Forward port to the latest version of Sequoia.
authorNeal H. Walfield <neal@pep.foundation>
Wed, 17 Jun 2020 12:46:06 +0200
changeset 474674d6fb83a391
parent 4739 af9cd85a4a74
child 4752 d86aedba2d52
Forward port to the latest version of Sequoia.

- This forward ports the engines to Sequoia commit
42b09660c73e0a957ec0d46c86313c68320b0c85.
src/pgp_sequoia.c
     1.1 --- a/src/pgp_sequoia.c	Mon Jun 15 12:00:01 2020 +0200
     1.2 +++ b/src/pgp_sequoia.c	Wed Jun 17 12:46:06 2020 +0200
     1.3 @@ -820,7 +820,9 @@
     1.4      size_t curr_buffer_len = 0;
     1.5      int tried_commit = 0;
     1.6      pgp_cert_key_iter_t key_iter = NULL;
     1.7 -    pgp_user_id_bundle_iter_t user_id_iter = NULL;
     1.8 +    pgp_cert_valid_user_id_iter_t ua_iter = NULL;
     1.9 +    pgp_valid_user_id_amalgamation_t ua = NULL;
    1.10 +    pgp_packet_t user_id = NULL;
    1.11      char *email = NULL;
    1.12      char *name = NULL;
    1.13      
    1.14 @@ -926,18 +928,17 @@
    1.15  
    1.16      // Insert the "userids".
    1.17      stmt = session->sq_sql.cert_save_insert_userids;
    1.18 -    user_id_iter = pgp_cert_user_id_bundle_iter(cert);
    1.19 -    pgp_user_id_bundle_t bundle;
    1.20 +    ua_iter = pgp_cert_valid_user_id_iter(cert, session->policy, 0);
    1.21      int first = 1;
    1.22 -    while ((bundle = pgp_user_id_bundle_iter_next(user_id_iter))) {
    1.23 -        char *user_id_value = pgp_user_id_bundle_user_id(bundle);
    1.24 -        if (!user_id_value || !*user_id_value)
    1.25 -            continue;
    1.26 -
    1.27 -        // Ignore user ids with a self-revocation certificate, but no
    1.28 -        // self-signature.
    1.29 -        if (!pgp_user_id_bundle_selfsig(bundle, session->policy)) {
    1.30 -            free(user_id_value);
    1.31 +    while ((ua = pgp_cert_valid_user_id_iter_next(ua_iter))) {
    1.32 +        user_id = pgp_valid_user_id_amalgamation_user_id(ua);
    1.33 +
    1.34 +        const uint8_t *user_id_value = pgp_user_id_value(user_id, NULL);
    1.35 +        if (!user_id_value || !*user_id_value) {
    1.36 +            pgp_packet_free (user_id);
    1.37 +            user_id = NULL;
    1.38 +            pgp_valid_user_id_amalgamation_free(ua);
    1.39 +            ua = NULL;
    1.40              continue;
    1.41          }
    1.42  
    1.43 @@ -946,16 +947,13 @@
    1.44          free(email);
    1.45          email = NULL;
    1.46  
    1.47 -        pgp_packet_t userid = pgp_user_id_new(user_id_value);
    1.48 -        pgp_user_id_name(NULL, userid, &name);
    1.49 +        pgp_user_id_name(NULL, user_id, &name);
    1.50          // Try to get the normalized address.
    1.51 -        pgp_user_id_email_normalized(NULL, userid, &email);
    1.52 +        pgp_user_id_email_normalized(NULL, user_id, &email);
    1.53          if (! email)
    1.54              // Ok, it's not a proper RFC 2822 name-addr.  Perhaps it
    1.55              // is a URI.
    1.56 -            pgp_user_id_uri(NULL, userid, &email);
    1.57 -        pgp_packet_free(userid);
    1.58 -        free(user_id_value);
    1.59 +            pgp_user_id_uri(NULL, user_id, &email);
    1.60  
    1.61          if (email) {
    1.62              T("  userid: %s", email);
    1.63 @@ -967,7 +965,6 @@
    1.64              sqlite3_reset(stmt);
    1.65  
    1.66              if (sqlite_result != SQLITE_DONE) {
    1.67 -                pgp_user_id_bundle_iter_free(user_id_iter);
    1.68                  ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
    1.69                            "Updating userids: %s", sqlite3_errmsg(session->key_db));
    1.70              }
    1.71 @@ -986,9 +983,11 @@
    1.72                  ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "identity_list_add");
    1.73          }
    1.74  
    1.75 +        pgp_packet_free (user_id);
    1.76 +        user_id = NULL;
    1.77 +        pgp_valid_user_id_amalgamation_free(ua);
    1.78 +        ua = NULL;
    1.79      }
    1.80 -    pgp_user_id_bundle_iter_free(user_id_iter);
    1.81 -    user_id_iter = NULL;
    1.82  
    1.83   out:
    1.84      // Prevent ERROR_OUT from causing an infinite loop.
