Commit Graph

266 Commits

Author SHA1 Message Date
Daiki Ueno
028a0ef333
Relax ttyname_r error checks
* src/engine-assuan.c (llass_new): Don't treat ttyname_r error as
fatal.
* src/engine-g13.c (g13_new): Likewise.
* src/engine-gpg.c (gpg_new): Likewise.
* src/engine-gpgsm.c (gpgsm_new): Likewise.
* src/engine-uiserver.c (uiserver_new): Likewise.

--
Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g.,
when /dev/pts is not accessible under chroot.  Since all our uses of
ttyname_r() require that the function works, we can treat the failure as
if isatty() fails.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
2015-08-25 19:11:30 +02:00
Werner Koch
97f1f3e883
Cleanup layout of gpgme.h
* src/gpgme.h.in: Reorder prototypes.  Chnage some comments.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 18:10:14 +02:00
Werner Koch
8ddc5801ad
Improve error return by checking the FAILURE status.
* src/gpgme.h.in (GPGME_STATUS_FAILURE): New.
* src/status-table.c (FAILURE): New.
* src/op-support.c (_gpgme_parse_failure): New.
* src/passphrase.c (_gpgme_passphrase_status_handler): Forward FAILURE
status line to the status callback.

* src/decrypt.c (op_data_t): Add field failure_code.
(_gpgme_decrypt_status_handler): Parse that code and act upon it on EOF.
* src/encrypt.c (op_data_t): Add field failure_code.
(_gpgme_encrypt_status_handler): Parse that code and act upon it on EOF.
* src/genkey.c (op_data_t): Add field failure_code.
(genkey_status_handler): Parse that code and act upon it on EOF.
* src/passwd.c (op_data_t): Add field failure_code.
(passwd_status_handler): Parse that code and act upon it on EOF.
* src/sign.c (op_data_t): Add field failure_code.
(_gpgme_sign_status_handler): Parse that code and act upon it on EOF.
* src/verify.c (op_data_t): Add field failure_code.
(_gpgme_verify_status_handler): Parse that code and act upon it on EOF.

--

This requires GnuPG 2.1.8 to actually make a difference.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 13:23:51 +02:00
Werner Koch
ad46f4f655
Call status_cb for an ERROR status seen in the passphrase handler.
* src/passphrase.c (_gpgme_passphrase_status_handler): Call status_cb.
--

Frankly, we should have a more generic way of feeding the status_cb
handler than our current ad-hoc method.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-24 21:17:21 +02:00
Werner Koch
a7dbab23ea
w32: Look for gpgconf in the new GnuPG 2.1 install dir.
* src/w32-util.c (_gpgme_get_gpgconf_path): Try another location of
gpgconf.exe.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-24 19:59:43 +02:00
Werner Koch
06d6fd8ca0
w32: Expect gpgme-w32spawn.exe only in the gpgme installation dir.
* src/w32-util.c (find_program_at_standard_place): Remove.
(_gpgme_get_gpg_path): Make the search order more explicit.
(_gpgme_get_gpgconf_path): Ditto.
(_gpgme_get_w32spawn_path): Search only in the inst_dir.
--

This tries to avoid possible unclear bug reports by removing the
fallback to the current gpg4win installation directory for the gpgme
helper.  It is expected that users of gpgme installing their own gpgme
version also install the matching helper.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-24 16:34:29 +02:00
Werner Koch
df098d6a43
w32: Print the installation directory in debug mode.
* src/debug.c (debug_init) [W32]: Show libgpgme installation dir.
--

I expect that gpgme will be distributed by applications and thus it
will be helpful to see in the debug log which gpgme is actually used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-24 15:03:20 +02:00
Werner Koch
2b632bbb78
Add an export secret key feature.
* src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET): New.
(GPGME_EXPORT_MODE_RAW): New.
(GPGME_EXPORT_MODE_PKCS12): New.
* src/export.c (export_start, export_ext_start): Allow new flags.
* src/engine-gpg.c (export_common): Support secret key export.
* src/engine-gpgsm.c (gpgsm_export, gpgsm_export_ext): Ditto.

* src/gpgme-tool.c (cmd_export): Add options --secret, --raw,
and --pkcs12.
* tests/run-export.c (main): Likewise.
--

Note that exporting secret X.509 keys requires GnuPG 2.1.8.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-24 12:41:24 +02:00
Ben Kibbey
ccbaccbf2e Parse INQUIRE_MAXLEN in the passphrase callback.
* src/passphrase.c (_gpgme_passphrase_status_handler): Parse
GPGME_STATUS_INQUIRE_MAXLEN.
* src/passphrase.c (_gpgme_passphrase_command_handler): Send the
INQUIRE_MAXLEN status message.

