1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
--- a/configure
+++ b/configure
@@ -502,230 +502,9 @@
gmime_cflags=$(pkg-config --cflags gmime-3.0)
gmime_ldflags=$(pkg-config --libs gmime-3.0)
- printf "Checking for GMime session key extraction support... "
-
- cat > _check_session_keys.c <<EOF
-#include <gmime/gmime.h>
-#include <stdio.h>
-
-int main () {
- GError *error = NULL;
- GMimeParser *parser = NULL;
- GMimeMultipartEncrypted *body = NULL;
- GMimeDecryptResult *decrypt_result = NULL;
- GMimeObject *output = NULL;
-
- g_mime_init ();
- parser = g_mime_parser_new ();
- g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/crypto/basic-encrypted.eml", "r", &error));
- if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/crypto/basic-encrypted.eml\n");
-
- body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
- if (body == NULL) return !! fprintf (stderr, "did not find a multipart encrypted message\n");
-
- output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_EXPORT_SESSION_KEY, NULL, &decrypt_result, &error);
- if (error || output == NULL) return !! fprintf (stderr, "decryption failed\n");
-
- if (decrypt_result == NULL) return !! fprintf (stderr, "no GMimeDecryptResult found\n");
- if (decrypt_result->session_key == NULL) return !! fprintf (stderr, "GMimeDecryptResult has no session key\n");
-
- printf ("%s\n", decrypt_result->session_key);
- return 0;
-}
-EOF
- if ! TEMP_GPG=$(mktemp -d "${TMPDIR:-/tmp}/notmuch.XXXXXX"); then
- printf 'No.\nCould not make tempdir for testing session-key support.\n'
- errors=$((errors + 1))
- elif ${CC} ${CFLAGS} ${gmime_cflags} _check_session_keys.c ${gmime_ldflags} -o _check_session_keys \
- && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/openpgp4-secret-key.asc \
- && SESSION_KEY=$(GNUPGHOME=${TEMP_GPG} ./_check_session_keys) \
- && [ $SESSION_KEY = 9:496A0B6D15A5E7BA762FB8E5FE6DEE421D4D9BBFCEAD1CDD0CCF636D07ADE621 ]
- then
- printf "OK.\n"
- else
- cat <<EOF
-No.
-*** Error: Could not extract session keys from encrypted message.
-
-This is likely due to your GMime having been built against a old
-version of GPGME.
-
-Please try to rebuild your version of GMime against a more recent
-version of GPGME (at least GPGME 1.8.0).
-EOF
- if GPGME_VERS="$(pkg-config --modversion gpgme || gpgme-config --version)"; then
- printf 'Your current GPGME development version is: %s\n' "$GPGME_VERS"
- else
- printf 'You do not have the GPGME development libraries installed.\n'
- fi
- errors=$((errors + 1))
- fi
- if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
- rm -rf "$TEMP_GPG"
- fi
-
- cat > _check_gmime_cert.c <<EOF
-#include <stdio.h>
-#include <gmime/gmime.h>
-
-int main () {
- GError *error = NULL;
- GMimeParser *parser = NULL;
- GMimeApplicationPkcs7Mime *body = NULL;
- GMimeSignatureList *sig_list = NULL;
- GMimeSignature *sig = NULL;
- GMimeCertificate *cert = NULL;
- GMimeObject *output = NULL;
- int len;
-
- g_mime_init ();
- parser = g_mime_parser_new ();
- g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/pkcs7/smime-onepart-signed.eml", "r", &error));
- if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/pkcs7/smime-onepart-signed.eml\n");
-
- body = GMIME_APPLICATION_PKCS7_MIME(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
- if (body == NULL) return !! fprintf (stderr, "did not find a application/pkcs7 message\n");
-
- sig_list = g_mime_application_pkcs7_mime_verify (body, GMIME_VERIFY_NONE, &output, &error);
- if (error || output == NULL) return !! fprintf (stderr, "verify failed\n");
-
- if (sig_list == NULL) return !! fprintf (stderr, "no GMimeSignatureList found\n");
- len = g_mime_signature_list_length (sig_list);
- if (len != 1) return !! fprintf (stderr, "expected 1 signature, got %d\n", len);
- sig = g_mime_signature_list_get_signature (sig_list, 0);
- if (sig == NULL) return !! fprintf (stderr, "no GMimeSignature found at position 0\n");
- cert = g_mime_signature_get_certificate (sig);
- if (cert == NULL) return !! fprintf (stderr, "no GMimeCertificate found\n");
-#ifdef CHECK_VALIDITY
- GMimeValidity validity = g_mime_certificate_get_id_validity (cert);
- if (validity != GMIME_VALIDITY_FULL) return !! fprintf (stderr, "Got validity %d, expected %d\n", validity, GMIME_VALIDITY_FULL);
-#endif
-#ifdef CHECK_EMAIL
- const char *email = g_mime_certificate_get_email (cert);
- if (! email) return !! fprintf (stderr, "no email returned");
- if (email[0] == '<') return 2;
-#endif
- return 0;
-}
-EOF
-
- # see https://github.com/jstedfast/gmime/pull/90
- # should be fixed in GMime in 3.2.7, but some distros might patch
- printf "Checking for GMime X.509 certificate validity... "
-
- if ! TEMP_GPG=$(mktemp -d "${TMPDIR:-/tmp}/notmuch.XXXXXX"); then
- printf 'No.\nCould not make tempdir for testing X.509 certificate validity support.\n'
- errors=$((errors + 1))
- elif ${CC} -DCHECK_VALIDITY ${CFLAGS} ${gmime_cflags} _check_gmime_cert.c ${gmime_ldflags} -o _check_x509_validity \
- && echo disable-crl-checks > "$TEMP_GPG/gpgsm.conf" \
- && echo "4D:E0:FF:63:C0:E9:EC:01:29:11:C8:7A:EE:DA:3A:9A:7F:6E:C1:0D S" >> "$TEMP_GPG/trustlist.txt" \
- && GNUPGHOME=${TEMP_GPG} gpgsm --batch --quiet --import < "$srcdir"/test/smime/ca.crt
- then
- if GNUPGHOME=${TEMP_GPG} ./_check_x509_validity; then
- gmime_x509_cert_validity=1
- printf "Yes.\n"
- else
- gmime_x509_cert_validity=0
- printf "No.\n"
- if pkg-config --exists "gmime-3.0 >= 3.2.7"; then
- cat <<EOF
-*** Error: GMime fails to calculate X.509 certificate validity, and
-is later than 3.2.7, which should have fixed this issue.
