Commit Graph

677 Commits

Author SHA1 Message Date
Werner Koch
6b9ff1ba39
core: Fix error return value of _gpgme_run_io_cb.
* src/wait.c (_gpgme_run_io_cb): Fix return code.
--

The function needs to return an gpg_error_t and not ERRNO.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-06 18:57:28 +02:00
Werner Koch
0f68c9f16b
core: Prettify _gpgme_io_select debug output again and fix TRACE_SYSRES.
* src/debug.c (_gpgme_debug): Take better care of NULL userinfo.
(_gpgme_debug_end): Rework.
(_trace_sysres): Print ERRNO and not the supplied RES.
--

The TRACE_SYSRES patch fixes
Regression-due-to: 7a1e7006d0

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-05 16:48:47 +02:00
Werner Koch
8f9f3224aa
core: Improve the debug messages even more.
* src/debug.c (_gpgme_debug): Add arg LINE.  Chnage all callers.
(_gpgme_debug_begin): Remove.
* src/debug.h (TRACE_SEQ): Use the LINE arg of _gpgme_debug.
--

This includes chnages to always print fds in decimal as weel as
tweaking the TARCE_SEQ function to make use of the new machinery.

The standard 'tag' can now always be NULL and no tag information will
be printed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-05 15:54:55 +02:00
Werner Koch
856d2e8d64
core: Avoid explicit locks in the debug code.
* src/debug.c (debug_lock): Remove.  Also remove all users.
(_gpgme_debug): Use gpgrt_bsprintf to prepare the output and finally
print using standard fprintf.  Reformat to prefix to be narrower.
--

Note that the locks are now implicitly done using the systems stdio.

The threadid is now printed with 4 digits in hex and thus without the
angle brackets and the 0x.  However it is still a hex number even if it
may look like an octal number.  The hex letters are uppercase to make
searching in locks easier iff the threadid happens to have a letter in
it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-05 13:11:16 +02:00
Werner Koch
f56c996318
json: Print "nan", "-inf", "inf" if needed.
* src/cJSON.c (print_number): Print NaN and INF.
--

GnuPG-bug-id: 4328
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-04 10:56:48 +02:00
Werner Koch
fabe96126b
json: Improve handling of large exponents in the JSON parsor.
* src/cJSON.c: Include stdint.h.
(parse_number): Avoid overflob in SUBSCALE and cap integer values.
--

GnuPG-bug-id: 4330
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-04 10:42:40 +02:00
Werner Koch
1024884e07
core: Implement recpstring option parsing for gpgsm.
* src/engine-gpg.c (append_args_from_recipients_string): Detect bad
options.
* src/engine-gpgsm.c (set_recipients_from_string): Implement option
parsing.
--

The only option we actually implement is "--" but the code layout is
now very simlar to engine-gpg and can easily be extended if ever
needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-04 09:29:09 +02:00
Werner Koch
e9ca36f876
core: Make gpgme_op_encrypt_ext work for CMS.
* src/engine-gpgsm.c (gpgsm_encrypt): Fix argument check.
--

It is pretty obvious thar the string based new encrypt function has
never been tested for S/MIME.  The fix was easy.  A followup patch
will extend it to allow for keywords in the future.

GnuPG-bug-id: 4556
Fixes-commit: a1f76b3b54
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-04 08:27:49 +02:00
NIIBE Yutaka
7673ef7953 core: Fix duplication of close_notify_handler for gpgsm.
* src/engine-gpgsm.c [!USE_DESCRIPTOR_PASSING] (gpgsm_new): Remove
last call to _gpgme_io_set_close_notify.

--

It is called just after the code in question for all cases.

GnuPG-bug-id: 4456
Fixes-commit: dd21ec997c
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-04-19 14:54:52 +09:00
NIIBE Yutaka
814f6c8de8 core: Fix error return.
* src/engine.c (_gpgme_set_engine_info): Add error return.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-04-19 11:34:12 +09:00
Andre Heinecke
140d694e1f
core,w32: Fix minor potential memleak
* src/w32-util.c (_gpgme_create_process_utf8): Free converted
startup info strings.
2019-04-09 14:24:17 +02:00
Andre Heinecke
ecbba12b86
core,w32: Fix new w32-util functions
* src/w32-util.c (_gpgme_access): Respect mode parameter.
(_gpgme_create_process_utf8): Convert startupinfo, too.

--
This both did not show up in testing as we only use
mode F_OK and STARTUPINFOA is basically the same as
STARTUPINFOW.

Fixes commit: a82e3a0ae5

GnuPG-Bug-Id: T4453
2019-04-09 14:11:21 +02:00
Andre Heinecke
a82e3a0ae5
core,w32: Improve handling of Unicode paths
* src/dirinfo.c (get_gpgconf_item): Use _gpgme_access.
* src/posix-util.c (_gpgme_access): Add forward to normal access.
* src/sys-util.h (_gpgme_access): New for posix and w32.
* src/w32-io.c (_gpgme_io_spawn): Use _gpgme_crate_process_utf8.
* src/w32-util.c (utf8_to_wchar, utf8_to_wchar0): The usual w32 conv.
(find_program_in_dir): Use _gpgme_access.
(find_program_at_standard_place): Use wchar API and convert to UTF-8.
(_gpgme_access): Convert UTF-8 to wchar and use wchar API.
(_gpgme_create_process_utf8): Convert UTF-8 to wchar and use wchar API.

