* src/w32-io.c(_gpgme_io_spawn): Remove spawnhelper not found
diagnostic.
--
When spawnhelper is not found the error is now catched before
the CreateProcess call so the added diagnostic in bb2d11c
(which was not helpful because the value for spawnhelper
would be NULL in that case) is now no longer needed.
* src/w32-io.c (_gpgme_io_spawn): Show a message box in
case gpgme-w32spawn.exe not found.
--
Otherwise every engine call will just fail with unsupported
protocol. Even in the debug output the problem was not made
clear because CreateProcess will fail with error code 87
(Invalid Parameter) because spawnhelper is NULL. The helpful
error message for ERROR_INVALID_PARAMETER would have been:
"is 'NULL' correctly installed"
As GpgME basically becomes useless on Windows without the
spawnhelper we want to fail very loud in that case.
* src/engine.c (_gpgme_engine_info_release): Do not assert but free
FILE_NAME.
(gpgme_get_engine_info): Provide default for VERSION and REQ_VERSION.
Use calloc instead of malloc.
(_gpgme_set_engine_info): Ditto.
* src/engine-assuan.c (llass_get_version): Return NULL.
(llass_get_req_version): Ditto.
* src/engine-spawn.c (engspawn_get_version): Ditto.
(engspawn_get_req_version): Ditto.
* src/engine-uiserver.c (uiserver_get_version): Ditto.
(uiserver_get_req_version): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c: Include data.h.
(add_input_size_hint): New.
(gpg_decrypt, gpg_encrypt, gpg_encrypt_sign, gpg_sign)
(gpg_verify): Call new function,
* tests/run-encrypt.c (status_cb): Print to stderr.
(progress_cb): New.o
(main): Add option --progress. Print full-status lines. Provide a
size for the input data.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_encrypt_flags_t): New flag
GPGME_ENCRYPT_SYMMETRIC.
* src/engine-gpg.c (gpg_encrypt): Also add --symmetric if the flag
is given.
* NEWS: Mention new flag.
* tests/run-encrypt.c (show_usage): Extend for --symmetric.
(main): Handle --symmetric.
(main): Set passphrase_cb in loopback mode.
(main): Fix encrypt call if no recipients are given.
* tests/gpg/t-encrypt-mixed.c: New.
* tests/gpg/Makefile.am (c_tests): Add new test.
* doc/gpgme.texi: Document new flag.
Previously, 'gpgme_engine_check_version' failed for these protocols
because the version parser failed to parse the dummy versions.
* src/engine-assuan.c (llass_get_version): Use a version triple that
the parser can understand.
(llass_get_req_version): Likewise.
* src/engine-spawn.c (engspawn_get_version): Likewise.
(engspawn_get_req_version): Likewise.
* src/engine-uiserver.c (uiserver_get_version): Likewise.
(uiserver_get_req_version): Likewise.
Signed-off-by: Justus Winter <justus@g10code.com>
* src/gpgme.h.in (GPGME_DATA_ENCODING_MIME): New.
* src/data.c (gpgme_data_set_encoding): Adjust check.
* src/engine-gpg.c (have_gpg_version): New.
(gpg_encrypt, gpg_encrypt_sign): Pass flag '--mimemode'.
(gpg_sign): Ditto.
* lang/cpp/src/data.h (GpgME): Add MimeEncoding.
* lang/cpp/src/data.cpp (encoding, setEncoding): Support MimeEncoding.
* src/gpgme-tool.c (server_data_encoding): Add flag --mime.
--
This feature allows an application to declare that the encrypted or
signed data is a valid MIME part.
What is missing is a way to return that information to the application
after decryption/verification. This can be done by setting the
encoding of the output data object; however this requires some
internal additions to our processing model.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-util.c (_gpgme_get_gpgconf_path): Fallback to 2.1 installer
registry key.
--
Finding gpgconf is utterly important so we should be as compatible
as possible.
* src/gpgme.h.in: Mention that Address is not always in addr-spec.
--
The old comment made it look like you could always expect the
address to be parsable as a mailbox address.
* src/data-identify.c (basic_detection): Return signature for
signature.
--
This causes identify to return signature for both binary and
ascii armored detached signatures where previously it would
have returned signed for armored signatures and signature for
binary signatures.
