diff --git a/TODO b/TODO index 911841514..b45d74737 100644 --- a/TODO +++ b/TODO @@ -48,6 +48,7 @@ might want to have an agent context for each service request ** Check that all error code mapping is done. ** Remove the inter-module dependencies between gpgsm and keybox ** Add an source_of_key field +** We need an error code GPG_ERR_NOT_LOCKED * agent/gpg-agent.c ** A SIGHUP should also restart the scdaemon diff --git a/agent/minip12.c b/agent/minip12.c index 255fef096..753b5022f 100644 --- a/agent/minip12.c +++ b/agent/minip12.c @@ -91,8 +91,12 @@ static unsigned char const oid_encryptedData[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 }; static unsigned char const oid_pkcs_12_pkcs_8ShroudedKeyBag[11] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02 }; +static unsigned char const oid_pkcs_12_CertBag[11] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x03 }; static unsigned char const oid_pbeWithSHAAnd3_KeyTripleDES_CBC[10] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03 }; +static unsigned char const oid_pbeWithSHAAnd40BitRC2_CBC[10] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x06 }; static unsigned char const oid_rsaEncryption[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 }; @@ -402,11 +406,62 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length, p += DIM(oid_data); n -= DIM(oid_data); - /* fixme: continue parsing */ +#if 0 + where = "bag.encryptedData.keyinfo" + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (!ti.class && ti.tag == TAG_OBJECT_ID + && ti.length == DIM(oid_pbeWithSHAAnd40BitRC2_CBC) + && memcmp (p, oid_pbeWithSHAAnd40BitRC2_CBC, + DIM(oid_pbeWithSHAAnd40BitRC2_CBC))) + { + p += DIM(oid_pbeWithSHAAnd40BitRC2_CBC); + n -= DIM(oid_pbeWithSHAAnd40BitRC2_CBC); + } + else + goto bailout; + + where = "rc2-params"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OCTET_STRING || ti.length != 8 ) + goto bailout; + memcpy (salt, p, 8); + p += 8; + n -= 8; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_INTEGER || !ti.length ) + goto bailout; + for (iter=0; ti.length; ti.length--) + { + iter <<= 8; + iter |= (*p++) & 0xff; + n--; + } + + where = "rc2-ciphertext"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OCTET_STRING || !ti.length ) + goto bailout; + + log_info ("%lu bytes of RC2 encrypted text\n", ti.length); +#endif + + return 0; bailout: - log_error ("encrptedData error at \"%s\", offset %u\n", + log_error ("encryptedData error at \"%s\", offset %u\n", where, (p - buffer)+startoffset); return -1; } @@ -615,8 +670,8 @@ parse_bag_data (const unsigned char *buffer, size_t length, int startoffset, /* Parse a PKCS12 object and return an array of MPI representing the - secret key parameters. This is a very limited inplementation in - that it is only able to look for 3DES encoded enctyptedData and + secret key parameters. This is a very limited implementation in + that it is only able to look for 3DES encoded encryptedData and tries to extract the first private key object it finds. In case of an error NULL is returned. */ gcry_mpi_t * diff --git a/agent/protect-tool.c b/agent/protect-tool.c index e518c5672..d4f945a94 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -648,7 +648,7 @@ import_p12_file (const char *fname) log_printf ("%02X", grip[i]); log_printf ("\n"); - /* convert to canonical encoding */ + /* Convert to canonical encoding. */ buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, NULL, 0); assert (buflen); key = gcry_xmalloc_secure (buflen); diff --git a/doc/ChangeLog b/doc/ChangeLog index 583415cab..39d98b963 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,9 @@ +2004-02-03 Werner Koch + + * contrib.texi (Contributors): Updated from the gpg 1.2.3 thanks + list. + * gpgsm.texi, gpg-agent.texi, scdaemon.texi: Language cleanups. + 2003-12-01 Werner Koch * gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp. diff --git a/doc/assuan.texi b/doc/assuan.texi index fbf513ad8..2e2219263 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -5,7 +5,7 @@ @node Assuan @chapter Description of the Assuan protocol. -The architecture of the modula GnuPG system is based on a couple of +The architecture of the modular GnuPG system is based on a couple of highly specialized modules which make up a network of client server communication. A common framework for intermodule communication is therefore needed and should be implemented in a library. diff --git a/doc/contrib.texi b/doc/contrib.texi index 0b250eecc..035b6c251 100644 --- a/doc/contrib.texi +++ b/doc/contrib.texi @@ -40,23 +40,84 @@ underspecified interfaces. Thomas Koester did extensive testing and tracked down a lot of bugs @item -Werner Koch desgned the system and wrote most of the original code. +Werner Koch designed the system and wrote most of the original code. @end itemize -FIXME: We need to copy a lot of credits from GnupG 1.0 to here. +We'd also like to thank