--
Fixes passing this status message along when decrypting symmetric data
from gpg.
2015-08-16 12:54:50 -04:00
Ben Kibbey
70b3e5964e Fix gpgme_{get,set}_status_cb to match documentation.
* doc/gpgme.texi: Minor fixes.
* src/gpgme.c (gpgme_get_status_cb): Set return variables to NULL and
check for a valid ctx pointer.
2015-08-15 18:19:27 -04:00
Ben Kibbey
6dd24c3c61 Parse the INQUIRE_MAXLEN status message.
* src/gpgme.h.in: (gpgme_status_code_t): Add INQUIRE_MAXLEN.
* src/status-table.c (status_table_s): Ditto.
* src/genkey.c (genkey_status_handler): Parse INQUIRE_MAXLEN.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ditto.
* src/sign.c (_gpgme_sign_status_handler): Ditto.

This status message informs the client of the maximum length of an
inquired line. It is sent from gpg and forwarded to the client via
gpgme_status_cb_t.
2015-08-15 18:19:27 -04:00
Ben Kibbey
4fadcf06ec Add gpgme_set/get_status_cb().
* src/gpgme.h.in (gpgme_set_status_cb): New.
(gpgme_get_status_cb): New.
(gpgme_status_cb_t): New.
* src/gpgme.c (gpgme_set_status_cb): New.
(gpgme_get_status_cb): New.
* src/context.h (status_cb): New.
(status_cb_value): New.
* src/gpgme.def: Export new symbols.
* src/libgpgme.vers: Ditto.
* doc/gpgme.texi: Document these new functions.

--
This callback function is used to forward status messages from gpg back
to the client.
2015-08-15 18:19:27 -04:00
Ben Kibbey
2b6ae3dadf Make use of user passphrase handler during genkey.
* src/genkey.c (genkey_start): set engine passphrase command handler.

--
This allows for inquiring a new passphrase during key generation rather
than requiring a pinentry. Needs a patch to gnupg to make use of
--command-fd with --gen-key.
2015-08-15 18:17:06 -04:00
Ben Kibbey
e07d38f5f9 Also check the return code in gpg_sign().
* src/engine-gpg.c (gpg_sign): Check return value from start().
2015-08-12 06:46:43 -04:00
Ben Kibbey
8f28e3caf9 Check the return value when starting gpg.
* src/engine-gpg.c (gpg_decrypt, gpg_delete, gpg_passwd): Check return
value of start().
2015-08-10 21:23:02 -04:00
Andre Heinecke
08086dd690
Add offline mode support for CMS keylisting
* doc/gpgme.texi: Document offline mode.
* src/context.h (gpgme_context): Add offline.
* src/engine-backend.h (keylist, keylist_ext): Add engine_flags.
* src/engine.c, src/engine.h (_gpgme_engine_op_keylist): Ditto.
  (_gpgme_engine_op_keylist_ext): Ditto.
* src/engine.h (GPGME_ENGINE_FLAG_OFFLINE): New.
* src/engine-gpg.c (gpg_keylist, gpg_keylist_ext): Ditto.
* src/engine-gpgsm.c (gpgsm_keylist): Handle engine_flags.
  (gpgsm_keylist_ext): Ditto.
* src/gpgme.c (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.def (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.h.in (gpgme_set_offline, gpgme_get_offline): New.
* src/libgpgme.vers (gpgme_set_offline, gpgme_get_offline): New.
* src/keylist.c (gpgme_op_keylist_start): Set offline flag.
  (gpgme_op_keylist_ext_start): Ditto.
* tests/run-keylist.c (show_usage, main): Add offline argument.

--
The offline engine option was introduced with gpgsm 2.1.6
it is mainly useful for a full keylisting that includes
the certificate validation but does not depend on external
information that could take an indefinite amount of time to
collect.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2015-07-31 15:18:27 +02:00
Werner Koch
c23f889710
Add option --lib-version to gpgme-tool.
* src/gpgme-tool.c (options, parse_options):  Add --lib-version
(CMD_LIBVERSION): New.
(main): Implement.
2015-07-23 11:40:09 +02:00
Werner Koch
ddbd54ef88
Fix regression with gpgsm 2.0 due to "OPTION with-secret".
* src/engine-gpgsm.c (gpgsm_assuan_simple_command): Do not terminate
on a status lines.
--

This bug has been with us since the support for gpgsm: If there is no
status line handler but a status line is received anyway the command
handling loop terminates and thus the command/answer order gets out of
sync.  In the case of the bug report this is triggered by sending an
option which starts the agent and that starting emits a "PROGRESS"
status line.