GnuPG-Bug-Id: 2314
* src/b64dec.c: New. Taken from gnupg. Prefix function names with
_gpgme_ and change to use standard C malloc functions.
* src/util.h.h (struct b64state): New.
* src/Makefile.am (main_sources): Add file.
--
The file b64dec.c has been taken from gnupg commit
e430ff6ad0b7dcfcebd92b825dd5168205447ff3
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (GPGME_DATA_TYPE_PGP_ENCRYPTED): New.
(GPGME_DATA_TYPE_PGP_SIGNATURE): New.
* src/data-identify.c: Add enum for OpenPGP packet types.
(buf32_to_ulong): New.
(next_openpgp_packet): New. Based on the gnupg/kbx/keybox-openpgp.c
implementation and relicensed to LGPL by g10 Code.
(pgp_binary_detection): New.
(basic_detection): Call pgp_binary_detection instead of returning
unknown.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (GPGME_STATUS_NOTATION_FLAGS): New.
* src/status-table.c (status_table): Add new status.
* src/verify.c (parse_notation): Handle flags. Also fix NOTATION_DATA
in case gpg would not percent-escape spaces.
(_gpgme_verify_status_handler): Handle flags.
* tests/run-verify.c (print_result): Print notaion data.
--
Note that this does only work with the soon to be released GnuPG
2.1.13.
* src/posix-io.c [__linux__]: Include dirent.h.
(get_max_fds) [__linux__]: Try to figure out the highest used fd.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_data_seek_cb_t, gpgme_data_seek): Clarify that
these functions return the new offset.
(gpgme_data_release_cb_t): Fix name of parameter.
Signed-off-by: Justus Winter <justus@gnupg.org>
* src/gpgme.h.in (gpgme_set_ctx_flag): New prototype.
* src/gpgme.c (gpgme_set_ctx_flag): New.
* src/gpgme.def, src/libgpgme.vers: Add new function.
* src/context.h (struct gpgme_context): Add FULL_STATUS.
* src/decrypt.c (_gpgme_decrypt_status_handler): Do not call the
status callback if FULL_STATUS is set.
* src/genkey.c (genkey_status_handler): Ditto.
* src/passphrase.c (_gpgme_passphrase_status_handler): Ditto.
* src/sign.c (_gpgme_sign_status_handler): Ditto.
* src/engine-backend.h (struct engine_ops): Add SET_STATUS_CB and add
adjust all definitions of that variable.
* src/engine.c (_gpgme_engine_set_status_cb): New.
* src/op-support.c (_gpgme_op_reset): Call this function.
* src/engine-gpg.c (struct engine_gpg): Add fields MON_CB and
MON_CB_VALUE.
(gpg_set_status_cb): New.
(_gpgme_engine_ops_gpg): Register that function.
(read_status): Call the monitor callback.
* src/engine-gpgsm.c (struct engine_gpgsm): Add fields MON_CB and
MON_CB_VALUE.
(_gpgme_engine_ops_gpgsm): Register that function.
(gpgsm_assuan_simple_command): Change first arg to be an engine
context and adjust call callers. Call the monitor callback.
* src/engine-uiserver.c (struct engine_uiserver): Add fields MON_CB
and MON_CB_VALUE.
(_gpgme_engine_ops_uiserver): Register that function.
(uiserver_assuan_simple_command): Change first arg to be an engine
context and adjust call callers. Call the monitor callback.
* tests/run-verify.c (status_cb): New.
(print_result): Print algo names.
(main): Add option --status.
--
This new feature is mainly intended for bug tracking. Having access
to the raw status lines might also be useful for applications, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (verify_start): Do not return GPG_ERR_INV_VALUES when
when SIGNED_TEXT is not given.
--
The original idea behind this restriction probably was that it is
useless to verify a non-detached signatures without also returning the
signed text. However, it is sometimes useful to just check the
signature, for example to see who signed it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/delete.c (delete_status_handler): Remove default case from a
switch so that cc can check the use of all enum values.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (w32-qt): Remove option and Qt checks.
* src/Makefile.am: Remove BUILD_W32_QT handling.
