Commit Graph

1825 Commits

Author SHA1 Message Date
Werner Koch
06d6fd8ca0
w32: Expect gpgme-w32spawn.exe only in the gpgme installation dir.
* src/w32-util.c (find_program_at_standard_place): Remove.
(_gpgme_get_gpg_path): Make the search order more explicit.
(_gpgme_get_gpgconf_path): Ditto.
(_gpgme_get_w32spawn_path): Search only in the inst_dir.
--

This tries to avoid possible unclear bug reports by removing the
fallback to the current gpg4win installation directory for the gpgme
helper.  It is expected that users of gpgme installing their own gpgme
version also install the matching helper.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-24 16:34:29 +02:00
Werner Koch
df098d6a43
w32: Print the installation directory in debug mode.
* src/debug.c (debug_init) [W32]: Show libgpgme installation dir.
--

I expect that gpgme will be distributed by applications and thus it
will be helpful to see in the debug log which gpgme is actually used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-24 15:03:20 +02:00
Werner Koch
2b632bbb78
Add an export secret key feature.
* src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET): New.
(GPGME_EXPORT_MODE_RAW): New.
(GPGME_EXPORT_MODE_PKCS12): New.
* src/export.c (export_start, export_ext_start): Allow new flags.
* src/engine-gpg.c (export_common): Support secret key export.
* src/engine-gpgsm.c (gpgsm_export, gpgsm_export_ext): Ditto.

* src/gpgme-tool.c (cmd_export): Add options --secret, --raw,
and --pkcs12.
* tests/run-export.c (main): Likewise.
--

Note that exporting secret X.509 keys requires GnuPG 2.1.8.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-24 12:41:24 +02:00
Ben Kibbey
ccbaccbf2e Parse INQUIRE_MAXLEN in the passphrase callback.
* src/passphrase.c (_gpgme_passphrase_status_handler): Parse
GPGME_STATUS_INQUIRE_MAXLEN.
* src/passphrase.c (_gpgme_passphrase_command_handler): Send the
INQUIRE_MAXLEN status message.

--
Fixes passing this status message along when decrypting symmetric data
from gpg.
2015-08-16 12:54:50 -04:00
Ben Kibbey
70b3e5964e Fix gpgme_{get,set}_status_cb to match documentation.
* doc/gpgme.texi: Minor fixes.
* src/gpgme.c (gpgme_get_status_cb): Set return variables to NULL and
check for a valid ctx pointer.
2015-08-15 18:19:27 -04:00
Ben Kibbey
6dd24c3c61 Parse the INQUIRE_MAXLEN status message.
* src/gpgme.h.in: (gpgme_status_code_t): Add INQUIRE_MAXLEN.
* src/status-table.c (status_table_s): Ditto.
* src/genkey.c (genkey_status_handler): Parse INQUIRE_MAXLEN.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ditto.
* src/sign.c (_gpgme_sign_status_handler): Ditto.

This status message informs the client of the maximum length of an
inquired line. It is sent from gpg and forwarded to the client via
gpgme_status_cb_t.
2015-08-15 18:19:27 -04:00
Ben Kibbey
4fadcf06ec Add gpgme_set/get_status_cb().
* src/gpgme.h.in (gpgme_set_status_cb): New.
(gpgme_get_status_cb): New.
(gpgme_status_cb_t): New.
* src/gpgme.c (gpgme_set_status_cb): New.
(gpgme_get_status_cb): New.
* src/context.h (status_cb): New.
(status_cb_value): New.
* src/gpgme.def: Export new symbols.
* src/libgpgme.vers: Ditto.
* doc/gpgme.texi: Document these new functions.

--
This callback function is used to forward status messages from gpg back
to the client.
2015-08-15 18:19:27 -04:00
Ben Kibbey
2b6ae3dadf Make use of user passphrase handler during genkey.
* src/genkey.c (genkey_start): set engine passphrase command handler.

