* src/engine-gpg.c (append_args_from_recipients_string): Add new
flags.
--
Now you can use gpgme to encrypt without first importing a key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c (struct engine_gpg): New flag.offline.
(gpg_set_engine_flags): Set it. Also fix setting of no_symkey_cache.
(build_argv): Pass --disable-dirmngr in offline mode.
--
GnuPG-bug-id: 3831
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_op_encrypt_ext_start) New.
(gpgme_op_encrypt_ext): New.
(gpgme_op_encrypt_sign_ext_start): New.
(gpgme_op_encrypt_sign_ext): New.
* src/libgpgme.vers, tests/run-encrypt.c: Add them.
* src/encrypt.c (encrypt_start): Add arg recpstring.
(gpgme_op_encrypt): Factor code out to ...
(gpgme_op_encrypt_ext): new function with new arg recpstring.
(gpgme_op_encrypt_start): Factor code out to ...
(gpgme_op_encrypt_ext_start): new function with new arg recpstring.
* src/encrypt-sign.c (encrypt_sign_start): Add arg recpstring.
(gpgme_op_encrypt_sign): Factor code out to ...
(gpgme_op_encrypt_sign_ext): new function with new arg recpstring.
(gpgme_op_encrypt_sign_start): Factor code out to ...
(gpgme_op_encrypt_sign_ext_start): new function with new arg
recpstring.
* src/engine-backend.h (struct engine_ops): Change fields encrypt and
encrypt_sign.
* src/engine.c (_gpgme_engine_op_encrypt): Add arg recpstring and pass
to engine.
(_gpgme_engine_op_encrypt_sign): Ditto.
* src/engine-gpg.c (append_args_from_recipients_string): New.
(gpg_encrypt): Add arg recpstring and call new function as needed.
(gpg_encrypt_sign): Ditto.
* src/engine-gpgsm.c (set_recipients_from_string): New.
(gpgsm_encrypt): Add arg recpstring and call new function as needed.
* src/engine-uiserver.c (set_recipients_from_string): New.
(uiserver_encrypt): Add arg recpstring and call new function as
needed.
* tests/run-encrypt.c (xstrdup): New.
(main): Add option --keystring.
* src/gpgme-json.c (get_keys): Simplify.
(op_encrypt): Modify to make use of the extended encrypt function.
--
This new feature can be used to avoid the need for a key lookup and
thus several extra calls to the backend.
Note that run-test uses a semicolon as delimiter because that make
testing the feature on the command line much easier.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/op-support.c (_gpgme_parse_failure): Ignore failures with
location "gpg-exit".
* tests/gpg/t-verify.c (main): Adjust for the now working checking of
the second key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (parse_new_sig): Parse the new ERRSIG fpr.
--
This works only when the signatures features an ISSUER_FPR sub-packet
and with GnuPG >= 2.2.7. If that is not the case the keyid is kept in
the FPR field.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme-json.c (process_request): Remove 'nm_mode'.
--
This was an error in the javascript testing code. Thus the Mozilla
specs are correct that the request is send verbatim.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme-json.c (opt_debug): New.
(process_request): Add optional arg nm_mode. In this mode take the
request from a "message" object.
(native_messaging_repl): Add debug output and call process_request
in NM_MODE.
(main): Add option --debug. Parse envvar GPGME_JSON_DEBUG as an
alternative way to enable this. Use a default log file.
--
Note that the default log file is ~/.gnupg/S.gpgme-json.log .
Thus to debug a javascript application you should start
watchgnupg --time-only --force ~/.gnupg/S.gpgme-json.log
in a separate tty and then use
GPGME_JSON_DEBUG=1 firefox &
to run firefox.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/keylist.c (gpgme_get_key): Set r_key to NULL.
--
The c++ bindings and others assumed that r_key is set to NULL
on error. This is the behavior gpgme_op_keylist_next also
has. Even if it is not specified what happens to r_key on
error setting it to NULL should not hurt and is more
expected behavior.
This directly fixes an uninitialized memory access error
in the c++ bindings / Kleopatra:
GnuPG-Bug-Id: T3865
And will fix some additional random crashes in Kleopatra and GpgOL.
* src/gpgme-json.c: Remove header argparse.h. Define
GPGRT_ENABLE_ARGPARSE_MACROS.
(interactive_repl): Replace strusage by gpgrt_strusage.
(my_strusage): Add SPDX level.
(main): Switch to gpgrt_argparse stuff but keep very limited
functionality when building with an older libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/keylist.c (gpgme_get_key): Assign a value to the return
parameter only on success.
--
This problem could be triggered by an ambiguous key. The problem is
that the key returned in that case is for one not expected and worse
it has not been ref-ed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (_gpgme_op_import_result): Move new field
'skipped_v3_keys' to the end.
--
The ABI break has not made it into a release.
Also document the new field.
Fixes-commit: a630a1e3e7
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/cJSON.c: Remove util.h. Use gpgrt alloc functions.
(cJSON_Delete): Do not clobber ERRNO.
(cJSON_AddItemToObject): Return OBJECT or NULL.
(cJSON_AddNullToObject): New.
(cJSON_AddTrueToObject): New.
(cJSON_AddFalseToObject): New.
(cJSON_AddBoolToObject): New.
(cJSON_AddNumberToObject): New.
(cJSON_AddStringToObject): New.
* src/cJSON.h (cJSON__h): Replace macro by cJSON_h for C compliance.
(cJSON_AddNullToObject): Remove macro.
(cJSON_AddTrueToObject): Remove macro.
(cJSON_AddFalseToObject): Remove macro.
(cJSON_AddBoolToObject): Remove macro.
(cJSON_AddNumberToObject): Remove macro.
(cJSON_AddStringToObject): Remove macro.
--
The gpgrt malloc functions are used so that we can easily mix memory
returned by gpgrt (e.g. es_read_line) with memory returned from the
JSON function. In general that is not needed but on Windows it makes
a difference if the gpgme DLL is linked to a different C runtime
than the application.
The macros have been replaced to allow error checking (i.e out of
core) for these functions. More error checking should be implemented
instead of silently creating objects which are not as requested.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_import_result_t): Extend with skipped_v3_keys.
* src/import.c (gpgme_op_import_result): Extend debug with new field.
(parse_import_res): Parse skipped_v3_keys.
* tests/gpg/t-support.h, tests/run-support.h (print_import_result):
Print skipped_v3_keys.
--
This makes it possible to handle this in a GUI in a future
version.
GnuPG-Bug-Id: T3776
* src/cJSON.c: New.
* src/cJSON.h: New.
* src/cJSON.readme: New.
--
This is a copy of the code from the payproc commit
af5d6b4f820ee19e246a2cab6f56465fe91f1233. The code was originally
added to payproc with the commit below.
Signed-off-by: Werner Koch <wk@gnupg.org>
===============================================
commit 7ae7ef29bc5ec19e005e6a5a739233d655f3f05f
Author: Werner Koch <wk@gnupg.org>
AuthorDate: Wed Apr 2 09:01:42 2014 +0200
Commit: Werner Koch <wk@gnupg.org>
CommitDate: Wed Apr 2 09:12:02 2014 +0200
Simplify cJSON and add new macros.
* src/cJSON.h: Re-indented.
(cjson_t): New.
(cjson_is_): New macros.
* src/cJSON.c: Re-indented. Include errno.h and our util.h.
(ep): Remove global var.
(cJSON_GetErrorPtr): Remove.
(cJSON_strcasecmp): Cast args for use with tolower.
(cJSON_malloc, cJSON_free): Remove. Change callers to use xtrymalloc
and xfree.
(cJSON_InitHooks): Remove.
(cJSON_strdup): Remove. Change callers to use xtrystrdup.
(cJSON_New_Item): Simplify.
(cJSON_ParseWithOpts, cJSON_Parse): Add arg R_ERROFF.
