[git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-136-g31f548a
by Werner Koch
cvs at cvs.gnupg.org
Wed Nov 30 18:57:51 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 31f548a18aed729c05ea367f2d8a8104480430d5 (commit)
via 8cf2356fa8aa1dda644314e6e656b3df1586e297 (commit)
via 6d5bb8e79dcee868e823de2c4e9d0ec9a9308dda (commit)
via d24f41641f5a7c3a9be2a6e585a7e2e5031c01d7 (commit)
via 9dc89de7a840c4a210e64b402094235a72e1c921 (commit)
via 295b9e29c5f8fa49a767f9404aaca0afa1f31683 (commit)
via f95cb909ba505f03ce81816c23dd58718b8cb6e6 (commit)
via 982105f1ce85c92482def1d66f1f44e438ae5ab6 (commit)
from 751d452116607eb5ddcbea970b6f24c7a427620e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 31f548a18aed729c05ea367f2d8a8104480430d5
Author: Werner Koch <wk at gnupg.org>
Date: Wed Nov 30 17:14:08 2011 +0100
Rewrite dns-cert.c to not use the gpg-only iobuf stuff.
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg. Change
iobuf arg to a estream-t. Rewrite function to make use of estream
instead of iobuf. Require all parameters. Return an gpg_error_t
error instead of the type. Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
diff --git a/common/ChangeLog b/common/ChangeLog
index d5682fc..96e4e31 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,3 +1,18 @@
+2011-11-30 Werner Koch <wk at gnupg.org>
+
+ Rewrite dns-cert.c to not use the gpg-only iobuf stuff.
+ * dns-cert.c: Remove iobuf.h.
+ (get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg.
+ Change iobuf arg to a estream-t. Rewrite function to make use of
+ estream instead of iobuf. Require all parameters. Return an
+ gpg_error_t error instead of the type. Add arg ERRSOURCE.
+ * dns-cert.h (get_dns_cert): New macro to pass the error source to
+ _gpg_dns_cert.
+ * t-dns-cert.c (main): Adjust for changes in get_dns_cert.
+
+ * estream.c (es_fopenmem_init): New.
+ * estream.h (es_fopenmem_init): New.
+
2011-11-29 Werner Koch <wk at g10code.com>
* estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is
diff --git a/common/dns-cert.c b/common/dns-cert.c
index 9b6c6c8..56af13a 100644
--- a/common/dns-cert.c
+++ b/common/dns-cert.c
@@ -37,7 +37,6 @@
#endif
#include "util.h"
-#include "iobuf.h"
#include "dns-cert.h"
/* Not every installation has gotten around to supporting CERTs
@@ -63,48 +62,58 @@
#define CERTTYPE_OID 254 /* OID private. */
-/* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for
- IPGP provided. Note that this function returns the first CERT
- found with a supported type; it is expected that only one CERT
- record is used. */
-int
-get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
- unsigned char **fpr, size_t * fpr_len, char **url)
+/* Returns 0 on success or an error code. If a PGP CERT record was
+ found, a new estream with that key will be returned at R_KEY and
+ the other return parameters are set to NULL/0. If an IPGP CERT
+ record was found the fingerprint is stored as an allocated block at
+ R_FPR and its length at R_FPRLEN; an URL is is allocated as a
+ string and returned at R_URL. Note that this function returns the
+ first CERT found with a supported type; it is expected that only
+ one CERT record is used. */
+gpg_error_t
+_get_dns_cert (const char *name, estream_t *r_key,
+ unsigned char **r_fpr, size_t *r_fprlen, char **r_url,
+ gpg_err_source_t errsource)
{
#ifdef USE_DNS_CERT
#ifdef USE_ADNS
+ gpg_error_t err;
adns_state state;
adns_answer *answer = NULL;
- int rc;
unsigned int ctype;
int count;
- rc = adns_init (&state, adns_if_noerrprint, NULL);
- if (rc)
+ *r_key = NULL;
+ *r_fpr = NULL;
+ *r_fprlen = 0;
+ *r_url = NULL;
+
+ if (adns_init (&state, adns_if_noerrprint, NULL))
{
+ err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
log_error ("error initializing adns: %s\n", strerror (errno));
- return -1;
+ return err;
}
- rc = adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert),
- adns_qf_quoteok_query, &answer);
- if (rc)
+ if (adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert),
+ adns_qf_quoteok_query, &answer))
{
+ err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
/* log_error ("DNS query failed: %s\n", strerror (errno)); */
adns_finish (state);
- return -1;
+ return err;
}
if (answer->status != adns_s_ok)
{
/* log_error ("DNS query returned an error: %s (%s)\n", */
/* adns_strerror (answer->status), */
/* adns_errabbrev (answer->status)); */
- adns_free (answer);
- adns_finish (state);
- return 0;
+ err = gpg_err_make (errsource, GPG_ERR_NOT_FOUND);
+ goto leave;
}
- for (rc = 0, count = 0; !rc && count < answer->nrrs; count++)
+ err = gpg_err_make (errsource, GPG_ERR_NOT_FOUND);
+ for (count = 0; count < answer->nrrs; count++)
{
int datalen = answer->rrs.byteblock[count].len;
const unsigned char *data = answer->rrs.byteblock[count].data;
@@ -121,8 +130,12 @@ get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
{
/* CERT type is PGP. Gpg checks for a minimum length of 11,
thus we do the same. */
- *iobuf = iobuf_temp_with_content ((char *)data, datalen);
- rc = 1;
+ *r_key = es_fopenmem_init (0, "rwb", data, datalen);
