53ytRwjwe7m/D1PPvAKCp2dj1FtDjubTN7kCF0o2KzPwE -0wP7BimQxXyPwSzGqLaHXSEBsh84OQTxPI98BXgq0195/A1B1/pPs356euKlqoef -UTHYhbjiMYbjZT+A6juudf7A2Ucy03G8HDZ4k1f1vmzrj24+6ygGBcxTVr0Bawei -C1DwG3LjQoJ1cuFxRQ8BYJDGIwPrUW5JdlnzW2bJWfdyXOoD/0S7iEVN9txkSKil -dOeP1YcDCD8MM3hvF9kUc+1hbmir8SOZ/IYJAyQN+j+mYWsLuKtZ/F9pqiBNTXH2 -jWCTqldOD/ZYxHVJAARnkiVG6yckMLsxHi2LPPBK8xack0y92mKe7za/7fhVgCRS -s7M/rzUbzUhyInHSyxr2SYb+8lbu/wQBA3vncg3S/0EKhZRFb/E5MzbPjleeF5fQ -n4SvP7U30kDoHyI3LH6KymC0J1BhcGEgdGVzdCAoZGVtbyBrZXkpIDxwYXBhQGV4 -YW1wbGUubmV0PohVBBMRAgAVBQI246xEAwsKAwMVAwIDFgIBAheAAAoJEF0V4B0/ -8TIG4YwAn2L7BGoJE1q7g/ePfsIhAc0nacGKAJ4iBZV69HtWtOryudH1sG7zEoaR -KZ0BpQQ246xxEAQA3mE758SGpbalfvWhJSpb9NEdZJvJs1zlutDW3OBNuF4eIb8t -AnWUeO1mhlCzJbcf958S40BHCvKjgiO8rSeaJCyplRHXv3ldMhuj/Bo83TxC6MLb -q5ZsvWlgvnJBqvBso6jICy3iOATU2llVz+vX5ZSns24RqmJxWO8U3OSJUIsAAwYE -AJZAliv6HSjOvslD8Gojy9Mq5Vdv4MgFCO5LM3su9qIioypv1l1802ZnUC2+SWjY -J7ZUzKWJDNVJNm4clBt+sNMFcF/5D4Ag2Id1kQCh3MG8O/qnu+xOeg/4DZtLyXrG -tY5sq3crL34ZQOSpbda5qBxQqiBCARv8Up5z4Z6DBKBR/wQBA3vncg3S/0EKhZRF -b/E5MzbLEL6CTR0ywkrjR5f4P+KFRNbVixP74rOGEYga1Uy8PrUOMDBIjbtKVWQy -6ly4hnMv7ZPtIZSJFpeofg7k/kTNJB0W0BcJhWfg5CbiWncJYH+IZT6+/0aJfmhe -y7gMlkoXOqH7y1MlLXHLriVzNOpapAK4Q7vwzzfRL8kXP8zC+u1noiuIRgQYEQIA -BgUCNuOscgAKCRBdFeAdP/EyBhuTAJ4zaeXrBSUA3s0m0MV04WJxDDGwWgCeKwYd -KMH/CO2Eaetd28XWxnxJHO6VAc4ENuOs0REEAIHCI/xKPD6yIRGsSnI3PXTW/f9A -WdwcQZO8fWuxypuqNP73Hyx9lxYxcQeA3X3vjtTwvSjVKiIuhk2nxm8qkuO17Jzi -bOZ77K4JlaVFMwHe6dHcXHNrSaHcIZB+BrTj+IuD/Vwa8Z4EK1kNI7t99xDxesC1 -ou6pFchhDQn7L5LTAKCmIDPl2IfVEHu/x19Bogp5NxMVZwP+K8gcXcgYoY9NourP -LwHuZpU68L/OboKLkgfeVxF/Bj372liFv06VFkOmu6PGM1P5CD2u2MxE2F/HvxVa -9mXd9xwH3i1DadzktDbxG2CZRg31u/1+6i1b9aOVgowh1ISvAwn/QMfW+M+wm0R6 -bcUhOFO/TQgjrF0LDm1dvKpRrBUD/iCGgoe3U6gA8P5wZn7l8XqTyl0ul3YtLaO/ -S30La/k1LSThFRiG6qkAbIBEhYk+akdFu6oTp5eO0yEMj0J7f1ffeEMMgBrSILTO -amBUVu9INRZMg0V+ez80zLlNgY1SOph5GlJC2i7o20V4kBZvCFyeK39vexqaSrko -LzXK+0Zq/wQBA0GK22cdg+tRJk3gYcN/JjZjdGbyparZK4zFc6L9X+dZtsC9gBVh -D2i0K1F1ZWJlYyBUZXN0IChkZW1vIGtleSkgPHF1ZWJlY0BleGFtcGxlLm5ldD6I -VQQTEQIAFQUCNuOs0QMLCgMDFQMCAxYCAQIXgAAKCRAcZ+wTPGYchNG4AKCjSqAG -ZAKs7NstyNXe0qmxdjqhgACfUIFuQ0RAvRxngnEfGZJiTL7vHBmdAaUENuOs5BAE -AJGi4T/jrY5BtRTM0psAneQytzzFgH4+LigUXAAb0QDAOkyGNfWHrfHJIS7A3Nc9 -pMWAdOjWgSKbYyrzra0SQ75/SkI5+/S5ev2Fpki+HYo7cNgVXnbCJrIY7k4DAMun -qPJ9JCUXc88WxGvKV5b45htqCPnV2Pgq+AEIKD5aGfLjAAMFA/9+O6ttUbeY2bQH -RdThl4HUxQw4lgYN7stgGZsbHCc0y6ln1HF9vlE4Tl6HI/NR/8OauQrXt8988dh0 -39QNZsOdAeRWTk4PgSuXq6VDG5WNw6B9bvRPKXe5yeVmNNl6KESBzMcq87kANZWZ -68vKJ2JihxPHRAyfxwGr2JKkVF0S+f8EAQNBittnHYPrUSZN4GHDfyY2YCjm88Cd -mfBmhTozr+i8fBZaKPsQQkAz4Ybhdf+dCkGOyQjOvI9qUX4wNF1n9/2af6a9A9TJ -NYGpdQ3AQUyyH1AXIfYLeZhAKR8oHgP3r5L4DDGmyAG/I47Ziko9nyyRjEkT5B17 -n0HedUtHH0+v6vtjNc4OA0XtbY0SCvuFMpLRF9guiEYEGBECAAYFAjbjrOQACgkQ -HGfsEzxmHISIlwCfZ8SYKvVQnWcUbLR4pdAC/SDm0XwAnAqTsdVw9qkF0c5EwGns -st/qiAqalQHOBDbjrjgRBACU0OjVoC32Kh/dUjXPdN6HIusEhHheYpFIzYHHTYJm -FBEjBj9CwrpYGjGUmp+BS2wFS59zO2MlpQGLGrmo+YGBdio338Hwdm8baeScd2Ko -qu+oWkCoBMm2VxxbS3M8kq0ppNu2Q5EEO/qGywVrVpfBM3siM3mcsjVaHyWy+T1I -qwCg/lnggNIr+Yz2HoU9GwCwBi9331kD/jRTBAuXTq7vAG2bGpJ0X/zqSMLSRZfw -nZj28hx6I0SIT0yZU1xggrAgzSbB24XnQSSxWMR2BZQmupPdHO0l8xPn5KCbYo4C -+9+ZsprxEXg09KtVcMOsV6qTq40NPSOdRRNAVhOOTg/GD0qX5r9ztB57qpefmp4N -fy5tmo3SehfRA/9jkdKCLrZRsE/kH57kGoT5kt4nvJW2X3T03BMKvspVm3WjdlrR -0Ji0yiw9P05sCMJqeFKe4RZreG6i606CitZpRIRbpjfMEq838zgUDv7VGF7zqCed -Yu36sepfkzxj/slNyu6A21HTgMWxiBrkDXoIuxMPFKYzZGC+nCHXgW2uof8EAQOP -MKazZfwtUoJ7eB74i789uCp+H+yM1KROCEcmSW/T7ago8wfbaRdCtClSb21lbyBU -ZXN0IChkZW1vIGtleSkgPHJvbWVvQGV4YW1wbGUubmV0PohVBBMRAgAVBQI24644 -AwsKAwMVAwIDFgIBAheAAAoJEDvb7bF3f77Tq+AAn10WjJmAMcn1pBFwE28eIqtU -z5bsAKCoNi7oa/HFVQZRypKR7SChjez90p0BpQQ2465mEAQAiea3rOLV0WY9+rOz -+CmVlH9GAvJrS8cXjRF3uXJALZ/IDH3EkCeDHouDtRAb6ymfQ89vBJr9BZg3eug1 -HeMm0SJNTzfJFq8vVLhiwH/1QQJDCMl4WAhJwe8EbDY+JBeQ4WIsrXqdsHpD6HGT -thgFKCMmNsjDW9ptoNivFJytkAcAAwUD/iMYod6PvvotNl8IuMDnu2q6NsUngZh/ -W/JxGifL/EVS0TtAIKEeBi8ynkzn7+exVOPLZWO7MbYehTsXiWkJEtZw9S0aW9xl -A2a+6jP8jhmKdFoXUYBlvnNHmGt9oOWo6ts59/h9S+Mq5kUmTOJ5meWV3vYo5BrN -FDWKpotIAWMa/wQBA48wprNl/C1Sgnt4HviLvz27SydCgapMV/zUfdQL64nYYQj/ -00crVG3e1cAN2iOPRNsjnczkYXjFfSxTxoVvQEOvScRoOF1LQ6doAGGSJmSkyIGZ -wxb4VLD8GhqmCX30XxOcTRG6EiLq9+kDGL5gAnBUTviRF6Tc+y9N79L+nxc4lawj -36d0ZXeIG2fm8RycxA2E4ICIRgQYEQIABgUCNuOuZgAKCRA72+2xd3++00nRAKCQ -vRyQt5pNoWbpj8btfqGK00jpOACgjSITGzCNURjHPCPEBAPqgOVDh4CVAc4ENuOv -BBEEAMUtk4AJiXP3jaKpIhbi3B73S2SZ67rKzBkicjelpwWk6LndsCrbLsIWsDf8 -fNtih0r9As+2arfApkNlwuCGq1ZlPGGGEf18OqPxFvnghVEbDdcosP4bIm3k6G2s -gFbMl68xAGnTtkS5Gfz43uTuznPzdZnGbIjP0uBmPfZk6GW7AKDhi4htuxr3Y+ud -9lx1bWM9KqUtAwQAiRYHm605RZVBkdzlfYx1Iwgn/l8Chq3MsPrfBMslapBnq1an -2/nEQPmuIde9C6ALN1t03DHpKonx2XgjYVz8pgty2FU7txSSm2EE+975dXp3ov4T -fD1KxksOl770PAzixLfNhPW1q4A2cEruGgO74qEX3/fAa1J0nRKDgmA/mgYD/2TS -ZKCaFHoc3IHQnkygmGzzZNpVZV2+1kIB8Z2hNo9V81PYpzlYV8SlG51ajW1G3ePc -ti7JOIP6MquNUbYR4TOzZy1Dq4+VqqZCB6fOeIKL40IKKAoMMDYFNLp9zcT+s6+6 -DTPH27eE1WEt+NQjBgr2ofC/4iAU/nmAYmo4xn7Y/wQBAw1YC6sO6OK1YqygeAug -0cwEFM97WACPFwv/yo59kPUn2OPV90GqWcO0K1NpZXJyYSBUZXN0IChkZW1vIGtl -eSkgPHNpZXJyYUBleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOvBAMLCgMDFQMCAxYC -AQIXgAAKCRCl5n9/o64+oa9/AKCaJbj4sc17CLwMOuvFVejk4mwUQQCfcrpQGZox -97B60MgQRs/wklSEVWedAaUENuOvgBAEALhxyR0+JaBA2Qa8CberwXHNEuiDrz+N -9++Pwy+375dDg2KQ7RUnx7NiRV368be/lGgdMhLKeYxZlmNPnpoUNINk86RCzYbS -pmAASBOnMJQF2WdQLxmsdJNJCMKfse1HZylgIJQGWI+1q0O9Lcx7Vd1F8GFeJvTh -MHRyLoOvMVCTAAMFBACN7RHUg2b0aRkoDNMQKL6VV6LvBteSfgkXqf2vUovmhQtU -XxoYc0QnVPCPuS6raRpxiNz8OLgp0RJFNk32zOVmc2u68B30kociBt7Kx6d7fJGH -L5gVqpebUy1YJ3DBoOIOgcMBKmXnlG24IrHPq5bvuqGtnwToZEOuEj3ZHzwNuf8E -AQMNWAurDujitWKsoHgLoNHMAI9CpJsg3p5r1/2dTbN+h0CJ+lqHoo70wkoAb+ga -M+7jq/FWce/7mNExPIYobdgkvZ2rbKJPx8o0zJqu77IkMLTb/eh8z+dEaC9X0S/u -YgN6AUJl/DsEU+XwOd+JY8Es0wJda+M0qvSGaH6+kTYy4pO5QD1BrfdPTOVNxcFn -a7HAItZPiEYEGBECAAYFAjbjr4EACgkQpeZ/f6OuPqEzHwCgo3fuvctqBR1zM+lG -iitaCcoRH98AoM2iZsG2q1yiU3MebUWDxcPCiuRMlQHOBDbjsAoRBACQ4U3waYeR -udWpRA1GiHxbw9CvqFw16gwe4Q4N7LVSKWUffXdm6P3TzrlVqK8FxQQyXitHO4iR -EKzFipcXam0RpB/KWhUpy+V1qOMTI5J6pyc2Lt4G+9+IqBR0wuFgzNv76ExrhaS8 -Pnoq1vsJddsLrB6ZzZFsTBCFrdh6Bk3q3wCg9yVAa2nj2/IByp1xc8hLvES6d7MD -/12gCo3vjQGHqoXAKsb9khD1I/BDILV+0g5JMg7/MLkX3DcDALeF8B2J5zN26VMF -o9iXAxhPa7DZ2vx7hQI8/9pa4VCp3B9AssL44WLbdbfdo9HD2Wnkd6WPEf25vDbN -tLYj+7sVZY/rMyNj3+SolB4YlhydkU1xhNqVJk+lBYXNA/47smbyDSsJG1EksKSr -7KIteXenuFseT2dpgK0+cvlC4rQceFiiLF1elFVWhATWgXut5PXBRnTxG2vx35Un -e+pC5nEncvha+93d0zCK5sACjFXSo0QBHN5fO2Gj3dvy3U/k1swkMN9xKLXsSe8m -c2QNkicdu/48iIF5FrcL5+VAjP8EAQOkqTnVSVlDNyanmeWCbHT5y1XDf7flXnKw -AlPvRhV71WMkqrgQyZSOtClUYW5nbyBUZXN0IChkZW1vIGtleSkgPHRhbmdvQGV4 -YW1wbGUubmV0PohVBBMRAgAVBQI247AKAwsKAwMVAwIDFgIBAheAAAoJEFjLmkyF -qB84JOIAn1w8JVmBDp+6A35ia9SqWpt52ZiiAKCIHwczU5eSjSlPSm5W8C7dlk+B -CZ0BpQQ247CeEAQAnr0w2OcvlUX7E8u2C8dJGIj7wRU5qDazxh0tw55/ybJ3/Kyh -CFfsr2dZ2E7Zw6Yvc1u3WTTf82nH4S+/IJFSI+qBi3TrcwVtt8Xa3Po7cIzNvS0b -BhqfmOOXJc4ihUlADR2Jukm/QC+f6bO8IZBDWr/7LnT4SwEPhPoZNMFb63sAAwYE -AJ2kiP3e1zM+zEo2i2jkOny1Igyn0sRiuw0OXQ9B656zp02G5qtDN+IXhgLdfQqg -qyWckP4BLDJ4NtQoEM/Mr2/7oj3h01XpbU86R1QFQOXmoWw3q7yqEWIwfOBqClSF -0A14sXdjQwadyabTFsW4m8Zn5jLW+1sH4PrVjHoNEz4C/wQBA6SpOdVJWUM3JqeZ -5YJsdPnICDfLPDsLTp+mSJOvz8ZkqbdjjI/q3Kptusm2FbDk07+WCtgfeKcaeJZH -FNDb0PYRG9S22OGNlhDTmZluNPmUG5syMkoyycBX+4RTirp7LNS+VBIOHa6d1wD1 -k8lANIjD/ilD8pW0pAyqN5oJLDgGD9892G7eeE9Vy4XGRmBB6TbFMF2IRgQYEQIA -BgUCNuOwngAKCRBYy5pMhagfOAibAKCS4dbgdlteoklBNH9XU3+trecmqgCg4u4N -x5RLyPVJoOlZhb87WTBcW5+VAc4ENuOxqREEAN621mjyBM5OvWclduTmwl+5VJBo -yZuAulmkyzdDsL6ABfRdf5D+9y4en7BXY2rRLi/7Dkr6zEMXgDxQN/6r4aY0owDl -TbuGRwNC8TjwRhSCFx1YqNZ4XCaYk5vQoyhq116HiI9PiPyhwbD6LTPqj97TLQ5V -axS8iqniJk/dSWc7AKCA6rkZ88kyrcrdw0PedTsY5Hx7UQQAxyAfT2jrwduNvCnD -56M+4rBUVrfsI5f/rkUXw8416V6rsyvdjzIqpssiwhYNrGuV+WlvIzP9KG4N01Ty -CH6ax/CHT5E3N0Q+akkIJUk51k7jpy52BvIBCuIfs/KxJuLsBuamcyXuRCu6EBlZ -cu2cfV7WQqi8HjdremHzAXiSi3ID/jkDxssoSYm+mr9qZjpWMOcazGQOOPDY6hVu -3ywt0aOmBqePd+/LkpGFZ5YsqGa2rji0f3ubhgOYYIdVr8iJzhoM8wy9Q9Z1pjkP -IJ56tU5vck3WosLujnHYcG3xETtxec8mXlUrFzirPKzlupARhi3Z0/hwmoqTc6OM -JuXpMn7x/wQBAwH5EiW2ICr1W3T/Rx6Cb3eG3/JG8Sjo3rpEYlaApMS+d4oM/9V8 -3kq0LVVuaWZvcm0gVGVzdCAoZGVtbyBrZXkpIDx1bmlmb3JtQGV4YW1wbGUubmV0 -PohVBBMRAgAVBQI247GpAwsKAwMVAwIDFgIBAheAAAoJEKlMD3VlMkTWM1sAn0ei -deyWSJxrd/trrimzJpapYrQPAJ99nNzMTsSCQwsfLaq0E7kkkS7KtZ0BpQQ247HD -EAQAtbvtPTT+OnT55+kSbXMy9yxK6Mq3D5hzpNxW4jXyfGDJxQXkk/lPvnIYv5Cs -5vjeMvE2RPLB8Bqp5HiAbSV9mJkCRYSotkUfQLVZ9h1dWUwWE9avz+zKWUzzCPRD -g5QhDyU71/jHbT/MYdBrI9YtcLo0DiQIl3a6rD8Xp+EnIecAAwUD/jUUTsyxauJA -VKYKE8r1syZfehncpH/jtAIW05We4sfSrUC38Rq6s4KNIcA429kM3lh341YWmmkn -OVFjTLiEMh0XLI/ceJ9uVxhNB1MjlUg+OiDgI32Rfm3lzmvzW2HEfs8zkX169asl -toOKFfCzeLOLleHT2pkN5ffC5IPJYVgn/wQBAwH5EiW2ICr1W3T/Rx6Cb3eFuP+I -vpNCP9FJtq/cHx/aNtVczSNEk2ParqkEbsZoGgIF0fZStEWeTda8b2/P8dt8E/hZ -L8YE86A6y26jjzhIQBnThCdlxYXCI+f3rwXSdBJYBu6jvOA6Cp7VJkBGBUknV3c2 -6VN6mF0tq2xw8EdB0Z94SBwIObsUJxUXGSx6F9n/BIaIRgQYEQIABgUCNuOxwwAK -CRCpTA91ZTJE1s6YAJ90NN6PZ4hYojIqGPHLsoXLX4ZQqwCeNI8dzekcdK9ZkqXR -xIfFj4cQH5+VAc4ENuOzmhEEAKMDGobMDqPX3SKI3/W8m9LmNgtDUffHGHNd1npn -GM8mSyVfWjEWoEg2GPMEmdX3/tvUUV7nTz02IJwZRVlrbEPdW76eItMAY1NB43Lp -jQTrAR++mVAslulUY6a5V5nJKEc0IqOuxkW1LWavujX1JRvlBZLeBkdpsVNuaGJt -wUFfAKDfqoZUCcZxnO+dRMalHLfGOn7O4QP/apMk2mc+GJwpKSxXBvoQkVcfuZBJ -mXJuUCc4BUUzHX0ZSKNbgxY/kVR1xN3krMgOCR6dEsGukIsgVWRDj9to/+E6IIs6 -YKhG7fGcXKhE8z8mf3hDLcmjbCKDCSFBT7PI5TkLzlAEP1y2Rtin/Sa71unGZhNy -EfAPW/d1dRcRVqMD/2WcTPUaIjRvAqmbxUpenRhg/mF5rwmHl81VvVBbZCoZ35c0 -edEZKpfmyYbKuz7GhjEPz6O/UWGYZpK/7r6f4kFUrhO5atClnRyBkvmNmdfbtM5h -d5jh3lgqAT7tk7ntPAIh8X8/qm5+Uab63kZwXCPiSR+iEwRp42GbVL7F/b2r/wQB -A+smNbHH+mT2ogDvwebUEYQ5u7AjqZvUWkfnZPKAVQwghkIrT1Vq21u0K1ZpY3Rv -ciBUZXN0IChkZW1vIGtleSkgPHZpY3RvckBleGFtcGxlLm9yZz6IVQQTEQIAFQUC -NuOzmgMLCgMDFQMCAxYCAQIXgAAKCRBHr0tpYfBHhMxJAJ91JH/X2uIsYSrKJmI/ -S1Zgwoz1/wCfdQoDeGHzNwPI5NaxIZH0XYr+O22dAaUENuOzvhAEAIeRQIHb2kyS -94wRnI2IoiaLMXk1n9y/3VGPfX2TfEd/Q0laFCn/UbfxLEuQ8sF1ZygHiYlE2MPJ -WzEVRe9FYUgx6TAvSrWwdJZNwnAKlCz4soq0+YPcsDduFu5NJ2liCYrLbVIfh6m5 -uoHOT8/TX3eZZfMeBIYt5ShOjc3t4FDTAAMFA/wLVDdYasFk06YVWXLR6tyWlBG/ -WoJrvznLH9uP26vYvEfBWjMAReHyOaiIpnKgDPtgWenb2RHaq1WmUfWh483IXB5m -oiO2ZluIJpPixxRVn/cu5hvGAyhQV5GgbiacRW9RSHyaZmi8yZkWu+nS6iNwOx9h -PHRUGvzBrGAmuDZiC/8EAQPrJjWxx/pk9qIA78Hm1BGEOtrTuBDDiXmHnTN7vG9T -7F+vQT/JusPW4EJHYO4E2e1J6gyPEGOqrAsLW97WTEN+LW1bdTdY7dhM4jSI+Unv -ZqZ71xW06WXE2lxGD4ayXuzP6Q0KQT7YcMnrkqBluRJTfGKdjX0RPXt/5+KWd7H3 -VEst836l75/lYfLrbWxaArFjztISiEYEGBECAAYFAjbjs74ACgkQR69LaWHwR4RT -3QCfcsKGxTTd4f5S/liM5MfnCtlAU9QAnia0uQcnuH/aodTQqspKUGN3Z04+lQHO -BDbjtDQRBAC9Vf1MkTKc8kSxfdfZ8Y88OJAr6gHsPUg0j1t8gPk0q2ijyrJuK84u -jzmLmbtFSITKFfcT2VSD1u4qa0iFqzSwnywtRGYKd0gq1eMhaDcp3SmaMTyrbPJ3 -sKFDd98nbTzvnA1tHgZCFI7VZO7HBGgvnd+370lNQsnGRBF/vUDObwCgllBimEp4 -tasu0WNvZYptjGy3ni0EAJLsL9W7jR64h6+nZNkdO1jRT45sW8mvyMOt1BkyRQVK -6G2Lut879t/upPCYK+/ohWaf3TkAKH1ucrBm9xHlPXJHZvoIA3brt/OuJmG7r8Ub -70N2vrZmdXas/w5ru7EBcKeii9pp8pi6mim8dXTPS1R/b7BqytB0dlO9zSl9j7no -A/9Y5UnQobM/qT1tiNhJEnUwlvvTB1UWId2UiUR3k/eNCxc7IdUytanqofXSxAu2 -jyDB5Ymv1od6bRCNM1JNWnOnqVoEd/u2csTAIkZ5fl/kE6HztqRGPB+H0n3Nb4MG -u2mpLq+OUNhTnLpEZsZGXqd21eFXkWkThxstrH+kYVYSrf8EAQMsrHk/oVe3Xf3i -4RPIB3bwsBoWGrA4kRK7mm5a6M/pBLavd6wy89rvtCtXaGlza3kgVGVzdCAoZGVt -byBrZXkpIDx3aGlza3lAZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjtDQDCwoDAxUD -AgMWAgECF4AACgkQ3vD3uOxn296iagCfSizgYr94GzIrMWbc6H1ha7gFOX4An2oe -iUql9DoXgvph82AUGtmv9TuRnQGlBDbjtFYQBADPV+xDMQ8NzkqoJyO+lriAUrCN -IBf1Kbc6U/IPAGOoED1YVPX4EB27u3K/EmRVd3clFS085Dau5rFIr3d/xXnLn++w -qSgQq0Jc7LflMpIj0P209/oKt6MBovTAQn3lNpecmWd8oxiKoPP158Zgm7iLcOvR -Tcs+/p0KAzNvHIvQdwADBQP8CQS48V16lhWOSXV6u3JOukMeWBw6Tx+7M1CqyBih -mR8ZNlF6FPBvVkX0NFVUH2qJn5yr6PmxQxSRnC3yCEyPBa48xqIditzynMbEIkNU -rFZTE915rr0k9MrwzPGuLfaPtr/Miy4BI0dnZ/5U4hoxPwDbp0aPUwRqb8+T9POT -Zs7/BAEDLKx5P6FXt1394uETyAd28LN6Abjx+ozpGMN36+SHvBm1QBbee0EWJ9LY -natmavOGPgEn7HZFbgk/QaUQiMRMNQIEykHjoKU1C5uWEDR+P/wuEYX0+pQ1UhUU -Z8v+/wZjAC+X5WymJmjKW2l4LXfq0RpOU3DedzHl5+zcuhfZN03MhxX4mcTHdGNS -LqWzikj/1HWl3ohGBBgRAgAGBQI247RWAAoJEN7w97jsZ9ve/yAAnROeKraABkL+ -JUAzQwMcNm+0JCezAJ0Uz6p+tN5wt6ywyH09JfENI3F77Z0B4QRDVOPaEQQA0vZ8 -6nCVajqp71XSCfin8OI+gHAAbVA2t0JAH94SELIUTqhU3KDiqg481GoI0g5sbn83 -VOOnV06HyfCoS3hVAw+qPIJ5B9hOT7YSd078qI5N6H6mV6vXhC4mFn+Q71t1ZIjZ -M2grgXBK8gBa9XyIZPrtdI1K6H7PAaWitfJCLTcAoKRwVDiGrW2eio0bD3ri1TZK -Y6o5A/0fKN6cxEMJuAX6hI9QBkdwCdQBYTfnaw6RgZOiU3Yfq/IhwLJe4GDm9JdB -LSv8N9XjpkcsvDDu29ByeL8c2Mer7WQwFnx51MKKaHisWUafcO9QgLAFiS59nTCQ -imlbd/WchiuLkJesLf5KjTcs+y4I1ryjpjZDseGhC49nK4BMAQP9FZ6uNXhULndY -mA8WRs9GGF95IzlbwixmZNkoviIF9Pv4nGT+xJPrMj89OzHt8KCLx2YyVelrLhwO -CSxfjPMw2Je1qRwcDXGKnF3/Nb1Mw9/3TQoRexGz7+SuV4v5EEvu53CY6sYbvRku -WHopzmdJ3nIXNbywNRCse/EzhN+1H2v+AwMCeQ0GPAUFo8VgGOz57mojjJX8F4Vl -X7IYjOVab40guLzkSGqxQCsps8UmWL/mKfAoBYRgpPDRozfnxSSIlwQYEQIADwUC -Q1Tj2wIbAgUJAAAAPABSCRDe8Pe47Gfb3kcgBBkRAgAGBQJDVOPbAAoJEGX0CIjl -GYfJ12EAnRuCm61Ypk5bbynrSpZu5nd7Kf6YAJ0aBGUQSyDxdieKqY+f/U1NwDmi -ZmXsAJ4hJCAMBP1TqRBM2D61RwrUTpVcOgCgi3v4j/k7ojLKcZtv3L62YETM3RSd -AfwEQ1TkBQEEAMpDZC0DUd+HChHrOlHLLDeyA817qeFKDUFbfmAScDCO67CPI7Wl -HgWccQZhTgKdXadyUE1IL9QsVkGZPEv37ijitw+/jZw8mSASE7DxeCMhOqi5LhbR -LMS5zj439oJlk9cJNgF9VEJkYF3KePuI5yJNgeUYd/hZzO3XPvAmggnPAAYp/gMD -ArwKKdoDxBLOYIbNlJluk4MFdM8VaglnHWRAhSJ7aWgD3qbp+p2AgQkuijQxJT9o -wKVsPdRePwc7I4ffXuESOQmOjNF1dLwaJKAr+s8hRw9HCOTUlkBIhqtWnKjegKZL -ZClgnA8M4/91wowP877+Lz5ABGGbMAhvTfPXqzWy8eiGB0FhJe5k5GNaw/jKfqH4 -A12FYeWqLMcl26Yxd8G3w9rYcR6vRvbBf/LqMoRkG0XYF+YCDcBDGTgBvuxG2JKP -UHSRoV4VRXn1onyZkRBG5xdNGC2RPripX/4sVPXBjIGty1xk455XpE5Q0DkiwRfP -IhjZr2Zzv5wFb9bTO1PKlGshS41b0SsWS+ULDYSw6rqXbk3F9aGU0YcwkYhIMPde -tmAuRKmmSlo4b305yr5W62Kn1jKtiJuKjsczpZt3us+vXKCtikb0fyTC4A9dWTEY -EAacZP+vhaLgGEMWr0vfJlB4KhjM4Zk3lLWVFQVFiE8EGBECAA8FAkNU5AUCGwwF -CQAAAEYACgkQ3vD3uOxn2971XgCeL6JojSxB+GBZD6VXXdt5i+8EbXwAn3iwQfIp -Di5nPVvcM/kbD0eIfix2lQHOBDbjtNwRBACtSpRuJVMzEmGnxsDi8xcDMK4uPKzg -DjgMT65EVv0AaxlObD8VM8RM7uJT/d+uXJjJOAi8jbMMXVLAdcbTooXfIi7wsXo4 -IzQ3STsqcqnDwza2Q+JP4PwA2sdTl3Xvx6/ObjQ/I0PIrFIY2UgbU3gwgoW010yV -qEu+73WQbThZ6wCgs9rnMhK+xf4TD3kzWjhC2LyJgdsD/jCv55hHLA/fl5v8XlX1 -s4taFaYQPPDgoddDtX44nskPmfjhLkos8rAiiCiEOU+avENMAn9gC6QClQi13fSS -vRSrfhCAWS0CyqAI/sLkoQzVNPFTblNyziiNQegPIyPXgQK6JMI/RkVEpSK+imCO -BGEVMpdVVZPJKRDSD1INohNKA/9rQXJcxBRgmO4HsYDqvhTpCcgezFLnGtCCSyFv -i2nYxVYyGqWGx84tqPVZn6h7QPErDQ7dgpMf8QDOY16Upwxu1NyKUtoh0jmX5iVq -b9tl7tC9s3azvYqfY9mO1io7dTOrDXhuoAlGXR6SV4x1lEwzMCyi6v6I1U8eeWh1 -edDaDP8EAQPfoYwMXoA+NvOy9Qr7KTriHrsU72UPiLQWJcATcO1+IErNiHeMRXW6 -tCdYUmF5IFRlc3QgKGRlbW8ga2V5KSA8eHJheUBleGFtcGxlLm5ldD6IVQQTEQIA -FQUCNuO03AMLCgMDFQMCAxYCAQIXgAAKCRCJeabFVn+zSrdPAKCetSLKBzw2Y/8Q -OyAc7B4vLn6gxQCgkLPtL1D/V/ZfvFdT1ezbGRoprO+dAaUENuO1BRAEAMbhpQb6 -qA5MYSA4BWc3RyTvoCcpveM4Ehh5AZgSAX+UNhtjt85De0iBDSNesoPXMcu85E2w -bvTzIM1Hv1LkKL/WemFys049Yy6M6xnZYyjnFuWEb5Ym6O3ilw1JEr0/l+idQTiF -XsZdOWODXJn+6LTQ63tvUHyvIBgTv23UHey/AAQLA/0eDavyUGr+P+3eRE7jGXXT -wMVeJAp2Puxe6CYBwyiYXicbePazbX10sQWVLCfT+l4a+OnwkU99ww9T/EclJpkt -/3SZex/6kdwNa6MeBUD1gLpOFhobH0l75WZxViiYQvE2cxYrI4l48NThWIheEwK8 -Y/Q+3f3BxCiIuN67Xn6X/v8EAQPfoYwMXoA+NvOy9Qr7KTriHeTVwSrlVprhmm/M -2bFHEQQxJP5csnuV5EXOeAUzsIksQ17f5lOppLt339rSn2hxXA/Y0c4FMtJSIqLw -9pxTeq2vkDv0zYC1SuWfAlxriimd4EsmA0YkvJEay/pYRas9nU+FHu/pKRR+PyND -9PNvWWPoOk4ClkUf18e/lu0tT4khNNH6iEYEGBECAAYFAjbjtQUACgkQiXmmxVZ/ -s0rskACdGiy9dMrQlMOeDzuRqJcsBPe3YfwAn3nDC2nXHR4/itw7jnJSyAYihahT -lQHOBDbjtVERBADdUAZzhP6+69VdyRrgRNotouUvXE6I8h0kxZFZZDrQJmpZcNWk -UHDqgbYDJ9RmIeEuWZNmyzPxSFcvD9RGw9KmIZu2kZYqIuzg4KqOyU3SUfNycarE -ZYJkmLEyBlrkNxZkmPCp1cRsMKGCbhQs//v6Iq8h6dNA2EWgJev0y12gcwCguk0K -ZIqVO7UfkaVaZhMr0Cd1at8D/juKnRViDMi9SEjSJZwb3mw1+yECnM8vrM+AoGoA -KiCz/n8N9Gf2DTsFy4yKEskPQ8s09Wc5epBFo3gNruMu4kDnde0uCmiDEbTwzpdS -KZO5x9yi+7b39uCNkgoDlzwonaXNdIn2NnFKjL47TnV/vKFdtSZgLW902vwYGTr1 -ArL/BACIcx9TdxsJ9NMyaKD7MEcKQeOrOqv/Mq1HxFPkDBI4hTZpQiId1XTxqkJ6 -UHDw9sR/TvtO5YKrZjINkmaBZFiHlx1oyB0B3u6XUVLXIc9liyFyh9aOBdQkdHgj -yI8Kzk6Z0ejYcre5TY4zfplAZKkUDlY3U0Sb0a0xIGhgo3YREP8EAQMT5FnbWGWP -2cVRAqQN/YTcRPzxcHeXQzVsLEK/ZQB8an6kRJZsVmwGtCtZYW5rZWUgVGVzdCAo -ZGVtbyBrZXkpIDx5YW5rZWVAZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjtVIDCwoD -AxUDAgMWAgECF4AACgkQnu80zUsRsl9XsQCgkAArOB5EfjSD6bXFfll8/pCcJygA -oJtNkxKjQfv2DpmfbBlt0RUbCaP6nQGlBDbjtWcQBACa4rlFxLTNPJenpKNbb5Z5 -AikmckN+UvT6IF7//dIAO/TWpSbDeNYwC7Eb4JwICmSyXXbZX2ekQeIsLhDYDr2u -gtGxvEoE95u6y19p0smhVio+y+OesGVp97kZysU+cpsTTBXplfH9On95IOJCWJ3i -VbPkn7P+Y3sqEcA3OhEBuwADBgQAk7l+QJJ03CSKwVfN4qyVbGb1ih7VM6i6JJXX -WF7HSP3genPnAZYRcXvP4VsOr7hXRSoaQrFoRGyXocxY2QiaPns3/2HULVgN+IpO -KaDm1mkqZ6Fe2V2lYYI0NmsTRFqysUIoQ1WEUyGlziQCfHqtsDT4uFG8mS+R3Fju -kpT/9pn/BAEDE+RZ21hlj9nFUQKkDf2E3EecwSh+NU1+ETQkC/cpMlFkc4JvMKQ7 -4PEqBxIixlVImLPO52ZUthtBYwpzTKQC9smi3iTo+A2JbBTJjwfFCzQX7lhi1CQy -zxV0hA17P7kTZEKgH5V+VRWriqFZTFcHvfuZpQSxJzbbTJ4SPTifn06U8gtv4D9e -/CgIT8X6QJB2VLsEDYhGBBgRAgAGBQI247VnAAoJEJ7vNM1LEbJf9FwAn1fc3Y8+ -VfQp43FQd5+qak9gMXoaAJ9mbIL86WuaZK6Uno0AfGJA1PgP9pUBzgQ247XLEQQA -gQyThl/Qv8cQlWTT+jh8+nC+bzNz4plAIVfvRwFVT0FYk5xSq5GD0kMkX1s4zlPE -TtU6eQh8++O6Dm+o/T++Mh9bsu/MhYOFLoVwVop4bgiiquCCFsCZAigRa9VPH7vG -umOjXI6ogwNCphkSazD5l3p15CaRRhxu/K1LzYvSDH8AoLoMzSC4f912QmVPgVD2 -Hly/p1ABBACA12YY9bxVx4IvZZooyg4yaHBAaGpjf7WkMujsdUUQ+h7XwD2OUxEd -Z+8ZvYTMxPjr9SCqR/xPO9kYWtartb+3jmunk7jVhdDb5kkfeeX63kbDbkfCTSG+ -krSNhEfacwVH48pAvaYNsD3gu8KUCSBfUxfiWtQbxtiPoWtsSe/OgAP7BxFLwDrH -OfGGz5WyD8qdiXRB7100U9jSElUbkzELIPL1ffZzGEdglIdu9Lj8stsWWg/5GHCf -f9Z4GOwvaW2zVqFe9D5BDDv6o+uziFYllT81ISHVEaK26RobnN6Ac1MToImpeyGy -Ej0SLQ4INqGaGOIaskDcfAo9mWQMw6TNrwr/BAEDcZMUKY/bw+Whlbt8d72KlAfR -OQf7KnYhddFY0eOFxs6vCS/v6N50dbQnWnVsdSBUZXN0IChkZW1vIGtleSkgPHp1 -bHVAZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjtcsDCwoDAxUDAgMWAgECF4AACgkQ -a8R3gFSs0kZA6wCeOBSNOP3/J4LLMGDC7YWzVnYcH1oAoJh1THc6xw3dCapVWt7e -nBljkaZInQGlBDbjtfIQBADMfPDBQoMzv52Mmjb8SdaYKKNzqDd9K1oY2hcMSi+L -cHag+KJFOyKBf3SoHmcU/vCEN+LyTgljYSKDmEf4wZ2+eLfqFgSdBJp2xm55ih+9 -CHXg3dXx9SbHiGJCIxfJaIsnNz3VmJGPDDjBlaf/hjl/7SZvR+MJpVLFPGjj7uOh -TwADBQP/Sgv0abeCXVdVXwGEmhdV0VDo833IQRdRu1yt+QLnWRMGTY1oQapsH6QL -wYSZfDJlxbsBA3tfqKStpRSbdGNNTsK+RIehsGddi3sWGplRGm5Xt5KpkY/mc/tL -FaYJNMqAgfWQcKlZHBp7EoWMgiRiDJUWq0TH1wRDoPaRc+H5Gdr/BAEDcZMUKY/b -w+Whlbt8d72KlASOyif5HwnRxkXE7wHaToVqzUKku8/w/Q11MjKK1qIFRq0gYMjw -3bYjqap6WlZmlMplnKasMp7SfyH6tM2pvS4i3wVH7r/WoWcvWTcT/5DGpLtUaRHP -rGdP6Vrs5Wt7FfPXzKdum/Mkw97ZIA/Kpj5FLNbB/ln9uAz4D9+00V8R6dyfsohG -BBgRAgAGBQI247XyAAoJEGvEd4BUrNJGfWMAmwXfO7BnT2jtPTJk2bjNZxEZm+14 -AKCugutV1S43Ft0SWUfgFty8UHTrMA== -=+vvt +lPbGEy69xCP26iEafysKKbRXJhE1C+tk8SnK+Gm62sivmK/5av4HAwJXxtv1ynxO +DtS0nVDdzgGHGC3F520qQpUb+rrWSMvo4f2/ODb6HbQt8FB2G0zFxN9DurBh1Rq1 +ILvFIIs0T5K/YZ29tClBbHBoYSBUZXN0IChkZW1vIGtleSkgPGFscGhhQGV4YW1w +bGUubmV0PohVBBMRAgAVBQI2446eAwsKAwMVAwIDFgIBAheAAAoJEC1yfMdoaXc0 +OXgAoIEuZGmW//xl9Kp6nkiOoQC5pe9bAKCXo0TNP79Z7A9MZzBlj6kuTJwu/YhV +BBMRAgAVBQI2446eAwsKAwMVAwIDFgIBAheAAAoJEC1yfMdoaXc0OXgAniui4cH4 +ukKQ2LkLn2McRrWRsA3MAKCZ122s1KPXI/JMLBTBGCE9SiYQJLQQQWxpY2UgKGRl +bW8ga2V5KYhVBBMRAgAVBQI247arAwsKAwMVAwIDFgIBAheAAAoJEC1yfMdoaXc0 +J4wAn0x5RWtqCjklzo93B143k4zBvLftAKCFbrlxlNCUPVsGUir9AzxvP0A3gbQn +QWxmYSBUZXN0IChkZW1vIGtleSkgPGFsZmFAZXhhbXBsZS5uZXQ+iFUEExECABUF +AjbjuFgDCwoDAxUDAgMWAgECF4AACgkQLXJ8x2hpdzS3wgCgk/BrqP5WblWLc2+6 +jwlmuLg8n8MAn12puZol0HwV0mcd8aHWtcrfL8lynQHABDbjjw8QBACcjdcfV/S7 +I319mfDvbOwczDvTqDsRbb2cPhQNAbg7NFlWJKtRrmff14jtCt9M77WZ5W+zTLwX +8+8Wy3mMfrys8ucZKtfPixOXVPhyinUUGSq68IArA8vLSUTuOO0LIi05LAg6jzGh +N9jgkQReZyqxub4oe/3JhIX9grgJ/tsjNwADBwP9GeXmMrGi5wMD3qkPbzb1Mqws +VBJq75eLLxu85JIN2XIAGw6Q0FJp4o7d4BAQqAMzt3ONU1OcCWlDQRDxj1nynE5Z +gRBiVoyudEELgNnYhp3MSEuUg7PkFWn+N+GuvyhVUHApleyvP09kvP57hif6yJRS ++V6L1ugP0vZmBI4dqQ/+BwMCZD+ecL2Wy7jUELEqiGi2L9T8zyQKP2d7/8YTIez/ +HxRO6mMvs7YHx87imq1eAFFqXsxNOGbBOT0oUY8zkYV4R3pC/hNX2lsWq/TbfaUS +i+qK5yKNm7ccniHUgFoCeA3esILIUh73TuaBpk2eWy7RLXHr+BvkbkC1gZ4HzWlx +QLjzovsYVpbq3/cofktJN0O+4UjKcVEYmUtunmBV9+6FJuAsz/sYSVi3RTgqI0+g +YYhGBBgRAgAGBQI2448PAAoJEC1yfMdoaXc0IKkAn3A15g/LjVXSoPwvb6iNyUp3 +apJ7AJ0cc1Xh4v4ie9zgirbxax21fRqIKpUB6QQ247XLEQQAgQyThl/Qv8cQlWTT ++jh8+nC+bzNz4plAIVfvRwFVT0FYk5xSq5GD0kMkX1s4zlPETtU6eQh8++O6Dm+o +/T++Mh9bsu/MhYOFLoVwVop4bgiiquCCFsCZAigRa9VPH7vGumOjXI6ogwNCphkS +azD5l3p15CaRRhxu/K1LzYvSDH8AoLoMzSC4f912QmVPgVD2Hly/p1ABBACA12YY +9bxVx4IvZZooyg4yaHBAaGpjf7WkMujsdUUQ+h7XwD2OUxEdZ+8ZvYTMxPjr9SCq +R/xPO9kYWtartb+3jmunk7jVhdDb5kkfeeX63kbDbkfCTSG+krSNhEfacwVH48pA +vaYNsD3gu8KUCSBfUxfiWtQbxtiPoWtsSe/OgAP7BxFLwDrHOfGGz5WyD8qdiXRB +7100U9jSElUbkzELIPL1ffZzGEdglIdu9Lj8stsWWg/5GHCff9Z4GOwvaW2zVqFe +9D5BDDv6o+uziFYllT81ISHVEaK26RobnN6Ac1MToImpeyGyEj0SLQ4INqGaGOIa +skDcfAo9mWQMw6TNrwr+BwMCQUUVllgNCNzUZi7YINDlwhj1tLE8IdDJ14WJ29TS +5BgjrBaMLDetvYvnYPwrpwh/ZIRUm0bg5/K2DQXYQLbuBE02u7QnWnVsdSBUZXN0 +IChkZW1vIGtleSkgPHp1bHVAZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjtcsDCwoD +AxUDAgMWAgECF4AACgkQa8R3gFSs0kZA6wCeJUyRzuFbsZ0uQulvpgOIRTLTKscA +oLd3InVEj20peTUQ5b2NOimSXnKxiFUEExECABUFAjbjtcsDCwoDAxUDAgMWAgEC +F4AACgkQa8R3gFSs0kZA6wCeOBSNOP3/J4LLMGDC7YWzVnYcH1oAoJh1THc6xw3d +CapVWt7enBljkaZInQHABDbjtfIQBADMfPDBQoMzv52Mmjb8SdaYKKNzqDd9K1oY +2hcMSi+LcHag+KJFOyKBf3SoHmcU/vCEN+LyTgljYSKDmEf4wZ2+eLfqFgSdBJp2 +xm55ih+9CHXg3dXx9SbHiGJCIxfJaIsnNz3VmJGPDDjBlaf/hjl/7SZvR+MJpVLF +PGjj7uOhTwADBQP/Sgv0abeCXVdVXwGEmhdV0VDo833IQRdRu1yt+QLnWRMGTY1o +QapsH6QLwYSZfDJlxbsBA3tfqKStpRSbdGNNTsK+RIehsGddi3sWGplRGm5Xt5Kp +kY/mc/tLFaYJNMqAgfWQcKlZHBp7EoWMgiRiDJUWq0TH1wRDoPaRc+H5Gdr+BwMC +RQr6jr/dSR7UxBJhvbow5H8f24gW0461q02MigdIzk00fAjc8xNZI9dN0HaICqif +tbbPCezutLGtXEb4rOhAttuMVswdGF8aerhA6lwVF8lbvLTOyf2HbLAgVs/zvEgy +LVHmXwNhoaLMcytlRL7ZpLA59C6mywH83OMYF+NHLsMRu5VwSF0ZHE3VMLb6APdI +J1qfpeQesrudHES5wb5OgX8TosiEeJ0RmEB8oU+/MIhGBBgRAgAGBQI247XyAAoJ +EGvEd4BUrNJGfWMAoLkanmwcz2xZ1l4zqp+7ngXY7AxAAJ9ONhd+kwCkBE4+SOGE +U2ofR3zHkQ== +=c9V4 -----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/gpg/seckey-1.asc b/tests/gpg/seckey-1.asc index 3934804..011061e 100644 --- a/tests/gpg/seckey-1.asc +++ b/tests/gpg/seckey-1.asc @@ -1,8 +1,7 @@ -----BEGIN PGP PRIVATE KEY BLOCK----- -Version: GnuPG v1.0.4b (GNU/Linux) -Comment: For info see http://www.gnupg.org +Version: GnuPG v2.1.0-gitb3c71eb (GNU/Linux) -lQHPBDo41NoRBADSfQazKGYf8nokq6zUKH/6INtV6MypSzSGmX2XErnARkIIPPYj +lQHpBDo41NoRBADSfQazKGYf8nokq6zUKH/6INtV6MypSzSGmX2XErnARkIIPPYj cQRQ8zCbGV7ZU2ezVbzhFLUSJveE8PZUzzCrLp1O2NSyBTRcR5HVSXW95nJfY8eV pOvZRAKul0BVLh81kYTsrfzaaCjh9VWNP26LoeN2r+PjZyktXe7gM3C4SwCgoTxK WUVi9HoT2HCLY7p7oig5hEcEALdCJal0UYomX3nJapIVLVZg3vkidr1RICYMb2vz @@ -10,21 +9,22 @@ WUVi9HoT2HCLY7p7oig5hEcEALdCJal0UYomX3nJapIVLVZg3vkidr1RICYMb2vz fnVXdmU8L/oVWABat8v1V7QQhjMMf+41fuzVwDMMGqjVPLhu4X6wp3A8uyM3YDnQ VMN1A/4n2G5gHoOvjqxn8Ch5tBAdMGfO8gH4RjQOwzm2R1wPQss/yzUN1+tlMZGX K2dQ2FCWC/hDUSNaEQRlI15wxxBNZ2RQwlzE2A8v113DpvyzOtv0QO95gJ1teCXC -7j/BN9asgHaBBc39JLO/TcpuI7Hf8PQ5VcP2F0UE3lczGhXbLP8DAwKVpe92I5n5 -JGBjXsTTnVLoJ1hrWTdbLvdbn882m5pHYeqFlvkqKYXJTf0mIzpEU0FfZmFjdG9y -OgAAr0JzPBwQoEmNI3YSC1MwimZ77bpvVKP9JiM6RFNBX2ZhY3RvcjoAAK9/fVBz -g73cYbgeNWbz2uITUwNd9KEN/SYjOkRTQV9mYWN0b3I6AACvWjjITYZwah6NiH6C -YgX52m55Dy5PX7Q/Sm9lIFJhbmRvbSBIYWNrZXIgKHRlc3Qga2V5IHdpdGggcGFz -c3BocmFzZSAieCIpIDxqb2VAc2V0cS5vcmc+iFcEExECABcFAjo41NoFCwcKAwQD -FQMCAxYCAQIXgAAKCRCvgiRPnNn9VXm9AKCFQ/t23GQnQEfnnAnvbRNfRo4zIQCb -BHwILsDBASB1rQzW68UA/XHze0WdAUYEOjjU3RAEAJ50lvtCGbnQlI97VX6tJkos -dPmdzeXaTWfv//A2wmSANbYnuychGMa1LN43Ew+H6FXMWJ3MB/exs6UBFCgGsw88 -qmcla2bosQN/aVLA7fqXT9ujqoNGaIVEmgdbK1MkSPFXBFyVW3hteod83D0UqFll -twp4A3ageCYFVJTp50d3AAMFA/44YCQQbg9x9JvzHX3VH7CRX+raEDkDL3Pbz0PH -as7bwI7gzZ+GFyNKaCvrHQOyuR8RIKIbjtQYnXr1675ConCTceIXhysY32sTn5V6 -UFUW2t0xaRfas8sZBbLDyIJkpt4fyD+6OaRoui9KZqXMNwt7i/XFIto/sWd/OK3S -IgZkAf8DAwKVpe92I5n5JGAHRuEKSSvGU+0my6zTf17bLWPpFPnICNJdaMfyx24Y -RZZa+nDpYrRznJ89vohGBBgRAgAGBQI6ONTeAAoJEK+CJE+c2f1V7iIAn0WsYyUV -Huz4ZZ/WxxN57Ku2Eqs9AJ9Klz9imzvZoUjuE9/Ihr0y56tVng== -=lKvj +7j/BN9asgHaBBc39JLO/TcpuI7Hf8PQ5VcP2F0UE3lczGhXbLP4HAwL0A7A1a/jY +6s5JxysLUpKA31U2SrKxePmkmzYSuAiValUVdfkmLRrLSwmNJSy5NcrBHGimja1O +fUUmPTg465j1+vD/tERKb2UgUmFuZG9tIEhhY2tlciAodGVzdCBrZXkgd2l0aCBw +YXNzcGhyYXNlICJhYmMiKSA8am9lQGV4YW1wbGUuY29tPohiBBMRAgAiBQJNt1ep +AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCvgiRPnNn9VRwIAJ9C9I+L +//3+AG/xJWsro7gOLIP6MACfcsSd8XXiPoyPCWpdOqiXZWBCfXKdAWAEOjjU3RAE +AJ50lvtCGbnQlI97VX6tJkosdPmdzeXaTWfv//A2wmSANbYnuychGMa1LN43Ew+H +6FXMWJ3MB/exs6UBFCgGsw88qmcla2bosQN/aVLA7fqXT9ujqoNGaIVEmgdbK1Mk +SPFXBFyVW3hteod83D0UqFlltwp4A3ageCYFVJTp50d3AAMFA/44YCQQbg9x9Jvz +HX3VH7CRX+raEDkDL3Pbz0PHas7bwI7gzZ+GFyNKaCvrHQOyuR8RIKIbjtQYnXr1 +675ConCTceIXhysY32sTn5V6UFUW2t0xaRfas8sZBbLDyIJkpt4fyD+6OaRoui9K +ZqXMNwt7i/XFIto/sWd/OK3SIgZkAf4HAwIoimqPHVJZM85dNw6JtvLKFvvmkm3X +uoCUG5nU6cgk6vetUYiykuKpU4zG3mDtdZdIZf76hJJ6lZTSHH9frLy7bRYPfu/k +U1AFd1T1OxENiEYEGBECAAYFAjo41N0ACgkQr4IkT5zZ/VVUmgCffq49ZSEJ0Zdt +IvEaJth8G3t63vUAn0mBZ5GVMNMihdg3wn6qw83RgLG2iEYEGBECAAYFAjo41N4A +CgkQr4IkT5zZ/VXuIgCfRaxjJRUe7Phln9bHE3nsq7YSqz0An0qXP2KbO9mhSO4T +38iGvTLnq1We +=m0YJ -----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/gpg/t-encrypt-sign.c b/tests/gpg/t-encrypt-sign.c index 9da5ff0..9d00340 100644 --- a/tests/gpg/t-encrypt-sign.c +++ b/tests/gpg/t-encrypt-sign.c @@ -60,7 +60,8 @@ check_result (gpgme_sign_result_t result, gpgme_sig_mode_t type) result->signatures->pubkey_algo); exit (1); } - if (result->signatures->hash_algo != GPGME_MD_SHA1) + if (result->signatures->hash_algo != GPGME_MD_SHA1 + && result->signatures->hash_algo != GPGME_MD_RMD160) { fprintf (stderr, "Wrong hash algorithm reported: %i\n", result->signatures->hash_algo); diff --git a/tests/gpg/t-import.c b/tests/gpg/t-import.c index db5f925..2324817 100644 --- a/tests/gpg/t-import.c +++ b/tests/gpg/t-import.c @@ -38,7 +38,7 @@ void check_result (gpgme_import_result_t result, char *fpr, int secret) { - if (result->considered != 1) + if (result->considered != 1 && (secret && result->considered != 3)) { fprintf (stderr, "Unexpected number of considered keys %i\n", result->considered); @@ -63,7 +63,7 @@ check_result (gpgme_import_result_t result, char *fpr, int secret) result->imported_rsa); exit (1); } - if ((secret && result->unchanged != 0) + if ((secret && (result->unchanged != 0 && result->unchanged != 1)) || (!secret && ((result->imported == 0 && result->unchanged != 1) || (result->imported == 1 && result->unchanged != 0)))) { @@ -101,7 +101,7 @@ check_result (gpgme_import_result_t result, char *fpr, int secret) result->new_revocations); exit (1); } - if ((secret && result->secret_read != 1) + if ((secret && result->secret_read != 1 && result->secret_read != 3) || (!secret && result->secret_read != 0)) { fprintf (stderr, "Unexpected number of secret keys read %i\n", @@ -116,7 +116,8 @@ check_result (gpgme_import_result_t result, char *fpr, int secret) exit (1); } if ((secret - && ((result->secret_imported == 0 && result->secret_unchanged != 1) + && ((result->secret_imported == 0 && result->secret_unchanged != 1 + && result->secret_unchanged != 2) || (result->secret_imported == 1 && result->secret_unchanged != 0))) || (!secret && result->secret_unchanged != 0)) { diff --git a/tests/gpg/t-keylist.c b/tests/gpg/t-keylist.c index e536b47..2c04935 100644 --- a/tests/gpg/t-keylist.c +++ b/tests/gpg/t-keylist.c @@ -115,8 +115,8 @@ struct key_info_s keys[] = { "23FD347A419429BACCD5E72D6BC4778054ACD246", "EF9DC276A172C881", { { "Zulu Test", "demo key", "zulu at example.net" } }, 1 }, { "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", "087DD7E0381701C4", - { { "Joe Random Hacker", "test key with passphrase \"x\"", - "joe at setq.org" } }, 1 }, + { { "Joe Random Hacker", "test key with passphrase \"abc\"", + "joe at example.com" } }, 1 }, { NULL } }; @@ -169,11 +169,14 @@ main (int argc, char **argv) fprintf (stderr, "Key unexpectedly invalid\n"); exit (1); } +#if 0 + /* GnuPG 2.1+ have a different subkey for encryption. */ if (!key->can_encrypt) { fprintf (stderr, "Key unexpectedly unusable for encryption\n"); exit (1); } +#endif if (!key->can_sign) { fprintf (stderr, "Key unexpectedly unusable for signing\n"); ----------------------------------------------------------------------- Summary of changes: tests/ChangeLog | 19 ++ tests/gpg/Makefile.am | 24 +- tests/gpg/pubkey-1.asc | 30 +- tests/gpg/secdemo.asc | 741 +++---------------------------------------- tests/gpg/seckey-1.asc | 40 ++-- tests/gpg/t-encrypt-sign.c | 3 +- tests/gpg/t-import.c | 9 +- tests/gpg/t-keylist.c | 7 +- 8 files changed, 127 insertions(+), 746 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 28 11:21:49 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 28 Apr 2011 11:21:49 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-50-g25f292e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 25f292ed891a251a296d9af9b1566ffffe5d4582 (commit) from 817f07173cda59565c179bde6c3edcf2508bbc98 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 25f292ed891a251a296d9af9b1566ffffe5d4582 Author: Werner Koch Date: Thu Apr 28 10:51:14 2011 +0200 Removed memory leak in the ECDH code. diff --git a/g10/ChangeLog b/g10/ChangeLog index 86c9b98..bd53799 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2011-04-28 Werner Koch + + * ecdh.c (pk_ecdh_encrypt_with_shared_point): Remove memory leak + of SECRET_X in the error case. Replace an assert by an error + return. + 2011-04-26 Werner Koch * export.c (transfer_format_to_openpgp): Do not apply diff --git a/g10/ecdh.c b/g10/ecdh.c index f97667a..8b1949c 100644 --- a/g10/ecdh.c +++ b/g10/ecdh.c @@ -86,16 +86,10 @@ pk_ecdh_default_params (unsigned int qbits) /* Encrypts/decrypts DATA using a key derived from the ECC shared point SHARED_MPI using the FIPS SP 800-56A compliant method key_derivation+key_wrapping. If IS_ENCRYPT is true the function - encrypts; if false, it decrypts. On success the result is stored - at R_RESULT; on failure NULL is stored at R_RESULT and an error - code returned. - - FIXME: explain PKEY and PK_FP. - */ - -/* - TODO: memory leaks (x_secret). -*/ + encrypts; if false, it decrypts. PKEY is the public key and PK_FP + the fingerprint of this public key. On success the result is + stored at R_RESULT; on failure NULL is stored at R_RESULT and an + error code returned. */ gpg_error_t pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, const byte pk_fp[MAX_FINGERPRINT_LEN], @@ -157,7 +151,10 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, * a KEK. */ if (!gcry_mpi_get_flag (pkey[2], GCRYMPI_FLAG_OPAQUE)) - return GPG_ERR_BUG; + { + xfree (secret_x); + return gpg_error (GPG_ERR_BUG); + } kek_params = gcry_mpi_get_opaque (pkey[2], &nbits); kek_params_size = (nbits+7)/8; @@ -166,7 +163,10 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, /* Expect 4 bytes 03 01 hash_alg symm_alg. */ if (kek_params_size != 4 || kek_params[0] != 3 || kek_params[1] != 1) - return GPG_ERR_BAD_PUBKEY; + { + xfree (secret_x); + return gpg_error (GPG_ERR_BAD_PUBKEY); + } kdf_hash_algo = kek_params[2]; kdf_encr_algo = kek_params[3]; @@ -179,11 +179,17 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, if (kdf_hash_algo != GCRY_MD_SHA256 && kdf_hash_algo != GCRY_MD_SHA384 && kdf_hash_algo != GCRY_MD_SHA512) - return GPG_ERR_BAD_PUBKEY; + { + xfree (secret_x); + return gpg_error (GPG_ERR_BAD_PUBKEY); + } if (kdf_encr_algo != GCRY_CIPHER_AES128 && kdf_encr_algo != GCRY_CIPHER_AES192 && kdf_encr_algo != GCRY_CIPHER_AES256) - return GPG_ERR_BAD_PUBKEY; + { + xfree (secret_x); + return gpg_error (GPG_ERR_BAD_PUBKEY); + } /* Build kdf_params. */ { @@ -204,7 +210,10 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, message_size = iobuf_temp_to_buffer (obuf, message, sizeof message); iobuf_close (obuf); if (err) - return err; + { + xfree (secret_x); + return err; + } if(DBG_CIPHER) log_printhex ("ecdh KDF message params are:", message, message_size); @@ -216,9 +225,13 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, int old_size; err = gcry_md_open (&h, kdf_hash_algo, 0); - if(err) - log_bug ("gcry_md_open failed for algo %d: %s", - kdf_hash_algo, gpg_strerror (err)); + if (err) + { + log_error ("gcry_md_open failed for kdf_hash_algo %d: %s", + kdf_hash_algo, gpg_strerror (err)); + xfree (secret_x); + return err; + } gcry_md_write(h, "\x00\x00\x00\x01", 4); /* counter = 1 */ gcry_md_write(h, secret_x, secret_x_size); /* x of the point X */ gcry_md_write(h, message, message_size);/* KDF parameters */ @@ -257,11 +270,13 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, { log_error ("ecdh failed to initialize AESWRAP: %s\n", gpg_strerror (err)); + xfree (secret_x); return err; } err = gcry_cipher_setkey (hd, secret_x, secret_x_size); - xfree( secret_x ); + xfree (secret_x); + secret_x = NULL; if (err) { gcry_cipher_close (hd); @@ -271,13 +286,19 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, } data_buf_size = (gcry_mpi_get_nbits(data)+7)/8; - assert ((data_buf_size & 7) == (is_encrypt ? 0 : 1)); + if ((data_buf_size & 7) != (is_encrypt ? 