* src/kdpipeiodevice.cpp,
src/kdpipeiodevice.h,
src/kdpipeiodevice.moc,
src/w32-qt-io.cpp: Removed.
--
This code was intended for Kleopatra but Kleopatra is not using
it anymore. QGpgme/dataprovider is a better replacement for this.
* src/posix-io.c [HAVE_STDINT_H]: Include stdint.h.
(get_max_fds): Limit returned value for too high values.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-util.c (mkstemp): Rename to my_mkstemp. Change caller.
--
For some reason the linker seems to use the mkstemp now provided by
mingw instead of our static symbol. Strange.
Reported-by: Andrej Kacian <andrej@kacian.sk>
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/delete.c (delete_status_handler): Return on ERROR status, if the
error location is set to "delete_key.secret" and the code is either
CANCELED or FULLY_CANCELED, which indicates a situation that the user
selected "No" on the confirmation dialog.
* src/passwd.c (passwd_start): set engine passphrase command handler.
--
This allows for inquiring a passphrase when changing a passphrase rather
than requiring a pinentry.
* src/gpgme.c (gpgme_set_global_flag): Add flag "w32-inst-dir";
* src/posix-util.c (_gpgme_set_override_inst_dir): New stub.
* src/w32-util.c (override_inst_dir): New var.
(_gpgme_get_inst_dir): Return this var is set.
(_gpgme_set_override_inst_dir): New.
--
See
https://lists.gnupg.org/pipermail/gnupg-devel/2015-September/030267.html
for background.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/argparse.c, src/argparse.h: New. Taken from current gnupg.
* src/Makefile.am (gpgme_tool_SOURCES): New.
* src/gpgme-tool.c: Remove all argp.h stuff.
(my_strusage): New.
(main): Change to use argparse.
--
As a GnuPG related tool the user should get the same experience in
option parsing as with gpg et al. Thus we use the same parser.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (_GPGME_INLINE): Define using GPGRT_INLINE if
possible. Fix problem with -Wundef by adding an extra "defined()".
(_GPGME_GCC_VERSION): Define using GPGRT_ macro if possible.
* src/engine-assuan.c (llass_new): Don't treat ttyname_r error as
fatal.
* src/engine-g13.c (g13_new): Likewise.
* src/engine-gpg.c (gpg_new): Likewise.
* src/engine-gpgsm.c (gpgsm_new): Likewise.
* src/engine-uiserver.c (uiserver_new): Likewise.
--
Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g.,
when /dev/pts is not accessible under chroot. Since all our uses of
ttyname_r() require that the function works, we can treat the failure as
if isatty() fails.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
* src/gpgme.h.in (GPGME_STATUS_FAILURE): New.
* src/status-table.c (FAILURE): New.
* src/op-support.c (_gpgme_parse_failure): New.
* src/passphrase.c (_gpgme_passphrase_status_handler): Forward FAILURE
status line to the status callback.
* src/decrypt.c (op_data_t): Add field failure_code.
(_gpgme_decrypt_status_handler): Parse that code and act upon it on EOF.
* src/encrypt.c (op_data_t): Add field failure_code.
(_gpgme_encrypt_status_handler): Parse that code and act upon it on EOF.
* src/genkey.c (op_data_t): Add field failure_code.
(genkey_status_handler): Parse that code and act upon it on EOF.
* src/passwd.c (op_data_t): Add field failure_code.
(passwd_status_handler): Parse that code and act upon it on EOF.
* src/sign.c (op_data_t): Add field failure_code.
(_gpgme_sign_status_handler): Parse that code and act upon it on EOF.
* src/verify.c (op_data_t): Add field failure_code.
(_gpgme_verify_status_handler): Parse that code and act upon it on EOF.
--
This requires GnuPG 2.1.8 to actually make a difference.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/passphrase.c (_gpgme_passphrase_status_handler): Call status_cb.
--
Frankly, we should have a more generic way of feeding the status_cb
handler than our current ad-hoc method.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/w32-util.c (find_program_at_standard_place): Remove.
(_gpgme_get_gpg_path): Make the search order more explicit.
(_gpgme_get_gpgconf_path): Ditto.
(_gpgme_get_w32spawn_path): Search only in the inst_dir.
