Commit Graph

753 Commits

Author SHA1 Message Date
Werner Koch
7f24233719
json: Fix minor memory leaks.
* src/gpgme-json.c (interactive_repl): Fix memleak.
(subkey_to_json): Ditto
(op_config): Delay init of j_comps to avoid a leak on error.
--

GnuPG-bug-id: 4341, 4342, 4343
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-25 13:45:47 +01:00
Werner Koch
8b41fb08f0
core: Silence newer compiler warnings.
* configure.ac: Add -Wno-format-truncation and
  -Wno-sizeof-pointer-div.
* src/b64dec.c (_gpgme_b64dec_proc): Add fallthrough annotation.
* src/cJSON.c (parse_string): Ditto.
* src/gpgme-json.c (main): Ditto.
--

gcc 8 enables a couple of new warnings.  Some of them are useless for
us.  In particular:

  util.h:42:26: warning: division 'sizeof (char *) / sizeof (char)'
  does not compute the number of array elements [-Wsizeof-pointer-div]
  #define DIM(v) (sizeof(v)/sizeof((v)[0])) ^

  trustlist.c:101:22: note:
  in expansion of macro 'DIM' if (strlen (p) == DIM(item->keyid) - 1)

Which is a real standard way to use DIM, here the right hand side is
equivalent to sizeof but nevertheless it is correct.  Yes sir, we know
C.

The format string warnings I have seen were assuming that the time
structure returns valued out of scope - but if the system is that
broken, the s_n_printf catches this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-17 16:47:27 +01:00
Andre Heinecke
78f6291a3b
core: Fix ERR_INV_ARG check in genkey_start
* src/genkey.c (gpgme_op_genkey_start): Fix check for
parms.

--
This fixes a regression introduced by:
174af15725

So that the error was triggered by usual args.

GnuPG-Bug-Id: T4265
2018-12-07 10:43:58 +01:00
Werner Koch
649b196881
doc: Minor comment cleanups.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-03 10:41:00 +01:00
Werner Koch
b182838f71
core: Fix format string errors in w32-io.c and use of TRACE_SUC.
* src/w32-io.c: Fix use of TRACE_SUC.  Fix some format strung errors.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-19 12:49:40 +01:00
Werner Koch
7a1e7006d0
core: Protect the trace macros for fun and profit.
* src/debug.h: Protect macros using.
(_trace_err, _trace_sysres, _trace_syserr): New helper inline
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 18:17:22 +01:00
Werner Koch
7eda50a673
core: Fix a LF problem in the new debug fucntion.
* src/debug.c (_gpgme_debug): Print a LF for an empty FORMAT unless we
are in legacy mode.
2018-11-16 18:15:22 +01:00
Werner Koch
cf42386406
core: Fix format string errors in trace macros
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 16:57:09 +01:00
Werner Koch
94d274a1a3
core: Remove old debug helper function
* src/debug.c (_gpgme_debug): Remove.
(_gpgme_debugf): Rename to _gpgme_debug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 16:39:26 +01:00
Werner Koch
5857491a2a
core: Simplify the trace maros by using variadics.
* src/debug.h (TRACE_BEG, TRACE_LOG, TRACE_SUC): Use variadic macros
and remove the TRACE_BEG1 et al.  Change all users to always pass a
format string.
(TRACE): Ditto.
* src/debug.c (_gpgme_debugf): New.
* configure.ac <GCC>: Add -Wno-format-zero-length.
--

This makes it easier for use to enable format checks.  The zero-length
format is required to allow for an empty format due to the comman
problematic of __VA_ARGS__.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 16:25:49 +01:00
Werner Koch
8d91c0f4cd
Add SPDX identifiers to most source files
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 13:27:33 +01:00
NIIBE Yutaka
60828a505a build: Make gpgme.m4 use gpgrt-config with *.pc.
* src/gpgme.m4 (_AM_PATH_GPGME_CONFIG): Use gpgrt-config with gpgme.pc
when possible.
(AM_PATH_GPGME_GLIB): Likewise with gpgme-glib.pc.

--

Keeping AM_PATH_GPGME_PTHREAD, as is, untouched.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-12 10:01:16 +09:00
NIIBE Yutaka
a76e145a10 build: Provide gpgme-glib.pc too.
* src/gpgme-glib.pc.in: New.
* src/gpgme.pc.in (avail_lang): Remove.

--

Provide gpgme-glib.pc for gpgme-glib library.  The avial_lang
information is no use because *.pc is for C.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-12 09:59:05 +09:00
NIIBE Yutaka
f3e6052189 build: Provide gpgme.pc, generated by configure.
* configure.ac: Generate src/gpgme.pc.
* src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New.
(EXTRA_DIST): Add gpgme.pc.in.
* src/gpgme.pc.in: New.
* src/gpgme-config.in: Use variables.

--

Some usages of gpgme-config is not compatible to pkg-config style;
The --glib option and --thread option which affect the output
by --cflags or --libs are not supported by gpgme.pc.

gpgme-config's embedding information for gpg-error and libassuan at
the build time of gpgme is considered inflexible than pkg-config
style.  It is now handled by dependency of gpgme.pc (Requires field).

To use gpgme.pc, newer libgpg-error (>= 1.33) and libassuan (>= 2.5.3)
are required, which provide gpg-error.pc and libassuan.pc respectively.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-12 09:03:49 +09:00
Daniel Kahn Gillmor
2557d0ae6f spelling: fix misspellings
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-11-08 12:34:27 +07:00
Werner Koch
bded8ebc59
gpg: Avoid error diagnostics with --override-session-key.
* src/engine-gpg.c (gpg_decrypt): Add --no-keyring.
--

GnuPG-bug-id: 3464
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-05 10:30:45 +01:00
Werner Koch
5262ce0c81
w32: Fix a few compiler warnings.
* src/debug.h (TRACE_SYSERR_NR): New.
* src/w32-io.c: Fix compiler warnings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 12:54:22 +01:00
Werner Koch
ed3f5ad760
w32: Log all errors from CloseHandle and WFSO in w32-io.
* src/w32-io.c (close_handle, _close_handle): New macro and function;
use in place of all CloseHandle calls.
(wait_for_single_object, _wait_for_single_object): Likewise.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 12:28:17 +01:00
Werner Koch
4faa0ccf58
w32: Don't use CloseHandle on an arbitrary integer.
* src/assuan-support.c (my_waitpid): Do not close the PID = it is not
a handle.
--

At some time in the distant past we might have used the process object
as pid which obviously required a close.  However this was changed and
so what we did here was to close an arbitrary handle (one which
matches the pid).

GnuPG-bug-id: 4237
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 11:26:19 +01:00
Werner Koch
da89528ac3
w32: Revamp the closing of system objects.
* src/w32-io.c (hddesc_t): New.
(reader_context_s, writer_context_s): Replace file_sock and file_hd by
the hddesc_t hdd.
(fd_table): Ditto.  Add want_reader and want_writer.
(hddesc_lock): New lock variable.
(new_hddesc, ref_hddesc): New.
(release_hddesc): New.
(reader, writer): Call release_hddesc.
(create_reader, create_writer): Change for new hddesc scheme.
(destroy_reader, destroy_writer): Replace closing by a call to
release_hddesc.
(_gpgme_io_pipe): Change for new hddesc scheme.
(_gpgme_io_close): Ditto.
(_gpgme_io_dup): Ditto.  Use want_reader and want_writer.
(_gpgme_io_socket): Change for new hddesc scheme.
--

GnuPG-bug-id: 4237
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 09:14:58 +01:00
Werner Koch
337c108255
core: Print a dump of the I/O data only at level 8.
* src/debug.h (TRACE_SUC3): New.
(TRACE_LOGBUFX): New.
* src/posix-io.c: Use TRACE_LOGBUFX instead of TRACE_LOGBUF.
* src/w32-glib-io.c: Ditto.
--

This will also be changed for w32-io as part of another commit.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 09:03:43 +01:00
Werner Koch
acef4f775f
w32: Fix and improve CancelSynchronousIo use.
* src/w32-util.c (_gpgme_w32_cancel_synchronous_io): Fix name of DLL
and print trace info only on error.
--

Fixes-commit: 63ba09b541
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-02 08:47:44 +01:00
Werner Koch
63ba09b541
w32: Use CancelSynchronousIo in destroy_reader.
* src/w32-util.c (_gpgme_w32_cancel_synchronous_io): New.
* src/w32-io.c (destroy_reader): Use it here.
--

This has not been tested but should on Vista and later help to fix a
possible hang.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-01 09:55:24 +01:00
Werner Koch
338e9edfdb
w32: Merge all the object tables of w32-io into one.
* src/w32-io.c (fd_table_size): New.  Used in most places instead of
the MAX_SLAFD constant.
(reader_table, writer_table, notify_table): Merge them into ...
(fd_table): this table.  Chnage all affected code to take just one
lock.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-01 09:53:48 +01:00
Werner Koch
79fc7c0fe8
w32: Remove unused arg from two functions.
* src/w32-io.c (find_reader, find_writer): Remove unused start_it
arg.  It is always passed as true.  Change callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-31 14:58:23 +01:00
Werner Koch
3c04dea3ec
w32: Remove all support for WindowsCE
* configure.ac: Remove WindwosCE support.
* contrib/: Remove all; it was only used for WindowsCE.
* src/w32-ce.c, src/w32-ce.h: Remove files.
* src/Makefile.am (system_components): Remove these files.
* src/ath.c, src/ath.h: Remove W32CE support.
* src/data-compat.c (gpgme_data_new_from_filepart): Ditto.
(gpgme_data_new_from_file): Ditto.
* src/debug.c (debug_init, _gpgme_debug): Ditto.
* src/gpgme-tool.c (gpgme_server): Ditto.
(main): Ditto.
* src/priv-io.h: Do not include w32-ce.h.
* src/util.h: Remove WindowsCE support.
* src/w32-io.c: Ditto.
* src/w32-util.c: Ditto.
* src/debug.h (TRACE_SUC4): New.
--

There is no more hardware to test our code, the support for Windows CE
terminated along time ago.  Note that our code worked only with the
old WindowsCE with that overall system limit of 31 processes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-31 12:35:14 +01:00
Werner Koch
2e07d4f89a
w32: Remove cruft in w32-io from WindowsME times.
* src/w32-io.c (set_synchronize): Remove.
(create_reader, create_writer): No need for set_synchronize.
--

The set_synchronize dates back to 2001 at a time when I wrote the
Windows support on WindowsME and Windows2000.  Maybe this was required
then due to bugs in that old NT or partly NT based Windows versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-31 12:00:08 +01:00
Werner Koch
9eef23fcf3
w32: Fix previous commit.
* src/w32-io.c (_gpgme_io_spawn): Move freeing of TMP_NAME behind its
use in an error handling.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-30 11:19:33 +01:00
Andre Heinecke
7a1b58045f
core,w32: Fix memleak of tmp_name in w32-io
* src/w32-io.c (_gpgme_io_spawn): Free tmp_name.