0 : 1)) + { + log_error ("can't use a shared secret of %d bytes for ecdh\n", + data_buf_size); + return gpg_error (GPG_ERR_BAD_DATA); + } data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8); if (!data_buf) { + err = gpg_error_from_syserror (); gcry_cipher_close (hd); - return GPG_ERR_ENOMEM; + return err; } if (is_encrypt) @@ -300,7 +321,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, log_printhex ("ecdh encrypting :", in, data_buf_size ); err = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8, - in, data_buf_size); + in, data_buf_size); memset (in, 0, data_buf_size); gcry_cipher_close (hd); if (err) @@ -313,7 +334,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, data_buf[0] = data_buf_size+8; if (DBG_CIPHER) - log_printhex ("ecdh encrypted to:", data_buf+1, data_buf[0] ); + log_printhex ("ecdh encrypted to:", data_buf+1, data_buf[0] ); result = gcry_mpi_set_opaque (NULL, data_buf, 8 * (1+data_buf[0])); if (!result) @@ -337,15 +358,15 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, if (!p || nbytes > data_buf_size || !nbytes) { xfree (data_buf); - return GPG_ERR_BAD_MPI; + return gpg_error (GPG_ERR_BAD_MPI); } memcpy (data_buf, p, nbytes); if (data_buf[0] != nbytes-1) - { - log_error ("ecdh inconsistent size\n"); - xfree (data_buf); - return GPG_ERR_BAD_MPI; - } + { + log_error ("ecdh inconsistent size\n"); + xfree (data_buf); + return gpg_error (GPG_ERR_BAD_MPI); + } in = data_buf+data_buf_size; data_buf_size = data_buf[0]; @@ -371,9 +392,9 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, /* Padding is removed later. */ /* if (in[data_buf_size-1] > 8 ) */ /* { */ - /* log_error("ecdh failed at decryption: invalid padding. %02x > 8\n", */ - /* in[data_buf_size-1] ); */ - /* return GPG_ERR_BAD_KEY; */ + /* log_error ("ecdh failed at decryption: invalid padding." */ + /* " 0x%02x > 8\n", in[data_buf_size-1] ); */ + /* return gpg_error (GPG_ERR_BAD_KEY); */ /* } */ err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, in, data_buf_size, NULL); ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 6 ++++ g10/ecdh.c | 85 +++++++++++++++++++++++++++++++++++--------------------- 2 files changed, 59 insertions(+), 32 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 29 10:50:55 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 29 Apr 2011 10:50:55 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-35-gce98524 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via ce98524554cae68b90c0b0e67026006ac529065a (commit) from 1226772ffd37382f549df89c1425d272d4ad7aac (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ce98524554cae68b90c0b0e67026006ac529065a Author: Werner Koch Date: Fri Apr 29 10:16:58 2011 +0200 Do not use pth functions after pth_kill. Fixes bug#1320. Fabian Keil found the reason for a SIGBUS: In the "gpg-agent --daemon" case, main() calls pth_kill() after the client has been forked, so when es_deinit() is called on exit, acquiring the estream_list_lock seems to cause pth to dereference a pointer located in a memory region that has previously been free()'d. My approach to fix it is different than his suggestion. It should allow to continue all estream operations after a pth_kill except for restarting pth. diff --git a/agent/ChangeLog b/agent/ChangeLog index 1ca86bd..90bf76e 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,7 @@ +2011-04-29 Werner Koch + + * gpg-agent.c (main): s/pth_kill/es_pth_kill/. + 2010-11-11 Werner Koch * agent.h (opt): Add field SIGUSR2_ENABLED. @@ -211,7 +215,7 @@ * trustlist.c: Include estream.h. (agent_marktrusted): Replace stdio stream by estream functions. - * protect-tool.c (store_private_key): Use bin2hex. + * protect-tool.c (store_private_key): Use bin2hex. 2009-06-02 Werner Koch @@ -225,7 +229,7 @@ 2009-05-15 Werner Koch Fix bug #1053. - + * agent.h (lookup_ttl_t): New. * findkey.c (unprotect): Add arg LOOKUP_TTL. (agent_key_from_file): Ditto. @@ -303,7 +307,7 @@ (agent_istrusted): Add arg R_DISABLED. Change all callers. (agent_marktrusted): Do not ask if flagged as disabled. Reverse the order of the questions. Store the disabled flag. - + * gpg-agent.c (main): Save signal mask and open fds. Restore mask and close all fds prior to the exec. Fixes bug#1013. @@ -414,11 +418,11 @@ * command.c (cmd_geteventcounter): Mark unused arg. (cmd_listtrusted, cmd_pksign, cmd_pkdecrypt, cmd_genkey): Ditto. (cmd_updatestartuptty, post_cmd_notify): Ditto. - * command-ssh.c (add_control_entry) - (ssh_handler_request_identities, ssh_handler_remove_identity) - (ssh_handler_remove_all_identities, ssh_handler_lock) + * command-ssh.c (add_control_entry) + (ssh_handler_request_identities, ssh_handler_remove_identity) + (ssh_handler_remove_all_identities, ssh_handler_lock) (ssh_handler_unlock): Ditto. - * call-pinentry.c (pinentry_active_p, popup_message_thread) + * call-pinentry.c (pinentry_active_p, popup_message_thread) (agent_popup_message_stop): Ditto. * findkey.c (agent_public_key_from_file): Ditto. * genkey.c (check_passphrase_pattern): Ditto. @@ -537,7 +541,7 @@ * agent.h (struct server_control_s): Add XAUTHORITY and PINENTRY_USER_DATA. * gpg-agent.c: New option --xauthority. - (main, agent_init_default_ctrl) + (main, agent_init_default_ctrl) (agent_deinit_default_ctrl): Implemented * command.c (cmd_updatestartuptty): Ditto. * command-ssh.c (start_command_handler_ssh): Ditto. @@ -697,7 +701,7 @@ 2007-06-21 Werner Koch - * agent.h (ctrl_t): Remove. It is now declared in ../common/util.h. + * agent.h (ctrl_t): Remove. It is now declared in ../common/util.h. * gpg-agent.c (check_for_running_agent): New arg SILENT. Changed all callers. @@ -730,7 +734,7 @@ * preset-passphrase.c (main): Setup default socket name for simple-pwquery. (map_spwq_error): Remove. - (MAP_SPWQ_ERROR_IMPL): New. + (MAP_SPWQ_ERROR_IMPL): New. * call-pinentry.c (start_pinentry): Use gnupg_module_name. * call-scd.c (start_scd): Ditto. @@ -792,7 +796,7 @@ (main): Call the setup_libgcrypt_logging helper. * protect-tool.c (my_gcry_logger): Removed. (main): Call the setup_libgcrypt_logging helper. - + 2007-04-03 Werner Koch * trustlist.c (read_trustfiles): Take a missing trustlist as an @@ -800,7 +804,7 @@ 2007-03-20 Werner Koch - * protect-tool.c: New option --p12-charset. + * protect-tool.c: New option --p12-charset. * minip12.c (p12_build): Implement it. 2007-03-19 Werner Koch @@ -835,7 +839,7 @@ 2007-01-31 Werner Koch - * command-ssh.c (start_command_handler_ssh): + * command-ssh.c (start_command_handler_ssh): * Makefile.am (t_common_ldadd): Add LIBICONV. @@ -963,7 +967,7 @@ (agent_pksign_do): Use it here for the TLS algo. * agent.h (GCRY_MD_USER_TLS_MD5SHA1): New. * divert-scd.c (pksign): Add case for tls-md5sha1. - + * divert-scd.c (encode_md_for_card): Check that the algo is valid. 2006-10-04 Werner Koch @@ -1033,7 +1037,7 @@ Replaced all Assuan error codes by libgpg-error codes. Removed all map_to_assuan_status and map_assuan_err. - + * gpg-agent.c (main): Call assuan_set_assuan_err_source to have Assuan switch to gpg-error codes. * command.c (set_error): Adjusted. @@ -1077,7 +1081,7 @@ * minip12.c (oid_pkcs_12_keyBag): New. (parse_bag_encrypted_data): New arg R_RESULT. Support keybags and - return the key object. + return the key object. (p12_parse): Take new arg into account. Free RESULT on error. 2006-06-26 Werner Koch @@ -1145,7 +1149,7 @@ * call-scd.c (inq_needpin): Reworked to support the new KEYPADINFO. * query.c (start_pinentry): Keep track of the owner. - (popup_message_thread, agent_popup_message_start) + (popup_message_thread, agent_popup_message_start) (agent_popup_message_stop, agent_reset_query): New. * command.c (start_command_handler): Make sure a popup window gets closed. @@ -1196,7 +1200,7 @@ 2005-06-21 Werner Koch - * minip12.c (create_final): Cast size_t to ulong for printf. + * minip12.c (create_final): Cast size_t to ulong for printf. (build_key_bag, build_cert_bag, build_cert_sequence): Ditto. 2005-06-16 Werner Koch @@ -1211,7 +1215,7 @@ * protect.c (do_encryption): Ditto. (do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT and RESULTLEN even on error. - (merge_lists): Need to cast unsigned char * for strcpy. Initialize + (merge_lists): Need to cast unsigned char * for strcpy. Initialize RESULTand RESULTLEN even on error. (agent_unprotect): Likewise for strtoul. (make_shadow_info): Made P and INFO plain char. @@ -1271,7 +1275,7 @@ * command.c (cmd_updatestartuptty): New. * gpg-agent.c: New option --write-env-file. - + * gpg-agent.c (handle_connections): Make sure that the signals we are handling are not blocked.Block signals while creating new threads. @@ -1541,8 +1545,8 @@ (make_cstring): Ditto. (data_sign): Don't use a variable for the passphrase prompt, make it translatable. - (ssh_request_process): - + (ssh_request_process): + * findkey.c (modify_description): Renamed arguments for clarity, polished documentation. Make comment a C-string. Fixed case of @@ -1668,7 +1672,7 @@ 2004-12-21 Werner Koch * gpg-agent.c (main): Use default_homedir(). - * protect-tool.c (main): Ditto. + * protect-tool.c (main): Ditto. 2004-12-20 Werner Koch @@ -1694,7 +1698,7 @@ * query.c (initialize_module_query): New. * call-scd.c (initialize_module_call_scd): New. * gpg-agent.c (main): Call them. - + 2004-12-18 Werner Koch * gpg-agent.c (main): Remove special Pth initialize. @@ -1746,10 +1750,10 @@ to Moritz for pointing this out. 2004-09-25 Moritz Schulte - + * agent.h: Declare: agent_pksign_do. (struct server_control_s): New member: raw_value. - + * pksign.c (do_encode_md): New argument: raw_value; support generation of raw (non-pkcs1) data objects; adjust callers. (agent_pksign_do): New function, based on code ripped @@ -1757,7 +1761,7 @@ (agent_pksign): Use agent_pksign_do. * command.c (start_command_handler): Set ctrl.digest.raw_value. - + 2004-09-09 Werner Koch * gpg-agent.c (check_for_running_agent): New. @@ -1798,14 +1802,14 @@ * gpg-agent.c (handle_signal): Reload the trustlist on SIGHUP. (start_connection_thread): Hack to simulate a ticker. - * trustlist.c (agent_trustlist_housekeeping) + * trustlist.c (agent_trustlist_housekeeping) (agent_reload_trustlist): New. Protected all global functions here with a simple counter which is sufficient for Pth. 2004-05-03 Werner Koch * gpg-agent.c: Remove help texts for options lile --lc-ctype. - (main): New option --allow-mark-trusted. + (main): New option --allow-mark-trusted. * trustlist.c (agent_marktrusted): Use it here. 2004-04-30 Werner Koch @@ -1878,7 +1882,7 @@ string. Changed all callers. * minip12.c: Revamped the build part. - (p12_build): New args CERT and CERTLEN. + (p12_build): New args CERT and CERTLEN. 2004-02-18 Werner Koch @@ -1972,7 +1976,7 @@ * findkey.c (agent_key_from_file): Now return an error code so that we have more detailed error messages in the upper layers. - This fixes the handling of pinentry's cancel button. + This fixes the handling of pinentry's cancel button. * pksign.c (agent_pksign): Changed accordingly. * pkdecrypt.c (agent_pkdecrypt): Ditto. * command.c (cmd_passwd): Ditto. @@ -1999,12 +2003,12 @@ * pksign.c (do_encode_md): Allocate enough space. Cast md byte to unsigned char to prevent sign extension. - + 2003-08-14 Timo Schulz * pksign.c (do_encode_md): Due to the fact pkcs#1 padding is now in Libgcrypt, use the new interface. - + 2003-07-31 Werner Koch * Makefile.am (gpg_agent_LDADD): Added INTLLIBS. @@ -2054,7 +2058,7 @@ * gpg-agent.c (handle_connections): Adjusted for Pth 2.0 Adjusted for changes in the libgcrypt API. Some more fixes for the - libgpg-error stuff. + libgpg-error stuff. 2003-06-04 Werner Koch @@ -2133,11 +2137,11 @@ (agent_askpin,agent_get_passphrase,agent_get_confirmation): Add CTRL arg and pass it ot start_pinentry. * command.c (cmd_get_passphrase): Pass CTRL argument. - * trustlist.c (agent_marktrusted): Add CTRL argument + * trustlist.c (agent_marktrusted): Add CTRL argument * command.c (cmd_marktrusted): Pass CTRL argument - * divert-scd.c (ask_for_card): Add CTRL arg. + * divert-scd.c (ask_for_card): Add CTRL arg. (divert_pksign,divert_pkdecrypt): Ditto. Changed caller. - (getpin_cb): Use OPAQUE to pass the CTRL variable. Changed both + (getpin_cb): Use OPAQUE to pass the CTRL variable. Changed both users. * findkey.c (unprotect): Add CTRL arg. (agent_key_from_file): Ditto. @@ -2372,7 +2376,7 @@ convert it to hex here. * findkey.c (agent_write_private_key): New. * genkey.c (store_key): And use it here. - + * pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done. * divert-scd.c (divert_pkdecrypt): Changed interface and implemented it. @@ -2402,7 +2406,7 @@ * protect.c (snext,sskip,smatch): Moved to * sexp-parse.h: New file. * divert-scd.c: New. - + 2002-02-27 Werner Koch * protect.c (agent_shadow_key): New. @@ -2430,7 +2434,7 @@ * gpg-agent.c: New option --default-cache-ttl. * cache.c (agent_put_cache): Use it. - + * cache.c: Add a few debug outputs. * protect.c (agent_private_key_type): New. @@ -2438,10 +2442,10 @@ * findkey.c (agent_key_from_file): Use it to decide whether we have to unprotect a key. (unprotect): Cache the passphrase. - + * findkey.c (agent_key_from_file,agent_key_available): The key files do now require a ".key" suffix to make a script's life - easier. + easier. * genkey.c (store_key): Ditto. 2002-01-31 Werner Koch @@ -2449,11 +2453,11 @@ * genkey.c (store_key): Protect the key. (agent_genkey): Ask for the passphrase. * findkey.c (unprotect): Actually unprotect the key. - * query.c (agent_askpin): Add an optional start_err_text. + * query.c (agent_askpin): Add an optional start_err_text. 2002-01-30 Werner Koch - * protect.c: New. + * protect.c: New. (hash_passphrase): Based on the GnuPG 1.0.6 version. * protect-tool.c: New @@ -2507,10 +2511,10 @@ * command.c (rc_to_assuan_status): Removed and changed all callers to use map_to_assuan_status. - + 2001-12-19 Werner Koch - * keyformat.txt: New. + * keyformat.txt: New. 2001-12-19 Marcus Brinkmann diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 7671a51..d9f4f02 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -50,7 +50,7 @@ #include "gc-opt-flags.h" #include "exechelp.h" -enum cmd_and_opt_values +enum cmd_and_opt_values { aNull = 0, oCsh = 'c', oQuiet = 'q', @@ -115,8 +115,8 @@ static ARGPARSE_OPTS opts[] = { { aGPGConfList, "gpgconf-list", 256, "@" }, { aGPGConfTest, "gpgconf-test", 256, "@" }, - { aUseStandardSocketP, "use-standard-socket-p", 256, "@" }, - + { aUseStandardSocketP, "use-standard-socket-p", 256, "@" }, + { 301, NULL, 0, N_("@Options:\n ") }, { oServer, "server", 0, N_("run in server mode (foreground)") }, @@ -145,7 +145,7 @@ static ARGPARSE_OPTS opts[] = { { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */ { oBatch, "batch", 0, "@" }, - { oHomedir, "homedir", 2, "@"}, + { oHomedir, "homedir", 2, "@"}, { oDisplay, "display", 2, "@" }, { oTTYname, "ttyname", 2, "@" }, @@ -187,8 +187,8 @@ static ARGPARSE_OPTS opts[] = { #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */ #define MAX_CACHE_TTL (120*60) /* 2 hours */ #define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */ -#define MIN_PASSPHRASE_LEN (8) -#define MIN_PASSPHRASE_NONALPHA (1) +#define MIN_PASSPHRASE_LEN (8) +#define MIN_PASSPHRASE_NONALPHA (1) #define MAX_PASSPHRASE_DAYS (0) /* The timer tick used for housekeeping stuff. For Windows we use a @@ -257,11 +257,11 @@ static pid_t parent_pid = (pid_t)(-1); /* - Local prototypes. + Local prototypes. */ static char *create_socket_name (char *standard_name, char *template); -static gnupg_fd_t create_server_socket (char *name, int is_ssh, +static gnupg_fd_t create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce); static void create_directories (void); @@ -293,7 +293,7 @@ static unsigned long pth_thread_id (void) /* - Functions. + Functions. */ static char * @@ -301,7 +301,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*)) { const char *s; char *result; - + if (maybe_setuid) { gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ @@ -343,7 +343,7 @@ my_strusage (int level) case 41: p = _("Syntax: gpg-agent [options] [command [args]]\n" "Secret key management for GnuPG\n"); break; - + default: p = NULL; } return p; @@ -380,7 +380,7 @@ set_debug (void) /* Unless the "guru" string has been used we don't want to allow hashing debugging. The rationale is that people tend to select the highest debug value and would then clutter their - disk with debug files which may reveal confidential data. */ + disk with debug files which may reveal confidential data. */ if (numok) opt.debug &= ~(DBG_HASHING_VALUE); } @@ -404,16 +404,16 @@ set_debug (void) if (opt.debug) log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n", - (opt.debug & DBG_COMMAND_VALUE)? " command":"", - (opt.debug & DBG_MPI_VALUE )? " mpi":"", - (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", - (opt.debug & DBG_MEMORY_VALUE )? " memory":"", - (opt.debug & DBG_CACHE_VALUE )? " cache":"", - (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", - (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_COMMAND_VALUE)? " command":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } - + /* Helper for cleanup to remove one socket with NAME. */ static void @@ -433,7 +433,7 @@ remove_socket (char *name) } *name = 0; } -} +} static void cleanup (void) @@ -501,7 +501,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) break; case oNoGrab: opt.no_grab = 1; break; - + case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break; case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break; case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break; @@ -511,19 +511,19 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break; case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break; case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break; - - case oEnforcePassphraseConstraints: + + case oEnforcePassphraseConstraints: opt.enforce_passphrase_constraints=1; break; case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break; - case oMinPassphraseNonalpha: + case oMinPassphraseNonalpha: opt.min_passphrase_nonalpha = pargs->r.ret_ulong; break; case oCheckPassphrasePattern: opt.check_passphrase_pattern = pargs->r.ret_str; break; case oMaxPassphraseDays: - opt.max_passphrase_days = pargs->r.ret_ulong; + opt.max_passphrase_days = pargs->r.ret_ulong; break; case oEnablePassphraseHistory: opt.enable_passhrase_history = 1; @@ -585,7 +585,7 @@ main (int argc, char **argv ) /* Please note that we may running SUID(ROOT), so be very CAREFUL when adding any stuff between here and the call to INIT_SECMEM() somewhere after the option parsing */ - log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID); + log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID); /* Make