* src/gpgme.h.in (gpgme_verify_flags_t): New enum.
(GPGME_VERIFY_ARCHIVE): New const.
(gpgme_op_verify_ext_start): New func.
(gpgme_op_verify_ext): New func.
* src/gpgme.def, src/libgpgme.vers: Add new functions.
* src/verify.c (gpgme_op_verify_ext_start): New.
(gpgme_op_verify_ext): New.
(verify_start): Add arg FLAGS. Pass the flags to
_gpgme_engine_op_verify.
(gpgme_op_verify_start): Call gpgme_op_verify_ext_start with 0 for
FLAGS.
(gpgme_op_verify): Call gpgme_op_verify_ext with 0 for FLAGS.
* src/engine.c, src/engine.h (_gpgme_engine_op_verify): Add arg FLAGS.
* src/engine-backend.h (struct engine_ops): Add FLAGS to 'verify'.
* src/engine-gpg.c (gpg_verify): Add arg FLAGS. Set use_gpgtar engine
flag if GPGME_VERIFY_ARCHIVE flag is set. Check for new enough gpg. Use
add_gpg_arg for gpg-only options without a value. Set extra options for
gpgtar and pass input data to stdin when using gpgtar.
* src/engine-gpgsm.c (gpgsm_verify): Add arg FLAGS. Return error if
GPGME_VERIFY_ARCHIVE flag is set.
* src/engine-uiserver.c (uiserver_verify): Ditto.
* tests/run-verify.c (show_usage): New options --archive, --directory,
and --diagnostics.
(main): Parse new options. Verify and extract with gpgtar if --archive
is given. Set file name of output data to value of --directory option.
Print stderr of gpg/gpgtar if --diagnostics is given.
--
GnuPG-bug-id: 6342
* src/gpgme.h.in (GPGME_DECRYPT_ARCHIVE): New decryption flag.
* src/engine-gpg.c (gpg_decrypt): Set use_gpgtar engine flag if
GPGME_DECRYPT_ARCHIVE flag is set. Check for new enough gpg and
incompatible flags. Use add_gpg_arg_with_value for gpg-only options
with a value and add_gpg_arg for gpg-only options without a value.
Set extra options for gpgtar and pass input data to stdin when using
gpgtar.
* tests/run-decrypt.c (show_usage): New options --archive and
--directory.
(main): Parse new options. Decrypt with gpgtar if --archive is given.
Set file name of output data to value of --directory option.
--
GnuPG-bug-id: 6342
* src/engine-gpg.c (gpg_encrypt, gpg_encrypt_sign, gpg_sign): Pass
file name set in data with --directory option to gpgtar.
* tests/run-encrypt.c (show_usage): New option --directory.
(main): Parse new option. Set file name of input data to option value.
* tests/run-sign.c (show_usage): New option --directory.
(main): Parse new option. Set file name of input data to option value.
--
GnuPG-bug-id: 6342
* src/engine-gpg.c (gpg_encrypt_sign): Set use_gpgtar engine flag if
GPGME_ENCRYPT_ARCHIVE mode is set. Check for new enough gpg. Use
add_gpg_arg_with_value for gpg-only options with a value and
add_gpg_arg for gpg-only options without a value. Set extra options for
gpgtar and pass input data to stdin when using gpgtar.
* tests/run-encrypt.c (print_result): Rename to print_encrypt_result.
Print header.
(print_sign_result): New.
(show_usage): New option --sign.
(main): Parse new option. Sign and encrypt --sign is given.
Print results of signing additionally to results of encryption.
--
With this change the gpgme_op_encrypt_sign* functions get support for
creating an encrypted and signed archive from files and/or directories
passed as NUL-separated list in the "plain" data with gpgtar.
GnuPG-bug-id: 6342
* src/gpgme.h.in (GPGME_SIG_MODE_ARCHIVE): New signature mode.
* src/engine-gpg.c (append_args_from_sender,
append_args_from_sig_notations): Use add_gpg_arg_with_value
for gpg-only options with a value.
(gpg_sign): Set use_gpgtar engine flag if GPGME_SIG_MODE_ARCHIVE mode
is set. Check for new enough gpg. Use add_gpg_arg_with_value for
gpg-only options with a value and add_gpg_arg for gpg-only options
without a value. Set extra options for gpgtar and pass input data to
stdin when using gpgtar.