--
GnuPG-Bug-Id: T4238
2018-10-29 19:44:02 +01:00
Andre Heinecke
8f27511862
core: Do not crash if CMS plaintext is ignored
* src/engine-gpgsm.c (gpgsm_verify): Fix handling both
plaintext and signed_text as NULL.

--
Previously if plaintext was NULL and signed_text was NULL
it would set MESSAGE_FD to NULL which resulted in a
crash.

Ignoring the plaintext of an opaque signature might
make sense in some cases and engine-gpg handles it.
2018-10-29 16:11:22 +01:00
Werner Koch
fbac11b19d
core: Fix segv in genkey when no endtag is provided.
* src/genkey.c (get_key_parameter): Provide a fallback ENDTAG.
--

It would actually be more correct to return an error in this case but
it is possible tha there are users who did not provide an endtag and
out of luck they also didn't trigger a segv.

GnuPG-bug-id: 4192
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-18 17:37:57 +02:00
Werner Koch
174af15725
core: Return an error if NULL is provided for genkey's parms.
* src/debug.c (_gpgme_debug_buffer): Bail out of BUF is NULL.
* src/genkey.c (gpgme_op_genkey): Do no deref a NULL in
TRACE_LOGBUF.
(gpgme_op_genkey_start): Ditto. Return an error if PARMS is NULL.
--

This robustness patch should solve one part of
GnuPG-bug-id: 4192
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-18 16:54:51 +02:00
Daniel Kahn Gillmor
12b0b5c894 doc: convert more links to equivalent https:// URLs
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-18 00:28:51 -04:00
Daniel Kahn Gillmor
a81534fed8 doc: convert more http:// links to https://
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-18 00:28:51 -04:00
Daniel Kahn Gillmor
2f12427e41 doc: use https:// for www.gnu.org
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-18 00:28:51 -04:00
Werner Koch
d63d6d8b80
core: Really remove CR from version output.
* src/version.c (_gpgme_get_program_version): Fix test.
--

Fixes-commit: 6bde056355
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-16 17:05:14 +02:00
Andre Heinecke
85627e5818
core: Add trust-model flag
* src/context.h (gpgme_context): Extend with trust_model.
* src/engine-gpg.c (engine_gpg): Extend with trust_model.
(gpg_set_engine_flags): Take trust_model from context.
(build_argv): Handle trust_model.
(gpg_release): Free trust_model.
* src/gpgme.c (gpgme_set_ctx_flag): Handle trust-model flag.
(gpgme_release): Release trust-model.
* doc/gpgme.texi: Document new flag for gpgme_set_ctx_flag.
(Context Flags): New subsection for the context flags.
* tests/run-keylist.c (show_usage, main): Add new --trust-model
parameter.

--
This gives a GPGME user fine grained control over the
trust-model.

Changing the trust model for only a single application depends
on:
GnuPG-Bug-Id: T4134
Maniphest Tasks: T4134
Differential Revision: https://dev.gnupg.org/D466
2018-10-09 10:48:58 +02:00
Andre Heinecke
ecfa88e65f
core: Ensure r_key init in gpgme_get_key
* src/keylist.c (gpgme_get_key): Move r_key init above
the first invalid value check.

--
This fixes the case where someone passes an unitialized
r_key and no fingerprint.
2018-10-09 10:45:12 +02:00
Werner Koch
1aff2512d8
Release 1.12.0
* configure.ac: Bump core LT version to C32/A21/R0.  Bump C++ LT
version to C14/A8/R0.

* lang/qt/tests/Makefile.am (CLEANFILES): Add reader status files.
* Makefile.am (EXTRA_DIST): Add conf/whatisthis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-08 11:17:01 +02:00
Werner Koch
913601f487
core: Apply GPGME_EXPORT_MODE_NOUID also to keyserver exports.
* src/engine-gpg.c (export_common): Add keyserver-options to the
send-keys commands.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-05 15:16:53 +02:00
Werner Koch
7b861945fd
core: add experimental GPGME_EXPORT_MODE_NOUID.
* src/gpgme.h.in (GPGME_EXPORT_MODE_NOUID): New.
* src/export.c (export_start): Adjust option check.
* src/engine-gpg.c (export_common): Implement option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-02 11:18:00 +02:00
Werner Koch
dcdabf5f2e
python: Silence a few warnings.
* src/gpgme.h.in: Obsolete "class" also for Python.
* lang/python/gpgme.i: Silenece a swig warning.  Silence a gcc
warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-09-20 17:45:07 +02:00
Werner Koch
c569adb5e3
json: Remove subkey-algo from createkey command.
* src/gpgme-json.c (op_createkey): Remove subkey-algo param.
(GPG_AGENT_ALLOWS_KEYGEN_TRHOUGH_BROWSER): Fix typo.
* lang/js/src/Keyring.js: Remove subkey-algo support.
* lang/js/src/permittedOperations.js: Ditto.
--

We do not want to expose details of the protocol's key generation and
thus the subkey-algo does not make sense.  Right now we support only
the default and future-default algorithms.  A user can configure them
anyway using new-default-key-algo in gpg.conf.  Eventually we may
officially support a more flexible way of creating special structured
OpenPGP keys but right now that is not part of the API.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-09-19 11:51:31 +02:00
Ben McGinnes
2375959180 estreams revised
* Egon Spengler was right, crossing the streams is bad.
* Restored both src/gpgme.def and src/libgpgme.vers to use the
  estreams symbols without the leading underscore.
* The new_from_estream() function added to lang/python/src/core.py and
  set to alias the new_from_stream() function remains.
* Opted for the solution favouring Linux onthree main grounds:
  1. Andre reported major problems with Windows as well, so the number
     of potentially affected systems would vastly increase.
  2. All the BSDs and OS X have spent far more time and development
     work in order to accommodate the eccentricities of both Microsoft
     and the GNU Project (ref. GCC), so they're more likely to be able
     to cope with doing so again than the other way around.
  3. If I really have to I can write a custom installer for OS X to
     try this and, if it fails, to then patch the two symbol entries and
     recompile from scratch.  That said, I may not have to since it
     actually behaved during the most recent tests for this
     commit; into ten separate CPython installations and all five
     supported versions (standard source installs and OS X Framework
     installs for each version).

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-08 14:45:37 +10:00
Ben McGinnes
879cc1f84f estreams symbols for python bindings
* It turns out that even though some platforms detect differing
  symbols for estreams, the two types do not appear to be in
  conflict.  At least they don't from the BSD/OS X side of things.
  As a consequence both versions are now included.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-02 19:07:18 +10:00
Ben McGinnes
1d00fb987b python bindings: estreams fix
* lang/python/src/core.py: Adjusted new_from_estream function to alias
  new_from_stream instead of fd.
* fixed the _gpgme import errors introduced in commit
  08cd34afb7 by changing the exported
  functions/types to match the inner module where all the work is
  done, rather than the outer one(s).

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-08-30 15:41:31 +10:00
Andre Heinecke
1420c3bd68
json: Fix detached verify
* src/gpgme-json.c (op_verify): Only create output and
use it for clearsigned and opaque signed.

--
Just passing output to gpgme_op_verify changes the behavior to
no longer do a verify of the signature.
2018-08-29 14:32:36 +02:00
Andre Heinecke
3bdf8be6d2
json: Delete primary key if subkey gen fails
* src/gpgme-json.c (op_delete): Delete primary key on
subkey gen error.

--
This can happen for example if the user cancels the
pinentry to unlock the primary key when adding the
subkey.  To avoid an artifact of a pimary key without
an encryption capable subkey we delete the created
key and treat the whole operation as failed.
2018-08-28 08:35:06 +02:00
Andre Heinecke
7d3c13df26
json: Allow NULL request in encode and chunk
* src/gpgme-json.c (encode_and_chunk): Don't error on NULL
request.

--
This fixes the error that is passed when parthing the json
object failed and request would be NULL.
Instead of the JSON parser error it would otherwise report
that encode and chunk failed.
2018-08-28 08:05:46 +02:00
Werner Koch
53c5b9a265
json: Do not put FILE_NAME into the verify result.
* src/gpgme-json.c (verify_result_to_json): Remove "file_name".
--

Having the file name in the verify result may lead developers to
assume that the file name is covered by the signature.  This is not
the case and can easily be checked by hex-editing a signed message.
We better don't output it at all.

The same is true for the is_mime flag but that is anyway only an
advisory and I can't see damage from a faulty one.

Note that we keep file_name in gpgme's output for ABI stability and
because some tools want to display meta information even if they are
subject to tampering.  This is similar to the non-encrypted subject in
mails.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27 11:43:02 +02:00
Werner Koch
702566b36c
doc: Add warning that FILE_NAME is not part of the signed data.
--
2018-08-27 11:43:02 +02:00
Jasper Spaans
08cd34afb7
core: Export gpgme_data_new_from_estream function.
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27 09:06:20 +02:00
Andre Heinecke
a5f8dac77d
json: Add sender and file name to encrypt
* src/gpgme-json.c (hlp_encrypt, op_encrypt): Support sender
and file_name.
2018-08-23 20:50:18 +02:00
Andre Heinecke
263dadb04a
json: Add proper decrypt_result_t handling
* src/gpgme-json.c (recipient_to_json, decrypt_result_to_json):
New.
(op_decrypt, hlp_decrypt): Update.

--
The op_decrypt as one of the first operations did not yet
match the current 1 <> 1 mapping of gpgme types to json
dictonaries.

info and dec_info are bad names but used for compatibility reasons.
2018-08-21 14:36:42 +02:00
Andre Heinecke
8103eeba80
json: Add subkey_algo and defaults to createkey
* src/gpgme-json.c (op_createkey, hlp_createkey): Add subkey_algo
handling.
(hlp_createkey): Fix documentation of expiry.
--
Due to the funny quick-gen-key interface generating a key
with an explicit algo would result in bad defaults (only an SC key),
without a subkey.

This adds handling that should probably be in GnuPG proper to fix
the semantics of createkey by adding default subkey_algo handling.
2018-08-20 16:38:36 +02:00
Andre Heinecke
4dd1d0abd3
json: Wipe memory in cJSON_Delete
* src/cJSON.c (cJSON_Delete): Wipe memory on deletion.
2018-08-08 14:27:24 +02:00
Andre Heinecke
fdc07b3ddc
json: Only use calloc instead of malloc
* src/cJSON.c, src/gpgme-json.c (CALLOC_ONLY): New define
to change xmalloc / xtrymalloc to use calloc.

