[git] GnuPG - branch, wk/test-gpgrt-estream, updated. gnupg-2.1.0-beta783-24-g98f6529

by Werner Koch cvs at cvs.gnupg.org
Mon Sep 8 18:24:55 CEST 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, wk/test-gpgrt-estream has been updated
       via  98f65291d7abecc1e4d618125f33b6ce759e0892 (commit)
       via  a94674c54e774803a2efba36b962f3b95f8ebb14 (commit)
      from  1449a22d2e43ae0ae127260a925e3a2c92b5f7a5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 98f65291d7abecc1e4d618125f33b6ce759e0892
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Sep 8 18:25:06 2014 +0200

    gpg: Fix memory leak in ECC encryption.
    
    * g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
    handling.

diff --git a/g10/pkglue.c b/g10/pkglue.c
index 67d2efd..684ce8a 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -190,7 +190,9 @@ int
 pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
             PKT_public_key *pk, gcry_mpi_t *pkey)
 {
-  gcry_sexp_t s_ciph, s_data, s_pkey;
+  gcry_sexp_t s_ciph = NULL;
+  gcry_sexp_t s_data = NULL;
+  gcry_sexp_t s_pkey = NULL;
   int rc;
 
   /* Make a sexp from pkey.  */
@@ -200,9 +202,8 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
 			    "(public-key(elg(p%m)(g%m)(y%m)))",
 			    pkey[0], pkey[1], pkey[2]);
       /* Put DATA into a simplified S-expression.  */
-      if (rc || gcry_sexp_build (&s_data, NULL, "%m", data))
-        BUG ();
-
+      if (!rc)
+        rc = gcry_sexp_build (&s_data, NULL, "%m", data);
     }
   else if (algo == PUBKEY_ALGO_RSA || algo == PUBKEY_ALGO_RSA_E)
     {
@@ -210,40 +211,42 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
 			    "(public-key(rsa(n%m)(e%m)))",
 			    pkey[0], pkey[1]);
       /* Put DATA into a simplified S-expression.  */
-      if (rc || gcry_sexp_build (&s_data, NULL, "%m", data))
-        BUG ();
+      if (!rc)
+        rc = gcry_sexp_build (&s_data, NULL, "%m", data);
     }
   else if (algo == PUBKEY_ALGO_ECDH)
     {
       gcry_mpi_t k;
-      char *curve;
 
       rc = pk_ecdh_generate_ephemeral_key (pkey, &k);
-      if (rc)
-        return rc;
-
-      curve = openpgp_oid_to_str (pkey[0]);
-      if (!curve)
-        rc = gpg_error_from_syserror ();
-      else
+      if (!rc)
         {
-          /* Now use the ephemeral secret to compute the shared point.  */
-          rc = gcry_sexp_build (&s_pkey, NULL,
-                                "(public-key(ecdh(curve%s)(q%m)))",
-                                curve, pkey[1]);
-          xfree (curve);
-          /* FIXME: Take care of RC.  */
-          /* Put K into a simplified S-expression.  */
-          if (rc || gcry_sexp_build (&s_data, NULL, "%m", k))
-            BUG ();
+          char *curve;
+
+          curve = openpgp_oid_to_str (pkey[0]);
+          if (!curve)
+            rc = gpg_error_from_syserror ();
+          else
+            {
+              /* Now use the ephemeral secret to compute the shared point.  */
+              rc = gcry_sexp_build (&s_pkey, NULL,
+                                    "(public-key(ecdh(curve%s)(q%m)))",
+                                    curve, pkey[1]);
+              xfree (curve);
+              /* Put K into a simplified S-expression.  */
+              if (!rc)
+                rc = gcry_sexp_build (&s_data, NULL, "%m", k);
+            }
+          gcry_mpi_release (k);
         }
     }
   else
-    return gpg_error (GPG_ERR_PUBKEY_ALGO);
-
+    rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
 
   /* Pass it to libgcrypt. */
-  rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+  if (!rc)
+    rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+
   gcry_sexp_release (s_data);
   gcry_sexp_release (s_pkey);
 

commit a94674c54e774803a2efba36b962f3b95f8ebb14
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Sep 3 09:45:20 2014 +0200

    doc: Remove some stuff for the very incomplete instguide.
    
    --

diff --git a/doc/instguide.texi b/doc/instguide.texi
index d6815e2..aff3955 100644
--- a/doc/instguide.texi
+++ b/doc/instguide.texi
@@ -13,7 +13,7 @@ include brief information on how to set up the whole thing.  Please
 watch the GnuPG website for updates of the documentation.  In the
 meantime you may search the GnuPG mailing list archives or ask on the
 gnupg-users mailing listsfor advise on how to solve problems or how to
-get that whole thing up and running. 
+get that whole thing up and running.
 
 ** Building the software
 
@@ -22,7 +22,7 @@ that you are already reading this documentation we can only give some
 extra hints
 
 To comply with the rules on GNU systems you should have build time
-configured @command{dirmngr} using:
+configured @command{gnupg} using:
 
 @example
 ./configure --sysconfdir=/etc --localstatedir=/var
@@ -36,19 +36,7 @@ the binaries get installed.  If you selected to use the
 the default then.
 
 
-
-** Explain how to setup a root CA key as trusted
-
-
-Such questions may also help to write a proper installation guide.
-
-[to be written]
-
-
-XXX Tell how to setup the system, install certificates, how dirmngr relates
-to GnuPG etc.
-
-** Explain how to setup a root CA key as trusted
+** Notes on setting a root CA key to trusted
 
 X.509 is based on a hierarchical key infrastructure.  At the root of the
 tree a trusted anchor (root certificate) is required.  There are usually
@@ -64,28 +52,26 @@ contains a few root certificates.  Most installations will need more.
 
 @item
 Let @command{gpgsm} ask you whether you want to insert a new root
-certificate.  To enable this feature you need to set the option
- at option{allow-mark-trusted} into @file{gpg-agent.conf}.  In general it
-is not a good idea to do it this way.  Checking whether a root
-certificate is really trustworthy requires decisions, which casual
-users are not up to.  Thus, by default this option is not enabled.
+certificate.  This feature is enabled by default; you may disable it
+using the option @option{no-allow-mark-trusted} into
+ at file{gpg-agent.conf}.
 
- at item 
+ at item
 Manually maintain the list of trusted root certificates. For a multi
 user installation this can be done once for all users on a machine.
-Specific changes on a per-user base are also possible. 
+Specific changes on a per-user base are also possible.
 @end itemize
 
-XXX decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt.
-
-
-** How to get the ssh support running
+ at c decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt.
 
-XXX How to use the ssh support.
 
+ at c ** How to get the ssh support running
+ at c
+ at c XXX How to use the ssh support.
 
- at section Installation Overview 
 
-XXXX
+ at c @section Installation Overview
+ at c
+ at c XXXX
 
 

-----------------------------------------------------------------------

Summary of changes:
 doc/instguide.texi |   44 ++++++++++++++---------------------------
 g10/pkglue.c       |   55 +++++++++++++++++++++++++++-------------------------
 2 files changed, 44 insertions(+), 55 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list