(parse_string, parse_value, parse_array, parse_object): Add arg EP.
--
cJSON has been taken from cjson-code-58.zip. The README file has been
renamed to cJSON.readme and the files have been changed to GNU coding
standards. Because that parser is small enough to be source copied it
does not make sense to treat it as a library and I changed the memory
allocation functions to the usual xmalloc ones. The only external
dependency now is out util.h which declares those functions.
The lowercase cjson_t better fits into our coding style as well as the
new macros. Thanks to Dave Gamble for this nice parser.
===============================================
* src/engine-spawn.c (engspawn_start): Translate spawn flag
to IOSPAWN flag.
* src/gpgme-w32spawn.c (my_spawn): Handle the new flag.
* src/gpgme.h.in (GPGME_SPAWN_SHOW_WINDOW): New.
* src/priv-io.h (IOSPAWN_FLAG_SHOW_WINDOW): New.
--
Used by GpgOL
* src/w32-io.c (_gpgme_io_spawn): Don't hardcode flags value.
--
IOSPAWN_FLAG_ALLOW_SET_FG is 2 and was translated to 1.
This might fix the pinentry foreground handling pass through.
* src/util.h (GPG_ERR_FALSE): Remove due to newer libgpg-error.
--
We require these over one year old versions to better allign with
GnuPG's demand. Note that the required libassuan is acgtually 2 years
old.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme-w32spawn.c (my_spawn): Create w/o DETACHED_PROCESS.
--
The spawn helper is actually called with DETACHED_PROCESS and should
not need to do a DETACHED_PROCESS of its own. Interestingly this
patch removes the popups.
See Andre's report
GnuPG-bug-id: 3515
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/data.c (_gpgme_data_new): Check for failed selftest.
* tests/run-support.h (make_filename): Print a message on mallooc
failure.
(init_gpgme_basic): New.
* tests/run-identify.c (main): Call init_gpgme_basic becuase we do not
need to setup a protocol.
* tests/t-data.c: Define PGM and include run-support.h.
(make_filename): Remove.
(main): Call init_gpgme_basic.
--
Note: This patch may break applications which used gpgme_data but no
gpgme_new without having called the required gpgme_check_version.
GPGME can be used without a protocol for example to work with the data
object abstraction. Thus a call to gpgme_data_new also needs to check
the result of the core selftests - including on whether
gpgme_check_version has been called.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c (gpg_keylist_preprocess): Check field count
for uid and add fallback.
--
This fixes accessing unintialized memory and resulting
crashes in gpgrt_asprintf.
GnuPG-Bug-Id: T3550
* src/posix-io.c (get_max_fds): use getdents64 instead of getdents.
--
getdents64 was introduced in linux 2.4, so it should be widely
available. some Linux architectures which post-date 2.4 (e.g. arm64)
appear to not have getdents at all, so it's probably better to use the
more modern interface.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* configure.ac (USE_LINUX_GETDENTS): New ac_define. Add option
--disable-linux-getdents.
* src/posix-io.c: Make use of USE_LINUX_GETDENTS.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/posix-io.c (get_max_fds): Restore Linux optimization, this time
using open/getdents/close rather than opendir/readdir/closedir.
--
opendir/readdir/closedir may allocate/free memory, and aren't required
to do so in an async-signal-safe way. On the other hand, opening
/proc/self/fd directly and iterating over it using getdents is safe.
(getdents is not strictly speaking documented to be async-signal-safe
because it's not in POSIX. However, the Linux implementation is
essentially just a souped-up read. Python >= 3.2.3 makes the same
assumption.)
Signed-off-by: Colin Watson <cjwatson@debian.org>
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag
"auto-key-retrieve".
* src/context.h (gpgme_context): New field auto_key_retrieve.
* src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve
to field 'decrypt'.
* src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass
option --auto-key-retrieve to gpg. Adjust all callers.
(gpg_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve.
* src/engine-uiserver.c (uiserver_decrypt): Ditto.
* tests/run-verify.c (main): Add option --auto-key-retrieve.
--
This makes the --auto-key-retrieve option available in the GPGME API.
Test plan:
Run
GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE
with and without its new option --auto-key-retrieve and check in the
trace stored in "out" whether --auto-key-retrieve was passed to gpg.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_keyorg_t): New.
* src/keylist.c (parse_keyorg): New.
(keylist_colon_handler): Set key->ORIGIN.
--
This finally set the key origin value form data supplied by recent gpg
versions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpg/t-gpgconf.c (main): Fix warnings.
* src/engine-gpgconf.c (struct gpgconf_config_dir_s): New struct.
(gpgconf_config_dir_cb, gpgconf_conf_dir) Use it to fix warning.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
* src/decrypt.c (parse_status_error): Don't modify args.
--
Otherwise chained status handlers will not see the full args
which resulted in a parse error in the verify status handler.
GnuPG-Bug-Id: T3310
* src/decrypt.c (op_data_t): Add flag any_no_seckey.
(_gpgme_decrypt_status_handler): Consult that flag.
(_gpgme_decrypt_status_handler): Set that flag.
--
The NO_SECKEY is emitted instead of an "S ERROR pkdecrypt_failed" if
gpg knowns that a key has been encrypted to that key (cf. "S ENC_TO").
it is not fool proffof but in the majority of cases we can provide a
better error message than just DECRYPTION_FAILED.
GnuPG-bug-id: 3270
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/decrypt.c (op_data_t): Add field pkdecrypt_failed.
(_gpgme_decrypt_status_handler): Consult new field.
(parse_status_error): Handle some error codes.
--
The idea is to return only a limited set of error codes because a user
won't be able to understand the more esoteric codes.
GnuPG-bug-id: 3270
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/decrypt.c (_gpgme_decrypt_status_handler): Factor some code out
to ...
(parse_status_error): new. Modernize parsing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro. This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information can the be presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
* src/engine-gpgconf.c (gpgconf_parse_option): Don't split
strings on comma.
--
This only affects values where the main type is string. Values
with the alt_type string but another main type are still split
to keep lists (e.g. groups) working.
* configure.ac <c>: Bump LT version to C29/A18/R0.
<cpp>: Bump LT version to C10/A4/R0.
<qt>: Bump LT version to C9/A2/R0.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (GPGME_ENCRYPT_WRAP): New const.
(gpgme_decrypt_flags_t): New enum.
(GPGME_DECRYPT_VERIFY): New const
(GPGME_DECRYPT_UNWRAP): New const
(gpgme_op_decrypt_ext_start): New func.
(gpgme_op_decrypt_ext): New func.
* src/decrypt-verify.c (gpgme_op_decrypt_ext_start): New.
(gpgme_op_decrypt_ext): New.
(decrypt_verify_start): Add arg FLAGS. Replace call to
engine_op_decrypt_verify by the plain decrypt with the flag set.
(gpgme_op_decrypt_verify_start): Pass the flag.
(gpgme_op_decrypt_verify): Pass the flag.
* src/decrypt.c (decrypt_start): Rename to ...
(_gpgme_decrypt_start): this. Add arg FLAGS. Pass FLAGS to
engine_op_decrypt.
(gpgme_op_decrypt_start): Adjust for chnage pass 0 for FLAG.
(gpgme_op_decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt_verify): Remove.
(_gpgme_engine_op_decrypt): Add arg FLAGS.
* src/gpgme.def, src/libgpgme.vers: Add new functions.
* src/engine-backend.h (struct engine_ops): Remove member
'decrypt_verify'. Add FLAGS to 'decrypt'. Adjust all initialization.
* src/engine-uiserver.c (uiserver_decrypt): Remove.
(uiserver_decrypt_verify): Remove.
(_uiserver_decrypt): Rename to ...
(uiserver_decrypt): this. Replace arg VERIFY by new arg FLAGS.
