From cf8f6d3cefd3ed45bac7f944c03319746277c292 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 22 Feb 2005 18:08:28 +0000 Subject: [PATCH] (stream_read_string): Removed call to abort on memory error because the CVS version of libgcrypt makes sure that ERRNO gets always set on error even with a faulty user supplied function. --- TODO | 2 + agent/ChangeLog | 7 ++ agent/call-scd.c | 2 +- agent/command-ssh.c | 13 +-- agent/learncard.c | 28 ++++-- doc/ChangeLog | 4 + doc/README.W32 | 222 ++++++++------------------------------------ doc/gpgsm.texi | 6 ++ jnlib/ChangeLog | 3 +- jnlib/argparse.c | 2 +- 10 files changed, 87 insertions(+), 202 deletions(-) diff --git a/TODO b/TODO index 7a2292bd6..2aace782f 100644 --- a/TODO +++ b/TODO @@ -54,6 +54,8 @@ might want to have an agent context for each service request ** A SIGHUP should also restart the scdaemon But do this only after all connections terminated. As of now we only send a RESET. +** Watch the child process if not invoked as a daemon + and terminate after the child has terminated * agent/command.c ** Make sure that secure memory is used where appropriate diff --git a/agent/ChangeLog b/agent/ChangeLog index f9064e46b..420dc6368 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,10 @@ +2005-02-22 Werner Koch + + * command-ssh.c (stream_read_string): Removed call to abort on + memory error because the CVS version of libgcrypt makes sure + that ERRNO gets always set on error even with a faulty user + supplied function. + 2005-02-19 Moritz Schulte * command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do diff --git a/agent/call-scd.c b/agent/call-scd.c index 619a549f9..bffdbcbad 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -296,7 +296,7 @@ learn_status_cb (void *opaque, const char *line) return 0; } -/* Perform the learn command and return a list of all private keys +/* Perform the LEARN command and return a list of all private keys stored on the card. */ int agent_card_learn (ctrl_t ctrl, diff --git a/agent/command-ssh.c b/agent/command-ssh.c index fbd296ea6..1719602f2 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -215,15 +215,12 @@ static ssh_key_type_spec_t ssh_key_types[] = - - - /* General utility functions. */ /* A secure realloc, i.e. it makes sure to allocate secure memory if A - is NULL. This is required becuase the standard gcry_realloc does + is NULL. This is required because the standard gcry_realloc does not know whether to allocate secure or normal if NULL is passed as existing buffer. */ static void * @@ -419,9 +416,7 @@ stream_read_string (estream_t stream, unsigned int secure, buffer = xtrymalloc (length + 1); if (! buffer) { - /* FIXME: xtrymalloc_secure does not set errno, does it? */ err = gpg_error_from_errno (errno); - abort (); goto out; } @@ -1530,6 +1525,8 @@ ssh_handler_request_identities (ctrl_t ctrl, free (key_directory); xfree (key_path); xfree (buffer); + /* FIXME: Ist is for sure is a Bad Thing to use the const qualifier + and later cast it away. You can't do that!!! */ xfree ((void *) key_type); /* FIXME? */ return ret_err; @@ -2159,7 +2156,7 @@ ssh_lock (void) gpg_error_t err; /* FIXME */ - log_error (_("lock command is not implemented\n")); + log_error ("ssh-agent's lock command is not implemented\n"); err = 0; return err; @@ -2170,7 +2167,7 @@ ssh_unlock (void) { gpg_error_t err; - log_error (_("unlock command is not implemented\n")); + log_error ("ssh-agent's unlock command is not implemented\n"); err = 0; return err; diff --git a/agent/learncard.c b/agent/learncard.c index 76e8986f8..7dcacee28 100644 --- a/agent/learncard.c +++ b/agent/learncard.c @@ -31,11 +31,16 @@ #include "agent.h" #include +/* Structures used by the callback mechanism to convey information + pertaining to key pairs. */ struct keypair_info_s { struct keypair_info_s *next; int no_cert; - char *id; /* points into grip */ - char hexgrip[1]; + char *id; /* points into grip */ + char hexgrip[1]; /* The keygrip (i.e. a hash over the public key + parameters) formatted as a hex string. + Allocated somewhat large to also act as + memeory for the above ID field. */ }; typedef struct keypair_info_s *KEYPAIR_INFO; @@ -45,6 +50,9 @@ struct kpinfo_cb_parm_s { }; + +/* Structures used by the callback mechanism to convey