* src/sign.c (sign_start): Add GPGME_SIG_MODE_ARCHIVE as valid mode.
* tests/run-sign.c (show_usage): New options --archive and
--diagnostics.
(main): Parse new options. Sign with gpgtar if --archive is given.
Print stderr of gpg/gpgtar if --diagnostics is given.
--
With this change the gpgme_op_sign* functions get support for
creating a signed archive from files and/or directories passed as
NUL-separated list in the "in" data with gpgtar.
GnuPG-bug-id: 6342
* src/gpgme.h.in (GPGME_ENCRYPT_ARCHIVE): New encryption flag.
* src/engine-gpg.c (arg_and_data_s): New field gpg_arg.
(engine_gpg): New flag use_gpgtar.
(_add_arg): Add argument gpg_arg and set it.
(add_arg_ext, add_arg_with_locp, add_arg, add_arg_pfx, add_arg_len):
Adjust call of _add_arg.
(add_arg_with_locp): Add argument front.
(add_gpg_arg, add_gpg_arg_with_value): New.
(gpg_new): Use add_gpg_arg_with_value for gpg-only options with a value
and add_gpg_arg for gpg-only options without.
(build_argv): Consider usage of gpgtar when counting arguments to pass
to gpg/gpgtar. Prepend "--gpg-args" to all gpg-only arguments if gpgtar
is used.
(start): Set program to use. Read diagnostics output from stderr when
using gpgtar. Do not pass --status-fd to gpgtar for gpg < 2.4.1. Use
add_gpg_arg_with_value for --lc-ctype and --lc-messages.
(gpg_encrypt): Set use_gpgtar engine flag if GPGME_ENCRYPT_ARCHIVE flag
is set. Check for new enough gpg and incompatible flags. Use
add_gpg_arg_with_value for gpg-only options with a value and
add_gpg_arg for gpg-only options without a value. Set extra options
for gpgtar and pass input data to stdin when using gpgtar.
* src/engine-gpgsm.c (gpgsm_encrypt): Return error if new flag is set.
* src/engine-uiserver.c (uiserver_encrypt): Ditto.
* tests/run-encrypt.c (show_usage): New options --archive and
--diagnostics.
(main): Parse new options. Encrypt with gpgtar if --archive is given.
Print stderr of gpg/gpgtar if --diagnostics is given.
--
With this change the gpgme_op_encrypt* functions get support for
encrypting a list of files and/or directories passed as NUL-separated
list in "plain" data with gpgtar.
GnuPG-bug-id: 6342
* src/dirinfo.c (WANT_GPGTAR_NAME): New.
(dirinfo): Add field gpgtar_name.
(get_gpgconf_item): Build gpgtar_name on demand and return it.
(_gpgme_get_default_gpgtar_name) : New.
(gpgme_get_dirinfo): New value "gpgtar-name" for WHAT.
* src/util.h (_gpgme_get_default_gpgtar_name): New.
* tests/t-engine-info.c (main): Add gpgtar-name to the output.
GnuPG-bug-id: 6342
* src/context.h (gpgme_context): Add field no_auto_check_trustdb.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add flag
"no-auto-check-trustdb".
* src/engine-gpg.c (engine_gpg): Add flags.no_auto_check_trustdb.
(gpg_set_engine_flags): Set the flag.
(build_argv): Pass option to gpg.
* tests/run-keylist.c (show_usage, main): Add option --no-trust-check.
--
This makes the --no-auto-check-trustdb option available in the GPGME API
to disable the potentially expensive automatic trust database check.
GnuPG-bug-id: 6261
* src/gpgme.h.in (gpgme_op_receive_keys_start, gpgme_op_receive_keys):
New.
* src/gpgme.def, src/libgpgme.vers: Add them.
* src/engine-backend.h (struct engine_ops): Add arg keyids to field
'import'.
* src/engine.h, src/engine.c (_gpgme_engine_op_import): Add arg keyids.
* src/engine.c (_gpgme_engine_op_import): Forward new arg keyids.