    1.85 @@ -1013,7 +1012,9 @@
    1.86  
    1.87      free(email);
    1.88      free(name);
    1.89 -    pgp_user_id_bundle_iter_free(user_id_iter);
    1.90 +    pgp_packet_free(user_id);
    1.91 +    pgp_valid_user_id_amalgamation_free(ua);
    1.92 +    pgp_cert_valid_user_id_iter_free(ua_iter);
    1.93      pgp_cert_key_iter_free(key_iter);
    1.94      if (stmt)
    1.95          sqlite3_reset(stmt);
    1.96 @@ -1169,9 +1170,8 @@
    1.97          }
    1.98  
    1.99          sk = pgp_session_key_from_bytes (session_key, session_key_len);
   1.100 -        pgp_status_t status;
   1.101 -        if ((status = decrypt (decrypt_cookie, algo, sk))) {
   1.102 -            DUMP_STATUS(status, PEP_UNKNOWN_ERROR, "decrypt_cb");
   1.103 +        if (! decrypt (decrypt_cookie, algo, sk)) {
   1.104 +            DUMP_STATUS(PGP_STATUS_UNKNOWN_ERROR, PEP_CANNOT_DECRYPT_UNKNOWN, "decrypt_cb");
   1.105              goto eol;
   1.106          }
   1.107  
   1.108 @@ -1242,9 +1242,8 @@
   1.109  
   1.110                  pgp_session_key_t sk = pgp_session_key_from_bytes (session_key,
   1.111                                                                     session_key_len);
   1.112 -                pgp_status_t status;
   1.113 -                if ((status = decrypt (decrypt_cookie, algo, sk))) {
   1.114 -                    DUMP_STATUS(status, PEP_UNKNOWN_ERROR, "decrypt_cb");
   1.115 +                if (! decrypt (decrypt_cookie, algo, sk)) {
   1.116 +                    DUMP_STATUS(PGP_STATUS_UNKNOWN_ERROR, PEP_CANNOT_DECRYPT_UNKNOWN, "decrypt_cb");
   1.117                      goto eol2;
   1.118                  }
   1.119  
   1.120 @@ -1284,7 +1283,7 @@
   1.121      struct decrypt_cookie *cookie = cookie_opaque;
   1.122  
   1.123      pgp_message_structure_iter_t iter
   1.124 -        = pgp_message_structure_iter (structure);
   1.125 +        = pgp_message_structure_into_iter (structure);
   1.126      for (pgp_message_layer_t layer = pgp_message_structure_iter_next (iter);
   1.127           layer;
   1.128           layer = pgp_message_structure_iter_next (iter)) {
   1.129 @@ -1418,7 +1417,7 @@
   1.130                          cookie->revoked_key ++;
   1.131                      } else {
   1.132                          pgp_revocation_status_free (rs);
   1.133 -                        rs = pgp_cert_revoked (cert, cookie->session->policy, 0);
   1.134 +                        rs = pgp_cert_revocation_status (cert, cookie->session->policy, 0);
   1.135                          if (pgp_revocation_status_variant(rs)
   1.136                              == PGP_REVOCATION_STATUS_REVOKED) {
   1.137                              // Cert is revoked.
