From cvs at cvs.gnupg.org Wed May 2 12:36:01 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 May 2012 12:36:01 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.3.1-27-g9c8608f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 9c8608f702ec0f44ae55cd7f33bd8df0a2d48508 (commit) via 295dd3f238fa656493d34e8a718958d62226b56c (commit) via 475640a52742b333d7c3c8235ee945ba42197883 (commit) via d6402b888fd00b883bbfc00c91a2aa9706e4377e (commit) from 1a21574b48ee91eedbf95251ee600648b377d1e7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9c8608f702ec0f44ae55cd7f33bd8df0a2d48508 Author: Werner Koch Date: Wed May 2 10:58:52 2012 +0200 Release 1.3.2. * configure.ac: Bump LT version to C19/A8/R1. * configure.ac (GITLOG_TO_CHANGELOG): Define. * Makefile.am (gen-ChangeLog): Use it. diff --git a/Makefile.am b/Makefile.am index 1ab445d..18a8e38 100644 --- a/Makefile.am +++ b/Makefile.am @@ -50,7 +50,7 @@ gen_start_date = 2011-12-01T00:00:00 gen-ChangeLog: if test -d $(top_srcdir)/.git; then \ (cd $(top_srcdir) && \ - ./build-aux/gitlog-to-changelog \ + $(GITLOG_TO_CHANGELOG) --append-dot --tear-off \ --amend=build-aux/git-log-fix \ --since=$(gen_start_date) ) > $(distdir)/cl-t; \ cat $(top_srcdir)/build-aux/git-log-footer >> $(distdir)/cl-t;\ diff --git a/NEWS b/NEWS index b7106e7..a7eeea8 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.3.2 (unreleased) +Noteworthy changes in version 1.3.2 (2012-05-02) ------------------------------------------------ * Remove support for libgpgme-pth. As far as we know, this was never used, diff --git a/README b/README index f4d806d..7c97791 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ GPGME - GnuPG Made Easy --------------------------- - Copyright 2004, 2006, 2010 g10 Code GmbH + Copyright 2004, 2006, 2010, 2012 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -40,32 +40,23 @@ See the file INSTALL for generic installation instructions. Check that you have unmodified sources. See below on how to do this. Don't skip it - this is an important step! -To build GPGME, you need to install libgpg-error. You need at least -libgpg-error 1.8. +To build GPGME, you need to install libgpg-error (>= 1.8) and +Libassuan (>= 2.0.2). For support of the OpenPGP protocol (default), you should use the -latest version of GnuPG 1.2 or 1.4, available at: +latest version of GnuPG (>= 1.4) , available at: ftp://ftp.gnupg.org/gcrypt/gnupg/ - -You need at least GnuPG 1.2.2. +For support of the CMS (Cryptographic Message Syntax) protocol, you +need a GnuPG version >= 2.0. If configure can't find the `gpg' binary in your path, you can specify the location with the --with-gpg=/path/to/gpg argument to configure. -For support of the CMS (Cryptographic Message Syntax) protocol, you -need the latest CVS version of GnuPG 1.9, which is available in the -GnuPG repository: -http://www.gnupg.org/download/cvs_access.html -Use the tag `GNUPG-1-9-BRANCH'. There are also snapshots available at: -ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/ - -You need at least GpgSM 1.9.6. - If configure can't find the `gpgsm' binary in your path, you can specify the location with the --with-gpgsm=/path/to/gpgsm argument to configure. -For building the CVS version of GPGME please see the file README.CVS +For building the GIT version of GPGME please see the file README.GIT for more information. @@ -120,4 +111,3 @@ in the tests/gpg/ directory may also prove useful. Please subscribe to the gnupg-devel at gnupg.org mailing list if you want to do serious work. - diff --git a/README.SVN b/README.GIT similarity index 84% rename from README.SVN rename to README.GIT index c642282..ee2c638 100644 --- a/README.SVN +++ b/README.GIT @@ -1,11 +1,11 @@ -If you are building from Subversion, run the script +If you are building from GIT, run the script ./autogen.sh first, to make sure that you have all the necessary maintainer tools are installed and to build the actual configuration files. If you -have just updated from SVN, you should add the option "--force" to -autogen.sh so that meta data from SVN is noticed. Then run +have just checked out from GIT, you should add the option "--force" to +autogen.sh so that meta data is noticed by autom4te.cache. Then run ./configure --enable-maintainer-mode @@ -16,7 +16,7 @@ tools, or the tools are not installed, you may use environment variables to override the default tool names: AUTOMAKE_SUFFIX is used as a suffix for all tools from the automake - package. For example + package. For example AUTOMAKE_SUFFIX="-1.7" ./autogen.sh uses "automake-1.7" and "aclocal-1.7. AUTOMAKE_PREFIX is used as a prefix for all tools from the automake @@ -37,15 +37,13 @@ It is also possible to use the variable name AUTOMAKE, AUTOCONF, ACLOCAL, AUTOHEADER, GETTEXT and MSGMERGE to directly specify the name of the programs to run. It is however better to use the suffix and prefix forms as described above because that does not require -knowledge about the actual tools used by autgen.sh. +knowledge about the actual tools used by autogen.sh. Please don't use autopoint, libtoolize or autoreconf unless you are the current maintainer and want to update the standard configuration -files. All those files should be in the SVN and only updated manually +files. All those files should be in GIT and only updated manually if the maintainer decides that newer versions are required. The maintainer should also make sure that the required version of automake et al. are properly indicated at the top of configure.ac and take care to copy the files and not merely use symlinks. - - diff --git a/build-aux/gitlog-to-changelog b/build-aux/gitlog-to-changelog index 40a8035..5cf071f 100755 --- a/build-aux/gitlog-to-changelog +++ b/build-aux/gitlog-to-changelog @@ -3,13 +3,13 @@ eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' if 0; # Convert git log output to ChangeLog format. -my $VERSION = '2011-11-02 07:53'; # UTC +my $VERSION = '2012-01-24 15:58 (wk)'; # UTC # The definition above must lie within the first 8 lines in order # for the Emacs time-stamp write hook (at end) to update it. # If you change this file with Emacs, please let the write hook # do its job. Otherwise, update this string manually. -# Copyright (C) 2008-2011 Free Software Foundation, Inc. +# Copyright (C) 2008-2012 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -25,6 +25,7 @@ my $VERSION = '2011-11-02 07:53'; # UTC # along with this program. If not, see . # Written by Jim Meyering +# Custom bugs bred by Werner Koch use strict; use warnings; @@ -64,6 +65,8 @@ OPTIONS: makes a change to SHA1's commit log text or metadata. --append-dot append a dot to the first line of each commit message if there is no other punctuation or blank at the end. + --tear-off tear off all commit log lines after a '--' line and + skip log entry with the first body line being '--'. --since=DATE convert only the logs since DATE; the default is to convert all log entries. --format=FMT set format string for commit subject and body; @@ -175,6 +178,7 @@ sub parse_amend_file($) my $format_string = '%s%n%b%n'; my $amend_file; my $append_dot = 0; + my $tear_off = 0; GetOptions ( help => sub { usage 0 }, @@ -183,6 +187,7 @@ sub parse_amend_file($) 'format=s' => \$format_string, 'amend=s' => \$amend_file, 'append-dot' => \$append_dot, + 'tear-off' => \$tear_off, ) or usage 1; @@ -201,6 +206,7 @@ sub parse_amend_file($) my $prev_date_line = ''; my @prev_coauthors = (); + while (1) { defined (my $in = ) @@ -214,6 +220,17 @@ sub parse_amend_file($) $n_read == $log_nbytes or die "$ME:$.: unexpected EOF\n"; + # Skip log entries with the default merge commit message. + $log =~ /^.*\n\nMerge branch '.*\n\s*/ + and goto SKIPCOMMIT; + + # Skip log entries if the body starts with a tear off marker. + if ($tear_off) + { + $log =~ /^.*\n\n.*\n--\s*/ + and goto SKIPCOMMIT; + } + # Extract leading hash. my ($sha, $rest) = split ':', $log, 2; defined $sha @@ -281,6 +298,18 @@ sub parse_amend_file($) @line = grep !/^Signed-off-by: .*>$/, @line; @line = grep !/^Co-authored-by: /, @line; + # Remove everything after a line with 2 dashes at the beginning. + if ($tear_off) + { + my @tmpline; + foreach (@line) + { + last if /^--\s*$/; + push @tmpline,$_; + } + @line = @tmpline; + } + # Remove leading and trailing blank lines. if (@line) { @@ -313,6 +342,7 @@ sub parse_amend_file($) print "\n", join ("\n", @line), "\n"; } + SKIPCOMMIT: defined ($in = ) or last; $in ne "\n" @@ -339,7 +369,7 @@ sub parse_amend_file($) # indent-tabs-mode: nil # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "my $VERSION = '" -# time-stamp-format: "%:y-%02m-%02d %02H:%02M" +# time-stamp-format: "%:y-%02m-%02d %02H:%02M (wk)" # time-stamp-time-zone: "UTC" # time-stamp-end: "'; # UTC" # End: diff --git a/configure.ac b/configure.ac index 6e0967c..bc57bbd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # configure.ac for GPGME # Copyright (C) 2000 Werner Koch (dd9jn) # Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, -# 2009, 2010, 2011 g10 Code GmbH +# 2009, 2010, 2011, 2012 g10 Code GmbH # # This file is part of GPGME. # @@ -15,9 +15,8 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General # Public License for more details. # -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . # (Process this file with autoconf to produce a configure script.) AC_PREREQ(2.59) @@ -29,19 +28,19 @@ min_automake_version="1.11" # Never do a binary build with the same version number # in another year; this would mess up the build number. # -# The SVN version is usually the next intended release version with -# the string "-svnNNN" appended. The reason for this is that tests for a -# specific feature can already be done under the assumption that the -# SVN version is the most recent one in a branch. To disable the SVN -# version for the real release, set the my_issvn macro to no. -m4_define(my_version, [1.3.1]) -m4_define(my_issvn, [yes]) +# The GIT version is usually the next intended release version with +# the string "-gitNNNNNN" appended. The reason for this is that tests +# for a specific feature can already be done under the assumption that +# the GIT version is the most recent one in a branch. To disable the +# GIT version for the real release, set the my_isgit macro to no. +m4_define(my_version, [1.3.2]) +m4_define(my_isgit, [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) -m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes], +m4_define([my_full_version], [my_version[]m4_if(my_isgit,[yes], [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])]) AC_INIT([gpgme],[my_full_version],[http://bugs.gnupg.org]) @@ -56,7 +55,7 @@ LIBGPGME_LT_CURRENT=19 # Subtract 2 from this value if you want to make the LFS transition an # ABI break. [Note to self: Remove this comment with the next regular break.] LIBGPGME_LT_AGE=8 -LIBGPGME_LT_REVISION=0 +LIBGPGME_LT_REVISION=1 # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 @@ -92,6 +91,8 @@ AH_VERBATIM([_REENTRANT], AC_PROG_CC AC_PROG_CXX +AC_CHECK_PROGS(GITLOG_TO_CHANGELOG, gitlog-to-changelog, + [build-aux/gitlog-to-changelog]) AC_SUBST(LIBGPGME_LT_CURRENT) AC_SUBST(LIBGPGME_LT_AGE) diff --git a/src/gpgme.h.in b/src/gpgme.h.in index dad8d94..7263d98 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1,7 +1,7 @@ /* gpgme.h - Public interface to GnuPG Made Easy. -*- c -*- Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2009 - 2010 g10 Code GmbH + 2010, 2011, 2012 g10 Code GmbH This file is part of GPGME. commit 295dd3f238fa656493d34e8a718958d62226b56c Author: Werner Koch Date: Wed May 2 10:43:22 2012 +0200 Remove unused pth stuff from gpgme-config. * src/gpgme-config.in: Remove unused pth stuff. diff --git a/src/gpgme-config.in b/src/gpgme-config.in index db8c7ef..4be1e08 100644 --- a/src/gpgme-config.in +++ b/src/gpgme-config.in @@ -32,10 +32,6 @@ gpg_error_libs="@GPG_ERROR_LIBS@" # Configure thread packages. thread_modules="" - at HAVE_PTH_TRUE@thread_modules="$thread_modules pth" -libs_pth="@PTH_LDFLAGS@ @PTH_LIBS@" -cflags_pth="@PTH_CFLAGS@" - @HAVE_PTHREAD_TRUE at thread_modules="$thread_modules pthread" libs_pthread="-lpthread" cflags_pthread="" @@ -114,7 +110,6 @@ while test $# -gt 0; do tmp_g= case "$thread_module" in pthread) tmp_c="$cflags_pthread" ;; - pth) tmp_c="$cflags_pth" ;; esac test "x$with_glib" = "xyes" && tmp_g="$cflags_glib" for i in $cflags $tmp_c $assuan_cflags $gpg_error_cflags $tmp_g ; do @@ -143,7 +138,6 @@ while test $# -gt 0; do tmp_x= case "$thread_module" in pthread) tmp_l="-lgpgme-pthread"; tmp_x="$libs_pthread" ;; - pth) tmp_l="-lgpgme-pth"; tmp_x="$libs_pth" ;; *) if test "x$with_glib" = "xyes" ; then tmp_l="-lgpgme-glib" commit 475640a52742b333d7c3c8235ee945ba42197883 Author: Werner Koch Date: Wed May 2 10:35:47 2012 +0200 Fix minor documentation problem. -- Fixes bug#1404. (There is mentioned data field ?recipient?, but actual data field name is ?recipients?.) diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 72b9e22..61cdb37 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -41,7 +41,7 @@ General Public License for more details. @end macro - at c + at c @c T I T L E P A G E @c @ifinfo @@ -153,7 +153,7 @@ Error Handling * Error Sources:: A list of important error sources. * Error Strings:: How to get a descriptive string from a value. -Exchanging Data +Exchanging Data * Creating Data Buffers:: Creating new data buffers. * Destroying Data Buffers:: Releasing data buffers. @@ -1543,7 +1543,7 @@ Memory based data objects store all data in allocated memory. This is convenient, but only practical for an amount of data that is a fraction of the available physical memory. The data has to be copied from its source and to its destination, which can often be avoided by -using one of the other data object +using one of the other data object @deftypefun gpgme_error_t gpgme_data_new (@w{gpgme_data_t *@var{dh}}) The function @code{gpgme_data_new} creates a new @code{gpgme_data_t} @@ -1987,7 +1987,7 @@ the data object with the handle @var{dh} to @var{enc}. @c @c Chapter Contexts - at c + at c @node Contexts @chapter Contexts @cindex context @@ -2726,7 +2726,7 @@ issuer name. @item char *chain_id If @code{protocol} is @code{GPGME_PROTOCOL_CMS}, then this is the chain ID, which can be used to built the certificate chain. - + @item gpgme_validity_t owner_trust If @code{protocol} is @code{GPGME_PROTOCOL_OpenPGP}, then this is the owner trust. @@ -3513,7 +3513,7 @@ are reported by the crypto engine support routines. @cindex key ring, import to Importing keys means the same as running @command{gpg} with the command - at option{--import}. + at option{--import}. @deftypefun gpgme_error_t gpgme_op_import (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{keydata}}) @@ -4101,7 +4101,7 @@ algorithm that is not supported. @item unsigned int wrong_key_usage : 1 This is true if the key was not used according to its policy. - at item gpgme_recipient_t recipient + at item gpgme_recipient_t recipients This is a linked list of recipients to which this message was encrypted. @item char *file_name @@ -4265,16 +4265,16 @@ The defined bits are: Can't verify due to a missing key or certificate. @item GPGME_SIGSUM_CRL_MISSING - The CRL (or an equivalent mechanism) is not available. + The CRL (or an equivalent mechanism) is not available. @item GPGME_SIGSUM_CRL_TOO_OLD Available CRL is too old. @item GPGME_SIGSUM_BAD_POLICY - A policy requirement was not met. + A policy requirement was not met. @item GPGME_SIGSUM_SYS_ERROR - A system error occured. + A system error occured. @end table @item char *fpr @@ -4339,7 +4339,7 @@ Values are: @item 0 No PKA information available or verification not possible. @item 1 - PKA verification failed. + PKA verification failed. @item 2 PKA verification succeeded. @item 3 @@ -4459,7 +4459,7 @@ have a different status. You can get each key's status with @deftypefun {const char *} gpgme_get_sig_status (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_sig_stat_t *@var{r_stat}}, @w{time_t *@var{r_created}}) The function @code{gpgme_get_sig_status} is equivalent to: - + @example gpgme_verify_result_t result; gpgme_signature_t sig; @@ -4482,27 +4482,27 @@ The function @code{gpgme_get_sig_status} is equivalent to: case GPG_ERR_NO_ERROR: *r_stat = GPGME_SIG_STAT_GOOD; break; - + case GPG_ERR_BAD_SIGNATURE: *r_stat = GPGME_SIG_STAT_BAD; break; - + case GPG_ERR_NO_PUBKEY: *r_stat = GPGME_SIG_STAT_NOKEY; break; - + case GPG_ERR_NO_DATA: *r_stat = GPGME_SIG_STAT_NOSIG; break; - + case GPG_ERR_SIG_EXPIRED: *r_stat = GPGME_SIG_STAT_GOOD_EXP; break; - + case GPG_ERR_KEY_EXPIRED: *r_stat = GPGME_SIG_STAT_GOOD_EXPKEY; break; - + default: *r_stat = GPGME_SIG_STAT_ERROR; break; @@ -4516,7 +4516,7 @@ The function @code{gpgme_get_sig_status} is equivalent to: @deftypefun {const char *} gpgme_get_sig_string_attr (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_attr_t @var{what}}, @w{int @var{whatidx}}) The function @code{gpgme_get_sig_string_attr} is equivalent to: - + @example gpgme_verify_result_t result; gpgme_signature_t sig; @@ -4552,7 +4552,7 @@ The function @code{gpgme_get_sig_string_attr} is equivalent to: @deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{idx}}, @w{gpgme_attr_t @var{waht}}, @w{int @var{whatidx}}) The function @code{gpgme_get_sig_ulong_attr} is equivalent to: - + @example gpgme_verify_result_t result; gpgme_signature_t sig; @@ -4584,22 +4584,22 @@ The function @code{gpgme_get_sig_ulong_attr} is equivalent to: @{ case GPG_ERR_NO_ERROR: return GPGME_SIG_STAT_GOOD; - + case GPG_ERR_BAD_SIGNATURE: return GPGME_SIG_STAT_BAD; - + case GPG_ERR_NO_PUBKEY: return GPGME_SIG_STAT_NOKEY; - + case GPG_ERR_NO_DATA: return GPGME_SIG_STAT_NOSIG; - + case GPG_ERR_SIG_EXPIRED: return GPGME_SIG_STAT_GOOD_EXP; - + case GPG_ERR_KEY_EXPIRED: return GPGME_SIG_STAT_GOOD_EXPKEY; - + default: return GPGME_SIG_STAT_ERROR; @} @@ -5671,7 +5671,7 @@ struct IOCB @{ class MyApp : public QApplication @{ // ... - + static void registerGpgmeIOCallback( void * data, int fd, int dir, GpgmeIOCb func, void * func_data, void ** tag ) @{ commit d6402b888fd00b883bbfc00c91a2aa9706e4377e Author: Werner Koch Date: Wed May 2 10:30:09 2012 +0200 Update signature summary for the case of missing X.509 keys. * src/verify.c (gpgme_op_verify_result): Update summary field. -- This is actually a hack to solve the problem that GPGME currently does not emit ERRSIG for a missing public key. diff --git a/NEWS b/NEWS index 3dad99b..b7106e7 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,10 @@ Noteworthy changes in version 1.3.2 (unreleased) * Remove support for libgpgme-pth. As far as we know, this was never used, and GnuPG is going to use our own npth in the future. + * Fix signature summary information for a missing X.509 key. + + * Fix parsing of dates >= year 2038. + Noteworthy changes in version 1.3.1 (2011-06-16) ------------------------------------------------ @@ -120,7 +124,7 @@ Noteworthy changes in version 1.1.7 (2008-10-17) * Using GPGME_KEYLIST_MODE_LOCAL combined with GPGME_KEYLIST_MODE_EXTERN is now supported; it uses the --locate-keys feature of gpg (>= 2.0.10). - + * The encoding of gpgme_data_t objects can affect the output encoding of export, sign and encrypt operations now (the same operations that are also affected by the ASCII mode switch). We believe this @@ -764,7 +768,7 @@ Noteworthy changes in version 0.4.1 (2003-06-06) So, instead: char *fpr; - err = gpgme_op_genkey (ctx, NULL, NULL, &fpr); + err = gpgme_op_genkey (ctx, NULL, NULL, &fpr); if (!err && fpr) printf ("%s\n", fpr); @@ -1052,7 +1056,7 @@ Noteworthy changes in version 0.3.13 (2002-11-20) Noteworthy changes in version 0.3.12 (2002-10-15) ------------------------------------------------- - * Fixed some bux with key listings. + * Fixed some bux with key listings. * The development has been branched to clean up some API issues. This 0.3 series will be kept for compatibility reasons; so do don't @@ -1060,7 +1064,7 @@ Noteworthy changes in version 0.3.12 (2002-10-15) Noteworthy changes in version 0.3.11 (2002-09-20) ------------------------------------------------- - + * Bug fixes. Noteworthy changes in version 0.3.10 (2002-09-02) @@ -1266,7 +1270,7 @@ gpgme_register_idle NEW Noteworthy changes in version 0.3.0 (2001-12-19) ------------------------------------------------ - + * New interface gpgme_set_protocol() to set the protocol and thus the crypto engine to be used by the context. Currently, the OpenPGP and the CMS protocols are supported. They are specified by the new @@ -1336,7 +1340,7 @@ Noteworthy changes in version 0.2.3 (2001-09-17) Noteworthy changes in version 0.2.2 (2001-06-12) ------------------------------------------------ - + * Implemented a key cache. * Fixed a race condition under W32 and some other bug fixes. diff --git a/src/verify.c b/src/verify.c index d63fc54..a61cc95 100644 --- a/src/verify.c +++ b/src/verify.c @@ -83,6 +83,7 @@ gpgme_op_verify_result (gpgme_ctx_t ctx) void *hook; op_data_t opd; gpgme_error_t err; + gpgme_signature_t sig; TRACE_BEG (DEBUG_CTX, "gpgme_op_verify_result", ctx); err = _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, -1, NULL); @@ -93,12 +94,37 @@ gpgme_op_verify_result (gpgme_ctx_t ctx) return NULL; } + /* It is possible that we saw a new signature only followed by an + ERROR line for that. In particular a missing X.509 key triggers + this. In this case it is surprising that the summary field has + not been updated. We fix it here by explicitly looking for this + case. The real fix would be to have GPGME emit ERRSIG. */ + for (sig = opd->result.signatures; sig; sig = sig->next) + { + if (!sig->summary) + { + switch (gpg_err_code (sig->status)) + { + case GPG_ERR_KEY_EXPIRED: + sig->summary |= GPGME_SIGSUM_KEY_EXPIRED; + break; + + case GPG_ERR_NO_PUBKEY: + sig->summary |= GPGME_SIGSUM_KEY_MISSING; + break; + + default: + break; + } + } + } + + /* Now for some tracing stuff. */ if (_gpgme_debug_trace ()) { - gpgme_signature_t sig = opd->result.signatures; - int i = 0; + int i; - while (sig) + for (sig = opd->result.signatures, i = 0; sig; sig = sig->next, i++) { TRACE_LOG4 ("sig[%i] = fpr %s, summary 0x%x, status %s", i, sig->fpr, sig->summary, gpg_strerror (sig->status)); @@ -120,8 +146,6 @@ gpgme_op_verify_result (gpgme_ctx_t ctx) { TRACE_LOG1 ("sig[%i] = has notations (not shown)", i); } - sig = sig->next; - i++; } } ----------------------------------------------------------------------- Summary of changes: Makefile.am | 2 +- NEWS | 18 ++++++++----- README | 24 +++++------------- README.SVN => README.GIT | 14 ++++------ build-aux/gitlog-to-changelog | 36 +++++++++++++++++++++++++-- configure.ac | 27 ++++++++++---------- doc/gpgme.texi | 54 ++++++++++++++++++++-------------------- src/gpgme-config.in | 6 ---- src/gpgme.h.in | 2 +- src/verify.c | 34 ++++++++++++++++++++++---- 10 files changed, 129 insertions(+), 88 deletions(-) rename README.SVN => README.GIT (84%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 2 12:37:53 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 May 2012 12:37:53 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.3.2-1-g4751a0e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 4751a0e1bcd68a0c9f59a2685e3a2bee9d5008a6 (commit) from 9c8608f702ec0f44ae55cd7f33bd8df0a2d48508 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4751a0e1bcd68a0c9f59a2685e3a2bee9d5008a6 Author: Werner Koch Date: Wed May 2 11:30:57 2012 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index a7eeea8..aa209dd 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.3.3 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.3.2 (2012-05-02) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index bc57bbd..3cac826 100644 --- a/configure.ac +++ b/configure.ac @@ -33,8 +33,8 @@ min_automake_version="1.11" # for a specific feature can already be done under the assumption that # the GIT version is the most recent one in a branch. To disable the # GIT version for the real release, set the my_isgit macro to no. -m4_define(my_version, [1.3.2]) -m4_define(my_isgit, [no]) +m4_define(my_version, [1.3.3]) +m4_define(my_isgit, [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ configure.ac | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 8 16:35:53 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 08 May 2012 16:35:53 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-75-g14cfd45 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 14cfd45d38db69f90242f8e10967262f4879753d (commit) via 59b77f9ea7dfa4d5c74573d2186c9a3e129ab3bf (commit) via d800fa5ce6102e069305f8e1a5d55d18ac3a1993 (commit) from 0f02fba19df16c82ca1ad44a8cb09f952d755598 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 14cfd45d38db69f90242f8e10967262f4879753d Author: Werner Koch Date: Tue May 8 14:33:34 2012 +0200 Always require libksba. -- The extra test for libksba and possible trouble building GnuPG without ksba is not anymore worth the trouble. diff --git a/configure.ac b/configure.ac index 6aadaa2..324f792 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac - for GnuPG 2.1 # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, -# 2008, 2009, 2010, 2011 Free Software Foundation, Inc. +# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. # # This file is part of GnuPG. # @@ -1506,11 +1506,6 @@ if test "$have_adns" = "yes"; then fi -if test $have_ksba = no; then - build_gpgsm=no - build_scdaemon=no -fi - build_scdaemon_extra="" if test "$build_scdaemon" = "yes"; then if test $have_libusb = no; then @@ -1592,18 +1587,9 @@ if test "$have_libgcrypt" = "no"; then *** *** You need libgcrypt to build this program. ** This library is for example available at -*** ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/ -*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.) +*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ +*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) is required.) ***]]) -dnl elif test "$gnupg_cv_gcry_kdf_derive" = no; then -dnl die=yes -dnl AC_MSG_NOTICE([[ -dnl *** -dnl *** Libgcrypt 1.5.0 has not yet been released and thus the API -dnl *** is a bit in a flux. Your version misses the function -dnl *** gcry_kdf_derive -dnl *** You need to install a newer Libgcrypt version. -dnl #***]]) fi if test "$have_libassuan" = "no"; then die=yes @@ -1616,6 +1602,7 @@ if test "$have_libassuan" = "no"; then ***]]) fi if test "$have_ksba" = "no"; then + die=yes AC_MSG_NOTICE([[ *** *** You need libksba to build this program. @@ -1643,16 +1630,17 @@ if test "$gnupg_have_ldap" = "no"; then fi fi if test "$have_npth" = "no"; then + die=yes AC_MSG_NOTICE([[ *** *** It is now required to build with support for the -*** New Portable Threads Library (NPth). Please install this +*** New Portable Threads Library (nPth). Please install this *** library first. The library is for example available at *** ftp://ftp.gnupg.org/gcrypt/npth/ +*** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is requi *** On a Debian GNU/Linux system you can install it using *** apt-get install libnpth-dev ***]]) - die=yes fi if test "$die" = "yes"; then commit 59b77f9ea7dfa4d5c74573d2186c9a3e129ab3bf Author: Werner Koch Date: Tue May 8 15:18:26 2012 +0200 po: Update de.po. * po/de.po: Update. diff --git a/po/de.po b/po/de.po index 8b98258..82d29af 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.1.0\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2011-12-20 15:52+0100\n" +"PO-Revision-Date: 2012-05-08 15:17+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "MIME-Version: 1.0\n" @@ -401,6 +401,10 @@ msgid "reading options from `%s'\n" msgstr "Optionen werden aus '%s' gelesen\n" #, c-format +msgid "NOTE: `%s' is not considered an option\n" +msgstr "Hinweis: `%s' wird nicht als Option betrachtet\n" + +#, c-format msgid "error creating `%s': %s\n" msgstr "Fehler beim Erstellen von `%s': %s\n" @@ -470,8 +474,8 @@ msgid "ssh handler 0x%lx for fd %d terminated\n" msgstr "SSH-Handhabungsroutine 0x%lx f?r fd %d beendet\n" #, c-format -msgid "pth_select failed: %s - waiting 1s\n" -msgstr "pth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n" +msgid "npth_pselect failed: %s - waiting 1s\n" +msgstr "npth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n" #, c-format msgid "%s %s stopped\n" @@ -7262,12 +7266,8 @@ msgid "error reading log from ldap wrapper %d: %s\n" msgstr "Fehler beim Lesen des Logs vom LDAP Wrapper %d: %s\n" #, c-format -msgid "pth_event failed: %s\n" -msgstr "pth_event() fehlgeschlagen: %s\n" - -#, c-format -msgid "pth_wait failed: %s\n" -msgstr "pth_wait() fehlgeschlagen: %s\n" +msgid "npth_select failed: %s - waiting 1s\n" +msgstr "npth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n" #, c-format msgid "ldap wrapper %d ready" @@ -7931,6 +7931,12 @@ msgstr "" "Syntax: gpg-check-pattern [optionen] Musterdatei\n" "Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n" +#~ msgid "pth_event failed: %s\n" +#~ msgstr "pth_event() fehlgeschlagen: %s\n" + +#~ msgid "pth_wait failed: %s\n" +#~ msgstr "pth_wait() fehlgeschlagen: %s\n" + #, fuzzy #~ msgid "||Please enter the Reset Code for the card and New PIN" #~ msgstr "Bitte geben Sie den R?ckstellcode f?r diese Karte ein" commit d800fa5ce6102e069305f8e1a5d55d18ac3a1993 Author: Werner Koch Date: Tue May 8 15:14:58 2012 +0200 common: Remove generated files only during maintainer-clean. * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES. -- In general this is not required because automake does this for files in BUILT_SOURCES anyway. However, having them in CLEANFILES is wrong. This is bug#1398. diff --git a/common/Makefile.am b/common/Makefile.am index b9cba11..e0f4b80 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -30,7 +30,7 @@ TESTS = $(jnlib_tests) $(module_tests) BUILT_SOURCES = audit-events.h status-codes.h -CLEANFILES = audit-events.h status-codes.h +MAINTAINERCLEANFILES = audit-events.h status-codes.h AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 2 +- configure.ac | 26 +++++++------------------- po/de.po | 24 +++++++++++++++--------- 3 files changed, 23 insertions(+), 29 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 8 17:20:32 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 08 May 2012 17:20:32 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-6-g3f75b9c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 3f75b9ca00fc24e35bd16e91b7b1b18616447ff2 (commit) via c08546d602e3abf47c4daffe6e7ddf4afec69214 (commit) from 1731ed88491559aca395bc0596cdc0ee3ea1fa3e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f75b9ca00fc24e35bd16e91b7b1b18616447ff2 Author: Werner Koch Date: Tue May 8 15:14:58 2012 +0200 common: Remove generated files only during maintainer-clean. * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES. -- In general this is not required because automake does this for files in BUILT_SOURCES anyway. However, having them in CLEANFILES is wrong. This is bug#1398. diff --git a/common/Makefile.am b/common/Makefile.am index 75b4623..0864d11 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -27,7 +27,7 @@ TESTS = $(module_tests) BUILT_SOURCES = audit-events.h status-codes.h -CLEANFILES = audit-events.h status-codes.h +MAINTAINERCLEANFILES = audit-events.h status-codes.h AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl commit c08546d602e3abf47c4daffe6e7ddf4afec69214 Author: Werner Koch Date: Tue May 8 15:57:18 2012 +0200 Fix copyright years. * scripts/git-log-footer: Add more years; we actually published the first code in 1997. diff --git a/scripts/git-log-footer b/scripts/git-log-footer index 4d98e37..f707935 100644 --- a/scripts/git-log-footer +++ b/scripts/git-log-footer @@ -6,8 +6,9 @@ details. ----- - Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, - 2010, 2011 Free Software Foundation, Inc. + Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, + 2005, 2006, 2007, 2008, 2009, 2010, 2011, + 2012 Free Software Foundation, Inc. Copying and distribution of this file and/or the original GIT commit log messages, with or without modification, are ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 2 +- scripts/git-log-footer | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 8 19:26:50 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 08 May 2012 19:26:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-76-gb4d9f8d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b4d9f8dbc8e074cd91bbd3e2e54e2b77c9268d1a (commit) from 14cfd45d38db69f90242f8e10967262f4879753d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b4d9f8dbc8e074cd91bbd3e2e54e2b77c9268d1a Author: Werner Koch Date: Tue May 8 18:18:32 2012 +0200 Add tweaks for the not anymore patented IDEA algorithm. * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this status anymore. -- To keep the number of actually used algorithms low, we want to support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available. diff --git a/common/status.h b/common/status.h index 434ff97..b6ac779 100644 --- a/common/status.h +++ b/common/status.h @@ -32,8 +32,6 @@ enum STATUS_BADARMOR, - STATUS_RSA_OR_IDEA, - STATUS_TRUST_UNDEFINED, STATUS_TRUST_NEVER, STATUS_TRUST_MARGINAL, diff --git a/doc/DETAILS b/doc/DETAILS index ddf7438..955e850 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -381,11 +381,9 @@ more arguments in future versions. The ASCII armor is corrupted. No arguments yet. RSA_OR_IDEA - The IDEA algorithms has been used in the data. A - program might want to fallback to another program to handle - the data if GnuPG failed. This status message used to be emitted - also for RSA but this has been dropped after the RSA patent expired. - However we can't change the name of the message. + Obsolete. This status message used to be emitted for requests + to use the IDEA or RSA algorithms. It has been dropped from + GnuPG 2.1 after the respective patents expired. SHM_INFO SHM_GET diff --git a/g10/gpg.c b/g10/gpg.c index 00ee941..f05fda9 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3149,7 +3149,6 @@ main (int argc, char **argv) { log_info(_("encrypting a message in --pgp2 mode requires " "the IDEA cipher\n")); - idea_cipher_warn(1); unusable=1; } else if(cmd==aSym) @@ -3208,10 +3207,6 @@ main (int argc, char **argv) if( def_cipher_string ) { opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string); - if(opt.def_cipher_algo==0 && - (ascii_strcasecmp(def_cipher_string,"idea")==0 - || ascii_strcasecmp(def_cipher_string,"s1")==0)) - idea_cipher_warn(1); xfree(def_cipher_string); def_cipher_string = NULL; if ( openpgp_cipher_test_algo (opt.def_cipher_algo) ) log_error(_("selected cipher algorithm is invalid\n")); diff --git a/g10/import.c b/g10/import.c index b48f126..c053e21 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1434,12 +1434,6 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock) log_error (_("key %s: error sending to agent: %s\n"), keystr_from_pk_with_sub (main_pk, pk), gpg_strerror (err)); - if (ski->algo == GCRY_CIPHER_IDEA - && gpg_err_code (err) == GPG_ERR_CIPHER_ALGO) - { - write_status (STATUS_RSA_OR_IDEA); - idea_cipher_warn (0); - } if (gpg_err_code (err) == GPG_ERR_CANCELED || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) break; /* Don't try the other subkeys. */ diff --git a/g10/keygen.c b/g10/keygen.c index 55048b1..2dae3fe 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -349,7 +349,7 @@ keygen_set_std_prefs (const char *string,int personal) break PGP2, but that is difficult with the current code, and not really worth checking as a non-RSA <=2048 bit key wouldn't be usable by PGP2 anyway. -dms */ - if ( !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) ) + if (PGP2 && !