* src/op-support.c (_gpgme_parse_failure): Ignore gpg-exit failures
before modifying args.
--
For op_decrypt_verify the status handler for both decrypt and
verify would parse the failure when the first parser ignored
the failure. This resulted in an ERR_INV_ENGINE as the first
call to parse_failure modified the args.
GnuPG-Bug-Id: T3919
* src/verify.c (_gpgme_verify_status_handler): Remove debug output.
--
Actually this is a real bug because it uses a debug function available
only in the new libgpg-error versions. Time to call Jenkins back from
vacation; there are rumors that he has been seen in the city looking
for a new Ryzen tail coat.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpg/t-verify.c (check_result): Tweak for gnupg < 2.2.7.
--
The not yet releases 2.2.7-beta may print a full fingerprint in the
ERRSIG status. This is compliant with the dscription but the new
t-verify test case did not took in account that older GnuPG versions
print only a keyid.
Fixes-commit: b99502274a
GnUPG-bug-id: 3920
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/op-support.c (_gpgme_parse_plaintext): Add arg r_mime.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ser mime flag.
* src/verify.c (_gpgme_verify_status_handler): Ditto.
* src/gpgme.h.in (gpgme_op_verify_result_t): Append fields 'is_mime'
and '_unused'.
(gpgme_op_decrypt_result_t): New field 'is_mime'. Shrink '_unused'.
* tests/run-decrypt.c (print_result): Print MIME flag.
* tests/run-verify.c (print_result): Ditto.
--
Note that this flag (Liternal Data packet's 'm' mode) is only
specified in RFC-4880bis. To use it you currently need to add
"rfc4880bis" to the the gpg.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (_gpgme_verify_status_handler): Insert missing break.
--
Before the insertion of the compliance status checking the break in
the default clause was used by the STATUS_PLAINTEXT code. That got
lost. I don't see any actual harm due to different values currently
in use for the compliance status.
Fixes-commit: 05fa2a9c77
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme-json.c (MIN_REPLY_CHUNK_SIZE): New const.
(DEF_REPLY_CHUNK_SIZE): New const.
(MAX_REPLY_CHUNK_SIZE): New const.
(pending_data): New var.
(add_base64_to_object): Chnage to take a plain data pointer.
(get_chunksize): New.
(make_data_object): New.
(op_encrypt): Get chunksize and use make_data_object.
(op_getmore): New.
(process_request): Release pending data for all commands but "getmore"
and "help".
--
Native messaging has a limit on the data it may receive in one
request. Thus the caller needs to watch for the "more" flag and
request the remaining data using "getmore" in a loop.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c (append_args_from_recipients_string): Add new
flags.
--
Now you can use gpgme to encrypt without first importing a key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c (struct engine_gpg): New flag.offline.
(gpg_set_engine_flags): Set it. Also fix setting of no_symkey_cache.
(build_argv): Pass --disable-dirmngr in offline mode.
--
GnuPG-bug-id: 3831
Signed-off-by: Werner Koch <wk@gnupg.org>
* lang/python/setup.py.in: Copy gpgme.h instead of parsing it.
--
The python bindings tried to parse deprecated functions
out of gpgme.h. This fails for the current gpgme.h in
that it removes an entire field in the key sig struct (_obsolete_class).
Hence, the fields were off by an int and the bindings accessed struct
members via the wrong offset. That caused python program to crash.
At least on 32bit platforms, the crash can be easily triggered by
accessing key.uids[0].signatures. On 64bit platforms the compiler
probably aligns the struct so that the missing 4 bytes are not noticed.
With this change, the python bindings will expose all functions
that gpgme exposes, including the deprecated ones.
Credits go to Justus Winter for debugging and identying the issue.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
GnuPG-bug-id: 3892
* src/gpgme.h.in (gpgme_op_encrypt_ext_start) New.
(gpgme_op_encrypt_ext): New.
(gpgme_op_encrypt_sign_ext_start): New.
(gpgme_op_encrypt_sign_ext): New.