+ if (!*r_key)
+ err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
+ else
+ err = 0;
+ goto leave;
}
else if (ctype == CERTTYPE_IPGP && datalen && datalen < 1023
&& datalen >= data[0] + 1 && fpr && fpr_len && url)
@@ -130,50 +143,68 @@ get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
/* CERT type is IPGP. We made sure that the data is
plausible and that the caller requested this
information. */
- *fpr_len = data[0];
- if (*fpr_len)
+ *r_fprlen = data[0];
+ if (*r_fprlen)
{
- *fpr = xmalloc (*fpr_len);
- memcpy (*fpr, data + 1, *fpr_len);
+ *r_fpr = xtrymalloc (*r_fprlen);
+ if (!*r_fpr)
+ {
+ err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
+ goto leave;
+ }
+ memcpy (*r_fpr, data + 1, *r_fprlen);
}
else
- *fpr = NULL;
+ *r_fpr = NULL;
- if (datalen > *fpr_len + 1)
+ if (datalen > *r_fprlen + 1)
{
- *url = xmalloc (datalen - (*fpr_len + 1) + 1);
- memcpy (*url, data + (*fpr_len + 1), datalen - (*fpr_len + 1));
- (*url)[datalen - (*fpr_len + 1)] = '\0';
+ *url = xtrymalloc (datalen - (*r_fprlen + 1) + 1);
+ if (!*r_url)
+ {
+ err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
+ xfree (*r_fpr);
+ *r_fpr = NULL;
+ goto leave;
+ }
+ memcpy (*url, data + (*r_fprlen + 1), datalen - (*r_fprlen + 1));
+ (*url)[datalen - (*r_fprlen + 1)] = '\0';
}
else
- *url = NULL;
+ *r_url = NULL;
- rc = 2;
+ err = 0;
+ goto leave;
}
}
+ leave:
adns_free (answer);
adns_finish (state);
- return rc;
+ return err;
#else /*!USE_ADNS*/
+ gpg_error_t err;
unsigned char *answer;
- int ret = -1;
int r;
u16 count;
- if (fpr)
- *fpr = NULL;
+ *r_key = NULL;
+ *r_fpr = NULL;
+ *r_fprlen = 0;
+ *r_url = NULL;
- if (url)
- *url = NULL;
+ /* Allocate a 64k buffer which is the limit for an DNS response. */
+ answer = xtrymalloc (65536);
+ if (!answer)
+ return gpg_err_make (errsource, gpg_err_code_from_syserror ());
- answer = xmalloc (max_size);
+ err = gpg_err_make (errsource, GPG_ERR_NOT_FOUND);
- r = res_query (name, C_IN, T_CERT, answer, max_size);
+ r = res_query (name, C_IN, T_CERT, answer, 65536);
/* Not too big, not too small, no errors and at least 1 answer. */
- if (r >= sizeof (HEADER) && r <= max_size
+ if (r >= sizeof (HEADER) && r <= 65536
&& (((HEADER *) answer)->rcode) == NOERROR
&& (count = ntohs (((HEADER *) answer)->ancount)))
{
@@ -188,8 +219,10 @@ get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
rc = dn_skipname (pt, emsg);
if (rc == -1)
- goto fail;
-
+ {
+ err = gpg_err_make (errsource, GPG_ERR_INV_OBJ);
+ goto leave;
+ }
pt += rc + QFIXEDSZ;
/* There are several possible response types for a CERT request.
@@ -204,7 +237,10 @@ get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
rc = dn_skipname (pt, emsg); /* the name we just queried for */
if (rc == -1)
- break;
+ {
+ err = gpg_err_make (errsource, GPG_ERR_INV_OBJ);
+ goto leave;
+ }
pt += rc;
@@ -248,39 +284,54 @@ get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
/* 15 bytes takes us to here */
- if (ctype == CERTTYPE_PGP && iobuf && dlen)
+ if (ctype == CERTTYPE_PGP && dlen)
{
/* PGP type */
- *iobuf = iobuf_temp_with_content ((char *) pt, dlen);
- ret = 1;
- break;
+ *r_key = es_fopenmem_init (0, "rwb", pt, dlen);
+ if (!*r_key)
+ err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
+ else
+ err = 0;
+ goto leave;
}
else if (ctype == CERTTYPE_IPGP
- && dlen && dlen < 1023 && dlen >= pt[0] + 1
- && fpr && fpr_len && url)
+ && dlen && dlen < 1023 && dlen >= pt[0] + 1)
{
/* IPGP type */
- *fpr_len = pt[0];
-
- if (*fpr_len)
+ *r_fprlen = pt[0];
+ if (*r_fprlen)
{
- *fpr = xmalloc (*fpr_len);
- memcpy (*fpr, &pt[1], *fpr_len);
+ *r_fpr = xtrymalloc (*r_fprlen);
+ if (!*r_fpr)
+ {
+ err = gpg_err_make (errsource,
+ gpg_err_code_from_syserror ());
+ goto leave;
+ }
+ memcpy (*r_fpr, &pt[1], *r_fprlen);
}
else
- *fpr = NULL;
+ *r_fpr = NULL;
- if (dlen > *fpr_len + 1)
+ if (dlen > *r_fprlen + 1)
{
- *url = xmalloc (dlen - (*fpr_len + 1) + 1);
- memcpy (*url, &pt[*fpr_len + 1], dlen - (*fpr_len + 1));
- (*url)[dlen - (*fpr_len + 1)] = '\0';
+ *r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
+ if (!*r_fpr)
+ {
+ err = gpg_err_make (errsource,
+ gpg_err_code_from_syserror ());
+ xfree (*r_fpr);
+ *r_fpr = NULL;
+ goto leave;
+ }
+ memcpy (*r_url, &pt[*r_fprlen + 1], dlen - (*r_fprlen + 1));
+ (*r_url)[dlen - (*r_fprlen + 1)] = '\0';
}
else
- *url = NULL;
+ *r_url = NULL;
- ret = 2;
- break;
+ err = 0;
+ goto leave;
}
/* Neither type matches, so go around to the next answer. */
@@ -288,18 +339,18 @@ get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
}
}
- fail:
+ leave:
xfree (answer);
- return ret;
+ return err;
+
#endif /*!USE_ADNS */
#else /* !USE_DNS_CERT */
(void)name;
- (void)max_size;
- (void)iobuf;
- (void)fpr;
- (void)fpr_len;
- (void)url;
+ (void)r_key;
+ (void)r_fpr;
+ (void)r_fprlen;
+ (void)r_url;
- return -1;
+ return gpg_err_make (errsource, GPG_ERR_NOT_SUPPORTED);
#endif
}
diff --git a/common/dns-cert.h b/common/dns-cert.h
index ebfeec8..a1d3d86 100644
--- a/common/dns-cert.h
+++ b/common/dns-cert.h
@@ -19,8 +19,13 @@
#ifndef GNUPG_COMMON_DNS_CERT_H