* src/import.c: (_gpgme_op_import_start, _gpgme_op_import_keys_start):
Pass NULL to new arg of _gpgme_op_import_start.
(_gpgme_op_receive_keys_start, gpgme_op_receive_keys_start,
gpgme_op_receive_keys): New.
* src/engine-gpg.c (gpg_import): Add arg keyids. Extend check for
valid arguments. Build command line if keyids are given.
* src/engine-gpgsm.c (gpgsm_import): Add arg keyids. Return error if
keyids is not NULL.
tests/run-receive-keys.c: New.
tests/Makefile.am (noinst_PROGRAMS): Add new test runner.
--
The new function allows importing keys given by their key ids or
fingerprints from a keyserver (like gpg's --recv-keys command).
GnuPG-bug-id: 5808
* tests/run-genkey.c (parse_expire_string): Support default expiration
and no expiration. Set flag for no expiration.
(main): Allow update of flags when generating new key.
--
This makes the parsing of different values for expiration match the
parsing done by gpg's --quick-gen-key. In particular, this makes it
possible again to generate keys without expiration.
* src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET_SUBKEY): New.
* src/export.c (check_mode): Allow new mode and check for invalid
combinations.
(export_keys_start): Return error if new mode flag is set.
* src/engine-gpg.c (export_common): Implement.
* src/gpgme-tool.c (cmd_export): New option --secret-subkey.
* tests/run-export.c (main): New option --secret-subkey.
--
This adds support for exporting secret subkeys (via gpg's
--export-secret-subkeys) to gpgme_op_export[_ext][_start].
The flag is not supported by gpgme_op_export_keys[_start] because
there is no way to specify which subkey(s) to export with these
functions.
GnuPG-bug-id: 5757
* src/import.c (gpgme_op_import_result): Check fpr for NULL.
(parse_error): New.
(import_status_handler): Handle error status line.
* doc/gpgme.texi (gpgme_import_status_t): Mention that fpr can be NULL.
* tests/gpg/t-import.c (check_result): Check fpr for NULL.
* tests/run-threaded.c (delete_impres): Check fpr for NULL.
--
When importing an encrypted certificate a wrong passphrase may be
entered. In this case gpgsm emits a status line with a bad passphrase
error and an "invalid object" error. To make it possible for callers
to handle a wrong passphrase error more gracefully, an import status
with bad passphrase error is added to the import result for each
status line with bad passphrase error.
GnuPG-bug-id: 5713
* src/context.h (struct gpgme_context): New field import_filter.
* src/engine-backend.h (struct engine_ops): Add arg import_filter to
field 'import'.
* src/engine-gpg.c (gpg_import): Add arg import_filter and pass option
--import-filter with argument value to gpg. Adjust all callers.
* src/engine-gpgsm.c (gpgsm_import): Add dummy arg import_filter.
* src/gpgme.c (gpgme_release): Free 'import_filter'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "import-filter".
* tests/run-import.c (main): Add option --import-filter.
--
This makes the --import-filter option available in the GPGME API for
key imports.
GnuPG-bug-id: 5739
* src/context.h (struct gpgme_context): New field key_origin.
* src/engine-backend.h (struct engine_ops): Add arg key_origin to
field 'import'.
* src/engine-gpg.c (gpg_import): Add arg key_origin and pass option
--key-origin with argument value to gpg. Adjust all callers.
* src/engine-gpgsm.c (gpgsm_import): Add dummy arg key_origin.
* src/gpgme.c (gpgme_release): Free 'key_origin'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "key-origin".
* tests/run-import.c (main): Add option --key-origin.
* tests/gpg/t-import.c (main): Set and verify key origin.
--
This makes the --key-origin option available in the GPGME API for
key imports.
GnuPG-bug-id: 5733
* src/dirinfo.c (WANT_SOCKETDIR): New.
(dirinfo): Add field socketdir.
(parse_output): Support "socketdir".
(get_gpgconf_item): Return socketdir.
* tests/t-engine-info.c (main): Add socketdir to the output.
* src/w32-util.c (_gpgme_create_process_utf8): Fix indentation.
