[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-51-g52c6c30
by Werner Koch
cvs at cvs.gnupg.org
Thu Feb 26 18:33:42 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 52c6c30647a96162a10715e667299167717c58dd (commit)
via 240451a26e3e1fdabe0451a33f8918d4adfa852b (commit)
via 484d0730582a57808333e6af58d51c471f2b125a (commit)
via 2e7a3ed39007deb561a9175f7fccd52946c85d28 (commit)
via d2323ce6fdceeba9765f23a1d5b5e4cb127d99ed (commit)
via 0d286a11c857a8f84b084b6f4e8a38737adca034 (commit)
from 6cbc75e71295f23431c4ab95edc7573f2fc28476 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 52c6c30647a96162a10715e667299167717c58dd
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 26 16:34:44 2015 +0100
Switch to a hash and CERT record based PKA system.
* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen. Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--
Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.
The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time. Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified. Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key. Having a solid way of getting a key matching
a mail address is however a must have.
More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase. The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.
Signed-off-by: Werner Koch <wk at gnupg.org>
This is a backport from master.
(backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b)
diff --git a/configure.ac b/configure.ac
index b8f3ddd..512ae74 100644
--- a/configure.ac
+++ b/configure.ac
@@ -703,18 +703,13 @@ if test x"$try_dns" = xyes ; then
use_dns_srv=$enableval,use_dns_srv=yes)
fi
- AC_ARG_ENABLE(dns-pka,
- AC_HELP_STRING([--disable-dns-pka],
- [disable the use of PKA records in DNS]),
- use_dns_pka=$enableval,use_dns_pka=yes)
-
AC_ARG_ENABLE(dns-cert,
AC_HELP_STRING([--disable-dns-cert],
[disable the use of CERT records in DNS]),
use_dns_cert=$enableval,use_dns_cert=yes)
fi
-if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
+if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
_dns_save_libs=$LIBS
LIBS=""
# the double underscore thing is a glibc-ism?
@@ -762,10 +757,6 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes || test x"$use_dns
AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
fi
- if test x"$use_dns_pka" = xyes ; then
- AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
- fi
-
if test x"$use_dns_cert" = xyes ; then
AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
fi
@@ -775,7 +766,6 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes || test x"$use_dns
fi
else
use_dns_srv=no
- use_dns_pka=no
use_dns_cert=no
fi
diff --git a/g10/getkey.c b/g10/getkey.c
index 9870710..d5d1135 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3063,10 +3063,8 @@ parse_auto_key_locate(char *options)
else if(ascii_strcasecmp(tok,"cert")==0)
akl->type=AKL_CERT;
#endif
-#ifdef USE_DNS_PKA
else if(ascii_strcasecmp(tok,"pka")==0)
akl->type=AKL_PKA;
-#endif
else if((akl->spec=parse_keyserver_uri(tok,1,NULL,0)))
akl->type=AKL_SPEC;
else
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 568a7fa..7b8dda9 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -2229,8 +2229,8 @@ keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
*fpr=xmalloc(20);
*fpr_len=20;
- uri = get_pka_info (name, *fpr);
- if (uri)
+ uri = get_pka_info (name, *fpr, 20);
+ if (uri && *uri)
{
struct keyserver_spec *spec;
spec = parse_keyserver_uri (uri, 1, NULL, 0);
@@ -2239,11 +2239,14 @@ keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
rc=keyserver_import_fprint (*fpr, 20, spec);
free_keyserver_spec (spec);
}
- xfree (uri);
}
+ xfree (uri);
- if(rc!=0)
- xfree(*fpr);
+ if (rc)
+ {
+ xfree(*fpr);
+ *fpr = NULL;
+ }
return rc;
}
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 15baefe..2cf6dbc 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1443,7 +1443,8 @@ pka_uri_from_sig (PKT_signature *sig)
{
char *uri;
- uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr);
+ uri = get_pka_info (sig->pka_info->email,
+ sig->pka_info->fpr, sizeof sig->pka_info->fpr);
if (uri)
{
sig->pka_info->valid = 1;
diff --git a/include/util.h b/include/util.h
index 4cc5801..312a022 100644
--- a/include/util.h
+++ b/include/util.h
@@ -196,6 +196,7 @@ char *string_to_utf8 (const char *string);
int ascii_isupper (int c);
int ascii_islower (int c);
int ascii_memcasecmp( const char *a, const char *b, size_t n);
+char *ascii_strlwr (char *s);
#ifndef HAVE_STPCPY
char *stpcpy(char *a,const char *b);
@@ -251,7 +252,7 @@ char *xtryvasprintf (const char *fmt, va_list arg_ptr);
char *strconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0);
/*-- pka.c --*/
-char *get_pka_info (const char *address, unsigned char *fpr);
+char *get_pka_info (const char *address, void *fprbuf, size_t fprbuflen);
/*-- cert.c --*/
int get_cert (const char *name, int want_ipgp, size_t max_size, IOBUF *iobuf,
diff --git a/util/pka.c b/util/pka.c
index 08c82f1..91b39ed 100644
--- a/util/pka.c
+++ b/util/pka.c
@@ -1,5 +1,6 @@
-/* pka.c - DNS Public Key Association RR access
- * Copyright (C) 2005, 2007 Free Software Foundation, Inc.