these folks who have contributed a lot of time +and energy working on GnuPG over the years: +David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils +Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and Werner +Koch wrote the code. Birger Langkjer, Daniel Resare, Dokianakis +Theofanis, Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy +Ferenc László, Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz +Aleksander Urbanowicz, Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, +Magda Procha'zkova', Michael Anckaert, Michal Majer, Marco d'Itri, +Nilgun Belma Buguner, Pedro Morais, Tedi Heriyanto, Thiago Jung +Bauermann, Rafael Caetano dos Santos, Toomas Soome, Urko Lusa, Walter +Koch, Yosiaki IIDA did the official translations. Mike Ashley wrote +and maintains the GNU Privacy Handbook. David Scribner is the current +FAQ editor. Lorenzo Cappelletti maintains the web site. -We'd also like to thank the folks who have contributed time and energy in -testing GnuPG: +The following people helped greatly by suggesting improvements, +testing, fixing bugs, providing resources and doing other important +tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand +Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews, +Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian +Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de +Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere, +Christian Kurz, Christian von Roques, Christopher Oliver, Christian +Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave +Dykstra, David C Niemi, David Champion, David Ellement, David +Hallinan, David Hollenberg, David Mathog, David R. Bergstein, Detlef +Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas +Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo +Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish +stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank +Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Gaël +Quéri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni, +Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery +Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger +Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian +McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz +A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von +Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael +Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John +A. Martin, Johnny Teveßen, Jörg Schilling, Jos Backus, Joseph Walton, +Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten +Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde, +Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M +Taylor, Marcel Waldvogel, Marco d'Itri, Marco Parrone, Marcus +Brinkmann, Mark Adler, Mark Elbrecht, Mark Pettit, Markus Friedl, +Martin Kahlert, Martin Hamilton, Martin Schulte, Matt Kraai, Matthew +Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael +Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev, +Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson +H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye, +Oliver Haakert, Oskari Jääskeläinen, Pascal Scheffers, Paul D. Smith, +Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter +Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong, +Ralph Gillen, Rat, Reinhard Wobst, Rémi Guyomarch, Reuben Sumner, +Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann, +Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam +Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge +Munhoven, SL Baur, Stefan Bellon, Dr.Stefan.Dalibor, Stefan Karrmann, +Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven +Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen +Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA +Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen, +Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko +Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann, +Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki +IIDA, Yoshihiro Kajiki and Gerlinde Klaes. -@itemize @bullet -@item -Joe R. Hacker - -@item -And many others -@end itemize +This software has been made possible by the previous work of Chris +Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann +Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson, +Taher ElGamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA +mathematicians and all the folks who have worked hard to create +complete and free operating systems. And finally we'd like to thank everyone who uses these tools, submits bug reports and generally reminds us why we're doing this work in the diff --git a/doc/gnupg.texi b/doc/gnupg.texi index de243a8f7..d85b81ff9 100644 --- a/doc/gnupg.texi +++ b/doc/gnupg.texi @@ -112,7 +112,7 @@ Boston, MA 02111-1307 USA @cindex introduction This manual documents how to use the GNU Privay Guard system as well as -the