The solution is not to stop reading after a status line but record a
possible error code and return that only after OK or ERR.

GnuPG-bug-id: 1795
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-08 12:34:49 +02:00
Werner Koch
8b9f84828c
Fix compiler warnings about unused value in TRACE macros.
* src/debug.h: Change macros to not have a literal 0 as last
expression of the comma operator.
* src/debug.c (_gpgme_debug_frame_end): Return 0.
(_gpgme_debug): Return 0.
--

Instead of using
   foo(), 0
for the trace macros we let foo() return 0 instead.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-08 11:08:08 +02:00
Matthew Barnes
87d713ff41
Set GPGME_SIGSUM_KEY_REVOKED also for gpg.
* src/verify.c (calc_sig_summary): Handle GPG_ERR_CERT_REVOKED.

--

parse_new_sig() handles a revoked key by setting sig->status to
GPG_ERR_CERT_REVOKED, but then later calc_sig_summary() expects that
code in sig->validity_reason.

Additional comments added by wk.
2015-06-05 14:58:06 +02:00
Werner Koch
0d28a69616
Fix segv for userids with a backslash.
* src/engine-gpg.c (gpg_keylist_preprocess): Increment SRC for a
backslash.
--

This bug is not exploitable because this bug fills up .data with
backslashes and thus causes the segv.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-05 14:25:59 +02:00
Werner Koch
524dacfbb6
w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll.
* src/Makefile.am (extra_ltoptions): New.
(libgpgme_la_LDFLAGS): Use it.
(libgpgme_pthread_la_LDFLAGS): Ditto.
(libgpgme_glib_la_LDFLAGS): Ditto.
--

Since gcc 4.8 there is a regression in Mingw64 in that plain C
programs may link to libgcc_s.a which has a dependency on
libgcc_s_sjlj.dll.  This is for example triggered by using long long
arithmetic on a 32 bit Windows (e.g symbol __udivdi3).

Note that we don't use this patch for the Qt version which, as C++
programs, actually requires that DLL,

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-13 15:35:06 +02:00
Werner Koch
8cfcdfe556
Fix potential crash in trace macro.
* src/signers.c (gpgme_signers_add): Avoid deref of a NULL KEY in the
trace macro.
* src/engine-spawn.c (engspawn_release): Remove always true condition.
* src/engine-gpg.c (gpg_release): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 13:40:34 +01:00
Werner Koch
119f27032b
Fix one byte too short malloc.
* src/engine-spawn.c (add_data): Fix malloc
--

Bummer.  Why did I subtracted one from the size?  Did I assume a
dynamically allocated structure with a string field which was not
going to be used?  Very strange.

Not a real problem though because malloc will anyway round up the
allocation to at least the next word size.

Detected by Stack 0.3.
2015-03-16 13:38:10 +01:00
Werner Koch
05258d4275 Return an error for some export key operations.
* src/context.h (OPDATA_EXPORT): New.
* src/export.c (op_data_t): New.
(release_op_data): New.
(parse_error): New.
(export_status_handler): New.
(export_start, export_ext_start): Prepare op_data.
(gpgme_op_export_ext, gpgme_op_export_keys): Return an error from the
status handler.
--

To support an error return also for the async functions we need to
extend the API.  Until we have done that this new features helps at
least in some cases; in particular for --send-keys.
2014-12-08 11:19:16 +01:00
Werner Koch
81ce87111f Update the previous commit
* src/sign.c (gpgme_op_sign_result): Reformat and take care of failed
malloc.
--

Although _gpgme_debug_trace() is current always true, the code should
be run always and not just in trace mode.  Also added error checking
to malloc and strdup.  And while at replace some while by for loop for
easier readability.
2014-11-21 21:12:06 +01:00
Ben Kibbey
5942b0c7e0 Fix returning new signatures when there are none.
* src/sign.c (gpgme_op_sign_result): Test that invalid and valid
signatures add up to gpgme_signers_count().
--