+/* pka.c - DNS Public Key Association CERT record access
+ * Copyright (C) 1998-2015 Free Software Foundation, Inc.
+ * Copyright (C) 1998-2015 Werner Koch
*
* This file is part of GnuPG.
*
@@ -22,241 +23,237 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-
-#ifdef USE_DNS_PKA
-# include <sys/types.h>
-# ifdef _WIN32
-# include <windows.h>
-# else
-# include <netinet/in.h>
-# include <arpa/nameser.h>
-# include <arpa/inet.h>
-# include <resolv.h>
- /* Not every installation has gotten around to supporting CERTs yet... */
-# ifndef T_CERT
-# define T_CERT 37
-# ifdef __VMS
-# include "cert_vms.h"
-# endif /* def __VMS */
-# endif
-# endif
-#endif /* USE_DNS_PKA */
+#include <errno.h>
#include "memory.h"
#include "types.h"
+#include "cipher.h"
#include "util.h"
+static int
+string_has_ctrl_or_space (const char *string)
+{
+ for (; *string; string++ )
+ if (!(*string & 0x80) && *string <= 0x20)
+ return 1;
+ return 0;
+}
-#ifdef USE_DNS_PKA
-/* Parse the TXT resource record. Format is:
-
- v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string
-
- For simplicity white spaces are not allowed. Because we expect to
- use a new RRTYPE for this in the future we define the TXT really
- strict for simplicity: No white spaces, case sensitivity of the
- names, order must be as given above. Only URI is optional.
- This function modifies BUFFER. On success 0 is returned, the 20
- byte fingerprint stored at FPR and BUFFER contains the URI or an
- empty string.
-*/
+/* Return true if STRING has two consecutive '.' after an '@'
+ sign. */
static int
-parse_txt_record (char *buffer, unsigned char *fpr)
+has_dotdot_after_at (const char *string)
{
- char *p, *pend;
- int i;
+ string = strchr (string, '@');
+ if (!string)
+ return 0; /* No at-sign. */
+ string++;
+ return !!strstr (string, "..");
+}
- p = buffer;
- pend = strchr (p, ';');
- if (!pend)
- return -1;
- *pend++ = 0;
- if (strcmp (p, "v=pka1"))
- return -1; /* Wrong or missing version. */
- p = pend;
- pend = strchr (p, ';');
- if (pend)
- *pend++ = 0;
- if (strncmp (p, "fpr=", 4))
- return -1; /* Missing fingerprint part. */
- p += 4;
- for (i=0; i < 20 && hexdigitp (p) && hexdigitp (p+1); i++, p += 2)
- fpr[i] = xtoi_2 (p);
- if (i != 20)
- return -1; /* Fingerprint consists not of exactly 40 hexbytes. */
+/* Return the mailbox (local-part at domain) form a standard user id.
+ Caller must free the result. Returns NULL if no valid mailbox was
+ found (or we are out of memory). */
+static char *
+mailbox_from_userid (const char *userid)
+{
+ const char *s, *s_end;
+ size_t len;
+ char *result = NULL;
- p = pend;
- if (!p || !*p)
+ s = strchr (userid, '<');
+ if (s)
{
- *buffer = 0;
- return 0; /* Success (no URI given). */
+ /* Seems to be a standard user id. */
+ s++;
+ s_end = strchr (s, '>');
+ if (s_end && s_end > s)
+ {
+ len = s_end - s;
+ result = xmalloc (len + 1);
+ strncpy (result, s, len);
+ result[len] = 0;
+ /* Apply some basic checks on the address. We do not use
+ is_valid_mailbox because those checks are too strict. */
+ if (string_count_chr (result, '@') != 1 /* Need exactly one '@. */
+ || *result == '@' /* local-part missing. */
+ || result[len-1] == '@' /* domain missing. */
+ || result[len-1] == '.' /* ends with a dot. */
+ || string_has_ctrl_or_space (result)
+ || has_dotdot_after_at (result))
+ {
+ xfree (result);
+ result = NULL;
+ errno = EINVAL;
+ }
+ }
+ else
+ errno = EINVAL;
}
- if (strncmp (p, "uri=", 4))
- return -1; /* Unknown part. */
- p += 4;
- /* There is an URI, copy it to the start of the buffer. */
- while (*p)
- *buffer++ = *p++;
- *buffer = 0;
- return 0;
-}
-
+ else if (is_valid_mailbox (userid))
+ {
+ /* The entire user id is a mailbox. Return that one. Note that
+ this fallback method has some restrictions on the valid
+ syntax of the mailbox. However, those who want weird
+ addresses should know about it and use the regular <...>
+ syntax. */
+ result = xtrystrdup (userid);
+ }
+ else
+ errno = EINVAL;
-/* For the given email ADDRESS lookup the PKA information in the DNS.