* src/libgpgme.vers, tests/run-encrypt.c: Add them.
* src/encrypt.c (encrypt_start): Add arg recpstring.
(gpgme_op_encrypt): Factor code out to ...
(gpgme_op_encrypt_ext): new function with new arg recpstring.
(gpgme_op_encrypt_start): Factor code out to ...
(gpgme_op_encrypt_ext_start): new function with new arg recpstring.
* src/encrypt-sign.c (encrypt_sign_start): Add arg recpstring.
(gpgme_op_encrypt_sign): Factor code out to ...
(gpgme_op_encrypt_sign_ext): new function with new arg recpstring.
(gpgme_op_encrypt_sign_start): Factor code out to ...
(gpgme_op_encrypt_sign_ext_start): new function with new arg
recpstring.
* src/engine-backend.h (struct engine_ops): Change fields encrypt and
encrypt_sign.
* src/engine.c (_gpgme_engine_op_encrypt): Add arg recpstring and pass
to engine.
(_gpgme_engine_op_encrypt_sign): Ditto.
* src/engine-gpg.c (append_args_from_recipients_string): New.
(gpg_encrypt): Add arg recpstring and call new function as needed.
(gpg_encrypt_sign): Ditto.
* src/engine-gpgsm.c (set_recipients_from_string): New.
(gpgsm_encrypt): Add arg recpstring and call new function as needed.
* src/engine-uiserver.c (set_recipients_from_string): New.
(uiserver_encrypt): Add arg recpstring and call new function as
needed.
* tests/run-encrypt.c (xstrdup): New.
(main): Add option --keystring.
* src/gpgme-json.c (get_keys): Simplify.
(op_encrypt): Modify to make use of the extended encrypt function.
--
This new feature can be used to avoid the need for a key lookup and
thus several extra calls to the backend.
Note that run-test uses a semicolon as delimiter because that make
testing the feature on the command line much easier.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/op-support.c (_gpgme_parse_failure): Ignore failures with
location "gpg-exit".
* tests/gpg/t-verify.c (main): Adjust for the now working checking of
the second key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (parse_new_sig): Parse the new ERRSIG fpr.
--
This works only when the signatures features an ISSUER_FPR sub-packet
and with GnuPG >= 2.2.7. If that is not the case the keyid is kept in
the FPR field.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpg/t-verify.c (PGM): New. Use it instead of __FILE__.
(test_sig1_plus_unknown_key): New test signature.
(check_result): Allow checking of several signatures.
(main): Check a signature with a know and an unknown key.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Note this code misses all the legal boilerplate; please add this as
soon as possible and provide a DCO so we can merge it into master.
I also removed the dist/ directory because that was not source code.
* src/gpgme-json.c (process_request): Remove 'nm_mode'.
--
This was an error in the javascript testing code. Thus the Mozilla
specs are correct that the request is send verbatim.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme-json.c (opt_debug): New.
(process_request): Add optional arg nm_mode. In this mode take the
request from a "message" object.
(native_messaging_repl): Add debug output and call process_request
in NM_MODE.
(main): Add option --debug. Parse envvar GPGME_JSON_DEBUG as an
alternative way to enable this. Use a default log file.
--
Note that the default log file is ~/.gnupg/S.gpgme-json.log .
Thus to debug a javascript application you should start
watchgnupg --time-only --force ~/.gnupg/S.gpgme-json.log
in a separate tty and then use
GPGME_JSON_DEBUG=1 firefox &
to run firefox.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/keylist.c (gpgme_get_key): Set r_key to NULL.
--
The c++ bindings and others assumed that r_key is set to NULL
on error. This is the behavior gpgme_op_keylist_next also
has. Even if it is not specified what happens to r_key on
error setting it to NULL should not hurt and is more
expected behavior.
This directly fixes an uninitialized memory access error
in the c++ bindings / Kleopatra:
GnuPG-Bug-Id: T3865
And will fix some additional random crashes in Kleopatra and GpgOL.