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) ) strcat(dummy_string,"S1 "); @@ -442,12 +442,6 @@ keygen_set_std_prefs (const char *string,int personal) else { log_info (_("invalid item `%s' in preference string\n"),tok); - - /* Complain if IDEA is not available. */ - if(ascii_strcasecmp(tok,"s1")==0 - || ascii_strcasecmp(tok,"idea")==0) - idea_cipher_warn(1); - rc=-1; } } diff --git a/g10/main.h b/g10/main.h index 7088abe..d25265a 100644 --- a/g10/main.h +++ b/g10/main.h @@ -105,12 +105,6 @@ int openpgp_md_test_algo( int algo ); const char *openpgp_pk_algo_name (int algo); const char *openpgp_md_algo_name (int algo); -#ifdef USE_IDEA -void idea_cipher_warn( int show ); -#else -#define idea_cipher_warn(a) do { } while (0) -#endif - struct expando_args { PKT_public_key *pk; diff --git a/g10/mainproc.c b/g10/mainproc.c index 62b530b..33855e1 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -250,12 +250,6 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen ) if(dek->keylen > DIM(dek->key)) BUG (); - /* This is not completely accurate, since a bad passphrase may have - resulted in a garbage algorithm byte, but it's close enough since - a bogus byte here will fail later. */ - if(dek->algo==CIPHER_ALGO_IDEA) - idea_cipher_warn(0); - memcpy(dek->key, seskey + 1, dek->keylen); /*log_hexdump( "thekey", dek->key, dek->keylen );*/ @@ -541,7 +535,6 @@ proc_encrypted( CTX c, PACKET *pkt ) algo = opt.def_cipher_algo; if (!algo) algo = opt.s2k_cipher_algo; - idea_cipher_warn(1); log_info (_("IDEA cipher unavailable, " "optimistically attempting to use %s instead\n"), openpgp_cipher_algo_name (algo)); diff --git a/g10/misc.c b/g10/misc.c index c49945a..3bf550c 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -546,24 +546,6 @@ openpgp_md_algo_name (int algo) } -#ifdef USE_IDEA -/* Special warning for the IDEA cipher */ -void -idea_cipher_warn(int show) -{ - static int warned=0; - - if(!warned || show) - { - log_info(_("the IDEA cipher plugin is not present\n")); - log_info(_("please see %s for more information\n"), - "http://www.gnupg.org/faq/why-not-idea.html"); - warned=1; - } -} -#endif - - static unsigned long get_signature_count (PKT_public_key *pk) { diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index a0fe685..254e810 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -292,8 +292,6 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) dek->keylen = nframe - (n + 1) - 2; dek->algo = frame[n++]; - if (dek->algo == CIPHER_ALGO_IDEA) - write_status (STATUS_RSA_OR_IDEA); err = openpgp_cipher_test_algo (dek->algo); if (err) { @@ -302,8 +300,6 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) log_info (_("cipher algorithm %d%s is unknown or disabled\n"), dek->algo, dek->algo == CIPHER_ALGO_IDEA ? " (IDEA)" : ""); - if (dek->algo == CIPHER_ALGO_IDEA) - idea_cipher_warn (0); } dek->algo = 0; goto leave; diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index ec866b3..1dde6f9 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -62,11 +62,6 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, if( openpgp_cipher_test_algo( sk->protect.algo ) ) { log_info(_("protection algorithm %d%s is not supported\n"), sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" ); - if (sk->protect.algo==CIPHER_ALGO_IDEA) - { - write_status (STATUS_RSA_OR_IDEA); - idea_cipher_warn (0); - } return G10ERR_CIPHER_ALGO; } if(gcry_md_test_algo (sk->protect.s2k.hash_algo)) ----------------------------------------------------------------------- Summary of changes: common/status.h | 2 -- doc/DETAILS | 8 +++----- g10/gpg.c | 5 ----- g10/import.c | 6 ------ g10/keygen.c | 8 +------- g10/main.h | 6 ------ g10/mainproc.c | 7 ------- g10/misc.c | 18 ------------------ g10/pubkey-enc.c | 4 ---- g10/seckey-cert.c | 5 ----- 10 files changed, 4 insertions(+), 65 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 11 11:30:04 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 11 May 2012 11:30:04 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-77-g68777b4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 68777b40dcf215305a325185f6bd9cfd6dcc0542 (commit) from b4d9f8dbc8e074cd91bbd3e2e54e2b77c9268d1a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 68777b40dcf215305a325185f6bd9cfd6dcc0542 Author: Werner Koch Date: Fri May 11 10:20:29 2012 +0200 Switch to the new automagic beta numbering scheme. * configure.ac: Add all the require m4 magic. -- This also removes the hack to allow custom version numbers which are not considered a development version. A custom version number can be done anyway by simply setting the version to it and tag the release with it. diff --git a/README.maint b/README.maint index c317f7c..38f2338 100644 --- a/README.maint +++ b/README.maint @@ -34,12 +34,14 @@ Release process: * Write NEWS entries and set the release date in NEWS. - * In configure.ac set "my_isgit" to "no". + * [1.4 and 2.0] In configure.ac set "my_isgit" to "no". * Commit all changes to GIT with a message of "Release n.m.o." + * Tag the revision with the string "gnupg-x.y.z". + * Run "./autogen.sh --force" - (--force is required for the svn magic in configure.ac and a good + (--force is required for the git magic in configure.ac and a good idea in any case) * Run "configure --enable-maintainer-mode". @@ -58,8 +60,7 @@ Release process: You might need to set a different signature key than mine. mkdiff has an option for this. - * If you are satisfied with the result commit a tag for the release - and push the changes. + * Push the git changes and the tag. * Copy the files to the FTP server diff --git a/configure.ac b/configure.ac index 324f792..d46a838 100644 --- a/configure.ac +++ b/configure.ac @@ -21,24 +21,27 @@ AC_PREREQ(2.61) min_automake_version="1.10" -# Remember to change the version number immediately *after* a release. -# Set my_issvn to "yes" for non-released code. Remember to run an -# "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [2.1.0]) -m4_define([my_issvn], [yes]) - -m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ - | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) -m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \ +# To build a release you need to create a tag with the version number +# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please +# bump the version number immediately *after* the release and do +# another commit and push so that the git magic is able to work. +m4_define([mym4_version], [2.1.0]) + +# Below is m4 magic to extract and compute the git revision number, +# the decimalized short revision number, a beta version string and a +# flag indicating a development version (mym4_isgit). Note that the +# m4 processing is done by autoconf and not during the configure run. +m4_define([mym4_revision], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) -m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes], - [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])]) +m4_define([mym4_revision_dec], + m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))])) +m4_define([mym4_betastring], + m4_esyscmd_s([git describe --match 'gnupg-2.[0-9].*[0-9]' --long|\ + awk -F- '$3!=0{print"-beta"$3}'])) +m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) +m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) -AC_INIT([gnupg],[my_full_version], [http://bugs.gnupg.org]) -# Set development_version to yes if the minor number is odd or you -# feel that the default check for a development version is not -# sufficient. -development_version=no +AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org]) NEED_GPG_ERROR_VERSION=1.10 @@ -52,9 +55,10 @@ NEED_KSBA_API=1 NEED_KSBA_VERSION=1.2.0 NEED_NPTH_API=1 -NEED_NPTH_VERSION=0.0 +NEED_NPTH_VERSION=0.91 +development_version=mym4_isgit PACKAGE=$PACKAGE_NAME PACKAGE_GT=${PACKAGE_NAME}2 VERSION=$PACKAGE_VERSION @@ -1387,19 +1391,7 @@ AC_SUBST(ZLIBS) # Check for readline support GNUPG_CHECK_READLINE -# -# Allow users to append something to the version string without -# flagging it as development version. The user version parts is -# considered everything after a dash. -# -if test "$development_version" != yes; then - changequote(,)dnl - tmp_pat='[a-zA-Z]' - changequote([,])dnl - if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then - development_version=yes - fi -fi + if test "$development_version" = yes; then AC_DEFINE(IS_DEVELOPMENT_VERSION,1, [Defined if this is not a regular release]) @@ -1637,9 +1629,7 @@ if test "$have_npth" = "no"; then *** New Portable Threads Library (nPth). Please install this *** library first. The library is for example available at *** ftp://ftp.gnupg.org/gcrypt/npth/ -*** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is requi -*** On a Debian GNU/Linux system you can install it using -*** apt-get install libnpth-dev +*** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is required). ***]]) fi @@ -1684,6 +1674,7 @@ AC_OUTPUT echo " GnuPG v${VERSION} has been configured as follows: + Revision: mym4_revision (mym4_revision_dec) Platform: $PRINTABLE_OS_NAME ($host) OpenPGP: $build_gpg ----------------------------------------------------------------------- Summary of changes: README.maint | 9 +++++---- configure.ac | 57 ++++++++++++++++++++++++--------------------------------- 2 files changed, 29 insertions(+), 37 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 11 17:50:19 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 11 May 2012 17:50:19 +0200 Subject: [git] ADNS-g10 - branch, master, updated. fefa444526f34dd242506c6b77e102cfb025dcbd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "ADNS migrated to autotools/libtool". The branch, master has been updated via fefa444526f34dd242506c6b77e102cfb025dcbd (commit) via d272961c620cdc1cab946ed20a6a7f4dab93f454 (commit) via 98fb429d1cf42dd9f5ad87cfd9432e8c5431f140 (commit) via 56606a50a5d945e28315bf14d649e07e80119de9 (commit) via 04f9d8f7248fef6b6038a42806703ad69100e1b2 (commit) from 0868f128b606ede3e6748b6efa6cd98784b8e591 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fefa444526f34dd242506c6b77e102cfb025dcbd Author: Werner Koch Date: Fri May 11 16:22:54 2012 +0200 Support command line options -t aaaa. * client/adh-main.c (of_type): Add adns_r_aaaa. diff --git a/client/adh-main.c b/client/adh-main.c index 0a366dc..0009a91 100644 --- a/client/adh-main.c +++ b/client/adh-main.c @@ -9,20 +9,20 @@ * Copyright (C) 1999-2000,2003,2006 Tony Finch * Copyright (C) 1991 Massachusetts Institute of Technology * (See the file INSTALL for full details.) - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "adnshost.h" @@ -68,7 +68,7 @@ void *xmalloc(size_t sz) { char *xstrsave(const char *str) { char *p; - + p= xmalloc(strlen(str)+1); strcpy(p,str); return p; @@ -91,13 +91,14 @@ void of_type(const struct optioninfo *oi, const char *arg, const char *arg2) { { adns_r_rp, "rp" }, { adns_r_srv, "srv" }, { adns_r_addr, "addr" }, - + /* types with only one version */ { adns_r_cname, "cname" }, { adns_r_hinfo, "hinfo" }, { adns_r_txt, "txt" }, - + /* raw versions */ + { adns_r_aaaa, "aaaa" }, { adns_r_a, "a" }, { adns_r_ns_raw, "ns-" }, { adns_r_soa_raw, "soa-" }, @@ -186,7 +187,7 @@ static void process_optarg(const char *arg, query_do(arg); } } - + static void read_stdin(void) { int anydone, r; char *newline, *space; @@ -233,7 +234,7 @@ int main(int argc, const char *const *argv) { int r, maxfd; fd_set readfds, writefds, exceptfds; const char *arg; - + while ((arg= *++argv)) process_optarg(arg,&argv,0); if (!ov_pipe && !ads) usageerr("no domains given, and -f/--pipe not used; try --help"); diff --git a/client/adh-opts.c b/client/adh-opts.c index 08310e0..5bb7273 100644 --- a/client/adh-opts.c +++ b/client/adh-opts.c @@ -9,20 +9,20 @@ * Copyright (C) 1999-2000,2003,2006 Tony Finch * Copyright (C) 1991 Massachusetts Institute of Technology * (See the file INSTALL for full details.) - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "adnshost.h" @@ -43,7 +43,7 @@ static const struct optioninfo global_options[]= { "f", "pipe", &ov_pipe, 1 }, { ot_flag, "Allow answers to be reordered", "a", "asynch", &ov_asynch, 1 }, - + { ot_desconly, "answer/error output format and destination (see below):" }, { ot_value, "Answers to stdout, errors as messages to stderr (default)", "Fs", "fmt-simple", &ov_format, fmt_simple }, @@ -51,7 +51,7 @@ static const struct optioninfo global_options[]= { "Fi", "fmt-inline", &ov_format, fmt_inline }, { ot_value, "Fully-parseable output format (default for --asynch)", "Fa", "fmt-asynch", &ov_format, fmt_asynch }, - + { ot_desconly, "global verbosity level:" }, { ot_value, "Do not print anything to stderr", "Vq", "quiet", &ov_verbose, adns_if_noerrprint }, @@ -59,7 +59,7 @@ static const struct optioninfo global_options[]= { "Vn", "no-quiet", &ov_verbose, 0 }, { ot_value, "Debugging mode", "Vd", "debug", &ov_verbose, adns_if_debug }, - + { ot_desconly, "other global options:" }, { ot_funcarg, "Configuration to use instead of /etc/resolv.conf", 0, "config", 0,0, of_config, "" }, @@ -97,7 +97,7 @@ static const struct optioninfo perquery_options[]= { "Dt", "show-type", &ov_pqfr.show_type, 0 }, { ot_flag, "Do not display CNAME target in output", "Dc", "show-cname", &ov_pqfr.show_cname, 0 }, - + { ot_desconly, "per-query TTL mode (NB TTL is minimum across all info in reply):" }, { ot_value, "Show the TTL as a TTL", "Tt", "ttl-ttl", &ov_pqfr.ttl, tm_rel }, @@ -105,7 +105,7 @@ static const struct optioninfo perquery_options[]= { "Ta", "ttl-abs", &ov_pqfr.ttl, tm_abs }, { ot_value, "Do not show the TTL (default)", "Tn", "no-ttl", &ov_pqfr.ttl, tm_none }, - + { ot_desconly, "per-query CNAME handling mode:" }, { ot_value, "Call it an error if a CNAME is found", "Cf", "cname-reject", &ov_cname, adns_qf_cname_forbid }, @@ -113,7 +113,7 @@ static const struct optioninfo perquery_options[]= { "Cl", "cname-loose", &ov_cname, adns_qf_cname_loose }, { ot_value, "CNAME ok for query domain, but not in RRs (default)", "Cs", "cname-ok", &ov_cname, 0 }, - + { ot_desconly, "asynchronous/pipe mode options:" }, { ot_funcarg, "Set , default is decimal sequence starting 0", 0, "asynch-id", 0,0, &of_asynch_id, "id" }, @@ -132,7 +132,7 @@ static void printusage(void) { int maxsopt, maxlopt, l; maxsopt= maxlopt= 0; - + for (oiap=all_optiontables; *oiap; oiap++) { for (oip=*oiap; oip->type != ot_end; oip++) { if (oip->type == ot_funcarg) continue; @@ -144,7 +144,7 @@ static void printusage(void) { } } } - + fputs("usage: adnshost [global-opts] [query-opts] query-domain\n" " [[query-opts] query-domain ...]\n" " adnshost [global-opts] [query-opts] -f|--pipe\n", @@ -218,7 +218,7 @@ static void printusage(void) { printf("\nEscaping domains which might start with `-':\n" " - %-*s Next argument is a domain, but more options may follow\n", maxlopt+maxsopt+3, ""); - + fputs("\n" "Query domains should always be quoted according to master file format.\n" "\n" @@ -262,10 +262,10 @@ static void printusage(void) { " 11 usage problems\n" "\n" "Query types (see adns.h; default is addr):\n" - " ns soa ptr mx rp srv addr - enhanced versions\n" - " cname hinfo txt - types with only one version\n" - " a ns- soa- ptr- mx- rp- srv- - _raw versions\n" - " type - `unknown' type, RFC3597\n" + " ns soa ptr mx rp srv addr - enhanced versions\n" + " cname hinfo txt - types with only one version\n" + " a aaaa ns- soa- ptr- mx- rp- srv- - _raw versions\n" + " type - `unknown' type, RFC3597\n" "Default is addr, or ptr for -i/--ptr queries\n", stdout); if (ferror(stdout)) sysfail("write usage message",errno); commit d272961c620cdc1cab946ed20a6a7f4dab93f454 Author: Werner Koch Date: Fri May 11 16:21:02 2012 +0200 Add support for AAAA records. * src/adns.h (adns_rrtype): Add adns_r_aaaa. (adns_answer): Add member in6addr. * src/internal.h (adns__state): Change sortlist struct to allow for v6 addresses. * src/check.c (checkc_global): Fix for v6 sortlist. * src/setup.c (ccf_sortlist): Mark entries as v4. * src/types.c (search_sortlist): Ignore v6 addresses. (pa_in6addr, search_sortlist6, dip_in6addr, di_in6addr) (cs_in6addr): New. (typeinfos): Add description for the AAAA record. -- I am not sure whether the sortlist feature makes sense for v6. Although I implemented the data structures and code, there is currently no code to fill the sortlist with v6 addresses. diff --git a/src/adns.h b/src/adns.h index e86363e..feb7cb1 100644 --- a/src/adns.h +++ b/src/adns.h @@ -157,6 +157,8 @@ typedef enum { adns_r_rp_raw= 17, adns_r_rp= adns_r_rp_raw|adns__qtf_mail822, + adns_r_aaaa= 28, /* RFC3596 */ + /* For SRV records, query domain without _qf_quoteok_query must look * as expected from SRV RFC with hostname-like Name. _With_ * _quoteok_query, any query domain is allowed. */ @@ -360,6 +362,7 @@ typedef struct { adns_rr_intstr *(*manyistr); /* txt (list strs ends with i=-1, str=0)*/ adns_rr_addr *addr; /* addr */ struct in_addr *inaddr; /* a */ + struct in6_addr *in6addr; /* aaaa */ adns_rr_hostaddr *hostaddr; /* ns */ adns_rr_intstrpair *intstrpair; /* hinfo */ adns_rr_strpair *strpair; /* rp, rp_raw */ diff --git a/src/check.c b/src/check.c index bf60566..3fc145e 100644 --- a/src/check.c +++ b/src/check.c @@ -75,12 +75,23 @@ static void checkc_notcpbuf(adns_state ads) { } static void checkc_global(adns_state ads) { - int i; + int i, j; assert(ads->udpsocket >= 0); for (i=0; insortlist; i++) - assert(!(ads->sortlist[i].base.s_addr & ~ads->sortlist[i].mask.s_addr)); + { + assert (ads->sortlist[i].base.is_v6 == ads->sortlist[i].mask.is_v6); + if (ads->sortlist[i].base.is_v6) + { + for (j=0; j < 16; j++) + assert (!(ads->sortlist[i].base.u.v6.s6_addr[j] + & ~ads->sortlist[i].mask.u.v6.s6_addr[j])); + } + else + assert(!(ads->sortlist[i].base.u.v4.s_addr + & ~ads->sortlist[i].mask.u.v4.s_addr)); + } assert(ads->tcpserver >= 0 && ads->tcpserver < ads->nservers); diff --git a/src/internal.h b/src/internal.h index dbc6726..a2e8c43 100644 --- a/src/internal.h +++ b/src/internal.h @@ -337,7 +337,13 @@ struct adns__state { struct in_addr addr; } servers[MAXSERVERS]; struct sortlist { - struct in_addr base, mask; + struct { + union { + struct in_addr v4; + struct in6_addr v6; + } u; + char is_v6; + } base, mask; } sortlist[MAXSORTLIST]; char **searchlist; unsigned short rand48xsubi[3]; @@ -763,4 +769,5 @@ static inline int errno_resources(int e) { return e==ENOMEM || e==ENOBUFS; } + #endif diff --git a/src/setup.c b/src/setup.c index 413928f..6b0172c 100644 --- a/src/setup.c +++ b/src/setup.c @@ -222,8 +222,10 @@ static void ccf_sortlist(adns_state ads, const char *fn, } } - ads->sortlist[ads->nsortlist].base= base; - ads->sortlist[ads->nsortlist].mask= mask; + ads->sortlist[ads->nsortlist].base.is_v6 = 0; + ads->sortlist[ads->nsortlist].base.u.v4 = base; + ads->sortlist[ads->nsortlist].mask.is_v6 = 0; + ads->sortlist[ads->nsortlist].mask.u.v4 = mask; ads->nsortlist++; } } diff --git a/src/types.c b/src/types.c index a18aedc..c30b311 100644 --- a/src/types.c +++ b/src/types.c @@ -253,14 +253,18 @@ static adns_status pa_inaddr(const parseinfo *pai, int cbyte, return adns_s_ok; } +/* Find the first match of AD in the sortlist of the ADS state and + return its index. If not found the size of the sortlist is + returned. This is the v4 version. */ static int search_sortlist(adns_state ads, struct in_addr ad) { const struct sortlist *slp; int i; - for (i=0, slp=ads->sortlist; - insortlist && - !