#define GNUPG_COMMON_DNS_CERT_H
-int get_dns_cert (const char *name, size_t max_size, iobuf_t *iobuf,
- unsigned char **fpr, size_t *fpr_len, char **url);
+gpg_error_t _get_dns_cert (const char *name, estream_t *r_key,
+ unsigned char **r_fpr, size_t *r_fprlen,
+ char **r_url,
+ gpg_err_source_t errsource);
+#define get_dns_cert(a,b,c,d,e) \
+ _get_dns_cert ((a),(b),(c),(d),(e), GPG_ERR_SOURCE_DEFAULT);
+
#endif /*GNUPG_COMMON_DNS_CERT_H*/
diff --git a/common/t-dns-cert.c b/common/t-dns-cert.c
index f3e8892..1dcae6f 100644
--- a/common/t-dns-cert.c
+++ b/common/t-dns-cert.c
@@ -23,18 +23,17 @@
#include <assert.h>
#include "util.h"
-#include "iobuf.h"
#include "dns-cert.h"
int
main (int argc, char **argv)
{
+ gpg_error_t err;
unsigned char *fpr;
size_t fpr_len;
char *url;
- int rc;
- iobuf_t iobuf;
+ estream_t key;
char const *name;
if (argc)
@@ -55,18 +54,19 @@ main (int argc, char **argv)
printf ("CERT lookup on `%s'\n", name);
- rc = get_dns_cert (name, 65536, &iobuf, &fpr, &fpr_len, &url);
- if (rc == -1)
- fputs ("lookup result: error\n", stdout);
- else if (!rc)
- fputs ("lookup result: no answer\n", stdout);
- else if (rc == 1)
+ err = get_dns_cert (name, &key, &fpr, &fpr_len, &url);
+ if (err)
+ printf ("get_dns_cert failed: %s <%s>\n",
+ gpg_strerror (err), gpg_strsource (err));
+ else if (key)
{
- printf ("lookup result: %d bytes\n",
- (int)iobuf_get_temp_length(iobuf));
- iobuf_close (iobuf);
+ int count = 0;
+
+ while (es_getc (key) != EOF)
+ count++;
+ printf ("Key found (%d bytes)\n", count);
}
- else if (rc == 2)
+ else
{
if (fpr)
{
@@ -85,9 +85,11 @@ main (int argc, char **argv)
else
printf ("No URL found\n");
- xfree (fpr);
- xfree (url);
}
+ es_fclose (key);
+ xfree (fpr);
+ xfree (url);
+
return 0;
}
diff --git a/doc/gpg.texi b/doc/gpg.texi
index d00e01f..481e05e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1584,9 +1584,12 @@ are available for all keyserver types, some common options are:
Set the proxy to use for HTTP and HKP keyservers. This overrides the
"http_proxy" environment variable, if any.
+
+ at ifclear gpgtwoone
@item max-cert-size
When retrieving a key via DNS CERT, only accept keys up to this size.
Defaults to 16384 bytes.
+ at end ifclear
@item debug
Turn on debug output in the keyserver helper program. Note that the
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 629de81..4dadaab 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+2011-11-30 Werner Koch <wk at g10code.com>
+
+ * keyserver.c (keyserver_import_cert): Adjust for changed
+ get_dns_cert.
+
2011-11-28 Werner Koch <wk at g10code.com>
* keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.
diff --git a/g10/keyserver.c b/g10/keyserver.c
index efb0877..102f65d 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1691,9 +1691,10 @@ int
keyserver_import_cert (ctrl_t ctrl,
const char *name,unsigned char **fpr,size_t *fpr_len)
{
+ gpg_error_t err;
char *domain,*look,*url;
- IOBUF key;
- int type,rc=G10ERR_GENERAL;
+ estream_t key;
+
look=xstrdup(name);
@@ -1701,30 +1702,25 @@ keyserver_import_cert (ctrl_t ctrl,
if(domain)
*domain='.';
- type=get_dns_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
- if (!type || type == -1)
- {
- /* There might be an error in res_query which leads to an error
- return (-1) in the case that nothing was found. Thus we take
- all errors as key not found. */
- rc = G10ERR_NO_PUBKEY;
- }
- else if (type==1)
+ err = get_dns_cert (look, &key, fpr, fpr_len, &url);
+ if (err)
+ ;
+ else if (key)
{
int armor_status=opt.no_armor;
/* CERTs are always in binary format */
opt.no_armor=1;
- /* FIXME: Pass CTRL. */
- rc = import_keys_stream (NULL, key, NULL, fpr, fpr_len,
- opt.keyserver_options.import_options);
+ err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+ opt.keyserver_options.import_options);
opt.no_armor=armor_status;
- iobuf_close(key);
+ es_fclose (key);
+ key = NULL;
}
- else if(type==2 && *fpr)
+ else if (*fpr)
{
/* We only consider the IPGP type if a fingerprint was provided.
This lets us select the right key regardless of what a URL
@@ -1736,7 +1732,7 @@ keyserver_import_cert (ctrl_t ctrl,
spec=parse_keyserver_uri(url,1,NULL,0);
if(spec)
{
- rc = keyserver_import_fprint (ctrl, *fpr,*fpr_len,spec);
+ err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,spec);
free_keyserver_spec(spec);
}
}
@@ -1745,7 +1741,7 @@ keyserver_import_cert (ctrl_t ctrl,
/* If only a fingerprint is provided, try and fetch it from
our --keyserver */
- rc = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
+ err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
}
else
log_info(_("no keyserver known (use option --keyserver)\n"));
@@ -1754,12 +1750,12 @@ keyserver_import_cert (ctrl_t ctrl,
found, but no keyserver" " known (use option
--keyserver)\n" ? */
- xfree(url);
}
+ xfree(url);
xfree(look);
- return rc;
+ return err;
}
/* Import key pointed to by a PKA record. Return the requested
commit 8cf2356fa8aa1dda644314e6e656b3df1586e297
Author: Werner Koch <wk at gnupg.org>
Date: Wed Nov 30 17:03:53 2011 +0100
* common/estream.c (es_fopenmem_init): New.