--
This allows for inquiring a new passphrase during key generation rather
than requiring a pinentry. Needs a patch to gnupg to make use of
--command-fd with --gen-key.
2015-08-15 18:17:06 -04:00
Ben Kibbey
e07d38f5f9 Also check the return code in gpg_sign().
* src/engine-gpg.c (gpg_sign): Check return value from start().
2015-08-12 06:46:43 -04:00
Ben Kibbey
8f28e3caf9 Check the return value when starting gpg.
* src/engine-gpg.c (gpg_decrypt, gpg_delete, gpg_passwd): Check return
value of start().
2015-08-10 21:23:02 -04:00
Ben McGinnes
a7fbd5293e More GTK2 removal
* Missed a couple of files, these 2 go for the same reason as the
  previous 3.
2015-08-02 11:06:14 +10:00
Ben McGinnes
1cd0aef0af Removed GUI examples
* GUI examples written with pygtk, which has not been ported to Python
  3 and won't be as it is for GTK2 and GNOME is moving to GTK3.
* New GUI examples may be required in future using any of several GUI
  frameworks (e.g. wxPython, PyQt, PySide, PyGObject, etc.).
2015-08-02 11:01:02 +10:00
Andre Heinecke
08086dd690
Add offline mode support for CMS keylisting
* doc/gpgme.texi: Document offline mode.
* src/context.h (gpgme_context): Add offline.
* src/engine-backend.h (keylist, keylist_ext): Add engine_flags.
* src/engine.c, src/engine.h (_gpgme_engine_op_keylist): Ditto.
  (_gpgme_engine_op_keylist_ext): Ditto.
* src/engine.h (GPGME_ENGINE_FLAG_OFFLINE): New.
* src/engine-gpg.c (gpg_keylist, gpg_keylist_ext): Ditto.
* src/engine-gpgsm.c (gpgsm_keylist): Handle engine_flags.
  (gpgsm_keylist_ext): Ditto.
* src/gpgme.c (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.def (gpgme_set_offline, gpgme_get_offline): New.
* src/gpgme.h.in (gpgme_set_offline, gpgme_get_offline): New.
* src/libgpgme.vers (gpgme_set_offline, gpgme_get_offline): New.
* src/keylist.c (gpgme_op_keylist_start): Set offline flag.
  (gpgme_op_keylist_ext_start): Ditto.
* tests/run-keylist.c (show_usage, main): Add offline argument.

--
The offline engine option was introduced with gpgsm 2.1.6
it is mainly useful for a full keylisting that includes
the certificate validation but does not depend on external
information that could take an indefinite amount of time to
collect.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2015-07-31 15:18:27 +02:00
Peter Wu
157c8be183
build: ignore scissor line for the commit-msg hook
* build-aux/git-hooks/commit-msg: Stop processing more lines when the
  scissor line is encountered.
--
This allows the command `git commit -v` to work even if the code is
longer than 72 characters. Note that comments are already ignored by the
previous line.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2015-07-23 15:05:52 +02:00
Werner Koch
c23f889710
Add option --lib-version to gpgme-tool.
* src/gpgme-tool.c (options, parse_options):  Add --lib-version
(CMD_LIBVERSION): New.
(main): Implement.
2015-07-23 11:40:09 +02:00
Werner Koch
a5d9e018b8
Post release updates
--
2015-06-08 15:18:56 +02:00
Werner Koch
052a9e3c56
Release 1.5.5 2015-06-08 15:03:18 +02:00
Werner Koch
ddbd54ef88
Fix regression with gpgsm 2.0 due to "OPTION with-secret".
* src/engine-gpgsm.c (gpgsm_assuan_simple_command): Do not terminate
on a status lines.
--

This bug has been with us since the support for gpgsm: If there is no
status line handler but a status line is received anyway the command
handling loop terminates and thus the command/answer order gets out of
sync.  In the case of the bug report this is triggered by sending an
option which starts the agent and that starting emits a "PROGRESS"
status line.

The solution is not to stop reading after a status line but record a
possible error code and return that only after OK or ERR.

GnuPG-bug-id: 1795
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-08 12:34:49 +02:00
Werner Koch
7addffc082
tests: Add option --secret to run-keylist.
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-08 12:30:11 +02:00
Werner Koch
8b9f84828c
Fix compiler warnings about unused value in TRACE macros.
* src/debug.h: Change macros to not have a literal 0 as last
expression of the comma operator.
* src/debug.c (_gpgme_debug_frame_end): Return 0.
(_gpgme_debug): Return 0.
--

Instead of using
   foo(), 0
for the trace macros we let foo() return 0 instead.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-08 11:08:08 +02:00
Werner Koch
a5b040cc57
Fix test suite for GnuPG 2.1 which uses pubring.kbx.
* tests/gpgsm/final.test: New.
* tests/gpgsm/initial.test: New.
* tests/gpg/start-stop-agent: Move to ../.
* tests/gpgsm/Makefile.am (TESTS_ENVIRONMENT): Export top_srcdir.
(TESTS): Add intial.test and final.test.
(AM_LDFLAGS): Add -no-install.
(clean-local): Use start-stop-agent
(initial.test): Add dependency.
* tests/gpg/Makefile.am (top_srcdir): Export top_srcdir.
(AM_LDFLAGS): Add -no-install.
(check-local): Depend on pubring-stamp instead of pubring.gpg.
(initial.test): Depend on check-local.
(./pubring-gpg): Replace by rule for ./pubring-stamp.
--

There are also a couple of other changes which should make the tests a
bit more robust and the gpg and gpgsm tests more similar.