* src/engine-gpg.c (gpg_decrypt): Support GPGME_DECRYPT_UNWRAP.
(gpg_encrypt): Support GPGME_ENCRYPT_WRAP.
* tests/run-decrypt.c (main): New option --unwrap.
* tests/run-encrypt.c (main): New option --wrap.
--
Manual testing of that wrap/unwrap feature can be done this way:
./run-encrypt --verbose --key Alice /etc/motd > x
./run-decrypt --verbose --unwrap x > y
./run-encrypt --verbose --key Bob --wrap y > z
1. The message was first encrypted to Alice.
2. Alice decrypts the message receiving a valid OpenPGP message.
3. Alice encrypt that message to Bob
This will also work with encrypted and signed messages; the signature
will be kept intact during re-encryption. Requires GnuPG 2.1.12.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/dirinfo.c (WANT_GPG_WKS_CLIENT_NAME): New const.
(struct dirinfo): New field 'gpg_wks_client_name'.
(get_gpgconf_item): Build it on demand.
(gpgme_get_dirinfo): New value "gpg-wks-client-name" for WHAT.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag.
* src/engine-gpg.c (gpg_encrypt): Implement flag
(gpg_encrypt_sign): Implement flag.
* tests/run-encrypt.c (main): New option --throw-keyids.
--
It would be nice to also selectively hide recipients (that is gpg
--hidden-recipient) but our API does not ye allow this because it is
based on key objects. A possible way to implement that would be a API
to set processing flags into a key but this is complicated due to the
reference counting and thus the possibility that a key object is used
by different context.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpgsm.c (gpgsm_assuan_simple_command): Make sure CB_ERR
is returned.
* src/import.c (parse_import_res): Do not return an error for the last
field.
(import_status_handler): Actually return the error from
parse_import_res.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
This reverts commit 6df6e01ed5.
gpgme_error_t et al are from a time where we had no hard dependency on
libgpg-error. Now libgpg-error is a required and thus it does not
make sense to have these surrogates. In fact we should ventually
completely remove them.
Signed-off-by: Werner Koch <wk@gnupg.org>
* NEWS: Update.
* doc/gpgme.texi (gpgme_op_createkey): Clarify the meaning of the
'expire' parameter.
(GPGME_CREATE_NOEXPIRE): Document new flag.
(gpgme_op_createsubkey): Clarify the meaning of the 'expire'
parameter.
* src/engine-gpg.c (gpg_add_algo_usage_expire): Fix handling of the
expiration time.
* src/gpgme.h.in (GPGME_CREATE_NOEXPIRE): New macro.
--
Previously, the documentation stated that the expiration time was an
absolute timestamp. However, this value was passed using the
'seconds=N' syntax to GnuPG which specifies the expiration time in
seconds relative to the creation time. Fix the documentation.
Furthermore, the documentation stated that using 0 results in keys
that do not expire. This was communicated to GnuPG by using the
implicit default. However, as of GnuPG 2.1.17, the default was
changed to create keys that expire within a reasonable timespan.
Fix this discrepancy by aligning the behavior with recent GnuPG
versions: 0 means use a reasonable default, and introduce a flag that
can be used to create keys that do not expire. Communicate this
explicitly to GnuPG.
Signed-off-by: Justus Winter <justus@g10code.com>
* NEWS: Update.
* src/data.c (gpgme_data_set_flag): Return a 'gpgme_error_t'.
* src/error.c (gpgme_strerror_r): Fix type of first argument.
* src/gpgme.h.in (gpgme_strerror_r): Adapt.
(gpgme_data_set_flag): Likewise.
--
Fix for consistency. This should not pose problems, because typedef
gpg_error_t gpgme_error_t.
Signed-off-by: Justus Winter <justus@g10code.com>
* src/verify.c (parse_tofu_user): For cleanness use gpg_error ...
(_gpgme_verify_status_handler): ... and gpg_err_code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (op_data_t): Add conflict_user_seen.
(parse_tofu_user): Return ERR_DUP_VALUE for mutltiple TOFU_USERS.
(_gpgme_verify_status_handler): Handle ERR_DUP_VALUE from
parse_tofu_user to ignore the next TOFU_STATS.
--
This fixes TOFU Conflict verification with GnuPG-2.1.17 and 2.1.18
GnuPG-Bug-Id: 2914
* configure.ac (vasprintf): Remove check.
* src/vasprintf.c: Remove file.
* src/util.h (vasprintf, asprintf): Remove prototypes. Replace all
calls to vasprintf and asprintf by gpgrt_vasprintf or gpgrt_asprintf.
Also take care to use gpgrt_free on the returned value.
* src/w32-util.c (_gpgme_get_gpgconf_path): Replace a gpgrt_asprintf
by _gpgme_strconcat.
(snprintf): New macro to use gpgrt_snprintf instead of the system's
standard snprintf.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
It is common that developers look up only the header file and do not
read the manual. These comments should make it clear that most
structures in gpgme.h are read-only and may only be allocated by
gpgme.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_data_rewind): Un-deprecate.
* src/data-compat.c (gpgme_data_rewind): Move to ...
* src/data.c (gpgme_data_rewind): here.
--
That function is very convenient because it is required a lot with
memory streams. It also documents the intention of the caller better
than gpgme_data_seek with its addition parameters and the need to map
system errors. Thus it does not make sense to make it a first class
citizen again.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/key.c (gpgme_key_unref): Always free address if set.
(_gpgme_key_append_name): Remove memory optimization for address.
--
The check if address is not allocated would now be more complicated
then just comparing it to email because email is set to address
also when an email was not parsed from the user id.
* src/key.c (_gpgme_key_append_name): Set email and remove name
for uid only keys.
--
If we have a name and no email but the name can be parsed as
an address we now treat the address as email and remove the name.
This fixes downstream users that rely on email to show email
addresses and don't expilicity handle this case.
E.g. A userid foo@example.com was:
uid->name = "foo@example.com"
uid->email = ""
uid->address = "foo@example.com"
It is now:
uid->name = ""
uid->email = "foo@example.com"
uid->address = "foo@example.com"
* src/w32-io.c (writer): Only stop once the buffer is drained.
(destroy_writer): Wait for the writers buffer to be drained. This
aligns '_gpgme_io_close's behavior with close(2) and fclose(3).
GnuPG-bug-id: 2881
Signed-off-by: Justus Winter <justus@g10code.com>
* src/engine-gpgconf.c (gpgconf_write): Connect a pipe to the child's
stderr, and wait for it to be closed as an indication that gpgconf has
exited. Also improve error handling.
GnuPG-bug-id: 2881
Signed-off-by: Justus Winter <justus@g10code.com>
* src/engine-gpgconf.c (gpgconf_write): Add --runtime.
* src/gpgme.h.in (gpgme_conf_opt_change): Document this
behavior.
--
If a tool uses GPGME for changing configuration values it
needs a way to ensure that these changes take effect. Otherwise
users may change and see config values and do not understand
why they are not working.
* src/engine-gpg.c (gpg_addkey): Pass --batch to gpg when
GPGME_CREATE_NOPASSWD is set to fix pinentry without loopback mode.
--
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* src/engine-gpg.c (struct engine_gpg): New field
override_session_key.
(gpg_release): Free that field.
(gpg_decrypt): With gnupg 2.1.16 use --override-session-key-fd.
* tests/run-decrypt.c (main): Fix setting over the override key.
--
Note that this works only with gnupg 2.1.16 and later.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "export-session-key" and
"override-session-key".
(gpgme_get_ctx_flag): Ditto.
(gpgme_set_export_session_keys): Remove.
(gpgme_get_export_session_keys): Remove.
* src/gpgme.def, src/libgpgme.vers: Remove them.
* src/context.h (struct gpgme_context): Add field
override_session_key.
* src/decrypt-verify.c (decrypt_verify_start): Pass
override_session_key value to the engine.