--
GnuPG-bug-id: 5613
This is not strictly necessary because we could deduce this from one
of the other socket info items but it is more clean to have a
dedicated info item. The socketdir item is available for 5 years now
(GnuPG commit 8e3fa5a4b205c534de2142e5d071712f957cf06a)
* tests/gpg/Makefile.am (WITH_THREAD_CPPFLAGS): New.
(WITH_THREAD_LDADD): New.
(t_thread1_CPPFLAGS, t_thread_keylist_CPPFLAGS)
(t_thread_keylist_verify_CPPFLAGS)
(t_cancel_CPPFLAGS): Use WITH_THREAD_CPPFLAGS.
(t_thread1_LDADD, t_thread_keylist_LDADD)
(t_thread_keylist_verify_LDADD)
(t_cancel_LDADD): Use WITH_THREAD_LDADD.
--
For library dependency at runtime, it's not 100% right to use
GPG_ERROR_MT_LIBS here, because those test programs don't use
libgpg-error directly at runtime. But, it's OK, because these are
test programs, which don't need specifying minimum library dependency.
It would be too much for configure of gpgme, to check how threaded
application should be built, just for these test programs.
Co-authored-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/gpg/gpg.conf.in: New.
* tests/gpg/Makefile.am (gpg.conf): Copy gpg.conf.in instead of using
echo to fill gpg.conf.
--
This change ensures that gpg.conf is updated whenever new options are
added for some tests.
* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
(main): Factored out signing and verifying the result.
--
Factoring the two steps of the test into different functions fixes the
use-after-free issue that was caused by accidentaly using a variable
of the first step in the second step.
GnuPG-bug-id: 5509
* src/context.h (struct gpgme_context): Add 'cert_expire'.
* src/engine-gpg.c (append_args_from_cert_expire): New.
(gpg_edit): Set option according to the new flag.
* src/gpgme.c (gpgme_release): Free 'cert_expire'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "cert-expire".
* tests/gpg/Makefile.am (c_tests): Add new test.
(gpg.conf): Write "allow-weak-key-signatures" to gpg.conf.
* tests/gpg/t-edit-sign.c: New.
--
The new context flag "cert-expire" allows setting the expiration date
for key signatures created with gpgme_op_interact.
GnuPG-bug-id: 5336, 5505
* src/data.c (_gpgme_data_release): Free buffers.
(gpgme_data_seek): Adjust from renamed fields.
(gpgme_data_set_flag): Implement new flags.
(_gpgme_data_inbound_handler): Allow the use of a malloced buffer.
(_gpgme_data_outbound_handler): Ditto.
* src/data.h (BUFFER_SIZE): Move out of the struct definition.
(struct gpgme_data): Remove pending filed and introduce inbound and
outbound fields.
* src/conversion.c (_gpgme_wipememory): New. Taken from GnuPG.
* src/cJSON.c (wipememory): Use this here too.
* tests/run-decrypt.c (main): Add options "--large-buffers" and
"--sensitive".
--
GnuPG-bug-id: 5478
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/run-keylist.c (main): Print all infos from the primary key.
--
The test tool printed only the computed infos for the key and not the
detailed one fro the primary key. The new output better reflects the
data structure.
Related to
GnuPG-bug-id: 5454
* tests/run-verify.c (main): Remove C99-only syntax.
* tests/run-threaded.c (start_keylistings): Ditto.
--
Older gcc's do not grok this and there is no real need for it.
run-verify.c:324: error: ‘for’ loop initial declarations are only
allowed in C99 mode
run-verify.c:324: note: use option -std=c99 or -std=gnu99 to compile
your code
Reported-by: Lars Hecking
* src/gpgme.h.in (struct _gpgme_key_sig): Add fields 'trust_depth',
'trust_value', and 'trust_scope'.
* src/key.c (gpgme_key_unref): Free trust_scope.
* src/keylist.c (keylist_colon_handler): Set the fields.
* tests/run-keylist.c (main): Print the fields.
--
The trust signature values are part of gpg's output since the year 2003.
This now adds support to gpgme.
GnuPG-bug-id: 5245, 5419
* tests/json/t-json.c: Remove var definitions inside a for statement.
--
This useful C99 feature seems to work only in recent gcc versions. We
can't use it; see gnupg/doc/HACKING.
