From 7d63aa42e5d2c086810e3d7eca64a01f366b4e88 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 29 Sep 2008 15:02:55 +0000 Subject: [PATCH] Remove hacks which are not anymore needed since we now require Libgcrypt 1.4 --- ChangeLog | 4 + NEWS | 4 + TODO | 24 +-- agent/ChangeLog | 6 + agent/agent.h | 6 +- agent/command.c | 4 +- agent/divert-scd.c | 2 +- agent/pksign.c | 2 +- configure.ac | 2 +- g10/ChangeLog | 11 + g10/gpg.c | 23 +-- g10/options.skel | 1 + g10/seskey.c | 6 +- g10/sign.c | 4 +- g10/skclist.c | 13 +- jnlib/ChangeLog | 7 + jnlib/argparse.c | 433 +++++++++++++++++++++++----------------- jnlib/argparse.h | 13 ++ jnlib/libjnlib-config.h | 4 +- scd/ChangeLog | 6 + scd/app-p15.c | 8 +- scd/scdaemon.h | 6 +- sm/ChangeLog | 7 + sm/certcheck.c | 10 +- sm/certreqgen-ui.c | 2 +- sm/gpgsm.c | 6 +- sm/sign.c | 5 +- 27 files changed, 348 insertions(+), 271 deletions(-) diff --git a/ChangeLog b/ChangeLog index 973a359af..71f72afbf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2008-09-29 Werner Koch + + * configure.ac: Require libgcrypt 1.4. + 2008-08-27 David Shaw * configure.ac: Use printf for the most portable SVN version diff --git a/NEWS b/NEWS index 853a61cb8..bb14d52ac 100644 --- a/NEWS +++ b/NEWS @@ -16,6 +16,8 @@ Noteworthy changes in version 2.0.10 (unreleased) * [gpg] New options --with-sig-list and --with-sig-check. + * [gpg] The option "-sat" is no longer an alias for --clearsign. + * [gpgsm] Made --output option work with --export-secret-key-p12. * gpg-connect-agent accepts commands given as command line arguments. @@ -33,6 +35,8 @@ Noteworthy changes in version 2.0.10 (unreleased) * Support for version 2 OpenPGP cards. + * Libgcrypt 1.4 is now required. + Noteworthy changes in version 2.0.9 (2008-03-26) ------------------------------------------------ diff --git a/TODO b/TODO index 6f369dd39..ff7857991 100644 --- a/TODO +++ b/TODO @@ -51,7 +51,7 @@ * sm/export.c ** Return an error code or a status info per user ID. -* scd/tlv.c +* common/tlv.c The parse_sexp function should not go into this file. Check whether we can change all S-expression handling code to make use of this function. @@ -85,33 +85,13 @@ Replace by an estream based implementation. * jnlib/ -** provide jnlib_malloc and try to remove all jnlib_xmalloc. +** Try to remove all jnlib_xmalloc. * g10/ ** issue a NO_SECKEY xxxx if a -u key was not found. - -* When switching to libgcrypt 1.4 -** scd#encode_md_for_card, g10#encode_md_value, sm@do_encode_md - Remove the extra test for a valid algorithm as libgcrypt will do it - then in gcry_md_algo_info. -** skclist.c - Remove the hard coded constant in random_is_faked. -** g10/ Replace DIGEST_ALGO_SHA224 - We can't do that right now because it is only defined by newer - versions of libgcrypt. -** GCRY_MD_USER - Remove these definitions. -** MY_GCRY_PK_ECDSA - Remove this. -** MY_GCRY_MD_SHA224 - Remove this. - - * Extend selinux support to other modules -* Remove -sat PGP2 compatibility hack - * UTF-8 specific TODOs None. diff --git a/agent/ChangeLog b/agent/ChangeLog index 9711cd171..e076675ae 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,9 @@ +2008-09-29 Werner Koch + + * agent.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. + (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and + change all users. + 2008-09-25 Werner Koch * divert-scd.c (getpin_cb): Support a Reset Code style PINs.. diff --git a/agent/agent.h b/agent/agent.h index bf460b485..6a66add3f 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -36,10 +36,10 @@ /* To convey some special hash algorithms we use algorithm numbers reserved for application use. */ -#ifndef GCRY_MD_USER -#define GCRY_MD_USER 1024 +#ifndef GCRY_MODULE_ID_USER +#define GCRY_MODULE_ID_USER 1024 #endif -#define GCRY_MD_USER_TLS_MD5SHA1 (GCRY_MD_USER+1) +#define MD_USER_TLS_MD5SHA1 (GCRY_MODULE_ID_USER+1) /* Maximum