* src/decrypt.c (decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt): Ditto.
(_gpgme_engine_op_decrypt_verify): Ditto.
* src/engine-backend.h (struct engine_ops): Extend DECRYPT and
DECRYPT_VERIFY_START with override_session_key.
* src/engine-uiserver.c (_uiserver_decrypt): Add stub arg
override_session_key.
(uiserver_decrypt): Ditto.
(uiserver_decrypt_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Ditto.
* src/engine-gpg.c (gpg_decrypt): Add arg override_session_key and set
corresponding gpg option.
* tests/run-decrypt.c (print_result): Print the session key if
available.
(main): Add options --export-session-key and --override-session-key.
--
To keep the number of context manipulation functions at bay, this
patches removes the just added gpgme_set_export_session_keys and
gpgme_get_export_session_keys by flags for the generic context
function.
The patch also implements the --override-session-key feature.
GnuPG-bug-id: 2754
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_get_ctx_flag): New.
* src/gpgme.c (gpgme_set_ctx_flag): Move down the file and add a trace
statement.
(gpgme_get_ctx_flag): New.
* src/gpgme.def, src/libgpgme.vers: Add new interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.c (gpgme_set_export_session_keys): New function.
(gpgme_get_export_session_keys): New function.
* src/gpgme.h.in (struct _gpgme_op_decrypt_result): Add session_key
member.
(gpgme_{set,get}_export_session_keys): Declare new functions.
* src/libgpgme.vers, src/gpgme.def: Export new functions in shared
object.
* src/engine.h: (_gpgme_engine_op_decrypt) Add export_session_key
parameter.
(_gpgme_engine_op_decrypt_verify): Add export_session_key parameter.
* src/engine-backend.h: (struct engine_ops): Change function
pointer declarations to match.
* src/context.h (struct gpgme_context): Add export_session_keys member.
* src/decrypt.c (release_op_data): Free result.session_key.
(_gpgme_decrypt_status_handler): Store a copy of the exported session
key.
(decrypt_start): Pass export_session_keys from the context.
* src/decrypt-verify.c (decrypt_verify_start): Pass
export_session_keys from context.
* src/engine.c (_gpgme_engine_op_decrypt): Pass through
export_session_key flag.
(_gpgme_engine_op_decrypt_verify): Pass through export_session_key
flag.
* src/engine-gpg.c (gpg_decrypt): If export_session_key is set, add
--export-session-key to argument list.
* src/engine-gpgsm.c (gpgsm_decrypt): Ignore export_session_key for
now, since gpgsm offers no such mechanism.
* src/engine-uiserver.c (_uiserver_decrypt): If export_session_key is
set, add --export-session-key flag to cmd.
* doc/gpgme.texi: Document new functions and session_key member of
decrypt_result_t.
* doc/uiserver.texi: Add --export-session-key flag to DECRYPT command.
--
gpg(1) documents session key export as useful for key escrow, and is
rightly dubious of that use case. However, session key export is also
useful in other use cases. Two examples from MUA development (where
this functionality would be specifically useful to me right now):
* If the MUA stores a local copy of the session key upon decrypting
the message, it can re-decrypt the message without expensive
asymmetric operations. When rendering a thread with dozens of
encrypted messages, this can represent a significant speedup.
* A user may have expired encryption-capable secret key material,
along with many messages encrypted to that material. If she stores
the session keys for those messages she wants to keep, she can
destroy her secret key material and make any messages she has
deleted completely unrecoverable, even to an attacker who gets her
remaining secret keys in the future.
This patchset makes a two specific implementation decisions that could
have gone in different ways. I welcome feedback on preferred outcomes.
0) session key representation: we currently represent the session key
as an opaque textual string, rather than trying to provide any
sort of in-memory structure. While it wouldn't be hard to parse
the data produced by gpg's --export-session-key, I chose to use
the opaque string rather than lock in a particular data format.
1) API/ABI: i've added a member to gpgme_op_decrypt_result_t. This
has the potential to cause an out-of-bound memory access if
someone uses code compiled against the newer verision, but linked
at runtime against an older version. I've attempted to limit that
risk by documenting that users must verify
gpgme_get_export_session_keys() before accessing this new struct
member -- this means that code expecting this capability will
require the symbol at link-time, and will refuse to link against
older versions.
Another approach to solving this problem would be to avoid
modifying gpgme_op_decrypt_result_t, and to introduce instead a
new function gpgme_op_session_key(), which could be called in the
same places as gpgme_op_decrypt_result(). Depending on the
representation of the session key, this might introduce new
memory-management burdens on the user of the library, and the
session key is certainly part of a decryption result, so it seemed
simpler to go with what i have here.
If anyone has strong preferences that these choices should be solved
in a different way, i'm happy to hear them.
Additionally, I note that i'm also still pretty unclear about how the
"UI Server" fits into this whole ecosystem. In particular, I don't
know whether it's kosher to just add an --export-session-key flag to
the DECRYPT operation without actually having implemented it anywhere,
but i don't see where i would actually implement it either :/
If this patch (or some variant) is adopted, i will supply another
patch that permits offering a session key during decryption (e.g. "gpg
--override-session-key"), but I wanted to get these implementation
choices ironed out first.
Gnupg-Bug-Id: 2754
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
On the concern of adding a new field to a structure: It may not be
clearly documented but we don't expect that a user ever allocates such
a structure - those result structure may only be created bu gpgme and
are read-only for the user. Adding a new member constitutes a
compatible ABI change and thus an older SO may not be used by code
compiled with a header for the newer API. Unless someone tinkers with
the build system, this should never happen. We have added new fields
to result structure may times and I can't remember any problems.
- wk
* src/gpgme.c (gpgme_set_armor, gpgme_set_textmode,
gpgme_set_offline): Ensure that non-zero values actually set the
appropriate internal bit.
--
The documentation for these functions says things like "disabled if
YES is zero, and enabled otherwise", where YES is an integer.
However, if you pass an even integer, it will be aliased back to 0
because the context member variables are declared as single bits.
This should make the implementation match the documentation.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/posix-io.c (_gpgme_io_select): Return EMFILE instead of EBADF.
--
Also EBADF seem more correct, EMFILE (Too man open files) gives
a clearer message to the user that there are somehow too many files
open. The problem can be exhibited by running lots of threads,
We should eventually move to poll but that would be a large change and
so we better fix it with the planned migration of the I/O subsystem to
libgpgrt (currently known as libgpg-error).
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/keylist.c (op_data_t): Add field keydb_search_err.
(keylist_status_handler): Parse STATUS_ERROR into that var.
(gpgme_op_keylist_next): Use that err instead of GPG_ERR_EOF.
--
With a recent GnuPG version this allows to detect a keyring with wrong
permissions (i.e. no read access). GPG_ERR_OPEN_KEYRING will be
returned instead of GPG_ERR_EOF.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Require libgpg-error 1.17. No longer
check for pthread.
* doc/gpgme.texi: Document removed neccessity for thread
safe gpgme flavours.
* src/sema.h (DEFINE_GLOBAL_LOCK),
(DEFINE_STATIC_LOCK, INIT_LOCK, DECLARE_LOCK)
(DESTROY_LOCK, LOCK, UNLOCK): Change to gpgrt equivalents.
* src/posix-sema.c, src/w32-sema.c: Removed.
* src/Makefile.am: Remove libpthread and
Update accordingly.
* src/ath.c, src/ath.h (ath_mutex_init)
(ath_mutex_destroy, ath_mutex_lock, ath_mutex_unlock): Removed.
* src/ath.h (ATH_MUTEX_INITIALIZER): Removed.
* src/version.c (do_subsystem_inits): sema_subsystem_init is
no longer required.
* tests/gpg/Makefile.am: Add new threading tests.
(t_thread1_LDADD, t_cancel_LDADD):
Use just gpgme.