+ return result? ascii_strlwr (result) : NULL;
+}
- On success the 20 byte SHA-1 fingerprint is stored at FPR and the
- URI will be returned in an allocated buffer. Note that the URI
- might be an zero length string as this information is optiobnal.
- Caller must xfree the returned string.
- On error NULL is returned and the 20 bytes at FPR are not
- defined. */
-char *
-get_pka_info (const char *address, unsigned char *fpr)
+/* Zooko's base32 variant. See RFC-6189 and
+ http://philzimmermann.com/docs/human-oriented-base-32-encoding.txt
+ Caller must xfree the returned string. Returns NULL and sets ERRNO
+ on error. To avoid integer overflow DATALEN is limited to 2^16
+ bytes. Note, that DATABITS is measured in bits!. */
+static char *
+zb32_encode (const void *data, unsigned int databits)
{
- union
+ static char const zb32asc[32] = {'y','b','n','d','r','f','g','8',
+ 'e','j','k','m','c','p','q','x',
+ 'o','t','1','u','w','i','s','z',
+ 'a','3','4','5','h','7','6','9' };
+ const unsigned char *s;
+ char *output, *d;
+ size_t datalen;
+
+ datalen = (databits + 7) / 8;
+ if (datalen > (1 << 16))
{
- signed char p[PACKETSZ];
- HEADER h;
- } answer;
- int anslen;
- int qdcount, ancount;
- int rc;
- unsigned char *p, *pend;
- const char *domain;
- char *name;
-
-
- domain = strrchr (address, '@');
- if (!domain || domain == address || !domain[1])
- return NULL; /* invalid mail address given. */
-
- name = malloc (strlen (address) + 5 + 1);
- memcpy (name, address, domain - address);
- strcpy (stpcpy (name + (domain-address), "._pka."), domain+1);
-
- anslen = res_query (name, C_IN, T_TXT, answer.p, PACKETSZ);
- xfree (name);
- if (anslen < sizeof(HEADER))
- return NULL; /* DNS resolver returned a too short answer. */
- if ( (rc=answer.h.rcode) != NOERROR )
- return NULL; /* DNS resolver returned an error. */
-
- /* We assume that PACKETSZ is large enough and don't do dynmically
- expansion of the buffer. */
- if (anslen > PACKETSZ)
- return NULL; /* DNS resolver returned a too long answer */
-
- qdcount = ntohs (answer.h.qdcount);
- ancount = ntohs (answer.h.ancount);
-
- if (!ancount)
- return NULL; /* Got no answer. */
+ errno = EINVAL;
+ return NULL;
+ }
- p = answer.p + sizeof (HEADER);
- pend = answer.p + anslen; /* Actually points directly behind the buffer. */
+ d = output = xtrymalloc (8 * (datalen / 5)
+ + 2 * (datalen % 5)
+ - ((datalen%5)>2)
+ + 1);
+ if (!output)
+ return NULL;
- while (qdcount-- && p < pend)
+ /* I use straightforward code. The compiler should be able to do a
+ better job on optimization than me and it is easier to read. */
+ for (s = data; datalen >= 5; s += 5, datalen -= 5)
{
- rc = dn_skipname (p, pend);
- if (rc == -1)
- return NULL;
- p += rc + QFIXEDSZ;
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ];
+ *d++ = zb32asc[((s[3] & 127) >> 2) ];
+ *d++ = zb32asc[((s[3] & 3) << 3) | (s[4] >> 5) ];
+ *d++ = zb32asc[((s[4] & 31) ) ];
}
- if (ancount > 1)
- return NULL; /* more than one possible gpg trustdns record - none used. */
-
- while (ancount-- && p <= pend)
+ switch (datalen)
{
- unsigned int type, class, txtlen, n;
- char *buffer, *bufp;
-
- rc = dn_skipname (p, pend);
- if (rc == -1)
- return NULL;
- p += rc;
- if (p >= pend - 10)
- return NULL; /* RR too short. */
-
- type = *p++ << 8;
- type |= *p++;
- class = *p++ << 8;
- class |= *p++;
- p += 4;
- txtlen = *p++ << 8;
- txtlen |= *p++;
- if (type != T_TXT || class != C_IN)
- return NULL; /* Answer does not match the query. */
-
- buffer = bufp = xmalloc (txtlen + 1);
- while (txtlen && p < pend)
- {
- for (n = *p++, txtlen--; txtlen && n && p < pend; txtlen--, n--)
- *bufp++ = *p++;
- }
- *bufp = 0;
- if (parse_txt_record (buffer, fpr))
- {
- xfree (buffer);
- return NULL; /* Not a valid gpg trustdns RR. */
- }
- return buffer;
+ case 4:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ];
+ *d++ = zb32asc[((s[3] & 127) >> 2) ];
+ *d++ = zb32asc[((s[3] & 3) << 3) ];
+ break;
+ case 3:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) ];
+ break;
+ case 2:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) ];
+ break;
+ case 1:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) ];
+ break;
+ default:
+ break;
}
+ *d = 0;
- return NULL;
+ /* Need to strip some bytes if not a multiple of 40. */
+ output[(databits + 5 - 1) / 5] = 0;
+ return output;
}
-#else /* !USE_DNS_PKA */
-/* Dummy version of the function if we can't use the resolver
- functions. */
-char *
-get_pka_info (const char *address, unsigned char *fpr)
-{
- return NULL;
-}
-#endif /* !USE_DNS_PKA */
-#ifdef TEST
-int
-main(int argc,char *argv[])
-{
- unsigned char fpr[20];
- char *uri;
- int i;
+/* For the given email ADDRESS lookup the PKA information in the DNS.