--
Some people consider malloc dangerous as it might allow an
information leak.
2018-08-08 14:25:28 +02:00
Andre Heinecke
974a95db04
json: Add checks when skipping byte
* src/cJSON.c (parse_string, cJSON_Minify): Check for
terminating NULL byte when skipping the byte after a an escaped
quote.
2018-08-08 13:30:01 +02:00
Andre Heinecke
6e48bb0f1c
json: Don't error out if chunksize is omitted
* src/gpgme-json.c (encode_and_chunk): Don't error out
if no chunksize is provided.

--
This fixes 82e4b900a9 which
caused every call without chunksize to error out.
2018-08-08 09:49:51 +02:00
Werner Koch
5ef492c563
core: Clear all flags for a new data property.
* src/data.c (PROPERTY_TABLE_ALLOCATION_CHUNK): New.
(insert_into_property_table): Use it here.  Clear all flags.
--

Fixes-commit: 085cdeddef
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 20:38:21 +02:00
Werner Koch
085cdeddef
core: Blank out the plaintext after decryption failure.
* src/data.h (data_prop_t): New enum.
(struct gpgme_data): Add field propidx.
* src/data.c (property_t): New.
(property_table, property_table_size, property_table_lock): New.
(insert_into_property_table): New.
(remove_from_property_table): New.
(_gpgme_data_get_dserial): New.
(_gpgme_data_set_prop): New.
(_gpgme_data_get_prop): New.
(_gpgme_data_new): Connect new object to property_table.
(_gpgme_data_release): Remove from property_table.
(gpgme_data_read): With DATA_PROP_BLANKOUT set don't fill the buffer.
* src/data-mem.c (gpgme_data_release_and_get_mem): Likewise.
* src/decrypt.c (struct op_data): Add field plaintext_dserial.
(_gpgme_op_decrypt_init_result): Add arg plaintext and init new field.
(_gpgme_decrypt_status_handler): Set DATA_PROP_BLANKOUT on decryption
failure.
(_gpgme_decrypt_start): Pass PLAIN to the init function.
* src/decrypt-verify.c (decrypt_verify_start): Ditto.
* configure.ac: Check for stdint.h and bail out if uint64_t is not
available.
--

This is a best effort feature to not output plaintext after a
decryption failure (e.g. due to no or broken authenticated
encryption).  It always work when using a memory object and reading it
after the decryption but it can't work reliable when the user is
reading from the data object while the decryption process is still
running.

This is quite a large change because the data objects and the context
objects are allowed to be owned by different threads.  Thus a
synchronization is needed and we do this with a global table of all
data objects to which the context objects can do soft-linking via a
unique data object serial number.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 17:39:09 +02:00
Werner Koch
af2c74d6c0
json: Don't use strdup but the xtrystrdup wrapper.
* src/gpgme-json.c (create_keylist_patterns): Use CNT as first arg for
xcalloc.
(process_request): s/strdup/xtrystrdup/.
--

calloc takes two arguments so to be able to detect integer overflow.
Thus if we switch from malloc to calloc we should utilize that.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 09:53:37 +02:00
Werner Koch
f42cd70f18
core: New interface gpgme_data_new_from_estream.
* src/gpgme.h.in (gpgme_data_new_from_estream): New.
* src/data-estream.c: New.
* src/data.h (gpgme_data): New union member e_stream.
--

The estream functions (gpgrt_fopen et al.) are any waypart of the
required libgpg-error library and thus it makes sense to provide this
convenience interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 09:51:45 +02:00
Andre Heinecke
98a75a16cc
json: Fix memleak in native msging repl
* src/gpgme-json.c (native_messaging_repl): Free request and
response after each loop.

--
If we only accept once request we should not loop. If we loop
we should do it properly.
2018-07-18 13:15:02 +02:00
Andre Heinecke
6d7b4382c3
json: Ensure that native msging request is string
* src/gpgme-json.c (native_messaging_repl): Ensure that the
request is NULL terminated.

--
This avoids potential memory leaks and access to unmapped memory
in case the request was not terminated.
Other request functions use es_read_line which gurantees NULL
termination.
2018-07-18 13:06:08 +02:00
Andre Heinecke
82e4b900a9
json: Fix crash by ensuring response is never NULL
* src/gpgme-json.c (encode_and_chunk): Try to always
return at least an error.
(process_request): Double check that it does not return NULL.

--
If process_request returns NULL the following strlen on it
would crash.
2018-07-18 13:05:48 +02:00
Andre Heinecke
b78140daf7
json: Fix memory errors in create_keylist_patterns
* src/gpgme-json.c (create_keylist_patterns): Reserve two
pointers more then linefeeds.
(create_keylist_patterns): Fix loop to count linebreaks.
(create_keylist_patterns): Use calloc for good measure.

--
This fixes crashes and memory corruption as cnt did not
match i.
2018-07-18 12:57:51 +02:00
Andre Heinecke
1686e07e77
json: Fix crash on invalid json
* src/gpgme-json.c (process_request): Init res. Check for
json object before encode and chunk.

--
If json is invalid we can't read chunksize and would crash
in encode and chunk.
2018-07-16 19:47:11 +02:00
Andre Heinecke
cc21101a74
json: Fix uninitialized key unref in op_delete
* src/gpgme-json.c (op_delete): Init key.
2018-07-16 19:46:04 +02:00
Werner Koch
1933f5b805
json: Minor cleanups in cJSON.c
* src/cJSON.c: Add comments on the origin of the code.
(parse_string): Allocate an extra byte for safeness.
(cJSON_AddItemToArray): Allo ARRAY to be NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-16 14:42:30 +02:00
Werner Koch
013a7f47ab
json: Fix buffer overflow in cJSON.c
* src/cJSON.c (parse_string): Correctly detect bad hex.
--

The call to parse_hex4 checks that only hex digits follow and in the
error case returns 0.  However, by the time of the combined check for
an invalid value and the error PTR has already been set to the last
hex character and thus if the end-of-string or a quote character was
one of the bad hex digits the loop will miss the end of the string
which does not match with the simple buffer length allocation test at
the begin of the function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-16 12:37:06 +02:00
Andre Heinecke
6cc842c9aa
json: Add with-sec-fprs param to export
* src/gpgme-json.c (add_secret_fprs): New helper.
(op_export, hlp_export): Extend for with-sec fprs.

--
This is a request from Mailvelope, to import an export
they need the information for which keys from the export
a secret key is also available. For simplicity it is
much preferred to get this information in a single call
without the need to do and parse a keylisting additionally
in a second native-messaging call.

So we make it optional to include that info in the export.
2018-07-11 16:18:24 +02:00
Andre Heinecke
40471ec12f
json: Add with-secret without secret only
* src/gpgme-json.c (op_keylist, hlp_keylist): Add "with-secret"
as a flag to do a public keylist with secret information.
2018-07-09 11:36:28 +02:00
Andre Heinecke
7bc5d3c7e4
Add ctx flag for auto-key-locate
* src/context.h (gpgme_context): Add auto_key_locate.
* src/engine-gpg.c (engine_gpg): Add auto_key_locate.
(gpg_set_engine_flags, build_argv): Handle auto_key_locate.
(gpg_release): Free auto_key_locate.
* src/gpgme.c (gpgme_release): Free auto_key_locate.
(gpgme_get_ctx_flag, gpgme_set_ctx_flag): Handle auto-key-locate.
* doc/gpgme.texi: Document auto-key-locate flag.
* tests/run-keylist.c (show_usage, main): Add --from-wkd option.

--
This enables users of GPGME to control more fine grained what
auto-key-locate does.  Especially for WKD lookups / refreshes
can this be useful.

GnuPG-Bug-Id: T2917
Differential Revision: https://dev.gnupg.org/D463
2018-07-09 10:58:04 +02:00
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Andre Heinecke
76b8470915
json: Add keylist mode locate
* src/gpgme-json.c (op_keylist, hlp_keylist): Add locate.

--
The same rationale for the KEYLIST_MODE_LOCATE in GPGME
also applies here. It makes the API a little less magic.
2018-07-04 11:14:44 +02:00
Andre Heinecke
d8beab30c4
json: Add file handling for debug output
* src/gpgme-json.c (main): Add possibilty to set log file.

--
This is similar to how GPGME_DEBUG works. It takes ; on
Windows as seperator and : on linux. Followed by a file name.

For Linux it might make sense to use a different seperator
to allow setting a socket explicitly. But this is better
in line with the current GPGME_DEBUG behavior.

The change helps on Windows where we don't have a
log socket.
2018-06-20 10:50:17 +02:00
Andre Heinecke
54146d90dd
json: Return fingerprint as createkey result
* src/gpgme-json.c (op_createkey): Return fingerprint of new key.
2018-06-08 14:52:41 +02:00
Andre Heinecke
6c74a59e88
json: Add op_createkey
* src/gpgme-json.c (hlp_createkey, op_createkey): New.
(process_request, hlp_help): Add it.

--
This uses an unrestricted context for now until

GnuPG-Bug-Id: T4010
is implemented in GnuPG.
2018-06-08 13:55:21 +02:00
Andre Heinecke
af8510fb7f
json: Generalize chunking and getmore
* src/gpgme-json.c (MIN_REPLY_CHUNK_SIZE): Lower value to
new real minimum.
(DEF_REPLY_CHUNK_SIZE): Don't chunk by default.
(pending_data): Remove type and base64.
(make_data_object): Remove chunksize handling as this is now
generic.
(encode_and_chunk): Setup the pending_data buffer for chunking
if required.
(op_getmore): Changed to generically work on a response.
(hlp_getmore): Update accordingly.
(hlp_help): Document chunksize as generic parameter for all commands.
(process_request): Use encode_and_chunk on the response.
(hlp_encrypt, op_encrypt, hlp_decrypt, op_decrypt),
(hlp_verify, op_verify, hlp_sign, op_sign),
(op_keylist, hlp_keylist, hlp_export, op_export): Update accordingly.

--
To include handling for json properties e.g. in a keylist in
the chunk mechanism the mechanism is now more general.

If the chunksize property is provided the response will
always look exactly like a "getmore" response. E.g.

e.g.:
{
    "op": "keylist",
    "chunksize": 64
}
Results in:
{
   "more": true,
   "base64": true,
   "response": "ewoJImtleXMiOglbewoJCQkicmV2b2tlZCI6"
}

For simplicity this is even true if the chunksize is larger
then the response.