length of a digest. */ #define MAX_DIGEST_LEN 36 diff --git a/agent/command.c b/agent/command.c index c7853a92c..f6bfaa64a 100644 --- a/agent/command.c +++ b/agent/command.c @@ -597,7 +597,7 @@ cmd_sethash (assuan_context_t ctx, char *line) else if (has_option (line, "--hash=md5")) algo = GCRY_MD_MD5; else if (has_option (line, "--hash=tls-md5sha1")) - algo = GCRY_MD_USER_TLS_MD5SHA1; + algo = MD_USER_TLS_MD5SHA1; else return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm"); } @@ -622,7 +622,7 @@ cmd_sethash (assuan_context_t ctx, char *line) if (rc) return rc; n /= 2; - if (algo == GCRY_MD_USER_TLS_MD5SHA1 && n == 36) + if (algo == MD_USER_TLS_MD5SHA1 && n == 36) ; else if (n != 16 && n != 20 && n != 24 && n != 32) return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash"); diff --git a/agent/divert-scd.c b/agent/divert-scd.c index b19302496..fc96fd1ca 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -335,7 +335,7 @@ divert_pksign (ctrl_t ctrl, if (rc) return rc; - if (algo == GCRY_MD_USER_TLS_MD5SHA1) + if (algo == MD_USER_TLS_MD5SHA1) { int save = ctrl->use_auth_call; ctrl->use_auth_call = 1; diff --git a/agent/pksign.c b/agent/pksign.c index 2973fb837..926438e87 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -181,7 +181,7 @@ agent_pksign_do (ctrl_t ctrl, const char *desc_text, gcry_sexp_t s_hash = NULL; /* Put the hash into a sexp */ - if (ctrl->digest.algo == GCRY_MD_USER_TLS_MD5SHA1) + if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) rc = do_encode_raw_pkcs1 (ctrl->digest.value, ctrl->digest.valuelen, gcry_pk_get_nbits (s_skey), diff --git a/configure.ac b/configure.ac index 5884514b0..010115ae2 100644 --- a/configure.ac +++ b/configure.ac @@ -39,7 +39,7 @@ development_version=no NEED_GPG_ERROR_VERSION=1.4 NEED_LIBGCRYPT_API=1 -NEED_LIBGCRYPT_VERSION=1.2.2 +NEED_LIBGCRYPT_VERSION=1.4.0 NEED_LIBASSUAN_API=1 NEED_LIBASSUAN_VERSION=1.0.4 diff --git a/g10/ChangeLog b/g10/ChangeLog index 9434509a6..0c8c54e6d 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,14 @@ +2008-09-29 Werner Koch + + * gpg.c (main): Remove -sat kludge. Note that we printed a + warning for two years. + + * seskey.c (encode_md_value): Remove extra gcry_md_test_algo since + it is not needed with Libgcrypt 1.4. + * skclist.c (random_is_faked): Simplify. + * sign.c (match_dsa_hash): Remove runtime check for SHA224. + * gpg.c (print_mds): Use GCRY_MD_SHA224 constant. + 2008-09-25 David Shaw * keyedit.c (keyedit_menu): Fix bug where a modified keyring loses diff --git a/g10/gpg.c b/g10/gpg.c index 0601f50f0..9dd17906d 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1,6 +1,6 @@ /* gpg.c - The GnuPG utility (main for gpg) * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006, 2007 Free Software Foundation, Inc. + * 2006, 2007, 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -3285,15 +3285,6 @@ main (int argc, char **argv) set_cmd( &cmd, aListKeys); } - /* kludge to let -sat generate a clear text signature */ - if( opt.textmode == 2 && !detached_sig && opt.armor && cmd == aSign ) - { - log_info ("compatibility note:\n"); - log_info ("\"-sat\" won't generate clear signed messages in " - "future versions\n"); - log_info ("Use \"--clearsign\" instead of \"-sat\"\n"); - cmd = aClearsign; - } if( opt.verbose > 1 ) set_packet_list_mode(1); @@ -4155,8 +4146,8 @@ print_mds( const char *fname, int algo ) gcry_md_enable (md, GCRY_MD_MD5); gcry_md_enable (md, GCRY_MD_SHA1); gcry_md_enable (md, GCRY_MD_RMD160); - if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224)) - gcry_md_enable (md, DIGEST_ALGO_SHA224); + if (!openpgp_md_test_algo (GCRY_MD_SHA224)) + gcry_md_enable (md, GCRY_MD_SHA224); if (!openpgp_md_test_algo (GCRY_MD_SHA256)) gcry_md_enable (md, GCRY_MD_SHA256); if (!openpgp_md_test_algo (GCRY_MD_SHA384)) @@ -4178,8 +4169,8 @@ print_mds( const char *fname, int algo ) print_hashline( md, GCRY_MD_MD5, fname ); print_hashline( md, GCRY_MD_SHA1, fname ); print_hashline( md, GCRY_MD_RMD160, fname ); - if (!gcry_md_test_algo (DIGEST_ALGO_SHA224)) - print_hashline (md, DIGEST_ALGO_SHA224, fname); + if (!gcry_md_test_algo (GCRY_MD_SHA224)) + print_hashline (md, GCRY_MD_SHA224, fname); if (!gcry_md_test_algo (GCRY_MD_SHA256)) print_hashline( md, GCRY_MD_SHA256, fname ); if (!gcry_md_test_algo (GCRY_MD_SHA384)) @@ -4195,8 +4186,8 @@ print_mds( const char *fname, int algo ) print_hex( md, GCRY_MD_MD5, fname ); print_hex( md, GCRY_MD_SHA1, fname ); print_hex( md, GCRY_MD_RMD160, fname ); - if (!gcry_md_test_algo (DIGEST_ALGO_SHA224)) - print_hex (md, DIGEST_ALGO_SHA224, fname); + if (!gcry_md_test_algo (GCRY_MD_SHA224)) + print_hex (md, GCRY_MD_SHA224, fname); if (!gcry_md_test_algo (GCRY_MD_SHA256)) print_hex( md, GCRY_MD_SHA256, fname ); if (!gcry_md_test_algo (GCRY_MD_SHA384)) diff --git a/g10/options.skel b/g10/options.skel index aa47305c9..deb71c911 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -128,6 +128,7 @@ require-cross-certification # the "--keyserver-options debug". keyserver hkp://keys.gnupg.net +#keyserver http://http-keys.gnupg.net #keyserver mailto:pgp-public-keys@keys.nl.pgp.net #keyserver ldap://pgp.surfnet.nl:11370 #keyserver ldap://keyserver.pgp.com diff --git a/g10/seskey.c b/g10/seskey.c index b843530dc..cc3c32ea7 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -265,11 +265,9 @@ encode_md_value (PKT_public_key *pk, PKT_secret_key *sk, byte *asn; size_t asnlen; - rc = gcry_md_test_algo (hash_algo); - if (!rc) - rc = gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, NULL, &asnlen); + rc = gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, NULL, &asnlen); if (rc) - log_fatal ("can't get OID of algo %d: %s\n", + log_fatal ("can't get OID of digest algorithm %d: %s\n", hash_algo, gpg_strerror (rc)); asn = xmalloc (asnlen); if ( gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, asn, &asnlen) ) diff --git a/g10/sign.c b/g10/sign.c index 022622b20..597aba786 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -346,9 +346,7 @@ match_dsa_hash (unsigned int qbytes) if (qbytes <= 20) return DIGEST_ALGO_SHA1; - /* SHA244 is only available with libgcrypt 1.4 - thus do a runtime - test. */ - if (qbytes <= 28 && !gcry_md_test_algo (DIGEST_ALGO_SHA224)) + if (qbytes <= 28) return DIGEST_ALGO_SHA224; if (qbytes <= 32) diff --git a/g10/skclist.c b/g10/skclist.c index 405f3f516..22f2c0c8d 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -41,18 +41,7 @@ int random_is_faked (void) { - /* We use a runtime check to allow for slow migrattion of libgcrypt. - We can't use the constant becuase that one is actually an enum - value. */ - gpg_error_t err = gcry_control ( 51 /*GCRYCTL_FAKED_RANDOM_P*/, 0); - - if (!err) - return 0; - if (gpg_err_code (err) != GPG_ERR_INV_OP) - return 1; - log_info ("WARNING: libgcrypt too old.\n"); - log_info (" can't check whether we are in faked RNG mode\n"); - return 0; /* Need to return false. */ + return !!gcry_control ( GCRYCTL_FAKED_RANDOM_P, 0); } diff --git a/jnlib/ChangeLog b/jnlib/ChangeLog index c7bef6086..a530a478d 100644 --- a/jnlib/ChangeLog +++ b/jnlib/ChangeLog @@ -1,3 +1,10 @@ +2008-09-29 Werner Koch + + * argparse.c (ARGERR_): Use constants for error values. + (optfile_parse): Prettify. Replace xmalloc and xrealloc by malloc + and realloc. + * libjnlib-config.h (jnlib_strdup, jnlib_realloc): New. + 2008-06-26 Werner Koch * stringhelp.c (print_sanitized_buffer2): Loose check for control diff --git a/jnlib/argparse.c b/jnlib/argparse.c index 443a1e77e..120b09eb8 100644 --- a/jnlib/argparse.c +++ b/jnlib/argparse.c @@ -34,6 +34,7 @@ #include "argparse.h" + /********************************* * @Summary arg_parse * #include @@ -172,18 +173,20 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno ) if (filename) { - if ( arg->r_opt == -6 ) + if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG ) s = _("argument not expected"); - else if ( arg->r_opt == -5 ) + else if ( arg->r_opt == ARGPARSE_READ_ERROR ) s = _("read error"); - else if ( arg->r_opt == -4 ) + else if ( arg->r_opt == ARGPARSE_KEYWORD_TOO_LONG ) s = _("keyword too long"); - else if ( arg->r_opt == -3 ) + else if ( arg->r_opt == ARGPARSE_MISSING_ARG ) s = _("missing argument"); - else if ( arg->r_opt == -7 ) + else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND ) s = _("invalid command"); - else if ( arg->r_opt == -10 ) + else if ( arg->r_opt == ARGPARSE_INVALID_ALIAS ) s = _("invalid alias definition"); + else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE ) + s = _("out of core"); else s = _("invalid option"); jnlib_log_error ("%s:%u: %s\n", filename, *lineno, s); @@ -192,17 +195,19 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno ) { s = arg->internal.last? arg->internal.last:"[??]"; - if ( arg->r_opt == -3 ) + if ( arg->r_opt == ARGPARSE_MISSING_ARG ) jnlib_log_error (_("missing argument for option \"%.50s\"\n"), s); - else if ( arg->r_opt == -6 ) + else if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG ) jnlib_log_error (_("option \"%.50s\" does not expect an " "argument\n"), s ); - else if ( arg->r_opt == -7 ) + else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND ) jnlib_log_error (_("invalid command \"%.50s\"\n"), s); - else if ( arg->r_opt == -8 ) + else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION ) jnlib_log_error (_("option \"%.50s\" is ambiguous\n"), s); - else if ( arg->r_opt == -9 ) + else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION ) jnlib_log_error (_("command \"%.50s\" is ambiguous\n"),s ); + else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE ) + jnlib_log_error ("%s\n", _("out of core\n")); else jnlib_log_error (_("invalid option \"%.50s\"\n"), s); } @@ -251,181 +256,246 @@ store_alias( ARGPARSE_ARGS *arg, char *name, char *value ) * Note: Abbreviation of options is here not allowed. */ int -optfile_parse( FILE *fp, const char *filename, unsigned *lineno, +optfile_parse (FILE *fp, const char *filename, unsigned *lineno, ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) { - int state, i, c; - int idx=0; - char keyword[100]; - char *buffer = NULL; - size_t buflen = 0; - int inverse=0; - int in_alias=0; + int state, i, c; + int idx=0; + char keyword[100]; + char *buffer = NULL; + size_t buflen = 0; + int in_alias=0; + + if (!fp) /* Divert to to arg_parse() in this case. */ + return arg_parse (arg, opts); + + initialize (arg, filename, lineno); - if( !fp ) /* same as arg_parse() in this case */ - return arg_parse( arg, opts ); + /* Find the next keyword. */ + state = i = 0; + for (;;) + { + c = getc (fp); + if (c == '\n' || c== EOF ) + { + if ( c != EOF ) + ++*lineno; + if (state == -1) + break; + else if (state == 2) + { + keyword[i] = 0; + for (i=0; opts[i].short_opt; i++ ) + { + if (opts[i].long_opt && !strcmp (opts[i].long_opt, keyword)) + break; + } + idx = i; + arg->r_opt = opts[idx].short_opt; + if (!opts[idx].short_opt ) + arg->r_opt = ((opts[idx].flags & 256) + ? ARGPARSE_INVALID_COMMAND + : ARGPARSE_INVALID_OPTION); + else if (!(opts[idx].flags & 7)) + arg->r_type = 0; /* Does not take an arg. */ + else if ((opts[idx].flags & 8) ) + arg->r_type = 0; /* Arg is optional. */ + else + arg->r_opt = ARGPARSE_MISSING_ARG; - initialize( arg, filename, lineno ); - - /* find the next keyword */ - state = i = 0; - for(;;) { - c=getc(fp); - if( c == '\n' || c== EOF ) { - if( c != EOF ) - ++*lineno; - if( state == -1 ) - break; - else if( state == 2 ) { - keyword[i] = 0; - for(i=0; opts[i].short_opt; i++ ) - if( opts[i].long_opt && !strcmp( opts[i].long_opt, keyword) ) - break; - idx = i; - arg->r_opt = opts[idx].short_opt; - if( inverse ) /* this does not have an effect, hmmm */ - arg->r_opt = -arg->r_opt; - if( !opts[idx].short_opt ) /* unknown command/option */ - arg->r_opt = (opts[idx].flags & 256)? -7:-2; - else if( !