* tests/gpg/t-thread-keylist-verify.c,
tests/gpg/t-thread-keylist.c: New.
* src/gpgme-config.in: Use -lgpgme for thread-model pthread.
--
Using gpgrt locks instead of pthread locks removes
the neccessity to link pthread directly to gpgme and
have a different, thread safe flavor of gpgme. Now
gpgme is thread-safe if the conditions mentioned
in the doc are met.
As the cpp bindings linked against libgpgme
and not libgpgme-pthread this fixes threading problems
with them.
libgpgme-pthread is removed but gpgme-config still supports
--thread=pthread for compatibility with find scripts.
* src/w32-io.c (fd_table_lock): New.
(new_fd): Lock allocation of a new slot.
(release_fd): Lock deallocation of a slot.
--
Note that we lock only the allocation but not the sanitiy checks we do
further down in the code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-util.c (find_program_at_standard_place): Use access to check
whether the binary is at CSIDL_PROGRAM_FILES before testing
CSIDL_PROGRAM_FILESX86.
--
Suggested-by: ticho
Fixes-commit: a82e9b182f
GnuPG-bug-id: 2814
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-util.c (find_program_in_dir): Fix call to _gpgme_strconcat.
--
This fixes a crash introduced by dc39552d0 because it tried
to concat a strlen.
* src/b64dec.c, src/mbox-util.c, src/mbox-util.h: These three files
are explicitly licensed under LGPL, but their comments suggest that
details about the warranty can be found in the GPL. Adjust comments
to refer to the correct license.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/conversion.c: Include stdarg.h.
(do_strconcat): New.
(_gpgme_strconcat): New.
* src/util.h: Provide fallback for GPGRT_ATTR_SENTINEL.
(_gpgme_strconcat): New with sentinel.
* src/w32-util.c (find_program_in_dir): Replace malloc and stpcpy by
_gpgme_strconcat.
(find_program_at_standard_place): Ditto.
(_gpgme_set_default_gpg_name): Ditto.
(_gpgme_set_default_gpgconf_name): Ditto.
(_gpgme_mkstemp): Ditto.
(_gpgme_set_override_inst_dir): Repalce malloc and strcpy by strdup.
--
The function has been taken from gnupg/common/stringhelp.c and license
changed to LPGLv2.1+. I am the original author of that code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c (gpg_new): Add --exit-on-status-write-error if the
engine version is latest enough to expect progress output from gpg.
--
GnuPG-bug-id: 1415
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Changed the version test from the patch to use the newer
have_gpg_version.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/moc_kdpipeiodevice.cpp: Removed.
* src/Makefile.am (EXTRA_DIST): Remove moc_kdpipeiodevice.cpp.
--
This file was overlooked in 58ed9c17 which removed the unused
and obsolete w32-qt code. See lang/qt QIODeviceDataProvider which
replaced kdpipeiodevice.
* src/engine-assuan.c (llass_new): Update --ttyname from GPG_TTY.
* src/engine-g13.c (g13_new): Ditto.
* src/engine-gpg.c (gpg_new): Ditto.
* src/engine-uiserver.c (uiserver_new): Ditto.
* src/engine-gpgsm.c (gpgsm_new): Ditto.
--
Useful when no DISPLAY is set and there is no attached terminal to the
current process.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* src/gpgme.h.in (_GPGME_DEPRECATED): Change to take versio numbers
for documentation. Change all places.
(_GPGME_DEPRECATED_OUTSIDE_GPGME): Ditto.
* lang/python/gpgme-h-clean.py: Adjust RE.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/status-table.c (_gpgme_status_to_string): Return "" for EOF.
* src/engine-gpg.c (read_status): Ditto. The old code accidently used
GPGME_STATUS_EOF which is the integer 0 and neiteyr NULL nor a string.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_interact_cb_t): New.
(GPGME_INTERACT_CARD): New.
(gpgme_op_interact_start, gpgme_op_interact): New.
* src/libgpgme.vers, src/gpgme.def: Add new functions.
* src/edit.c (op_data_t): Rename fnc to fnc_old and change users. Add
fnc.
(edit_status_handler): Call old or new callback.
(command_handler): Ditto.
(interact_start): New.
(gpgme_op_interact_start, gpgme_op_interact_start): New.
* src/status-table.c (_gpgme_status_to_string): New.
* tests/gpg/t-edit.c (edit_fnc): Rename to interact_fnc and change
type of STATUS. Use gpgme_io_writen.
(main): s/gpgme_op_edit/gpgme_op_interact/.
--
This change will eventually allow us to remove all those status codes
from gpgme.h.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/edit.c (command_handler): Handle special error code.
* src/engine-gpg.c (read_status): Ditto.
* src/engine-gpgsm.c (status_handler): Ditto.
* src/engine-uiserver.c (status_handler): Ditto.
* src/util.h (GPG_ERR_FALSE): Define for older libgpg-error versions.
--
An edit callback may now simply return GPG_ERR_FALSE to indicate that
it did not handled the status code. GPGME will the do the appropriate
action, which is to send an empty line.
Note that it is highly unlikely that GPG_ERR_FALSE has ever been used
by an application as return value from an edit interactor.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-backend.h (engine_ops): Change prototype of genkey.
* src/engine-gpgsm.c (gpgsm_genkey): Change accordingly.
* src/engine-gpg.c (gpg_genkey): Change it to a dispatcher.
(gpg_createkey_from_param): New for the old functionality.
(gpg_createkey_legacy): New. Stub for now.
(gpg_createkey): New.
(gpg_addkey): New. Stub for now.
(gpg_adduid): New. Stub for now.
* src/engine.c (_gpgme_engine_op_genkey): Add new args.
* src/genkey.c (op_data_t): Add field ERROR_CODE.
(parse_error): New.
(genkey_status_handler): Parse ERROR status line.
(genkey_start): Use NULL/0 for the new args.
(createkey_start): New.
(gpgme_op_createkey_start, gpgme_op_createkey): New.
* src/gpgme.def, src/libgpgme.vers: Add gpgme_op_createkey_start and
gpgme_op_createkey.
* src/gpgme.h.in (_gpgme_op_genkey_result): Add fields PUBKEY and
SECKEY.
(GPGME_CREATE_SIGN): New.
(GPGME_CREATE_ENCR): New.
(GPGME_CREATE_CERT): New.
(GPGME_CREATE_AUTH): New.
(GPGME_CREATE_NOPASSWD): New.
(GPGME_CREATE_SELFSIGNED): New.
(GPGME_CREATE_NOSTORE): New.
(GPGME_CREATE_WANTPUB): New.
(GPGME_CREATE_WANTSEC): New.
(GPGME_CREATE_FORCE): New.
* tests/run-genkey.c: New.
* tests/Makefile.am (noinst_PROGRAMS): Add it.
--
This function uses the new --quick-gen-key API of gpg. A limited
compatibility mode to use older gpg versions and gpgsm will eventually
be provided. Not all flags are currently implemented.
./run-genkey --unprotected --force test@example.com
Create a new standard key with the given user id. --force is used to
allow creating more than one key with that user id in the keyring.
./run-genkey --unprotected --force \
test@example.com default default 2145826800
Creates a new standard key with an expiration date of 2037-12-31.
./run-genkey --unprotected --force \
test@example.com future-default default 2145826800
Create a standard key using the fugure default algorithms.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (struct _gpeme_tofu_info): Rename FIRSTSEEN to
SIGNFIRST and LASTSEEN to SIGNLAST. Add ENCRFIST and ENCRLAST.
* src/keylist.c (parse_tfs_record): Parse to ENCRFIRST and ENCRLAST.
* src/verify.c (parse_tofu_stats): Ditto.
* tests/run-keylist.c (main): Adjust and print encrypt stats.
* tests/run-verify.c (print_result): Ditto.