information + pertaining to certificates. */ struct certinfo_s { struct certinfo_s *next; int type; @@ -59,6 +67,8 @@ struct certinfo_cb_parm_s { }; +/* Structures used by the callback mechanism to convey assuan status + lines. */ struct sinfo_s { struct sinfo_s *next; char *data; /* Points into keyword. */ @@ -72,7 +82,7 @@ struct sinfo_cb_parm_s { }; - +/* Destructor for key information objects. */ static void release_keypair_info (KEYPAIR_INFO info) { @@ -84,6 +94,7 @@ release_keypair_info (KEYPAIR_INFO info) } } +/* Destructor for certificate information objects. */ static void release_certinfo (CERTINFO info) { @@ -95,6 +106,7 @@ release_certinfo (CERTINFO info) } } +/* Destructor for status information objects. */ static void release_sinfo (SINFO info) { @@ -285,7 +297,7 @@ send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context) } /* Perform the learn operation. If ASSUAN_CONTEXT is not NULL all new - certificates are send via Assuan */ + certificates are send back via Assuan. */ int agent_handle_learn (ctrl_t ctrl, void *assuan_context) { @@ -317,7 +329,7 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) if (rc) goto leave; - /* now gather all the available info */ + /* Now gather all the available info. */ rc = agent_card_learn (ctrl, kpinfo_cb, &parm, certinfo_cb, &cparm, sinfo_cb, &sparm); if (!rc && (parm.error || cparm.error || sparm.error)) @@ -371,15 +383,15 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context) log_info (" id: %s (grip=%s)\n", item->id, item->hexgrip); if (item->no_cert) - continue; /* no public key yet available */ + continue; /* No public key yet available. */ for (p=item->hexgrip, i=0; i < 20; p += 2, i++) grip[i] = xtoi_2 (p); if (!agent_key_available (grip)) - continue; + continue; /* The key is already available. */ - /* unknown - store it */ + /* Unknown key - store it. */ rc = agent_card_readkey (ctrl, item->id, &pubkey); if (rc) { diff --git a/doc/ChangeLog b/doc/ChangeLog index fa61b0466..49e8b026f 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2005-02-14 Werner Koch + + * gpgsm.texi (Certificate Management): Document --import. + 2005-01-27 Moritz Schulte * gpg-agent.texi: Document ssh-agent emulation layer. diff --git a/doc/README.W32 b/doc/README.W32 index 18f745d9c..6417e90cb 100644 --- a/doc/README.W32 +++ b/doc/README.W32 @@ -1,186 +1,42 @@ -README.W32 -*- text -*- + README.W32 + ============ + 2004-12-22 -This is a binary package with GnuPG for MS-Windows 95, 98, WNT, W2000 -and XP. See the file README for generic instructions and usage hints. + This is a precompiled version of gnupg 1.9.14 for MS Windows. + Please see the manual (gnupg.pdf) for the current limitations. Be + aware that this is the first released version and thus bugs are + pretty likely. -A FAQ comes with this package and a probably more recent one can be -found online at http://www.gnupg.org/faq.html. See -http://www.gnupg.org/docs-mls.html for a list of mailing lists. In -particular the list gnupg-users@gnupg.org might be useful to answer -questions - but please read the FAQ first. - - -Installation directory: -======================= - -The installation directory of GnuPG is stored in the Registry under -the key HKEY_LOCAL_MACHINE\Software\GNU\GnuPG with the name "Install -Directory". The installer does not change the PATH environment -variable to include this directory. You might want to do this -manually. - -Below the Installation directory, you will find directories named -"Doc", "gnupg.nls" and "Src". The latter will be used for distributed -patched, if any, and to store the source file if they have been -included in this package. The source files usually require further -unpacking using a the TAR utility. - - -Internationalization support: -============================= - -Store the locale id (like "de") into the Registry under the key -HKEY_CURRENT_USER\Software\GNU\GnuPG with the name "Lang". This must -match one of the installed languages files in the directory named -"gnupg.nls" below the installation directory. Note, that the ".mo" -extension is not part of the lcoale id. - - -Home directory: -=============== - -GnuPG makes use of a per user home directory to store its keys as well -as configuration files. The default home directory is a