GnuPG-bug-id: 5088
* src/engine-assuan.c (inquire_cb): Implement returning data.
* tests/opassuan/t-command.c (inq_cb): Send some test data.
--
The old code only allowed to send an empty response which was good
enough for scdaemon's KNOWNCARDP inquire but not to send actual data.
A quick test using a test smartcard might be
./t-command 'scd setattr --inquire PRIVATE-DO-1'
and then reading the data back using
gpg-connect-agent 'scd getattr PRIVATE-DO-1' /bye
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_op_setexpire_start, gpgme_op_setexpire): New.
* src/libgpgme.vers, src/gpgme.def: Add new functions.
* src/genkey.c (setexpire): New.
(gpgme_op_setexpire_start, gpgme_op_setexpire): New.
* src/engine.h, src/engine.c: (_gpgme_engine_op_setexpire): New.
* src/engine-backend.h (engine_ops): Add 'setexpire' and adjust all
engine initializers.
* src/engine-gpg.c (gpg_setexpire): New.
(_gpgme_engine_ops_gpg): Set setexpire to gpg_setexpire.
* doc/gpgme.texi: Document new functions.
* tests/run-genkey.c: Add option --setexpire.
--
This extends GPGME to support the --quick-set-expire command
added by GnuPG 2.1.22. This allows changing subkeys expiry
date without going through the editinteractor interface.
Co-authored-by: Andre Heinecke <aheinecke@gnupg.org>
GnuPG-bug-id: 4999
* src/gpgme.h.in: Clarify that the trustlist function should not be
used.
* src/engine.c (_gpgme_engine_op_trustlist): Always return an error.
* src/engine-backend.h (struct engine_ops): Remove trustlist member.
* src/engine-gpg.c (gpg_trustlist): Remove.
(struct engine_ops): Remove that member. Also in all other engines.
* tests/gpg/t-trustlist.c: Remove.
* lang/python/tests/t-trustlist.py: Remove.
--
This never worked in reality because the required feature has been
removed from GnuPG version 1.3.2 soon after introduction of this
feature in gpgme - 17 years ago. It was anyway marked as
experimental. We keep the API and ABI, though.
GnuPG-bug-id: 4834
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/json/t-keylist-secret.out.json: Do not check for keygrip
of bravo key.
--
Since GnuPG 2.2.19 the keygrip is not emitted for public keys
in a keylisting --with-secret.
As the GPGME test suite should pass with several versions
the json test cannot test this as the suite does not allow
version checks for different output.
What the intended behavior is might still be up for discussion,
always adding --with-keygip is not a good solution because
it slows down keylistings for large keyrings.
GnuPG-Bug-Id: T4820
* tests/json/t-keylist-secret.out.json
--
Since at least 2.2.19 GnuPG no longer emits secret = true
for keys where it does not have a secret. To avoid
failures with older versions we remove the check altogether.
GnuPG-Bug-Id: T4820
* src/gpgme.h.in (struct _gpgme_user_id): Add field 'uidhash'.
* src/key.c (gpgme_key_unref): Free it.
* src/keylist.c (keylist_colon_handler): Set it.
* tests/run-keylist.c (main): Print it.
--
The uidhash value is part of gpg's output since the year 2005. This
now adds support to gpgme. The application for uidhash is to select
a user id in an edit interactor: Instead of giving the number of the
user id, the uidhash value can be be used to avoid tracking the user
id numbers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/json/t-decrypt-verify.out.json: Remove check with key of
04071FB807287134.
--
GnuPG 2.3 changes how public key decryption works; It collects list of
PUBKEY_ENC packets and then processes an ENCRYPTED* packet. At the
stage of processing an ENCRYPTED* packet, it checks if private keys
can decrypt any of PUBKEY_ENC packets. It does not necessarily
examine all of PUBKEY_ENC packets. Only when it finds a PUBKEY_ENC
packet cannot be decrypted, it reports STATUS_NO_SECKEY with keyid of
that packet.
GnuPG 2.2 or older tries PUBKEY_ENC packets in order, and the first
successful PUBKEY_ENC packet is used. Rest of PUBKEY_ENC packets are
not examined, but STATUS_NO_SECKEY with keyid is reported even when
there is a valid private key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