sure that our subsystems are ready. */ i18n_init (); @@ -631,7 +631,7 @@ main (int argc, char **argv ) opt.use_standard_socket = 1; /* Under Windows we always use a standard socket. */ #endif - + shell = getenv ("SHELL"); if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) csh_style = 1; @@ -642,7 +642,7 @@ main (int argc, char **argv ) { const char *s; int idx; - static const char *names[] = + static const char *names[] = { "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL }; err = 0; @@ -664,10 +664,10 @@ main (int argc, char **argv ) if (err) log_fatal ("error recording startup environment: %s\n", gpg_strerror (err)); - + /* Fixme: Better use the locale function here. */ opt.startup_lc_ctype = getenv ("LC_CTYPE"); - if (opt.startup_lc_ctype) + if (opt.startup_lc_ctype) opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype); opt.startup_lc_messages = getenv ("LC_MESSAGES"); if (opt.startup_lc_messages) @@ -700,13 +700,13 @@ main (int argc, char **argv ) gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0); maybe_setuid = 0; - /* - Now we are now working under our real uid + /* + Now we are now working under our real uid */ if (default_config) configname = make_filename (opt.homedir, "gpg-agent.conf", NULL ); - + argc = orig_argc; argv = orig_argv; pargs.argc = &argc; @@ -737,7 +737,7 @@ main (int argc, char **argv ) configname, strerror(errno) ); exit(2); } - xfree (configname); + xfree (configname); configname = NULL; } if (parse_debug && configname ) @@ -791,7 +791,7 @@ main (int argc, char **argv ) case oFakedSystemTime: { - time_t faked_time = isotime2epoch (pargs.r.ret_str); + time_t faked_time = isotime2epoch (pargs.r.ret_str); if (faked_time == (time_t)(-1)) faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10); gnupg_set_time (faked_time, 0); @@ -825,7 +825,7 @@ main (int argc, char **argv ) configname = NULL; goto next_pass; } - + xfree (configname); configname = NULL; if (log_get_errorcount(0)) @@ -846,7 +846,7 @@ main (int argc, char **argv ) #endif set_debug (); - + if (atexit (cleanup)) { log_error ("atexit failed\n"); @@ -857,7 +857,7 @@ main (int argc, char **argv ) initialize_module_call_pinentry (); initialize_module_call_scd (); initialize_module_trustlist (); - + /* Try to create missing directories. */ create_directories (); @@ -868,7 +868,7 @@ main (int argc, char **argv ) gnupg_sleep (debug_wait); log_debug ("... okay\n"); } - + if (gpgconf_list == 3) agent_exit (!opt.use_standard_socket); if (gpgconf_list == 2) @@ -903,21 +903,21 @@ main (int argc, char **argv ) GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL ); printf ("max-cache-ttl-ssh:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH ); - printf ("enforce-passphrase-constraints:%lu:\n", + printf ("enforce-passphrase-constraints:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); printf ("min-passphrase-len:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN ); printf ("min-passphrase-nonalpha:%lu:%d:\n", - GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_NONALPHA); printf ("check-passphrase-pattern:%lu:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); printf ("max-passphrase-days:%lu:%d:\n", - GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_PASSPHRASE_DAYS); - printf ("enable-passphrase-history:%lu:\n", + printf ("enable-passphrase-history:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - printf ("no-grab:%lu:\n", + printf ("no-grab:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); printf ("ignore-cache-for-signing:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); @@ -934,11 +934,11 @@ main (int argc, char **argv ) don't clobber a logfile but print it directly to stderr. */ if (!pipe_server && !is_daemon) { - log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); + log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); check_for_running_agent (0, 0); agent_exit (0); } - + #ifdef ENABLE_NLS /* gpg-agent usually does not output any messages because it runs in the background. For log files it is acceptable to have messages @@ -970,7 +970,7 @@ main (int argc, char **argv ) if (pipe_server) - { + { /* This is the simple pipe based server */ ctrl_t ctrl; @@ -1015,10 +1015,10 @@ main (int argc, char **argv ) /* Create the sockets. */ - socket_name = create_socket_name + socket_name = create_socket_name ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); if (opt.ssh_support) - socket_name_ssh = create_socket_name + socket_name_ssh = create_socket_name ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); fd = create_server_socket (socket_name, 0, &socket_nonce); @@ -1039,12 +1039,12 @@ main (int argc, char **argv ) printf ("set GPG_AGENT_INFO=%s;%lu;1\n", socket_name, (ulong)pid); #else /*!HAVE_W32_SYSTEM*/ pid = fork (); - if (pid == (pid_t)-1) + if (pid == (pid_t)-1) { log_fatal ("fork failed: %s\n", strerror (errno) ); exit (1); } - else if (pid) + else if (pid) { /* We are the parent */ char *infostr, *infostr_ssh_sock, *infostr_ssh_pid; @@ -1060,10 +1060,12 @@ main (int argc, char **argv ) with the signal mask the signal mask might not be correct right now and thus we restore it. That is not strictly necessary but some programs falsely assume a cleared - signal mask. */ - if ( !pth_kill () ) + signal mask. es_pth_kill is a wrapper around pth_kill to + take care not to use any Pth functions in the estream + code after Pth has been killed. */ + if ( !es_pth_kill () ) log_error ("pth_kill failed in forked process\n"); - + #ifdef HAVE_SIGPROCMASK if (startup_signal_mask_valid) { @@ -1073,7 +1075,7 @@ main (int argc, char **argv ) } else log_info ("no saved signal mask\n"); -#endif /*HAVE_SIGPROCMASK*/ +#endif /*HAVE_SIGPROCMASK*/ /* Create the info string: :: */ if (asprintf (&infostr, "GPG_AGENT_INFO=%s:%lu:1", @@ -1109,7 +1111,7 @@ main (int argc, char **argv ) if (env_file_name) { FILE *fp; - + fp = fopen (env_file_name, "w"); if (!fp) log_error (_("error creating `%s': %s\n"), @@ -1130,7 +1132,7 @@ main (int argc, char **argv ) } - if (argc) + if (argc) { /* Run the program given on the commandline. */ if (putenv (infostr)) { @@ -1191,29 +1193,29 @@ main (int argc, char **argv ) printf ("%s; export SSH_AGENT_PID;\n", infostr_ssh_pid); } } - xfree (infostr); + xfree (infostr); if (opt.ssh_support) { xfree (infostr_ssh_sock); xfree (infostr_ssh_pid); } - exit (0); + exit (0); } /*NOTREACHED*/ } /* End parent */ - /* + /* This is the child */ /* Detach from tty and put process into a new session */ if (!nodetach ) - { + { int i; unsigned int oldflags; /* Close stdin, stdout and stderr unless it is the log stream */ - for (i=0; i <= 2; i++) + for (i=0; i <= 2; i++) { if (!log_test_fd (i) && i != fd ) { @@ -1247,7 +1249,7 @@ main (int argc, char **argv ) { struct sigaction sa; - + sa.sa_handler = SIG_IGN; sigemptyset (&sa.sa_mask); sa.sa_flags = 0; @@ -1259,7 +1261,7 @@ main (int argc, char **argv ) handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD); assuan_sock_close (fd); } - + return 0; } @@ -1295,11 +1297,11 @@ agent_init_default_ctrl (ctrl_t ctrl) session_env_setenv (ctrl->session_env, "TERM", default_ttytype); session_env_setenv (ctrl->session_env, "XAUTHORITY", default_xauthority); session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", NULL); - + if (ctrl->lc_ctype) xfree (ctrl->lc_ctype); ctrl->lc_ctype = default_lc_ctype? xtrystrdup (default_lc_ctype) : NULL; - + if (ctrl->lc_messages) xfree (ctrl->lc_messages); ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages) @@ -1322,7 +1324,7 @@ agent_deinit_default_ctrl (ctrl_t ctrl) /* Reread parts of the configuration. Note, that this function is obviously not thread-safe and should only be called from the PTH - signal handler. + signal handler. Fixme: Due to the way the argument parsing works, we create a memory leak here for all string type arguments. There is currently @@ -1412,7 +1414,7 @@ get_agent_scd_notify_event (void) log_error ("can't create scd notify event: %s\n", w32_strerror (-1) ); else if (!DuplicateHandle (GetCurrentProcess(), h, GetCurrentProcess(), &h2, - EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) + EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) { log_error ("setting syncronize for scd notify event failed: %s\n", w32_strerror (-1) ); @@ -1497,7 +1499,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) agent_exit (2); } - serv_addr = xmalloc (sizeof (*serv_addr)); + serv_addr = xmalloc (sizeof (*serv_addr)); memset (serv_addr, 0, sizeof *serv_addr); serv_addr->sun_family = AF_UNIX; if (strlen (name) + 1 >= sizeof (serv_addr->sun_path)) @@ -1529,7 +1531,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) remove (name); rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); } - if (rc != -1 + if (rc != -1 && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce))) log_error (_("error getting nonce for the socket\n")); if (rc == -1) @@ -1537,9 +1539,9 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) /* We use gpg_strerror here because it allows us to get strings for some W32 socket error codes. */ log_error (_("error binding socket to `%s': %s\n"), - serv_addr->sun_path, + serv_addr->sun_path, gpg_strerror (gpg_error_from_errno (errno))); - + assuan_sock_close (fd); if (opt.use_standard_socket) *name = 0; /* Inhibit removal of the socket by cleanup(). */ @@ -1552,7 +1554,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) assuan_sock_close (fd); agent_exit (2); } - + if (opt.verbose) log_info (_("listening on socket `%s'\n"), serv_addr->sun_path); @@ -1626,7 +1628,7 @@ create_directories (void) log_error (_("can't create directory `%s': %s\n"), home, strerror (errno) ); #endif - else + else { if (!opt.quiet) log_info (_("directory `%s' created\n"), home); @@ -1681,7 +1683,7 @@ handle_tick (void) } } #endif /*HAVE_W32_SYSTEM*/ - + /* Code to be run every minute. */ if (last_minute + 60 <= time (NULL)) { @@ -1724,14 +1726,14 @@ handle_signal (int signo) case SIGHUP: agent_sighup_action (); break; - + case SIGUSR1: log_info ("SIGUSR1 received - printing internal information:\n"); pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); agent_query_dump_state (); agent_scd_dump_state (); break; - + case SIGUSR2: agent_sigusr2_action (); break; @@ -1751,7 +1753,7 @@ handle_signal (int signo) agent_exit (0); } break; - + case SIGINT: log_info ("SIGINT received - immediate shutdown\n"); log_info( "%s %s stopped\n", strusage(11), strusage(13)); @@ -1767,12 +1769,12 @@ handle_signal (int signo) /* Check the nonce on a new connection. This is a NOP unless we we are using our Unix domain socket emulation under Windows. */ -static int +static int check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce) { if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce)) { - log_info (_("error reading nonce on fd %d: %s\n"), + log_info (_("error reading nonce on fd %d: %s\n"), FD2INT(ctrl->thread_startup.fd), strerror (errno)); assuan_sock_close (ctrl->thread_startup.fd); xfree (ctrl); @@ -1794,14 +1796,14 @@ start_connection_thread (void *arg) agent_init_default_ctrl (ctrl); if (opt.verbose) - log_info (_("handler 0x%lx for fd %d started\n"), + log_info (_("handler 0x%lx for fd %d started\n"), pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd); if (opt.verbose) - log_info (_("handler 0x%lx for fd %d terminated\n"), + log_info (_("handler 0x%lx for fd %d terminated\n"), pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); - + agent_deinit_default_ctrl (ctrl); xfree (ctrl); return NULL; @@ -1826,7 +1828,7 @@ start_connection_thread_ssh (void *arg) if (opt.verbose) log_info (_("ssh handler 0x%lx for fd %d terminated\n"), pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); - + agent_deinit_default_ctrl (ctrl); xfree (ctrl); return NULL; @@ -1872,7 +1874,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) sa.sa_handler = SIG_IGN; sa.sa_flags = 0; sigaction (mysigs[i], &sa, NULL); - + sigaddset (&sigs, mysigs[i]); } } @@ -2020,7 +2022,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) xfree (ctrl); assuan_sock_close (fd); } - else + else { char threadname[50]; @@ -2040,7 +2042,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) fd = GNUPG_INVALID_FD; } - if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD + if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD && FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset)) { ctrl_t ctrl; @@ -2133,7 +2135,7 @@ check_own_socket_thread (void *arg) log_error ("can't connect my own socket: %s\n", gpg_strerror (rc)); goto leave; } - + init_membuf (&mb, 100); rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb, NULL, NULL, NULL, NULL); @@ -2141,7 +2143,7 @@ check_own_socket_thread (void *arg) buffer = get_membuf (&mb, NULL); if (rc || !buffer) { - log_error ("sending command \"%s\" to my own socket failed: %s\n", + log_error ("sending command \"%s\" to my own socket failed: %s\n", "GETINFO pid", gpg_strerror (rc)); rc = 1; } @@ -2152,7 +2154,7 @@ check_own_socket_thread (void *arg) } else if (opt.verbose > 1) log_error ("socket is still served by this server\n"); - + xfree (buffer); leave: diff --git a/common/ChangeLog b/common/ChangeLog index 7025966..0c381de 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,14 @@ +2011-04-29 Werner Koch + + * estream.c (es_pth_kill): New. + (estream_pth_killed): New. + (ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK) + (ESTREAM_MUTEX_TRYLOCK, ESTREAM_MUTEX_INITIALIZE): Take care of + the killed status. + (ESTREAM_SYS_YIELD): Ditto. + (es_pth_read, es_pth_write): Ditto. + (es_init_do): Ditto. + 2011-01-20 Werner Koch * estream.c (es_func_mem_write): Fix computation of NEWSIZE. @@ -288,7 +299,7 @@ * percent.c, t-percent.c: New. - * exechelp.c (gnupg_spawn_process, gnupg_spawn_process_fd) + * exechelp.c (gnupg_spawn_process, gnupg_spawn_process_fd) (gnupg_spawn_process_detached) [W32]: Remove debug output. 2008-11-20 Werner Koch @@ -503,7 +514,7 @@ 2007-11-05 Werner Koch - * audit.c, audit.h: New. + * audit.c, audit.h: New. * Makefile.am: Add rules to build audit-events.h. * exaudit.awk: New. * mkstrtable.awk: New. Taken from libgpg-error. @@ -528,7 +539,7 @@ (gnupg_create_inbound_pipe): New. * util.h (GNUPG_MODULE_NAME_GPGSM, GNUPG_MODULE_NAME_GPG): New. * homedir.c (gnupg_module_name): Add them - + 2007-08-28 Werner Koch * gettime.c (check_isotime, add_isotime): New. Originally written @@ -549,7 +560,7 @@ 2007-08-22 Werner Koch Updated estream from libestream. - + * estream.c (mem_malloc, mem_realloc, mem_free): New. Use them instead of the ES_MEM_foo. * estream.c (estream_cookie_mem): Remove members DONT_FREE, @@ -618,7 +629,7 @@ 2007-07-05 Werner Koch - * t-gettime.c: New. + * t-gettime.c: New. * gettime.c (isotime2epoch, epoch2isotime): New. 2007-07-04 Werner Koch @@ -650,7 +661,7 @@ (iobuf_translate_file_handle): Remove. (translate_file_handle): Use new function. - * estream-printf.c [TEST]: Header including fixes. + * estream-printf.c [TEST]: Header including fixes. (do_format): Do not append a trailing Nul. This avoids spurious Nuls in the es_printf output. (estream_vsnprintf, estream_vasprintf): Take this in account. @@ -664,11 +675,11 @@ (es_convert_mode): Set O_BINARY. (es_func_fd_create, es_func_fp_create, es_func_file_create) [W32]: Call setmode if requested. - + 2007-06-24 Werner Koch * estream.c (do_fpopen, es_fpopen, es_fpopen_nc): New. - (es_func_fp_create, es_func_fp_read, es_func_fp_write) + (es_func_fp_create, es_func_fp_read, es_func_fp_write) (es_func_fp_seek, es_func_fp_destroy): New. 2007-06-22 Werner Koch @@ -676,7 +687,7 @@ * estream.c (es_fdopen): Factored code out to.. (do_fdopen): .. new. (es_fdopen_nc): New. - (estream_cookie_fd): Add field NO_CLOSE. + (estream_cookie_fd): Add field NO_CLOSE. (es_func_fd_create): Add arg NO_CLOSE and changed all callers. (es_func_fd_destroy): Handle the new flag. @@ -718,8 +729,8 @@ (agent_open): Use it if GPG_AGENT_INFO is not set. (simple_pwquery): Extended to allow returning of otehyr error codes. - * util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY) - (GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR) + * util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY) + (GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR) (GNUPG_MODULE_NAME_PROTECT_TOOL): New. * homedir.c (gnupg_module_name): New. (gnupg_bindir): New. @@ -800,7 +811,7 @@ 2007-05-07 Werner Koch * signal.c (got_fatal_signal): Protect SIG from being clobbered by - a faulty signal implementaion. Suggested by James Juran. + a faulty signal implementaion. Suggested by James Juran. 2007-04-25 Werner Koch @@ -876,9 +887,9 @@ 2006-10-17 Werner Koch - * estream.c (struct estream_internal, es_initialize) + * estream.c (struct estream_internal, es_initialize) (es_deinitialize, print_fun_writer, es_print): New and modified - functions to avoid tempfiles for printf style printing. + functions to avoid tempfiles for printf style printing. * Makefile.am (libcommonpth_a_SOURCES): New. We now build a secon version of the library with explicit Pth support. @@ -921,7 +932,7 @@ buffer. 