security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

(stream_read_string): Removed call to abort on 

memory error because the CVS version of libgcrypt makes sure
that ERRNO gets always set on error even with a faulty user
supplied function.
This commit is contained in:
Werner Koch 2005-02-22 18:08:28 +00:00
parent 2af725a37f
commit cf8f6d3cef
10 changed files with 87 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TODO
View File

@ -54,6 +54,8 @@ might want to have an agent context for each service request
** A SIGHUP should also restart the scdaemon
But do this only after all connections terminated. As of now we
only send a RESET.
** Watch the child process if not invoked as a daemon
and terminate after the child has terminated
* agent/command.c
** Make sure that secure memory is used where appropriate

7
agent/ChangeLog
View File

@ -1,3 +1,10 @@
2005-02-22 Werner Koch <wk@g10code.com>
* command-ssh.c (stream_read_string): Removed call to abort on
memory error because the CVS version of libgcrypt makes sure
that ERRNO gets always set on error even with a faulty user
supplied function.
2005-02-19 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do

2
agent/call-scd.c
View File

@ -296,7 +296,7 @@ learn_status_cb (void *opaque, const char *line)
return 0;
}
/* Perform the learn command and return a list of all private keys
/* Perform the LEARN command and return a list of all private keys
stored on the card. */
int
agent_card_learn (ctrl_t ctrl,

13
agent/command-ssh.c
View File

@ -215,15 +215,12 @@ static ssh_key_type_spec_t ssh_key_types[] =
/*
General utility functions.
*/
/* A secure realloc, i.e. it makes sure to allocate secure memory if A
is NULL. This is required becuase the standard gcry_realloc does
is NULL. This is required because the standard gcry_realloc does
not know whether to allocate secure or normal if NULL is passed as
existing buffer. */
static void *
@ -419,9 +416,7 @@ stream_read_string (estream_t stream, unsigned int secure,
buffer = xtrymalloc (length + 1);
if (! buffer)
{
/* FIXME: xtrymalloc_secure does not set errno, does it? */
err = gpg_error_from_errno (errno);
abort ();
goto out;
}
@ -1530,6 +1525,8 @@ ssh_handler_request_identities (ctrl_t ctrl,
free (key_directory);
xfree (key_path);
xfree (buffer);
/* FIXME: Ist is for sure is a Bad Thing to use the const qualifier
and later cast it away. You can't do that!!! */
xfree ((void *) key_type); /* FIXME? */
return ret_err;
@ -2159,7 +2156,7 @@ ssh_lock (void)
gpg_error_t err;
/* FIXME */
log_error (_("lock command is not implemented\n"));
log_error ("ssh-agent's lock command is not implemented\n");
err = 0;
return err;
@ -2170,7 +2167,7 @@ ssh_unlock (void)
{
gpg_error_t err;
log_error (_("unlock command is not implemented\n"));
log_error ("ssh-agent's unlock command is not implemented\n");
err = 0;
return err;

28
agent/learncard.c
View File

@ -31,11 +31,16 @@
#include "agent.h"
#include <assuan.h>
/* Structures used by the callback mechanism to convey information
pertaining to key pairs. */
struct keypair_info_s {
struct keypair_info_s *next;
int no_cert;
char *id; /* points into grip */
char hexgrip[1];
char *id; /* points into grip */
char hexgrip[1]; /* The keygrip (i.e. a hash over the public key
parameters) formatted as a hex string.
Allocated somewhat large to also act as
memeory for the above ID field. */
};
typedef struct keypair_info_s *KEYPAIR_INFO;
@ -45,6 +50,9 @@ struct kpinfo_cb_parm_s {
};
/* Structures used by the callback mechanism to convey information
pertaining to certificates. */
struct certinfo_s {
struct certinfo_s *next;
int type;
@ -59,6 +67,8 @@ struct certinfo_cb_parm_s {
};
/* Structures used by the callback mechanism to convey assuan status
lines. */
struct sinfo_s {
struct sinfo_s *next;
char *data; /* Points into keyword. */
@ -72,7 +82,7 @@ struct sinfo_cb_parm_s {
};
/* Destructor for key information objects. */
static void
release_keypair_info (KEYPAIR_INFO info)
{
@ -84,6 +94,7 @@ release_keypair_info (KEYPAIR_INFO info)
}
}
/* Destructor for certificate information objects. */
static void
release_certinfo (CERTINFO info)
{
@ -95,6 +106,7 @@ release_certinfo (CERTINFO info)
}
}
/* Destructor for status information objects. */
static void
release_sinfo (SINFO info)
{
@ -285,7 +297,7 @@ send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context)
}
/* Perform the learn operation. If ASSUAN_CONTEXT is not NULL all new
certificates are send via Assuan */
certificates are send back via Assuan. */
int
agent_handle_learn (ctrl_t ctrl, void *assuan_context)
{
@ -317,7 +329,7 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context)
if (rc)
goto leave;
/* now gather all the available info */
/* Now gather all the available info. */
rc = agent_card_learn (ctrl, kpinfo_cb, &parm, certinfo_cb, &cparm,
sinfo_cb, &sparm);
if (!rc && (parm.error || cparm.error || sparm.error))
@ -371,15 +383,15 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context)
log_info (" id: %s (grip=%s)\n", item->id, item->hexgrip);
if (item->no_cert)
continue; /* no public key yet available */
continue; /* No public key yet available. */
for (p=item->hexgrip, i=0; i < 20; p += 2, i++)
grip[i] = xtoi_2 (p);
if (!agent_key_available (grip))
continue;
continue; /* The key is already available. */
/* unknown - store it */
/* Unknown key - store it. */
rc = agent_card_readkey (ctrl, item->id, &pubkey);
if (rc)
{