directory -named "gnupg" below the application data directory of the user. This -directory will be created if it does not exist. Being only a default, -it may be changed by setting the name of the home directory into the -Registry under the key HKEY_CURRENT_USER\Software\GNU\GnuPG using the -name "HomeDir". If an environment varaibale "GNUPGHOME" exists, this -even overrides the registry setting. The command line option -"--homedir" may be used to override all other settings of the home -directory. - - -Reporting bugs: -=============== - -Please check the documentation first before asking or reporting a -bugs. In particular check the archives of the mailing lists (see -www.gnupg.org) and the bug tracking system at http://bugs.gnupg.org -(login is "guest" password is "guest") whether the problem is already -known. Asking on the gnupg-users mailing list is also strongly -encouraged; if you are not subscribed it may some time until a posting -is approved (this is an anti-spam measure). Bug reporting addresses -are listed in the file AUTHORS. - -If you want to report a bug or have other problems, always give -detailed description of the problem, the version of GnuPG you used, -the version of the OS, whether it is the official version from -gnupg.org or how you built it. Don't edit error messages - replacing -sensitive information like user IDs, fingerprints and keyids is okay. -If possible, switch to English messages by changing the "Lang" entry -to empty (see under Internationalization support). - - -How to build GnuPG from the source: -=================================== - -Until recently all official GnuPG versions have been build using the -Mingw32/CPD kit as available at -ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cqpd-0.3.2.tar.gz . -However, for maintenance reasons we switched to Debian's mingw32 cross -compiler package and that is now the recommended way of building GnuPG -for W32 platforms. It might be possible to build it nativly on a W32 -platform but this is not supported. Please don't file any bug reports -if it does not build with any other system than the recommended one. - -According to the conditions of the GNU General Public License you -either got the source files with this package, a written offer to send -you the source on demand or the source is available at the same site -you downloaded the binary package. If you downloaded the package from -the official GnuPG site or one of its mirrors, the corresponding -source tarball is available in the sibling directory named gnupg. The -source used to build all versions is always the same and the version -numbers should match. If the version number of the binary package has -a letter suffix, you will find a patch file installed in the "Src" -directory with the changes relative to the generic version. - -The source is distributed as a BZIP2 or GZIP compressed tar archive. -See the instructions in file README on how to check the integrity of -that file. Wir a properly setup build environment, you unpack the -tarball change to the created directory and run - - $ ./autogen.sh --build-w32 - $ make - $ cp g10/gpg*.exe /some_windows_drive/ - -Building a version with the installer is a bit more complex and -basically works by creating a top directory, unpacking in that top -directory, switching to the gnupg-1.x.y directory, running -"./autogen.sh --build-w32" and "make", switching back to the top -directory, running a "mkdir dist-w32; mkdir iconv", copying the -required iconv files (iconv.dll, README.iconv, COPYING.LIB) into the -iconv directory, running gnupg-1.x.y/scripts/mk-w32-dist and voila, -the installer package will be available in the dist-w32 directory. - - -Copying: -======== - -GnuPG is - - Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, - 2005 Free Software Foundation, Inc. - - GnuPG is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - GnuPG is distributed in the hope that it will be useful, but WITHOUT - ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA - 02111-1307, USA - -See the files AUTHORS and THANKS for credits, further legal -information and bug reporting addresses pertaining to GnuPG. - -For copying conditions of the GNU LIBICONV library see the file -README.iconv. + Please copy all files to the