* common/estream.h (es_fopenmem_init): New.
diff --git a/common/estream.c b/common/estream.c
index 20d365a..c55c7f2 100644
--- a/common/estream.c
+++ b/common/estream.c
@@ -2606,7 +2606,7 @@ es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode)
function but no free function. Providing only a free function is
allowed as long as GROW is false. */
estream_t
-es_mopen (unsigned char *ES__RESTRICT data, size_t data_n, size_t data_len,
+es_mopen (void *ES__RESTRICT data, size_t data_n, size_t data_len,
unsigned int grow,
func_realloc_t func_realloc, func_free_t func_free,
const char *ES__RESTRICT mode)
@@ -2657,7 +2657,6 @@ es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode)
return NULL;
modeflags |= O_RDWR;
-
if (func_mem_create (&cookie, NULL, 0, 0,
BUFFER_BLOCK_SIZE, 1,
mem_realloc, mem_free, modeflags,
@@ -2673,6 +2672,40 @@ es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode)
�
+/* This is the same as es_fopenmem but intializes the memory with a
+ copy of (DATA,DATALEN). The stream is initally set to the
+ beginning. If MEMLIMIT is not 0 but shorter than DATALEN it
+ DATALEN will be used as the value for MEMLIMIT. */
+estream_t
+es_fopenmem_init (size_t memlimit, const char *ES__RESTRICT mode,
+ const void *data, size_t datalen)
+{
+ estream_t stream;
+
+ if (memlimit && memlimit < datalen)
+ memlimit = datalen;
+
+ stream = es_fopenmem (memlimit, mode);
+ if (stream && data && datalen)
+ {
+ if (es_writen (stream, data, datalen, NULL))
+ {
+ int saveerrno = errno;
+ es_fclose (stream);
+ stream = NULL;
+ _set_errno (saveerrno);
+ }
+ else
+ {
+ es_seek (stream, 0L, SEEK_SET, NULL);
+ es_set_indicators (stream, 0, 0);
+ }
+ }
+ return stream;
+}
+
+
+�
estream_t
es_fopencookie (void *ES__RESTRICT cookie,
const char *ES__RESTRICT mode,
diff --git a/common/estream.h b/common/estream.h
index 432143f..4966276 100644
--- a/common/estream.h
+++ b/common/estream.h
@@ -76,6 +76,7 @@
#define es_fopen _ESTREAM_PREFIX(es_fopen)
#define es_mopen _ESTREAM_PREFIX(es_mopen)
#define es_fopenmem _ESTREAM_PREFIX(es_fopenmem)
+#define es_fopenmem_init _ESTREAM_PREFIX(es_fopenmem_init)
#define es_fdopen _ESTREAM_PREFIX(es_fdopen)
#define es_fdopen_nc _ESTREAM_PREFIX(es_fdopen_nc)
#define es_sysopen _ESTREAM_PREFIX(es_sysopen)
@@ -262,13 +263,15 @@ int es_init (void);
estream_t es_fopen (const char *ES__RESTRICT path,
const char *ES__RESTRICT mode);
-estream_t es_mopen (unsigned char *ES__RESTRICT data,
+estream_t es_mopen (void *ES__RESTRICT data,
size_t data_n, size_t data_len,
unsigned int grow,
void *(*func_realloc) (void *mem, size_t size),
void (*func_free) (void *mem),
const char *ES__RESTRICT mode);
estream_t es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode);
+estream_t es_fopenmem_init (size_t memlimit, const char *ES__RESTRICT mode,
+ const void *data, size_t datalen);
estream_t es_fdopen (int filedes, const char *mode);
estream_t es_fdopen_nc (int filedes, const char *mode);
estream_t es_sysopen (es_syshd_t *syshd, const char *mode);
commit 6d5bb8e79dcee868e823de2c4e9d0ec9a9308dda
Author: Werner Koch <wk at gnupg.org>
Date: Tue Nov 29 18:02:05 2011 +0100
Add parameter checks and extend documentation of estream.
* estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is not
set. Require FUNC_REALLOC if DATA is NULL and FUNC_FREE is given.
diff --git a/common/ChangeLog b/common/ChangeLog
index 943862a..d5682fc 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,5 +1,9 @@
2011-11-29 Werner Koch <wk at g10code.com>
+ * estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is
+ not set. Require FUNC_REALLOC if DATA is NULL and FUNC_FREE is
+ given.
+
* dns-cert.c: Use new CERTTYPE_ constants for better readability.