* lang/cpp/src/tofuinfo.h (TofuInfo): Rename firstSeen to signFirst
and lastSeen to signLast. Add encrCount, encrFirst and encrLast.
* lang/cpp/src/tofuinfo.cpp (encrCount, encrFirst, encrLast): New.
--
The latest GnuPG commits have the needed changes but we also allow the
use of currently released GnuPG version.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c (build_argv): Check for version 2.1.0
before adding pinentry-mode.
--
This is a compatibility fix for older versions that don't support
this flag which would otherwise result in an invalid argument
error.
* src/encrypt.c (encrypt_start): Handle SYMMETRIC flag.
* src/encrypt-sign.c (encrypt_sign_start): Ditto.
--
This causes the passphrace command handler to be properly
registered which in turn will result in the passphrase
callback beeing called.
* src/gpgme.h.in (_gpgme_tofu_info): Change 'firstseen' and 'lastseen'
to a timestamp value.
* src/verify.c (parse_tofu_stats): Do not cap these values at UINT_MAX.
--
Using an unsigned long here is okay: We will never get an error and
even on machines where unsigned long is 32 bit (e.g. Windows64) this
allows us to operate until 2106. By then Windows will be a footnote
in history or Windows128 has changed that type to something larger
than 32 bit ;-)
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (parse_tofu_user): Add arg 'protocol' and store it in
the KEY.
(_gpgme_verify_status_handler): Pass protocol.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (struct _gpgme_signature): Remove field 'tofu'. Add
field 'key'.
(struct _gpgme_key): Add field 'fpr'.
(struct _gpgme_user_id): Add field 'tofu'.
(struct _gpgme_tofu_info): Remove fields 'address' and 'fpr'.
* src/key.c (gpgme_key_unref): Release TOFU and FPR.
* src/keylist.c (keylist_colon_handler): Store the fingerprint of the
first subkey also in KEY.
* src/verify.c (release_tofu_info): Remove.
(release_op_data): Release KEY.
(parse_tofu_user): Rewrite for new data structure.
(parse_tofu_stats): Ditto.
(parse_tofu_stats_long): Ditto.
* tests/run-verify.c (print_result): Ditto.
* tests/run-keylist.c (main): Print more fields.
--
TOFU information are now associated with the user ID and not with a
separate object.
Note that this breaks code relying on the former non-released TOFU
feature. The C++ bindings won't work right now.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/mbox-util.c, src/mbox-util.h: Adjust for use in gpgme.
* src/Makefile.am (main_sources): Add mbox-util.
* src/key.c (_gpgme_key_append_name): Set 'address' field of uid.
(gpgme_key_unref): Free it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/mbox-util.c: New.
* src/mbox-util.h: New.
--
The files haven been copied verbatim from
GnuPG 2.1.15 commit 54245979e691129ed9d3a6c642087fb8d3227449
after the license has been changed in GnuPG.
We need this file too match GnuPG's idea of a mail address.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-io.c(_gpgme_io_spawn): Remove spawnhelper not found
diagnostic.
--
When spawnhelper is not found the error is now catched before
the CreateProcess call so the added diagnostic in bb2d11c
(which was not helpful because the value for spawnhelper
would be NULL in that case) is now no longer needed.
* src/w32-io.c (_gpgme_io_spawn): Show a message box in
case gpgme-w32spawn.exe not found.
--
Otherwise every engine call will just fail with unsupported
protocol. Even in the debug output the problem was not made
clear because CreateProcess will fail with error code 87
(Invalid Parameter) because spawnhelper is NULL. The helpful
error message for ERROR_INVALID_PARAMETER would have been:
"is 'NULL' correctly installed"
As GpgME basically becomes useless on Windows without the
spawnhelper we want to fail very loud in that case.
* src/engine.c (_gpgme_engine_info_release): Do not assert but free
FILE_NAME.
(gpgme_get_engine_info): Provide default for VERSION and REQ_VERSION.
Use calloc instead of malloc.
(_gpgme_set_engine_info): Ditto.
* src/engine-assuan.c (llass_get_version): Return NULL.
(llass_get_req_version): Ditto.
* src/engine-spawn.c (engspawn_get_version): Ditto.
(engspawn_get_req_version): Ditto.
* src/engine-uiserver.c (uiserver_get_version): Ditto.
(uiserver_get_req_version): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c: Include data.h.
(add_input_size_hint): New.
(gpg_decrypt, gpg_encrypt, gpg_encrypt_sign, gpg_sign)
(gpg_verify): Call new function,
* tests/run-encrypt.c (status_cb): Print to stderr.
(progress_cb): New.o
(main): Add option --progress. Print full-status lines. Provide a
size for the input data.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_encrypt_flags_t): New flag
GPGME_ENCRYPT_SYMMETRIC.
* src/engine-gpg.c (gpg_encrypt): Also add --symmetric if the flag
is given.
* NEWS: Mention new flag.
* tests/run-encrypt.c (show_usage): Extend for --symmetric.
(main): Handle --symmetric.
(main): Set passphrase_cb in loopback mode.
(main): Fix encrypt call if no recipients are given.
* tests/gpg/t-encrypt-mixed.c: New.
* tests/gpg/Makefile.am (c_tests): Add new test.
* doc/gpgme.texi: Document new flag.
Previously, 'gpgme_engine_check_version' failed for these protocols
because the version parser failed to parse the dummy versions.
* src/engine-assuan.c (llass_get_version): Use a version triple that
the parser can understand.
(llass_get_req_version): Likewise.
* src/engine-spawn.c (engspawn_get_version): Likewise.
(engspawn_get_req_version): Likewise.
* src/engine-uiserver.c (uiserver_get_version): Likewise.
(uiserver_get_req_version): Likewise.
Signed-off-by: Justus Winter <justus@g10code.com>
* src/gpgme.h.in (GPGME_DATA_ENCODING_MIME): New.
* src/data.c (gpgme_data_set_encoding): Adjust check.
* src/engine-gpg.c (have_gpg_version): New.
(gpg_encrypt, gpg_encrypt_sign): Pass flag '--mimemode'.
(gpg_sign): Ditto.
* lang/cpp/src/data.h (GpgME): Add MimeEncoding.
* lang/cpp/src/data.cpp (encoding, setEncoding): Support MimeEncoding.
* src/gpgme-tool.c (server_data_encoding): Add flag --mime.
--
This feature allows an application to declare that the encrypted or
signed data is a valid MIME part.
What is missing is a way to return that information to the application
after decryption/verification. This can be done by setting the
encoding of the output data object; however this requires some
internal additions to our processing model.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-util.c (_gpgme_get_gpgconf_path): Fallback to 2.1 installer
registry key.
--
Finding gpgconf is utterly important so we should be as compatible
as possible.
* src/gpgme.h.in: Mention that Address is not always in addr-spec.
--
The old comment made it look like you could always expect the
address to be parsable as a mailbox address.
* src/data-identify.c (basic_detection): Return signature for
signature.
--
This causes identify to return signature for both binary and
ascii armored detached signatures where previously it would
have returned signed for armored signatures and signature for
binary signatures.
GnuPG-Bug-Id: 2314
* src/b64dec.c: New. Taken from gnupg. Prefix function names with
_gpgme_ and change to use standard C malloc functions.
* src/util.h.h (struct b64state): New.
* src/Makefile.am (main_sources): Add file.
--
The file b64dec.c has been taken from gnupg commit
e430ff6ad0b7dcfcebd92b825dd5168205447ff3
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (GPGME_DATA_TYPE_PGP_ENCRYPTED): New.
(GPGME_DATA_TYPE_PGP_SIGNATURE): New.
* src/data-identify.c: Add enum for OpenPGP packet types.
(buf32_to_ulong): New.
(next_openpgp_packet): New. Based on the gnupg/kbx/keybox-openpgp.c
implementation and relicensed to LGPL by g10 Code.