2006-09-27 Florian Weimer (wk) - + * iobuf.c (iobuf_unread): New. 2006-09-22 Werner Koch @@ -1108,7 +1119,7 @@ * estream.c (estream_cookie_mem): Make MEMORY unsigned char*. (es_write): Make BUFFER a void *. (es_writen): Ditto. - (es_func_fd_read, es_func_fd_write, es_func_mem_read) + (es_func_fd_read, es_func_fd_write, es_func_mem_read) (es_func_mem_write): Ditto. (es_read, es_readn): Ditto. (es_func_mem_write): Made MEMORY_NEW an unsigned char *. @@ -1119,7 +1130,7 @@ * estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H! (es_func_fd_read, es_func_fd_write): Protect against EINTR. - + 2005-06-01 Werner Koch * Makefile.am (AM_CPPFLAGS): Added. @@ -1191,7 +1202,7 @@ * signal.c (got_fatal_signal, got_usr_signal) (got_fatal_signal) [DOSISH]: Don't build. - * simple-gettext.c: Include sysutils.h + * simple-gettext.c: Include sysutils.h * homedir.c: New. Use CSIDL_APPDATA for W32 as the default home directory. @@ -1385,10 +1396,10 @@ 2003-08-14 Timo Schulz * dynload.h. New. W32 wrapper around the dynload mechanism. - + 2003-07-15 Werner Koch - * simple-pwquery.c, simple-pwquery.h: New; moved from ../agent. + * simple-pwquery.c, simple-pwquery.h: New; moved from ../agent. * Makefile.am (libsimple_pwquery_a_LIBADD): New. 2003-06-25 Werner Koch @@ -1562,10 +1573,10 @@ * sysutils.c: New. This is the misc.c file from gnupg 1.0.6 with the OpenPGP stuff removed. * sysutils.h: New. - + 2002-01-15 Werner Koch - * maperror.c: Add mapping for Not_Trusted. + * maperror.c: Add mapping for Not_Trusted. 2002-01-11 Werner Koch @@ -1592,8 +1603,8 @@ * util.h (digitp, hexdigitp): New ctype like macros. (atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New. - - + + Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. @@ -1604,5 +1615,3 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/common/estream.c b/common/estream.c index 9f7dfd0..5d74fea 100644 --- a/common/estream.c +++ b/common/estream.c @@ -150,20 +150,10 @@ typedef void (*func_free_t) (void *mem); /* Locking. */ #ifdef HAVE_PTH - typedef pth_mutex_t estream_mutex_t; -# define ESTREAM_MUTEX_INITIALIZER PTH_MUTEX_INIT -# define ESTREAM_MUTEX_LOCK(mutex) \ - pth_mutex_acquire (&(mutex), 0, NULL) -# define ESTREAM_MUTEX_UNLOCK(mutex) \ - pth_mutex_release (&(mutex)) -# define ESTREAM_MUTEX_TRYLOCK(mutex) \ - ((pth_mutex_acquire (&(mutex), 1, NULL) == TRUE) ? 0 : -1) -# define ESTREAM_MUTEX_INITIALIZE(mutex) \ - pth_mutex_init (&(mutex)) -#else - +#else /*!HAVE_PTH*/ typedef void *estream_mutex_t; +#endif /*!HAVE_PTH*/ static inline void dummy_mutex_call_void (estream_mutex_t mutex) @@ -178,19 +168,42 @@ dummy_mutex_call_int (estream_mutex_t mutex) return 0; } + +#ifdef HAVE_PTH + +static int estream_pth_killed; + +# define ESTREAM_MUTEX_INITIALIZER PTH_MUTEX_INIT +# define ESTREAM_MUTEX_LOCK(mutex) \ + (estream_pth_killed ? dummy_mutex_call_void ((mutex)) \ + : pth_mutex_acquire (&(mutex), 0, NULL)) +# define ESTREAM_MUTEX_UNLOCK(mutex) \ + (estream_pth_killed ? dummy_mutex_call_void ((mutex)) \ + : pth_mutex_release (&(mutex))) +# define ESTREAM_MUTEX_TRYLOCK(mutex) \ + (estream_pth_killed ? dummy_mutex_call_int ((mutex)) \ + : ((pth_mutex_acquire (&(mutex), 1, NULL) == TRUE)? 0:-1)) +# define ESTREAM_MUTEX_INITIALIZE(mutex) \ + (estream_pth_killed ? dummy_mutex_call_void ((mutex)) \ + : pth_mutex_init (&(mutex))) + +#else /*!HAVE_PTH*/ + # define ESTREAM_MUTEX_INITIALIZER NULL # define ESTREAM_MUTEX_LOCK(mutex) dummy_mutex_call_void ((mutex)) # define ESTREAM_MUTEX_UNLOCK(mutex) dummy_mutex_call_void ((mutex)) # define ESTREAM_MUTEX_TRYLOCK(mutex) dummy_mutex_call_int ((mutex)) # define ESTREAM_MUTEX_INITIALIZE(mutex) dummy_mutex_call_void ((mutex)) -#endif + +#endif /*!HAVE_PTH*/ /* Primitive system I/O. */ #ifdef HAVE_PTH # define ESTREAM_SYS_READ es_pth_read # define ESTREAM_SYS_WRITE es_pth_write -# define ESTREAM_SYS_YIELD() pth_yield (NULL) +# define ESTREAM_SYS_YIELD() \ + do { if (!estream_pth_killed) pth_yield (NULL); } while (0) #else # define ESTREAM_SYS_READ read # define ESTREAM_SYS_WRITE write @@ -361,7 +374,7 @@ static void es_list_remove (estream_t stream, int with_locked_list) { estream_list_t list_obj; - + if (!with_locked_list) ESTREAM_LIST_LOCK; for (list_obj = estream_list; list_obj; list_obj = list_obj->cdr) @@ -411,27 +424,37 @@ es_list_iterate (estream_iterator_t iterator) static int es_pth_read (int fd, void *buffer, size_t size) { + if (estream_pth_killed) + return read (fd, buffer, size); + else + { # ifdef HAVE_W32_SYSTEM - int rc = pth_read (fd, buffer, size); - if (rc == -1 && errno == EINVAL) - rc = read (fd, buffer, size); - return rc; + int rc = pth_read (fd, buffer, size); + if (rc == -1 && errno == EINVAL) + rc = read (fd, buffer, size); + return rc; # else /*!HAVE_W32_SYSTEM*/ - return pth_read (fd, buffer, size); + return pth_read (fd, buffer, size); # endif /* !HAVE_W32_SYSTEM*/ + } } static int es_pth_write (int fd, const void *buffer, size_t size) { + if (estream_pth_killed) + return write (fd, buffer, size); + else + { # ifdef HAVE_W32_SYSTEM - int rc = pth_write (fd, buffer, size); - if (rc == -1 && errno == EINVAL) - rc = write (fd, buffer, size); - return rc; + int rc = pth_write (fd, buffer, size); + if (rc == -1 && errno == EINVAL) + rc = write (fd, buffer, size); + return rc; # else /*!HAVE_W32_SYSTEM*/ - return pth_write (fd, buffer, size); + return pth_write (fd, buffer, size); # endif /* !HAVE_W32_SYSTEM*/ + } } #endif /*HAVE_PTH*/ @@ -445,6 +468,26 @@ es_deinit (void) } +/* A replacement for pth_kill. The reason we need this is that after + a pth_kill all our pth functions may not be used anymore. Thus + applications using estream and pth need to use this function + instead of a plain pth_kill. */ +int +es_pth_kill (void) +{ +#ifdef HAVE_PTH + int rc; + + rc = pth_kill (); + if (rc) + estream_pth_killed = 1; + return rc; +#else /*!HAVE_PTH*/ + return 0; +#endif /*!HAVE_PTH*/ +} + + /* * Initialization. */ @@ -457,14 +500,19 @@ es_init_do (void) if (!initialized) { #ifdef HAVE_PTH - if (!pth_init () && errno != EPERM ) - return -1; - if (pth_mutex_init (&estream_list_lock)) + if (estream_pth_killed) initialized = 1; + else + { + if (!pth_init () && errno != EPERM ) + return -1; + if (pth_mutex_init (&estream_list_lock)) + initialized = 1; + } #else initialized = 1; #endif - atexit (es_deinit); + atexit (es_deinit); } return 0; } @@ -557,7 +605,7 @@ es_func_mem_read (void *cookie, void *buffer, size_t size) memcpy (buffer, mem_cookie->memory + mem_cookie->offset, size); mem_cookie->offset += size; } - + ret = size; return ret; } @@ -582,7 +630,7 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size) assert (mem_cookie->memory_size >= mem_cookie->offset); nleft = mem_cookie->memory_size - mem_cookie->offset; - + /* If we are not allowed to grow limit the size to the left space. */ if (!mem_cookie->flags.grow && size > nleft) size = nleft; @@ -623,20 +671,20 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size) _set_errno (ENOSPC); return -1; } - + newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize); if (!newbuf) return -1; - + mem_cookie->memory = newbuf; mem_cookie->memory_size = newsize; assert (mem_cookie->memory_size >= mem_cookie->offset); nleft = mem_cookie->memory_size - mem_cookie->offset; - + assert (size <= nleft); } - + memcpy (mem_cookie->memory + mem_cookie->offset, buffer, size); if (mem_cookie->offset + size > mem_cookie->data_len) mem_cookie->data_len = mem_cookie->offset + size; @@ -698,7 +746,7 @@ es_func_mem_seek (void *cookie, off_t *offset, int whence) _set_errno (ENOSPC); return -1; } - + newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize); if (!newbuf) return -1; @@ -780,7 +828,7 @@ es_func_fd_create (void **cookie, int fd, unsigned int modeflags, int no_close) *cookie = fd_cookie; err = 0; } - + return err; } @@ -791,7 +839,7 @@ es_func_fd_read (void *cookie, void *buffer, size_t size) { estream_cookie_fd_t file_cookie = cookie; ssize_t bytes_read; - + if (IS_INVALID_FD (file_cookie->fd)) { ESTREAM_SYS_YIELD (); @@ -799,7 +847,7 @@ es_func_fd_read (void *cookie, void *buffer, size_t size) } else { - do + do bytes_read = ESTREAM_SYS_READ (file_cookie->fd, buffer, size); while (bytes_read == -1 && errno == EINTR); } @@ -901,7 +949,7 @@ typedef struct estream_cookie_fp /* Create function for fd objects. */ static int -es_func_fp_create (void **cookie, FILE *fp, +es_func_fp_create (void **cookie, FILE *fp, unsigned int modeflags, int no_close) { estream_cookie_fp_t fp_cookie; @@ -924,7 +972,7 @@ es_func_fp_create (void **cookie, FILE *fp, *cookie = fp_cookie; err = 0; } - + return err; } @@ -948,7 +996,7 @@ es_func_fp_read (void *cookie, void *buffer, size_t size) /* Write function for FILE* objects. */ static ssize_t es_func_fp_write (void *cookie, const void *buffer, size_t size) - + { estream_cookie_fp_t file_cookie = cookie; size_t bytes_written; @@ -973,7 +1021,7 @@ es_func_fp_seek (void *cookie, off_t *offset, int whence) if (!file_cookie->fp) { _set_errno (ESPIPE); - return -1; + return -1; } if ( fseek (file_cookie->fp, (long int)*offset, whence) ) @@ -1114,7 +1162,7 @@ es_convert_mode (const char *mode, unsigned int *modeflags) oflags |= O_EXCL; break; default: /* Ignore unknown flags. */ - break; + break; } } @@ -1195,10 +1243,10 @@ es_flush (estream_t stream) they were asked to write, we have to check for "(stream->data_offset - data_flushed) > 0" instead of "stream->data_offset - data_flushed". */ - + data_flushed = 0; err = 0; - + while ((((ssize_t) (stream->data_offset - data_flushed)) > 0) && (! err)) { ret = (*func_write) (stream->intern->cookie, @@ -1232,7 +1280,7 @@ es_flush (estream_t stream) err = 0; out: - + if (err) stream->intern->indicators.err = 1; @@ -1518,7 +1566,7 @@ es_readn (estream_t ES__RESTRICT stream, if (err) goto out; stream->flags.writing = 0; - } + } /* Read unread data first. */ while ((bytes_to_read - data_read_unread) && stream->unread_data_len) @@ -1615,7 +1663,7 @@ es_seek (estream_t ES__RESTRICT stream, off_t offset, int whence, off = off - stream->data_len + stream->data_offset; off -= stream->unread_data_len; } - + ret = (*func_seek) (stream->intern->cookie, &off, whence); if (ret == -1) { @@ -1633,7 +1681,7 @@ es_seek (estream_t ES__RESTRICT stream, off_t offset, int whence, stream->intern->offset = off; out: - + if (err) stream->intern->indicators.err = 1; @@ -1657,11 +1705,11 @@ es_write_nbf (estream_t ES__RESTRICT stream, { err = EOPNOTSUPP; goto out; - } + } data_written = 0; err = 0; - + while (bytes_to_write - data_written) { ret = (*func_write) (stream->intern->cookie, @@ -1709,12 +1757,12 @@ es_write_fbf (estream_t ES__RESTRICT stream, if (! err) { /* Flushing resulted in empty container. */ - + data_to_write = bytes_to_write - data_written; space_available = stream->buffer_size - stream->data_offset; if (data_to_write > space_available) data_to_write = space_available; - + memcpy (stream->buffer + stream->data_offset, buffer + data_written, data_to_write); stream->data_offset += data_to_write; @@ -1775,7 +1823,7 @@ es_writen (estream_t ES__RESTRICT stream, data_written = 0; err = 0; - + if (!stream->flags.writing) { /* Switching to writing mode -> discard input data and seek to @@ -1810,7 +1858,7 @@ es_writen (estream_t ES__RESTRICT stream, } out: - + if (bytes_written) *bytes_written = data_written; if (data_written) @@ -1834,7 +1882,7 @@ es_peek (estream_t ES__RESTRICT stream, unsigned char **ES__RESTRICT data, if (err) goto out; stream->flags.writing = 0; - } + } if (stream->data_offset == stream->data_len) { @@ -1843,7 +1891,7 @@ es_peek (estream_t ES__RESTRICT stream, unsigned char **ES__RESTRICT data, if (err) goto out; } - + if (data) *data = stream->buffer + stream->data_offset; if (data_len) @@ -1898,7 +1946,7 @@ doreadline (estream_t ES__RESTRICT stream, size_t max_length, err = es_func_mem_create (&line_stream_cookie, NULL, 0, 0, BUFFER_BLOCK_SIZE, 1, - mem_realloc, mem_free, + mem_realloc, mem_free, O_RDWR, 0); if (err) @@ -1953,7 +2001,7 @@ doreadline (estream_t ES__RESTRICT stream, size_t max_length, goto out; /* Complete line has been written to line_stream. */ - + if ((max_length > 1) && (! line_size)) { stream->intern->indicators.eof = 1; @@ -2049,7 +2097,7 @@ static int es_get_indicator (estream_t stream, int ind_err, int ind_eof) { int ret = 0; - + if (ind_err) ret = stream->intern->indicators.err; else if (ind_eof) @@ -2076,7 +2124,7 @@ es_set_buffering (estream_t ES__RESTRICT stream, es_empty (stream); es_set_indicators (stream, -1, 0); - + /* Free old buffer in case that was allocated by this function. */ if (stream->intern->deallocate_buffer) { @@ -2090,7 +2138,7 @@ es_set_buffering (estream_t ES__RESTRICT stream, else { void *buffer_new; - + if (buffer) buffer_new = buffer; else @@ -2183,7 +2231,7 @@ es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode) err = es_convert_mode (mode, &modeflags); if (err) goto out; - + err = es_func_file_create (&cookie, &fd, path, modeflags); if (err) goto out; @@ -2197,7 +2245,7 @@ es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode) fname_set_internal (stream, path, 1); out: - + if (err && create_called) (*estream_functions_fd.func_close) (cookie); @@ -2220,17 +2268,17 @@ es_mopen (unsigned char *ES__RESTRICT data, size_t data_n, size_t data_len, cookie = 0; stream = NULL; create_called = 0; - + err = es_convert_mode (mode, &modeflags); if (err) goto out; err = es_func_mem_create (&cookie, data, data_n, data_len, - BUFFER_BLOCK_SIZE, grow, + BUFFER_BLOCK_SIZE, grow, func_realloc, func_free, modeflags, 0); if (err) goto out; - + create_called = 1; err = es_create (&stream, cookie, -1, estream_functions_mem, modeflags, 0); @@ -2256,13 +2304,13 @@ es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode) return NULL; modeflags |= O_RDWR; - + if (es_func_mem_create (&cookie, NULL, 0, 0, BUFFER_BLOCK_SIZE, 1, mem_realloc, mem_free, modeflags, memlimit)) return NULL; - + if (es_create (&stream, cookie, -1, estream_functions_mem, modeflags, 0)) (*estream_functions_mem.func_close) (cookie); @@ -2282,7 +2330,7 @@ es_fopencookie (void *ES__RESTRICT cookie, stream = NULL; modeflags = 0; - + err = es_convert_mode (mode, &modeflags); if (err) goto out; @@ -2366,7 +2414,7 @@ do_fpopen (FILE *fp, const char *mode, int no_close, int with_locked_list) err = es_func_fp_create (&cookie, fp, modeflags, no_close); if (err) goto out; - + create_called = 1; err = es_create (&stream, cookie, fp? fileno (fp):-1, estream_functions_fp, modeflags, with_locked_list); @@ -2379,7 +2427,7 @@ do_fpopen (FILE *fp, const char *mode, int no_close, int with_locked_list) return stream; } - + /* Create an estream from the stdio stream FP. This mechanism is useful in case the stdio streams have special properties and may not be mixed with fd based functions. This is for example the case @@ -2445,7 +2493,7 @@ _es_get_std_stream (int fd) stream = do_fdopen (custom_std_fds[1], "a", 1, 1); else if (custom_std_fds_valid[2]) stream = do_fdopen (custom_std_fds[2], "a", 1, 1); - + if (!stream) { /* Second try is to use the standard C streams. */ @@ -2456,8 +2504,8 @@ _es_get_std_stream (int fd) else stream = do_fpopen (stderr, "a", 1, 1); } - - if (!stream) + + if (!stream) { /* Last try: Create a bit bucket. */ stream = do_fpopen (NULL, fd? "a":"r", 0, 1); @@ -2473,7 +2521,7 @@ _es_get_std_stream (int fd) stream->intern->stdstream_fd = fd; if (fd == 2) es_set_buffering (stream, NULL, _IOLBF, 0); - fname_set_internal (stream, + fname_set_internal (stream, fd == 0? "[stdin]" : fd == 1? "[stdout]" : "[stderr]", 0); } @@ -2497,7 +2545,7 @@ es_freopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode, cookie = NULL; create_called = 0; - + ESTREAM_LOCK (stream); es_deinitialize (stream); @@ -2505,7 +2553,7 @@ es_freopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode, err = es_convert_mode (mode, &modeflags); if (err) goto leave; - + err = es_func_file_create (&cookie, &fd, path, modeflags); if (err) goto leave; @@ -2519,7 +2567,7 @@ es_freopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode, { if (create_called) es_func_fd_destroy (cookie); - + es_destroy (stream, 0); stream = NULL; } @@ -2654,7 +2702,7 @@ static int do_fflush (estream_t stream) { int err; - + if (stream->flags.writing) err = es_flush (stream); else @@ -2671,7 +2719,7 @@ int es_fflush (estream_t stream) { int err; - + if (stream) { ESTREAM_LOCK (stream); @@ -2702,7 +2750,7 @@ int es_fseeko (estream_t stream, off_t offset, int whence) { int err; - + ESTREAM_LOCK (stream); err = es_seek (stream, offset, whence, NULL); ESTREAM_UNLOCK (stream); @@ -2715,7 +2763,7 @@ long int es_ftell (estream_t stream) { long int ret; - + ESTREAM_LOCK (stream); ret = es_offset_calculate (stream); ESTREAM_UNLOCK (stream); @@ -2776,7 +2824,7 @@ int es_fgetc (estream_t stream) { int ret; - + ESTREAM_LOCK (stream); ret = es_getc_unlocked (stream); ESTREAM_UNLOCK (stream); @@ -2789,7 +2837,7 @@ int es_fputc (int c, estream_t stream) { int ret; - + ESTREAM_LOCK (stream); ret = es_putc_unlocked (c, stream); ESTREAM_UNLOCK (stream); @@ -2901,10 +2949,10 @@ es_fgets (char *ES__RESTRICT buffer, int length, estream_t ES__RESTRICT stream) { unsigned char *s = (unsigned char*)buffer; int c; - + if (!length) return NULL; - + c = EOF; ESTREAM_LOCK (stream); while (length > 1 && (c = es_getc_unlocked (stream)) != EOF && c != '\n') @@ -2968,7 +3016,7 @@ es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr, size_t *ES__RESTRICT n, if (*n) { /* Caller wants us to use his buffer. */ - + if (*n < (line_n + 1)) { /* Provided buffer is too small -> resize. */ @@ -3012,7 +3060,7 @@ es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr, size_t *ES__RESTRICT n, considered a byte stream ending in a LF. If MAX_LENGTH is not NULL, it shall point to a value with the - maximum allowed allocation. + maximum allowed allocation. Returns the length of the line. EOF is indicated by a line of length zero. A truncated line is indicated my setting the value at @@ -3036,7 +3084,7 @@ es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr, size_t *ES__RESTRICT n, released using es_free. */ ssize_t -es_read_line (estream_t stream, +es_read_line (estream_t stream, char **addr_of_buffer, size_t *length_of_buffer, size_t *max_length) { @@ -3048,7 +3096,7 @@ es_read_line (estream_t stream, char *p; if (!buffer) - { + { /* No buffer given - allocate a new one. */ length = 256; buffer = mem_alloc (length); @@ -3077,9 +3125,9 @@ es_read_line (estream_t stream, while ((c = es_getc_unlocked (stream)) != EOF) { if (nbytes == length) - { + { /* Enlarge the buffer. */ - if (maxlen && length > maxlen) + if (maxlen && length > maxlen) { /* We are beyond our limit: Skip the rest of the line. */ while (c != '\n' && (c=es_getc_unlocked (stream)) != EOF) @@ -3096,7 +3144,7 @@ es_read_line (estream_t stream, if (!