((ad.s_addr & slp->mask.s_addr) == slp->base.s_addr); - i++, slp++); + for (i=0, slp=ads->sortlist; i < ads->nsortlist; i++, slp++) + if (!slp->mask.is_v6 + && ((ad.s_addr & slp->mask.u.v4.s_addr) == slp->base.u.v4.s_addr)) + break; + return i; } @@ -291,6 +295,72 @@ static adns_status cs_inaddr(vbuf *vb, const void *datap) { } /* + * _in6addr (pa,dip,di) + */ + +static adns_status pa_in6addr(const parseinfo *pai, int cbyte, + int max, void *datap) { + struct in6_addr *storeto= datap; + + if (max-cbyte != 16) + return adns_s_invaliddata; + memcpy (storeto, pai->dgram + cbyte, 16); + return adns_s_ok; +} + +/* Find the first match of AD in the sortlist of the ADS state and + return its index. If not found the size of the sortlist is + returned. This is the v6 version. */ +static int search_sortlist6(adns_state ads, const struct in6_addr *ad) { + const struct sortlist *slp; + int i, j; + + for (i=0, slp=ads->sortlist; i < ads->nsortlist; i++, slp++) + { + if (slp->mask.is_v6) + { + for (j=0; j < 16 && ((ad->s6_addr[j] & slp->mask.u.v6.s6_addr[j]) + == slp->base.u.v6.s6_addr[j]); j++) + ; + if (j==16) + break; + } + } + + return i; +} + +static int dip_in6addr(adns_state ads, + const struct in6_addr *a, const struct in6_addr *b) { + int ai, bi; + + if (!ads->nsortlist) + return 0; + + ai = search_sortlist6 (ads, a); + bi = search_sortlist6 (ads, b); + return bi < ai; +} + +static int di_in6addr(adns_state ads, + const void *datap_a, const void *datap_b) { + const struct in6_addr *ap = datap_a; + const struct in6_addr *bp = datap_b; + + return dip_in6addr (ads, ap, bp); +} + +static adns_status cs_in6addr(vbuf *vb, const void *datap) { + char buffer[INET6_ADDRSTRLEN]; + + inet_ntop (AF_INET6, datap, buffer, sizeof buffer); + + CSP_ADDSTR(buffer); + return adns_s_ok; +} + + +/* * _addr (pa,di,csp,cs) */ @@ -1273,6 +1343,7 @@ DEEP_TYPE(hinfo, "HINFO", 0, intstrpair,pa_hinfo, 0, cs_hinfo ), DEEP_TYPE(mx_raw, "MX", "raw",intstr, pa_mx_raw, di_mx_raw,cs_inthost ), DEEP_TYPE(txt, "TXT", 0, manyistr,pa_txt, 0, cs_txt ), DEEP_TYPE(rp_raw, "RP", "raw",strpair, pa_rp, 0, cs_rp ), +FLAT_TYPE(aaaa, "AAAA", 0, in6addr, pa_in6addr, di_in6addr,cs_in6addr ), XTRA_TYPE(srv_raw,"SRV", "raw",srvraw , pa_srvraw, di_srv, cs_srvraw, qdpl_srv, postsort_srv), commit 98fb429d1cf42dd9f5ad87cfd9432e8c5431f140 Author: Werner Koch Date: Fri May 11 16:11:11 2012 +0200 Fix class A detection for the sortlist. * src/setup.c (ccf_sortlist): Mask BASELOCAL and 0 or 1. diff --git a/src/setup.c b/src/setup.c index 6ebe2a3..413928f 100644 --- a/src/setup.c +++ b/src/setup.c @@ -208,7 +208,7 @@ static void ccf_sortlist(adns_state ads, const char *fn, } } else { baselocal= ntohl(base.s_addr); - if (!baselocal & 0x080000000UL) /* class A */ + if (!(baselocal & 0x080000000UL)) /* class A */ mask.s_addr= htonl(0x0ff000000UL); else if ((baselocal & 0x0c0000000UL) == 0x080000000UL) mask.s_addr= htonl(0x0ffff0000UL); /* class B */ commit 56606a50a5d945e28315bf14d649e07e80119de9 Author: Werner Koch Date: Fri May 11 16:23:33 2012 +0200 Ignore output from regression tests. -- diff --git a/.gitignore b/.gitignore index 9aedff9..f1a3ef2 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,7 @@ regress/fanftest_record regress/harness.h regress/hredirect.h regress/hsyscalls.h +regress/output-* src/stamp-h1 src/adns-config src/libadns.la commit 04f9d8f7248fef6b6038a42806703ad69100e1b2 Author: Werner Koch Date: Fri May 11 11:32:31 2012 +0200 Remove trailing white space. -- diff --git a/src/adns.h b/src/adns.h index f26b7ba..e86363e 100644 --- a/src/adns.h +++ b/src/adns.h @@ -16,25 +16,25 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * + * * For the benefit of certain LGPL'd `omnibus' software which * provides a uniform interface to various things including adns, I * make the following additional licence. I do this because the GPL * would otherwise force either the omnibus software to be GPL'd or * the adns-using part to be distributed separately. - * + * * So: you may also redistribute and/or modify adns.h (but only the * public header file adns.h and not any other part of adns) under the * terms of the GNU Library General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at * your option) any later version. - * + * * Note that adns itself is GPL'd. Authors of adns-using applications * with GPL-incompatible licences, and people who distribute adns with * applications where the whole distribution is not GPL'd, are still @@ -63,7 +63,7 @@ #include #ifdef _WIN32 -# include +# include #else # include # include @@ -133,27 +133,27 @@ typedef enum { * Don't forget adns_qf_quoteok if that's what you want. */ adns_r_none= 0, - + adns_r_a= 1, - + adns_r_ns_raw= 2, adns_r_ns= adns_r_ns_raw|adns__qtf_deref, - + adns_r_cname= 5, - + adns_r_soa_raw= 6, - adns_r_soa= adns_r_soa_raw|adns__qtf_mail822, - + adns_r_soa= adns_r_soa_raw|adns__qtf_mail822, + adns_r_ptr_raw= 12, /* do not mind PTR with wrong or missing A */ adns_r_ptr= adns_r_ptr_raw|adns__qtf_deref, - - adns_r_hinfo= 13, - + + adns_r_hinfo= 13, + adns_r_mx_raw= 15, adns_r_mx= adns_r_mx_raw|adns__qtf_deref, - + adns_r_txt= 16, - + adns_r_rp_raw= 17, adns_r_rp= adns_r_rp_raw|adns__qtf_mail822, @@ -162,9 +162,9 @@ typedef enum { * _quoteok_query, any query domain is allowed. */ adns_r_srv_raw= 33, adns_r_srv= adns_r_srv_raw|adns__qtf_deref, - + adns_r_addr= adns_r_a|adns__qtf_deref - + } adns_rrtype; /* @@ -172,7 +172,7 @@ typedef enum { * legal syntax, or you get adns_s_querydomainvalid (if the query * domain contains bad characters) or adns_s_answerdomaininvalid (if * the answer contains bad characters). - * + * * In queries _with_ qf_quoteok_*, domains in the query or response * may contain any characters, quoted according to RFC1035 5.1. On * input to adns, the char* is a pointer to the interior of a " @@ -244,7 +244,7 @@ typedef enum { adns_s_systemfail, adns_s_max_localfail= 29, - + /* remotely induced errors, detected locally */ adns_s_timeout, adns_s_allservfail, @@ -253,7 +253,7 @@ typedef enum { adns_s_unknownformat, adns_s_max_remotefail= 59, - + /* remotely induced errors, reported by remote server to us */ adns_s_rcodeservfail, adns_s_rcodeformaterror, @@ -269,14 +269,14 @@ typedef enum { adns_s_answerdomaininvalid, adns_s_answerdomaintoolong, adns_s_invaliddata, - + adns_s_max_misconfig= 199, /* permanent problems with the query */ adns_s_querydomainwrong, adns_s_querydomaininvalid, adns_s_querydomaintoolong, - + adns_s_max_misquery= 299, /* permanent errors */ @@ -284,7 +284,7 @@ typedef enum { adns_s_nodata, adns_s_max_permfail= 499 - + } adns_status; typedef struct { @@ -390,7 +390,7 @@ typedef struct { * (eg, failure to create sockets, malloc failure, etc.) return errno * values. EINVAL from _init et al means the configuration file * is erroneous and cannot be parsed. - * + * * For _wait and _check failures are reported in the answer * structure, and only 0, ESRCH or (for _check) EAGAIN is * returned: if no (appropriate) requests are done adns_check returns @@ -446,7 +446,7 @@ int adns_init_logfn(adns_state *newstate_r, adns_initflags flags, * is set later overrides any that is set earlier. * * Standard directives understood in resolv[-adns].conf: - * + * * nameserver

* Must be followed by the IP address of a nameserver. Several * nameservers may be specified, and they will be tried in the order @@ -510,7 +510,7 @@ int adns_init_logfn(adns_state *newstate_r, adns_initflags flags, * Changes the consistency checking frequency; this overrides the * setting of adns_if_check_entex, adns_if_check_freq, or neither, * in the flags passed to adns_init. - * + * * There are a number of environment variables which can modify the * behaviour of adns. They take effect only if adns_init is used, and * the caller of adns_init can disable them using adns_if_noenv. In @@ -706,7 +706,7 @@ void adns_firsttimeout(adns_state ads, struct timeval now); /* Asks adns when it would first like the opportunity to time * something out. now must be the current time, from gettimeofday. - * + * * If tv_mod points to 0 then tv_buf must be non-null, and * _firsttimeout will fill in *tv_buf with the time until the first * timeout, and make *tv_mod point to tv_buf. If adns doesn't have @@ -795,7 +795,7 @@ int adns_beforepoll(adns_state ads, struct pollfd *fds, /* Finds out which fd's adns is interested in, and when it would like * to be able to time things out. This is in a form suitable for use * with poll(2). - * + * * On entry, usually fds should point to at least *nfds_io structs. * adns will fill up to that many structs will information for poll, * and record in *nfds_io how many structs it filled. If it wants to diff --git a/src/check.c b/src/check.c index 41cdde5..bf60566 100644 --- a/src/check.c +++ b/src/check.c @@ -8,20 +8,20 @@ * Copyright (C) 1999-2000,2003,2006 Tony Finch * Copyright (C) 1991 Massachusetts Institute of Technology * (See the file INSTALL for full details.) - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "internal.h" @@ -76,14 +76,14 @@ static void checkc_notcpbuf(adns_state ads) { static void checkc_global(adns_state ads) { int i; - + assert(ads->udpsocket >= 0); for (i=0; insortlist; i++) assert(!(ads->sortlist[i].base.s_addr & ~ads->sortlist[i].mask.s_addr)); assert(ads->tcpserver >= 0 && ads->tcpserver < ads->nservers); - + switch (ads->tcpstate) { case server_connecting: assert(ads->tcpsocket >= 0); @@ -107,7 +107,7 @@ static void checkc_global(adns_state ads) { static void checkc_queue_udpw(adns_state ads) { adns_query qu; - + DLIST_CHECK(ads->udpw, qu, , { assert(qu->state==query_tosend); assert(qu->retries <= UDPMAXRETRIES); @@ -120,7 +120,7 @@ static void checkc_queue_udpw(adns_state ads) { static void checkc_queue_tcpw(adns_state ads) { adns_query qu; - + DLIST_CHECK(ads->tcpw, qu, , { assert(qu->state==query_tcpw); assert(!qu->children.head && !qu->children.tail); @@ -147,7 +147,7 @@ static void checkc_queue_childw(adns_state ads) { static void checkc_queue_output(adns_state ads) { adns_query qu; - + DLIST_CHECK(ads->output, qu, , { assert(qu->state == query_done); assert(!qu->children.head && !qu->children.tail); @@ -159,7 +159,7 @@ static void checkc_queue_output(adns_state ads) { void adns__consistency(adns_state ads, adns_query qu, consistency_checks cc) { adns_query search; - + switch (cc) { case cc_user: break; diff --git a/src/setup.c b/src/setup.c index a9e3726..6ebe2a3 100644 --- a/src/setup.c +++ b/src/setup.c @@ -9,20 +9,20 @@ * Copyright (C) 1999-2000,2003,2006 Tony Finch * Copyright (C) 1991 Massachusetts Institute of Technology * (See the file INSTALL for full details.) - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include @@ -51,14 +51,14 @@ static void readconfig(adns_state ads, const char *filename, int warnmissing); static void addserver(adns_state ads, struct in_addr addr) { int i; struct server *ss; - + for (i=0; inservers; i++) { if (ads->servers[i].addr.s_addr == addr.s_addr) { adns__debug(ads,-1,0,"duplicate nameserver %s ignored",inet_ntoa(addr)); return; } } - + if (ads->nservers>=MAXSERVERS) { adns__diag(ads,-1,0,"too many nameservers, ignoring %s",inet_ntoa(addr)); return; @@ -113,7 +113,7 @@ static int nextword(const char **bufp_io, const char **word_r, int *l_r) { static void ccf_nameserver(adns_state ads, const char *fn, int lno, const char *buf) { struct in_addr ia; - + if (!adns__inet_aton(buf,&ia)) { configparseerr(ads,fn,lno,"invalid nameserver address `%s'",buf); return; @@ -164,7 +164,7 @@ static void ccf_sortlist(adns_state ads, const char *fn, unsigned long initial, baselocal; if (!buf) return; - + ads->nsortlist= 0; while (nextword(&buf,&word,&l)) { if (ads->nsortlist >= MAXSORTLIST) { @@ -177,11 +177,11 @@ static void ccf_sortlist(adns_state ads, const char *fn, configparseerr(ads,fn,lno,"sortlist entry `%.*s' too long",l,word); continue; } - + memcpy(tbuf,word,l); tbuf[l]= 0; slash= strchr(tbuf,'/'); if (slash) *slash++= 0; - + if (!adns__inet_aton(tbuf,&base)) { configparseerr(ads,fn,lno,"invalid address `%s' in sortlist",tbuf); continue; @@ -343,7 +343,7 @@ static int gl_file(adns_state ads, getline_ctx *src_io, const char *filename, p= buf; buflen--; i= 0; - + for (;;) { /* loop over chars */ if (i == buflen) { adns__diag(ads,-1,0,"%s:%d: line too long, ignored",filename,lno); @@ -395,7 +395,7 @@ static int gl_text(adns_state ads, getline_ctx *src_io, const char *filename, saveerr(ads,EINVAL); return -2; } - + memcpy(buf,cp,l); buf[l]= 0; return l; @@ -452,7 +452,7 @@ static const char *instrum_getenv(adns_state ads, const char *envvar) { static void readconfig(adns_state ads, const char *filename, int warnmissing) { getline_ctx gl_ctx; - + gl_ctx.file= fopen(filename,"r"); if (!gl_ctx.file) { if (errno == ENOENT) { @@ -468,18 +468,18 @@ static void readconfig(adns_state ads, const char *filename, int warnmissing) { } readconfiggeneric(ads,filename,gl_file,gl_ctx); - + fclose(gl_ctx.file); } static void readconfigtext(adns_state ads, const char *text, const char *showname) { getline_ctx gl_ctx; - + gl_ctx.text= text; readconfiggeneric(ads,showname,gl_text,gl_ctx); } - + static void readconfigenv(adns_state ads, const char *envvar) { const char *filename; @@ -563,7 +563,7 @@ static int init_finish(adns_state ads) { struct in_addr ia; struct protoent *proto; int r; - + if (!ads->nservers) { if (ads->logfn && ads->iflags & adns_if_debug) adns__lprintf(ads,"adns: no nameservers, using localhost\n"); @@ -577,7 +577,7 @@ static int init_finish(adns_state ads) { r= adns__setnonblock(ads,ads->udpsocket); if (r) { r= errno; goto x_closeudp; } - + return 0; x_closeudp: @@ -638,11 +638,11 @@ read_w32_init_files (adns_state ads) { } else { for(pip = &(network_info->DnsServerList); pip; pip = pip->Next) { - adns__debug (ads,-1,0,"network_info->DnsServer = `%s'", + adns__debug (ads,-1,0,"network_info->DnsServer = `%s'", pip->IpAddress.String); addr.s_addr = inet_addr(pip->IpAddress.String); if ((addr.s_addr != INADDR_ANY) && (addr.s_addr != INADDR_NONE)) - addserver(ads, addr); + addserver(ads, addr); } } } @@ -654,10 +654,10 @@ static int init_files(adns_state *ads_r, adns_initflags flags, adns_state ads; const char *res_options, *adns_res_options; int r; - + r= init_begin(&ads, flags, logfn, logfndata); if (r) return r; - + res_options= instrum_getenv(ads,"RES_OPTIONS"); adns_res_options= instrum_getenv(ads,"ADNS_RES_OPTIONS"); ccf_options(ads,"RES_OPTIONS",-1,res_options); @@ -766,7 +766,7 @@ void adns_forallqueries_begin(adns_state ads) { ads->childw.head ? ads->childw.head : ads->output.head; } - + adns_query adns_forallqueries_next(adns_state ads, void **context_r) { adns_query qu, nqu; diff --git a/src/types.c b/src/types.c index 7845388..a18aedc 100644 --- a/src/types.c +++ b/src/types.c @@ -8,20 +8,20 @@ * Copyright (C) 1999-2000,2003,2006 Tony Finch * Copyright (C) 1991 Massachusetts Institute of Technology * (See the file INSTALL for full details.) - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include @@ -100,17 +100,17 @@ static adns_status pap_qstring(const parseinfo *pai, int *cbyte_io, int max, if (cbyte >= max) return adns_s_invaliddata; GET_B(cbyte,l); if (cbyte+l > max) return adns_s_invaliddata; - + str= adns__alloc_interim(pai->qu, l+1); if (!str) R_NOMEM; - + str[l]= 0; memcpy(str,dgram+cbyte,l); *len_r= l; *str_r= str; *cbyte_io= cbyte+l; - + return adns_s_ok; } @@ -134,7 +134,7 @@ static adns_status csp_qstring(vbuf *vb, const char *dp, int len) { } } CSP_ADDSTR("\""); - + return adns_s_ok; } @@ -208,7 +208,7 @@ static adns_status pa_txt(const parseinfo *pai, int cbyte, te->i= -1; te->str= 0; - + *rrp= table; return adns_s_ok; } @@ -247,7 +247,7 @@ static adns_status cs_hinfo(vbuf *vb, const void *datap) { static adns_status pa_inaddr(const parseinfo *pai, int cbyte, int max, void *datap) { struct in_addr *storeto= datap; - + if (max-cbyte != 4) return adns_s_invaliddata; memcpy(storeto, pai->dgram + cbyte, 4); return adns_s_ok; @@ -256,7 +256,7 @@ static adns_status pa_inaddr(const parseinfo *pai, int cbyte, static int search_sortlist(adns_state ads, struct in_addr ad) { const struct sortlist *slp; int i; - + for (i=0, slp=ads->sortlist; insortlist && !((ad.s_addr & slp->mask.s_addr) == slp->base.s_addr); @@ -266,7 +266,7 @@ static int search_sortlist(adns_state ads, struct in_addr ad) { static int dip_inaddr(adns_state ads, struct in_addr a, struct in_addr b) { int ai, bi; - + if (!ads->nsortlist) return 0; ai= search_sortlist(ads,a); @@ -318,7 +318,7 @@ static int div_addr(void *context, const void *datap_a, const void *datap_b) { const adns_state ads= context; return di_addr(ads, datap_a, datap_b); -} +} static adns_status csp_addr(vbuf *vb, const adns_rr_addr *rrp) { const char *ia; @@ -353,7 +353,7 @@ static adns_status pap_domain(const parseinfo *pai, int *cbyte_io, int max, char **domain_r, parsedomain_flags flags) { adns_status st; char *dm; - + st= adns__parse_domain(pai->qu->ads, pai->serv, pai->qu, &pai->qu->vb, flags, pai->dgram,pai->dglen, cbyte_io, max); if (st) return st; @@ -364,7 +364,7 @@ static adns_status pap_domain(const parseinfo *pai, int *cbyte_io, int max, dm[pai->qu->vb.used]= 0; memcpy(dm,pai->qu->vb.buf,pai->qu->vb.used); - + *domain_r= dm; return adns_s_ok; } @@ -387,7 +387,7 @@ static adns_status pa_dom_raw(const parseinfo *pai, int cbyte, st= pap_domain(pai, &cbyte, max, rrp, pdf_quoteok); if (st) return st; - + if (cbyte != max) return adns_s_invaliddata; return adns_s_ok; } @@ -404,7 +404,7 @@ static adns_status pa_host_raw(const parseinfo *pai, int cbyte, st= pap_domain(pai, &cbyte, max, rrp, pai->qu->flags & adns_qf_quoteok_anshost ? pdf_quoteok : 0); if (st) return st; - + if (cbyte != max) return adns_s_invaliddata; return adns_s_ok; } @@ -419,7 +419,7 @@ static adns_status pap_findaddrs(const parseinfo *pai, adns_rr_hostaddr *ha, int type, class, rdlen, rdstart, ownermatched; unsigned long ttl; adns_status st; - + for (rri=0, naddrs=-1; rriqu, pai->serv, pai->dgram, pai->dglen, cbyte_io, @@ -510,10 +510,10 @@ static adns_status pap_hostaddr(const parseinfo *pai, int *cbyte_io, ctx.ext= 0; ctx.callback= icb_hostaddr; ctx.info.hostaddr= rrp; - + nflags= adns_qf_quoteok_query; if (!