The client has to combine all "response" chunks and base64
decode them to get valid json.

The complete response (including json) is never larger then
the chunksize but might be smaller. Except for interactive
use due to additional format characters.
2018-06-08 10:29:59 +02:00
Andre Heinecke
e48f4a18f8
json: Rework verify_result_to_json
* src/gpgme-json.c (sigsum_to_json): Add bool repr.
(signature_to_json, verify_result_to_json): Extend and follow better
pattern.
(hlp_decrypt, hlp_verify): Expand doc.

--
This should make it more clear which values are mapped as
the naming is more direct and clear and help to use
the gpgme documentation to understand the verify_result values.
2018-06-07 16:07:59 +02:00
Andre Heinecke
906ea48df3
json: Add direct way to query a config option
* src/gpgme-json.c (op_config_opt, hlp_config_opt): New operation.
(process_request, hlp_help): Add it.

--
This is more conveniant API for most query operations where
a single option is required.

An example would be:
{
    "op": "config_opt",
    "component": "gpg",
    "option": "default-key"
}

Which results in:
{
   "option":       {
           "name": "default-key",
           "description":  "use NAME as default secret key",
           "argname":      "NAME",
           "flags":        0,
           "level":        0,
           "type": 1,
           "alt_type":     1,
           "value":        [{
                           "string":       "F462B6B1",
                           "is_none":      false
                   }]
   }
}
2018-06-07 11:42:47 +02:00
Andre Heinecke
7e18c7a07a
json: Add op_config to query gpgconf
* src/gpgme-json.c (op_config, hlp_config): New.
(hlp_help, process_request): Add config.
(conf_arg_to_json, conf_opt_to_json, conf_comp_to_json): New
helpers.
2018-06-07 11:26:48 +02:00
Werner Koch
2c4c569247
core: Return a better error code on certain decryption failures.
* src/decrypt.c (op_data_t): Add field first_status_error.
(parse_status_error): Set it.
(_gpgme_decrypt_status_handler): Prefer an ERROR code over a
NO_SECKEY.
--

GnuPG-bug-id: 3983
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 16:20:27 +02:00
Werner Koch
998fec8a4f
json: Allow to compile with libgpg-error < 1.28
* src/cJSON.c: Use gpgrt fucntion only if available.
--

We have a hack in gpgme-json to allow building with older libgpg-error
versions.  That whole thing will not work but the instead the binary
will print an error at runtime that it needs to be build with a newer
libgcrypt.  There was a little bug here for the Debian packages
libgpg-error versions which failed to build cJSON.  cJSON is only
needed be the full gpgme-json but nevertheless the Makefile wants to
build it.  The fix is straightforward.

GnuPG-bug-id: 3971
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-05 09:40:17 +02:00
Werner Koch
662604c5bc
core: New context flag "ignore-mdc-error".
* src/context.h (gpgme_context): Add field ignore_mdc_error.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Set/get it.
* src/engine-gpg.c (engine_gpg): Add flags.ignore_mdc_error.
(gpg_set_engine_flags): Set it.
(build_argv): Pass option to gpg.
* src/decrypt.c (_gpgme_decrypt_status_handler): Take care of flag.
(gpgme_op_decrypt_result): Clear flag.
(gpgme_op_decrypt): Clear flag.
* src/decrypt-verify.c (gpgme_op_decrypt_verify): Clear flag
(gpgme_op_decrypt_ext): Clear flag.

* tests/run-decrypt.c (show_usage): Add option --ignore-mdc-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:29:34 +02:00
Werner Koch
dd19cabe81
core: New decryption result flag 'legacy_cipher_nomdc'.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:01:08 +02:00
Werner Koch
e2aa38b56a
core: Remove cruft from the engine-gpg code.
* src/engine-gpg.c (read_status): Remove the handling of
GPGME_STATUS_END_STREAM; this was used only by the former experimental
--pipemode of gpg but that is not even anymore invoked here.
(struct engine_gpg): Remove cmd.linked_data and .linked_idx.
(build_argv): Remove code for linked_data.
(gpg_new): Ditto.
(gpg_set_command_handler): Remove arr linked_data.
* src/engine-backend.h (engine_ops): Remove arg data from
set_command_handler.
* src/engine.c (_gpgme_engine_set_command_handler): Remove arg
linked_data and adjust all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 00:13:53 +02:00
Werner Koch
2219fc19d5
core: Minor cleanup in engine-gpg and -gpgsm.
* src/engine-gpg.c: Remove errno.h.
(build_argv): Use gpg_error_from_syserror instead of ERRNO.
* src/engine-gpgsm.c: Remove errno.h.
(status_handler): Remove check for EINTR; gpgme_data_write already
handles EINTR.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 00:13:52 +02:00
Werner Koch
77166851f1
json: Fix compiler warning.
* src/gpgme-json.c (op_version): Mark request as unused.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:58:02 +02:00
Werner Koch
0de991fee0
json: Do not allow to export or delete secret keys.
* src/gpgme-json.c (op_export, op_delete): Return GPG_ERR_FORBIDDEN if
"secret" is used.
--

This should not be possible from a browser and we need to make this
fully clear.  Actually gpg-agent won't allow that anyway but having
this explicitly is better.

If that is ever needed a dedicated command line option may enable
this, for example when used by regular programs and not by the browser.
But that requires other changes as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:56:49 +02:00
Werner Koch
368f2d9db3
json: Fix use of get_context.
* src/gpgme-json.c (create_onetime_context): New.
(release_onetime_context): New.
(op_sign): Use the new fucntions to create a separate context.
(op_encrypt): Use a separate context for key listings.
(create_keylist_patterns): Remove unneeded cast.
--

get_context retruns a static per-process context and can thus not be
used as a separate context.  Use dedicated fucntions for this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-28 09:53:32 +02:00
Andre Heinecke
7aa00917c7
json: Implement encrypt-sign
* src/gpgme-json.c (op_encrypt): Add optional signing_keys param.
(get_keys, create_keylist_patterns): Add param for json object name.

--
If the optional parameter signing_keys is provided to encrypt
it becomes an encrypt-sign operation.
2018-05-25 15:48:39 +02:00
Andre Heinecke
73dc5e933d
json: Implement delete command
* src/gpgme-json.c (op_delete): New.
(hlp_help, process_request): Add it.

--
As with import / export delete also does not work for
the browser origin.
2018-05-25 15:24:03 +02:00
Andre Heinecke
a1bbe7473a
json: Implement op_export
* src/gpgme-json.c (op_export): New.
(hlp_getmore, process_request): Add it.

--
Secret key export does not work with request-origin browser.
2018-05-25 14:52:51 +02:00
Andre Heinecke
897522527d
json: Fix double ctx alloc
* src/gpgme-json.c (op_keylist): Only get one ctx.
2018-05-25 14:50:59 +02:00
Andre Heinecke
10683b1a91
json: Add guard in create_keylist_patterns
* src/gpgme-json.c (create_keylist_patterns): Guard against
a string ending with a linbreak.
2018-05-25 14:50:20 +02:00
Andre Heinecke
1ff16dad59
json: Implement import operation
* src/gpgme-json.c (op_import): New.
(import_status_to_json, import_result_to_json): New.
(hlp_help, process_request): Add import.
2018-05-25 14:19:41 +02:00
Andre Heinecke
fe06929dee
json: Improve keylist help
* src/gpgme-json.c (hlp_keylist): Clarify doc about keys parameter.
2018-05-25 13:09:34 +02:00
Andre Heinecke
10724e363d
json: Fix keylist pattern handling
* src/gpgme-json.c (xfree_array): New helper.
(create_keylist_patterns): Convert keystring to gpgme patterns.
(op_sign, op_keylist): Use it.
2018-05-25 13:06:44 +02:00
Andre Heinecke
ed20936ce4
json: Add additional commands to help
* src/gpgme-json.c (hlp_help): Add additional commands.
2018-05-25 12:22:37 +02:00
Andre Heinecke
aa59f4970a
json: Refactor signature and ei code
* src/gpgme-json.c (add_summary_to_object): Changed to:
sigsum_to_json.
(add_signature_to_object): Changed to signature_to_json.
(add_signatures_to_object): Changed to verify_result_to_json.
(add_ei_to_object): Changed to engine_info_to_json.
(op_decrypt, op_verify, op_version): Use new functions.

--
This pattern of gpgme_type to json object conversion
is much cleaner then the error returning "add to object"
functions.
2018-05-25 12:17:46 +02:00
Andre Heinecke
546e3295ea
json: Implement keylist
* src/gpgme-json.c (xjson_AddStringToObject0)
(xjson_AddItemToObject): New helpers.
(sig_notation_to_json, key_sig_to_json, tofu_to_json)
(uid_to_json, subkey_to_json, key_to_json): New
GPGME to JSON functions.
(op_keylist): New.
(process_request): Add op_keylist.

--
The conversion from GPGME data structures to
JSON follow the same pattern for the keylist
functions using the xjson wrappers instead
of error checking every cJSON call.

For large keylists the keylist command also
needs a data / getmore handling somehow.
2018-05-25 11:56:32 +02:00
Andre Heinecke
a46c27b321
json: Deduplicate input handling code
* gpgme-json.c (get_string_data): New.
(op_verify, op_sign, op_decrypt, op_encrypt): Use it.

--
This handles the common base64 decoding and creation of the
gpgme_data object.
2018-05-25 11:56:32 +02:00
Andre Heinecke
9fca7c8406
json: Add code to gpg_error based messages
* src/gpgme-json.c (gpg_error_object): New.
(error_object_v): Extend to take error.

--
Having the error code is helpful, especially as
the strerrors are localized. E.g. to detect
an ERROR_CANCELED.
2018-05-24 16:35:42 +02:00
Andre Heinecke
61f4532ba9
json: Implement op_version
* src/gpgme-json.c (op_version): New.
(process_request): Extend for version.
(protocol_to_string, add_ei_to_object): New helpers.
2018-05-24 16:15:14 +02:00
Andre Heinecke
5fbf81c18b
json: Implement op_verify
* src/gpgme-json.c (op_verify): New.
(hlp_help): Add verify.
(process_request): Add verify.

--
Mostly works, except for detached, base64 encoded signatures,
they are somehow not yet written to gpgme.
2018-05-24 16:14:54 +02:00
Andre Heinecke
c679ed2477
json: Put signature info before data output
* src/gpgme-json.c (op_decrypt): Move info before data.