- if (argc < 2)
- {
- fprintf (stderr, "usage: pka mail-addresses\n");
- return 1;
- }
- argc--;
- argv++;
+ On success the fingerprint is stored at FPRBUF and the URI will be
+ returned in an allocated buffer. Note that the URI might be a zero
+ length string as this information is optional. Caller must xfree
+ the returned string. FPRBUFLEN gives the size of the expected
+ fingerprint (usually 20).
- for (; argc; argc--, argv++)
+ On error NULL is returned and the 20 bytes at FPR are not
+ defined. */
+char *
+get_pka_info (const char *address, void *fprbuf, size_t fprbuflen)
+{
+ char *result = NULL;
+ char *mbox;
+ char *domain; /* Points to mbox. */
+ char hashbuf[20];
+ char *hash = NULL;
+ char *name = NULL;
+ unsigned char *fpr = NULL;
+ size_t fpr_len;
+ char *url = NULL;
+
+ mbox = mailbox_from_userid (address);
+ if (!mbox)
+ goto leave;
+ domain = strchr (mbox, '@');
+ if (!domain)
+ goto leave;
+ *domain++ = 0;
+
+ sha1_hash_buffer (hashbuf, mbox, strlen (mbox));
+ hash = zb32_encode (hashbuf, 8*20);
+ if (!hash)
+ goto leave;
+ name = strconcat (hash, "._pka.", domain, NULL);
+ if (!name)
+ goto leave;
+ if (get_cert (name, 1, 16384, NULL, &fpr, &fpr_len, &url))
+ goto leave;
+ if (!fpr)
+ goto leave;
+
+ /* Return the fingerprint. */
+ if (fpr_len != fprbuflen)
{
- uri = get_pka_info ( *argv, fpr );
- printf ("%s", *argv);
- if (uri)
- {
- putchar (' ');
- for (i=0; i < 20; i++)
- printf ("%02X", fpr[i]);
- if (*uri)
- printf (" %s", uri);
- xfree (uri);
- }
- putchar ('\n');
+ /* fprintf (stderr, "get_dns_cert failed: fprlen (%zu/%zu)\n", */
+ /* fpr_len, fprbuflen); */
+ goto leave;
}
- return 0;
+ memcpy (fprbuf, fpr, fpr_len);
+ /* We return the URL or an empty string. */
+ if (!url)
+ url = xcalloc (1, 1);
+ result = url;
+ url = NULL;
+
+ leave:
+ xfree (fpr);
+ xfree (url);
+ xfree (name);
+ xfree (hash);
+ xfree (mbox);
+ return result;
}
-#endif /* TEST */
-
-/*
-Local Variables:
-compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv libutil.a"
-End:
-*/
diff --git a/util/strgutil.c b/util/strgutil.c
index 620fb33..3d45405 100644
--- a/util/strgutil.c
+++ b/util/strgutil.c
@@ -1297,6 +1297,18 @@ ascii_memcasecmp( const char *a, const char *b, size_t n )
return 0;
}
+/* Lowercase all ASCII characters in S. */
+char *
+ascii_strlwr (char *s)
+{
+ char *p;
+
+ for (p = s; *p; p++ )
+ if (isascii (*p) && *p >= 'A' && *p <= 'Z')
+ *p |= 0x20;
+
+ return s;
+}
/*********************************************
commit 240451a26e3e1fdabe0451a33f8918d4adfa852b
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 26 16:08:02 2015 +0100
Move two functions from g10/ to util/.
* g10/misc.c (has_invalid_email_chars, is_valid_mailbox): Move to ...