--
While we should not say that we have full support for unicode path
installations of GnuPG, this ensures that GPGME works if GPGME
itself is installed in a unicode path. e.g.: Libreoffice supports
this.

GnuPG-Bug-Id: T4453

Based on a patch provided by Egor Pugin. Thanks.
2019-04-09 13:42:58 +02:00
Andre Heinecke
937adfdcbb
core,w32: Show w32-spawn warning only once
* src/w32-io.c (_gpgme_io_spawn): Show MessageBox only once.

--
This prevents multiple message boxes from showing when
the GPGME installation is unworkable.

GnuPG-Bug-Id: T4453
2019-04-09 13:25:08 +02:00
Andre Heinecke
4a4680f890
core, w32: Fix format string errors on windows
* src/debug.c (_gpgme_debug): Use gpgrt_vasprintf instead of
vfprintf to have a more portable format.

--
This fixes crashes on Windows because "%zu" is used which
is not natively supported on Windows but which gpgrt supports.
2019-03-27 17:47:41 +01:00
Andre Heinecke
19a4c4daa2
core: Fix assuan logger-fd hack for windows
* src/assuan-support.c (my_spawn): Zero is a perfectly fine fd.
2019-03-27 16:12:38 +01:00
Andre Heinecke
213c4bc1eb
core,w32,glib: Fix build of w32-glib-io.c
* src/w32-glib-io.c (_gpgme_io_pipe, _gpgme_io_connect): Do not
use TRACE_SUC in a return statement.
2019-03-26 19:22:44 +01:00
Andre Heinecke
10576dc427
core: Fix a strtoul to strtol
* src/assuan-support.c (my_spawn): Fix using strtoul for
a long.

--
This was commented on in129def87b262 and is correct.
It is signed here to better handle cases where an
invalid handle value (-1) would be passed.
2019-03-26 16:35:13 +01:00
Andre Heinecke
129def87b2
core, w32: Add hack to translate diag logger-fd
* src/assuan-support.c (my_spawn): Add hack to
mark the logger fd for w32spawn translation.

--
The w32 spawn code needs to modify argv with
an updated fd that matches the real id
in the spawned process.

It uses spawn_fd_item_s.arg_loc for that.
We hack it here so that the arg_loc is set
for gpgsm's logger-fd without changing
the assuan API.

GnuPG-Bug-Id: T4426
2019-03-25 14:56:37 +01:00
Werner Koch
dd21ec997c
core: Support GPGME_AUDITLOG_DIAG for gpgsm.
* src/engine-gpgsm.c (struct engine_gpgsm): Add fields diag_cb and
diagnostics.
(close_notify_handler): Close the diag fd on status fd close.
Handle diag close.
(gpgsm_cancel): Handle diag.
(gpgsm_release): Free DIAGNOSTICS.
(gpgsm_new): Support the diag feature.
(start): Set a handler for the diag fd.
(gpgsm_getauditlog): Support GPGME_AUDITLOG_DIAG.
--

Co-authored-by: Andre Heinecke <aheinecke@gnupg.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-19 19:53:22 +01:00
Werner Koch
1bdab961c5
json: Fix cosmetic error in the repl.
* src/gpgme-json.c (native_messaging_repl): Use correct var with sizeof.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-28 14:05:06 +01:00
Andre Heinecke
4a117859e7
json: Limit recursion depth
* src/cJSON.c (MAX_DEPTH): New. Maximum recursion depth.
(parse_value, parse_array, parse_object): Carry and check
depth argument.
(cJSON_ParseWithOpts): Initialize depth.

--
This fixes a stack overflow if we get weird recursive
json data.

GnuPG-Bug-Id: T4331
2019-02-27 14:27:47 +01:00
Werner Koch
4c49417cc0
core,w32: Fix missing sentinel in dir name builder.
* src/w32-util.c (_gpgme_get_gpgconf_path): Add NULL top strconcat.
--

Fortunately this is called early and the stack like cleared out so
that we have not seen wrong behaviour until now.  We should really fix
all these annoying HANDLE/int cast warnings and alike so that real
bugs are not drowned by them.

GnuPG-bug-id: 4369
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-19 12:11:22 +01:00
Werner Koch
ed81892917
json: Better use gpgme_free
* src/gpgme-json.c (subkey_to_json): here
--

Avoid Windows ugliness of allowing different CRTs in the same
process.