2011-11-28 Werner Koch <wk at g10code.com>
diff --git a/common/estream.c b/common/estream.c
index 8087a62..20d365a 100644
--- a/common/estream.c
+++ b/common/estream.c
@@ -539,7 +539,9 @@ typedef struct estream_cookie_mem
supplied buffer with the initial conetnt of the memory buffer. If
DATA is NULL, DATA_N and DATA_LEN need to be 0 as well. If DATA is
not NULL, DATA_N gives the allocated size of DATA and DATA_LEN the
- used length in DATA. */
+ used length in DATA. If this fucntion succeeds DATA is now owned
+ by this function. If GROW is false FUNC_REALLOC is not
+ required. */
static int
func_mem_create (void *ES__RESTRICT *ES__RESTRICT cookie,
unsigned char *ES__RESTRICT data, size_t data_n,
@@ -557,6 +559,11 @@ func_mem_create (void *ES__RESTRICT *ES__RESTRICT cookie,
_set_errno (EINVAL);
return -1;
}
+ if (grow && func_free && !func_realloc)
+ {
+ _set_errno (EINVAL);
+ return -1;
+ }
mem_cookie = mem_alloc (sizeof (*mem_cookie));
if (!mem_cookie)
@@ -571,7 +578,8 @@ func_mem_create (void *ES__RESTRICT *ES__RESTRICT cookie,
mem_cookie->data_len = data_len;
mem_cookie->block_size = block_size;
mem_cookie->flags.grow = !!grow;
- mem_cookie->func_realloc = func_realloc ? func_realloc : mem_realloc;
+ mem_cookie->func_realloc
+ = grow? (func_realloc ? func_realloc : mem_realloc) : NULL;
mem_cookie->func_free = func_free ? func_free : mem_free;
*cookie = mem_cookie;
err = 0;
@@ -622,7 +630,8 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size)
assert (mem_cookie->memory_size >= mem_cookie->offset);
nleft = mem_cookie->memory_size - mem_cookie->offset;
- /* If we are not allowed to grow limit the size to the left space. */
+ /* If we are not allowed to grow the buffer, limit the size to the
+ left space. */
if (!mem_cookie->flags.grow && size > nleft)
size = nleft;
@@ -663,6 +672,7 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size)
return -1;
}
+ assert (mem_cookie->func_realloc);
newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize);
if (!newbuf)
return -1;
@@ -738,6 +748,7 @@ es_func_mem_seek (void *cookie, off_t *offset, int whence)
return -1;
}
+ assert (mem_cookie->func_realloc);
newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize);
if (!newbuf)
return -1;
@@ -2580,23 +2591,33 @@ es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode)
�
+/* Create a new estream object in memory. If DATA is not NULL this
+ buffer will be used as the memory buffer; thus after this functions
+ returns with the success the the memory at DATA belongs to the new
+ estream. The allocated length of DATA is given by DATA_LEN and its
+ used length by DATA_N. Usually this is malloced buffer; if a
+ static buffer is provided, the caller must pass false for GROW and
+ provide a dummy function for FUNC_FREE. FUNC_FREE and FUNC_REALLOC
+ allow the caller to provide custom functions for realloc and free
+ to be used by the new estream object. Note that the realloc
+ function is also used for initial allocation. If DATA is NULL a
+ buffer is internally allocated; either using internal function or
+ those provide by the caller. It is an error to provide a realloc
+ function but no free function. Providing only a free function is
+ allowed as long as GROW is false. */
estream_t
es_mopen (unsigned char *ES__RESTRICT data, size_t data_n, size_t data_len,
unsigned int grow,
func_realloc_t func_realloc, func_free_t func_free,
const char *ES__RESTRICT mode)
{
+ int create_called = 0;
+ estream_t stream = NULL;
+ void *cookie = NULL;
unsigned int modeflags;
- int create_called;
- estream_t stream;
- void *cookie;
int err;
es_syshd_t syshd;
- cookie = 0;
- stream = NULL;
- create_called = 0;
-
err = parse_mode (mode, &modeflags, NULL);
if (err)
goto out;
commit d24f41641f5a7c3a9be2a6e585a7e2e5031c01d7
Author: Werner Koch <wk at gnupg.org>
Date: Tue Nov 29 13:17:20 2011 +0100
dns-cert.c: Use constants for better readability.
diff --git a/common/ChangeLog b/common/ChangeLog
index 46a61dd..943862a 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,3 +1,7 @@
+2011-11-29 Werner Koch <wk at g10code.com>
+
+ * dns-cert.c: Use new CERTTYPE_ constants for better readability.
+
2011-11-28 Werner Koch <wk at g10code.com>
* t-dns-cert.c (main): Increase MAX_SIZE to 64k.
diff --git a/common/dns-cert.c b/common/dns-cert.c
index cd8724a..9b6c6c8 100644
--- a/common/dns-cert.c
+++ b/common/dns-cert.c
@@ -1,4 +1,4 @@
-/* dns-cert.c - DNS CERT code
+/* dns-cert.c - DNS CERT code (rfc-4398)
* Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
@@ -50,9 +50,21 @@
#define my_adns_r_cert 37
+/* Certificate types according to RFC-4398. */
+#define CERTTYPE_PKIX 1 /* X.509 as per PKIX. */
+#define CERTTYPE_SPKI 2 /* SPKI certificate. */
+#define CERTTYPE_PGP 3 /* OpenPGP packet. */
+#define CERTTYPE_IPKIX 4 /* The URL of an X.509 data object. */
+#define CERTTYPE_ISPKI 5 /* The URL of an SPKI certificate. */
+#define CERTTYPE_IPGP 6 /* The fingerprint and URL of an OpenPGP packet.*/
+#define CERTTYPE_ACPKIX 7 /* Attribute Certificate. */
+#define CERTTYPE_IACPKIX 8 /* The URL of an Attribute Certificate. */
+#define CERTTYPE_URI 253 /* URI private. */
+#define CERTTYPE_OID 254 /* OID private. */
+
/* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for
- IPGP provided. Note that this function retruns the first CERT
+ IPGP provided. Note that this function returns the first CERT
found with a supported type; it is expected that only one CERT
record is used. */
int
@@ -105,18 +117,18 @@ get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
data += 5;
datalen -= 5;
- if (ctype == 3 && datalen >= 11)
+ if (ctype == CERTTYPE_PGP && datalen >= 11)
{
/* CERT type is PGP. Gpg checks for a minimum length of 11,
thus we do the same. */
*iobuf = iobuf_temp_with_content ((char *)data, datalen);
rc = 1;
}
- else if (ctype == 6 && datalen && datalen < 1023
+ else if (ctype == CERTTYPE_IPGP && datalen && datalen < 1023
&& datalen >= data[0] + 1 && fpr && fpr_len && url)
{
- /* CERT type is IPGP. We made sure tha the data is
- plausible and that the caller requested the
+ /* CERT type is IPGP. We made sure that the data is
+ plausible and that the caller requested this
information. */
*fpr_len = data[0];
if (*fpr_len)
@@ -236,14 +248,15 @@ get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
/* 15 bytes takes us to here */
- if (ctype == 3 && iobuf && dlen)
+ if (ctype == CERTTYPE_PGP && iobuf && dlen)
{
/* PGP type */
*iobuf = iobuf_temp_with_content ((char *) pt, dlen);
ret = 1;
break;
}
- else if (ctype == 6 && dlen && dlen < 1023 && dlen >= pt[0] + 1
+ else if (ctype == CERTTYPE_IPGP
+ && dlen && dlen < 1023 && dlen >= pt[0] + 1
&& fpr && fpr_len && url)
{
/* IPGP type */
commit 9dc89de7a840c4a210e64b402094235a72e1c921
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 28 18:36:21 2011 +0100
Actually increase buffer size of t-dns-cert.c.