   1.138 @@ -1492,7 +1491,6 @@
   1.139      }
   1.140  
   1.141      pgp_message_structure_iter_free (iter);
   1.142 -    pgp_message_structure_free (structure);
   1.143  
   1.144      return PGP_STATUS_SUCCESS;
   1.145  }
   1.146 @@ -1642,7 +1640,6 @@
   1.147      struct decrypt_cookie cookie = { session, 0, NULL, NULL, 0, 0, 0, };
   1.148      pgp_reader_t reader = NULL;
   1.149      pgp_reader_t dsig_reader = NULL;
   1.150 -    pgp_reader_t verifier = NULL;
   1.151  
   1.152      if (size == 0 || sig_size == 0)
   1.153          return PEP_DECRYPT_WRONG_FORMAT;
   1.154 @@ -1693,21 +1690,36 @@
   1.155              ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating signature reader");
   1.156      }
   1.157  
   1.158 -    if (dsig_reader)
   1.159 -        verifier = pgp_detached_verifier_new(&err, session->policy,
   1.160 -                                             dsig_reader, reader,
   1.161 -                                             get_public_keys_cb,
   1.162 -                                             check_signatures_cb,
   1.163 -                                             &cookie, 0);
   1.164 -    else
   1.165 +    if (dsig_reader) {
   1.166 +        pgp_detached_verifier_t verifier
   1.167 +            = pgp_detached_verifier_new(&err, session->policy,
   1.168 +                                        dsig_reader,
   1.169 +                                        get_public_keys_cb,
   1.170 +                                        check_signatures_cb,
   1.171 +                                        NULL,
   1.172 +                                        &cookie, 0);
   1.173 +        if (! verifier)
   1.174 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Creating verifier");
   1.175 +
   1.176 +        pgp_status_t status = pgp_detached_verifier_verify (&err, verifier, reader);
   1.177 +        pgp_detached_verifier_free (verifier);
   1.178 +        if (status)
   1.179 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Verifying data");
   1.180 +    } else {
   1.181 +        pgp_reader_t verifier = NULL;
   1.182          verifier = pgp_verifier_new(&err, session->policy, reader,
   1.183                                      get_public_keys_cb,
   1.184                                      check_signatures_cb,
   1.185 +                                    NULL,
   1.186                                      &cookie, 0);
   1.187 -    if (! verifier)
   1.188 -        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Creating verifier");
   1.189 -    if (pgp_reader_discard(&err, verifier) < 0)
   1.190 -        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "verifier");
   1.191 +        if (! verifier)
   1.192 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Creating verifier");
   1.193 +
   1.194 +        pgp_status_t status = pgp_reader_discard(&err, verifier);
   1.195 +        pgp_reader_free(verifier);
   1.196 +        if (status)
   1.197 +            ERROR_OUT(err, PEP_UNKNOWN_ERROR, "verifier");
   1.198 +    }
   1.199  
   1.200      if (! cookie.signer_keylist) {
   1.201          cookie.signer_keylist = new_stringlist("");
   1.202 @@ -1753,7 +1765,6 @@
   1.203          free_stringlist(cookie.signer_keylist);
   1.204      }
   1.205  
   1.206 -    pgp_reader_free(verifier);
   1.207      pgp_reader_free(reader);
   1.208      pgp_reader_free(dsig_reader);
   1.209  
   1.210 @@ -2697,7 +2708,7 @@
   1.211      bool revoked = false;
   1.212      // Don't add revoked keys to the keyinfo_list.
   1.213      if (keyinfo_list) {
   1.214 -        pgp_revocation_status_t rs = pgp_cert_revoked(cert, session->policy, 0);
   1.215 +        pgp_revocation_status_t rs = pgp_cert_revocation_status(cert, session->policy, 0);
   1.216          pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
   1.217          pgp_revocation_status_free(rs);
   1.218          if (rsv == PGP_REVOCATION_STATUS_REVOKED)
   1.219 @@ -2942,47 +2953,41 @@
   1.220      while ((ka = pgp_cert_valid_key_iter_next(key_iter, NULL, NULL))) {
   1.221          pgp_status_t sq_status;
   1.222          pgp_error_t err;
   1.223 -        pgp_packet_t *packets_tmp = NULL;
   1.224 -        size_t packet_count_tmp = 0;
   1.225 +        pgp_signature_t *sigs = NULL;
   1.226 +        size_t sig_count = 0;
   1.227  
   1.228          sq_status = pgp_valid_key_amalgamation_set_expiration_time
   1.229 -            (&err, ka, signer, t, &packets_tmp, &packet_count_tmp);
   1.230 +            (&err, ka, signer, t, &sigs, &sig_count);
   1.231          if (sq_status)
   1.232              ERROR_OUT(err, PEP_UNKNOWN_ERROR,
   1.233                        "setting expiration (generating self signatures)");
   1.234  
   1.235 -        if (! packets) {
   1.236 -            assert(packet_count == 0);
   1.237 -            assert(packet_capacity == 0);
   1.238 -
   1.239 -            packets = packets_tmp;
   1.240 -            packet_count = packet_count_tmp;
   1.241 -            packet_capacity = packet_count_tmp;
   1.242 -        } else {
   1.243 -            assert(packet_capacity > 0);
   1.244 -            if (packet_capacity - packet_count < packet_count_tmp) {
   1.245 -                // Grow the array.