Fixes-commit: 7f24233719
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-25 15:20:26 +01:00
Werner Koch
7f24233719
json: Fix minor memory leaks.
* src/gpgme-json.c (interactive_repl): Fix memleak.
(subkey_to_json): Ditto
(op_config): Delay init of j_comps to avoid a leak on error.
--

GnuPG-bug-id: 4341, 4342, 4343
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-25 13:45:47 +01:00
Werner Koch
8b41fb08f0
core: Silence newer compiler warnings.
* configure.ac: Add -Wno-format-truncation and
  -Wno-sizeof-pointer-div.
* src/b64dec.c (_gpgme_b64dec_proc): Add fallthrough annotation.
* src/cJSON.c (parse_string): Ditto.
* src/gpgme-json.c (main): Ditto.
--

gcc 8 enables a couple of new warnings.  Some of them are useless for
us.  In particular:

  util.h:42:26: warning: division 'sizeof (char *) / sizeof (char)'
  does not compute the number of array elements [-Wsizeof-pointer-div]
  #define DIM(v) (sizeof(v)/sizeof((v)[0])) ^

  trustlist.c:101:22: note:
  in expansion of macro 'DIM' if (strlen (p) == DIM(item->keyid) - 1)

Which is a real standard way to use DIM, here the right hand side is
equivalent to sizeof but nevertheless it is correct.  Yes sir, we know
C.

The format string warnings I have seen were assuming that the time
structure returns valued out of scope - but if the system is that
broken, the s_n_printf catches this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-17 16:47:27 +01:00
Andre Heinecke
78f6291a3b
core: Fix ERR_INV_ARG check in genkey_start
* src/genkey.c (gpgme_op_genkey_start): Fix check for
parms.

--
This fixes a regression introduced by:
174af15725

So that the error was triggered by usual args.

GnuPG-Bug-Id: T4265
2018-12-07 10:43:58 +01:00
Werner Koch
649b196881
doc: Minor comment cleanups.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-03 10:41:00 +01:00
Werner Koch
b182838f71
core: Fix format string errors in w32-io.c and use of TRACE_SUC.
* src/w32-io.c: Fix use of TRACE_SUC.  Fix some format strung errors.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-19 12:49:40 +01:00
Werner Koch
7a1e7006d0
core: Protect the trace macros for fun and profit.
* src/debug.h: Protect macros using.
(_trace_err, _trace_sysres, _trace_syserr): New helper inline
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 18:17:22 +01:00
Werner Koch
7eda50a673
core: Fix a LF problem in the new debug fucntion.
* src/debug.c (_gpgme_debug): Print a LF for an empty FORMAT unless we
are in legacy mode.
2018-11-16 18:15:22 +01:00
Werner Koch
cf42386406
core: Fix format string errors in trace macros
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 16:57:09 +01:00
Werner Koch
94d274a1a3
core: Remove old debug helper function
* src/debug.c (_gpgme_debug): Remove.
(_gpgme_debugf): Rename to _gpgme_debug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 16:39:26 +01:00
Werner Koch
5857491a2a
core: Simplify the trace maros by using variadics.
* src/debug.h (TRACE_BEG, TRACE_LOG, TRACE_SUC): Use variadic macros
and remove the TRACE_BEG1 et al.  Change all users to always pass a
format string.
(TRACE): Ditto.
* src/debug.c (_gpgme_debugf): New.
* configure.ac <GCC>: Add -Wno-format-zero-length.
--

This makes it easier for use to enable format checks.  The zero-length
format is required to allow for an empty format due to the comman
problematic of __VA_ARGS__.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 16:25:49 +01:00
Werner Koch
8d91c0f4cd
Add SPDX identifiers to most source files
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 13:27:33 +01:00
NIIBE Yutaka
60828a505a build: Make gpgme.m4 use gpgrt-config with *.pc.
* src/gpgme.m4 (_AM_PATH_GPGME_CONFIG): Use gpgrt-config with gpgme.pc
when possible.
(AM_PATH_GPGME_GLIB): Likewise with gpgme-glib.pc.

--

Keeping AM_PATH_GPGME_PTHREAD, as is, untouched.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-12 10:01:16 +09:00
NIIBE Yutaka
a76e145a10 build: Provide gpgme-glib.pc too.
* src/gpgme-glib.pc.in: New.
* src/gpgme.pc.in (avail_lang): Remove.

--

Provide gpgme-glib.pc for gpgme-glib library.  The avial_lang
information is no use because *.pc is for C.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-12 09:59:05 +09:00
NIIBE Yutaka
f3e6052189 build: Provide gpgme.pc, generated by configure.
* configure.ac: Generate src/gpgme.pc.
* src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New.
(EXTRA_DIST): Add gpgme.pc.in.
* src/gpgme.pc.in: New.
* src/gpgme-config.in: Use variables.

--

Some usages of gpgme-config is not compatible to pkg-config style;
The --glib option and --thread option which affect the output
by --cflags or --libs are not supported by gpgme.pc.

gpgme-config's embedding information for gpg-error and libassuan at
the build time of gpgme is considered inflexible than pkg-config
style.  It is now handled by dependency of gpgme.pc (Requires field).