* util/strgutil.c: here.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/main.h b/g10/main.h
index 05b60bb..dbc8d8f 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -125,8 +125,6 @@ char *argsplit(char *string);
int parse_options(char *str,unsigned int *options,
struct parse_options *opts,int noisy);
char *unescape_percent_string (const unsigned char *s);
-int has_invalid_email_chars (const char *s);
-int is_valid_mailbox (const char *name);
char *default_homedir (void);
const char *get_libexecdir (void);
int path_access(const char *file,int mode);
diff --git a/g10/misc.c b/g10/misc.c
index 2c5c6cc..2b38a8f 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1141,54 +1141,6 @@ unescape_percent_string (const unsigned char *s)
}
-/* Check whether the string has characters not valid in an RFC-822
- address. To cope with OpenPGP we ignore non-ascii characters
- so that for example umlauts are legal in an email address. An
- OpenPGP user ID must be utf-8 encoded but there is no strict
- requirement for RFC-822. Thus to avoid IDNA encoding we put the
- address verbatim as utf-8 into the user ID under the assumption
- that mail programs handle IDNA at a lower level and take OpenPGP
- user IDs as utf-8. Note that we can't do an utf-8 encoding
- checking here because in keygen.c this function is called with the
- native encoding and native to utf-8 encoding is only done later. */
-int
-has_invalid_email_chars (const char *s)
-{
- int at_seen=0;
- const char *valid_chars=
- "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-
- for ( ; *s; s++ )
- {
- if ( *s & 0x80 )
- continue; /* We only care about ASCII. */
- if ( *s == '@' )
- at_seen=1;
- else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) )
- return 1;
- else if ( at_seen && !strchr( valid_chars, *s ) )
- return 1;
- }
- return 0;
-}
-
-
-/* Check whether NAME represents a valid mailbox according to
- RFC822. Returns true if so. */
-int
-is_valid_mailbox (const char *name)
-{
- return !( !name
- || !*name
- || has_invalid_email_chars (name)
- || string_count_chr (name,'@') != 1
- || *name == '@'
- || name[strlen(name)-1] == '@'
- || name[strlen(name)-1] == '.'
- || strstr (name, "..") );
-}
-
-
/* This is a helper function to load a Windows function from either of
one DLLs. */
#ifdef HAVE_W32_SYSTEM
diff --git a/util/strgutil.c b/util/strgutil.c
index 402881a..620fb33 100644
--- a/util/strgutil.c
+++ b/util/strgutil.c
@@ -455,6 +455,56 @@ string_count_chr( const char *string, int c )
return count;
}
+
+/* Check whether the string has characters not valid in an RFC-822
+ address. To cope with OpenPGP we ignore non-ascii characters
+ so that for example umlauts are legal in an email address. An
+ OpenPGP user ID must be utf-8 encoded but there is no strict
+ requirement for RFC-822. Thus to avoid IDNA encoding we put the
+ address verbatim as utf-8 into the user ID under the assumption
+ that mail programs handle IDNA at a lower level and take OpenPGP
+ user IDs as utf-8. Note that we can't do an utf-8 encoding
+ checking here because in keygen.c this function is called with the
+ native encoding and native to utf-8 encoding is only done later. */
+int
+has_invalid_email_chars (const char *s)
+{
+ int at_seen=0;
+ const char *valid_chars=
+ "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+ for ( ; *s; s++ )
+ {
+ if ( *s & 0x80 )
+ continue; /* We only care about ASCII. */
+ if ( *s == '@' )
+ at_seen=1;
+ else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) )
+ return 1;
+ else if ( at_seen && !strchr( valid_chars, *s ) )
+ return 1;
+ }
+ return 0;
+}
+
+
+/* Check whether NAME represents a valid mailbox according t
+ RFC822. Returns true if so. */
+int
+is_valid_mailbox (const char *name)
+{
+ return !( !name
+ || !*name
+ || has_invalid_email_chars (name)
+ || string_count_chr (name,'@') != 1
+ || *name == '@'
+ || name[strlen(name)-1] == '@'
+ || name[strlen(name)-1] == '.'
+ || strstr (name, "..") );
+}
+
+
+
#ifdef USE_GNUPG_ICONV
static void
handle_iconv_error (const char *to, const char *from, int use_fallback)
commit 484d0730582a57808333e6af58d51c471f2b125a
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 26 16:05:19 2015 +0100
Add new function strconcat.
* include/util.h (GNUPG_GCC_A_SENTINEL): New.