diff --git a/common/t-dns-cert.c b/common/t-dns-cert.c
index a2b14f2..f3e8892 100644
--- a/common/t-dns-cert.c
+++ b/common/t-dns-cert.c
@@ -55,7 +55,7 @@ main (int argc, char **argv)
printf ("CERT lookup on `%s'\n", name);
- rc = get_dns_cert (name, 16384, &iobuf, &fpr, &fpr_len, &url);
+ rc = get_dns_cert (name, 65536, &iobuf, &fpr, &fpr_len, &url);
if (rc == -1)
fputs ("lookup result: error\n", stdout);
else if (!rc)
commit 295b9e29c5f8fa49a767f9404aaca0afa1f31683
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 28 18:35:19 2011 +0100
Re-indented dns-cert.c
diff --git a/common/dns-cert.c b/common/dns-cert.c
index db1c7be..cd8724a 100644
--- a/common/dns-cert.c
+++ b/common/dns-cert.c
@@ -56,8 +56,8 @@
found with a supported type; it is expected that only one CERT
record is used. */
int
-get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
- unsigned char **fpr, size_t *fpr_len, char **url)
+get_dns_cert (const char *name, size_t max_size, IOBUF * iobuf,
+ unsigned char **fpr, size_t * fpr_len, char **url)
{
#ifdef USE_DNS_CERT
#ifdef USE_ADNS
@@ -92,7 +92,7 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
return 0;
}
- for (rc = 0, count=0; !rc && count < answer->nrrs; count++)
+ for (rc = 0, count = 0; !rc && count < answer->nrrs; count++)
{
int datalen = answer->rrs.byteblock[count].len;
const unsigned char *data = answer->rrs.byteblock[count].data;
@@ -100,7 +100,7 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
if (datalen < 5)
continue; /* Truncated CERT record - skip. */
- ctype = ((data[0]<<8)|data[1]);
+ ctype = ((data[0] << 8) | data[1]);
/* (key tag and algorithm fields are not required.) */
data += 5;
datalen -= 5;
@@ -109,11 +109,11 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
{
/* CERT type is PGP. Gpg checks for a minimum length of 11,
thus we do the same. */
- *iobuf = iobuf_temp_with_content ((char*)data, datalen);
+ *iobuf = iobuf_temp_with_content ((char *)data, datalen);
rc = 1;
}
else if (ctype == 6 && datalen && datalen < 1023
- && datalen >= data[0]+1 && fpr && fpr_len && url)
+ && datalen >= data[0] + 1 && fpr && fpr_len && url)
{
/* CERT type is IPGP. We made sure tha the data is
plausible and that the caller requested the
@@ -122,16 +122,16 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
if (*fpr_len)
{
*fpr = xmalloc (*fpr_len);
- memcpy (*fpr, data+1, *fpr_len);
+ memcpy (*fpr, data + 1, *fpr_len);
}
else
*fpr = NULL;
if (datalen > *fpr_len + 1)
{
- *url = xmalloc (datalen - (*fpr_len+1) + 1);
- memcpy (*url, data + (*fpr_len+1), datalen - (*fpr_len+1));
- (*url)[datalen - (*fpr_len+1)] = '\0';
+ *url = xmalloc (datalen - (*fpr_len + 1) + 1);
+ memcpy (*url, data + (*fpr_len + 1), datalen - (*fpr_len + 1));
+ (*url)[datalen - (*fpr_len + 1)] = '\0';
}
else
*url = NULL;
@@ -147,137 +147,138 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
#else /*!USE_ADNS*/
unsigned char *answer;
- int r,ret=-1;
+ int ret = -1;
+ int r;
u16 count;
- if(fpr)
- *fpr=NULL;
+ if (fpr)
+ *fpr = NULL;
- if(url)
- *url=NULL;
+ if (url)
+ *url = NULL;
- answer=xmalloc(max_size);
+ answer = xmalloc (max_size);
- r=res_query(name,C_IN,T_CERT,answer,max_size);
+ r = res_query (name, C_IN, T_CERT, answer, max_size);
/* Not too big, not too small, no errors and at least 1 answer. */
- if(r>=sizeof(HEADER) && r<=max_size
- && (((HEADER *)answer)->rcode)==NOERROR
- && (count=ntohs(((HEADER *)answer)->ancount)))
+ if (r >= sizeof (HEADER) && r <= max_size
+ && (((HEADER *) answer)->rcode) == NOERROR
+ && (count = ntohs (((HEADER *) answer)->ancount)))
{
int rc;
- unsigned char *pt,*emsg;
+ unsigned char *pt, *emsg;
- emsg=&answer[r];
+ emsg = &answer[r];
- pt=&answer[sizeof(HEADER)];
+ pt = &answer[sizeof (HEADER)];
/* Skip over the query */
- rc=dn_skipname(pt,emsg);
- if(rc==-1)
- goto fail;
+ rc = dn_skipname (pt, emsg);
+ if (rc == -1)
+ goto fail;
- pt+=rc+QFIXEDSZ;
+ pt += rc + QFIXEDSZ;
/* There are several possible response types for a CERT request.
- We're interested in the PGP (a key) and IPGP (a URI) types.
