[git] GnuPG - branch, master, updated. gnupg-2.2.7-197-g3da8357

by Werner Koch cvs at cvs.gnupg.org
Wed Aug 29 09:45:18 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  3da835713fb6220112d988e1953f3d84beabbf6a (commit)
      from  7f172404bfcf719b9b1af4a182d4803525ebff7c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3da835713fb6220112d988e1953f3d84beabbf6a
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 29 09:36:09 2018 +0200

    gpg: New option --known-notation.
    
    * g10/gpg.c (oKnownNotation): New const.
    (opts): Add option --known-notation.
    (main): Set option.
    * g10/parse-packet.c (known_notations_list): New local var.
    (register_known_notation): New.
    (can_handle_critical_notation): Rewrite to handle the new feature.
    Also print the name of unknown notations in verbose mode.
    --
    
    GnuPG-bug-id: 4060
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 7c27fba..6df8d4c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2970,6 +2970,13 @@ smartcard, and "%%" results in a single "%". %k, %K, and %f are only
 meaningful when making a key signature (certification), and %c is only
 meaningful when using the OpenPGP smartcard.
 
+ at item --known-notation @var{name}
+ at opindex known-notation
+Adds @var{name} to a list of known critical signature notations.  The
+effect of this is that gpg will not mark a signature with a critical
+signature notation of that name as bad.  Note that gpg already knows
+by default about a few critical signatures notation names.
+
 @item --sig-policy-url @var{string}
 @itemx --cert-policy-url @var{string}
 @itemx --set-policy-url @var{string}
diff --git a/g10/gpg.c b/g10/gpg.c
index 36af918..f04a340 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -110,6 +110,7 @@ enum cmd_and_opt_values
     oCertNotation,
     oShowNotation,
     oNoShowNotation,
+    oKnownNotation,
     aEncrFiles,
     aEncrSym,
     aDecryptFiles,
@@ -682,6 +683,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oSetNotation,  "set-notation", "@"),
   ARGPARSE_s_s (oSigNotation,  "sig-notation", "@"),
   ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
+  ARGPARSE_s_s (oKnownNotation, "known-notation", "@"),
 
   ARGPARSE_group (302, N_(
   "@\n(See the man page for a complete listing of all commands and options)\n"
@@ -3365,6 +3367,7 @@ main (int argc, char **argv)
 	    break;
 	  case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
 	  case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
+          case oKnownNotation: register_known_notation (pargs.r.ret_str); break;
 	  case oShowNotation:
 	    deprecated_warning(configname,configlineno,"--show-notation",
 			       "--list-options ","show-notations");
diff --git a/g10/packet.h b/g10/packet.h
index 3f87294..6e1438b 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -636,6 +636,9 @@ char *issuer_fpr_string (PKT_signature *sig);
 
 /*-- parse-packet.c --*/
 
+
+void register_known_notation (const char *string);
+
 /* Sets the packet list mode to MODE (i.e., whether we are dumping a
    packet or not).  Returns the current mode.  This allows for
    temporarily suspending dumping by doing the following:
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 0fa8be6..92c6529 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -43,11 +43,15 @@
 #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
 #define MAX_ATTR_PACKET_LENGTH    ( 16 * 1024*1024)
 
-
 static int mpi_print_mode;
 static int list_mode;
 static estream_t listfp;
 
+/* A linked list of known notation names.  Note that the FLAG is used
+ * to store the length of the name to speed up the check.  */
+static strlist_t known_notations_list;
+
+
 static int parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts,
 		  off_t * retpos, int *skip, IOBUF out, int do_skip
 #if DEBUG_PARSE_PACKET
@@ -189,6 +193,36 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
 }
 
 
+/* Register STRING as a known critical notation name.  */
+void
+register_known_notation (const char *string)
+{
+  strlist_t sl;
+
+  if (!known_notations_list)
+    {
+      sl = add_to_strlist (&known_notations_list,
+                           "preferred-email-encoding at pgp.com");
+      sl->flags = 32;
+      sl = add_to_strlist (&known_notations_list, "pka-address at gnupg.org");
+      sl->flags = 21;
+    }
+  if (!string)
+    return; /* Only initialized the default known notations.  */
+
+  /* In --set-notation we use an exclamation mark to indicate a
+   * critical notation.  As a convenience skip this here.  */
+  if (*string == '!')
+    string++;
+
+  if (!*string || strlist_find (known_notations_list, string))
+    return; /* Empty string or already registered.  */
+
+  sl = add_to_strlist (&known_notations_list, string);
+  sl->flags = strlen (string);
+}
+
+
 int
 set_packet_list_mode (int mode)
 {
@@ -1640,14 +1674,24 @@ parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
 
 /* Return true if we understand the critical notation.  */
 static int
-can_handle_critical_notation (const byte * name, size_t len)
+can_handle_critical_notation (const byte *name, size_t len)
 {
-  if (len == 32 && memcmp (name, "preferred-email-encoding at pgp.com", 32) == 0)
-    return 1;
-  if (len == 21 && memcmp (name, "pka-address at gnupg.org", 21) == 0)
-    return 1;
+  strlist_t sl;
 
-  return 0;
+  register_known_notation (NULL); /* Make sure it is initialized.  */
+
+  for (sl = known_notations_list; sl; sl = sl->next)
+    if (sl->flags == len && !memcmp (sl->d, name, len))
+      return 1; /* Known */
+
+  if (opt.verbose)
+    {
+      log_info(_("Unknown critical signature notation: ") );
+      print_utf8_buffer (log_get_stream(), name, len);
+      log_printf ("\n");
+    }
+
+  return 0; /* Unknown.  */
 }
 
 

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi       |  7 +++++++
 g10/gpg.c          |  3 +++
 g10/packet.h       |  3 +++
 g10/parse-packet.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++-------
 4 files changed, 64 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list