To use gpgme.pc, newer libgpg-error (>= 1.33) and libassuan (>= 2.5.3)
are required, which provide gpg-error.pc and libassuan.pc respectively.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-12 09:03:49 +09:00
Daniel Kahn Gillmor
2557d0ae6f spelling: fix misspellings
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-11-08 12:34:27 +07:00
Werner Koch
bded8ebc59
gpg: Avoid error diagnostics with --override-session-key.
* src/engine-gpg.c (gpg_decrypt): Add --no-keyring.
--

GnuPG-bug-id: 3464
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-05 10:30:45 +01:00
Werner Koch
5262ce0c81
w32: Fix a few compiler warnings.
* src/debug.h (TRACE_SYSERR_NR): New.
* src/w32-io.c: Fix compiler warnings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 12:54:22 +01:00
Werner Koch
ed3f5ad760
w32: Log all errors from CloseHandle and WFSO in w32-io.
* src/w32-io.c (close_handle, _close_handle): New macro and function;
use in place of all CloseHandle calls.
(wait_for_single_object, _wait_for_single_object): Likewise.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 12:28:17 +01:00
Werner Koch
4faa0ccf58
w32: Don't use CloseHandle on an arbitrary integer.
* src/assuan-support.c (my_waitpid): Do not close the PID = it is not
a handle.
--

At some time in the distant past we might have used the process object
as pid which obviously required a close.  However this was changed and
so what we did here was to close an arbitrary handle (one which
matches the pid).

GnuPG-bug-id: 4237
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 11:26:19 +01:00
Werner Koch
da89528ac3
w32: Revamp the closing of system objects.
* src/w32-io.c (hddesc_t): New.
(reader_context_s, writer_context_s): Replace file_sock and file_hd by
the hddesc_t hdd.
(fd_table): Ditto.  Add want_reader and want_writer.
(hddesc_lock): New lock variable.
(new_hddesc, ref_hddesc): New.
(release_hddesc): New.
(reader, writer): Call release_hddesc.
(create_reader, create_writer): Change for new hddesc scheme.
(destroy_reader, destroy_writer): Replace closing by a call to
release_hddesc.
(_gpgme_io_pipe): Change for new hddesc scheme.
(_gpgme_io_close): Ditto.
(_gpgme_io_dup): Ditto.  Use want_reader and want_writer.
(_gpgme_io_socket): Change for new hddesc scheme.
--

GnuPG-bug-id: 4237
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 09:14:58 +01:00
Werner Koch
337c108255
core: Print a dump of the I/O data only at level 8.
* src/debug.h (TRACE_SUC3): New.
(TRACE_LOGBUFX): New.
* src/posix-io.c: Use TRACE_LOGBUFX instead of TRACE_LOGBUF.
* src/w32-glib-io.c: Ditto.
--

This will also be changed for w32-io as part of another commit.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 09:03:43 +01:00
Werner Koch
acef4f775f
w32: Fix and improve CancelSynchronousIo use.
* src/w32-util.c (_gpgme_w32_cancel_synchronous_io): Fix name of DLL
and print trace info only on error.
--

Fixes-commit: 63ba09b541
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 08:47:44 +01:00
Werner Koch
63ba09b541
w32: Use CancelSynchronousIo in destroy_reader.
* src/w32-util.c (_gpgme_w32_cancel_synchronous_io): New.
* src/w32-io.c (destroy_reader): Use it here.
--

This has not been tested but should on Vista and later help to fix a
possible hang.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-01 09:55:24 +01:00
Werner Koch
338e9edfdb
w32: Merge all the object tables of w32-io into one.
* src/w32-io.c (fd_table_size): New.  Used in most places instead of
the MAX_SLAFD constant.
(reader_table, writer_table, notify_table): Merge them into ...
(fd_table): this table.  Chnage all affected code to take just one
lock.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-01 09:53:48 +01:00
Werner Koch
79fc7c0fe8
w32: Remove unused arg from two functions.
* src/w32-io.c (find_reader, find_writer): Remove unused start_it
arg.  It is always passed as true.  Change callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-31 14:58:23 +01:00
Werner Koch
3c04dea3ec
w32: Remove all support for WindowsCE
* configure.ac: Remove WindwosCE support.
* contrib/: Remove all; it was only used for WindowsCE.
* src/w32-ce.c, src/w32-ce.h: Remove files.
* src/Makefile.am (system_components): Remove these files.
* src/ath.c, src/ath.h: Remove W32CE support.
* src/data-compat.c (gpgme_data_new_from_filepart): Ditto.
(gpgme_data_new_from_file): Ditto.
* src/debug.c (debug_init, _gpgme_debug): Ditto.
* src/gpgme-tool.c (gpgme_server): Ditto.
(main): Ditto.
* src/priv-io.h: Do not include w32-ce.h.
* src/util.h: Remove WindowsCE support.
* src/w32-io.c: Ditto.
* src/w32-util.c: Ditto.
* src/debug.h (TRACE_SUC4): New.
--