-
-Please follow up on https://github.com/jstedfast/gmime/pull/90 with
-more details.
-EOF
- errors=$((errors + 1))
- fi
- fi
- printf "Checking whether GMime emits email addresses with angle brackets... "
- if ${CC} -DCHECK_EMAIL ${CFLAGS} ${gmime_cflags} _check_gmime_cert.c ${gmime_ldflags} -o _check_email &&
- GNUPGHOME=${TEMP_GPG} ./_check_email; then
- gmime_emits_angle_brackets=0
- printf "No.\n"
- else
- gmime_emits_angle_brackets=1
- printf "Yes.\n"
- fi
- else
- printf 'No.\nFailed to set up gpgsm for testing X.509 certificate validity support.\n'
- errors=$((errors + 1))
- fi
- if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
- rm -rf "$TEMP_GPG"
- fi
-
- # see https://dev.gnupg.org/T3464
- # there are problems verifying signatures when decrypting with session keys with GPGME 1.13.0 and 1.13.1
- printf "Checking signature verification when decrypting using session keys... "
-
- cat > _verify_sig_with_session_key.c <<EOF
-#include <stdio.h>
-#include <gmime/gmime.h>
-
-int main () {
- GError *error = NULL;
- GMimeParser *parser = NULL;
- GMimeMultipartEncrypted *body = NULL;
- GMimeDecryptResult *result = NULL;
- GMimeSignatureList *sig_list = NULL;
- GMimeSignature *sig = NULL;
- GMimeObject *output = NULL;
- GMimeSignatureStatus status;
- int len;
-
- g_mime_init ();
- parser = g_mime_parser_new ();
- g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/crypto/encrypted-signed.eml", "r", &error));
- if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/pkcs7/smime-onepart-signed.eml\n");
-
- body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
- if (body == NULL) return !! fprintf (stderr, "did not find a multipart/encrypted message\n");
-
- output = g_mime_multipart_encrypted_decrypt (body, GMIME_DECRYPT_NONE, "9:9E1CDF53BBF794EA34F894B5B68E1E56FB015EA69F81D2A5EAB7F96C7B65783E", &result, &error);
- if (error || output == NULL) return !! fprintf (stderr, "decrypt failed\n");
-
- sig_list = g_mime_decrypt_result_get_signatures (result);
- if (sig_list == NULL) return !! fprintf (stderr, "sig_list is NULL\n");
-
- if (sig_list == NULL) return !! fprintf (stderr, "no GMimeSignatureList found\n");
- len = g_mime_signature_list_length (sig_list);
- if (len != 1) return !! fprintf (stderr, "expected 1 signature, got %d\n", len);
- sig = g_mime_signature_list_get_signature (sig_list, 0);
- if (sig == NULL) return !! fprintf (stderr, "no GMimeSignature found at position 0\n");
- status = g_mime_signature_get_status (sig);
- if (status & GMIME_SIGNATURE_STATUS_KEY_MISSING) return !! fprintf (stderr, "signature status contains KEY_MISSING (see https://dev.gnupg.org/T3464)\n");
-
- return 0;
-}
-EOF
- if ! TEMP_GPG=$(mktemp -d "${TMPDIR:-/tmp}/notmuch.XXXXXX"); then
- printf 'No.\nCould not make tempdir for testing signature verification when decrypting with session keys.\n'
- errors=$((errors + 1))
- elif ${CC} ${CFLAGS} ${gmime_cflags} _verify_sig_with_session_key.c ${gmime_ldflags} -o _verify_sig_with_session_key \
- && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/openpgp4-secret-key.asc \
- && rm -f ${TEMP_GPG}/private-keys-v1.d/*.key
- then
- if GNUPGHOME=${TEMP_GPG} ./_verify_sig_with_session_key; then
- gmime_verify_with_session_key=1
- printf "Yes.\n"
- else
- gmime_verify_with_session_key=0
- printf "No.\n"
- cat <<EOF
-*** Error: GMime fails to verify signatures when decrypting with a session key.
-
-This is most likely due to a buggy version of GPGME, which should be fixed in 1.13.2 or later.
-See https://dev.gnupg.org/T3464 for more details.
-EOF
- fi
- else
- printf 'No.\nFailed to set up gpg for testing signature verification while decrypting with a session key.\n'
- errors=$((errors + 1))
- fi
- if [ -n "$TEMP_GPG" -a -d "$TEMP_GPG" ]; then
- rm -rf "$TEMP_GPG"
- fi
+ gmime_x509_cert_validity=1
+ gmime_verify_with_session_key=1
+ gmime_emits_angle_brackets=0
else
have_gmime=0
printf "No.\n"
|