(opts[idx].flags & 7) ) /* does not take an arg */ - arg->r_type = 0; /* okay */ - else if( (opts[idx].flags & 8) ) /* argument is optional */ - arg->r_type = 0; /* okay */ - else /* required argument */ - arg->r_opt = -3; /* error */ - break; + break; } - else if( state == 3 ) { /* no argument found */ - if( in_alias ) - arg->r_opt = -3; /* error */ - else if( !(opts[idx].flags & 7) ) /* does not take an arg */ - arg->r_type = 0; /* okay */ - else if( (opts[idx].flags & 8) ) /* no optional argument */ - arg->r_type = 0; /* okay */ - else /* no required argument */ - arg->r_opt = -3; /* error */ - break; - } - else if( state == 4 ) { /* have an argument */ - if( in_alias ) { - if( !buffer ) - arg->r_opt = -6; - else { - char *p; + else if (state == 3) + { + /* No argument found. */ + if (in_alias) + arg->r_opt = ARGPARSE_MISSING_ARG; + else if (!(opts[idx].flags & 7)) + arg->r_type = 0; /* Does not take an arg. */ + else if ((opts[idx].flags & 8)) + arg->r_type = 0; /* No optional argument. */ + else + arg->r_opt = ARGPARSE_MISSING_ARG; - buffer[i] = 0; - p = strpbrk( buffer, " \t" ); - if( p ) { - *p++ = 0; - trim_spaces( p ); - } - if( !p || !*p ) { - jnlib_free( buffer ); - arg->r_opt = -10; - } - else { - store_alias( arg, buffer, p ); + break; + } + else if (state == 4) + { + /* Has an argument. */ + if (in_alias) + { + if (!buffer) + arg->r_opt = ARGPARSE_UNEXPECTED_ARG; + else + { + char *p; + + buffer[i] = 0; + p = strpbrk (buffer, " \t"); + if (p) + { + *p++ = 0; + trim_spaces (p); } + if (!p || !*p) + { + jnlib_free (buffer); + arg->r_opt = ARGPARSE_INVALID_ALIAS; + } + else + { + store_alias (arg, buffer, p); + } } } - else if( !(opts[idx].flags & 7) ) /* does not take an arg */ - arg->r_opt = -6; /* error */ - else { - char *p; - if( !buffer ) { - keyword[i] = 0; - buffer = jnlib_xstrdup(keyword); - } - else - buffer[i] = 0; + else if (!(opts[idx].flags & 7)) + arg->r_opt = ARGPARSE_UNEXPECTED_ARG; + else + { + char *p; - trim_spaces( buffer ); - p = buffer; - if( *p == '"' ) { /* remove quotes */ - p++; - if( *p && p[strlen(p)-1] == '"' ) - p[strlen(p)-1] = 0; + if (!buffer) + { + keyword[i] = 0; + buffer = jnlib_strdup (keyword); + if (!buffer) + arg->r_opt = ARGPARSE_OUT_OF_CORE; } - if( !set_opt_arg(arg, opts[idx].flags, p) ) + else + buffer[i] = 0; + + if (buffer) + { + trim_spaces (buffer); + p = buffer; + if (*p == '"') + { + /* Remove quotes. */ + p++; + if (*p && p[strlen(p)-1] == '\"' ) + p[strlen(p)-1] = 0; + } + if (!set_opt_arg (arg, opts[idx].flags, p)) jnlib_free(buffer); - } - break; - } - else if( c == EOF ) { - if( ferror(fp) ) - arg->r_opt = -5; /* read error */ - else - arg->r_opt = 0; /* eof */ - break; - } - state = 0; - i = 0; - } - else if( state == -1 ) - ; /* skip */ - else if( !state && isspace(c) ) - ; /* skip leading white space */ - else if( !state && c == '#' ) - state = 1; /* start of a comment */ - else if( state == 1 ) - ; /* skip comments */ - else if( state == 2 && isspace(c) ) { - keyword[i] = 0; - for(i=0; opts[i].short_opt; i++ ) - if( opts[i].long_opt && !strcmp( opts[i].long_opt, keyword) ) - break; - idx = i; - arg->r_opt = opts[idx].short_opt; - if( !opts[idx].short_opt ) { - if( !strcmp( keyword, "alias" ) ) { - in_alias = 1; - state = 3; - } - else { - arg->r_opt = (opts[idx].flags & 256)? -7:-2; - state = -1; /* skip rest of line and leave */ - } - } - else - state = 3; - } - else if( state == 3 ) { /* skip leading spaces of the argument */ - if( !isspace(c) ) { - i = 0; - keyword[i++] = c; - state = 4; - } - } - else if( state == 4 ) { /* collect the argument */ - if( buffer ) { - if( i < buflen-1 ) - buffer[i++] = c; - else { - buflen += 50; - buffer = jnlib_xrealloc(buffer, buflen); - buffer[i++] = c; - } - } - else if( i < DIM(keyword)-1 ) - keyword[i++] = c; - else { - buflen = DIM(keyword)+50; - buffer = jnlib_xmalloc(buflen); - memcpy(buffer, keyword, i); - buffer[i++] = c; - } - } - else if( i >= DIM(keyword)-1 ) { - arg->r_opt = -4; /* keyword to long */ - state = -1; /* skip rest of line and leave */ - } - else { - keyword[i++] = c; - state = 2; - } - } + } + } + break; + } + else if (c == EOF) + { + if (ferror (fp)) + arg->r_opt = ARGPARSE_READ_ERROR; + else + arg->r_opt = 0; /* EOF. */ + break; + } + state = 0; + i = 0; + } + else if (state == -1) + ; /* Skip. */ + else if (state == 0 && isascii (c) && isspace(c)) + ; /* Skip leading white space. */ + else if (state == 0 && c == '#' ) + state = 1; /* Start of a comment. */ + else if (state == 1) + ; /* Skip comments. */ + else if (state == 2 && isascii (c) && isspace(c)) + { + /* Check keyword. */ + keyword[i] = 0; + for (i=0; opts[i].short_opt; i++ ) + if (opts[i].long_opt && !strcmp (opts[i].long_opt, keyword)) + break; + idx = i; + arg->r_opt = opts[idx].short_opt; + if (!opts[idx].short_opt) + { + if (!strcmp (keyword, "alias")) + { + in_alias = 1; + state = 3; + } + else + { + arg->r_opt = ((opts[idx].flags & 256) + ? ARGPARSE_INVALID_COMMAND + : ARGPARSE_INVALID_OPTION); + state = -1; /* Skip rest of line and leave. */ + } + } + else + state = 3; + } + else if (state == 3) + { + /* Skip leading spaces of the argument. */ + if (!isascii (c) || !isspace(c)) + { + i = 0; + keyword[i++] = c; + state = 4; + } + } + else if (state == 4) + { + /* Collect the argument. */ + if (buffer) + { + if (i < buflen-1) + buffer[i++] = c; + else + { + char *tmp; + size_t tmplen = buflen + 50; - return arg->r_opt; + tmp = jnlib_realloc (buffer, tmplen); + if (tmp) + { + buflen = tmplen; + buffer = tmp; + buffer[i++] = c; + } + else + { + jnlib_free (buffer); + arg->r_opt = ARGPARSE_OUT_OF_CORE; + break; + } + } + } + else if (i < DIM(keyword)-1) + keyword[i++] = c; + else + { + size_t tmplen = DIM(keyword) + 50; + buffer = jnlib_malloc (tmplen); + if (buffer) + { + buflen = tmplen; + memcpy(buffer, keyword, i); + buffer[i++] = c; + } + else + { + arg->r_opt = ARGPARSE_OUT_OF_CORE; + break; + } + } + } + else if (i >= DIM(keyword)-1) + { + arg->r_opt = ARGPARSE_KEYWORD_TOO_LONG; + state = -1; /* Skip rest of line and leave. */ + } + else + { + keyword[i++] = c; + state = 2; + } + } + + return arg->r_opt; } @@ -504,7 +574,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) arg->internal.last = s; if( arg->internal.stopped && (arg->flags & (1<<1)) ) { - arg->r_opt = -1; /* not an option but a argument */ + arg->r_opt = ARGPARSE_IS_ARG; /* Not an option but an argument. */ arg->r_type = 2; arg->r.ret_str = s; argc--; argv++; idx++; /* set to next one */ @@ -551,10 +621,10 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) exit(0); } - if( i == -2 ) /* ambiguous option */ - arg->r_opt = -8; + if( i == -2 ) + arg->r_opt = ARGPARSE_AMBIGUOUS_OPTION; else if( i == -1 ) { - arg->r_opt = -2; + arg->r_opt = ARGPARSE_INVALID_OPTION; arg->r.ret_str = s+2; } else @@ -573,7 +643,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) arg->r_type = 0; /* because it is optional */ } else if( !s2 ) { - arg->r_opt = -3; /* missing argument */ + arg->r_opt = ARGPARSE_MISSING_ARG; } else if( !argpos && *s2 == '-' && (opts[i].flags & 8) ) { /* the argument is optional and the next seems to be @@ -622,7 +692,8 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) arg->r_opt = opts[i].short_opt; if( !opts[i].short_opt ) { - arg->r_opt = (opts[i].flags & 256)? -7:-2; + arg->r_opt = (opts[i].flags & 256)? + ARGPARSE_INVALID_COMMAND:ARGPARSE_INVALID_OPTION; arg->internal.inarg++; /* point to the next arg */ arg->r.ret_str = s; } @@ -637,7 +708,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) arg->r_type = 0; /* because