The -no-install avoids creating wrappers for test programs, which make
debugging easier.

The dependency on check-local guarantees that its rules are run before
the first test.  This is important because conf files are setup by
this rule.  Earlier automake versions seem to have run check-local
always before the tests but today the order of execution is not
defined.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-08 10:43:29 +02:00
Matthew Barnes
87d713ff41
Set GPGME_SIGSUM_KEY_REVOKED also for gpg.
* src/verify.c (calc_sig_summary): Handle GPG_ERR_CERT_REVOKED.

--

parse_new_sig() handles a revoked key by setting sig->status to
GPG_ERR_CERT_REVOKED, but then later calc_sig_summary() expects that
code in sig->validity_reason.

Additional comments added by wk.
2015-06-05 14:58:06 +02:00
Werner Koch
0d28a69616
Fix segv for userids with a backslash.
* src/engine-gpg.c (gpg_keylist_preprocess): Increment SRC for a
backslash.
--

This bug is not exploitable because this bug fills up .data with
backslashes and thus causes the segv.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-05 14:25:59 +02:00
Ben McGinnes
90405ac84b
Python 3 port of PyME
* Port of PyME 0.9.0 for Python 2 to Python 3 along with most of the
  example scripts.
* Intended to be developed in parallel with the original Python 2
  version until such time as a rewrite of GPGME leads to developing an
  IO API in Python 3 from scratch.
* Python 3 PyME and API maintainer has entered, stage left with current
  GPG key ID 0x321E4E2373590E5D, primary fingerprint is "DB47 24E6 FA42
  86C9 2B4E  55C4 321E 4E23 7359 0E5D" and signing subkey fingerprint is
  "B7F0 FE75 9387 430D D0C5  8BDB 7FF2 D371 35C7 553C" for future
  reference with git commit signatures.
2015-05-17 05:31:35 +10:00
Ben McGinnes
29887c9b28 Explaining why not all scripts work
* Some of them cannot be properly tested on OS X, especially with GTK in
  the mix (it works on OS X, but is unlikely to be as easily accessible
  as Cocoa or Qt).
* Most major functions are showcased and do work, albeit sometimes with
  false positives of error messages, at least on OS X.
2015-05-17 05:14:47 +10:00
Ben McGinnes
c39cea7a07 Byte encoding
* More string updates.
* verifydetails.py still fails, but as Bernhard is still contactable, it
  might be worth him checking on it instead.
2015-05-17 05:07:12 +10:00
Ben McGinnes
0e6e6689ef No change, note added to explain why. 2015-05-17 04:57:26 +10:00
Ben McGinnes
40290507bc Strings vs. Bytes
* CLI input must be byte encoded.
2015-05-17 04:43:53 +10:00
Ben McGinnes
325b0ca341 More byte changes and passphrase changes
* exportimport works, but will still segfault for an as yet unknown
  reason.
* genkey produces a traceback error, but does create the key as
  intended.
* matched passphrase in signverify.
2015-05-17 04:22:53 +10:00
Ben McGinnes
ba3c9f2617 More bytes good
* Another string to byte change.
2015-05-17 04:09:38 +10:00
Ben McGinnes
1c87ecb86a Updated encrypt-to-all
* Changed plaintext string to byte literal.
* Nested key selection in a try/except statement in case of
  UnicodeEncodeError instances.
* Tested successfully on over 9,000 keys.
2015-05-17 04:03:49 +10:00
Ben McGinnes
24c738f5bb Passphrase update
* Changed example passphrase to something that meets the current minimum
  requirements.
2015-05-17 02:38:32 +10:00
Ben McGinnes
8345bf6f43 example email
* changed joe@foo.bar to joe@example.org as it is only a matter of time
  before ICANN actually creates bar as a gTLD, if they haven't already.
2015-05-17 02:35:24 +10:00
Ben McGinnes
4fc1239815 Updated string and key data
* Text changed to byte literals.
* Changed key type to RSA/RSA.
* Changed expiry to the future (2020).
2015-05-17 02:30:13 +10:00
Ben McGinnes
90079786c5 String type
* the plain text string must be bytes and not unicode.
* Expect most of the example code to have similar issues at present.
2015-05-09 04:53:46 +10:00
Ben McGinnes
ebd8734ad7 Python 3 port of PyME
* The entirety of the Python 3 port of PyME up to commit
  2145348ec54c6027f2ea20f695de0277e2871405
* The old commit log has been saved as
  lang/py3-pyme/docs/old-commits.log
* Can be viewed as a normal (separate) git repository at
  https://github.com/adversary-org/pyme3
* Utilising the submodule feature of git was deliberately skipped on
  humanitarian grounds (in order to prevent pain and suffering on the
  part of anyone having to manage this repository).
2015-05-06 03:09:44 +10:00
Werner Koch
7dcb654281
Post release updates.
--
2015-04-13 15:50:59 +02:00
Werner Koch
d2712d9f6f
Release 1.5.4. 2015-04-13 15:43:13 +02:00
Werner Koch
524dacfbb6
w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll.
* src/Makefile.am (extra_ltoptions): New.
(libgpgme_la_LDFLAGS): Use it.
(libgpgme_pthread_la_LDFLAGS): Ditto.
(libgpgme_glib_la_LDFLAGS): Ditto.
--