   1.246 -                int c = packet_capacity;
   1.247 -                while (c < packet_count + packet_count_tmp) {
   1.248 -                    c *= 2;
   1.249 -                }
   1.250 -
   1.251 -                void * tmp = _pEp_reallocarray(packets, c, sizeof (*packets));
   1.252 -                if (! tmp)
   1.253 -                    ERROR_OUT(NULL, PEP_OUT_OF_MEMORY,
   1.254 -                              "setting expiration (resizing buffer)");
   1.255 -
   1.256 -                packets = tmp;
   1.257 -                packet_capacity = c;
   1.258 +        if (packet_capacity - packet_count < sig_count) {
   1.259 +            // Grow the array.
   1.260 +            int c = packet_capacity;
   1.261 +            if (c == 0) {
   1.262 +                c = 1;
   1.263              }
   1.264 -
   1.265 -            int i;
   1.266 -            for (i = 0; i < packet_count_tmp; i ++) {
   1.267 -                packets[packet_count + i] = packets_tmp[i];
   1.268 +            while (c < packet_count + sig_count) {
   1.269 +                c *= 2;
   1.270              }
   1.271 -            packet_count += packet_count_tmp;
   1.272 +
   1.273 +            void * tmp = _pEp_reallocarray(packets, c, sizeof (*packets));
   1.274 +            if (! tmp)
   1.275 +                ERROR_OUT(NULL, PEP_OUT_OF_MEMORY,
   1.276 +                          "setting expiration (resizing buffer)");
   1.277 +
   1.278 +            packets = tmp;
   1.279 +            packet_capacity = c;
   1.280          }
   1.281  
   1.282 +        int i;
   1.283 +        for (i = 0; i < sig_count; i ++) {
   1.284 +            packets[packet_count + i] = pgp_signature_into_packet(sigs[i]);
   1.285 +        }
   1.286 +        packet_count += sig_count;
   1.287 +
   1.288 +        free (sigs);
   1.289          pgp_valid_key_amalgamation_free (ka);
   1.290      }
   1.291  
   1.292 @@ -3072,7 +3077,7 @@
   1.293      if (! cert)
   1.294          ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
   1.295  
   1.296 -    assert(pgp_revocation_status_variant(pgp_cert_revoked(cert, session->policy, 0))
   1.297 +    assert(pgp_revocation_status_variant(pgp_cert_revocation_status(cert, session->policy, 0))
   1.298             == PGP_REVOCATION_STATUS_REVOKED);
   1.299  
   1.300      status = cert_save(session, cert, NULL, NULL);
   1.301 @@ -3239,7 +3244,7 @@
   1.302  }
   1.303  
   1.304  static void _pgp_key_revoked(PEP_SESSION session, pgp_cert_t cert, bool* revoked) {
   1.305 -    pgp_revocation_status_t rs = pgp_cert_revoked(cert, session->policy, 0);
   1.306 +    pgp_revocation_status_t rs = pgp_cert_revocation_status(cert, session->policy, 0);
   1.307      *revoked = pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED;
   1.308      pgp_revocation_status_free (rs); 
   1.309      
   1.310 @@ -3316,7 +3321,7 @@
   1.311      pgp_fingerprint_free(pgp_fpr);
   1.312      ERROR_OUT(NULL, status, "Looking up %s", fpr);
   1.313  
   1.314 -    // pgp_revocation_status_t rs = pgp_cert_revoked(cert, 0);
   1.315 +    // pgp_revocation_status_t rs = pgp_cert_revocation_status(cert, 0);
   1.316      // *revoked = pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED;
   1.317      // pgp_revocation_status_free (rs);
   1.318      _pgp_key_revoked(session, cert, revoked);
   1.319 @@ -3346,7 +3351,7 @@
   1.320  
   1.321      *comm_type = PEP_ct_OpenPGP_unconfirmed;
   1.322  
   1.323 -    // pgp_revocation_status_t rs = pgp_cert_revoked(cert, 0);
   1.324 +    // pgp_revocation_status_t rs = pgp_cert_revocation_status(cert, 0);
   1.325      // pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
   1.326      // pgp_revocation_status_free(rs);
   1.327      // if (rsv == PGP_REVOCATION_STATUS_REVOKED) {