There is no more hardware to test our code, the support for Windows CE
terminated along time ago.  Note that our code worked only with the
old WindowsCE with that overall system limit of 31 processes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-31 12:35:14 +01:00
Werner Koch
2e07d4f89a
w32: Remove cruft in w32-io from WindowsME times.
* src/w32-io.c (set_synchronize): Remove.
(create_reader, create_writer): No need for set_synchronize.
--

The set_synchronize dates back to 2001 at a time when I wrote the
Windows support on WindowsME and Windows2000.  Maybe this was required
then due to bugs in that old NT or partly NT based Windows versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-31 12:00:08 +01:00
Werner Koch
9eef23fcf3
w32: Fix previous commit.
* src/w32-io.c (_gpgme_io_spawn): Move freeing of TMP_NAME behind its
use in an error handling.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-30 11:19:33 +01:00
Andre Heinecke
7a1b58045f
core,w32: Fix memleak of tmp_name in w32-io
* src/w32-io.c (_gpgme_io_spawn): Free tmp_name.

--
GnuPG-Bug-Id: T4238
2018-10-29 19:44:02 +01:00
Andre Heinecke
8f27511862
core: Do not crash if CMS plaintext is ignored
* src/engine-gpgsm.c (gpgsm_verify): Fix handling both
plaintext and signed_text as NULL.

--
Previously if plaintext was NULL and signed_text was NULL
it would set MESSAGE_FD to NULL which resulted in a
crash.

Ignoring the plaintext of an opaque signature might
make sense in some cases and engine-gpg handles it.
2018-10-29 16:11:22 +01:00
Werner Koch
fbac11b19d
core: Fix segv in genkey when no endtag is provided.
* src/genkey.c (get_key_parameter): Provide a fallback ENDTAG.
--

It would actually be more correct to return an error in this case but
it is possible tha there are users who did not provide an endtag and
out of luck they also didn't trigger a segv.

GnuPG-bug-id: 4192
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-18 17:37:57 +02:00
Werner Koch
174af15725
core: Return an error if NULL is provided for genkey's parms.
* src/debug.c (_gpgme_debug_buffer): Bail out of BUF is NULL.
* src/genkey.c (gpgme_op_genkey): Do no deref a NULL in
TRACE_LOGBUF.
(gpgme_op_genkey_start): Ditto. Return an error if PARMS is NULL.
--

This robustness patch should solve one part of
GnuPG-bug-id: 4192
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-18 16:54:51 +02:00
Daniel Kahn Gillmor
12b0b5c894 doc: convert more links to equivalent https:// URLs
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-18 00:28:51 -04:00
Daniel Kahn Gillmor
a81534fed8 doc: convert more http:// links to https://
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-18 00:28:51 -04:00
Daniel Kahn Gillmor
2f12427e41 doc: use https:// for www.gnu.org
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-18 00:28:51 -04:00
Werner Koch
d63d6d8b80
core: Really remove CR from version output.
* src/version.c (_gpgme_get_program_version): Fix test.
--

Fixes-commit: 6bde056355
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-16 17:05:14 +02:00
Andre Heinecke
85627e5818
core: Add trust-model flag
* src/context.h (gpgme_context): Extend with trust_model.
* src/engine-gpg.c (engine_gpg): Extend with trust_model.
(gpg_set_engine_flags): Take trust_model from context.
(build_argv): Handle trust_model.
(gpg_release): Free trust_model.
* src/gpgme.c (gpgme_set_ctx_flag): Handle trust-model flag.
(gpgme_release): Release trust-model.
* doc/gpgme.texi: Document new flag for gpgme_set_ctx_flag.
(Context Flags): New subsection for the context flags.
* tests/run-keylist.c (show_usage, main): Add new --trust-model
parameter.

--
This gives a GPGME user fine grained control over the
trust-model.

Changing the trust model for only a single application depends
on:
GnuPG-Bug-Id: T4134
Maniphest Tasks: T4134
Differential Revision: https://dev.gnupg.org/D466
2018-10-09 10:48:58 +02:00
Andre Heinecke
ecfa88e65f
core: Ensure r_key init in gpgme_get_key
* src/keylist.c (gpgme_get_key): Move r_key init above
the first invalid value check.

--
This fixes the case where someone passes an unitialized
r_key and no fingerprint.
2018-10-09 10:45:12 +02:00
Werner Koch
1aff2512d8
Release 1.12.0
* configure.ac: Bump core LT version to C32/A21/R0.  Bump C++ LT
version to C14/A8/R0.