*addr_of_buffer) { int save_errno = errno; - mem_free (buffer); + mem_free (buffer); *length_of_buffer = 0; if (max_length) *max_length = 0; @@ -3106,7 +3154,7 @@ es_read_line (estream_t stream, } buffer = *addr_of_buffer; *length_of_buffer = length; - length -= 3; + length -= 3; p = buffer + nbytes; } *p++ = c; @@ -3144,7 +3192,7 @@ es_vfprintf (estream_t ES__RESTRICT stream, const char *ES__RESTRICT format, va_list ap) { int ret; - + ESTREAM_LOCK (stream); ret = es_print (stream, format, ap); ESTREAM_UNLOCK (stream); @@ -3158,7 +3206,7 @@ es_fprintf_unlocked (estream_t ES__RESTRICT stream, const char *ES__RESTRICT format, ...) { int ret; - + va_list ap; va_start (ap, format); ret = es_print (stream, format, ap); @@ -3173,7 +3221,7 @@ es_fprintf (estream_t ES__RESTRICT stream, const char *ES__RESTRICT format, ...) { int ret; - + va_list ap; va_start (ap, format); ESTREAM_LOCK (stream); @@ -3210,7 +3258,7 @@ es_asprintf (const char *ES__RESTRICT format, ...) should use es_free to release the buffer. This function actually belongs into estream-printf but we put it here as a convenience and because es_free is required anyway. */ -char * +char * es_vasprintf (const char *ES__RESTRICT format, va_list ap) { int rc; @@ -3241,7 +3289,7 @@ tmpfd (void) int pid = GetCurrentProcessId (); unsigned int value; int i; - + n = GetTempPath (MAX_PATH+1, buffer); if (!n || n > MAX_PATH || mystrlen (buffer) > MAX_PATH) { @@ -3307,7 +3355,7 @@ tmpfd (void) fp = NULL; fd = -1; - + fp = tmpfile (); if (! fp) goto out; @@ -3338,7 +3386,7 @@ es_tmpfile (void) stream = NULL; modeflags = O_RDWR | O_TRUNC | O_CREAT; cookie = NULL; - + fd = tmpfd (); if (fd == -1) { @@ -3363,7 +3411,7 @@ es_tmpfile (void) close (fd); stream = NULL; } - + return stream; } @@ -3373,7 +3421,7 @@ es_setvbuf (estream_t ES__RESTRICT stream, char *ES__RESTRICT buf, int type, size_t size) { int err; - + if ((type == _IOFBF || type == _IOLBF || type == _IONBF) && (!buf || size || type == _IONBF)) { @@ -3412,7 +3460,7 @@ void * es_opaque_get (estream_t stream) { void *opaque; - + ESTREAM_LOCK (stream); es_opaque_ctrl (stream, NULL, &opaque); ESTREAM_UNLOCK (stream); @@ -3487,10 +3535,10 @@ es_fname_get (estream_t stream) Returns 0 on success or -1 on error. If BYTES_WRITTEN is not NULL the number of bytes actually written are stored at this address. */ -int +int es_write_sanitized (estream_t ES__RESTRICT stream, const void * ES__RESTRICT buffer, size_t length, - const char * delimiters, + const char * delimiters, size_t * ES__RESTRICT bytes_written) { const unsigned char *p = buffer; @@ -3500,9 +3548,9 @@ es_write_sanitized (estream_t ES__RESTRICT stream, ESTREAM_LOCK (stream); for (; length; length--, p++, count++) { - if (*p < 0x20 + if (*p < 0x20 || *p == 0x7f - || (delimiters + || (delimiters && (strchr (delimiters, *p) || *p == '\\'))) { es_putc_unlocked ('\\', stream); @@ -3604,19 +3652,19 @@ es_write_hexstring (estream_t ES__RESTRICT stream, #ifdef GNUPG_MAJOR_VERSION /* Special estream function to print an UTF8 string in the native encoding. The interface is the same as es_write_sanitized, however - only one delimiter may be supported. + only one delimiter may be supported. THIS IS NOT A STANDARD ESTREAM FUNCTION AND ONLY USED BY GNUPG!. */ int es_write_sanitized_utf8_buffer (estream_t stream, - const void *buffer, size_t length, + const void *buffer, size_t length, const char *delimiters, size_t *bytes_written) { const char *p = buffer; size_t i; /* We can handle plain ascii simpler, so check for it first. */ - for (i=0; i < length; i++ ) + for (i=0; i < length; i++ ) { if ( (p[i] & 0x80) ) break; diff --git a/common/estream.h b/common/estream.h index 6eb986f..69f19f4 100644 --- a/common/estream.h +++ b/common/estream.h @@ -231,6 +231,8 @@ typedef struct es_cookie_io_functions int es_init (void); +int es_pth_kill (void); + estream_t es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode); estream_t es_mopen (unsigned char *ES__RESTRICT data, ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 96 ++++++++++--------- agent/gpg-agent.c | 184 ++++++++++++++++++------------------ common/ChangeLog | 61 +++++++----- common/estream.c | 274 +++++++++++++++++++++++++++++++---------------------- common/estream.h | 2 + 5 files changed, 341 insertions(+), 276 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 29 12:32:38 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Fri, 29 Apr 2011 12:32:38 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-52-g10cccd4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 10cccd45af8510ed1a285636193f34dd04472aff (commit) via a286e95f3a3f1feba88c563b92c7227096f69d03 (commit) from 25f292ed891a251a296d9af9b1566ffffe5d4582 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 10cccd45af8510ed1a285636193f34dd04472aff Author: Marcus Brinkmann Date: Fri Apr 29 12:02:46 2011 +0200 Fix import stat counter and abort secret key import on merge-only error case. diff --git a/g10/ChangeLog b/g10/ChangeLog index f8cc49c..cbd3706 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,12 @@ 2011-04-29 Marcus Brinkmann + * import.c (import_secret_one): Leave all checks to import_one. + Cancel secret key import if public key was skipped due to + merge-only request. Fix import status for non-new secret key + import by checking stat counter. + +2011-04-29 Marcus Brinkmann + * delkey.c (do_delete_key): Access public keyblock even for secret key operations. But deleting secret key is not supported yet, so give an error. Limit secret-key-exists error case to public keys. diff --git a/g10/import.c b/g10/import.c index 39968ff..05dfd1d 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1521,6 +1521,8 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, KBNODE node, uidnode; u32 keyid[2]; int rc = 0; + int nr_prev; + kbnode_t pub_keyblock; /* Get the key and print some info about it */ node = find_kbnode (keyblock, PKT_SECRET_KEY); @@ -1581,24 +1583,30 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, clear_kbnode_flags (keyblock); - if (!(options&IMPORT_MERGE_ONLY) || !have_secret_key_with_kid (keyid) ) - { - /* We don't have this key, insert as a new key. */ - kbnode_t pub_keyblock; + nr_prev = stats->skipped_new_keys; - /* Make a public key out of this. */ - pub_keyblock = sec_to_pub_keyblock (keyblock); - if (!pub_keyblock) - log_error ("key %s: failed to create public key from secret key\n", + /* Make a public key out of the key. */ + pub_keyblock = sec_to_pub_keyblock (keyblock); + if (!pub_keyblock) + log_error ("key %s: failed to create public key from secret key\n", keystr_from_pk (pk)); - else - { - import_one (ctrl, fname, pub_keyblock, stats, - NULL, NULL, opt.import_options, 1); - /* Fixme: We should check for an invalid keyblock and - cancel the secret key import in this case. */ - release_kbnode (pub_keyblock); - + else + { + /* Note that this outputs an IMPORT_OK status message for the + public key block, and below we will output another one for + the secret keys. FIXME? */ + import_one (ctrl, fname, pub_keyblock, stats, + NULL, NULL, opt.import_options, 1); + + /* Fixme: We should check for an invalid keyblock and + cancel the secret key import in this case. */ + release_kbnode (pub_keyblock); + + /* At least we cancel the secret key import when the public key + import was skipped due to MERGE_ONLY option and a new + key. */ + if (stats->skipped_new_keys <= nr_prev) + { /* Read the keyblock again to get the effects of a merge. */ /* Fixme: we should do this based on the fingerprint or even better let import_one return the merged @@ -1609,27 +1617,23 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, keystr_from_pk (pk)); else { + nr_prev = stats->secret_imported; if (!transfer_secret_keys (ctrl, stats, keyblock)) { + int status = 16; if (!opt.quiet) log_info (_("key %s: secret key imported\n"), keystr_from_pk (pk)); + if (stats->secret_imported > nr_prev) + status |= 1; if (is_status_enabled ()) - print_import_ok (pk, 1|16); + print_import_ok (pk, status); check_prefs (ctrl, node); } release_kbnode (node); } } } - else - { - /* We don't want to merge the secret keys. */ - log_error (_("key %s: secret key part already available\n"), - keystr_from_pk (pk)); - if (is_status_enabled ()) - print_import_ok (pk, 16); - } return rc; } commit a286e95f3a3f1feba88c563b92c7227096f69d03 Author: Marcus Brinkmann Date: Fri Apr 29 12:01:52 2011 +0200 Give sensible error messages when trying to delete secret key. diff --git a/g10/ChangeLog b/g10/ChangeLog index bd53799..f8cc49c 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2011-04-29 Marcus Brinkmann + + * delkey.c (do_delete_key): Access public keyblock even for secret + key operations. But deleting secret key is not supported yet, so + give an error. Limit secret-key-exists error case to public keys. + 2011-04-28 Werner Koch * ecdh.c (pk_ecdh_encrypt_with_shared_point): Remove memory leak diff --git a/g10/delkey.c b/g10/delkey.c index 3b47c40..950af0e 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -83,7 +83,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) } /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY ); + node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); if( !node ) { log_error("Oops; key not found anymore!\n"); rc = G10ERR_GENERAL; @@ -93,7 +93,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) pk = node->pkt->pkt.public_key; keyid_from_pk( pk, keyid ); - if (!force) + if (!secret && !force) { if (have_secret_key_with_kid (keyid)) { @@ -146,20 +146,29 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) if( okay ) { - rc = keydb_delete_keyblock (hd); - if (rc) { + if (secret) + { + log_error (_("deleting secret key not implemented\n")); + rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /* FIXME */ + goto leave; + } + else + { + rc = keydb_delete_keyblock (hd); + if (rc) { log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) ); goto leave; + } } - /* Note that the ownertrust being cleared will trigger a - revalidation_mark(). This makes sense - only deleting keys - that have ownertrust set should trigger this. */ + /* Note that the ownertrust being cleared will trigger a + revalidation_mark(). This makes sense - only deleting keys + that have ownertrust set should trigger this. */ - if (!secret && pk && clear_ownertrusts (pk)) { - if (opt.verbose) - log_info (_("ownertrust information cleared\n")); - } + if (!secret && pk && clear_ownertrusts (pk)) { + if (opt.verbose) + log_info (_("ownertrust information cleared\n")); + } } leave: ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 13 +++++++++++++ g10/delkey.c | 31 ++++++++++++++++++++----------- g10/import.c | 54 +++++++++++++++++++++++++++++------------------------- 3 files changed, 62 insertions(+), 36 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 29 15:41:59 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 29 Apr 2011 15:41:59 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-55-gc36deee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c36deeea8bb06ed62b33cfd23f57ea3bba8eddde (commit) via afe5c1a370ef1d01fd3a4c66dfd231d4a9bfc498 (commit) via 740629de00af823f8d715ff72102557e8ff5cf84 (commit) from 10cccd45af8510ed1a285636193f34dd04472aff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c36deeea8bb06ed62b33cfd23f57ea3bba8eddde Merge: 10cccd4 afe5c1a Author: Werner Koch Date: Fri Apr 29 15:10:36 2011 +0200 Merge branch 'wk-gpg-keybox' diff --cc g10/ChangeLog index cbd3706,61e2020..b8d3232 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@@ -1,16 -1,16 +1,29 @@@ + 2011-04-29 Werner Koch + + * keydb.c (keydb_get_keyblock, keydb_add_resource): Use gpg_error. + (keydb_get_keyblock): Return VALUE_NOT_FOUND instead of -1. + (keydb_update_keyblock, keydb_insert_keyblock) + (keydb_delete_keyblock): Ditto. + (keydb_locate_writable): Ditto. + (keydb_search_reset): Ditto. + (keydb_search2): Return GPG_ERR_NOT_FOUND instead of -1. Change + all callers. + (keydb_search_first, keydb_search_next, keydb_search_kid) + (keydb_search_fpr): Ditto. + +2011-04-29 Marcus Brinkmann + + * import.c (import_secret_one): Leave all checks to import_one. + Cancel secret key import if public key was skipped due to + merge-only request. Fix import status for non-new secret key + import by checking stat counter. + +2011-04-29 Marcus Brinkmann + + * delkey.c (do_delete_key): Access public keyblock even for secret + key operations. But deleting secret key is not supported yet, so + give an error. Limit secret-key-exists error case to public keys. + 2011-04-28 Werner Koch * ecdh.c (pk_ecdh_encrypt_with_shared_point): Remove memory leak commit afe5c1a370ef1d01fd3a4c66dfd231d4a9bfc498 Author: Werner Koch Date: Fri Apr 29 15:07:11 2011 +0200 Re-indentation of keydb.c and error code changes. Returning -1 as an error code is not very clean given that gpg error has more descriptive error codes. Thus we now return GPG_ERR_NOT_FOUND for all search operations and adjusted all callers. diff --git a/g10/ChangeLog b/g10/ChangeLog index bd53799..61e2020 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +2011-04-29 Werner Koch + + * keydb.c (keydb_get_keyblock, keydb_add_resource): Use gpg_error. + (keydb_get_keyblock): Return VALUE_NOT_FOUND instead of -1. + (keydb_update_keyblock, keydb_insert_keyblock) + (keydb_delete_keyblock): Ditto. + (keydb_locate_writable): Ditto. + (keydb_search_reset): Ditto. + (keydb_search2): Return GPG_ERR_NOT_FOUND instead of -1. Change + all callers. + (keydb_search_first, keydb_search_next, keydb_search_kid) + (keydb_search_fpr): Ditto. + 2011-04-28 Werner Koch * ecdh.c (pk_ecdh_encrypt_with_shared_point): Remove memory leak diff --git a/g10/export.c b/g10/export.c index 2e35eea..1b575dd 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1185,7 +1185,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, iobuf_put (out, ')'); iobuf_put (out, '\n'); } - if (err == -1) + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) err = 0; leave: diff --git a/g10/getkey.c b/g10/getkey.c index 171f177..b80695d 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -431,7 +431,7 @@ get_pubkey_fast (PKT_public_key * pk, u32 * keyid) hd = keydb_new (); rc = keydb_search_kid (hd, keyid); - if (rc == -1) + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { keydb_release (hd); return G10ERR_NO_PUBKEY; @@ -992,7 +992,7 @@ get_pubkey_byfprint_fast (PKT_public_key * pk, hd = keydb_new (); rc = keydb_search_fpr (hd, fprbuf); - if (rc == -1) + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { keydb_release (hd); return G10ERR_NO_PUBKEY; @@ -2488,7 +2488,7 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret) } found: - if (rc && rc != -1) + if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND) log_error ("keydb_search failed: %s\n", g10_errstr (rc)); if (!rc) @@ -2496,9 +2496,9 @@ found: *ret_keyblock = ctx->keyblock; /* Return the keyblock. */ ctx->keyblock = NULL; } - else if (rc == -1 && no_suitable_key) + else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND && no_suitable_key) rc = want_secret? G10ERR_UNU_SECKEY : G10ERR_UNU_PUBKEY; - else if (rc == -1) + else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) rc = want_secret? G10ERR_NO_SECKEY : G10ERR_NO_PUBKEY; release_kbnode (ctx->keyblock); diff --git a/g10/keydb.c b/g10/keydb.c index d9e01dc..f764248 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1,6 +1,6 @@ /* keydb.c - key database dispatcher * Copyright (C) 2001, 2002, 2003, 2004, 2005, - * 2008, 2009 Free Software Foundation, Inc. + * 2008, 2009, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -39,10 +39,11 @@ static int active_handles; -typedef enum { +typedef enum + { KEYDB_RESOURCE_TYPE_NONE = 0, KEYDB_RESOURCE_TYPE_KEYRING -} KeydbResourceType; + } KeydbResourceType; #define MAX_KEYDB_RESOURCES 40 struct resource_item @@ -58,11 +59,12 @@ static struct resource_item all_resources[MAX_KEYDB_RESOURCES]; static int used_resources; static void *primary_keyring=NULL; -struct keydb_handle { +struct keydb_handle +{ int locked; int found; int current; - int used; /* items in active */ + int used; /* Number of items in ACTIVE. */ struct resource_item active[MAX_KEYDB_RESOURCES]; }; @@ -212,122 +214,132 @@ maybe_create_keyring (char *filename, int force) * Flag 4 - This is a default resources. * Flag 8 - Open as read-only. */ -int +gpg_error_t keydb_add_resource (const char *url, int flags) { - static int any_public; - const char *resname = url; - char *filename = NULL; - int force = (flags&1); - int read_only = !!