- Skip all others. TODO: A key is better than a URI since
- we've gone through all this bother to fetch it, so favor that
- if we have both PGP and IPGP? */
-
- while(count-->0 && pt<emsg)
- {
- u16 type,class,dlen,ctype;
-
- rc=dn_skipname(pt,emsg); /* the name we just queried for */
- if(rc==-1)
- break;
-
- pt+=rc;
-
- /* Truncated message? 15 bytes takes us to the point where
- we start looking at the ctype. */
- if((emsg-pt)<15)
- break;
-
- type=*pt++ << 8;
- type|=*pt++;
-
- class=*pt++ << 8;
- class|=*pt++;
- /* We asked for IN and got something else !? */
- if(class!=C_IN)
- break;
-
- /* ttl */
- pt+=4;
-
- /* data length */
- dlen=*pt++ << 8;
- dlen|=*pt++;
-
- /* We asked for CERT and got something else - might be a
- CNAME, so loop around again. */
- if(type!=T_CERT)
- {
- pt+=dlen;
- continue;
- }
-
- /* The CERT type */
- ctype=*pt++ << 8;
- ctype|=*pt++;
-
- /* Skip the CERT key tag and algo which we don't need. */
- pt+=3;
-
- dlen-=5;
-
- /* 15 bytes takes us to here */
-
- if(ctype==3 && iobuf && dlen)
- {
- /* PGP type */
- *iobuf=iobuf_temp_with_content((char *)pt,dlen);
- ret=1;
- break;
- }
- else if(ctype==6 && dlen && dlen<1023 && dlen>=pt[0]+1
- && fpr && fpr_len && url)
- {
- /* IPGP type */
- *fpr_len=pt[0];
-
- if(*fpr_len)
- {
- *fpr=xmalloc(*fpr_len);
- memcpy(*fpr,&pt[1],*fpr_len);
- }
- else
- *fpr=NULL;
-
- if(dlen>*fpr_len+1)
- {
- *url=xmalloc(dlen-(*fpr_len+1)+1);
- memcpy(*url,&pt[*fpr_len+1],dlen-(*fpr_len+1));
- (*url)[dlen-(*fpr_len+1)]='\0';
- }
- else
- *url=NULL;
-
- ret=2;
- break;
- }
-
- /* Neither type matches, so go around to the next answer. */
- pt+=dlen;
- }
+ We're interested in the PGP (a key) and IPGP (a URI) types.
+ Skip all others. TODO: A key is better than a URI since
+ we've gone through all this bother to fetch it, so favor that
+ if we have both PGP and IPGP? */
+
+ while (count-- > 0 && pt < emsg)
+ {
+ u16 type, class, dlen, ctype;
+
+ rc = dn_skipname (pt, emsg); /* the name we just queried for */
+ if (rc == -1)
+ break;
+
+ pt += rc;
+
+ /* Truncated message? 15 bytes takes us to the point where
+ we start looking at the ctype. */
+ if ((emsg - pt) < 15)
+ break;
+
+ type = *pt++ << 8;
+ type |= *pt++;
+
+ class = *pt++ << 8;
+ class |= *pt++;
+ /* We asked for IN and got something else !? */
+ if (class != C_IN)
+ break;
+
+ /* ttl */
+ pt += 4;
+
+ /* data length */
+ dlen = *pt++ << 8;
+ dlen |= *pt++;
+
+ /* We asked for CERT and got something else - might be a
+ CNAME, so loop around again. */
+ if (type != T_CERT)
+ {
+ pt += dlen;
+ continue;
+ }
+
+ /* The CERT type */
+ ctype = *pt++ << 8;
+ ctype |= *pt++;
+
+ /* Skip the CERT key tag and algo which we don't need. */
+ pt += 3;
+
+ dlen -= 5;
+
+ /* 15 bytes takes us to here */
+
+ if (ctype == 3 && iobuf && dlen)
+ {
+ /* PGP type */
+ *iobuf = iobuf_temp_with_content ((char *) pt, dlen);
+ ret = 1;
+ break;
+ }
+ else if (ctype == 6 && dlen && dlen < 1023 && dlen >= pt[0] + 1
+ && fpr && fpr_len && url)
+ {
+ /* IPGP type */
+ *fpr_len = pt[0];
+
+ if (*fpr_len)
+ {
+ *fpr = xmalloc (*fpr_len);
+ memcpy (*fpr, &pt[1], *fpr_len);
+ }
+ else
+ *fpr = NULL;
+
+ if (dlen > *fpr_len + 1)
+ {
+ *url = xmalloc (dlen - (*fpr_len + 1) + 1);
+ memcpy (*url, &pt[*fpr_len + 1], dlen - (*fpr_len + 1));
+ (*url)[dlen - (*fpr_len + 1)] = '\0';
+ }
+ else
+ *url = NULL;
+
+ ret = 2;
+ break;
+ }
+
+ /* Neither type matches, so go around to the next answer. */
+ pt += dlen;
+ }
}
fail:
- xfree(answer);
+ xfree (answer);
return ret;
-#endif /*!USE_ADNS*/
+#endif /*!USE_ADNS */
#else /* !USE_DNS_CERT */
(void)name;
(void)max_size;
commit f95cb909ba505f03ce81816c23dd58718b8cb6e6
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 28 18:18:12 2011 +0100
Increase the default buffer size for DNS certificates.
* common/t-dns-cert.c (main): Increase MAX_SIZE to 64k.
* g10/keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.
diff --git a/common/ChangeLog b/common/ChangeLog
index dd7ef53..46a61dd 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,5 +1,7 @@
2011-11-28 Werner Koch <wk at g10code.com>
+ * t-dns-cert.c (main): Increase MAX_SIZE to 64k.
+
* dns-cert.c (get_dns_cert): Factor test code out to ...
* t-dns-cert.c: new file.
diff --git a/g10/ChangeLog b/g10/ChangeLog
index c799fc9..629de81 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,7 @@
+2011-11-28 Werner Koch <wk at g10code.com>
+
+ * keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.
+
2011-11-22 Werner Koch <wk at g10code.com>
* pubkey-enc.c (get_session_key): Don't print anonymous recipient
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 68dd155..efb0877 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -115,8 +115,9 @@ static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
struct keyserver_spec *keyserver);
-/* Reasonable guess */
-#define DEFAULT_MAX_CERT_SIZE 16384
+/* Reasonable guess. The commonly used test key simon.josefsson.org
+ is larger than 32k, thus we need at least this value. */
+#define DEFAULT_MAX_CERT_SIZE 65536
static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
commit 982105f1ce85c92482def1d66f1f44e438ae5ab6
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 28 18:11:59 2011 +0100
Use separate test module for dns-cert.c.
* dns-cert.c (get_dns_cert): Factor test code out to ...
* t-dns-cert.c: new file.
diff --git a/common/ChangeLog b/common/ChangeLog
index 54435f4..dd7ef53 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,3 +1,8 @@
+2011-11-28 Werner Koch <wk at g10code.com>
+
+ * dns-cert.c (get_dns_cert): Factor test code out to ...