--
This should enable it to first parse signatures before
handling very large chunks of data.
2018-05-24 13:36:31 +02:00
Andre Heinecke
a6cd3a1197
json: Add sign to help
* src/gpgme-json.c (hlp_help): Add sign.
2018-05-24 13:31:15 +02:00
Andre Heinecke
1c0a55a608
json: Add op_sign
* src/gpgme-json.c (op_sign): New.
2018-05-24 13:29:23 +02:00
Andre Heinecke
b344933e4c
json: Fix invalid function call
* src/gpgme-json.c (add_signatures_to_object): Fix call to
xjson_CreateArray.

--
That is what happens if you edit code while reviewing changes,
without testing it again,..
2018-05-24 13:16:55 +02:00
Andre Heinecke
45036c3c4c
json: Print signatures for decrypt/verify
* gpgme-json.c (xJSON_CreateArray),
(add_summary_to_object, validity_to_string): New helpers.
(add_signature_to_object, add_signatures_to_object)
(add_signatures_object): New.
(op_decrypt): Handle verify_result.
(hlp_help): Mention decrypt.
2018-05-24 12:37:29 +02:00
Andre Heinecke
fd5e14660a
json: Minor typo fixes
* src/gpgme-json.c: Minor typo fixes.
2018-05-24 10:26:41 +02:00
Andre Heinecke
e04b8142df
core, w32: Add w64 handling for regkeys
* src/w32-util.c (_gpgme_get_gpg_path): Use new defines.
(GNUPG_REGKEY_2): x64 aware regkey as used by GnuPG in Gpg4win 2.x
(GNUPG_REGKEY_3): x64 aware regkey as used by GnuPG in Gpg4win 3.x
(_gpgme_get_gpgconf_path): Use new regkeys. Add another fallback.

--
This should fix more "unsupported protocol" issues if Gpg4win /
GnuPG is installed in a non standard path on 64bit systems.

The regkey handling is similar to that of gpgex and gpgol.

GnuPG-Bug-Id: T3988
2018-05-17 17:46:12 +02:00
Werner Koch
8a0c8c5251
core: Always fail if an OpenPG message is not integrity protected.
* src/decrypt.c (struct op_data_t): Add field not_integrity_protected.
(parse_decryption_info): Set this.  Also rename mode to aead_algo for
clarity.
(_gpgme_decrypt_status_handler): Force failure in case of a missing
MDC.
--

This extra check makes sure that a missing or stripped MDC in
 - gpg < 2.1
 - or gpg 2.2 with an old cipher algorithm
will lead to a decryption failure.  gpg 2.3 will always fail in this
case.  Implementing this check here and not backporting the 2.3 change
to 2.2 has the benefit that all GPGME using applications are protected
but scripts relying on rfc2440 (i.e. without MDC) will only break when
migrating to 2.3.

Note that S/MIME has no integrity protection mechanism but gpgsm
neither emits a DECRYPTION_INFO status line, so an error will not be
triggered.  If in the future gpgsm supports authenticated encryption
it may issue a DECRYPTION_INFO line to force a failure here but it
will in that case also emit a DECRYPTION_FAILED anyway.

GnuPG-bug-id: 3981
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-17 09:16:05 +02:00
Werner Koch
e54b110aec
json: Improve auto-base64 encoding to not split UTF-8 chars.
* src/gpgme-json.c (make_data_object): Switch to Base64 also for UTF-8
characters.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-09 16:41:05 +02:00
Werner Koch
e2a8a87bf9
core: Make the status-fd monitor work for all gpgsm commands.
* src/engine-gpgsm.c (status_handler): Call the status monitor also
here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-09 16:39:30 +02:00
Andre Heinecke
7706fa2c92
core: Do not modify args for ignored failures
* src/op-support.c (_gpgme_parse_failure): Ignore gpg-exit failures
before modifying args.

--
For op_decrypt_verify the status handler for both decrypt and
verify would parse the failure when the first parser ignored
the failure. This resulted in an ERR_INV_ENGINE as the first
call to parse_failure modified the args.

GnuPG-Bug-Id: T3919
2018-04-20 14:30:53 +02:00
Werner Koch
f779362ffb
core: Remove another debug output leftover.
* src/decrypt.c (_gpgme_decrypt_status_handler): Remove log debug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-20 10:32:52 +02:00
Werner Koch
ab43d85b9a
json: Remove the -noinstall flag used during development.
* src/Makefile.am (gpgme-json_LDFLAGS): Remove.
--

Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-19 16:20:27 +02:00
Werner Koch
b52a91f5a6
core: Remove leftover debug output.
* src/verify.c (_gpgme_verify_status_handler): Remove debug output.
--

Actually this is a real bug because it uses a debug function available
only in the new libgpg-error versions.  Time to call Jenkins back from
vacation; there are rumors that he has been seen in the city looking
for a new Ryzen tail coat.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-19 10:34:32 +02:00
Werner Koch
8e34a14fe6
json: Add stpcpy replacement.
* src/gpgme-json.c [!HAVE_STPCPY](_my_stpcpy): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 20:11:50 +02:00
Werner Koch
67b4dafb6d
doc: Update copyright years and change two URLs.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 19:30:50 +02:00
Werner Koch
1ae83de262
doc: Unify comment style in gpgme.h
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 19:28:51 +02:00
Werner Koch
55e9a94680
core: New convenience constant GPGME_KEYLIST_MODE_LOCATE.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_LOCATE): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 17:59:29 +02:00
Werner Koch
e5273fc443
json: Add command "decrypt" to gpgme-json.
* src/gpgme-json.c (make_data_object): Enable auto-detection of
base-64.
(op_encrypt): Support a 'mime' flag.
(op_decrypt): New.
(process_request): Add command "encrypt".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 15:24:42 +02:00
Werner Koch
65479fe7b8
core: Add 'is_mime' flags to the verify and decrypt results.
* src/op-support.c (_gpgme_parse_plaintext): Add arg r_mime.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ser mime flag.
* src/verify.c (_gpgme_verify_status_handler): Ditto.
* src/gpgme.h.in (gpgme_op_verify_result_t): Append fields 'is_mime'
and '_unused'.
(gpgme_op_decrypt_result_t): New field 'is_mime'.  Shrink '_unused'.

* tests/run-decrypt.c (print_result): Print MIME flag.
* tests/run-verify.c (print_result): Ditto.
--

Note that this flag (Liternal Data packet's 'm' mode) is only
specified in RFC-4880bis.  To use it you currently need to add
"rfc4880bis" to the the gpg.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 15:20:35 +02:00
Werner Koch
23177e4410
core: Fix possible compliance mode detection error.
* src/verify.c (_gpgme_verify_status_handler): Insert missing break.
--

Before the insertion of the compliance status checking the break in
the default clause was used by the STATUS_PLAINTEXT code.  That got
lost.  I don't see any actual harm due to different values currently
in use for the compliance status.

Fixes-commit: 05fa2a9c77
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 14:41:50 +02:00
Werner Koch
49a617f8bb
json: Improve help meta command in gpgme-json.
* src/gpgme-json.c (process_meta_commands): Add ",help CMD".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 11:34:16 +02:00
Werner Koch
ed1052842d
json: Add command "getmore" to gpgme-json.
* src/gpgme-json.c (MIN_REPLY_CHUNK_SIZE): New const.
(DEF_REPLY_CHUNK_SIZE): New const.
(MAX_REPLY_CHUNK_SIZE): New const.
(pending_data): New var.
(add_base64_to_object): Chnage to take a plain data pointer.
(get_chunksize): New.
(make_data_object): New.
(op_encrypt): Get chunksize and use make_data_object.
(op_getmore): New.
(process_request): Release pending data for all commands but "getmore"
and "help".
--

Native messaging has a limit on the data it may receive in one
request.  Thus the caller needs to watch for the "more" flag and
request the remaining data using "getmore" in a loop.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 11:12:46 +02:00
Werner Koch
e69b175e8e
json: Add meta command ,read to gpgme-json.
* src/gpgme-json.c: Include stat.h.
(get_file): New.
(process_meta_commands): Implement ",read".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 09:26:33 +02:00
Werner Koch
01435da498
core: Extend decryption result with symkey_algo.
* src/gpgme.h.in (gpgme_op_decrypt_result_t): Add field 'symkey_algo'.
* src/decrypt.c (release_op_data): Free SYMKEY_ALGO.
(gpgme_op_decrypt_result): Make sure SYMKEY_ALGO is not NULL.
(parse_decryption_info): New.
(_gpgme_decrypt_status_handler): Parse DECRYPTION_INFO status.
* src/conversion.c (_gpgme_cipher_algo_name): New.
(_gpgme_cipher_mode_name): New.

* tests/run-decrypt.c (print_result): Print SYMKEY_ALGO

* src/util.h (_gpgme_map_gnupg_error): Remove obsolete prototype.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 13:48:56 +02:00
Werner Koch
3589da0500
core: New keyword --file for OpenPGP recpstring.
* src/engine-gpg.c (append_args_from_recipients_string): Add new
flags.
--

Now you can use gpgme to encrypt without first importing a key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 12:40:30 +02:00
Werner Koch
c143ab692c
core: For OpenPGP let offline mode disable dirmngr.
* src/engine-gpg.c (struct engine_gpg): New flag.offline.
(gpg_set_engine_flags): Set it.  Also fix setting of no_symkey_cache.
(build_argv): Pass --disable-dirmngr in offline mode.
--

GnuPG-bug-id: 3831
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 11:06:27 +02:00
Werner Koch
4bba3b8e2c
core: Allow for --hidden keyword in OpenPGP recpstrings.
* src/engine-gpg.c (append_args_from_recipients_string): Add special
keywords.
--

GnuPG-bug-id: 3775
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 10:04:20 +02:00
Werner Koch
86efba2be2
core: New encryption flag GPGME_ENCRYPT_WANT_ADDRESS.
* src/gpgme.h.in (GPGME_ENCRYPT_WANT_ADDRESS): New flag.
* src/engine-gpg.c (add_arg_recipient): New.
(add_arg_recipient_string): New.
(append_args_from_recipients): Call new helper function.
(append_args_from_recipients_string): Ditto.
* src/gpgme-json.c (op_encrypt): Add flag "want-address".
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 09:40:27 +02:00
Werner Koch
a1f76b3b54
core: Add extended versions of the encrypt functions.
* src/gpgme.h.in (gpgme_op_encrypt_ext_start) New.
(gpgme_op_encrypt_ext): New.
(gpgme_op_encrypt_sign_ext_start): New.
(gpgme_op_encrypt_sign_ext): New.
* src/libgpgme.vers, tests/run-encrypt.c: Add them.