* util/strgutil.c (do_strconcat, strconcat): New.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/include/util.h b/include/util.h
index 355dd0c..4cc5801 100644
--- a/include/util.h
+++ b/include/util.h
@@ -28,6 +28,14 @@
#include "mpi.h"
#include "compat.h"
+/* GCC attributes. */
+#if __GNUC__ >= 4
+# define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a)))
+#else
+# define GNUPG_GCC_A_SENTINEL(a)
+#endif
+
+
typedef struct {
int *argc; /* pointer to argc (value subject to change) */
char ***argv; /* pointer to argv (value subject to change) */
@@ -177,6 +185,8 @@ unsigned int check_trailing_chars( const byte *line, unsigned int len,
const char *trimchars );
unsigned int check_trailing_ws( const byte *line, unsigned int len );
int string_count_chr( const char *string, int c );
+int has_invalid_email_chars (const char *s);
+int is_valid_mailbox (const char *name);
int set_native_charset( const char *newset );
const char* get_native_charset(void);
char *native_to_utf8( const char *string );
@@ -238,7 +248,7 @@ int write_w32_registry_string(const char *root, const char *dir,
char *xasprintf (const char *fmt, ...);
char *xtryasprintf (const char *fmt, ...);
char *xtryvasprintf (const char *fmt, va_list arg_ptr);
-
+char *strconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0);
/*-- pka.c --*/
char *get_pka_info (const char *address, unsigned char *fpr);
diff --git a/util/strgutil.c b/util/strgutil.c
index 91e20f2..402881a 100644
--- a/util/strgutil.c
+++ b/util/strgutil.c
@@ -112,7 +112,7 @@ static int use_iconv = 0;
#ifdef _WIN32
typedef void* iconv_t;
#ifndef ICONV_CONST
-#define ICONV_CONST const
+#define ICONV_CONST const
#endif
iconv_t (* __stdcall iconv_open) (const char *tocode, const char *fromcode);
@@ -126,25 +126,25 @@ int (* __stdcall iconv_close) (iconv_t cd);
#ifdef _WIN32
-static int
+static int
load_libiconv (void)
{
static int done;
-
+
if (!done)
{
void *handle;
done = 1; /* Do it right now because we might get called recursivly
through gettext. */
-
+
handle = dlopen ("iconv.dll", RTLD_LAZY);
if (handle)
{
iconv_open = dlsym (handle, "libiconv_open");
if (iconv_open)
iconv = dlsym (handle, "libiconv");
- if (iconv)
+ if (iconv)
iconv_close = dlsym (handle, "libiconv_close");
}
if (!handle || !iconv_close)
@@ -161,7 +161,7 @@ load_libiconv (void)
}
}
return iconv_open? 0: -1;
-}
+}
#endif /* _WIN32 */
@@ -625,7 +625,7 @@ set_native_charset( const char *newset )
#ifdef _WIN32
if (load_libiconv ())
return G10ERR_GENERAL;
-#endif /*_WIN32*/
+#endif /*_WIN32*/
cd = iconv_open (full_newset, "utf-8");
if (cd == (iconv_t)-1) {
@@ -641,7 +641,7 @@ set_native_charset( const char *newset )
iconv_close (cd);
active_charset_name = full_newset;
no_translation = 0;
- active_charset = NULL;
+ active_charset = NULL;
use_iconv = 1;
}
#else /*!USE_GNUPG_ICONV*/
@@ -680,15 +680,15 @@ native_to_utf8( const char *string )
char *buffer;
byte *p;
size_t length=0;
-
+
if (no_translation)
{ /* Already utf-8 encoded. */
buffer = xstrdup (string);
}
else if( !active_charset && !use_iconv) /* Shortcut implementation
for Latin-1. */
- {
- for(s=string; *s; s++ )
+ {
+ for(s=string; *s; s++ )
{
length++;
if( *s & 0x80 )
@@ -708,13 +708,13 @@ native_to_utf8( const char *string )
*p = 0;
}
else /* Need to use a translation table. */
- {
+ {
#ifdef USE_GNUPG_ICONV
iconv_t cd;
const char *inptr;
char *outptr;
size_t inbytes, outbytes;
-
+
cd = iconv_open ("utf-8", active_charset_name);
if (cd == (iconv_t)-1)
{
@@ -722,7 +722,7 @@ native_to_utf8( const char *string )
return native_to_utf8 (string);
}
- for (s=string; *s; s++ )
+ for (s=string; *s; s++ )
{
length++;
if ((*s & 0x80))
@@ -756,7 +756,7 @@ native_to_utf8( const char *string )
iconv_close (cd);
#else /*!USE_GNUPG_ICONV*/
- for(s=string; *s; s++ )
+ for(s=string; *s; s++ )
{
length++;
if( *s & 0x80 )
@@ -791,7 +791,7 @@ native_to_utf8( const char *string )
* Convert string, which is in UTF8 to native encoding. illegal
* encodings by some "\xnn" and quote all control characters. A
* character with value DELIM will always be quoted, it must be a
- * vanilla ASCII character. A DELIM value of -1 is special: it disables
+ * vanilla ASCII character. A DELIM value of -1 is special: it disables
* all quoting of control characters.