(pgp_binary_detection): New.
(basic_detection): Call pgp_binary_detection instead of returning
unknown.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (GPGME_STATUS_NOTATION_FLAGS): New.
* src/status-table.c (status_table): Add new status.
* src/verify.c (parse_notation): Handle flags. Also fix NOTATION_DATA
in case gpg would not percent-escape spaces.
(_gpgme_verify_status_handler): Handle flags.
* tests/run-verify.c (print_result): Print notaion data.
--
Note that this does only work with the soon to be released GnuPG
2.1.13.
* src/posix-io.c [__linux__]: Include dirent.h.
(get_max_fds) [__linux__]: Try to figure out the highest used fd.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_data_seek_cb_t, gpgme_data_seek): Clarify that
these functions return the new offset.
(gpgme_data_release_cb_t): Fix name of parameter.
Signed-off-by: Justus Winter <justus@gnupg.org>
* src/gpgme.h.in (gpgme_set_ctx_flag): New prototype.
* src/gpgme.c (gpgme_set_ctx_flag): New.
* src/gpgme.def, src/libgpgme.vers: Add new function.
* src/context.h (struct gpgme_context): Add FULL_STATUS.
* src/decrypt.c (_gpgme_decrypt_status_handler): Do not call the
status callback if FULL_STATUS is set.
* src/genkey.c (genkey_status_handler): Ditto.
* src/passphrase.c (_gpgme_passphrase_status_handler): Ditto.
* src/sign.c (_gpgme_sign_status_handler): Ditto.
* src/engine-backend.h (struct engine_ops): Add SET_STATUS_CB and add
adjust all definitions of that variable.
* src/engine.c (_gpgme_engine_set_status_cb): New.
* src/op-support.c (_gpgme_op_reset): Call this function.
* src/engine-gpg.c (struct engine_gpg): Add fields MON_CB and
MON_CB_VALUE.
(gpg_set_status_cb): New.
(_gpgme_engine_ops_gpg): Register that function.
(read_status): Call the monitor callback.
* src/engine-gpgsm.c (struct engine_gpgsm): Add fields MON_CB and
MON_CB_VALUE.
(_gpgme_engine_ops_gpgsm): Register that function.
(gpgsm_assuan_simple_command): Change first arg to be an engine
context and adjust call callers. Call the monitor callback.
* src/engine-uiserver.c (struct engine_uiserver): Add fields MON_CB
and MON_CB_VALUE.
(_gpgme_engine_ops_uiserver): Register that function.
(uiserver_assuan_simple_command): Change first arg to be an engine
context and adjust call callers. Call the monitor callback.
* tests/run-verify.c (status_cb): New.
(print_result): Print algo names.
(main): Add option --status.
--
This new feature is mainly intended for bug tracking. Having access
to the raw status lines might also be useful for applications, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (verify_start): Do not return GPG_ERR_INV_VALUES when
when SIGNED_TEXT is not given.
--
The original idea behind this restriction probably was that it is
useless to verify a non-detached signatures without also returning the
signed text. However, it is sometimes useful to just check the
signature, for example to see who signed it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/delete.c (delete_status_handler): Remove default case from a
switch so that cc can check the use of all enum values.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (w32-qt): Remove option and Qt checks.
* src/Makefile.am: Remove BUILD_W32_QT handling.
* src/kdpipeiodevice.cpp,
src/kdpipeiodevice.h,
src/kdpipeiodevice.moc,
src/w32-qt-io.cpp: Removed.
--
This code was intended for Kleopatra but Kleopatra is not using
it anymore. QGpgme/dataprovider is a better replacement for this.
* src/posix-io.c [HAVE_STDINT_H]: Include stdint.h.
(get_max_fds): Limit returned value for too high values.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-util.c (mkstemp): Rename to my_mkstemp. Change caller.
--
For some reason the linker seems to use the mkstemp now provided by
mingw instead of our static symbol. Strange.
Reported-by: Andrej Kacian <andrej@kacian.sk>
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/delete.c (delete_status_handler): Return on ERROR status, if the
error location is set to "delete_key.secret" and the code is either
CANCELED or FULLY_CANCELED, which indicates a situation that the user
selected "No" on the confirmation dialog.
* src/passwd.c (passwd_start): set engine passphrase command handler.
--
This allows for inquiring a passphrase when changing a passphrase rather
than requiring a pinentry.
* src/gpgme.c (gpgme_set_global_flag): Add flag "w32-inst-dir";
* src/posix-util.c (_gpgme_set_override_inst_dir): New stub.
* src/w32-util.c (override_inst_dir): New var.
(_gpgme_get_inst_dir): Return this var is set.
(_gpgme_set_override_inst_dir): New.
--
See
https://lists.gnupg.org/pipermail/gnupg-devel/2015-September/030267.html
for background.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/argparse.c, src/argparse.h: New. Taken from current gnupg.
* src/Makefile.am (gpgme_tool_SOURCES): New.
* src/gpgme-tool.c: Remove all argp.h stuff.
(my_strusage): New.
(main): Change to use argparse.
--
As a GnuPG related tool the user should get the same experience in
option parsing as with gpg et al. Thus we use the same parser.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (_GPGME_INLINE): Define using GPGRT_INLINE if
possible. Fix problem with -Wundef by adding an extra "defined()".
(_GPGME_GCC_VERSION): Define using GPGRT_ macro if possible.
* src/engine-assuan.c (llass_new): Don't treat ttyname_r error as
fatal.
* src/engine-g13.c (g13_new): Likewise.
* src/engine-gpg.c (gpg_new): Likewise.
* src/engine-gpgsm.c (gpgsm_new): Likewise.
* src/engine-uiserver.c (uiserver_new): Likewise.
--
Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g.,
when /dev/pts is not accessible under chroot. Since all our uses of
ttyname_r() require that the function works, we can treat the failure as
if isatty() fails.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src/gpgme.h.in (GPGME_STATUS_FAILURE): New.
* src/status-table.c (FAILURE): New.
* src/op-support.c (_gpgme_parse_failure): New.
* src/passphrase.c (_gpgme_passphrase_status_handler): Forward FAILURE
status line to the status callback.
* src/decrypt.c (op_data_t): Add field failure_code.
(_gpgme_decrypt_status_handler): Parse that code and act upon it on EOF.
* src/encrypt.c (op_data_t): Add field failure_code.
(_gpgme_encrypt_status_handler): Parse that code and act upon it on EOF.
* src/genkey.c (op_data_t): Add field failure_code.
(genkey_status_handler): Parse that code and act upon it on EOF.
* src/passwd.c (op_data_t): Add field failure_code.
(passwd_status_handler): Parse that code and act upon it on EOF.
* src/sign.c (op_data_t): Add field failure_code.
(_gpgme_sign_status_handler): Parse that code and act upon it on EOF.
* src/verify.c (op_data_t): Add field failure_code.
(_gpgme_verify_status_handler): Parse that code and act upon it on EOF.
--
This requires GnuPG 2.1.8 to actually make a difference.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/passphrase.c (_gpgme_passphrase_status_handler): Call status_cb.
--
Frankly, we should have a more generic way of feeding the status_cb
handler than our current ad-hoc method.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-util.c (find_program_at_standard_place): Remove.
(_gpgme_get_gpg_path): Make the search order more explicit.
(_gpgme_get_gpgconf_path): Ditto.
(_gpgme_get_w32spawn_path): Search only in the inst_dir.
--
This tries to avoid possible unclear bug reports by removing the
fallback to the current gpg4win installation directory for the gpgme
helper. It is expected that users of gpgme installing their own gpgme
version also install the matching helper.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.c (debug_init) [W32]: Show libgpgme installation dir.
--
I expect that gpgme will be distributed by applications and thus it
will be helpful to see in the debug log which gpgme is actually used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/passphrase.c (_gpgme_passphrase_status_handler): Parse
GPGME_STATUS_INQUIRE_MAXLEN.