--
This tries to avoid possible unclear bug reports by removing the
fallback to the current gpg4win installation directory for the gpgme
helper. It is expected that users of gpgme installing their own gpgme
version also install the matching helper.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.c (debug_init) [W32]: Show libgpgme installation dir.
--
I expect that gpgme will be distributed by applications and thus it
will be helpful to see in the debug log which gpgme is actually used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/passphrase.c (_gpgme_passphrase_status_handler): Parse
GPGME_STATUS_INQUIRE_MAXLEN.
* src/passphrase.c (_gpgme_passphrase_command_handler): Send the
INQUIRE_MAXLEN status message.
--
Fixes passing this status message along when decrypting symmetric data
from gpg.
* src/gpgme.h.in: (gpgme_status_code_t): Add INQUIRE_MAXLEN.
* src/status-table.c (status_table_s): Ditto.
* src/genkey.c (genkey_status_handler): Parse INQUIRE_MAXLEN.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ditto.
* src/sign.c (_gpgme_sign_status_handler): Ditto.
This status message informs the client of the maximum length of an
inquired line. It is sent from gpg and forwarded to the client via
gpgme_status_cb_t.
* src/gpgme.h.in (gpgme_set_status_cb): New.
(gpgme_get_status_cb): New.
(gpgme_status_cb_t): New.
* src/gpgme.c (gpgme_set_status_cb): New.
(gpgme_get_status_cb): New.
* src/context.h (status_cb): New.
(status_cb_value): New.
* src/gpgme.def: Export new symbols.
* src/libgpgme.vers: Ditto.
* doc/gpgme.texi: Document these new functions.
--
This callback function is used to forward status messages from gpg back
to the client.
* src/genkey.c (genkey_start): set engine passphrase command handler.
--
This allows for inquiring a new passphrase during key generation rather
than requiring a pinentry. Needs a patch to gnupg to make use of
--command-fd with --gen-key.
* doc/gpgme.texi: Document offline mode.
* src/context.h (gpgme_context): Add offline.
* src/engine-backend.h (keylist, keylist_ext): Add engine_flags.
* src/engine.c, src/engine.h (_gpgme_engine_op_keylist): Ditto.
(_gpgme_engine_op_keylist_ext): Ditto.
* src/engine.h (GPGME_ENGINE_FLAG_OFFLINE): New.
* src/engine-gpg.c (gpg_keylist, gpg_keylist_ext): Ditto.
* src/engine-gpgsm.c (gpgsm_keylist): Handle engine_flags.
(gpgsm_keylist_ext): Ditto.
* src/gpgme.c (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.def (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.h.in (gpgme_set_offline, gpgme_get_offline): New.
* src/libgpgme.vers (gpgme_set_offline, gpgme_get_offline): New.
* src/keylist.c (gpgme_op_keylist_start): Set offline flag.
(gpgme_op_keylist_ext_start): Ditto.
* tests/run-keylist.c (show_usage, main): Add offline argument.
--
The offline engine option was introduced with gpgsm 2.1.6
it is mainly useful for a full keylisting that includes
the certificate validation but does not depend on external
information that could take an indefinite amount of time to
collect.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* src/engine-gpgsm.c (gpgsm_assuan_simple_command): Do not terminate
on a status lines.
--
This bug has been with us since the support for gpgsm: If there is no
status line handler but a status line is received anyway the command
handling loop terminates and thus the command/answer order gets out of
sync. In the case of the bug report this is triggered by sending an
option which starts the agent and that starting emits a "PROGRESS"
status line.
The solution is not to stop reading after a status line but record a
possible error code and return that only after OK or ERR.
GnuPG-bug-id: 1795
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.h: Change macros to not have a literal 0 as last
expression of the comma operator.
* src/debug.c (_gpgme_debug_frame_end): Return 0.
(_gpgme_debug): Return 0.
--
Instead of using
foo(), 0
for the trace macros we let foo() return 0 instead.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (calc_sig_summary): Handle GPG_ERR_CERT_REVOKED.
--
parse_new_sig() handles a revoked key by setting sig->status to
GPG_ERR_CERT_REVOKED, but then later calc_sig_summary() expects that
code in sig->validity_reason.