* lang/qt/tests/Makefile.am (CLEANFILES): Add reader status files.
* Makefile.am (EXTRA_DIST): Add conf/whatisthis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-08 11:17:01 +02:00
Werner Koch
913601f487
core: Apply GPGME_EXPORT_MODE_NOUID also to keyserver exports.
* src/engine-gpg.c (export_common): Add keyserver-options to the
send-keys commands.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-05 15:16:53 +02:00
Werner Koch
7b861945fd
core: add experimental GPGME_EXPORT_MODE_NOUID.
* src/gpgme.h.in (GPGME_EXPORT_MODE_NOUID): New.
* src/export.c (export_start): Adjust option check.
* src/engine-gpg.c (export_common): Implement option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-02 11:18:00 +02:00
Werner Koch
dcdabf5f2e
python: Silence a few warnings.
* src/gpgme.h.in: Obsolete "class" also for Python.
* lang/python/gpgme.i: Silenece a swig warning.  Silence a gcc
warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-09-20 17:45:07 +02:00
Werner Koch
c569adb5e3
json: Remove subkey-algo from createkey command.
* src/gpgme-json.c (op_createkey): Remove subkey-algo param.
(GPG_AGENT_ALLOWS_KEYGEN_TRHOUGH_BROWSER): Fix typo.
* lang/js/src/Keyring.js: Remove subkey-algo support.
* lang/js/src/permittedOperations.js: Ditto.
--

We do not want to expose details of the protocol's key generation and
thus the subkey-algo does not make sense.  Right now we support only
the default and future-default algorithms.  A user can configure them
anyway using new-default-key-algo in gpg.conf.  Eventually we may
officially support a more flexible way of creating special structured
OpenPGP keys but right now that is not part of the API.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-09-19 11:51:31 +02:00
Ben McGinnes
2375959180 estreams revised
* Egon Spengler was right, crossing the streams is bad.
* Restored both src/gpgme.def and src/libgpgme.vers to use the
  estreams symbols without the leading underscore.
* The new_from_estream() function added to lang/python/src/core.py and
  set to alias the new_from_stream() function remains.
* Opted for the solution favouring Linux onthree main grounds:
  1. Andre reported major problems with Windows as well, so the number
     of potentially affected systems would vastly increase.
  2. All the BSDs and OS X have spent far more time and development
     work in order to accommodate the eccentricities of both Microsoft
     and the GNU Project (ref. GCC), so they're more likely to be able
     to cope with doing so again than the other way around.
  3. If I really have to I can write a custom installer for OS X to
     try this and, if it fails, to then patch the two symbol entries and
     recompile from scratch.  That said, I may not have to since it
     actually behaved during the most recent tests for this
     commit; into ten separate CPython installations and all five
     supported versions (standard source installs and OS X Framework
     installs for each version).

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-08 14:45:37 +10:00
Ben McGinnes
879cc1f84f estreams symbols for python bindings
* It turns out that even though some platforms detect differing
  symbols for estreams, the two types do not appear to be in
  conflict.  At least they don't from the BSD/OS X side of things.
  As a consequence both versions are now included.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-02 19:07:18 +10:00
Ben McGinnes
1d00fb987b python bindings: estreams fix
* lang/python/src/core.py: Adjusted new_from_estream function to alias
  new_from_stream instead of fd.
* fixed the _gpgme import errors introduced in commit
  08cd34afb7 by changing the exported
  functions/types to match the inner module where all the work is
  done, rather than the outer one(s).

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-08-30 15:41:31 +10:00
Andre Heinecke
1420c3bd68
json: Fix detached verify
* src/gpgme-json.c (op_verify): Only create output and
use it for clearsigned and opaque signed.

--
Just passing output to gpgme_op_verify changes the behavior to
no longer do a verify of the signature.
2018-08-29 14:32:36 +02:00
Andre Heinecke
3bdf8be6d2
json: Delete primary key if subkey gen fails
* src/gpgme-json.c (op_delete): Delete primary key on
subkey gen error.

--
This can happen for example if the user cancels the
pinentry to unlock the primary key when adding the
subkey.  To avoid an artifact of a pimary key without
an encryption capable subkey we delete the created
key and treat the whole operation as failed.
2018-08-28 08:35:06 +02:00
Andre Heinecke
7d3c13df26
json: Allow NULL request in encode and chunk
* src/gpgme-json.c (encode_and_chunk): Don't error on NULL
request.

--
This fixes the error that is passed when parthing the json
object failed and request would be NULL.
Instead of the JSON parser error it would otherwise report
that encode and chunk failed.
2018-08-28 08:05:46 +02:00
Werner Koch
53c5b9a265
json: Do not put FILE_NAME into the verify result.
* src/gpgme-json.c (verify_result_to_json): Remove "file_name".
--

Having the file name in the verify result may lead developers to
assume that the file name is covered by the signature.  This is not
the case and can easily be checked by hex-editing a signed message.
We better don't output it at all.

The same is true for the is_mime flag but that is anyway only an
advisory and I can't see damage from a faulty one.