* src/passphrase.c (_gpgme_passphrase_command_handler): Send the
INQUIRE_MAXLEN status message.
--
Fixes passing this status message along when decrypting symmetric data
from gpg.
* src/gpgme.h.in: (gpgme_status_code_t): Add INQUIRE_MAXLEN.
* src/status-table.c (status_table_s): Ditto.
* src/genkey.c (genkey_status_handler): Parse INQUIRE_MAXLEN.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ditto.
* src/sign.c (_gpgme_sign_status_handler): Ditto.
This status message informs the client of the maximum length of an
inquired line. It is sent from gpg and forwarded to the client via
gpgme_status_cb_t.
* src/gpgme.h.in (gpgme_set_status_cb): New.
(gpgme_get_status_cb): New.
(gpgme_status_cb_t): New.
* src/gpgme.c (gpgme_set_status_cb): New.
(gpgme_get_status_cb): New.
* src/context.h (status_cb): New.
(status_cb_value): New.
* src/gpgme.def: Export new symbols.
* src/libgpgme.vers: Ditto.
* doc/gpgme.texi: Document these new functions.
--
This callback function is used to forward status messages from gpg back
to the client.
* src/genkey.c (genkey_start): set engine passphrase command handler.
--
This allows for inquiring a new passphrase during key generation rather
than requiring a pinentry. Needs a patch to gnupg to make use of
--command-fd with --gen-key.
* doc/gpgme.texi: Document offline mode.
* src/context.h (gpgme_context): Add offline.
* src/engine-backend.h (keylist, keylist_ext): Add engine_flags.
* src/engine.c, src/engine.h (_gpgme_engine_op_keylist): Ditto.
(_gpgme_engine_op_keylist_ext): Ditto.
* src/engine.h (GPGME_ENGINE_FLAG_OFFLINE): New.
* src/engine-gpg.c (gpg_keylist, gpg_keylist_ext): Ditto.
* src/engine-gpgsm.c (gpgsm_keylist): Handle engine_flags.
(gpgsm_keylist_ext): Ditto.
* src/gpgme.c (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.def (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.h.in (gpgme_set_offline, gpgme_get_offline): New.
* src/libgpgme.vers (gpgme_set_offline, gpgme_get_offline): New.
* src/keylist.c (gpgme_op_keylist_start): Set offline flag.
(gpgme_op_keylist_ext_start): Ditto.
* tests/run-keylist.c (show_usage, main): Add offline argument.
--
The offline engine option was introduced with gpgsm 2.1.6
it is mainly useful for a full keylisting that includes
the certificate validation but does not depend on external
information that could take an indefinite amount of time to
collect.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* src/engine-gpgsm.c (gpgsm_assuan_simple_command): Do not terminate
on a status lines.
--
This bug has been with us since the support for gpgsm: If there is no
status line handler but a status line is received anyway the command
handling loop terminates and thus the command/answer order gets out of
sync. In the case of the bug report this is triggered by sending an
option which starts the agent and that starting emits a "PROGRESS"
status line.
The solution is not to stop reading after a status line but record a
possible error code and return that only after OK or ERR.
GnuPG-bug-id: 1795
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.h: Change macros to not have a literal 0 as last
expression of the comma operator.
* src/debug.c (_gpgme_debug_frame_end): Return 0.
(_gpgme_debug): Return 0.
--
Instead of using
foo(), 0
for the trace macros we let foo() return 0 instead.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (calc_sig_summary): Handle GPG_ERR_CERT_REVOKED.
--
parse_new_sig() handles a revoked key by setting sig->status to
GPG_ERR_CERT_REVOKED, but then later calc_sig_summary() expects that
code in sig->validity_reason.
Additional comments added by wk.
* src/engine-gpg.c (gpg_keylist_preprocess): Increment SRC for a
backslash.
--
This bug is not exploitable because this bug fills up .data with
backslashes and thus causes the segv.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/Makefile.am (extra_ltoptions): New.
(libgpgme_la_LDFLAGS): Use it.
(libgpgme_pthread_la_LDFLAGS): Ditto.
(libgpgme_glib_la_LDFLAGS): Ditto.
--
Since gcc 4.8 there is a regression in Mingw64 in that plain C
programs may link to libgcc_s.a which has a dependency on
libgcc_s_sjlj.dll. This is for example triggered by using long long
arithmetic on a 32 bit Windows (e.g symbol __udivdi3).
Note that we don't use this patch for the Qt version which, as C++
programs, actually requires that DLL,
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-spawn.c (add_data): Fix malloc
--
Bummer. Why did I subtracted one from the size? Did I assume a
dynamically allocated structure with a string field which was not
going to be used? Very strange.
Not a real problem though because malloc will anyway round up the
allocation to at least the next word size.
Detected by Stack 0.3.
* src/context.h (OPDATA_EXPORT): New.
* src/export.c (op_data_t): New.
(release_op_data): New.
(parse_error): New.
(export_status_handler): New.
(export_start, export_ext_start): Prepare op_data.
(gpgme_op_export_ext, gpgme_op_export_keys): Return an error from the
status handler.
--
To support an error return also for the async functions we need to
extend the API. Until we have done that this new features helps at
least in some cases; in particular for --send-keys.
* src/sign.c (gpgme_op_sign_result): Reformat and take care of failed
malloc.
--
Although _gpgme_debug_trace() is current always true, the code should
be run always and not just in trace mode. Also added error checking
to malloc and strdup. And while at replace some while by for loop for
easier readability.
* src/sign.c (gpgme_op_sign_result): Test that invalid and valid
signatures add up to gpgme_signers_count().
--
When invalid and valid signatures do not equal gpgme_signers_count() it
means that there was a bad passphrase during signing after the first
signer. This leaves the result.signatures from previous signers intact
which isn't correct since gpg will report:
gpg: number of one-pass packets does not match number of signature
packets
gpg: can't handle this ambiguous signature data
during verify. So when this happens append the valid signatures to the
.invalid_signers list with .reason set to GPG_ERR_GENERAL.
--
The --no-sk-comments flag is (or should be) a no-op in modern versions
of gnupg, but gpgme should still use its full form rather than the
(slightly) abbreviated --no-sk-comment
* src/engine-gpgsm.c (status_handler):
* src/engine-uiserver.c (status_handler):
--
After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded. Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order. This is not easy exploitable because libassuan constructs the
line. However a crash has been reported and thus it might be possible
to constructs an exploit.
CVE-id: CVE-2014-3564
Reported-by: Tomáš Trnka
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_SECRET): New.
* src/engine-gpg.c (gpg_keylist_build_options): Handle new mode.
* src/engine-gpgsm.c (gpgsm_keylist, gpgsm_keylist_ext): Ditto.
* src/keylist.c (parse_sec_field15): Add arg key and take care of
--with-secret output.
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Add
"with_secret". Print card info and and secret flag for subkeys.
--
Note: This mode may only be used with GnuPG >= 2.1.
* src/gpgme.h.in (struct _gpgme_subkey): Add field CURVE.
* src/key.c (gpgme_key_unref): Free CURVE.
* src/keylist.c (keylist_colon_handler): Set CURVE.
* src/gpgme.c (gpgme_release): For failsafe reasons reset engine and
engine info after freeing.
--
The engine hack is useful in case the other release functions
accidently call engine release.
* src/engine-spawn.c (engspawn_start): Allocate space for list
terminator.
* src/posix-util.c (walk_path): Fix trailing slash detection.
--
Kudos to Valgrind for pointing out these two problems.
The first is a plain allocation bug in a code pattern I have written
thousands of times - this time it went wrong. The allocation is not
user controlled thus not directly exploitable.
The second is missed to do what it intended to do. Found due to the
access of malloced but not initialized memory. Not using calloc
again proved to be helpful to detect logical error.