Additional comments added by wk.
* src/engine-gpg.c (gpg_keylist_preprocess): Increment SRC for a
backslash.
--
This bug is not exploitable because this bug fills up .data with
backslashes and thus causes the segv.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/Makefile.am (extra_ltoptions): New.
(libgpgme_la_LDFLAGS): Use it.
(libgpgme_pthread_la_LDFLAGS): Ditto.
(libgpgme_glib_la_LDFLAGS): Ditto.
--
Since gcc 4.8 there is a regression in Mingw64 in that plain C
programs may link to libgcc_s.a which has a dependency on
libgcc_s_sjlj.dll. This is for example triggered by using long long
arithmetic on a 32 bit Windows (e.g symbol __udivdi3).
Note that we don't use this patch for the Qt version which, as C++
programs, actually requires that DLL,
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-spawn.c (add_data): Fix malloc
--
Bummer. Why did I subtracted one from the size? Did I assume a
dynamically allocated structure with a string field which was not
going to be used? Very strange.
Not a real problem though because malloc will anyway round up the
allocation to at least the next word size.
Detected by Stack 0.3.
* src/context.h (OPDATA_EXPORT): New.
* src/export.c (op_data_t): New.
(release_op_data): New.
(parse_error): New.
(export_status_handler): New.
(export_start, export_ext_start): Prepare op_data.
(gpgme_op_export_ext, gpgme_op_export_keys): Return an error from the
status handler.
--
To support an error return also for the async functions we need to
extend the API. Until we have done that this new features helps at
least in some cases; in particular for --send-keys.
* src/sign.c (gpgme_op_sign_result): Reformat and take care of failed
malloc.
--
Although _gpgme_debug_trace() is current always true, the code should
be run always and not just in trace mode. Also added error checking
to malloc and strdup. And while at replace some while by for loop for
easier readability.
* src/sign.c (gpgme_op_sign_result): Test that invalid and valid
signatures add up to gpgme_signers_count().
--
When invalid and valid signatures do not equal gpgme_signers_count() it
means that there was a bad passphrase during signing after the first
signer. This leaves the result.signatures from previous signers intact
which isn't correct since gpg will report:
gpg: number of one-pass packets does not match number of signature
packets
gpg: can't handle this ambiguous signature data
during verify. So when this happens append the valid signatures to the
.invalid_signers list with .reason set to GPG_ERR_GENERAL.
--
The --no-sk-comments flag is (or should be) a no-op in modern versions
of gnupg, but gpgme should still use its full form rather than the
(slightly) abbreviated --no-sk-comment
* src/engine-gpgsm.c (status_handler):
* src/engine-uiserver.c (status_handler):
--
After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded. Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order. This is not easy exploitable because libassuan constructs the
line. However a crash has been reported and thus it might be possible
to constructs an exploit.
CVE-id: CVE-2014-3564
Reported-by: Tomáš Trnka
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_SECRET): New.
* src/engine-gpg.c (gpg_keylist_build_options): Handle new mode.
* src/engine-gpgsm.c (gpgsm_keylist, gpgsm_keylist_ext): Ditto.
* src/keylist.c (parse_sec_field15): Add arg key and take care of
--with-secret output.
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Add
"with_secret". Print card info and and secret flag for subkeys.
--
Note: This mode may only be used with GnuPG >= 2.1.
* src/gpgme.h.in (struct _gpgme_subkey): Add field CURVE.
* src/key.c (gpgme_key_unref): Free CURVE.
* src/keylist.c (keylist_colon_handler): Set CURVE.
* src/gpgme.c (gpgme_release): For failsafe reasons reset engine and
engine info after freeing.
--
The engine hack is useful in case the other release functions
accidently call engine release.
* src/engine-spawn.c (engspawn_start): Allocate space for list
terminator.
* src/posix-util.c (walk_path): Fix trailing slash detection.
--
Kudos to Valgrind for pointing out these two problems.
The first is a plain allocation bug in a code pattern I have written
thousands of times - this time it went wrong. The allocation is not
user controlled thus not directly exploitable.
The second is missed to do what it intended to do. Found due to the
access of malloced but not initialized memory. Not using calloc
again proved to be helpful to detect logical error.