Note that we keep file_name in gpgme's output for ABI stability and
because some tools want to display meta information even if they are
subject to tampering.  This is similar to the non-encrypted subject in
mails.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27 11:43:02 +02:00
Werner Koch
702566b36c
doc: Add warning that FILE_NAME is not part of the signed data.
--
2018-08-27 11:43:02 +02:00
Jasper Spaans
08cd34afb7
core: Export gpgme_data_new_from_estream function.
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27 09:06:20 +02:00
Andre Heinecke
a5f8dac77d
json: Add sender and file name to encrypt
* src/gpgme-json.c (hlp_encrypt, op_encrypt): Support sender
and file_name.
2018-08-23 20:50:18 +02:00
Andre Heinecke
263dadb04a
json: Add proper decrypt_result_t handling
* src/gpgme-json.c (recipient_to_json, decrypt_result_to_json):
New.
(op_decrypt, hlp_decrypt): Update.

--
The op_decrypt as one of the first operations did not yet
match the current 1 <> 1 mapping of gpgme types to json
dictonaries.

info and dec_info are bad names but used for compatibility reasons.
2018-08-21 14:36:42 +02:00
Andre Heinecke
8103eeba80
json: Add subkey_algo and defaults to createkey
* src/gpgme-json.c (op_createkey, hlp_createkey): Add subkey_algo
handling.
(hlp_createkey): Fix documentation of expiry.
--
Due to the funny quick-gen-key interface generating a key
with an explicit algo would result in bad defaults (only an SC key),
without a subkey.

This adds handling that should probably be in GnuPG proper to fix
the semantics of createkey by adding default subkey_algo handling.
2018-08-20 16:38:36 +02:00
Andre Heinecke
4dd1d0abd3
json: Wipe memory in cJSON_Delete
* src/cJSON.c (cJSON_Delete): Wipe memory on deletion.
2018-08-08 14:27:24 +02:00
Andre Heinecke
fdc07b3ddc
json: Only use calloc instead of malloc
* src/cJSON.c, src/gpgme-json.c (CALLOC_ONLY): New define
to change xmalloc / xtrymalloc to use calloc.

--
Some people consider malloc dangerous as it might allow an
information leak.
2018-08-08 14:25:28 +02:00
Andre Heinecke
974a95db04
json: Add checks when skipping byte
* src/cJSON.c (parse_string, cJSON_Minify): Check for
terminating NULL byte when skipping the byte after a an escaped
quote.
2018-08-08 13:30:01 +02:00
Andre Heinecke
6e48bb0f1c
json: Don't error out if chunksize is omitted
* src/gpgme-json.c (encode_and_chunk): Don't error out
if no chunksize is provided.

--
This fixes 82e4b900a9 which
caused every call without chunksize to error out.
2018-08-08 09:49:51 +02:00
Werner Koch
5ef492c563
core: Clear all flags for a new data property.
* src/data.c (PROPERTY_TABLE_ALLOCATION_CHUNK): New.
(insert_into_property_table): Use it here.  Clear all flags.
--

Fixes-commit: 085cdeddef
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 20:38:21 +02:00
Werner Koch
085cdeddef
core: Blank out the plaintext after decryption failure.
* src/data.h (data_prop_t): New enum.
(struct gpgme_data): Add field propidx.
* src/data.c (property_t): New.
(property_table, property_table_size, property_table_lock): New.
(insert_into_property_table): New.
(remove_from_property_table): New.
(_gpgme_data_get_dserial): New.
(_gpgme_data_set_prop): New.
(_gpgme_data_get_prop): New.
(_gpgme_data_new): Connect new object to property_table.
(_gpgme_data_release): Remove from property_table.
(gpgme_data_read): With DATA_PROP_BLANKOUT set don't fill the buffer.
* src/data-mem.c (gpgme_data_release_and_get_mem): Likewise.
* src/decrypt.c (struct op_data): Add field plaintext_dserial.
(_gpgme_op_decrypt_init_result): Add arg plaintext and init new field.
(_gpgme_decrypt_status_handler): Set DATA_PROP_BLANKOUT on decryption
failure.
(_gpgme_decrypt_start): Pass PLAIN to the init function.
* src/decrypt-verify.c (decrypt_verify_start): Ditto.
* configure.ac: Check for stdint.h and bail out if uint64_t is not
available.
--

This is a best effort feature to not output plaintext after a
decryption failure (e.g. due to no or broken authenticated
encryption).  It always work when using a memory object and reading it
after the decryption but it can't work reliable when the user is
reading from the data object while the decryption process is still
running.

This is quite a large change because the data objects and the context
objects are allowed to be owned by different threads.  Thus a
synchronization is needed and we do this with a global table of all
data objects to which the context objects can do soft-linking via a
unique data object serial number.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 17:39:09 +02:00
Werner Koch
af2c74d6c0
json: Don't use strdup but the xtrystrdup wrapper.
* src/gpgme-json.c (create_keylist_patterns): Use CNT as first arg for
xcalloc.
(process_request): s/strdup/xtrystrdup/.
--

calloc takes two arguments so to be able to detect integer overflow.
Thus if we switch from malloc to calloc we should utilize that.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 09:53:37 +02:00
Werner Koch
f42cd70f18
core: New interface gpgme_data_new_from_estream.
* src/gpgme.h.in (gpgme_data_new_from_estream): New.
* src/data-estream.c: New.
* src/data.h (gpgme_data): New union member e_stream.
--

The estream functions (gpgrt_fopen et al.) are any waypart of the
required libgpg-error library and thus it makes sense to provide this
convenience interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 09:51:45 +02:00
Andre Heinecke
98a75a16cc
json: Fix memleak in native msging repl
* src/gpgme-json.c (native_messaging_repl): Free request and
response after each loop.