* src/encrypt.c (encrypt_start): Add arg recpstring.
(gpgme_op_encrypt): Factor code out to ...
(gpgme_op_encrypt_ext): new function with new arg recpstring.
(gpgme_op_encrypt_start): Factor code out to ...
(gpgme_op_encrypt_ext_start): new function with new arg recpstring.
* src/encrypt-sign.c (encrypt_sign_start): Add arg recpstring.
(gpgme_op_encrypt_sign): Factor code out to ...
(gpgme_op_encrypt_sign_ext): new function with new arg recpstring.
(gpgme_op_encrypt_sign_start): Factor code out to ...
(gpgme_op_encrypt_sign_ext_start): new function with new arg
recpstring.

* src/engine-backend.h (struct engine_ops): Change fields encrypt and
encrypt_sign.
* src/engine.c (_gpgme_engine_op_encrypt): Add arg recpstring and pass
to engine.
(_gpgme_engine_op_encrypt_sign): Ditto.
* src/engine-gpg.c (append_args_from_recipients_string): New.
(gpg_encrypt): Add arg recpstring and call new function as needed.
(gpg_encrypt_sign): Ditto.
* src/engine-gpgsm.c (set_recipients_from_string): New.
(gpgsm_encrypt): Add arg recpstring and call new function as needed.
* src/engine-uiserver.c (set_recipients_from_string): New.
(uiserver_encrypt): Add arg recpstring and call new function as
needed.

* tests/run-encrypt.c (xstrdup): New.
(main): Add option --keystring.

* src/gpgme-json.c (get_keys): Simplify.
(op_encrypt): Modify to make use of the extended encrypt function.

--

This new feature can be used to avoid the need for a key lookup and
thus several extra calls to the backend.

Note that run-test uses a semicolon as delimiter because that make
testing the feature on the command line much easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 08:45:00 +02:00
Werner Koch
b99502274a
core: Tweak STATUS_FAILURE handling.
* src/op-support.c (_gpgme_parse_failure): Ignore failures with
location "gpg-exit".
* tests/gpg/t-verify.c (main): Adjust for the now working checking of
the second key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 20:36:30 +02:00
Werner Koch
478d1650bb
core: For a failed verification return the sig's fingerprint.
* src/verify.c (parse_new_sig): Parse the new ERRSIG fpr.
--

This works only when the signatures features an ISSUER_FPR sub-packet
and with GnuPG >= 2.2.7.  If that is not the case the keyid is kept in
the FPR field.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 20:26:00 +02:00
Werner Koch
f7700a0169
core: Add new context flag "no-symkey-cache".
* src/gpgme.c (gpgme_set_ctx_flag): Set flag.
(gpgme_get_ctx_flag): Get flag.
* src/context.h (struct gpgme_context): Add field no_symkey_cache.
* src/engine-gpg.c (struct engine_gpg): Ditto.
(gpg_set_engine_flags): Set flag.
(build_argv): Pass option --no-symkey-cache to gpg.

* tests/run-decrypt.c (print_result): Fix segv for symmetric messages.
(main): New option --no-symkey-cache.
* tests/run-encrypt.c (main): New option --no-symkey-cache.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 09:17:27 +02:00
Werner Koch
60d7a1e8f6
json: Build only a dummy if libgpg-error is < 1.28
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-29 15:06:54 +02:00
Werner Koch
3345a17dda
json: Remove the "message" object thingy again.
* src/gpgme-json.c (process_request): Remove 'nm_mode'.
--

This was an error in the javascript testing code.  Thus the Mozilla
specs are correct that the request is send verbatim.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-28 21:21:18 +02:00
Werner Koch
4b2fa657d1
json: Make native messaging work.
* src/gpgme-json.c (opt_debug): New.
(process_request): Add optional arg nm_mode.  In this mode take the
request from a "message" object.
(native_messaging_repl): Add debug output and call process_request
in NM_MODE.
(main): Add option --debug.  Parse envvar GPGME_JSON_DEBUG as an
alternative way to enable this.  Use a default log file.
--

Note that the default log file is ~/.gnupg/S.gpgme-json.log .
Thus to debug a javascript application you should start

  watchgnupg --time-only --force ~/.gnupg/S.gpgme-json.log

in a separate tty and then use

 GPGME_JSON_DEBUG=1 firefox &

to run firefox.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-28 20:53:21 +02:00
Andre Heinecke
7c220e387d
core: Initialize key return value in gpgme_get_key
* src/keylist.c (gpgme_get_key): Set r_key to NULL.

--
The c++ bindings and others assumed that r_key is set to NULL
on error. This is the behavior gpgme_op_keylist_next also
has. Even if it is not specified what happens to r_key on
error setting it to NULL should not hurt and is more
expected behavior.

This directly fixes an uninitialized memory access error
in the c++ bindings / Kleopatra:
GnuPG-Bug-Id: T3865

And will fix some additional random crashes in Kleopatra and GpgOL.
2018-03-27 11:24:55 +02:00
Werner Koch
4763974ef6
core: Need to increase an array in the gpg engine.
* src/engine-gpg.c (build_argv): Allcate one slot more for ARGV.
--

Fixes-commit: b9000bc293
2018-03-23 15:46:18 +01:00
Werner Koch
e5abf4827a
json: Use a request origin of "browser".
* src/gpgme-json.c (_create_new_context): Set flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 15:32:06 +01:00
Werner Koch
b9000bc293
core: New gpgme_set_ctx_flag "request-origin".
* src/context.h (gpgme_context): Add 'request_origin'.
* src/gpgme.c (gpgme_release): Free that field.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "request-origin".
* src/engine-backend.h (engine_ops): Add 'set_engine_ops' func ptr and
adjust all users.
* src/engine.c (_gpgme_engine_set_engine_flags): New.
* src/op-support.c (_gpgme_op_reset): Call that func.
* src/engine-gpg.c (struct engine_gpg): Add 'request_origin'.
(gpg_set_engine_flags): New.
(_gpgme_engine_ops_gpg): Hook it.
(build_argv): Use command line option --request-origin.
* src/engine-gpgsm.c (struct engine_gpgsm): Add 'request_origin'.
(gpgsm_set_engine_flags): New.
(_gpgme_engine_ops_gpgsm): Hook it.
(start): Send OPTION "request-origin".
* src/engine-assuan.c (struct engine_llass): Add 'request_origin'.
(gpgsm_set_engine_flags): New.
(_gpgme_engine_ops_assuan): Hook it.
(start): Send OPTION "pretend-request-origin".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 15:27:32 +01:00
Werner Koch
eee68c1b13
build: Allow building with released libgpg-error.
* src/gpgme-json.c (add_base64_to_object): Return an error if building
with an older libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 12:36:19 +01:00
Werner Koch
c7bb12da52
Merge branch 'json-tool' 2018-03-23 11:31:20 +01:00
Werner Koch
d83482a1d7
json: Finish op:encrypt.
* src/gpgme-json.c (add_base64_to_object): New.
(data_from_base64_string): New.
(op_encrypt): Employ them.
(process_request): Print unformated json.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 11:27:59 +01:00
Werner Koch
6525d78d0a
json: Add a new function to cJSON.
* src/cJSON.c (cJSON_CreateStringConvey): New.
2018-03-23 11:26:36 +01:00
Ben McGinnes
76055dd5c7 Merge branch 'ben/docs/2018-03' of ssh+git://playfair.gnupg.org/git/gpgme into ben/docs/2018-03 2018-03-22 06:33:16 +11:00
Werner Koch
e14f1f687f
json: Use gpgrt_argparse instead of argsparse.c
* src/gpgme-json.c: Remove header argparse.h.  Define
GPGRT_ENABLE_ARGPARSE_MACROS.
(interactive_repl): Replace strusage by gpgrt_strusage.
(my_strusage): Add SPDX level.
(main): Switch to gpgrt_argparse stuff but keep very limited
functionality when building with an older libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-21 19:26:03 +01:00
Werner Koch
6073789a6d
json: Implement op:encrypt
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-20 11:14:26 +01:00
Werner Koch
44f9e80ea9
Merge branch 'master' into json-tool 2018-03-20 11:13:14 +01:00
Werner Koch
343d3e2232
core: Do not clobber R_KEY in gpgme_get_key on error.
* src/keylist.c (gpgme_get_key): Assign a value to the return
parameter only on success.
--

This problem could be triggered by an ambiguous key.  The problem is
that the key returned in that case is for one not expected and worse
it has not been ref-ed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-20 10:41:18 +01:00
Werner Koch
9e1e655483
core: Fix ABI regression in recent commit.
* src/gpgme.h.in (_gpgme_op_import_result): Move new field
'skipped_v3_keys' to the end.
--

The ABI break has not made it into a release.

Also document the new field.

Fixes-commit: a630a1e3e7
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-20 10:38:36 +01:00
Werner Koch
d2b31d8c10
json: Add framework for the gpgme-json tool
* src/gpgme-json.c: New.
* src/Makefile.am (bin_PROGRAMS): Add gpgme-json.
(gpgme_json_SOURCES, gpgme_json_LDADD): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-16 13:55:48 +01:00
Werner Koch
81c90d0cd0
core: Adjust cJSON code for use in GPGME.
* src/cJSON.c: Remove util.h.  Use gpgrt alloc functions.
(cJSON_Delete): Do not clobber ERRNO.
(cJSON_AddItemToObject): Return OBJECT or NULL.
(cJSON_AddNullToObject): New.
(cJSON_AddTrueToObject): New.
(cJSON_AddFalseToObject): New.
(cJSON_AddBoolToObject): New.
(cJSON_AddNumberToObject): New.
(cJSON_AddStringToObject): New.
* src/cJSON.h (cJSON__h): Replace macro by cJSON_h for C compliance.
(cJSON_AddNullToObject): Remove macro.
(cJSON_AddTrueToObject): Remove macro.
(cJSON_AddFalseToObject): Remove macro.
(cJSON_AddBoolToObject): Remove macro.
(cJSON_AddNumberToObject): Remove macro.
(cJSON_AddStringToObject): Remove macro.
--

The gpgrt malloc functions are used so that we can easily mix memory
returned by gpgrt (e.g. es_read_line) with memory returned from the
JSON function.  In general that is not needed but on Windows it makes
a difference if the gpgme DLL is linked to a different C runtime
than the application.

The macros have been replaced to allow error checking (i.e out of
core) for these functions.  More error checking should be implemented
instead of silently creating objects which are not as requested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-16 13:36:04 +01:00
Andre Heinecke
a630a1e3e7
core: Parse skipped_v3_keys
* src/gpgme.h.in (gpgme_import_result_t): Extend with skipped_v3_keys.
* src/import.c (gpgme_op_import_result): Extend debug with new field.
(parse_import_res): Parse skipped_v3_keys.
* tests/gpg/t-support.h, tests/run-support.h (print_import_result):
Print skipped_v3_keys.