When invalid and valid signatures do not equal gpgme_signers_count() it
means that there was a bad passphrase during signing after the first
signer. This leaves the result.signatures from previous signers intact
which isn't correct since gpg will report:

gpg: number of one-pass packets does not match number of signature
packets
gpg: can't handle this ambiguous signature data

during verify. So when this happens append the valid signatures to the
.invalid_signers list with .reason set to GPG_ERR_GENERAL.
2014-11-21 20:25:43 +01:00
Werner Koch
8031341283 Improve the debug output a bit.
* src/debug.h (TRACE_ERR): Include the line number in the output.
2014-11-06 15:59:06 +01:00
Werner Koch
4027a0a897 build: Implement SYSROOT feature.
* configure.ac: Document SYSROOT.
* m4/gpg-error.m4: Update from libgpg-error master.
* src/gpgme.m4: Implement SYSROOT stuff.
2014-10-02 15:57:50 +02:00
Daniel Kahn Gillmor
b3309f997c Use --no-sk-comments, not --no-sk-comment.
--
The --no-sk-comments flag is (or should be) a no-op in modern versions
of gnupg, but gpgme should still use its full form rather than the
(slightly) abbreviated --no-sk-comment
2014-10-02 15:20:35 +02:00
Werner Koch
4160ef90a1 gpgme-tool: Print fingerprint and keyid with keyservers.
* src/gpgme-tool.c (cmd_keylist): Print keyid.  Print FPR only if
available.
2014-08-12 18:50:14 +02:00
Werner Koch
3450bff52b Handle modern keyserver output which may emit the fingerprint.
* src/engine-gpg.c (read_colon_line): Split preprocessed lines.
(gpg_keylist_preprocess): Limit keyid field and print fingerprint.
2014-08-12 18:47:39 +02:00
Werner Koch
488e44cdb5 gpgme-tool: Install gpgme-tool.
* src/Makefile.am (bin_PROGRAMS): New.  Add gpgme-tools.
(noinst_PROGRAMS): Remove.
2014-08-12 17:51:38 +02:00
Werner Koch
e5ab116072 gpgme-tool: Fix segv for external key listing.
* src/gpgme-tool.c (result_xml_escape): Allow for DATA being NULL.
2014-08-12 17:42:08 +02:00
Werner Koch
2cbd76f791 Fix possible realloc overflow for gpgsm and uiserver engines.
* src/engine-gpgsm.c (status_handler):
* src/engine-uiserver.c (status_handler):
--

After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded.  Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order.  This is not easy exploitable because libassuan constructs the
line.  However a crash has been reported and thus it might be possible
to constructs an exploit.

CVE-id: CVE-2014-3564
Reported-by: Tomáš Trnka
2014-07-30 11:04:55 +02:00
Werner Koch
68116fa5f6 w32: Get IOSPAWN flag back in sync with spawn helper.
* src/gpgme-w32spawn.c: Include priv-io.h.
2014-06-26 10:42:56 +02:00
Werner Koch
efaf42205c w32: Add comment about a compiler warning
--
2014-06-26 10:41:46 +02:00
Werner Koch
86260b47c9 Add new reason codes to the INV_RECP status code.
* src/op-support.c (_gpgme_parse_inv_recp): Add codes 13 and 14.
2014-06-10 14:52:06 +02:00
Werner Koch
4dc9af2415 Add new keylist mode GPGME_KEYLIST_MODE_WITH_SECRET.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_SECRET): New.
* src/engine-gpg.c (gpg_keylist_build_options): Handle new mode.
* src/engine-gpgsm.c (gpgsm_keylist, gpgsm_keylist_ext): Ditto.
* src/keylist.c (parse_sec_field15): Add arg key and take care of
--with-secret output.

* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Add
"with_secret".  Print card info and and secret flag for subkeys.
--

Note: This mode may only be used with GnuPG >= 2.1.
2014-06-04 09:57:54 +02:00
Werner Koch
de6caeed6d Add 6 new GPGME_STATUS_ codes.
* src/status-table.c: Also add missing DECRYPTION_INFO entry.
2014-05-13 16:08:01 +02:00
Werner Koch
88f15336ec Add field CURVE to the key info.
* src/gpgme.h.in (struct _gpgme_subkey): Add field CURVE.
* src/key.c (gpgme_key_unref): Free CURVE.
* src/keylist.c (keylist_colon_handler): Set CURVE.

* src/gpgme.c (gpgme_release): For failsafe reasons reset engine and
engine info after freeing.
--

The engine hack is useful in case the other release functions
accidently call engine release.
2014-05-08 20:39:15 +02:00
Werner Koch
de4a1ea684 Fix a memory access and a double slash bug.
* src/engine-spawn.c (engspawn_start): Allocate space for list
terminator.
* src/posix-util.c (walk_path): Fix trailing slash detection.
--

Kudos to Valgrind for pointing out these two problems.