*/
char *
@@ -826,7 +826,7 @@ utf8_to_native( const char *string, size_t length, int delim )
}
if( !nleft ) {
if( !(*s & 0x80) ) { /* plain ascii */
- if( delim != -1
+ if( delim != -1
&& (*s < 0x20 || *s == 0x7f || *s == delim
|| (delim && *s=='\\'))) {
n++;
@@ -993,7 +993,7 @@ utf8_to_native( const char *string, size_t length, int delim )
const char *inptr;
char *outbuf, *outptr;
size_t inbytes, outbytes;
-
+
*p = 0; /* Terminate the buffer. */
cd = iconv_open (active_charset_name, "utf-8");
@@ -1010,13 +1010,13 @@ utf8_to_native( const char *string, size_t length, int delim )
inbytes = n - 1;;
inptr = buffer;
outbytes = n * MB_LEN_MAX;
- if (outbytes / MB_LEN_MAX != n)
+ if (outbytes / MB_LEN_MAX != n)
BUG (); /* Actually an overflow. */
outbuf = outptr = xmalloc (outbytes);
if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes,
&outptr, &outbytes) == (size_t)-1) {
static int shown;
-
+
if (!shown)
log_info (_("conversion from `%s' to `%s' failed: %s\n"),
"utf-8", active_charset_name, strerror (errno));
@@ -1057,10 +1057,10 @@ char *
string_to_utf8 (const char *string)
{
const char *s;
-
+
if (!string)
return NULL;
-
+
/* Due to a bug in old and not so old PGP versions user IDs have
been copied verbatim into the key. Thus many users with Umlauts
et al. in their name will see their names garbled. Although this
@@ -1076,7 +1076,7 @@ string_to_utf8 (const char *string)
|| ((*s & 0xf8) == 0xf0)
|| ((*s & 0xfc) == 0xf8)
|| ((*s & 0xfe) == 0xfc)) )
- {
+ {
/* Possible utf-8 character followed by continuation byte.
Although this might still be Latin-1 we better assume that it
is valid utf-8. */
@@ -1089,7 +1089,7 @@ string_to_utf8 (const char *string)
/* No 0xC3 character in the string; assume that it is Latin-1. */
- for(s=string; *s; s++ )
+ for(s=string; *s; s++ )
{
length++;
if( *s & 0x80 )
@@ -1166,6 +1166,59 @@ xtryvasprintf (const char *fmt, va_list arg_ptr)
}
+static char *
+do_strconcat (const char *s1, va_list arg_ptr)
+{
+ const char *argv[48];
+ size_t argc;
+ size_t needed;
+ char *buffer, *p;
+
+ argc = 0;
+ argv[argc++] = s1;
+ needed = strlen (s1);
+ while (((argv[argc] = va_arg (arg_ptr, const char *))))
+ {
+ needed += strlen (argv[argc]);
+ if (argc >= DIM (argv)-1)
+ {
+ errno = EINVAL;
+ return NULL;
+ }
+ argc++;
+ }
+ needed++;
+ buffer = xtrymalloc (needed);
+ if (buffer)
+ {
+ for (p = buffer, argc=0; argv[argc]; argc++)
+ p = stpcpy (p, argv[argc]);
+ }
+ return buffer;
+}
+
+
+/* Concatenate the string S1 with all the following strings up to a
+ NULL. Returns a malloced buffer with the new string or NULL on a
+ malloc error or if too many arguments are given. */
+char *
+strconcat (const char *s1, ...)
+{
+ va_list arg_ptr;
+ char *result;
+
+ if (!s1)
+ result = xtrystrdup ("");
+ else
+ {
+ va_start (arg_ptr, s1);
+ result = do_strconcat (s1, arg_ptr);
+ va_end (arg_ptr);
+ }
+ return result;
+}
+
+
/****************************************************
******** locale insensitive ctype functions ********
****************************************************/
@@ -1258,13 +1311,13 @@ w32_strerror (int w32_errno)
{
static char strerr[256];
int ec = (int)GetLastError ();
-
+
if (w32_errno == 0)
w32_errno = ec;
FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, NULL, w32_errno,
MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT),
strerr, DIM (strerr)-1, NULL);
- return strerr;
+ return strerr;
}
#endif /*_WIN32*/
commit 2e7a3ed39007deb561a9175f7fccd52946c85d28
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 26 15:35:49 2015 +0100
Add convenience function to hash a buffer.