--
This makes it possible to handle this in a GUI in a future
version.

GnuPG-Bug-Id: T3776
2018-03-15 16:23:18 +01:00
Werner Koch
8eb08b3189
core: Import cJSON code from the payproc project.
* src/cJSON.c: New.
* src/cJSON.h: New.
* src/cJSON.readme: New.
--

This is a copy of the code from the payproc commit
af5d6b4f820ee19e246a2cab6f56465fe91f1233.  The code was originally
added to payproc with the commit below.

Signed-off-by: Werner Koch <wk@gnupg.org>

===============================================
commit 7ae7ef29bc5ec19e005e6a5a739233d655f3f05f
Author:     Werner Koch <wk@gnupg.org>
AuthorDate: Wed Apr 2 09:01:42 2014 +0200
Commit:     Werner Koch <wk@gnupg.org>
CommitDate: Wed Apr 2 09:12:02 2014 +0200

Simplify cJSON and add new macros.

* src/cJSON.h: Re-indented.
(cjson_t): New.
(cjson_is_): New macros.
* src/cJSON.c: Re-indented.  Include errno.h and our util.h.
(ep): Remove global var.
(cJSON_GetErrorPtr): Remove.
(cJSON_strcasecmp): Cast args for use with tolower.
(cJSON_malloc, cJSON_free): Remove.  Change callers to use xtrymalloc
and xfree.
(cJSON_InitHooks): Remove.
(cJSON_strdup): Remove.  Change callers to use xtrystrdup.
(cJSON_New_Item): Simplify.
(cJSON_ParseWithOpts, cJSON_Parse): Add arg R_ERROFF.
(parse_string, parse_value, parse_array, parse_object): Add arg EP.
--

cJSON has been taken from cjson-code-58.zip.  The README file has been
renamed to cJSON.readme and the files have been changed to GNU coding
standards.  Because that parser is small enough to be source copied it
does not make sense to treat it as a library and I changed the memory
allocation functions to the usual xmalloc ones. The only external
dependency now is out util.h which declares those functions.

The lowercase cjson_t better fits into our coding style as well as the
new macros.  Thanks to Dave Gamble for this nice parser.
===============================================
2018-03-14 11:10:12 +01:00
Ben McGinnes
f61d4f585f IDENTIFY
* Fixed sp error in docstring.
2018-03-05 09:40:41 +11:00
NIIBE Yutaka
59fe3f26c1 core: Support non-thread-safe getenv.
* src/get-env.c (_gpgme_getenv): Use gpgrt_lock_lock
and gpgrt_lock_unlock to protect call of getnev.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-02-27 18:43:40 +09:00
Andre Heinecke
201db83a7f
core, w32: Enable spawning GUI applications
* src/engine-spawn.c (engspawn_start): Translate spawn flag
to IOSPAWN flag.
* src/gpgme-w32spawn.c (my_spawn): Handle the new flag.
* src/gpgme.h.in (GPGME_SPAWN_SHOW_WINDOW): New.
* src/priv-io.h (IOSPAWN_FLAG_SHOW_WINDOW): New.

--
Used by GpgOL
2018-02-09 16:11:32 +01:00
Andre Heinecke
f10605ffb5
core, w32: Fix flags passing to gpgme-w32-spawn
* src/w32-io.c (_gpgme_io_spawn): Don't hardcode flags value.

--
IOSPAWN_FLAG_ALLOW_SET_FG is 2 and was translated to 1.

This might fix the pinentry foreground handling pass through.
2018-02-09 16:11:03 +01:00
NIIBE Yutaka
bbb5e70e7e Fix compile error message.
* src/get-env.c (_gpgme_getenv): Fix error message.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-29 19:38:49 +09:00
NIIBE Yutaka
37d62e9d0f core: Implement _gpgme_getenv for NetBSD.
* src/get-env.c [HAVE_GETENV_R] (_gpgme_getenv): New.

--

GnuPG-bug-id: 3056
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-29 11:45:33 +09:00
Werner Koch
d4d04d6c04
Require libgpg-error 1.24 and libassuan 2.4.2
* src/util.h (GPG_ERR_FALSE): Remove due to newer libgpg-error.
--

We require these over one year old versions to better allign with
GnuPG's demand.  Note that the required libassuan is acgtually 2 years
old.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 12:12:47 +01:00
Werner Koch
0a567a94d9
core,w32: Fix popping up of console windows due to gpgconf.
* src/gpgme-w32spawn.c (my_spawn): Create w/o DETACHED_PROCESS.
--

The spawn helper is actually called with DETACHED_PROCESS and should
not need to do a DETACHED_PROCESS of its own.  Interestingly this
patch removes the popups.

See Andre's report
GnuPG-bug-id: 3515

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-11 13:54:40 +01:00
Andre Heinecke
7b5182f288
Spelling fixes for comments and doc
--
Patch provided by ka7 in dev.gnupg.org

Differential D423
2017-12-08 05:59:11 +01:00
Werner Koch
0c1244a2b7
core: Also check for a failed selftest in gpgm_data_new.
* src/data.c (_gpgme_data_new): Check for failed selftest.
* tests/run-support.h (make_filename): Print a message on mallooc
failure.
(init_gpgme_basic): New.
* tests/run-identify.c (main): Call init_gpgme_basic becuase we do not
need to setup a protocol.
* tests/t-data.c: Define PGM and include run-support.h.
(make_filename): Remove.
(main): Call init_gpgme_basic.
--

Note: This patch may break applications which used gpgme_data but no
gpgme_new without having called the required gpgme_check_version.

GPGME can be used without a protocol for example to work with the data
object abstraction.  Thus a call to gpgme_data_new also needs to check
the result of the core selftests - including on whether
gpgme_check_version has been called.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-04 12:08:31 +01:00
Andre Heinecke
651b3d8207
Fix uid parsing for ldap keyserver
* src/engine-gpg.c (gpg_keylist_preprocess): Check field count
for uid and add fallback.

--
This fixes accessing unintialized memory and resulting
crashes in gpgrt_asprintf.

GnuPG-Bug-Id: T3550
2017-12-01 09:52:16 +01:00
Daniel Kahn Gillmor
00daac1553
core: use getdents64 syscall on linux instead of getdents.
* src/posix-io.c (get_max_fds): use getdents64 instead of getdents.
--

getdents64 was introduced in linux 2.4, so it should be widely
available.  some Linux architectures which post-date 2.4 (e.g. arm64)
appear to not have getdents at all, so it's probably better to use the
more modern interface.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-10-12 09:00:09 +02:00
Werner Koch
4632adf403
core: Allow disabling the use of SYS_getdents for Linux.
* configure.ac (USE_LINUX_GETDENTS): New ac_define.  Add option
--disable-linux-getdents.
* src/posix-io.c: Make use of USE_LINUX_GETDENTS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-04 18:03:54 +02:00
Colin Watson
b5b996b1a1
core: Restore get_max_fds optimization on Linux
* src/posix-io.c (get_max_fds): Restore Linux optimization, this time
using open/getdents/close rather than opendir/readdir/closedir.
--

opendir/readdir/closedir may allocate/free memory, and aren't required
to do so in an async-signal-safe way.  On the other hand, opening
/proc/self/fd directly and iterating over it using getdents is safe.

(getdents is not strictly speaking documented to be async-signal-safe
because it's not in POSIX.  However, the Linux implementation is
essentially just a souped-up read.  Python >= 3.2.3 makes the same
assumption.)

Signed-off-by: Colin Watson <cjwatson@debian.org>
2017-10-04 17:26:39 +02:00
Werner Koch
47f61df070
core: New context flag "auto-key-retrieve"
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag
"auto-key-retrieve".
* src/context.h (gpgme_context): New field auto_key_retrieve.
* src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve
to field 'decrypt'.
* src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass
option --auto-key-retrieve to gpg.  Adjust all callers.
(gpg_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve.
* src/engine-uiserver.c (uiserver_decrypt): Ditto.
* tests/run-verify.c (main): Add option --auto-key-retrieve.
--

This makes the --auto-key-retrieve option available in the GPGME API.

Test plan:
Run

  GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE

with and without its new option --auto-key-retrieve and check in the
trace stored in "out" whether --auto-key-retrieve was passed to gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 17:17:11 +02:00
Werner Koch
6745eb69e2
Set next version to 1.10.0
--
2017-08-24 16:20:51 +02:00
Werner Koch
9bde9144f0
core: New public enum gpgme_keyorg_t.
* src/gpgme.h.in (gpgme_keyorg_t): New.
* src/keylist.c (parse_keyorg): New.
(keylist_colon_handler): Set key->ORIGIN.
--