(flags&8); - int rc = 0; - KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE; - void *token; - - if (read_only) - force = 0; - - /* Do we have an URL? - * gnupg-ring:filename := this is a plain keyring - * filename := See what is is, but create as plain keyring. - */ - if (strlen (resname) > 11) { - if (!strncmp( resname, "gnupg-ring:", 11) ) { - rt = KEYDB_RESOURCE_TYPE_KEYRING; - resname += 11; + static int any_public; + const char *resname = url; + char *filename = NULL; + int force = (flags&1); + int read_only = !!(flags&8); + int rc = 0; + KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE; + void *token; + + if (read_only) + force = 0; + + /* Do we have an URL? + * gnupg-ring:filename := this is a plain keyring + * filename := See what is is, but create as plain keyring. + */ + if (strlen (resname) > 11) + { + if (!strncmp( resname, "gnupg-ring:", 11) ) + { + rt = KEYDB_RESOURCE_TYPE_KEYRING; + resname += 11; } #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__) - else if (strchr (resname, ':')) { - log_error ("invalid key resource URL `%s'\n", url ); - rc = G10ERR_GENERAL; - goto leave; - } + else if (strchr (resname, ':')) + { + log_error ("invalid key resource URL `%s'\n", url ); + rc = gpg_error (GPG_ERR_GENERAL); + goto leave; + } #endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */ } - if (*resname != DIRSEP_C ) { /* do tilde expansion etc */ - if (strchr(resname, DIRSEP_C) ) - filename = make_filename (resname, NULL); - else - filename = make_filename (opt.homedir, resname, NULL); + if (*resname != DIRSEP_C ) + { + /* Do tilde expansion etc. */ + if (strchr(resname, DIRSEP_C) ) + filename = make_filename (resname, NULL); + else + filename = make_filename (opt.homedir, resname, NULL); } - else - filename = xstrdup (resname); - - if (!force && !read_only) - force = !any_public; + else + filename = xstrdup (resname); - /* See whether we can determine the filetype. */ - if (rt == KEYDB_RESOURCE_TYPE_NONE) { - FILE *fp = fopen( filename, "rb" ); + if (!force && !read_only) + force = !any_public; - if (fp) { - u32 magic; + /* See whether we can determine the filetype. */ + if (rt == KEYDB_RESOURCE_TYPE_NONE) + { + FILE *fp = fopen (filename, "rb"); - if (fread( &magic, 4, 1, fp) == 1 ) { - if (magic == 0x13579ace || magic == 0xce9a5713) - ; /* GDBM magic - no more support */ - else - rt = KEYDB_RESOURCE_TYPE_KEYRING; + if (fp) + { + u32 magic; + + if (fread( &magic, 4, 1, fp) == 1 ) + { + if (magic == 0x13579ace || magic == 0xce9a5713) + ; /* GDBM magic - not anymore supported. */ + else + rt = KEYDB_RESOURCE_TYPE_KEYRING; } - else /* maybe empty: assume ring */ - rt = KEYDB_RESOURCE_TYPE_KEYRING; - fclose( fp ); + else /* Maybe empty: assume keyring. */ + rt = KEYDB_RESOURCE_TYPE_KEYRING; + + fclose( fp ); } - else /* no file yet: create ring */ - rt = KEYDB_RESOURCE_TYPE_KEYRING; + else /* No file yet: create keyring. */ + rt = KEYDB_RESOURCE_TYPE_KEYRING; } - switch (rt) { - case KEYDB_RESOURCE_TYPE_NONE: - log_error ("unknown type of key resource `%s'\n", url ); - rc = G10ERR_GENERAL; - goto leave; + switch (rt) + { + case KEYDB_RESOURCE_TYPE_NONE: + log_error ("unknown type of key resource `%s'\n", url ); + rc = gpg_error (GPG_ERR_GENERAL); + goto leave; - case KEYDB_RESOURCE_TYPE_KEYRING: - rc = maybe_create_keyring (filename, force); - if (rc) - goto leave; + case KEYDB_RESOURCE_TYPE_KEYRING: + rc = maybe_create_keyring (filename, force); + if (rc) + goto leave; - if(keyring_register_filename (filename, read_only, &token)) - { - if (used_resources >= MAX_KEYDB_RESOURCES) - rc = G10ERR_RESOURCE_LIMIT; - else - { - if(flags&2) - primary_keyring=token; - all_resources[used_resources].type = rt; - all_resources[used_resources].u.kr = NULL; /* Not used here */ - all_resources[used_resources].token = token; - used_resources++; - } - } - else - { - /* This keyring was already registered, so ignore it. - However, we can still mark it as primary even if it was - already registered. */ - if(flags&2) - primary_keyring=token; - } - break; + if (keyring_register_filename (filename, read_only, &token)) + { + if (used_resources >= MAX_KEYDB_RESOURCES) + rc = gpg_error (GPG_ERR_RESOURCE_LIMIT); + else + { + if (flags&2) + primary_keyring = token; + all_resources[used_resources].type = rt; + all_resources[used_resources].u.kr = NULL; /* Not used here */ + all_resources[used_resources].token = token; + used_resources++; + } + } + else + { + /* This keyring was already registered, so ignore it. + However, we can still mark it as primary even if it was + already registered. */ + if (flags&2) + primary_keyring = token; + } + break; default: log_error ("resource type of `%s' not supported\n", url); - rc = G10ERR_GENERAL; + rc = gpg_error (GPG_ERR_GENERAL); goto leave; } /* fixme: check directory permissions and print a warning */ - leave: - if (rc) - log_error (_("keyblock resource `%s': %s\n"), filename, g10_errstr(rc)); - else - any_public = 1; - xfree (filename); - return rc; + leave: + if (rc) + log_error (_("keyblock resource `%s': %s\n"), filename, gpg_strerror (rc)); + else + any_public = 1; + xfree (filename); + return rc; } @@ -370,25 +382,27 @@ keydb_new (void) void keydb_release (KEYDB_HANDLE hd) { - int i; - - if (!hd) - return; - assert (active_handles > 0); - active_handles--; - - unlock_all (hd); - for (i=0; i < hd->used; i++) { - switch (hd->active[i].type) { - case KEYDB_RESOURCE_TYPE_NONE: - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - keyring_release (hd->active[i].u.kr); - break; + int i; + + if (!hd) + return; + assert (active_handles > 0); + active_handles--; + + unlock_all (hd); + for (i=0; i < hd->used; i++) + { + switch (hd->active[i].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + keyring_release (hd->active[i].u.kr); + break; } } - xfree (hd); + xfree (hd); } @@ -403,29 +417,30 @@ keydb_release (KEYDB_HANDLE hd) const char * keydb_get_resource_name (KEYDB_HANDLE hd) { - int idx; - const char *s = NULL; - - if (!hd) - return NULL; - - if ( hd->found >= 0 && hd->found < hd->used) - idx = hd->found; - else if ( hd->current >= 0 && hd->current < hd->used) - idx = hd->current; - else - idx = 0; - - switch (hd->active[idx].type) { - case KEYDB_RESOURCE_TYPE_NONE: - s = NULL; - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - s = keyring_get_resource_name (hd->active[idx].u.kr); - break; + int idx; + const char *s = NULL; + + if (!hd) + return NULL; + + if ( hd->found >= 0 && hd->found < hd->used) + idx = hd->found; + else if ( hd->current >= 0 && hd->current < hd->used) + idx = hd->current; + else + idx = 0; + + switch (hd->active[idx].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + s = NULL; + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + s = keyring_get_resource_name (hd->active[idx].u.kr); + break; } - return s? s: ""; + return s? s: ""; } @@ -433,54 +448,62 @@ keydb_get_resource_name (KEYDB_HANDLE hd) static int lock_all (KEYDB_HANDLE hd) { - int i, rc = 0; - - for (i=0; !rc && i < hd->used; i++) { - switch (hd->active[i].type) { - case KEYDB_RESOURCE_TYPE_NONE: - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - rc = keyring_lock (hd->active[i].u.kr, 1); - break; + int i, rc = 0; + + for (i=0; !rc && i < hd->used; i++) + { + switch (hd->active[i].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + rc = keyring_lock (hd->active[i].u.kr, 1); + break; } } - if (rc) { - /* revert the already set locks */ - for (i--; i >= 0; i--) { - switch (hd->active[i].type) { - case KEYDB_RESOURCE_TYPE_NONE: - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - keyring_lock (hd->active[i].u.kr, 0); - break; + if (rc) + { + /* Revert the already set locks. */ + for (i--; i >= 0; i--) + { + switch (hd->active[i].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + keyring_lock (hd->active[i].u.kr, 0); + break; } } } - else - hd->locked = 1; + else + hd->locked = 1; - return rc; + return rc; } + static void unlock_all (KEYDB_HANDLE hd) { - int i; - - if (!hd->locked) - return; - - for (i=hd->used-1; i >= 0; i--) { - switch (hd->active[i].type) { - case KEYDB_RESOURCE_TYPE_NONE: - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - keyring_lock (hd->active[i].u.kr, 0); - break; + int i; + + if (!hd->locked) + return; + + for (i=hd->used-1; i >= 0; i--) + { + switch (hd->active[i].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + keyring_lock (hd->active[i].u.kr, 0); + break; } } - hd->locked = 0; + hd->locked = 0; } @@ -490,148 +513,153 @@ unlock_all (KEYDB_HANDLE hd) * the public key used to locate the keyblock or flag bit 1 set for * the user ID node. */ -int +gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) { - int rc = 0; + gpg_error_t err = 0; - if (!hd) - return G10ERR_INV_ARG; + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); - if ( hd->found < 0 || hd->found >= hd->used) - return -1; /* nothing found */ + if (hd->found < 0 || hd->found >= hd->used) + return gpg_error (GPG_ERR_VALUE_NOT_FOUND); - switch (hd->active[hd->found].type) { - case KEYDB_RESOURCE_TYPE_NONE: - rc = G10ERR_GENERAL; /* oops */ - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - rc = keyring_get_keyblock (hd->active[hd->found].u.kr, ret_kb); - break; + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + err = gpg_error (GPG_ERR_GENERAL); /* oops */ + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + err = keyring_get_keyblock (hd->active[hd->found].u.kr, ret_kb); + break; } - return rc; + return err; } /* - * update the current keyblock with KB + * Update the current keyblock with the keyblock KB */ -int -keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb) +gpg_error_t +keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb) { - int rc = 0; + gpg_error_t rc; - if (!hd) - return G10ERR_INV_ARG; + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); - if ( hd->found < 0 || hd->found >= hd->used) - return -1; /* nothing found */ + if (hd->found < 0 || hd->found >= hd->used) + return gpg_error (GPG_ERR_VALUE_NOT_FOUND); - if( opt.dry_run ) - return 0; + if (opt.dry_run) + return 0; - rc = lock_all (hd); - if (rc) - return rc; + rc = lock_all (hd); + if (rc) + return rc; - switch (hd->active[hd->found].type) { - case KEYDB_RESOURCE_TYPE_NONE: - rc = G10ERR_GENERAL; /* oops */ - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - rc = keyring_update_keyblock (hd->active[hd->found].u.kr, kb); - break; + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + rc = gpg_error (GPG_ERR_GENERAL); /* oops */ + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + rc = keyring_update_keyblock (hd->active[hd->found].u.kr, kb); + break; } - unlock_all (hd); - return rc; + unlock_all (hd); + return rc; } /* * Insert a new KB into one of the resources. */ -int -keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb) +gpg_error_t +keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb) { - int rc = -1; - int idx; - - if (!hd) - return G10ERR_INV_ARG; - - if( opt.dry_run ) - return 0; - - if ( hd->found >= 0 && hd->found < hd->used) - idx = hd->found; - else if ( hd->current >= 0 && hd->current < hd->used) - idx = hd->current; - else - return G10ERR_GENERAL; - - rc = lock_all (hd); - if (rc) - return rc; - - switch (hd->active[idx].type) { - case KEYDB_RESOURCE_TYPE_NONE: - rc = G10ERR_GENERAL; /* oops */ - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - rc = keyring_insert_keyblock (hd->active[idx].u.kr, kb); - break; - } + int rc; + int idx; + + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + + if (opt.dry_run) + return 0; + + if (hd->found >= 0 && hd->found < hd->used) + idx = hd->found; + else if (hd->current >= 0 && hd->current < hd->used) + idx = hd->current; + else + return gpg_error (GPG_ERR_GENERAL); - unlock_all (hd); + rc = lock_all (hd); + if (rc) return rc; + + switch (hd->active[idx].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + rc = gpg_error (GPG_ERR_GENERAL); /* oops */ + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + rc = keyring_insert_keyblock (hd->active[idx].u.kr, kb); + break; + } + + unlock_all (hd); + return rc; } /* - * The current keyblock will be deleted. + * Delete the current keyblock. */ -int +gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd) { - int rc = -1; + gpg_error_t rc; - if (!hd) - return G10ERR_INV_ARG; + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); - if ( hd->found < 0 || hd->found >= hd->used) - return -1; /* nothing found */ + if (hd->found < 0 || hd->found >= hd->used) + return gpg_error (GPG_ERR_VALUE_NOT_FOUND); - if( opt.dry_run ) - return 0; + if (opt.dry_run) + return 0; - rc = lock_all (hd); - if (rc) - return rc; + rc = lock_all (hd); + if (rc) + return rc; - switch (hd->active[hd->found].type) { - case KEYDB_RESOURCE_TYPE_NONE: - rc = G10ERR_GENERAL; /* oops */ - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - rc = keyring_delete_keyblock (hd->active[hd->found].u.kr); - break; + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + rc = gpg_error (GPG_ERR_GENERAL); + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + rc = keyring_delete_keyblock (hd->active[hd->found].u.kr); + break; } - unlock_all (hd); - return rc; + unlock_all (hd); + return rc; } + /* * Locate the default writable key resource, so that the next * operation (which is only relevant for inserts) will be done on this * resource. */ -int +gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) { - int rc; + gpg_error_t rc; (void)reserved; @@ -643,7 +671,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) return rc; /* If we have a primary set, try that one first */ - if(primary_keyring) + if (primary_keyring) { for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++) { @@ -675,7 +703,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) } } - return -1; + return gpg_error (GPG_ERR_NOT_FOUND); } /* @@ -709,101 +737,116 @@ keydb_rebuild_caches (int noisy) /* * Start the next search on this handle right at the beginning */ -int +gpg_error_t keydb_search_reset (KEYDB_HANDLE hd) { - int i, rc = 0; - - if (!hd) - return G10ERR_INV_ARG; - - hd->current = 0; - hd->found = -1; - /* and reset all resources */ - for (i=0; !rc && i < hd->used; i++) { - switch (hd->active[i].type) { - case KEYDB_RESOURCE_TYPE_NONE: - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - rc = keyring_search_reset (hd->active[i].u.kr); - break; + gpg_error_t rc = 0; + int i; + + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + + hd->current = 0; + hd->found = -1; + /* Now reset all resources. */ + for (i=0; !rc && i < hd->used; i++) + { + switch (hd->active[i].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + rc = keyring_search_reset (hd->active[i].u.kr); + break; } } - return rc; + return rc; } /* - * Search through all keydb resources, starting at the current position, - * for a keyblock which contains one of the keys described in the DESC array. + * Search through all keydb resources, starting at the current + * position, for a keyblock which contains one of the keys described + * in the DESC array. Returns GPG_ERR_NOT_FOUND if no matching + * keyring was found. */ -int +gpg_error_t keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc, size_t *descindex) { - int rc = -1; - - if (!hd) - return G10ERR_INV_ARG; - - while (rc == -1 && hd->current >= 0 && hd->current < hd->used) { - switch (hd->active[hd->current].type) { - case KEYDB_RESOURCE_TYPE_NONE: - BUG(); /* we should never see it here */ - break; - case KEYDB_RESOURCE_TYPE_KEYRING: - rc = keyring_search (hd->active[hd->current].u.kr, desc, - ndesc, descindex); - break; + gpg_error_t rc; + + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + + rc = -1; + while ((rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) + && hd->current >= 0 && hd->current < hd->used) + { + switch (hd->active[hd->current].