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2005-02-14 Werner Koch <wk@g10code.com>
* gpgsm.texi (Certificate Management): Document --import.
2005-01-27 Moritz Schulte <moritz@g10code.com>
* gpg-agent.texi: Document ssh-agent emulation layer.

222
doc/README.W32
View File

@ -1,186 +1,42 @@
README.W32 -*- text -*-
README.W32
============
2004-12-22
This is a binary package with GnuPG for MS-Windows 95, 98, WNT, W2000
and XP. See the file README for generic instructions and usage hints.
This is a precompiled version of gnupg 1.9.14 for MS Windows.
Please see the manual (gnupg.pdf) for the current limitations. Be
aware that this is the first released version and thus bugs are
pretty likely.
A FAQ comes with this package and a probably more recent one can be
found online at http://www.gnupg.org/faq.html. See
http://www.gnupg.org/docs-mls.html for a list of mailing lists. In
particular the list gnupg-users@gnupg.org might be useful to answer
questions - but please read the FAQ first.
Installation directory:
=======================
The installation directory of GnuPG is stored in the Registry under
the key HKEY_LOCAL_MACHINE\Software\GNU\GnuPG with the name "Install
Directory". The installer does not change the PATH environment
variable to include this directory. You might want to do this
manually.
Below the Installation directory, you will find directories named
"Doc", "gnupg.nls" and "Src". The latter will be used for distributed
patched, if any, and to store the source file if they have been
included in this package. The source files usually require further
unpacking using a the TAR utility.
Internationalization support:
=============================
Store the locale id (like "de") into the Registry under the key
HKEY_CURRENT_USER\Software\GNU\GnuPG with the name "Lang". This must
match one of the installed languages files in the directory named
"gnupg.nls" below the installation directory. Note, that the ".mo"
extension is not part of the lcoale id.
Home directory:
===============
GnuPG makes use of a per user home directory to store its keys as well
as configuration files. The default home directory is a directory
named "gnupg" below the application data directory of the user. This
directory will be created if it does not exist. Being only a default,
it may be changed by setting the name of the home directory into the
Registry under the key HKEY_CURRENT_USER\Software\GNU\GnuPG using the
name "HomeDir". If an environment varaibale "GNUPGHOME" exists, this
even overrides the registry setting. The command line option
"--homedir" may be used to override all other settings of the home
directory.
Reporting bugs:
===============
Please check the documentation first before asking or reporting a
bugs. In particular check the archives of the mailing lists (see
www.gnupg.org) and the bug tracking system at http://bugs.gnupg.org
(login is "guest" password is "guest") whether the problem is already
known. Asking on the gnupg-users mailing list is also strongly
encouraged; if you are not subscribed it may some time until a posting
is approved (this is an anti-spam measure). Bug reporting addresses
are listed in the file AUTHORS.
If you want to report a bug or have other problems, always give
detailed description of the problem, the version of GnuPG you used,
the version of the OS, whether it is the official version from
gnupg.org or how you built it. Don't edit error messages - replacing
sensitive information like user IDs, fingerprints and keyids is okay.
If possible, switch to English messages by changing the "Lang" entry
to empty (see under Internationalization support).
How to build GnuPG from the source:
===================================
Until recently all official GnuPG versions have been build using the
Mingw32/CPD kit as available at
ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cqpd-0.3.2.tar.gz .
However, for maintenance reasons we switched to Debian's mingw32 cross
compiler package and that is now the recommended way of building GnuPG
for W32 platforms. It might be possible to build it nativly on a W32
platform but this is not supported. Please don't file any bug reports
if it does not build with any other system than the recommended one.
According to the conditions of the GNU General Public License you
either got the source files with this package, a written offer to send
you the source on demand or the source is available at the same site
you downloaded the binary package. If you downloaded the package from
the official GnuPG site or one of its mirrors, the corresponding
source tarball is available in the sibling directory named gnupg. The
source used to build all versions is always the same and the version
numbers should match. If the version number of the binary package has
a letter suffix, you will find a patch file installed in the "Src"
directory with the changes relative to the generic version.
The source is distributed as a BZIP2 or GZIP compressed tar archive.
See the instructions in file README on how to check the integrity of
that file. Wir a properly setup build environment, you unpack the
tarball change to the created directory and run
$ ./autogen.sh --build-w32
$ make
$ cp g10/gpg*.exe /some_windows_drive/
Building a version with the installer is a bit more complex and
basically works by creating a top directory, unpacking in that top
directory, switching to the gnupg-1.x.y directory, running
"./autogen.sh --build-w32" and "make", switching back to the top
directory, running a "mkdir dist-w32; mkdir iconv", copying the
required iconv files (iconv.dll, README.iconv, COPYING.LIB) into the
iconv directory, running gnupg-1.x.y/scripts/mk-w32-dist and voila,
the installer package will be available in the dist-w32 directory.
Copying:
========
GnuPG is
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005 Free Software Foundation, Inc.
GnuPG is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
GnuPG is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
02111-1307, USA
See the files AUTHORS and THANKS for credits, further legal
information and bug reporting addresses pertaining to GnuPG.
For copying conditions of the GNU LIBICONV library see the file
README.iconv.
Please copy all files to the directory c:\gnupg and follow the
manual instructions.
The installer software used to create the official binary packages for
W32 is NSIS (http://nsis.sourceforge.net/):
Copyright (C) 1999-2005 Nullsoft, Inc.
This license applies to everything in the NSIS package, except where
otherwise noted.
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any
damages arising from the use of this software.
Permission is granted to anyone to use this software for any
purpose, including commercial applications, and to alter it and
redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must
not claim that you wrote the original software. If you use this
software in a product, an acknowledgment in the product
documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must
not be misrepresented as being the original software.
3. This notice may not be removed or altered from any source
distribution.
The user interface used with the installer is
Copyright (C) 2002-2005 Joost Verburg
[It is distributed along with NSIS and the same conditions as stated
above apply]
The term "W32" is used to describe the API used by current Microsoft
Windows versions. We don't use the Microsft terminology here; in
hacker terminology, calling something a "win" is a form of praise.
Keep in mind that Windows ist just a temporary workaround until you
can switch to a complete Free Software system. Be the source always
with you.
This software has been build using Debian's mingw package, version
3.3.1.20030804.1-1. Libraries are all compiled statically, versions
of the used libraries are:
gpg-error-config: 1.1-cvs
libgcrypt-config: 1.2.1-cvs
ksba-config: 0.9.11-cvs
libassuan-config: 0.6.9-cvs
as these are all CVS versions you need to get the from the CVS. See
www.gnupg.org for details. Use 2004-12-22 18:00 UTC as revision
date. The source code of GnuPG itsself is available at
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.14.tar.bz2
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.14.tar.bz2.sig
Building has been done by running the command
./autogen.sh --build-w32
for all these libraries and then for gnupg. The PDF file has been
produced by first converting the logo file to pdf and the running
"make gnupg.pdf" in the doc directory. All executables have been
stripped.
In case of questions please contact us at info@g10code.com or better
write to the mailing list gnupg-devel@gnupg.org.
Thanks,
The g10 Code team