administartion and the architecture. +the administration and the architecture. @c * Gpg:: Using the OpenPGP protocol. @menu diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 793d093a1..fbab7a17e 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -118,7 +118,9 @@ $ eval `gpg-agent --daemon` @item --options @var{file} @opindex options Reads configuration from @var{file} instead of from the default -per-user configuration file. +per-user configuration file. The default configuration file is named +@file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly +below the home directory of the user. @item -v @item --verbose @@ -224,15 +226,16 @@ control this behaviour but this command line option takes precedence. Set the time a cache entry is valid to @var{n} seconds. The default are 600 seconds. -@item --pinentry-program @var{path} +@item --pinentry-program @var{filename} @opindex pinentry-program -Use program @var{path} as the PIN entry. The default is installation +Use program @var{filename} as the PIN entry. The default is installation dependend and can be shown with the @code{--version} command. -@item --scdaemon-program @var{path} +@item --scdaemon-program @var{filename} @opindex scdaemon-program -Use program @var{path} as the Smartcard daemon. The default is installation -dependend and can be shown with the @code{--version} command. +Use program @var{filename} as the Smartcard daemon. The default is +installation dependend and can be shown with the @code{--version} +command. @item --display @var{string} diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 6695eef67..1c8b3071b 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -98,11 +98,12 @@ Run in server mode and wait for commands on the @code{stdin}. @opindex call-dirmngr Behave as a Dirmngr client issuing the request @var{command} with the optional list of @var{args}. The output of the Dirmngr is printed -stdout. Please note that filenames given as arguments should have an -absulte path because they are passed verbatim to the Dirmngr and the -working directory of the Dirmngr might not be the same as the one of -this client. Currently it is not possible to pass data via stdin to the -Dirmngr. @var{command} should not contain spaces. +stdout. Please note that file names given as arguments should have an +absulte file name (i.e. commencing with @code{/} because they are +passed verbatim to the Dirmngr and the working directory of the +Dirmngr might not be the same as the one of this client. Currently it +is not possible to pass data via stdin to the Dirmngr. @var{command} +should not contain spaces. This is command is required for certain maintaining tasks of the dirmngr where a dirmngr must be able to call back to gpgsm. See the Dirmngr @@ -193,7 +194,9 @@ in the option file. @item --options @var{file} @opindex options Reads configuration from @var{file} instead of from the default -per-user configuration file. +per-user configuration file. The default configuration file is named +@file{gpgsm.conf} and expected in the @file{.gnupg} directory directly +below the home directory of the user. @item -v @item --verbose @@ -299,7 +302,7 @@ secret key found in the database. @opindex with-key-data Displays extra information with the @code{--list-keys} commands. Especially a line tagged @code{grp} is printed which tells you the keygrip of a -key. This string is for example used as the filename of the +key. This string is for example used as the file name of the secret key. @end table @@ -360,10 +363,10 @@ usual C-Syntax. The currently defined bits are: @opindex debug-all Same as @code{--debug=0xffffffff} -@item --debug-no-path-validation -@opindex debug-no-path-validation +@item --debug-no-chain-validation +@opindex debug-no-chain-validation This is actually not a debugging option but only useful as such. It -lets gpgsm bypass all certificate path validation checks. +lets gpgsm bypass all certificate chain validation checks. @end table diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index e62146837..5a5a1af6a 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -76,7 +76,9 @@ This is mainly a debugging command, used to print the ATR @item --options @var{file} @opindex options Reads configuration from @var{file} instead of from the default -per-user configuration file. +per-user configuration file. The default configuration file is named +@file{scdaemon.conf} and expected in the @file{.gnupg} directory directly +below the home directory of the user. @item -v @item --verbose diff --git a/sm/import.c b/sm/import.c index 20413b92c..132b7403e 100644 --- a/sm/import.c +++ b/sm/import.c @@ -214,7 +214,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd) { rc = gpg_error (gpg_err_code_from_errno (errno)); log_error ("fdopen() failed: %s\n", strerror (errno)); - q goto leave; + goto leave; } rc = gpgsm_create_reader (&b64reader, ctrl, fp, &reader);