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + BUG(); /* we should never see it here */ + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + rc = keyring_search (hd->active[hd->current].u.kr, desc, + ndesc, descindex); + break; } - if (rc == -1) /* EOF -> switch to next resource */ - hd->current++; - else if (!rc) - hd->found = hd->current; + if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) + { + /* EOF -> switch to next resource */ + hd->current++; + } + else if (!rc) + hd->found = hd->current; } - return rc; + return ((rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) + ? gpg_error (GPG_ERR_NOT_FOUND) + : rc); } -int + +gpg_error_t keydb_search_first (KEYDB_HANDLE hd) { - KEYDB_SEARCH_DESC desc; + KEYDB_SEARCH_DESC desc; - memset (&desc, 0, sizeof desc); - desc.mode = KEYDB_SEARCH_MODE_FIRST; - return keydb_search (hd, &desc, 1); + memset (&desc, 0, sizeof desc); + desc.mode = KEYDB_SEARCH_MODE_FIRST; + return keydb_search (hd, &desc, 1); } -int +gpg_error_t keydb_search_next (KEYDB_HANDLE hd) { - KEYDB_SEARCH_DESC desc; + KEYDB_SEARCH_DESC desc; - memset (&desc, 0, sizeof desc); - desc.mode = KEYDB_SEARCH_MODE_NEXT; - return keydb_search (hd, &desc, 1); + memset (&desc, 0, sizeof desc); + desc.mode = KEYDB_SEARCH_MODE_NEXT; + return keydb_search (hd, &desc, 1); } -int +gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid) { - KEYDB_SEARCH_DESC desc; + KEYDB_SEARCH_DESC desc; - memset (&desc, 0, sizeof desc); - desc.mode = KEYDB_SEARCH_MODE_LONG_KID; - desc.u.kid[0] = kid[0]; - desc.u.kid[1] = kid[1]; - return keydb_search (hd, &desc, 1); + memset (&desc, 0, sizeof desc); + desc.mode = KEYDB_SEARCH_MODE_LONG_KID; + desc.u.kid[0] = kid[0]; + desc.u.kid[1] = kid[1]; + return keydb_search (hd, &desc, 1); } -int +gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr) { - KEYDB_SEARCH_DESC desc; + KEYDB_SEARCH_DESC desc; - memset (&desc, 0, sizeof desc); - desc.mode = KEYDB_SEARCH_MODE_FPR; - memcpy (desc.u.fpr, fpr, MAX_FINGERPRINT_LEN); - return keydb_search (hd, &desc, 1); + memset (&desc, 0, sizeof desc); + desc.mode = KEYDB_SEARCH_MODE_FPR; + memcpy (desc.u.fpr, fpr, MAX_FINGERPRINT_LEN); + return keydb_search (hd, &desc, 1); } diff --git a/g10/keydb.h b/g10/keydb.h index f3a9529..22c2b67 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -132,25 +132,24 @@ union pref_hint Flag 1 == force Flag 2 == default */ -int keydb_add_resource (const char *url, int flags); +gpg_error_t keydb_add_resource (const char *url, int flags); KEYDB_HANDLE keydb_new (void); void keydb_release (KEYDB_HANDLE hd); const char *keydb_get_resource_name (KEYDB_HANDLE hd); -int keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb); -int keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb); -int keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb); -int keydb_delete_keyblock (KEYDB_HANDLE hd); -int keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved); +gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb); +gpg_error_t keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb); +gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb); +gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd); +gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved); void keydb_rebuild_caches (int noisy); -int keydb_search_reset (KEYDB_HANDLE hd); +gpg_error_t keydb_search_reset (KEYDB_HANDLE hd); #define keydb_search(a,b,c) keydb_search2((a),(b),(c),NULL) -int keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, - size_t ndesc, size_t *descindex); -int keydb_search_first (KEYDB_HANDLE hd); -int keydb_search_next (KEYDB_HANDLE hd); -int keydb_search_kid (KEYDB_HANDLE hd, u32 *kid); -int keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr); - +gpg_error_t keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + size_t ndesc, size_t *descindex); +gpg_error_t keydb_search_first (KEYDB_HANDLE hd); +gpg_error_t keydb_search_next (KEYDB_HANDLE hd); +gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid); +gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr); /*-- pkclist.c --*/ void show_revocation_reason( PKT_public_key *pk, int mode ); diff --git a/g10/keylist.c b/g10/keylist.c index db7467d..f6b8cff 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -434,12 +434,12 @@ list_all (int secret) hd = keydb_new (); if (!hd) - rc = G10ERR_GENERAL; + rc = gpg_error (GPG_ERR_GENERAL); else rc = keydb_search_first (hd); if (rc) { - if (rc != -1) + if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND) log_error ("keydb_search_first failed: %s\n", g10_errstr (rc)); goto leave; } @@ -479,7 +479,7 @@ list_all (int secret) keyblock = NULL; } while (!(rc = keydb_search_next (hd))); - if (rc && rc != -1) + if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND) log_error ("keydb_search_next failed: %s\n", g10_errstr (rc)); if (opt.check_sigs && !opt.with_colons) diff --git a/g10/keyserver.c b/g10/keyserver.c index 5cc7438..68dd155 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1236,8 +1236,8 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) } } - if(rc==-1) - rc=0; + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + rc = 0; leave: if(rc) diff --git a/g10/trustdb.c b/g10/trustdb.c index c6ff692..006db04 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -2107,7 +2107,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust, desc.skipfnc = search_skipfnc; desc.skipfncvalue = full_trust; rc = keydb_search (hd, &desc, 1); - if (rc == -1) + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { keys[nkeys].keyblock = NULL; return keys; @@ -2181,7 +2181,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust, keyblock = NULL; } while ( !(rc = keydb_search (hd, &desc, 1)) ); - if (rc && rc != -1) + if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND) { log_error ("keydb_search_next failed: %s\n", g10_errstr(rc)); xfree (keys); commit 740629de00af823f8d715ff72102557e8ff5cf84 Author: Werner Koch Date: Thu Apr 28 20:21:14 2011 +0200 Update OpenPGP parser to support ECC diff --git a/kbx/ChangeLog b/kbx/ChangeLog index 947aaaa..9e77118 100644 --- a/kbx/ChangeLog +++ b/kbx/ChangeLog @@ -1,3 +1,12 @@ +2011-04-28 Werner Koch + + * keybox-openpgp.c: Include ../common/openpgpdefs.h. + (enum packet_types): Remove. + (_keybox_parse_openpgp): Update NPARSED also on errors. + (parse_key): Take care of ecc algorithms. + * kbxutil.c (import_openpgp): Do not print an error for non-RSA v3 + packets. + 2010-07-23 Werner Koch * keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug. @@ -365,7 +374,7 @@ Copyright 2001, 2002, 2003, 2004, 2005, 2006, - 2007, 2008 Free Software Foundation, Inc. + 2007, 2008, 2011 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c index b1fd334..333c286 100644 --- a/kbx/kbxutil.c +++ b/kbx/kbxutil.c @@ -1,5 +1,5 @@ /* kbxutil.c - The Keybox utility - * Copyright (C) 2000, 2001, 2004, 2007 Free Software Foundation, Inc. + * Copyright (C) 2000, 2001, 2004, 2007, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -389,8 +389,18 @@ import_openpgp (const char *filename) { if (gpg_err_code (err) == GPG_ERR_NO_DATA) break; - log_info ("%s: failed to parse OpenPGP keyblock: %s\n", - filename, gpg_strerror (err)); + if (gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM) + { + /* This is likely a v3 key packet with a non-RSA + algorithm. These are keys from very early versions + of GnuPG (pre-OpenPGP). */ + } + else + { + fflush (stdout); + log_info ("%s: failed to parse OpenPGP keyblock: %s\n", + filename, gpg_strerror (err)); + } } else { diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c index 30f99ec..4306ed1 100644 --- a/kbx/keybox-openpgp.c +++ b/kbx/keybox-openpgp.c @@ -1,5 +1,5 @@ /* keybox-openpgp.c - OpenPGP key parsing - * Copyright (C) 2001, 2003 Free Software Foundation, Inc. + * Copyright (C) 2001, 2003, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -35,41 +35,16 @@ #include - -enum packet_types - { - PKT_NONE =0, - PKT_PUBKEY_ENC =1, /* public key encrypted packet */ - PKT_SIGNATURE =2, /* secret key encrypted packet */ - PKT_SYMKEY_ENC =3, /* session key packet (OpenPGP)*/ - PKT_ONEPASS_SIG =4, /* one pass sig packet (OpenPGP)*/ - PKT_SECRET_KEY =5, /* secret key */ - PKT_PUBLIC_KEY =6, /* public key */ - PKT_SECRET_SUBKEY =7, /* secret subkey (OpenPGP) */ - PKT_COMPRESSED =8, /* compressed data packet */ - PKT_ENCRYPTED =9, /* conventional encrypted data */ - PKT_MARKER =10, /* marker packet (OpenPGP) */ - PKT_PLAINTEXT =11, /* plaintext data with filename and mode */ - PKT_RING_TRUST =12, /* keyring trust packet */ - PKT_USER_ID =13, /* user id packet */ - PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */ - PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */ - PKT_ATTRIBUTE =17, /* PGP's attribute packet */ - PKT_ENCRYPTED_MDC =18, /* integrity protected encrypted data */ - PKT_MDC =19, /* manipulation detection code packet */ - PKT_COMMENT =61, /* new comment packet (private) */ - PKT_GPG_CONTROL =63 /* internal control packet */ - }; - +#include "../common/openpgpdefs.h" /* Assume a valid OpenPGP packet at the address pointed to by BUFBTR - which is of amaximum length as stored at BUFLEN. Return the header + which has a maximum length as stored at BUFLEN. Return the header information of that packet and advance the pointer stored at BUFPTR to the next packet; also adjust the length stored at BUFLEN to match the remaining bytes. If there are no more packets, store NULL at BUFPTR. Return an non-zero error code on failure or the - follwing data on success: + following data on success: R_DATAPKT = Pointer to the begin of the packet data. R_DATALEN = Length of this data. This has already been checked to fit @@ -166,8 +141,8 @@ next_packet (unsigned char const **bufptr, size_t *buflen, return gpg_error (GPG_ERR_UNEXPECTED); } - if (pktlen == 0xffffffff) - return gpg_error (GPG_ERR_INV_PACKET); + if (pktlen == (unsigned long)(-1)) + return gpg_error (GPG_ERR_INV_PACKET); if (pktlen > len) return gpg_error (GPG_ERR_INV_PACKET); /* Packet length header too long. */ @@ -201,6 +176,7 @@ parse_key (const unsigned char *data, size_t datalen, const unsigned char *mpi_n = NULL; size_t mpi_n_len = 0, mpi_e_len = 0; gcry_md_hd_t md; + int is_ecc = 0; if (datalen < 5) return gpg_error (GPG_ERR_INV_PACKET); @@ -219,7 +195,6 @@ parse_key (const unsigned char *data, size_t datalen, return gpg_error (GPG_ERR_INV_PACKET); ndays = ((data[0]<<8)|(data[1])); data +=2; datalen -= 2; - if (ndays) expiredate = ndays? (timestamp + ndays * 86400L) : 0; } else @@ -245,9 +220,11 @@ parse_key (const unsigned char *data, size_t datalen, break; case 18: /* ECDH */ npkey = 3; + is_ecc = 1; break; case 19: /* ECDSA */ npkey = 2; + is_ecc = 1; break; default: /* Unknown algorithm. */ return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); @@ -259,20 +236,34 @@ parse_key (const unsigned char *data, size_t datalen, if (datalen < 2) return gpg_error (GPG_ERR_INV_PACKET); - nbits = ((data[0]<<8)|(data[1])); - data += 2; datalen -=2; - nbytes = (nbits+7) / 8; - if (datalen < nbytes) - return gpg_error (GPG_ERR_INV_PACKET); - /* For use by v3 fingerprint calculation we need to know the RSA - modulus and exponent. */ - if (i==0) + + if (is_ecc && (i == 0 || i == 2)) { - mpi_n = data; - mpi_n_len = nbytes; + nbytes = data[0]; + if (nbytes < 2 || nbytes > 254) + return gpg_error (GPG_ERR_INV_PACKET); + nbytes++; /* The size byte itself. */ + if (datalen < nbytes) + return gpg_error (GPG_ERR_INV_PACKET); + } + else + { + nbits = ((data[0]<<8)|(data[1])); + data += 2; + datalen -= 2; + nbytes = (nbits+7) / 8; + if (datalen < nbytes) + return gpg_error (GPG_ERR_INV_PACKET); + /* For use by v3 fingerprint calculation we need to know the RSA + modulus and exponent. */ + if (i==0) + { + mpi_n = data; + mpi_n_len = nbytes; + } + else if (i==1) + mpi_e_len = nbytes; } - else if (i==1) - mpi_e_len = nbytes; data += nbytes; datalen -= nbytes; } @@ -297,7 +288,7 @@ parse_key (const unsigned char *data, size_t datalen, if (mpi_n_len < 8) { /* Moduli less than 64 bit are out of the specs scope. Zero - them out becuase this is what gpg does too. */ + them out because this is what gpg does too. */ memset (ki->keyid, 0, 8); } else @@ -307,10 +298,10 @@ parse_key (const unsigned char *data, size_t datalen, { /* Its a pitty that we need to prefix the buffer with the tag and a length header: We can't simply pass it to the fast - hashing fucntion for that reason. It might be a good idea to + hashing function for that reason. It might be a good idea to have a scatter-gather enabled hash function. What we do here is to use a static buffer if this one is large enough and - only use the regular hash fucntions if this buffer is not + only use the regular hash functions if this buffer is not large enough. */ if ( 3 + n < sizeof hashbuffer ) { @@ -344,19 +335,19 @@ parse_key (const unsigned char *data, size_t datalen, /* The caller must pass the address of an INFO structure which will get filled on success with information pertaining to the OpenPGP keyblock IMAGE of length IMAGELEN. Note that a caller does only - need to release this INFO structure when the function returns + need to release this INFO structure if the function returns success. If NPARSED is not NULL the actual number of bytes parsed will be stored at this address. */ gpg_error_t _keybox_parse_openpgp (const unsigned char *image, size_t imagelen, - size_t *nparsed, - keybox_openpgp_info_t info) + size_t *nparsed, keybox_openpgp_info_t info) { gpg_error_t err = 0; const unsigned char *image_start, *data; size_t n, datalen; int pkttype; int first = 1; + int read_error = 0; struct _keybox_openpgp_key_info *k, **ktail = NULL; struct _keybox_openpgp_uid_info *u, **utail = NULL; @@ -369,7 +360,10 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen, { err = next_packet (&image, &imagelen, &data, &datalen, &pkttype, &n); if (err) - break; + { + read_error = 1; + break; + } if (first) { @@ -380,6 +374,8 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen, else { err = gpg_error (GPG_ERR_UNEXPECTED); + if (nparsed) + *nparsed += n; break; } first = 0; @@ -439,9 +435,12 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen, if (err) { info->nsubkeys--; - if (gpg_err_code (err) != GPG_ERR_UNKNOWN_ALGORITHM) - break; /* We ignore subkeys with unknown algorithms. */ + if (gpg_err_code (err) == GPG_ERR_UNKNOWN_ALGORITHM + || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM) + err = 0; + if (err) + break; } else ktail = &info->subkeys.next; @@ -459,9 +458,12 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen, { xfree (k); info->nsubkeys--; - if (gpg_err_code (err) != GPG_ERR_UNKNOWN_ALGORITHM) - break; /* We ignore subkeys with unknown algorithms. */ + if (gpg_err_code (err) == GPG_ERR_UNKNOWN_ALGORITHM + || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM) + err = 0; + if (err) + break; } else { @@ -475,11 +477,10 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen, if (err) { _keybox_destroy_openpgp_info (info); - if (!first - && (gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM - || gpg_err_code (err) == GPG_ERR_UNKNOWN_ALGORITHM)) + if (!read_error) { - /* We are able to skip to the end of this keyblock. */ + /* Packet parsing worked, thus we should be able to skip the + rest of the keyblock. */ while (image) { if (next_packet (&image, &imagelen, ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 13 + g10/export.c | 2 +- g10/getkey.c | 10 +- g10/keydb.c | 685 +++++++++++++++++++++++++++----------------------- g10/keydb.h | 27 +- g10/keylist.c | 6 +- g10/keyserver.c | 4 +- g10/trustdb.c | 4 +- kbx/ChangeLog | 11 +- kbx/kbxutil.c | 16 +- kbx/keybox-openpgp.c | 119 +++++----- 11 files changed, 486 insertions(+), 411 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 29 16:47:33 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 29 Apr 2011 16:47:33 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-36-gaf497d5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via af497d52c3c88d1cdbedf1c7c2ce2f21f2bc9ad4 (commit) from ce98524554cae68b90c0b0e67026006ac529065a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit af497d52c3c88d1cdbedf1c7c2ce2f21f2bc9ad4 Author: Werner Koch Date: Fri Apr 29 16:17:54 2011 +0200 Include estream.h diff --git a/agent/ChangeLog b/agent/ChangeLog index 90bf76e..242ee15 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,6 +1,7 @@ 2011-04-29 Werner Koch - * gpg-agent.c (main): s/pth_kill/es_pth_kill/. + * gpg-agent.c: Include estream.h + (main): s/pth_kill/es_pth_kill/. 2010-11-11 Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index d9f4f02..14042dd 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -49,6 +49,7 @@ #include "setenv.h" #include "gc-opt-flags.h" #include "exechelp.h" +#include "../common/estream.h" enum cmd_and_opt_values { aNull = 0, ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 3 ++- agent/gpg-agent.c | 1 + 2 files changed, 3 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org