The first is a plain allocation bug in a code pattern I have written
thousands of times - this time it went wrong.  The allocation is not
user controlled thus not directly exploitable.

The second is missed to do what it intended to do.  Found due to the
access of malloced but not initialized memory.  Not using calloc
again proved to be helpful to detect logical error.
2014-05-08 20:35:57 +02:00
Werner Koch
d5fb92cdae Map public key algos returned by gpg to gpgme values.
* src/conversion.c (_gpgme_map_pk_algo): New.
* src/decrypt.c (parse_enc_to): Add arg PROTOCOL and map pubkey algo.
(_gpgme_decrypt_status_handler): Map pubkey algo.
* src/keylist.c (keylist_colon_handler): Map pubkey algo.
* src/sign.c (parse_sig_created): Add arg PROTOCOL and map pubkey
algo.
* src/verify.c (parse_new_sig): Ditto.
(parse_valid_sig): Ditto.

* src/gpgme.h.in (GPGME_PK_ECC): New.
(GPGME_MD_SHA224): New.
* src/gpgme.c (gpgme_pubkey_algo_name): Add GPGME_PK_ECC case.
(gpgme_hash_algo_name): Add GPGME_MD_SHA224.
--

This affects only the not yet released ECC code of GnuPG 2.1.
2014-05-08 14:11:58 +02:00
Werner Koch
991cde9e79 Add GPGME_ENCRYPT_NO_COMPRESS flag.
* src/gpgme.h.in (GPGME_ENCRYPT_NO_COMPRESS): New.
* src/engine-gpg.c (gpg_encrypt, gpg_encrypt_sign): Implement it.
* src/gpgme-tool.c (_cmd_sign_encrypt): Add option --no-compress.
2014-05-08 11:31:30 +02:00
Werner Koch
62711e5614 w32: Fix another memleak on error.
* src/w32-io.c (create_reader): free CTX.
--

Found by Hans-Christoph Steiner with cppcheck.
2014-04-16 10:19:54 +02:00
Werner Koch
85a07ca7e3 w32: Fix memleak in an error code paths.
* src/w32-io.c (create_writer): Free CTX in cased of bad FD.
* src/w32-util.c (_gpgme_mkstemp): Free TMPNAME in case of a failed
mkstemp.
--

Found by Hans-Christoph Steiner with cppcheck.
2014-04-15 22:18:04 +02:00
Werner Koch
2bb26185e3 Fix possible zombie processes.
* src/posix-io.c (_gpgme_io_waitpid): Protect waitpid agains EINTR.
(_gpgme_io_dup): Likewise.
(_gpgme_io_connect): Likewise.
--

GnuPG-bug-id: 1630
2014-04-15 12:25:45 +02:00
Werner Koch
d3bd8fff86 Actually implement flags for gpgme_op_spawn.
* src/spawn.c (gpgme_op_spawn_start, gpgme_op_spawn): Pass FLAGS dow
to spawn_start and add FLAGS args along the call path.
* src/engine-spawn.c (engspawn_start): Hack to automagically provide
argv[0].
2014-04-10 14:17:19 +02:00
Werner Koch
4f2d652e60 Add GPGME_PROTOCOL_SPAWN and gpgme_op_spawn.
* src/gpgme.h.in (GPGME_PROTOCOL_SPAWN): New.
(GPGME_SPAWN_DETACHED, GPGME_SPAWN_ALLOW_SET_FG): New.
* src/gpgme.c (gpgme_set_protocol): Add new protocol.
(gpgme_get_protocol_name): Ditto.
* src/spawn.c: New.
* src/libgpgme.vers, src/gpgme.def: Add new public functions.
* src/engine-spawn.c: New.
* src/Makefile.am: Add new files.
* src/engine-backend.h (struct engine_ops): Add OPSPAWN.
* src/engine.c (engine_ops): Add _gpgme_engine_ops_spawn.
(gpgme_get_engine_info): Add Spawn to the list of protocols.
(_gpgme_engine_op_spawn): New.

* src/gpgme-tool.c (gt_protocol_from_name): Add new protocol.
(gt_spawn, cmd_spawn): New.
2014-04-10 13:01:00 +02:00
Werner Koch
77931a9a14 Add gpgme_get_dirinfo.
* src/dirinfo.c (gpgme_get_dirinfo): New.
* tests/t-engine-info.c (main): Print results from that function.
2014-04-10 11:48:20 +02:00