(pai->qu->flags & adns_qf_cname_loose)) nflags |= adns_qf_cname_forbid; - + st= adns__internal_submit(pai->ads, &nqu, adns__findtype(adns_r_addr), &pai->qu->vb, id, nflags, pai->now, &ctx); if (st) return st; @@ -589,7 +589,7 @@ static adns_status csp_hostaddr(vbuf *vb, const adns_rr_hostaddr *rrp) { errstr= adns_strerror(rrp->astatus); st= csp_qstring(vb,errstr,strlen(errstr)); if (st) return st; - + if (rrp->naddrs >= 0) { CSP_ADDSTR(" ("); for (i=0; inaddrs; i++) { @@ -626,7 +626,7 @@ static adns_status pa_mx_raw(const parseinfo *pai, int cbyte, st= pap_domain(pai, &cbyte, max, &rrp->str, pai->qu->flags & adns_qf_quoteok_anshost ? pdf_quoteok : 0); if (st) return st; - + if (cbyte != max) return adns_s_invaliddata; return adns_s_ok; } @@ -655,7 +655,7 @@ static adns_status pa_mx(const parseinfo *pai, int cbyte, rrp->i= pref; st= pap_hostaddr(pai, &cbyte, max, &rrp->ha); if (st) return st; - + if (cbyte != max) return adns_s_invaliddata; return adns_s_ok; } @@ -739,7 +739,7 @@ static void icb_ptr(adns_query parent, adns_query child) { static adns_status pa_ptr(const parseinfo *pai, int dmstart, int max, void *datap) { static const char *const (expectdomain[])= { DNS_INADDR_ARPA }; - + char **rrp= datap; adns_status st; adns_rr_addr *ap; @@ -781,7 +781,7 @@ static adns_status pa_ptr(const parseinfo *pai, int dmstart, } st= adns__findlabel_next(&fls,&lablen,0); assert(!st); if (lablen) return adns_s_querydomainwrong; - + ap->len= sizeof(struct sockaddr_in); memset(&ap->addr,0,sizeof(ap->addr.inet)); ap->addr.inet.sin_family= AF_INET; @@ -845,7 +845,7 @@ static adns_status pa_hinfo(const parseinfo *pai, int cbyte, } if (cbyte != max) return adns_s_invaliddata; - + return adns_s_ok; } @@ -950,7 +950,7 @@ static adns_status cs_rp(vbuf *vb, const void *datap) { st= csp_domain(vb,rrp->array[1]); if (st) return st; return adns_s_ok; -} +} /* * _soa (pa,mf,cs) @@ -971,7 +971,7 @@ static adns_status pa_soa(const parseinfo *pai, int cbyte, if (st) return st; if (cbyte+20 != max) return adns_s_invaliddata; - + for (i=0; i<5; i++) { GET_W(cbyte,msw); GET_W(cbyte,lsw); @@ -993,7 +993,7 @@ static adns_status cs_soa(vbuf *vb, const void *datap) { char buf[20]; int i; adns_status st; - + st= csp_domain(vb,rrp->mname); if (st) return st; CSP_ADDSTR(" "); st= csp_mailbox(vb,rrp->rname); if (st) return st; @@ -1047,7 +1047,7 @@ static adns_status pap_srv_begin(const parseinfo *pai, int *cbyte_io, int max, cbyte= *cbyte_io; if ((*cbyte_io += 6) > max) return adns_s_invaliddata; - + rrp->priority= GET_W(cbyte, ti); rrp->weight= GET_W(cbyte, ti); rrp->port= GET_W(cbyte, ti); @@ -1061,11 +1061,11 @@ static adns_status pa_srvraw(const parseinfo *pai, int cbyte, st= pap_srv_begin(pai,&cbyte,max,datap); if (st) return st; - + st= pap_domain(pai, &cbyte, max, &rrp->host, pai->qu->flags & adns_qf_quoteok_anshost ? pdf_quoteok : 0); if (st) return st; - + if (cbyte != max) return adns_s_invaliddata; return adns_s_ok; } @@ -1111,7 +1111,7 @@ static adns_status csp_srv_begin(vbuf *vb, const adns_rr_srvha *rrp static adns_status cs_srvraw(vbuf *vb, const void *datap) { const adns_rr_srvraw *rrp= datap; adns_status st; - + st= csp_srv_begin(vb,(const void*)rrp); if (st) return st; return csp_domain(vb,rrp->host); } @@ -1141,7 +1141,7 @@ static void postsort_srv(adns_state ads, void *array, int nrrs, workbegin < arrayend; workbegin= workend) { cpriority= (rr=(void*)workbegin)->priority; - + for (workend= workbegin, totalweight= 0; workend < arrayend && (rr=(void*)workend)->priority == cpriority; workend += typei->rrsz) { @@ -1157,7 +1157,7 @@ static void postsort_srv(adns_state ads, void *array, int nrrs, for (; workbegin + typei->rrsz < workend; /* don't bother if just one */ workbegin += typei->rrsz) { - + randval= nrand48(ads->rand48xsubi); randval %= (totalweight + 1); /* makes it into 0..totalweight inclusive; with 2^10 RRs, @@ -1219,7 +1219,7 @@ static adns_status cs_opaque(vbuf *vb, const void *datap) { sprintf(buf,"\\# %d",rrp->len); CSP_ADDSTR(buf); - + for (l= rrp->len, p= rrp->data; l>=4; l -= 4, p += 4) { @@ -1234,7 +1234,7 @@ static adns_status cs_opaque(vbuf *vb, const void *datap) { } return adns_s_ok; } - + /* * _flat (mf) */ ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 + client/adh-main.c | 19 ++++--- client/adh-opts.c | 34 ++++++------ src/adns.h | 61 +++++++++++---------- src/check.c | 35 ++++++++---- src/internal.h | 9 +++- src/setup.c | 54 ++++++++++--------- src/types.c | 153 ++++++++++++++++++++++++++++++++++++++-------------- 8 files changed, 231 insertions(+), 135 deletions(-) hooks/post-receive -- ADNS migrated to autotools/libtool http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 11 19:52:09 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 11 May 2012 19:52:09 +0200 Subject: [git] ADNS-g10 - branch, master, updated. c48081176749273e402f10701c5f0d345a98464d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "ADNS migrated to autotools/libtool". The branch, master has been updated via c48081176749273e402f10701c5f0d345a98464d (commit) from fefa444526f34dd242506c6b77e102cfb025dcbd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c48081176749273e402f10701c5f0d345a98464d Author: Werner Koch Date: Fri May 11 18:44:02 2012 +0200 Automagically provide a beta version number. Also fixed the extra file version for Windows. diff --git a/NEWS b/NEWS index 5bbed00..49d33f6 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,11 @@ +Noteworthy changes in version 1.4-g10-3 (unreleased) +---------------------------------------------------- + + * Add support AAAA records. + + * + + Noteworthy changes in version 1.4-g10-2 (2008-05-08) ---------------------------------------------------- diff --git a/autogen.sh b/autogen.sh index 7e52bfa..2ce32bc 100755 --- a/autogen.sh +++ b/autogen.sh @@ -50,9 +50,9 @@ if test "$1" = "--build-w32"; then [ -z "$w32root" ] && w32root="$HOME/w32root" echo "Using $w32root as standard install directory" >&2 - + crossbindir= - for host in i586-mingw32msvc i386-mingw32msvc mingw32; do + for host in i586-mingw32msvc i386-mingw32msvc i686-w64-mingw32 mingw32; do if ${host}-gcc --version >/dev/null 2>&1 ; then crossbindir=/usr/${host}/bin conf_CC="CC=${host}-gcc" @@ -62,12 +62,12 @@ if test "$1" = "--build-w32"; then if [ -z "$crossbindir" ]; then echo "Cross compiler kit not installed" >&2 echo "Under Debian GNU/Linux, you may install it using" >&2 - echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 + echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 echo "Stop." >&2 exit 1 fi - - + + if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then echo "Pease run a 'make distclean' first" >&2 @@ -84,19 +84,19 @@ fi # Grep the required versions from configure.ac -autoconf_vers=`sed -n '/^AC_PREREQ(/ { +autoconf_vers=`sed -n '/^AC_PREREQ(/ { s/^.*($.*$)/\1/p q }' ${configure_ac}` autoconf_vers_num=`echo "$autoconf_vers" | cvtver` -automake_vers=`sed -n '/^min_automake_version=/ { +automake_vers=`sed -n '/^min_automake_version=/ { s/^.*="$.*$"/\1/p q }' ${configure_ac}` automake_vers_num=`echo "$automake_vers" | cvtver` -#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { +#gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { #s/^.*($.*$)/\1/p #q #}' ${configure_ac}` @@ -135,9 +135,9 @@ fi if test "$DIE" = "yes"; then cat <. @@ -24,7 +24,28 @@ AC_PREREQ(2.61) min_automake_version="1.10" -AC_INIT([adns], [1.4-g10-2], [bug-adns at g10code.com]) +# To build a release you need to create a tag with the version number +# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please +# bump the version number immediately *after* the release and do +# another commit and push so that the git magic is able to work. +# See below for the LT version numbers. +m4_define([mym4_version], [1.4-g10-3]) + +# Below is m4 magic to extract and compute the git revision number, +# the decimalized short revision number, a beta version string and a +# flag indicating a development version (mym4_isgit). Note that the +# m4 processing is done by autoconf and not during the configure run. +m4_define([mym4_revision], m4_esyscmd([git branch -v 2>/dev/null \ + | awk '/^\* / {printf "%s",$3}'])) +m4_define([mym4_revision_dec], + m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))])) +m4_define([mym4_betastring], + m4_esyscmd_s([git describe --match 'adns-1.4-g10-*[0-9]' --long|\ + awk -F- '$5!=0{print"-beta"$5}'])) +m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) +m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) + +AC_INIT([adns], [mym4_full_version], [bug-adns at g10code.com]) # LT Version numbers: Remember to change them just *before* a release. # (Interfaces removed: CURRENT++, AGE=0, REVISION=0) @@ -34,6 +55,7 @@ AC_INIT([adns], [1.4-g10-2], [bug-adns at g10code.com]) ADNS_LT_CURRENT=4 ADNS_LT_AGE=3 ADNS_LT_REVISION=0 + # If the API is changed in an incompatible way: increment this counter. ADNS_CONFIG_API_VERSION=1 @@ -70,8 +92,8 @@ AC_PROG_MAKE_SET AC_CHECK_PROGS(M4, m4) AC_C_INLINE -# -# Libtool stuff +# +# Libtool stuff # AC_LIBTOOL_WIN32_DLL AC_LIBTOOL_RC @@ -120,7 +142,7 @@ case "${host}" in have_w32_system=yes # We need to pass HAVE_W32_SYSTEM on the command line because # config.h is not always included first but we need to include - # some header files conditionally. Note that in the public + # some header files conditionally. Note that in the public # header file (adns.h) we need to use the _WIN32 macro despite # that it is very questionable whether Windows is win. PLATFORMCPPFLAGS="-DHAVE_W32_SYSTEM" @@ -136,7 +158,7 @@ AC_SUBST(PLATFORMCPPFLAGS) AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) -# For some systems we know that we have ld_version scripts. +# For some systems we know that we have ld_version scripts. # Use it then as default. have_ld_version_script=no case "${host}" in @@ -209,7 +231,7 @@ fi fi -# Check for required network libraries. +# Check for required network libraries. if test "$have_w32_system" = yes; then LIBS="$LIBS -lws2_32 -liphlpapi" else @@ -232,19 +254,18 @@ AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) # Generate extended version information for W32. if test "$have_w32_system" = yes; then + BUILD_REVISION=mym4_revision BUILD_TIMESTAMP=`date --iso-8601=minutes` - changequote(,)dnl - BUILD_FILEVERSION=`echo "$PACKAGE_VERSION" \ - | sed 's/$[0-9.]*$.*/\1./;s/\./,/g'` + changequote(,)dnl + BUILD_FILEVERSION=`echo "$PACKAGE_VERSION" \ + | sed 's/$[0-9.]*$-g10-$[0-9]*$.*/\1.\2./;s/\./,/g'` changequote([,])dnl - BUILD_REVISION=0 - BUILD_FILEVERSION="${BUILD_FILEVERSION}${BUILD_REVISION}" + BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec" fi AC_SUBST(BUILD_REVISION) AC_SUBST(BUILD_TIMESTAMP) AC_SUBST(BUILD_FILEVERSION) -#needed? AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", -# [Subversion revision used to build this package]) + # @@ -331,7 +352,8 @@ AC_OUTPUT echo " adns v${PACKAGE_VERSION} has been configured as follows: - + + Revision: mym4_revision (mym4_revision_dec) Platform: $host " ----------------------------------------------------------------------- Summary of changes: NEWS | 8 ++++++++ autogen.sh | 20 ++++++++++---------- configure.ac | 58 ++++++++++++++++++++++++++++++++++++++++------------------ 3 files changed, 58 insertions(+), 28 deletions(-) hooks/post-receive -- ADNS migrated to autotools/libtool http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 14 11:35:23 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 14 May 2012 11:35:23 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-31-g39c123b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 39c123b729a472ace039f8536d07f8b9a5f4675a (commit) from dcef6b7836428f1fc10af02e431cf6ab112dc13d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 39c123b729a472ace039f8536d07f8b9a5f4675a Author: Werner Koch Date: Mon May 14 10:26:25 2012 +0200 Add curve aliases from RFC-5656. * cipher/ecc.c (curve_aliases): Add "nistp???" entries. diff --git a/cipher/ecc.c b/cipher/ecc.c index bbff7ee..70431fe 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -96,19 +96,24 @@ static const struct { "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */ { "NIST P-192", "prime192v1" }, /* X9.62 name. */ { "NIST P-192", "secp192r1" }, /* SECP name. */ + { "NIST P-192", "nistp192" }, /* rfc5656. */ { "NIST P-224", "secp224r1" }, { "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */ + { "NIST P-224", "nistp224" }, /* rfc5656. */ { "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */ { "NIST P-256", "prime256v1" }, { "NIST P-256", "secp256r1" }, + { "NIST P-256", "nistp256" }, /* rfc5656. */ { "NIST P-384", "secp384r1" }, { "NIST P-384", "1.3.132.0.34" }, + { "NIST P-384", "nistp384" }, /* rfc5656. */ { "NIST P-521", "secp521r1" }, { "NIST P-521", "1.3.132.0.35" }, + { "NIST P-521", "nistp521" }, /* rfc5656. */ { "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" }, { "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" }, ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 24 11:24:28 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 24 May 2012 11:24:28 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-79-gfc00d3f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fc00d3fcb201476b3495f47138fa35b71c52f403 (commit) via f8a8c71c41bc1893df8af6ce522876ccbf6240a9 (commit) from 68777b40dcf215305a325185f6bd9cfd6dcc0542 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fc00d3fcb201476b3495f47138fa35b71c52f403 Author: Werner Koch Date: Thu May 24 10:13:39 2012 +0200 Print the hash algorithm in colon mode key listing. * g10/keylist.c (list_keyblock_colon): Print digest_algo. diff --git a/NEWS b/NEWS index fd721da..a8352ca 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,8 @@ Noteworthy changes in version 2.1.0beta4 (unreleased) * Removed support for the original HKP keyserver which is not anymore used by any site. + * The hash algorithm is now printed for sig records in key listings. + Noteworthy changes in version 2.1.0beta3 (2011-12-20) ----------------------------------------------------- diff --git a/doc/DETAILS b/doc/DETAILS index 955e850..59434f1 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -3,8 +3,8 @@ Format of colon listings ======================== First an example: -$ gpg --fixed-list-mode --with-colons --list-keys \ - --with-fingerprint --with-fingerprint wk at gnupg.org +$ gpg --with-colons --list-keys \ + --with-fingerprint --with-fingerprint wk at gnupg.org pub:f:1024:17:6C7EE1B8621CC013:899817715:1055898235::m:::scESC: fpr:::::::::ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013: @@ -151,6 +151,10 @@ record; gpg2 does this by default and the option is a dummy. 15. Field Used in sec/sbb to print the serial number of a token (internal protect mode 1002) or a '#' if that key is a simple stub (internal protect mode 1001) +16. Field: For sig records, this is the used hash algorithm: + 2 = SHA-1 + 8 = SHA-256 + (for other id's see include/cipher.h) All dates are displayed in the format yyyy-mm-dd unless you use the option --fixed-list-mode in which case they are displayed as seconds diff --git a/g10/keylist.c b/g10/keylist.c index e8ccabc..87f3a4b 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1398,20 +1398,16 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr) es_write_sanitized (es_stdout, p, n, ":", NULL); xfree (p); } - es_fprintf (es_stdout, ":%02x%c:", sig->sig_class, + es_fprintf (es_stdout, ":%02x%c::", sig->sig_class, sig->flags.exportable ? 'x' : 'l'); if (opt.no_sig_cache && opt.check_sigs && fprokay) { - es_putc (':', es_stdout); - for (i = 0; i < fplen; i++) es_fprintf (es_stdout, "%02X", fparray[i]); - - es_putc (':', es_stdout); } - es_fprintf (es_stdout, "\n"); + es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo); if (opt.show_subpackets) print_subpackets_colon (sig); commit f8a8c71c41bc1893df8af6ce522876ccbf6240a9 Author: Werner Koch Date: Thu May 24 10:11:49 2012 +0200 Fix type conflict warning. * g10/keylist.c: Change min_cert_level to a byte. diff --git a/g10/keylist.c b/g10/keylist.c index cd868bf..e8ccabc 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -66,8 +66,8 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode) { if (opt.with_colons) { - byte trust_model, marginals, completes, cert_depth; - ulong created, nextcheck, min_cert_level; + byte trust_model, marginals, completes, cert_depth, min_cert_level; + ulong created, nextcheck; read_trust_options (&trust_model, &created, &nextcheck, &marginals, &completes, &cert_depth, &min_cert_level); ----------------------------------------------------------------------- Summary of changes: NEWS | 2 ++ doc/DETAILS | 8 ++++++-- g10/keylist.c | 12 ++++-------- 3 files changed, 12 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 24 12:04:37 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 24 May 2012 12:04:37 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.19-8-gb8d7b33 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via b8d7b33d69e54feb1fcd2e87b8ffc260b0ba81e4 (commit) via a4b22d8edf31feb2cd09805a36ec662d8c6e0a09 (commit) from 3f75b9ca00fc24e35bd16e91b7b1b18616447ff2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b8d7b33d69e54feb1fcd2e87b8ffc260b0ba81e4 Author: Werner Koch Date: Thu May 24 10:55:11 2012 +0200 Add provisions to build with Libgcrypt 1.6. Replace gcry_md_start_debug by gcry_md_debug in all files. * agent/gpg-agent.c (fixed_gcry_pth_init): Use only if GCRY_THREAD_OPTION_VERSION is 0 * scd/scdaemon.c (fixed_gcry_pth_init): Ditto. -- Libgcrypt 1.6 will have some minor API changes. In particular some deprecated macros and functions will be removed. PTH will also be dropped in favor of a thread model neutral locking method. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index b00d899..ba25875 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -278,11 +278,12 @@ static int check_for_running_agent (int silent, int mode); ASSUAN_SYSTEM_PTH_IMPL; GCRY_THREAD_OPTION_PTH_IMPL; +#if GCRY_THREAD_OPTION_VERSION < 1 static int fixed_gcry_pth_init (void) { return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; } - +#endif #ifndef PTH_HAVE_PTH_THREAD_ID static unsigned long pth_thread_id (void) @@ -594,7 +595,9 @@ main (int argc, char **argv ) /* Libgcrypt requires us to register the threading model first. Note that this will also do the pth_init. */ +#if GCRY_THREAD_OPTION_VERSION < 1 gcry_threads_pth.init = fixed_gcry_pth_init; +#endif err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); if (err) { diff --git a/g10/cipher.c b/g10/cipher.c index f0dc577..10f0ebb 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -61,12 +61,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) ed.mdc_method = DIGEST_ALGO_SHA1; gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0); if ( DBG_HASHING ) - gcry_md_start_debug (cfx->mdc_hash, "creatmdc"); + gcry_md_debug (cfx->mdc_hash, "creatmdc"); } { char buf[20]; - + sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo); write_status_text (STATUS_BEGIN_ENCRYPTION, buf); } @@ -81,7 +81,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) temp[nprefix] = temp[nprefix-2]; temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); - err = openpgp_cipher_open (&cfx->cipher_hd, + err = openpgp_cipher_open (&cfx->cipher_hd, cfx->dek->algo, GCRY_CIPHER_MODE_CFB, (GCRY_CIPHER_SECURE diff --git a/g10/encr-data.c b/g10/encr-data.c index 602ae55..ee988c9 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -119,7 +119,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 )) BUG (); if ( DBG_HASHING ) - gcry_md_start_debug (dfx->mdc_hash, "checkmdc"); + gcry_md_debug (dfx->mdc_hash, "checkmdc"); } rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo, diff --git a/g10/keylist.c b/g10/keylist.c index 4c1624c..bb19bc3 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -141,7 +141,7 @@ print_seckey_info (PKT_secret_key *sk) nbits_from_sk (sk), pubkey_letter (sk->pubkey_algo), keystr(keyid), datestr_from_sk (sk), p); - + xfree (p); } @@ -185,13 +185,13 @@ print_card_key_info (FILE *fp, KBNODE keyblock) KBNODE node; int i; - for (node = keyblock; node; node = node->next ) + for (node = keyblock; node; node = node->next ) { if (node->pkt->pkttype == PKT_SECRET_KEY || (node->pkt->pkttype == PKT_SECRET_SUBKEY) ) { PKT_secret_key *sk = node->pkt->pkt.secret_key; - + tty_fprintf (fp, "%s%c %4u%c/%s ", node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb", (sk->protect.s2k.mode==1001)?'#': @@ -205,10 +205,10 @@ print_card_key_info (FILE *fp, KBNODE keyblock) if (sk->is_protected && sk->protect.s2k.mode == 1002) { tty_fprintf (fp, "\n "); - tty_fprintf (fp, _("card-no: ")); + tty_fprintf (fp, _("card-no: ")); if (sk->protect.ivlen == 16 && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6)) - { + { /* This is an OpenPGP card. */ for (i=8; i < 14; i++) { @@ -454,7 +454,7 @@ list_all( int secret ) merge_keys_and_selfsig( keyblock ); list_keyblock( keyblock, secret, opt.fingerprint, opt.check_sigs?&stats:NULL); - release_kbnode( keyblock ); + release_kbnode( keyblock ); keyblock = NULL; } while (!(rc = keydb_search_next (hd))); if( rc && rc != -1 ) @@ -548,7 +548,7 @@ locate_one (strlist_t names) struct sig_stats stats; memset (&stats,0,sizeof(stats)); - + for (sl=names; sl; sl = sl->next) { rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0); @@ -559,18 +559,18 @@ locate_one (strlist_t names) } else { - do + do { list_keyblock (keyblock, 0, opt.fingerprint, opt.check_sigs? &stats : NULL ); release_kbnode (keyblock); - } + } while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock)); get_pubkey_end (ctx); ctx = NULL; - } + } } - + if (opt.check_sigs && !opt.with_colons) print_signature_stats (&stats); } @@ -597,7 +597,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) { unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage; int c_printed = 0; - + if ( use & PUBKEY_USAGE_ENC ) putchar ('e'); @@ -627,7 +627,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) int enc=0, sign=0, cert=0, auth=0, disabled=0; for (k=keyblock; k; k = k->next ) { - if ( k->pkt->pkttype == PKT_PUBLIC_KEY + if ( k->pkt->pkttype == PKT_PUBLIC_KEY || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { pk = k->pkt->pkt.public_key; @@ -649,7 +649,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) auth = 1; } } - else if ( k->pkt->pkttype == PKT_SECRET_KEY + else if ( k->pkt->pkttype == PKT_SECRET_KEY || k->pkt->pkttype == PKT_SECRET_SUBKEY ) { sk = k->pkt->pkt.secret_key; if ( sk->is_valid && !sk->is_revoked && !sk->has_expired @@ -982,7 +982,7 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque ) case 0: sigrc = '!'; break; case GPG_ERR_BAD_SIGNATURE: stats->inv_sigs++; sigrc = '-'; break; - case GPG_ERR_NO_PUBKEY: + case GPG_ERR_NO_PUBKEY: case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue; default: stats->oth_err++; sigrc = '%'; break; } @@ -1128,9 +1128,9 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) putchar ('r'); else if ( pk->has_expired ) putchar ('e'); - else if ( opt.fast_list_mode || opt.no_expensive_trust_checks ) + else if ( opt.fast_list_mode || opt.no_expensive_trust_checks ) ; - else + else { trustletter = get_validity_info ( pk, NULL ); if ( trustletter == 'u' ) @@ -1186,7 +1186,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL) dump_attribs (node->pkt->pkt.user_id,pk,sk); /* - * Fixme: We need a is_valid flag here too + * Fixme: We need a is_valid flag here too */ str = uid->attrib_data? "uat":"uid"; /* If we're listing a secret key, leave out the validity @@ -1199,25 +1199,25 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) printf ("%s:e::::",str); else if ( opt.no_expensive_trust_checks ) printf ("%s:::::",str); - else + else { int uid_validity; - + if ( pk && !ulti_hack ) uid_validity=get_validity_info (pk, uid); else uid_validity = 'u'; printf ("%s:%c::::",str,uid_validity); } - + printf ("%s:", colon_strtime (uid->created)); printf ("%s:", colon_strtime (uid->expiredate)); - + namehash_from_uid (uid); for (i=0; i < 20; i++ ) printf ("%02X",uid->namehash[i]); - + printf ("::"); if (uid->attrib_data) @@ -1227,11 +1227,11 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) putchar (':'); putchar ('\n'); } - else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { u32 keyid2[2]; PKT_public_key *pk2 = node->pkt->pkt.public_key; - + keyid_from_pk ( pk2, keyid2 ); fputs ("sub:", stdout ); if ( !pk2->is_valid ) @@ -1291,7 +1291,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) } putchar(':'); /* End of field 15. */ putchar ('\n'); - + if ( fpr > 1 ) print_fingerprint ( NULL, sk2, 0 ); } @@ -1302,7 +1302,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) char *sigstr; size_t fplen; byte fparray[MAX_FINGERPRINT_LEN]; - + if ( sig->sig_class == 0x20 || sig->sig_class == 0x28 || sig->sig_class == 0x30 ) sigstr = "rev"; @@ -1312,7 +1312,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) sigstr = "sig"; else if ( sig->sig_class == 0x1F ) sigstr = "sig"; - else + else { printf ("sig::::::::::%02x%c:\n", sig->sig_class, sig->flags.exportable?'x':'l'); @@ -1322,18 +1322,18 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) if ( opt.check_sigs ) { PKT_public_key *signer_pk=NULL; - + fflush (stdout); if (opt.no_sig_cache) signer_pk = xmalloc_clear (sizeof(PKT_public_key)); - + rc = check_key_signature2 ( keyblock, node, NULL, signer_pk, NULL, NULL, NULL ); switch ( gpg_err_code (rc) ) { case 0: sigrc = '!'; break; case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; - case GPG_ERR_NO_PUBKEY: + case GPG_ERR_NO_PUBKEY: case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break; default: sigrc = '%'; break; } @@ -1348,7 +1348,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) free_public_key(signer_pk); } } - else + else { rc = 0; sigrc = ' '; @@ -1370,7 +1370,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) print_string (stdout,sig->trust_regexp, strlen(sig->trust_regexp),':'); printf(":"); - + if ( sigrc == '%' ) printf("[%s] ", g10_errstr(rc) ); else if ( sigrc == '?' ) @@ -1417,8 +1417,8 @@ do_reorder_keyblock (KBNODE keyblock,int attr) node->pkt->pkt.user_id->is_primary ) { primary = primary2 = node; for (node=node->next; node; primary2=node, node = node->next ) { - if( node->pkt->pkttype == PKT_USER_ID - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY + if( node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_SECRET_SUBKEY ) { break; } @@ -1540,7 +1540,7 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode ) fp = stdout; text = _(" Key fingerprint ="); } - + if (sk) fingerprint_from_sk (sk, array, &n); else @@ -1600,7 +1600,7 @@ print_card_serialno (PKT_secret_key *sk) if (!sk) return; - if (!sk->is_protected || sk->protect.s2k.mode != 1002) + if (!sk->is_protected || sk->protect.s2k.mode != 1002) return; /* Not a card. */ if (opt.with_colons) return; /* Handled elsewhere. */ @@ -1635,11 +1635,11 @@ set_attrib_fd (int fd) if ( fd != -1 && last_fd == fd ) return; - if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr + if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr && attrib_fp != log_get_stream () ) fclose (attrib_fp); attrib_fp = NULL; - if ( fd == -1 ) + if ( fd == -1 ) return; #ifdef HAVE_DOSISH_SYSTEM @@ -1651,11 +1651,11 @@ set_attrib_fd (int fd) attrib_fp = stderr; else attrib_fp = fdopen (fd, "wb"); - if (!attrib_fp) + if (!attrib_fp) { log_fatal("can't open fd %d for attribute output: %s\n", fd, strerror(errno)); } - + last_fd = fd; } diff --git a/g10/mainproc.c b/g10/mainproc.c index c7df113..b7f097b 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -699,9 +699,9 @@ proc_plaintext( CTX c, PACKET *pkt ) BUG (); } if ( DBG_HASHING ) { - gcry_md_start_debug ( c->mfx.md, "verify" ); + gcry_md_debug ( c->mfx.md, "verify" ); if ( c->mfx.md2 ) - gcry_md_start_debug ( c->mfx.md2, "verify2" ); + gcry_md_debug ( c->mfx.md2, "verify2" ); } rc=0; @@ -2138,9 +2138,9 @@ proc_tree( CTX c, KBNODE node ) /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */ #endif if ( DBG_HASHING ) { - gcry_md_start_debug( c->mfx.md, "verify" ); + gcry_md_debug( c->mfx.md, "verify" ); if ( c->mfx.md2 ) - gcry_md_start_debug( c->mfx.md2, "verify2" ); + gcry_md_debug( c->mfx.md2, "verify2" ); } if( c->sigs_only ) { if (c->signed_data.used && c->signed_data.data_fd != -1) diff --git a/g10/sign.c b/g10/sign.c index 8d280ed..a464bb6 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -150,7 +150,7 @@ mk_notation_policy_etc( PKT_signature *sig, /* - * Helper to hash a user ID packet. + * Helper to hash a user ID packet. */ static void hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid) @@ -188,7 +188,7 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid) static void hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) { - if (sig->version >= 4) + if (sig->version >= 4) gcry_md_putc (md, sig->version); gcry_md_putc (md, sig->sig_class); if (sig->version < 4) { @@ -201,7 +201,7 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) else { byte buf[6]; size_t n; - + gcry_md_putc (md, sig->pubkey_algo); gcry_md_putc (md, sig->digest_algo); if (sig->hashed) { @@ -257,13 +257,13 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, sig->digest_algo = digest_algo; sig->digest_start[0] = dp[0]; sig->digest_start[1] = dp[1]; - if (sk->is_protected && sk->protect.s2k.mode == 1002) - { + if (sk->is_protected && sk->protect.s2k.mode == 1002) + { #ifdef ENABLE_CARD_SUPPORT unsigned char *rbuf; size_t rbuflen; char *snbuf; - + snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk); rc = agent_scd_pksign (snbuf, digest_algo, @@ -282,7 +282,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, return gpg_error (GPG_ERR_NOT_SUPPORTED); #endif /* ENABLE_CARD_SUPPORT */ } - else + else { frame = encode_md_value( NULL, sk, md, digest_algo ); if (!frame) @@ -495,7 +495,7 @@ print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what ) * Loop over the secret certificates in SK_LIST and build the one pass * signature packets. OpenPGP says that the data should be bracket by * the onepass-sig and signature-packet; so we build these onepass - * packet here in reverse order + * packet here in reverse order */ static int write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) @@ -511,7 +511,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) PKT_onepass_sig *ops; PACKET pkt; int i, rc; - + for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { if (++i == skcount) break; @@ -524,7 +524,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) ops->pubkey_algo = sk->pubkey_algo; keyid_from_sk (sk, ops->keyid); ops->last = (skcount == 1); - + init_packet(&pkt); pkt.pkttype = PKT_ONEPASS_SIG; pkt.pkt.onepass_sig = ops; @@ -612,7 +612,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode) wipememory(copy_buffer,4096); /* burn buffer */ } /* fixme: it seems that we never freed pt/pkt */ - + return rc; } @@ -777,7 +777,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr, inp = NULL; errno = EPERM; } - if( !inp ) + if( !inp ) { rc = gpg_error_from_syserror (); log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", @@ -817,7 +817,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr, if ( gcry_md_open (&mfx.md, 0, 0) ) BUG (); if (DBG_HASHING) - gcry_md_start_debug (mfx.md, "sign"); + gcry_md_debug (mfx.md, "sign"); /* If we're encrypting and signing, it is reasonable to pick the hash algorithm to use out of the recepient key prefs. This is @@ -928,7 +928,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr, there is an assumed preference for uncompressed data. Still, if it did fail, we'll also end up with the default. */ - + if((compr_algo= select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1) compr_algo=default_compress_algo(); @@ -1091,7 +1091,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) } if( !inp ) { rc = gpg_error_from_syserror (); - log_error (_("can't open `%s': %s\n"), + log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", strerror(errno) ); goto leave; } @@ -1102,7 +1102,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) outfile = NULL; errno = EPERM; } - else + else out = iobuf_create( outfile ); if( !out ) { @@ -1166,7 +1166,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) gcry_md_enable (textmd, hash_for(sk)); } if ( DBG_HASHING ) - gcry_md_start_debug ( textmd, "clearsign" ); + gcry_md_debug ( textmd, "clearsign" ); copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped, opt.escape_from, (old_style && only_md5) ); @@ -1190,7 +1190,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) gcry_md_close ( textmd ); release_sk_list( sk_list ); release_progress_context (pfx); - release_armor_context (afx); + release_armor_context (afx); return rc; } @@ -1234,7 +1234,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) } rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); - if (rc) + if (rc) goto leave; /* prepare iobufs */ @@ -1247,7 +1247,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) } if( !inp ) { rc = gpg_error_from_syserror (); - log_error (_("can't open `%s': %s\n"), + log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", strerror(errno) ); goto leave; } @@ -1288,7 +1288,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) if ( gcry_md_open (&mfx.md, 0, 0) ) BUG (); if ( DBG_HASHING ) - gcry_md_start_debug (mfx.md, "symc-sign"); + gcry_md_debug (mfx.md, "symc-sign"); for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) { PKT_secret_key *sk = sk_rover->sk; @@ -1338,7 +1338,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b'); if (rc) goto leave; - + /* Write the signatures */ /*(current filters: zip - encrypt - armor)*/ rc = write_signature_packets (sk_list, out, mfx.md, @@ -1497,7 +1497,7 @@ int update_keysig_packet( PKT_signature **ret_sig, PKT_signature *orig_sig, PKT_public_key *pk, - PKT_user_id *uid, + PKT_user_id *uid, PKT_public_key *subpk, PKT_secret_key *sk, int (*mksubpkt)(PKT_signature *, void *), @@ -1530,7 +1530,7 @@ update_keysig_packet( PKT_signature **ret_sig, /* create a new signature packet */ sig = copy_signature (NULL, orig_sig); - + /* We need to create a new timestamp so that new sig expiration calculations are done correctly... */ sig->timestamp=make_timestamp(); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 064d342..defd039 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -206,11 +206,12 @@ static void handle_connections (int listen_fd); ASSUAN_SYSTEM_PTH_IMPL; GCRY_THREAD_OPTION_PTH_IMPL; +#if GCRY_THREAD_OPTION_VERSION < 1 static int fixed_gcry_pth_init (void) { return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; } - +#endif static char * @@ -409,7 +410,9 @@ main (int argc, char **argv ) /* Libgcrypt requires us to register the threading model first. Note that this will also do the pth_init. */ +#if GCRY_THREAD_OPTION_VERSION < 1 gcry_threads_pth.init = fixed_gcry_pth_init; +#endif err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); if (err) { diff --git a/sm/certcheck.c b/sm/certcheck.c index 51a809b..e2e4a4b 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -22,7 +22,7 @@ #include #include #include -#include +#include #include #include @@ -106,7 +106,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, { log_error (_("a %u bit hash is not valid for a %u bit %s key\n"), (unsigned int)nframe*8, - gcry_pk_get_nbits (pkey), + gcry_pk_get_nbits (pkey), gcry_pk_algo_name (pkalgo)); /* FIXME: we need to check the requirements for ECDSA. */ if (nframe < 20 || pkalgo == GCRY_PK_DSA ) @@ -139,16 +139,16 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, log_error ("no object identifier for algo %d\n", algo); return gpg_error (GPG_ERR_INTERNAL); } - + len = gcry_md_get_algo_dlen (algo); - + if ( len + asnlen + 4 > nframe ) { log_error ("can't encode a %d bit MD into a %d bits frame\n", (int)(len*8), (int)nbits); return gpg_error (GPG_ERR_INTERNAL); } - + /* We encode the MD in this way: * * 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes) @@ -177,7 +177,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, log_printf (" %02X", frame[j]); log_printf ("\n"); } - + gcry_mpi_scan (r_val, GCRYMPI_FMT_USG, frame, n, &nframe); xfree (frame); return 0; @@ -251,7 +251,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) return rc; } if (DBG_HASHING) - gcry_md_start_debug (md, "hash.cert"); + gcry_md_debug (md, "hash.cert"); rc = ksba_cert_hash (cert, 1, HASH_FNC, md); if (rc) @@ -324,7 +324,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) BUG (); gcry_mpi_release (frame); - + rc = gcry_pk_verify (s_sig, s_hash, s_pkey); if (DBG_X509) log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc)); @@ -400,7 +400,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval, if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) ) BUG (); gcry_mpi_release (frame); - + rc = gcry_pk_verify (s_sig, s_hash, s_pkey); if (DBG_X509) log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc)); @@ -427,7 +427,7 @@ gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert, desc = gpgsm_format_keydesc (cert); - rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo), + rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo), gcry_md_get_algo_dlen (mdalgo), mdalgo, r_sigval, &siglen); xfree (desc); diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 49b2b92..c3f3165 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -74,9 +74,9 @@ The format of the native parameter file is follows: This is the DN name of the subject in rfc2253 format. Name-Email: The is an email address for the altSubjectName - Name-DNS: + Name-DNS: The is an DNS name for the altSubjectName - Name-URI: + Name-URI: The is an URI for the altSubjectName Here is an example: @@ -98,7 +98,7 @@ EOF #include #include #include -#include +#include #include #include @@ -126,7 +126,7 @@ struct para_data_s { int lnr; enum para_name key; union { - unsigned int usage; + unsigned int usage; char value[1]; } u; }; @@ -156,7 +156,7 @@ static void release_parameter_list (struct para_data_s *r) { struct para_data_s *r2; - + for (; r ; r = r2) { r2 = r->next; @@ -168,7 +168,7 @@ static struct para_data_s * get_parameter (struct para_data_s *para, enum para_name key, int seq) { struct para_data_s *r; - + for (r = para; r ; r = r->next) if ( r->key == key && !seq--) return r; @@ -190,7 +190,7 @@ get_parameter_algo (struct para_data_s *para, enum para_name key) return -1; if (digitp (r->u.value)) return atoi( r->u.value ); - return gcry_pk_map_name (r->u.value); + return gcry_pk_map_name (r->u.value); } /* Parse the usage parameter. Returns 0 on success. Note that we @@ -203,10 +203,10 @@ parse_parameter_usage (struct para_data_s *para, enum para_name key) struct para_data_s *r = get_parameter (para, key, 0); char *p, *pn; unsigned int use; - + if (!r) return 0; /* none (this is an optional parameter)*/ - + use = 0; pn = r->u.value; while ( (p = strsep (&pn, " \t,")) ) @@ -474,7 +474,7 @@ proc_parameters (ctrl_t ctrl, log_error (_("line %d: invalid algorithm\n"), r->lnr); return gpg_error (GPG_ERR_INV_PARAMETER); } - + /* Check the keylength. */ if (!get_parameter (para, pKEYLENGTH, 0)) nbits = 2048; @@ -489,7 +489,7 @@ proc_parameters (ctrl_t ctrl, xfree (cardkeyid); return gpg_error (GPG_ERR_INV_PARAMETER); } - + /* Check the usage. */ if (parse_parameter_usage (para, pKEYUSAGE)) { @@ -523,7 +523,7 @@ proc_parameters (ctrl_t ctrl, /* Check that the optional email address is okay. */ for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++) - { + { if (has_invalid_email_chars (s) || *s == '@' || s[strlen(s)-1] == '@' @@ -564,7 +564,7 @@ proc_parameters (ctrl_t ctrl, else /* Generate new key. */ { sprintf (numbuf, "%u", nbits); - snprintf ((char*)keyparms, DIM (keyparms)-1, + snprintf ((char*)keyparms, DIM (keyparms)-1, "(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf); rc = gpgsm_agent_genkey (ctrl, keyparms, &public); @@ -589,8 +589,8 @@ proc_parameters (ctrl_t ctrl, /* Parameters are checked, the key pair has been created. Now generate the request and write it out */ static int -create_request (ctrl_t ctrl, - struct para_data_s *para, +create_request (ctrl_t ctrl, + struct para_data_s *para, const char *carddirect, ksba_const_sexp_t public, struct reqgen_ctrl_s *outctrl) @@ -618,11 +618,11 @@ create_request (ctrl_t ctrl, goto leave; } if (DBG_HASHING) - gcry_md_start_debug (md, "cr.cri"); + gcry_md_debug (md, "cr.cri"); ksba_certreq_set_hash_function (cr, HASH_FNC, md); ksba_certreq_set_writer (cr, outctrl->writer); - + err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0)); if (err) { @@ -718,14 +718,14 @@ create_request (ctrl_t ctrl, goto leave; } - + use = get_parameter_uint (para, pKEYUSAGE); if (use == GCRY_PK_USAGE_SIGN) { /* For signing only we encode the bits: KSBA_KEYUSAGE_DIGITAL_SIGNATURE KSBA_KEYUSAGE_NON_REPUDIATION */ - err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, + err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, "\x03\x02\x06\xC0", 4); } else if (use == GCRY_PK_USAGE_ENCR) @@ -733,7 +733,7 @@ create_request (ctrl_t ctrl, /* For encrypt only we encode the bits: KSBA_KEYUSAGE_KEY_ENCIPHERMENT KSBA_KEYUSAGE_DATA_ENCIPHERMENT */ - err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, + err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, "\x03\x02\x04\x30", 4); } else @@ -746,7 +746,7 @@ create_request (ctrl_t ctrl, goto leave; } - + do { err = ksba_certreq_build (cr, &stopreason); @@ -788,11 +788,11 @@ create_request (ctrl_t ctrl, gcry_sexp_release (s_pkey); bin2hex (grip, 20, hexgrip); - log_info ("about to sign CSR for key: &%s\n", hexgrip); + log_info ("about to sign CSR for key: &%s\n", hexgrip); if (carddirect) rc = gpgsm_scd_pksign (ctrl, carddirect, NULL, - gcry_md_read(md, GCRY_MD_SHA1), + gcry_md_read(md, GCRY_MD_SHA1), gcry_md_get_algo_dlen (GCRY_MD_SHA1), GCRY_MD_SHA1, &sigval, &siglen); @@ -802,13 +802,13 @@ create_request (ctrl_t ctrl, char *desc; orig_codeset = i18n_switchto_utf8 (); - desc = percent_plus_escape + desc = percent_plus_escape (_("To complete this certificate request please enter" " the passphrase for the key you just created once" " more.\n")); i18n_switchback (orig_codeset); rc = gpgsm_agent_pksign (ctrl, hexgrip, desc, - gcry_md_read(md, GCRY_MD_SHA1), + gcry_md_read(md, GCRY_MD_SHA1), gcry_md_get_algo_dlen (GCRY_MD_SHA1), GCRY_MD_SHA1, &sigval, &siglen); @@ -819,7 +819,7 @@ create_request (ctrl_t ctrl, log_error ("signing failed: %s\n", gpg_strerror (rc)); goto leave; } - + err = ksba_certreq_set_sig_val (cr, sigval); xfree (sigval); if (err) @@ -831,13 +831,13 @@ create_request (ctrl_t ctrl, } } } - while (stopreason != KSBA_SR_READY); + while (stopreason != KSBA_SR_READY); leave: gcry_md_close (md); ksba_certreq_release (cr); - return rc; + return rc; } @@ -868,7 +868,7 @@ gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, FILE *out_fp) } rc = gpgsm_finish_writer (b64writer); - if (rc) + if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); goto leave; diff --git a/sm/sign.c b/sm/sign.c index fd7c4ff..a9d4990 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -22,7 +22,7 @@ #include #include #include -#include +#include #include #include @@ -50,7 +50,7 @@ hash_data (int fd, gcry_md_hd_t md) return -1; } - do + do { nread = fread (buffer, 1, DIM(buffer), fp); gcry_md_write (md, buffer, nread); @@ -83,7 +83,7 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer) return tmperr; } - do + do { nread = fread (buffer, 1, DIM(buffer), fp); if (nread) @@ -152,7 +152,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert) do { rc = keydb_get_cert (hd, &cert); - if (rc) + if (rc) { log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc)); keydb_release (hd); @@ -175,13 +175,13 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert) } } - ksba_cert_release (cert); + ksba_cert_release (cert); cert = NULL; } while (!(rc = keydb_search_next (hd))); if (rc && rc != -1) log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc)); - + ksba_cert_release (cert); keydb_release (hd); return rc; @@ -225,7 +225,7 @@ get_default_signer (ctrl_t ctrl) { log_debug ("failed to find default certificate: rc=%d\n", rc); } - else + else { rc = keydb_get_cert (kh, &cert); if (rc) @@ -241,7 +241,7 @@ get_default_signer (ctrl_t ctrl) /* Depending on the options in CTRL add the certificate CERT as well as other certificate up in the chain to the Root-CA to the CMS object. */ -static int +static int add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert) { gpg_error_t err; @@ -302,7 +302,7 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert) -/* Perform a sign operation. +/* Perform a sign operation. Sign the data received on DATA-FD in embedded mode or in detached mode when DETACHED is true. Write the signature to OUT_FP. The @@ -380,7 +380,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (!cert) { log_error ("no default signer found\n"); - gpgsm_status2 (ctrl, STATUS_INV_SGNR, + gpgsm_status2 (ctrl, STATUS_INV_SGNR, get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL); rc = gpg_error (GPG_ERR_GENERAL); goto leave; @@ -396,7 +396,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, char *tmpfpr; tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0); - gpgsm_status2 (ctrl, STATUS_INV_SGNR, + gpgsm_status2 (ctrl, STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), tmpfpr, NULL); xfree (tmpfpr); goto leave; @@ -442,13 +442,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break; case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break; /* case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */ - + case GCRY_MD_MD5: /* We don't want to use MD5. */ case 0: /* No algorithm found in cert. */ default: /* Other algorithms. */ log_info (_("hash algorithm %d (%s) for signer %d not supported;" " using %s\n"), - cl->hash_algo, oid? oid: "?", i, + cl->hash_algo, oid? oid: "?", i, gcry_md_algo_name (GCRY_MD_SHA1)); cl->hash_algo = GCRY_MD_SHA1; oid = "1.3.14.3.2.26"; @@ -460,7 +460,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (opt.verbose) { for (i=0, cl=signerlist; cl; cl = cl->next, i++) - log_info (_("hash algorithm used for signer %d: %s (%s)\n"), + log_info (_("hash algorithm used for signer %d: %s (%s)\n"), i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid); } @@ -471,7 +471,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, rc = gpgsm_cert_use_sign_p (cl->cert); if (rc) goto leave; - + err = ksba_cms_add_signer (cms, cl->cert); if (err) { @@ -505,13 +505,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { size_t buflen; char buffer[1]; - - err = ksba_cert_get_user_data (cl->cert, "is_qualified", + + err = ksba_cert_get_user_data (cl->cert, "is_qualified", &buffer, sizeof (buffer), &buflen); if (err || !buflen) { log_error (_("checking for qualified certificate failed: %s\n"), - gpg_strerror (err)); + gpg_strerror (err)); rc = err; goto leave; } @@ -525,7 +525,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, goto leave; } } - + /* Prepare hashing (actually we are figuring out what we have set above). */ rc = gcry_md_open (&data_md, 0, 0); @@ -535,7 +535,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, goto leave; } if (DBG_HASHING) - gcry_md_start_debug (data_md, "sign.data"); + gcry_md_debug (data_md, "sign.data"); for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++) { @@ -614,7 +614,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, /* Main building loop. */ - do + do { err = ksba_cms_build (cms, &stopreason); if (err) @@ -625,7 +625,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } if (stopreason == KSBA_SR_BEGIN_DATA) - { + { /* Hash the data and store the message digest. */ unsigned char *digest; size_t digest_len; @@ -658,7 +658,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } } else if (stopreason == KSBA_SR_NEED_SIG) - { + { /* Compute the signature for all signers. */ gcry_md_hd_t md; @@ -669,7 +669,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, goto leave; } if (DBG_HASHING) - gcry_md_start_debug (md, "sign.attr"); + gcry_md_debug (md, "sign.attr"); ksba_cms_set_hash_function (cms, HASH_FNC, md); for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) { @@ -685,7 +685,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next) { gcry_md_enable (md, cl_tmp->hash_algo); - audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, + audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, cl_tmp->hash_algo); } } @@ -698,7 +698,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, gcry_md_close (md); goto leave; } - + rc = gpgsm_create_cms_signature (ctrl, cl->cert, md, cl->hash_algo, &sigval); if (rc) @@ -733,8 +733,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL); buf = xtryasprintf ("%c %d %d 00 %s %s", detached? 'D':'S', - pkalgo, - cl->hash_algo, + pkalgo, + cl->hash_algo, signed_at, fpr); if (!buf) @@ -753,10 +753,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, gcry_md_close (md); } } - while (stopreason != KSBA_SR_READY); + while (stopreason != KSBA_SR_READY); rc = gpgsm_finish_writer (b64writer); - if (rc) + if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); goto leave; @@ -774,7 +774,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, gpgsm_release_certlist (signerlist); ksba_cms_release (cms); gpgsm_destroy_writer (b64writer); - keydb_release (kh); + keydb_release (kh); gcry_md_close (data_md); return rc; } diff --git a/sm/verify.c b/sm/verify.c index c8663e3..6bc44d2 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -22,7 +22,7 @@ #include #include #include -#include +#include #include #include @@ -37,7 +37,7 @@ static char * strtimestamp_r (ksba_isotime_t atime) { char *buffer = xmalloc (15); - + if (!atime || !*atime) strcpy (buffer, "none"); else @@ -64,7 +64,7 @@ hash_data (int fd, gcry_md_hd_t md) return err; } - do + do { nread = fread (buffer, 1, DIM(buffer), fp); gcry_md_write (md, buffer, nread); @@ -160,12 +160,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) goto leave; } if (DBG_HASHING) - gcry_md_start_debug (data_md, "vrfy.data"); + gcry_md_debug (data_md, "vrfy.data"); audit_log (ctrl->audit, AUDIT_SETUP_READY); is_detached = 0; - do + do { rc = ksba_cms_parse (cms, &stopreason); if (rc) @@ -184,7 +184,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) if (stopreason == KSBA_SR_NEED_HASH || stopreason == KSBA_SR_BEGIN_DATA) - { + { audit_log (ctrl->audit, AUDIT_GOT_DATA); /* We are now able to enable the hash algorithms */ @@ -213,7 +213,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) if (opt.extra_digest_algo) { if (DBG_X509) - log_debug ("enabling extra hash algorithm %d\n", + log_debug ("enabling extra hash algorithm %d\n", opt.extra_digest_algo); gcry_md_enable (data_md, opt.extra_digest_algo); audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, @@ -241,12 +241,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0); } } - while (stopreason != KSBA_SR_READY); + while (stopreason != KSBA_SR_READY); if (b64writer) { rc = gpgsm_finish_writer (b64writer); - if (rc) + if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); audit_log_ok (ctrl->audit, AUDIT_WRITE_ERROR, rc); @@ -268,7 +268,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) certificate first before entering it into the DB. This way we would avoid cluttering the DB with invalid certificates. */ - audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, + audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, keydb_store_cert (cert, 0, NULL)); ksba_cert_release (cert); } @@ -344,7 +344,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) &algo, &is_enabled) || !is_enabled) { - log_error ("digest algo %d (%s) has not been enabled\n", + log_error ("digest algo %d (%s) has not been enabled\n", algo, algoid?algoid:""); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported"); goto next_signer; @@ -355,7 +355,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) assert (!msgdigest); rc = 0; algoid = NULL; - algo = 0; + algo = 0; } else /* real error */ { @@ -365,7 +365,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) rc = ksba_cms_get_sigattr_oids (cms, signer, "1.2.840.113549.1.9.3", &ctattr); - if (!rc) + if (!rc) { const char *s; @@ -484,9 +484,9 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) gpgsm_status (ctrl, STATUS_BADSIG, fpr); xfree (fpr); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad"); - goto next_signer; + goto next_signer; } - + audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo); rc = gcry_md_open (&md, sigval_hash_algo, 0); if (rc) @@ -496,7 +496,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) goto next_signer; } if (DBG_HASHING) - gcry_md_start_debug (md, "vrfy.attr"); + gcry_md_debug (md, "vrfy.attr"); ksba_cms_set_hash_function (cms, HASH_FNC, md); rc = ksba_cms_hash_signed_attrs (cms, signer); @@ -508,13 +508,13 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error"); goto next_signer; } - rc = gpgsm_check_cms_signature (cert, sigval, md, + rc = gpgsm_check_cms_signature (cert, sigval, md, sigval_hash_algo, &info_pkalgo); gcry_md_close (md); } else { - rc = gpgsm_check_cms_signature (cert, sigval, data_md, + rc = gpgsm_check_cms_signature (cert, sigval, data_md, algo, &info_pkalgo); } @@ -542,7 +542,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) audit_log (ctrl->audit, AUDIT_VALIDATE_CHAIN); rc = gpgsm_validate_chain (ctrl, cert, *sigtime? sigtime : "19700101T000000", - keyexptime, 0, + keyexptime, 0, NULL, 0, &verifyflags); { char *fpr, *buf, *tstr; @@ -555,7 +555,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) } else gpgsm_status (ctrl, STATUS_GOODSIG, fpr); - + xfree (fpr); fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); @@ -581,7 +581,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL, gpg_err_code (rc)); else - gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL, + gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL, gpg_err_code (rc)); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad"); goto next_signer; @@ -603,7 +603,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) { size_t qualbuflen; char qualbuffer[1]; - + rc = ksba_cert_get_user_data (cert, "is_qualified", &qualbuffer, sizeof (qualbuffer), &qualbuflen); if (!rc && qualbuflen) @@ -612,20 +612,20 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) { log_info (_("This is a qualified signature\n")); if (!opt.qualsig_approval) - log_info + log_info (_("Note, that this software is not officially approved " "to create or verify such signatures.