+ * t-dns-cert.c: new file.
+
2011-10-24 Werner Koch <wk at g10code.com>
* dotlock.h, dotlock.c: Add alternative to allow distribution of
diff --git a/common/Makefile.am b/common/Makefile.am
index 555d088..7821e04 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -162,7 +162,7 @@ if HAVE_W32_SYSTEM
jnlib_tests += t-w32-reg
endif
module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil \
- t-session-env t-openpgp-oid t-ssh-utils
+ t-session-env t-openpgp-oid t-ssh-utils t-dns-cert
if !HAVE_W32CE_SYSTEM
module_tests += t-exechelp
endif
@@ -196,3 +196,4 @@ t_exechelp_LDADD = $(t_common_ldadd)
t_session_env_LDADD = $(t_common_ldadd)
t_openpgp_oid_LDADD = $(t_common_ldadd)
t_ssh_utils_LDADD = $(t_common_ldadd)
+t_dns_cert_LDADD = $(t_common_ldadd) $(DNSLIBS)
diff --git a/common/dns-cert.c b/common/dns-cert.c
index 888ffb7..db1c7be 100644
--- a/common/dns-cert.c
+++ b/common/dns-cert.c
@@ -46,13 +46,13 @@
#define T_CERT 37
#endif
-/* ADNS has no support for CERT yes. */
+/* ADNS has no support for CERT yet. */
#define my_adns_r_cert 37
/* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for
- IPGP provided. Note that this fucntion retruns the first CERT
+ IPGP provided. Note that this function retruns the first CERT
found with a supported type; it is expected that only one CERT
record is used. */
int
@@ -289,61 +289,3 @@ get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
return -1;
#endif
}
-
-
-
-/* Test with simon.josefsson.org */
-
-#ifdef TEST
-int
-main(int argc,char *argv[])
-{
- unsigned char *fpr;
- size_t fpr_len;
- char *url;
- int rc;
- IOBUF iobuf;
-
- if(argc!=2)
- {
- printf("cert-test [name]\n");
- return 1;
- }
-
- printf("CERT lookup on %s\n",argv[1]);
-
- rc=get_dns_cert (argv[1],16384,&iobuf,&fpr,&fpr_len,&url);
- if(rc==-1)
- printf("error\n");
- else if(rc==0)
- printf("no answer\n");
- else if(rc==1)
- {
- printf("key found: %d bytes\n",(int)iobuf_get_temp_length(iobuf));
- iobuf_close(iobuf);
- }
- else if(rc==2)
- {
- if(fpr)
- {
- size_t i;
- printf("Fingerprint found (%d bytes): ",(int)fpr_len);
- for(i=0;i<fpr_len;i++)
- printf("%02X",fpr[i]);
- printf("\n");
- }
- else
- printf("No fingerprint found\n");
-
- if(url)
- printf("URL found: %s\n",url);
- else
- printf("No URL found\n");
-
- xfree(fpr);
- xfree(url);
- }
-
- return 0;
-}
-#endif /* TEST */
diff --git a/common/dns-cert.h b/common/dns-cert.h
index 8275339..ebfeec8 100644
--- a/common/dns-cert.h
+++ b/common/dns-cert.h
@@ -19,7 +19,7 @@
#ifndef GNUPG_COMMON_DNS_CERT_H
#define GNUPG_COMMON_DNS_CERT_H
-int get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
+int get_dns_cert (const char *name, size_t max_size, iobuf_t *iobuf,
unsigned char **fpr, size_t *fpr_len, char **url);
diff --git a/common/t-dns-cert.c b/common/t-dns-cert.c
new file mode 100644
index 0000000..a2b14f2
--- /dev/null
+++ b/common/t-dns-cert.c
@@ -0,0 +1,93 @@
+/* t-dns-cert.c - Module test for dns-cert.c
+ * Copyright (C) 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "util.h"
+#include "iobuf.h"
+#include "dns-cert.h"
+
+
+int
+main (int argc, char **argv)
+{
+ unsigned char *fpr;
+ size_t fpr_len;
+ char *url;
+ int rc;
+ iobuf_t iobuf;
+ char const *name;
+
+ if (argc)
+ {
+ argc--;
+ argv++;
+ }
+
+ if (!argc)
+ name = "simon.josefsson.org";
+ else if (argc == 1)
+ name = *argv;
+ else
+ {
+ fputs ("usage: t-dns-cert [name]\n", stderr);
+ return 1;
+ }
+
+ printf ("CERT lookup on `%s'\n", name);
+
+ rc = get_dns_cert (name, 16384, &iobuf, &fpr, &fpr_len, &url);
+ if (rc == -1)
+ fputs ("lookup result: error\n", stdout);
+ else if (!rc)
+ fputs ("lookup result: no answer\n", stdout);
+ else if (rc == 1)
+ {
+ printf ("lookup result: %d bytes\n",
+ (int)iobuf_get_temp_length(iobuf));
+ iobuf_close (iobuf);
+ }
+ else if (rc == 2)
+ {
+ if (fpr)
+ {
+ int i;
+
+ printf ("Fingerprint found (%d bytes): ", (int)fpr_len);
+ for (i = 0; i < fpr_len; i++)
+ printf ("%02X", fpr[i]);
+ putchar ('\n');
+ }
+ else
+ printf ("No fingerprint found\n");
+
+ if (url)
+ printf ("URL found: %s\n", url);
+ else
+ printf ("No URL found\n");
+
+ xfree (fpr);
+ xfree (url);
+ }
+
+ return 0;
+}
-----------------------------------------------------------------------
Summary of changes:
common/ChangeLog | 30 ++++
common/Makefile.am | 3 +-
common/dns-cert.c | 439 ++++++++++++++++++++++++++-------------------------
common/dns-cert.h | 9 +-
common/estream.c | 78 ++++++++--
common/estream.h | 5 +-
common/t-dns-cert.c | 95 +++++++++++
doc/gpg.texi | 3 +
g10/ChangeLog | 9 +
g10/keyserver.c | 41 +++---
10 files changed, 458 insertions(+), 254 deletions(-)
create mode 100644 common/t-dns-cert.c
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list