it is optional */ } else if( !s2 ) { - arg->r_opt = -3; /* missing argument */ + arg->r_opt = ARGPARSE_MISSING_ARG; } else if( *s2 == '-' && s2[1] && (opts[i].flags & 8) ) { /* the argument is optional and the next seems to be @@ -662,7 +733,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) } } else if( arg->flags & (1<<2) ) { - arg->r_opt = -1; /* not an option but a argument */ + arg->r_opt = ARGPARSE_IS_ARG; arg->r_type = 2; arg->r.ret_str = s; argc--; argv++; idx++; /* set to next one */ diff --git a/jnlib/argparse.h b/jnlib/argparse.h index 7972438b8..a0ce43a43 100644 --- a/jnlib/argparse.h +++ b/jnlib/argparse.h @@ -55,6 +55,19 @@ typedef struct { } ARGPARSE_OPTS; +/* Error values. */ +#define ARGPARSE_IS_ARG (-1) +#define ARGPARSE_INVALID_OPTION (-2) +#define ARGPARSE_MISSING_ARG (-3) +#define ARGPARSE_KEYWORD_TOO_LONG (-4) +#define ARGPARSE_READ_ERROR (-5) +#define ARGPARSE_UNEXPECTED_ARG (-6) +#define ARGPARSE_INVALID_COMMAND (-7) +#define ARGPARSE_AMBIGUOUS_OPTION (-8) +#define ARGPARSE_AMBIGUOUS_COMMAND (-9) +#define ARGPARSE_INVALID_ALIAS (-10) +#define ARGPARSE_OUT_OF_CORE (-11) + int arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts); int optfile_parse( FILE *fp, const char *filename, unsigned *lineno, diff --git a/jnlib/libjnlib-config.h b/jnlib/libjnlib-config.h index 2738e99e6..5c6144286 100644 --- a/jnlib/libjnlib-config.h +++ b/jnlib/libjnlib-config.h @@ -65,13 +65,15 @@ /* Malloc functions to be used by jnlib. */ #define jnlib_malloc(a) gcry_malloc( (a) ) #define jnlib_calloc(a,b) gcry_calloc( (a), (b) ) +#define jnlib_realloc(a,b) gcry_realloc( (a), (b) ) +#define jnlib_strdup(a) gcry_strdup( (a) ) #define jnlib_xmalloc(a) gcry_xmalloc( (a) ) #define jnlib_xcalloc(a,b) gcry_xcalloc( (a), (b) ) #define jnlib_xrealloc(a,n) gcry_xrealloc( (a), (n) ) #define jnlib_xstrdup(a) gcry_xstrdup( (a) ) #define jnlib_free(a) gcry_free( (a) ) -/* Logging functions to be jused by jnlib. */ +/* Logging functions to be used by jnlib. */ #define jnlib_log_debug log_debug #define jnlib_log_info log_info #define jnlib_log_error log_error diff --git a/scd/ChangeLog b/scd/ChangeLog index c2d5916ae..dec9d87d5 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,9 @@ +2008-09-29 Werner Koch + + * scdaemon.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. + (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and + change all users. + 2008-09-28 Marcus Brinkmann * apdu.c (pcsc_get_status): Fix last change. diff --git a/scd/app-p15.c b/scd/app-p15.c index 31fb77ed4..4ac18d61a 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -2948,7 +2948,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, mse[0] = 4; /* Length of the template. */ mse[1] = 0x80; /* Algorithm reference tag. */ - if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1) + if (hashalgo == MD_USER_TLS_MD5SHA1) mse[2] = 0x01; /* Let card do pkcs#1 0xFF padding. */ else mse[2] = 0x02; /* RSASSA-PKCS1-v1.5 using SHA1. */ @@ -3124,7 +3124,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, if (indatalen == 36) { /* No ASN.1 container used. */ - if (hashalgo != GCRY_MD_USER_TLS_MD5SHA1) + if (hashalgo != MD_USER_TLS_MD5SHA1) return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); memcpy (data, indata, indatalen); } @@ -3187,7 +3187,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, return err; } - if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1) + if (hashalgo == MD_USER_TLS_MD5SHA1) err = iso7816_compute_ds (app->slot, data, 36, outdata, outdatalen); else if (no_data_padding) err = iso7816_compute_ds (app->slot, data+15, 20, outdata, outdatalen); @@ -3226,7 +3226,7 @@ do_auth (app_t app, const char *keyidstr, return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } - algo = indatalen == 36? GCRY_MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1; + algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1; return