Since gcc 4.8 there is a regression in Mingw64 in that plain C
programs may link to libgcc_s.a which has a dependency on
libgcc_s_sjlj.dll.  This is for example triggered by using long long
arithmetic on a 32 bit Windows (e.g symbol __udivdi3).

Note that we don't use this patch for the Qt version which, as C++
programs, actually requires that DLL,

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-13 15:35:06 +02:00
Werner Koch
8cfcdfe556
Fix potential crash in trace macro.
* src/signers.c (gpgme_signers_add): Avoid deref of a NULL KEY in the
trace macro.
* src/engine-spawn.c (engspawn_release): Remove always true condition.
* src/engine-gpg.c (gpg_release): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 13:40:34 +01:00
Werner Koch
119f27032b
Fix one byte too short malloc.
* src/engine-spawn.c (add_data): Fix malloc
--

Bummer.  Why did I subtracted one from the size?  Did I assume a
dynamically allocated structure with a string field which was not
going to be used?  Very strange.

Not a real problem though because malloc will anyway round up the
allocation to at least the next word size.

Detected by Stack 0.3.
2015-03-16 13:38:10 +01:00
Werner Koch
428ea76965 Switch to automake 1.14 and update build-aux files.
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-30 10:45:20 +01:00
Daniel Kahn Gillmor
c32fab44f8 doc: Update gpl.texi to match version from gnupg
--

Somehow the doc/gpl.texi from gpgme and gnupg drifted out of sync.
This patch to gpgme's file brings it in line with gnupg's master
branch, and avoids the following errors during make:

./gpl.texi:667: @section seen before @end enumerate
./gpl.texi:724: unmatched `@end enumerate'
./gpl.texi:1: warning: node next `Copying' in menu `Concept Index'
   and in sectioning `Function and Data Index' differ
2014-12-15 11:55:05 +01:00
Werner Koch
a813c09cc7 Post release updates.
--
2014-12-11 12:56:51 +01:00
Werner Koch
37d927a970 Release 1.5.3.
* configure.ac: Set LT version to C24/A13/R2.
2014-12-11 12:07:49 +01:00
Werner Koch
05258d4275 Return an error for some export key operations.
* src/context.h (OPDATA_EXPORT): New.
* src/export.c (op_data_t): New.
(release_op_data): New.
(parse_error): New.
(export_status_handler): New.
(export_start, export_ext_start): Prepare op_data.
(gpgme_op_export_ext, gpgme_op_export_keys): Return an error from the
status handler.
--

To support an error return also for the async functions we need to
extend the API.  Until we have done that this new features helps at
least in some cases; in particular for --send-keys.
2014-12-08 11:19:16 +01:00
Werner Koch
162c87f069 Post release updates
--
2014-11-21 21:29:11 +01:00
Werner Koch
c62ce32b9c Release 1.5.2.
* configure.ac: Set LT version to C24/A13/R1.
2014-11-21 21:19:26 +01:00
Werner Koch
81ce87111f Update the previous commit
* src/sign.c (gpgme_op_sign_result): Reformat and take care of failed
malloc.
--

Although _gpgme_debug_trace() is current always true, the code should
be run always and not just in trace mode.  Also added error checking
to malloc and strdup.  And while at replace some while by for loop for
easier readability.
2014-11-21 21:12:06 +01:00
Ben Kibbey
5942b0c7e0 Fix returning new signatures when there are none.
* src/sign.c (gpgme_op_sign_result): Test that invalid and valid
signatures add up to gpgme_signers_count().
--

When invalid and valid signatures do not equal gpgme_signers_count() it
means that there was a bad passphrase during signing after the first
signer. This leaves the result.signatures from previous signers intact
which isn't correct since gpg will report:

gpg: number of one-pass packets does not match number of signature
packets
gpg: can't handle this ambiguous signature data

during verify. So when this happens append the valid signatures to the
.invalid_signers list with .reason set to GPG_ERR_GENERAL.
2014-11-21 20:25:43 +01:00