* common/dns-cert.h: Move to ../dirmngr/.
* common/dns-cert.c: Move to ../dirmngr/. Change args to return the
key as a buffer.
* common/t-dns-cert.c: Move to ../dirmngr/.
* common/pka.c, common/pka.h, common/t-pka.c: Remove.
* dirmngr/server.c (data_line_cookie_write): Factor code out to
data_line_write and make it a wrapper for that.
(data_line_write): New.
(cmd_dns_cert): New.
(register_commands): Register new command.
* g10/Makefile.am (LDADD): Remove DNSLIBS.
* g10/call-dirmngr.c (dns_cert_parm_s): New.
(dns_cert_data_cb, dns_cert_status_cb): New.
(gpg_dirmngr_dns_cert): New.
(gpg_dirmngr_get_pka): New.
* g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
* g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
gpg_dirmngr_dns_cert.
(keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
* g10/mainproc.c: Include call-dirmngr.h.
(pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
gpg_dirmngr_get_pka.
--
With this patch gpg does not do any network access itself but uses
dirmngr for that. Note that we need to keep linking to NETLIBS due to
the logging code and because we need TCP for our socket emulation
under Windows. Probably also required for Solaris etc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/convert.c (hex2str): Set ERRNO. Return adjusted COUNT.
--
hex2str is only used at one place for in-place converting an hex
encoded passphrase. This change does not affect this use. The change
is however useful to use the function for in-place conversion of
arbitrary hex encoded strings.
Take care for in-place conversion of a hex string encoding binary data
you need to use it this way:
if (hex2str (string, string, strlen (string) + 1, &length)
oops ("probably out of memory but see ERRNO");
for (i=0; i < length; i++)
foo (string[i));
Note that strlen() + 1.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/Makefile.am (t_jnlib_src): Remove t-support.c.
--
Since test programs are linked to libgcrypt and libgpg-error, there
is no need to include t-support.c.
GnuPG-bug-id: 1862, 1915
* g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done.
(create_context): Move keyserver setting to ...
(open_context): here.
(clear_context_flags): New.
(gpg_dirmngr_ks_get): Add arg override_keyserver.
* g10/keyserver.c (keyserver_refresh): Improve diagnostics.
(keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get.
--
It used to ignore the given server but showed a diagnostics that it
will be used.
* g10/options.h (KEYSERVER_HTTP_PROXY): New.
(KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
(KEYSERVER_TIMEOUT): New.
* common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
* g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
and "keep-temp-files". Add "http-proxy" and "timeout".
(parse_keyserver_options): Remove 1.2 compatibility option
"honor-http_proxy". Remove "use-temp-files" and "keep-temp-files"
code.
--
Note that many of these options where implicitly used by passing any
unknown option down to the former keyserver helpers. The don't exist
anymore thus we need to make them explicit. Another patch will convey
them to dirmngr. Temp files are not anymore used thus they can be
removed and will be ignored when used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (agent_askpin): Add args keyinfo and
cache_mode. Change all callers to pass (NULL,0) for them. Send
SETKEYINFO command.
* agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
the new args.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
* scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
* scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard.
(struct ccid_driver_s): New field of max_ccid_msglen.
Remove ifsd field.
(parse_ccid_descriptor): Initialize max_ccid_msglen.
(ccid_transceive_apdu_level): Implement sending extended APDU in
chain of CCID message.
--
With this patch, we won't need PC/SC library/service any more.
GnuPG-bug-id: 1947
* g10/free-packet.c (my_mpi_copy): New.
(copy_public_key, copy_signature): Use instead of mpi_copy.
--
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/Makefile.am (dirmngr_SOURCES): Only include
ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP
is TRUE.
(module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE.
* dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
* dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1949
* common/gettime.c (gnupg_gmtime): New.
(gnupg_get_isotime): Use it. Also take care of an gmtime_t returning
an error.
--
The fix in gnupg_get_isotime is only to cover up a theoretical broken
time (e.g. a value of (time_t)(-2) which is not mapped beyond 2038 on
32 bit systems).
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gettime.c (isotime_human_p): Add arg date_only.
(isodate_human_to_tm): New.
* common/t-gettime.c (test_isodate_human_to_tm): New.
(main): Call new test.
--
This function in intended as replacement for
strptime (foo, "%Y-%m-%d", &bar)
which is not available under Windows.
* tools/rfc822parse.c (parse_field): Replace break by goto.
--
Brown paper bag bug: Changing an IF to a WHILE inside another loop
requires to fix the inner break.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/rfc822parse.c (parse_field): Loop after continuation line.
--
Using header lines like
Name:[lf]
[space][lf]
[lf]
resulted in running into the "(s2 = strchr (delimiters2, *s)" branch
and inserting a new token for the empty continuation line. This also
led to one byte read after the string which is what Hanno figured.
The new code should handle empty continuation lines correct.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command.
--
This bug has been here since the code was written. The commit message
for commit 2d0ca28a22 actually had the
warning that the code has not been tested. Now the funny thing is
that when the code was backported to the 2.0 branch just a few minutes
later that typo was fixed en passant in that branch.
* g10/keylist.c (struct sig_stats): Rename to keylist_context and add
field check_sigs.
(keylist_context_release): New.
(list_all): Set listctx.check_sigs and call release func.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_print): Use .check_sigs field. Repalce arg opaque by
listctx.
(list_keyblock): Ditto. Make static.
(list_keyblock_direct): New.
* g10/keygen.c (do_generate_keypair): Replace list_keyblock by
list_keyblock_direct.
--
This is in preparation for the server mode and for a patch to speed up
--list-sigs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oDebugIOLBF): new.
(opts): Add --debug-iolbf.
(main): Set option.
--
This option is convenient for debugging to make sure that debug output
to stderr is synced with output to stdout.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
* g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
et al.
--
Due to the missing length checks PKTLEN may turn negative. Because
PKTLEN is an unsigned int the malloc in read_rest would try to malloc
a too large number and terminate the process with "error reading rest
of packet: Cannot allocate memory".
Reported-by: Hanno Böck.
Signed-off-by: Werner Koch <wk@gnupg.org>
g10/call-agent.h (agent_scd_learn): Add FORCE option.
g10/call-agent.c (agent_scd_learn): Implement FORCE option.
g10/keygen.c (gen_card_key): Follow the change of option.
g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
g10/keyedit.c (keyedit_menu): Update private key storage by
agent_scd_learn.
--
This is not a perfect solution since there is a possibility user
unplug card before quitting 'gpg --keyedit' session. Usually,
it works well.
GnuPG-bug-id: 1846
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return
GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource
leak.
(ks_ldap_search): Check error from es_fopenmem. Use LDAP_ERR where
required.
(modlist_dump): Check error from es_fopenmem.
(uncescape): s/int/size_t/. Use existing macros.
(extract_attributes): Use existing trim function.
(ks_ldap_put): Do not segv on error from modlist_dump.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
(ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
(tm2ldaptime): Use snprintf.
(ldap_connect): Get error code prior to log_error and and use modern
function. Use xfree, xtrustrdup etc.
(modlist_lookup): Use GNUPG_GCC_A_USED.
(modlist_free): Use xfree.
--
sprintf has been replaced by snprintf to avoid warnings on some
platforms.
xfree et al. is required so that replacement functions are
used if defined. For example the Libgcrypt functions which may not be
fully compatible with standard free.
Impossible conditions should use GPG_ERR_INTERNAL.
Signed-off-by: Werner Koch <wk@gnupg.org>