do_sign (app, keyidstr, algo, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); } diff --git a/scd/scdaemon.h b/scd/scdaemon.h index bfc9f358e..054aaa0f6 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -33,10 +33,10 @@ /* To convey some special hash algorithms we use algorithm numbers reserved for application use. */ -#ifndef GCRY_MD_USER -#define GCRY_MD_USER 1024 +#ifndef GCRY_MODULE_ID_USER +#define GCRY_MODULE_ID_USER 1024 #endif -#define GCRY_MD_USER_TLS_MD5SHA1 (GCRY_MD_USER+1) +#define MD_USER_TLS_MD5SHA1 (GCRY_MODULE_ID_USER+1) /* Maximum length of a digest. */ #define MAX_DIGEST_LEN 36 diff --git a/sm/ChangeLog b/sm/ChangeLog index cc644d753..21e204f01 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,10 @@ +2008-09-29 Werner Koch + + * certcheck.c (MY_GCRY_PK_ECDSA): Remove. Change users to + GCRY_PK_ECDSA. + * gpgsm.c (MY_GCRY_PK_ECDSA): Ditto. + * sign.c (MY_GCRY_MD_SHA224): Remove change users to GCRY_MD_SHA224. + 2008-09-04 Werner Koch * certdump.c (gpgsm_format_keydesc): Work around a mingw32 bug. diff --git a/sm/certcheck.c b/sm/certcheck.c index 7f26f80dc..51a809b8f 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -34,10 +34,6 @@ #include "i18n.h" -/* Remove this if libgcrypt 1.3.0 is required. */ -#define MY_GCRY_PK_ECDSA 301 - - /* Return the number of bits of the Q parameter from the DSA key KEY. */ static unsigned int @@ -75,11 +71,11 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, size_t nframe; unsigned char *frame; - if (pkalgo == GCRY_PK_DSA || pkalgo == MY_GCRY_PK_ECDSA) + if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA) { unsigned int qbits; - if ( pkalgo == MY_GCRY_PK_ECDSA ) + if ( pkalgo == GCRY_PK_ECDSA ) qbits = gcry_pk_get_nbits (pkey); else qbits = get_dsa_qbits (pkey); @@ -214,7 +210,7 @@ pk_algo_from_sexp (gcry_sexp_t pkey) /* Because this function is called only for verification we can assume that ECC actually means ECDSA. */ else if (n==3 && !memcmp (name, "ecc", 3)) - algo = MY_GCRY_PK_ECDSA; + algo = GCRY_PK_ECDSA; else if (n==13 && !memcmp (name, "ambiguous-rsa", 13)) algo = GCRY_PK_RSA; else diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c index f9e9930e5..3dc948f0b 100644 --- a/sm/certreqgen-ui.c +++ b/sm/certreqgen-ui.c @@ -300,7 +300,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, FILE *output_fp) goto leave; mem_error: - log_error (_("resource problem: out or core\n")); + log_error (_("resource problem: out of core\n")); leave: es_fclose (fp); xfree (keytype); diff --git a/sm/gpgsm.c b/sm/gpgsm.c index dfbe82675..36c1ea6b6 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -500,17 +500,13 @@ static FILE *open_fwrite (const char *filename); static estream_t open_es_fwrite (const char *filename); static void run_protect_tool (int argc, char **argv); -/* Remove this if libgcrypt 1.3.0 is required. */ -#define MY_GCRY_PK_ECDSA 301 - - static int our_pk_test_algo (int algo) { switch (algo) { case GCRY_PK_RSA: - case MY_GCRY_PK_ECDSA: + case GCRY_PK_ECDSA: return gcry_pk_test_algo (algo); default: return 1; diff --git a/sm/sign.c b/sm/sign.c index c87382ee8..fadd66469 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -33,9 +33,6 @@ #include "keydb.h" #include "i18n.h" -/* Remove this if libgcrypt 1.4 is required. */ -#define MY_GCRY_MD_SHA224 11 - static void hash_data (int fd, gcry_md_hd_t md) @@ -411,7 +408,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { case GCRY_MD_SHA1: oid = "1.3.14.3.2.26"; break; case GCRY_MD_RMD160: oid = "1.3.36.3.2.1"; break; - case MY_GCRY_MD_SHA224: oid = "2.16.840.1.101.3.4.2.4"; break; + case GCRY_MD_SHA224: oid = "2.16.840.1.101.3.4.2.4"; break; case GCRY_MD_SHA256: oid = "2.16.840.1.101.3.4.2.1"; break; case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break; case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break;