--
If we only accept once request we should not loop. If we loop
we should do it properly.
2018-07-18 13:15:02 +02:00
Andre Heinecke
6d7b4382c3
json: Ensure that native msging request is string
* src/gpgme-json.c (native_messaging_repl): Ensure that the
request is NULL terminated.

--
This avoids potential memory leaks and access to unmapped memory
in case the request was not terminated.
Other request functions use es_read_line which gurantees NULL
termination.
2018-07-18 13:06:08 +02:00
Andre Heinecke
82e4b900a9
json: Fix crash by ensuring response is never NULL
* src/gpgme-json.c (encode_and_chunk): Try to always
return at least an error.
(process_request): Double check that it does not return NULL.

--
If process_request returns NULL the following strlen on it
would crash.
2018-07-18 13:05:48 +02:00
Andre Heinecke
b78140daf7
json: Fix memory errors in create_keylist_patterns
* src/gpgme-json.c (create_keylist_patterns): Reserve two
pointers more then linefeeds.
(create_keylist_patterns): Fix loop to count linebreaks.
(create_keylist_patterns): Use calloc for good measure.

--
This fixes crashes and memory corruption as cnt did not
match i.
2018-07-18 12:57:51 +02:00
Andre Heinecke
1686e07e77
json: Fix crash on invalid json
* src/gpgme-json.c (process_request): Init res. Check for
json object before encode and chunk.

--
If json is invalid we can't read chunksize and would crash
in encode and chunk.
2018-07-16 19:47:11 +02:00
Andre Heinecke
cc21101a74
json: Fix uninitialized key unref in op_delete
* src/gpgme-json.c (op_delete): Init key.
2018-07-16 19:46:04 +02:00
Werner Koch
1933f5b805
json: Minor cleanups in cJSON.c
* src/cJSON.c: Add comments on the origin of the code.
(parse_string): Allocate an extra byte for safeness.
(cJSON_AddItemToArray): Allo ARRAY to be NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-16 14:42:30 +02:00
Werner Koch
013a7f47ab
json: Fix buffer overflow in cJSON.c
* src/cJSON.c (parse_string): Correctly detect bad hex.
--

The call to parse_hex4 checks that only hex digits follow and in the
error case returns 0.  However, by the time of the combined check for
an invalid value and the error PTR has already been set to the last
hex character and thus if the end-of-string or a quote character was
one of the bad hex digits the loop will miss the end of the string
which does not match with the simple buffer length allocation test at
the begin of the function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-16 12:37:06 +02:00
Andre Heinecke
6cc842c9aa
json: Add with-sec-fprs param to export
* src/gpgme-json.c (add_secret_fprs): New helper.
(op_export, hlp_export): Extend for with-sec fprs.

--
This is a request from Mailvelope, to import an export
they need the information for which keys from the export
a secret key is also available. For simplicity it is
much preferred to get this information in a single call
without the need to do and parse a keylisting additionally
in a second native-messaging call.

So we make it optional to include that info in the export.
2018-07-11 16:18:24 +02:00
Andre Heinecke
40471ec12f
json: Add with-secret without secret only
* src/gpgme-json.c (op_keylist, hlp_keylist): Add "with-secret"
as a flag to do a public keylist with secret information.
2018-07-09 11:36:28 +02:00
Andre Heinecke
7bc5d3c7e4
Add ctx flag for auto-key-locate
* src/context.h (gpgme_context): Add auto_key_locate.
* src/engine-gpg.c (engine_gpg): Add auto_key_locate.
(gpg_set_engine_flags, build_argv): Handle auto_key_locate.
(gpg_release): Free auto_key_locate.
* src/gpgme.c (gpgme_release): Free auto_key_locate.
(gpgme_get_ctx_flag, gpgme_set_ctx_flag): Handle auto-key-locate.
* doc/gpgme.texi: Document auto-key-locate flag.
* tests/run-keylist.c (show_usage, main): Add --from-wkd option.

--
This enables users of GPGME to control more fine grained what
auto-key-locate does.  Especially for WKD lookups / refreshes
can this be useful.

GnuPG-Bug-Id: T2917
Differential Revision: https://dev.gnupg.org/D463
2018-07-09 10:58:04 +02:00
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Andre Heinecke
76b8470915
json: Add keylist mode locate
* src/gpgme-json.c (op_keylist, hlp_keylist): Add locate.

--
The same rationale for the KEYLIST_MODE_LOCATE in GPGME
also applies here. It makes the API a little less magic.
2018-07-04 11:14:44 +02:00