* cipher/sha1.c (sha1_hash_buffer): New.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/cipher/sha1.c b/cipher/sha1.c
index 309b386..898a9a1 100644
--- a/cipher/sha1.c
+++ b/cipher/sha1.c
@@ -52,7 +52,7 @@ static void
burn_stack (int bytes)
{
char buf[128];
-
+
wipememory(buf,sizeof buf);
bytes -= sizeof buf;
if (bytes > 0)
@@ -323,6 +323,23 @@ sha1_read( SHA1_CONTEXT *hd )
return hd->buf;
}
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+sha1_hash_buffer (char *outbuf, const char *buffer, size_t length)
+{
+ SHA1_CONTEXT hd;
+
+ sha1_init (&hd);
+ sha1_write (&hd, (byte*)buffer, length);
+ sha1_final (&hd);
+ memcpy (outbuf, hd.buf, 20);
+}
+
+
/****************
* Return some information about the algorithm. We need algo here to
* distinguish different flavors of the algorithm.
diff --git a/include/cipher.h b/include/cipher.h
index dcc3045..dd4af18 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -157,6 +157,7 @@ void md_stop_debug( MD_HANDLE a );
} while(0)
void rmd160_hash_buffer (char *outbuf, const char *buffer, size_t length);
+void sha1_hash_buffer (char *outbuf, const char *buffer, size_t length);
/*-- cipher.c --*/
commit d2323ce6fdceeba9765f23a1d5b5e4cb127d99ed
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 26 15:17:56 2015 +0100
Allow requesting only an IPGP certtype with dns_cert().
* util/cert.c (get_cert): Add arg want_ipgp. Change callers.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keyserver.c b/g10/keyserver.c
index d1ddc99..568a7fa 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -2164,7 +2164,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
if(domain)
*domain='.';
- type=get_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
+ type = get_cert (look, 0, max_cert_size, &key, fpr, fpr_len, &url);
if(type==1)
{
int armor_status=opt.no_armor;
diff --git a/include/util.h b/include/util.h
index 0eb6281..355dd0c 100644
--- a/include/util.h
+++ b/include/util.h
@@ -244,8 +244,8 @@ char *xtryvasprintf (const char *fmt, va_list arg_ptr);
char *get_pka_info (const char *address, unsigned char *fpr);
/*-- cert.c --*/
-int get_cert(const char *name,size_t max_size,IOBUF *iobuf,
- unsigned char **fpr,size_t *fpr_len,char **url);
+int get_cert (const char *name, int want_ipgp, size_t max_size, IOBUF *iobuf,
+ unsigned char **fpr,size_t *fpr_len,char **url);
/*-- convert.c --*/
int hex2bin (const char *string, void *buffer, size_t length);
diff --git a/util/cert.c b/util/cert.c
index 0eaead5..7c5e9cf 100644
--- a/util/cert.c
+++ b/util/cert.c
@@ -48,8 +48,8 @@
/* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for
IPGP provided. */
int
-get_cert(const char *name,size_t max_size,IOBUF *iobuf,
- unsigned char **fpr,size_t *fpr_len,char **url)
+get_cert (const char *name, int want_ipgp, size_t max_size,IOBUF *iobuf,
+ unsigned char **fpr, size_t *fpr_len, char **url)
{
unsigned char *answer;
int r,ret=-1;
@@ -140,7 +140,9 @@ get_cert(const char *name,size_t max_size,IOBUF *iobuf,
/* 15 bytes takes us to here */
- if(ctype==3 && iobuf && dlen)
+ if (want_ipgp && ctype != 6)
+ ; /* Skip non IPGP cert records. */
+ else if (ctype==3 && iobuf && dlen)
{
/* PGP type */
*iobuf=iobuf_temp_with_content((char *)pt,dlen);
@@ -216,7 +218,7 @@ main(int argc,char *argv[])
printf("CERT lookup on %s\n",argv[1]);
- rc=get_cert(argv[1],16384,&iobuf,&fpr,&fpr_len,&url);
+ rc=get_cert (argv[1], 0, 16384, &iobuf, &fpr, &fpr_len, &url);
if(rc==-1)
printf("error\n");
else if(rc==0)
commit 0d286a11c857a8f84b084b6f4e8a38737adca034
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 26 15:06:00 2015 +0100
doc: Fix name of keep-ownertrust.
--
Reported-by: Guilhem Moulin <guilhem at fripost.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index d311732..2797fff 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1903,7 +1903,7 @@ opposite meaning. The options are:
generally useful unless a shared keyring scheme is being used.
Defaults to no.
- @item import-keep-ownertrust
+ @item keep-ownertrust
Normally possible still existing ownertrust values of a key are
cleared if a key is imported. This is in general desirable so that
a formerly deleted key does not automatically gain an ownertrust
-----------------------------------------------------------------------
Summary of changes:
cipher/sha1.c | 19 ++-
configure.ac | 12 +-
doc/gpg.texi | 2 +-
g10/getkey.c | 2 -
g10/keyserver.c | 15 ++-
g10/main.h | 2 -
g10/mainproc.c | 3 +-
g10/misc.c | 48 -------
include/cipher.h | 1 +
include/util.h | 19 ++-
util/cert.c | 10 +-
util/pka.c | 405 +++++++++++++++++++++++++++----------------------------
util/strgutil.c | 167 +++++++++++++++++++----
13 files changed, 395 insertions(+), 310 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list