This finally set the key origin value form data supplied by recent gpg
versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 16:20:51 +02:00
Marcus Brinkmann
91e47d7165 gpgconf: Add more comments.
* src/engine-gpgconf.c (gpgconf_config_dir_cb, gpgconf_conf_dir):
Add comments.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3018
2017-08-24 15:51:41 +02:00
Marcus Brinkmann
bfb3a01a0c Fix a couple of bugs pointed out by clang compiler warnings.
* src/engine-gpgconf.c (gpgconf_config_dir_cb): Fix cast.
* src/key.c (_gpgme_key_add_sig): Fix pointer reference.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
2017-08-23 15:38:11 +02:00
Marcus Brinkmann
3244d4daff gpgconf: Fix some warnings.
* tests/gpg/t-gpgconf.c (main): Fix warnings.
* src/engine-gpgconf.c (struct gpgconf_config_dir_s): New struct.
(gpgconf_config_dir_cb, gpgconf_conf_dir) Use it to fix warning.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
2017-08-16 01:50:00 +02:00
Marcus Brinkmann
97a1abe72e gpgconf: Fix symbol export.
* gpgme.def: Fix last change.
(gpgme_op_conf_save): Replace duplicate from c&p ...
(gpgme_op_conf_dir): ... with this.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
Fixes-commit: 9cd2b58dfb
2017-08-16 00:59:35 +02:00
Marcus Brinkmann
9f24e6c901 gpgconf: Add access to --list-dirs for non-default engine.
* src/engine-assuan.c (_gpgme_engine_ops_assuan): Add conf_dir.
* src/engine-g13.c (_gpgme_engine_ops_g13): Likewise.
* src/engine-gpg.c (_gpgme_engine_ops_gpg): Likewise.
* src/engine-gpgsm.c (_gpgme_engine_ops_gpgsm): Likewise.
* src/engine-spawn.c (_gpgme_engine_ops_spawn): Likewise.
* src/engine-uiserver.c (_gpgme_engine_ops_uiserver): Likewise.
* src/engine-backend.h (struct engine_ops): Likewise.
* src/engine-gpgconf.c (gpgconf_config_dir_cb, gpgconf_conf_dir):
New functions.
(struct engine_ops): Add gpgconf_conf_dir.
* src/engine.c (_gpgme_engine_op_conf_dir): New function.
* src/engine.h (_gpgme_engine_op_conf_dir): New prototype.
* src/gpgconf.c (gpgme_op_conf_dir): New function.
* src/gpgme.def (gpgme_op_conf_save): New symbol.
* src/gpgme.h.in (gpgme_op_conf_dir): New prototype.
* src/libgpgme.vers (gpgme_op_conf_dir): New symbol.
* tests/gpg/t-gpgconf.c (main): Test gpgme_op_conf_dir.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3018
2017-08-15 19:52:29 +02:00
Marcus Brinkmann
a0cc6e01a8 g10: Add new delete operations that allow more flags.
* NEWS: Document new interfaces.
* doc/gpgme.texi: Document new interfaces.
* src/gpgme.h.in (GPGME_DELETE_ALLOW_SECRET, GPGME_DELETE_FORCE,
gpgme_op_delete_ext_start, gpgme_op_delete_ext): New.
* src/delete.c (delete_start): Change allow_secret argument to flags.
(gpgme_op_delete_ext, gpgme_op_delete_ext_start): New functions.
* src/engine-backend.h (delete): Change allow_secret argument to flags.
* src/engine.c (_gpgme_engine_op_delete): Likewise.
* src/engine.h (_gpgme_engine_op_delete): Likewise (for prototype).
* src/engine-gpgsm.c (gpgsm_delete): Likewise.
* src/engine-gpg.c (gpg_delete): Likewise.  Implement GPGME_DELETE_FORCE.
* src/gpgme.def (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New.
* src/libgpgme.vers (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2916
2017-08-11 19:13:44 +02:00
Marcus Brinkmann
dfb3ca8568 doc: Clarify import keys operation.
* doc/gpgme.texi (gpgme_op_import_start): Fix grammar.
(gpgme_op_import_keys): Clarify some wording and fix result.
* src/import.c (gpgme_op_import_keys): Clarify comment.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3215
2017-08-10 16:50:11 +02:00
Andre Heinecke
d3796e4504
core: Fix status parsing for decrypt + verify
* src/decrypt.c (parse_status_error): Don't modify args.

--
Otherwise chained status handlers will not see the full args
which resulted in a parse error in the verify status handler.

GnuPG-Bug-Id: T3310
2017-07-27 14:23:25 +02:00
Werner Koch
ad0c5ab4cd
core: Return NO_SECKEY error code on decryption
* src/decrypt.c (op_data_t): Add flag any_no_seckey.
(_gpgme_decrypt_status_handler): Consult that flag.
(_gpgme_decrypt_status_handler): Set that flag.
--

The NO_SECKEY is emitted instead of an "S ERROR pkdecrypt_failed" if
gpg knowns that a key has been encrypted to that key (cf. "S ENC_TO").
it is not fool proffof but in the majority of cases we can provide a
better error message than just DECRYPTION_FAILED.

GnuPG-bug-id: 3270
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-12 18:30:49 +02:00
Werner Koch
d37bc7e025
core: Return CANCELED and BAD_PASSPHRASE error code on decryption.
* src/decrypt.c (op_data_t): Add field pkdecrypt_failed.
(_gpgme_decrypt_status_handler): Consult new field.
(parse_status_error): Handle some error codes.
--

The idea is to return only a limited set of error codes because a user
won't be able to understand the more esoteric codes.

GnuPG-bug-id: 3270
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-12 17:55:43 +02:00
Werner Koch
87703dbb86
core: Simplify parsing of STATUS_ERROR in decrypt.c
* src/decrypt.c (_gpgme_decrypt_status_handler): Factor some code out
to ...
(parse_status_error): new.  Modernize parsing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-12 15:59:12 +02:00
Justus Winter
05fa2a9c77
Add flag 'is_de_vs' to decryption results and signatures.
* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro.  This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information can the be presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 14:16:11 +02:00
Justus Winter
92574406fb
core: Sort the status table.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-30 14:38:29 +02:00
Andre Heinecke
df4eb611e3
core: Don't split gpgconf strings on comma
* src/engine-gpgconf.c (gpgconf_parse_option): Don't split
strings on comma.

--
This only affects values where the main type is string. Values
with the alt_type string but another main type are still split
to keep lists (e.g. groups) working.
2017-05-03 10:14:05 +02:00
Pietro Cerutti
50565982cd
FreeBSD's closefrom(2) does not return errors 2017-04-03 12:25:57 +02:00
Werner Koch
aa0390ec3b
Release 1.9.0
* configure.ac <c>: Bump LT version to C29/A18/R0.
<cpp>: Bump LT version to C10/A4/R0.
<qt>: Bump LT version to C9/A2/R0.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-28 16:21:37 +02:00
Werner Koch
813ae5fa2d
core: Prepare for new key listing data send by gpg.
* src/gpgme.h.in (gpgme_user_id_t): New fields 'origin' and
'last_update'.
(gpgme_key_t): New fields 'origin' and 'last_update'.
* src/conversion.c (_gpgme_parse_timestamp_ul): New.
* src/keylist.c (keylist_colon_handler): Parse fields 19 and 20.

* tests/run-keylist.c (main): Print new fields.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-28 11:41:30 +02:00
Werner Koch
6ac1f2cded
core: New flags GPGME_DECRYPT_UNWRAP and GPGME_ENCRYPT_WRAP.
* src/gpgme.h.in (GPGME_ENCRYPT_WRAP): New const.
(gpgme_decrypt_flags_t): New enum.
(GPGME_DECRYPT_VERIFY): New const
(GPGME_DECRYPT_UNWRAP): New const
(gpgme_op_decrypt_ext_start): New func.
(gpgme_op_decrypt_ext): New func.
* src/decrypt-verify.c (gpgme_op_decrypt_ext_start): New.
(gpgme_op_decrypt_ext): New.
(decrypt_verify_start): Add arg FLAGS.  Replace call to
engine_op_decrypt_verify by the plain decrypt with the flag set.
(gpgme_op_decrypt_verify_start): Pass the flag.
(gpgme_op_decrypt_verify): Pass the flag.
* src/decrypt.c (decrypt_start): Rename to ...
(_gpgme_decrypt_start): this.  Add arg FLAGS.  Pass FLAGS to
engine_op_decrypt.
(gpgme_op_decrypt_start): Adjust for chnage pass 0 for FLAG.
(gpgme_op_decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt_verify): Remove.
(_gpgme_engine_op_decrypt): Add arg FLAGS.
* src/gpgme.def, src/libgpgme.vers: Add new functions.
* src/engine-backend.h (struct engine_ops): Remove member
'decrypt_verify'.  Add FLAGS to 'decrypt'.  Adjust all initialization.
* src/engine-uiserver.c (uiserver_decrypt): Remove.
(uiserver_decrypt_verify): Remove.
(_uiserver_decrypt): Rename to ...
(uiserver_decrypt): this.  Replace arg VERIFY by new arg FLAGS.
* src/engine-gpg.c (gpg_decrypt): Support GPGME_DECRYPT_UNWRAP.
(gpg_encrypt): Support GPGME_ENCRYPT_WRAP.

* tests/run-decrypt.c (main): New option --unwrap.
* tests/run-encrypt.c (main): New option --wrap.
--

Manual testing of that wrap/unwrap feature can be done this way:

 ./run-encrypt --verbose --key Alice /etc/motd > x
 ./run-decrypt --verbose --unwrap x > y
 ./run-encrypt --verbose --key Bob --wrap y > z

1. The message was first encrypted to Alice.
2. Alice decrypts the message receiving a valid OpenPGP message.
3. Alice encrypt that message to Bob

This will also work with encrypted and signed messages; the signature
will be kept intact during re-encryption.  Requires GnuPG 2.1.12.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-24 15:17:23 +01:00
Werner Koch
421ddd1e67
core: New API gpgme_op_set_uid_flag.
* src/gpgme.h.in (gpgme_op_set_uid_flag_start): New.
(gpgme_op_set_uid_flag_start): New.
* src/gpgme.def, src/libgpgme.vers: Add them.
* src/genkey.c (addrevuid_start): Change arg revoke to a flag.
(gpgme_op_revuid_start): Pass GENKEY_EXTRAFLAG_REVOKE for the fomer
revoke parameter.
(gpgme_op_revuid): Ditto.
(set_uid_flag): New.
(gpgme_op_set_uid_flag_start): New.
(gpgme_op_set_uid_flag): New.
* src/engine.h (GENKEY_EXTRAFLAG_SETPRIMARY): new.
* src/engine-gpg.c (gpg_adduid): Implement that flag.

* tests/run-genkey.c (main): New command --set-primary.
--

GnuPG-bug-id: 2931
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 19:03:58 +01:00
Werner Koch
55ac5eed9f
core: Extend gpgme_get_dirinfo to return the gpg-wks-client name.
* src/dirinfo.c (WANT_GPG_WKS_CLIENT_NAME): New const.
(struct dirinfo): New field 'gpg_wks_client_name'.
(get_gpgconf_item): Build it on demand.
(gpgme_get_dirinfo): New value "gpg-wks-client-name" for WHAT.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 11:16:16 +01:00
Werner Koch
fab8b1a166
core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.
* src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag.
* src/engine-gpg.c (gpg_encrypt): Implement flag
(gpg_encrypt_sign): Implement flag.

* tests/run-encrypt.c (main): New option --throw-keyids.
--

It would be nice to also selectively hide recipients (that is gpg
--hidden-recipient) but our API does not ye allow this because it is
based on key objects.  A possible way to implement that would be a API
to set processing flags into a key but this is complicated due to the
reference counting and thus the possibility that a key object is used
by different context.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 10:39:33 +01:00
Andre Heinecke
35023f3136
core: New public API gpgme_op_keylist_from_data_start.
* src/gpgme.h.in: New API gpgme_op_keylist_from_data_start.
* src/libgpgme.vers, src/gpgme.def: Add it.
* src/keylist.c (gpgme_op_keylist_from_data_start): New.
* src/engine-backend.h (engine_ops): Add field 'keylist_data'.  Change
all engines to pass NULL for it.
* src/engine.c (_gpgme_engine_op_keylist_data): New.
* src/engine-gpg.c (gpg_keylist_data): New.
(_gpgme_engine_ops_gpg): Register gpg_keylist_data.

* tests/run-keylist.c (main): New option --from-file.
--

Co-authored-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 2819
2017-03-21 09:50:23 +01:00