\n")); } - } + } else if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND) log_error ("get_user_data(is_qualified) failed: %s\n", - gpg_strerror (rc)); + gpg_strerror (rc)); } - gpgsm_status (ctrl, STATUS_TRUST_FULLY, + gpgsm_status (ctrl, STATUS_TRUST_FULLY, (verifyflags & VALIDATE_FLAG_CHAIN_MODEL)? "0 chain": "0 shell"); - + next_signer: rc = 0; @@ -642,7 +642,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) ksba_cms_release (cms); gpgsm_destroy_reader (b64reader); gpgsm_destroy_writer (b64writer); - keydb_release (kh); + keydb_release (kh); gcry_md_close (data_md); if (fp) fclose (fp); commit a4b22d8edf31feb2cd09805a36ec662d8c6e0a09 Author: Werner Koch Date: Thu May 24 10:13:39 2012 +0200 Print the hash algorithm in colon mode key listing. * g10/keylist.c (list_keyblock_colon): Print digest_algo. diff --git a/NEWS b/NEWS index d0cdd6f..8fd346f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ Noteworthy changes in version 2.0.20 (unreleased) ------------------------------------------------- + * The hash algorithm is now printed for sig records in key listings. + Noteworthy changes in version 2.0.19 (2012-03-27) ------------------------------------------------- diff --git a/doc/DETAILS b/doc/DETAILS index 423eea9..e9d2d6f 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -3,8 +3,8 @@ Format of colon listings ======================== First an example: -$ gpg --fixed-list-mode --with-colons --list-keys \ - --with-fingerprint --with-fingerprint wk at gnupg.org +$ gpg --with-colons --list-keys \ + --with-fingerprint --with-fingerprint wk at gnupg.org pub:f:1024:17:6C7EE1B8621CC013:899817715:1055898235::m:::scESC: fpr:::::::::ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013: @@ -147,6 +147,10 @@ record; gpg2 does this by default and the option is a dummy. 15. Field Used in sec/sbb to print the serial number of a token (internal protect mode 1002) or a '#' if that key is a simple stub (internal protect mode 1001) +16. Field: For sig records, this is the used hash algorithm: + 2 = SHA-1 + 8 = SHA-256 + (for other id's see include/cipher.h) All dates are displayed in the format yyyy-mm-dd unless you use the option --fixed-list-mode in which case they are displayed as seconds diff --git a/g10/keylist.c b/g10/keylist.c index 8201260..4c1624c 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1382,23 +1382,19 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) print_string( stdout, p, n, ':' ); xfree(p); } - printf (":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l'); - + printf (":%02x%c::", sig->sig_class,sig->flags.exportable?'x':'l'); + if (opt.no_sig_cache && opt.check_sigs && fprokay) { - putchar (':'); - for (i=0; i < fplen ; i++ ) printf ("%02X", fparray[i] ); - - putchar (':'); } - printf ("\n"); - + printf (":::%d:\n", sig->digest_algo); + if (opt.show_subpackets) print_subpackets_colon (sig); - + /* fixme: check or list other sigs here */ } } ----------------------------------------------------------------------- Summary of changes: NEWS | 2 + agent/gpg-agent.c | 5 ++- doc/DETAILS | 8 +++- g10/cipher.c | 6 ++-- g10/encr-data.c | 2 +- g10/keylist.c | 96 +++++++++++++++++++++++++--------------------------- g10/mainproc.c | 8 ++-- g10/sign.c | 48 +++++++++++++------------- scd/scdaemon.c | 5 ++- sm/certcheck.c | 20 +++++----- sm/certreqgen.c | 58 ++++++++++++++++---------------- sm/sign.c | 62 +++++++++++++++++----------------- sm/verify.c | 56 +++++++++++++++--------------- 13 files changed, 192 insertions(+), 184 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 31 10:36:09 2012 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 31 May 2012 10:36:09 +0200 Subject: [git] GCRYPT - branch, OS2-BRANCH, updated. libgcrypt-1.5.0-29-gae8d503 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, OS2-BRANCH has been updated via ae8d5037644e6f7f51d308f24d1d3839d986bf0f (commit) via e3013396c87eafd9293f6e9772d6ab2852f77ea4 (commit) from 70cca617ed75ea292e1fed769114dda5cc1d76f1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ae8d5037644e6f7f51d308f24d1d3839d986bf0f Author: Werner Koch Date: Tue Mar 27 07:15:15 2012 +0200 Add a note on the unofficial state of this OS/2 port. -- diff --git a/README b/README index bbbd0db..8592698 100644 --- a/README +++ b/README @@ -1,8 +1,10 @@ Libgcrypt - The GNU Crypto Library ------------------------------------ - Version 1.6 + Version 1.6 for OS/2 - !!! THIS IS A DEVELOPMENT VERSION VERSION !!! + ****************************************** + *** THIS IS AN UNOFFICIAL PORT TO OS/2 *** + ****************************************** Copyright 2000, 2002, 2003, 2004, 2007, 2008, 2009, 2011 Free Software Foundation, Inc. commit e3013396c87eafd9293f6e9772d6ab2852f77ea4 Author: KO Myung-Hun Date: Fri Mar 9 22:01:37 2012 +0900 Add OS/2 entropy gatherer diff --git a/configure.ac b/configure.ac index cf4a082..1f0c27a 100644 --- a/configure.ac +++ b/configure.ac @@ -197,6 +197,7 @@ LIBGCRYPT_THREAD_MODULES="" print_egd_notice=no have_w32_system=no have_w32ce_system=no +have_os2_system=no have_pthread=no @@ -227,8 +228,10 @@ case "${host}" in i?86-emx-os2 | i?86-*-os2*emx) # OS/2 with the EMX environment ac_cv_have_dev_random=no + have_os2_system=yes AC_DEFINE(HAVE_DRIVE_LETTERS) AC_DEFINE(HAVE_DOSISH_SYSTEM) + LDFLAGS="$LDFLAGS -no-undefined -Zbin-files" ;; i?86-*-msdosdjgpp*) @@ -271,6 +274,11 @@ fi AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes) +if test "$have_os2_system" = yes; then + AC_DEFINE(HAVE_OS2_SYSTEM,1, [Defined if we run on an OS/2 API based system]) +fi +AM_CONDITIONAL(HAVE_OS2_SYSTEM, test "$have_os2_system" = yes) + # A printable OS Name is sometimes useful. @@ -882,6 +890,11 @@ if test "$random" = "default"; then # Windows random device. random_modules="w32" ;; + + *-emx-os2 | *-*-os2*emx) + # OS/2 random device. + random_modules="os2" + ;; *) # Build everything, allow to select at runtime. random_modules="$auto_random_modules" @@ -1190,6 +1203,13 @@ if test "$found" = "1" ; then [Defined if the WindowsCE specific RNG should be used.]) fi +LIST_MEMBER(os2, $random_modules) +if test "$found" = "1" ; then + GCRYPT_RANDOM="$GCRYPT_RANDOM rndos2.lo" + AC_DEFINE(USE_RNDOS2, 1, + [Defined if the OS/2 specific RNG should be used.]) +fi + AC_SUBST([GCRYPT_CIPHERS]) AC_SUBST([GCRYPT_PUBKEY_CIPHERS]) AC_SUBST([GCRYPT_DIGESTS]) diff --git a/doc/Makefile.am b/doc/Makefile.am index a6bd2ae..451d42f 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -24,7 +24,7 @@ EXTRA_DIST = README.apichanges HACKING \ yat2m.c DISTCLEANFILES = gcrypt.cps yat2m-stamp.tmp yat2m-stamp $(myman_pages) -CLEANFILES = yat2m +CLEANFILES = yat2m$(EXEEXT) BUILT_SOURCES = libgcrypt-modules.eps fips-fsm.eps \ libgcrypt-modules.png fips-fsm.png \ @@ -41,7 +41,7 @@ myman_pages = hmac256.1 man_MANS = $(myman_pages) -yat2m: yat2m.c +yat2m$(EXEEXT): yat2m.c $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c .fig.png: @@ -64,7 +64,7 @@ yat2m-stamp: $(myman_sources) `test -f '$$file' || echo '$(srcdir)/'`$$file ; done @mv -f yat2m-stamp.tmp $@ -yat2m-stamp: yat2m +yat2m-stamp: yat2m$(EXEEXT) $(myman_pages) : yat2m-stamp @if test -f $@; then :; else \ diff --git a/random/rand-internal.h b/random/rand-internal.h index a04a2d4..5b2b3be 100644 --- a/random/rand-internal.h +++ b/random/rand-internal.h @@ -132,6 +132,12 @@ void _gcry_rndw32ce_gather_random_fast (void (*add)(const void*, size_t, enum random_origins), enum random_origins origin ); +/*-- rndos2.c --*/ +int _gcry_rndos2_gather_random (void (*add) (const void *, size_t, + enum random_origins), + enum random_origins origin, + size_t length, int level); + /*-- rndhw.c --*/ int _gcry_rndhw_failed_p (void); void _gcry_rndhw_poll_fast (void (*add)(const void*, size_t, diff --git a/random/random-csprng.c b/random/random-csprng.c index 50357d1..e22d873 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -1151,6 +1151,11 @@ getfnc_gather_random (void))(void (*)(const void*, size_t, return fnc; #endif +#if USE_RNDOS2 + fnc = _gcry_rndos2_gather_random; + return fnc; +#endif + log_fatal (_("no entropy gathering module detected\n")); return NULL; /*NOTREACHED*/ diff --git a/random/rndos2.c b/random/rndos2.c new file mode 100644 index 0000000..a006bd2 --- /dev/null +++ b/random/rndos2.c @@ -0,0 +1,243 @@ +/* rndos2.c - OS/2 entropy gatherer + * Copyright (C) 2012 KO Myung-Hun + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include + +#define INCL_DOS +#define INCL_DOSERRORS +#include + +#include +#include + +#include +#include + +#include "types.h" +#include "g10lib.h" +#include "rand-internal.h" + +#define ADD( buf, bufsize, origin, remain ) \ + do { \ + int n = ( bufsize ) < ( remain ) ? ( bufsize ) : ( remain ); \ + add( buf, n, origin ); \ + ( remain ) -= n; \ + } while( 0 ) + +#define BUF_SIZE_IFMIB ( sizeof( struct ifmib )) +#define BUF_SIZE_REQUESTER ( sizeof( unsigned long ) * 30 ) +#define BUF_SIZE_SERVER ( sizeof( unsigned long ) * 17 ) +#define BUF_SIZE_CPUUTIL ( sizeof( ULONG ) * 8 ) +#define BUF_SIZE_SYS_STATE ( 64 * 1024 ) +#define BUF_SIZE_SYS_STATE_DELTA 4096 +#define BUF_SIZE_SYS_STATE_MARGIN 1024 + +static HMODULE hmodTcpIp32; +static HMODULE hmodNetApi32; +static HMODULE hmodDosCalls; + +static int _System ( *pfnsocket )( int, int, int ); +static int _System ( *pfnos2_ioctl )( int, unsigned long, char *, int ); +static int _System ( *pfnsoclose )( int ); + +static unsigned APIENTRY ( *pfnNet32StatisticsGet2 )( + const unsigned char *, const unsigned char *, + unsigned long, unsigned long, unsigned long, + unsigned char *, unsigned long, + unsigned long * ); + +static APIRET APIENTRY ( *pfnDosPerfSysCall )( ULONG, ULONG, ULONG, ULONG ); +static APIRET APIENTRY ( *pfnDosQuerySysState )( ULONG, ULONG, PID, TID, PVOID, + ULONG ); + +int +_gcry_rndos2_gather_random( void ( *add )( const void *, size_t, + enum random_origins ), + enum random_origins origin, size_t length, + int level ) +{ + static BOOL fInit = FALSE; + static ULONG ulCpuCount = 1; + + unsigned char *buf; + ULONG rc; + + if( !level ) + return 0; + + /* We never block, assume level 2. */ + + if( !fInit ) + { + CHAR szFail[ 260 ]; + + hmodTcpIp32 = NULLHANDLE; + if( !DosLoadModule( szFail, sizeof( szFail ), "tcpip32", + &hmodTcpIp32 )) + { + rc = DosQueryProcAddr( hmodTcpIp32, 16, NULL, + ( PFN * )&pfnsocket ); + + if( !rc ) + rc = DosQueryProcAddr( hmodTcpIp32, 17, NULL, + ( PFN * )&pfnsoclose ); + + if( !rc ) + rc = DosQueryProcAddr( hmodTcpIp32, 200, NULL, + ( PFN * )&pfnos2_ioctl ); + + if( rc ) + { + DosFreeModule( hmodTcpIp32 ); + + hmodTcpIp32 = NULLHANDLE; + } + } + + hmodNetApi32 = NULLHANDLE; + if( !DosLoadModule( szFail, sizeof( szFail ), "netapi32", + &hmodNetApi32 )) + { + if( DosQueryProcAddr( hmodNetApi32, 125, NULL, + ( PFN * )&pfnNet32StatisticsGet2 )) + { + DosFreeModule( hmodNetApi32 ); + + hmodNetApi32 = NULLHANDLE; + } + } + + pfnDosPerfSysCall = NULL; + pfnDosQuerySysState = NULL; + if( !DosLoadModule( szFail, sizeof( szFail ), "doscalls", + &hmodDosCalls )) + { + if( !DosQueryProcAddr( hmodDosCalls, 976, NULL, + ( PFN * )&pfnDosPerfSysCall )) + /* Query CPU count */ + pfnDosPerfSysCall( 0x41, 0, ( ULONG )&ulCpuCount, 0 ); + + DosQueryProcAddr( hmodDosCalls, 368, NULL, + ( PFN * )&pfnDosQuerySysState ); + + if( !pfnDosPerfSysCall && !pfnDosQuerySysState ) + DosFreeModule( hmodDosCalls ); + } + + fInit = TRUE; + } + + while( length ) + { + if( pfnDosPerfSysCall ) + { + buf = gcry_xcalloc( ulCpuCount, BUF_SIZE_CPUUTIL ); + + /* Query CPU utilization snapshot */ + if( !pfnDosPerfSysCall( 0x63, ( ULONG )buf, 0, 0 )) + ADD( buf, BUF_SIZE_CPUUTIL * ulCpuCount, origin, length ); + + gcry_free( buf ); + } + + if( hmodTcpIp32 ) + { + int s; + + s = pfnsocket( PF_INET, SOCK_RAW, 0 ); + + if( s != -1 ) + { + buf = gcry_xmalloc( BUF_SIZE_IFMIB ); + + if( !pfnos2_ioctl( s, SIOSTATIF, ( caddr_t )buf, + BUF_SIZE_IFMIB )) + ADD( buf, BUF_SIZE_IFMIB, origin, length ); + + gcry_free( buf ); + + pfnsoclose( s ); + } + } + + if( hmodNetApi32 ) + { + ULONG ulAvail; + + buf = gcry_xmalloc( BUF_SIZE_REQUESTER ); + + if( !pfnNet32StatisticsGet2( NULL, "REQUESTER", 0, 0, 1, buf, + BUF_SIZE_REQUESTER, &ulAvail )) + ADD( buf, BUF_SIZE_REQUESTER, origin, length ); + + gcry_free( buf ); + + buf = gcry_xmalloc( BUF_SIZE_SERVER ); + + if( !pfnNet32StatisticsGet2( NULL, "SERVER", 0, 0, 1, buf, + BUF_SIZE_SERVER, &ulAvail )) + ADD( buf, BUF_SIZE_SERVER, origin, length ); + + gcry_free( buf ); + } + + if( pfnDosQuerySysState ) + { + size_t bufSize = BUF_SIZE_SYS_STATE; + + /* Allocate additional memory because DosQuerySysState() + sometimes seems to overwrite to a memory boundary. */ + buf = gcry_xmalloc( bufSize + BUF_SIZE_SYS_STATE_MARGIN ); + + do + { + /* Query all the system information supported by OS */ + rc = DosQuerySysState( QS_SUPPORTED, 0, 0, 0, ( PCHAR )buf, + bufSize ); + if( rc == ERROR_BUFFER_OVERFLOW ) + { + bufSize += BUF_SIZE_SYS_STATE_DELTA; + gcry_free( buf ); + buf = gcry_xmalloc( bufSize + + BUF_SIZE_SYS_STATE_MARGIN ); + } + } while( rc == ERROR_BUFFER_OVERFLOW ); + + if( !rc ) + ADD( buf, bufSize, origin, length ); + + gcry_free( buf ); + } + +#define ADD_QSV( ord ) \ + do { \ + ULONG ulSV; \ + DosQuerySysInfo( ord, ord, &ulSV, sizeof( ulSV )); \ + ADD( &ulSV, sizeof( ulSV ), origin, length ); \ + } while( 0 ) + + /* Fail safe */ + ADD_QSV( QSV_MS_COUNT ); + ADD_QSV( QSV_TIME_LOW ); + ADD_QSV( QSV_TIME_HIGH ); + ADD_QSV( QSV_TOTAVAILMEM ); + ADD_QSV( QSV_FOREGROUND_FS_SESSION ); + ADD_QSV( QSV_FOREGROUND_PROCESS ); + } + + return 0; +} diff --git a/src/hmac256.c b/src/hmac256.c index 34def76..a887e99 100644 --- a/src/hmac256.c +++ b/src/hmac256.c @@ -52,7 +52,10 @@ #include #include #include -#if defined(__WIN32) && defined(STANDALONE) +#if (defined(__WIN32) || defined(__OS2__)) && defined(STANDALONE) +# ifdef __OS2__ +# include +# endif # include /* We need setmode(). */ #endif @@ -658,7 +661,7 @@ main (int argc, char **argv) int use_binary = 0; assert (sizeof (u32) == 4); -#ifdef __WIN32 +#if defined(__WIN32) || defined(__OS2__) setmode (fileno (stdin), O_BINARY); #endif @@ -707,7 +710,7 @@ main (int argc, char **argv) exit (1); } -#ifdef __WIN32 +#if defined(__WIN32) || defined(__OS2__) if (use_binary) setmode (fileno (stdout), O_BINARY); #endif diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c index 2d4c362..d1be32d 100644 --- a/tests/fipsdrv.c +++ b/tests/fipsdrv.c @@ -29,6 +29,10 @@ #ifdef HAVE_W32_SYSTEM # include /* We need setmode(). */ #else +# ifdef HAVE_DOSISH_SYSTEM +# include /* We need setmode(). */ +# include /* We need O_BINARY */ +# endif # include #endif #include ----------------------------------------------------------------------- Summary of changes: README | 6 +- configure.ac | 20 ++++ doc/Makefile.am | 6 +- random/rand-internal.h | 6 + random/random-csprng.c | 5 + random/rndos2.c | 243 ++++++++++++++++++++++++++++++++++++++++++++++++ src/hmac256.c | 9 +- tests/fipsdrv.c | 4 + 8 files changed, 291 insertions(+), 8 deletions(-) create mode 100644 random/rndos2.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 31 16:02:29 2012 From: cvs at cvs.gnupg.org (by KO Myung-Hun) Date: Thu, 31 May 2012 16:02:29 +0200 Subject: [git] GCRYPT - branch, OS2-BRANCH, updated. libgcrypt-1.5.0-31-g32dc494 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, OS2-BRANCH has been updated via 32dc49474e83140a6717903db3a8885ebaaaf6fb (commit) via edddd7baaa7554b33ad9701078addb5ee05c36af (commit) from ae8d5037644e6f7f51d308f24d1d3839d986bf0f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 32dc49474e83140a6717903db3a8885ebaaaf6fb Author: KO Myung-Hun Date: Thu May 31 20:39:34 2012 +0900 Remove a dependency on APIs specific to some OS/2 version * random/rndos2.c (_gcry_rndos2_gather_random): Use pfnDosQuerySysState() not DosQuerySysState() diff --git a/random/rndos2.c b/random/rndos2.c index 4d82238..9b0673c 100644 --- a/random/rndos2.c +++ b/random/rndos2.c @@ -208,8 +208,8 @@ _gcry_rndos2_gather_random( void ( *add )( const void *, size_t, do { /* Query all the system information supported by OS */ - rc = DosQuerySysState( QS_SUPPORTED, 0, 0, 0, ( PCHAR )buf, - bufSize ); + rc = pfnDosQuerySysState( QS_SUPPORTED, 0, 0, 0, ( PCHAR )buf, + bufSize ); if( rc == ERROR_BUFFER_OVERFLOW ) { bufSize += BUF_SIZE_SYS_STATE_DELTA; commit edddd7baaa7554b33ad9701078addb5ee05c36af Author: KO Myung-Hun Date: Fri Mar 9 22:01:37 2012 +0900 Fix a potential crash * random/rndos2.c (_gcry_rndos2_gather_random): Initialize a module handle if DosLoadModule() fails. diff --git a/random/rndos2.c b/random/rndos2.c index a006bd2..4d82238 100644 --- a/random/rndos2.c +++ b/random/rndos2.c @@ -85,7 +85,6 @@ _gcry_rndos2_gather_random( void ( *add )( const void *, size_t, { CHAR szFail[ 260 ]; - hmodTcpIp32 = NULLHANDLE; if( !DosLoadModule( szFail, sizeof( szFail ), "tcpip32", &hmodTcpIp32 )) { @@ -107,8 +106,9 @@ _gcry_rndos2_gather_random( void ( *add )( const void *, size_t, hmodTcpIp32 = NULLHANDLE; } } + else + hmodTcpIp32 = NULLHANDLE; - hmodNetApi32 = NULLHANDLE; if( !DosLoadModule( szFail, sizeof( szFail ), "netapi32", &hmodNetApi32 )) { @@ -120,6 +120,8 @@ _gcry_rndos2_gather_random( void ( *add )( const void *, size_t, hmodNetApi32 = NULLHANDLE; } } + else + hmodNetApi32 = NULLHANDLE; pfnDosPerfSysCall = NULL; pfnDosQuerySysState = NULL; ----------------------------------------------------------------------- Summary of changes: random/rndos2.c | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org