directory c:\gnupg and follow the + manual instructions. -The installer software used to create the official binary packages for -W32 is NSIS (http://nsis.sourceforge.net/): - - Copyright (C) 1999-2005 Nullsoft, Inc. - - This license applies to everything in the NSIS package, except where - otherwise noted. - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any - damages arising from the use of this software. - - Permission is granted to anyone to use this software for any - purpose, including commercial applications, and to alter it and - redistribute it freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must - not claim that you wrote the original software. If you use this - software in a product, an acknowledgment in the product - documentation would be appreciated but is not required. - - 2. Altered source versions must be plainly marked as such, and must - not be misrepresented as being the original software. - - 3. This notice may not be removed or altered from any source - distribution. - -The user interface used with the installer is - - Copyright (C) 2002-2005 Joost Verburg - - [It is distributed along with NSIS and the same conditions as stated - above apply] - - -The term "W32" is used to describe the API used by current Microsoft -Windows versions. We don't use the Microsft terminology here; in -hacker terminology, calling something a "win" is a form of praise. -Keep in mind that Windows ist just a temporary workaround until you -can switch to a complete Free Software system. Be the source always -with you. + This software has been build using Debian's mingw package, version + 3.3.1.20030804.1-1. Libraries are all compiled statically, versions + of the used libraries are: + + gpg-error-config: 1.1-cvs + libgcrypt-config: 1.2.1-cvs + ksba-config: 0.9.11-cvs + libassuan-config: 0.6.9-cvs + + as these are all CVS versions you need to get the from the CVS. See + www.gnupg.org for details. Use 2004-12-22 18:00 UTC as revision + date. The source code of GnuPG itsself is available at + ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.14.tar.bz2 + ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.14.tar.bz2.sig + + Building has been done by running the command + + ./autogen.sh --build-w32 + + for all these libraries and then for gnupg. The PDF file has been + produced by first converting the logo file to pdf and the running + "make gnupg.pdf" in the doc directory. All executables have been + stripped. + + In case of questions please contact us at info@g10code.com or better + write to the mailing list gnupg-devel@gnupg.org. + + Thanks, + + The g10 Code team diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 1e7368041..09fd7d660 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -190,6 +190,12 @@ a few informational lines are prepended to the output. Note, that the PKCS#12 format is higly insecure and this command is only provided if there is no other way to exchange the private key. +@item --import [@var{files}] +@opindex import +Import the certificates from the PEM or binary encoded files as well as +from signed-only messages. This command may also be used to import a +secret key from a PKCS#12 file. + @item --learn-card @opindex learn-card Read information about the private keys from the smartcard and import diff --git a/jnlib/ChangeLog b/jnlib/ChangeLog index 0c82c8724..f308a7ea3 100644 --- a/jnlib/ChangeLog +++ b/jnlib/ChangeLog @@ -316,7 +316,8 @@ Mon Jan 24 13:04:28 CET 2000 Werner Koch * You may find it source-copied in other packages. * *********************************************************** - Copyright 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright 2000, 2001, 2002, 2003, 2004, + 2005 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/jnlib/argparse.c b/jnlib/argparse.c index de828e8ce..485c60786 100644 --- a/jnlib/argparse.c +++ b/jnlib/argparse.c @@ -904,7 +904,7 @@ strusage( int level ) switch( level ) { case 11: p = "foo"; break; case 13: p = "0.0"; break; - case 14: p = "Copyright (C) 2004 Free Software Foundation, Inc."; break; + case 14: p = "Copyright (C) 2005 Free Software Foundation, Inc."; break; case 15: p = "This program comes with ABSOLUTELY NO WARRANTY.\n" "This is free software, and you are welcome to redistribute it\n"