6
doc/gpgsm.texi
View File

@ -190,6 +190,12 @@ a few informational lines are prepended to the output. Note, that the
PKCS#12 format is higly insecure and this command is only provided if
there is no other way to exchange the private key.
@item --import [@var{files}]
@opindex import
Import the certificates from the PEM or binary encoded files as well as
from signed-only messages. This command may also be used to import a
secret key from a PKCS#12 file.
@item --learn-card
@opindex learn-card
Read information about the private keys from the smartcard and import

3
jnlib/ChangeLog
View File

@ -316,7 +316,8 @@ Mon Jan 24 13:04:28 CET 2000 Werner Koch <wk@gnupg.de>
* You may find it source-copied in other packages. *
***********************************************************
Copyright 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
Copyright 2000, 2001, 2002, 2003, 2004,
2005 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without

2
jnlib/argparse.c
View File

@ -904,7 +904,7 @@ strusage( int level )
switch( level ) {
case 11: p = "foo"; break;
case 13: p = "0.0"; break;
case 14: p = "Copyright (C) 2004 Free Software Foundation, Inc."; break;
case 14: p = "Copyright (C) 2005 Free Software Foundation, Inc."; break;
case 15: p =
"This program comes with ABSOLUTELY NO WARRANTY.\n"
"This is free software, and you are welcome to redistribute it\n"