* src/verify.c (parse_trust): Fix detection of "chain" keyword.
--
Fixes-commit: da6f3dc0c5
from 2007 shortly after introducing this. I doubt that this info has
ever been used (it is for qualified signatures, which are only
supported using the legacy German RegTP rules for them which were soon
overturned by the commercial CAs).
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.h (TRACE_BEG, TRACE_LOG, TRACE_SUC): Use variadic macros
and remove the TRACE_BEG1 et al. Change all users to always pass a
format string.
(TRACE): Ditto.
* src/debug.c (_gpgme_debugf): New.
* configure.ac <GCC>: Add -Wno-format-zero-length.
--
This makes it easier for use to enable format checks. The zero-length
format is required to allow for an empty format due to the comman
problematic of __VA_ARGS__.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (_gpgme_verify_status_handler): Remove debug output.
--
Actually this is a real bug because it uses a debug function available
only in the new libgpg-error versions. Time to call Jenkins back from
vacation; there are rumors that he has been seen in the city looking
for a new Ryzen tail coat.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/op-support.c (_gpgme_parse_plaintext): Add arg r_mime.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ser mime flag.
* src/verify.c (_gpgme_verify_status_handler): Ditto.
* src/gpgme.h.in (gpgme_op_verify_result_t): Append fields 'is_mime'
and '_unused'.
(gpgme_op_decrypt_result_t): New field 'is_mime'. Shrink '_unused'.
* tests/run-decrypt.c (print_result): Print MIME flag.
* tests/run-verify.c (print_result): Ditto.
--
Note that this flag (Liternal Data packet's 'm' mode) is only
specified in RFC-4880bis. To use it you currently need to add
"rfc4880bis" to the the gpg.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (_gpgme_verify_status_handler): Insert missing break.
--
Before the insertion of the compliance status checking the break in
the default clause was used by the STATUS_PLAINTEXT code. That got
lost. I don't see any actual harm due to different values currently
in use for the compliance status.
Fixes-commit: 05fa2a9c77
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (parse_new_sig): Parse the new ERRSIG fpr.
--
This works only when the signatures features an ISSUER_FPR sub-packet
and with GnuPG >= 2.2.7. If that is not the case the keyid is kept in
the FPR field.
Signed-off-by: Werner Koch <wk@gnupg.org>
* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro. This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information can the be presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
* src/verify.c (parse_tofu_user): For cleanness use gpg_error ...
(_gpgme_verify_status_handler): ... and gpg_err_code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (op_data_t): Add conflict_user_seen.
(parse_tofu_user): Return ERR_DUP_VALUE for mutltiple TOFU_USERS.
(_gpgme_verify_status_handler): Handle ERR_DUP_VALUE from
parse_tofu_user to ignore the next TOFU_STATS.
--
This fixes TOFU Conflict verification with GnuPG-2.1.17 and 2.1.18
GnuPG-Bug-Id: 2914
* src/gpgme.h.in (struct _gpeme_tofu_info): Rename FIRSTSEEN to
SIGNFIRST and LASTSEEN to SIGNLAST. Add ENCRFIST and ENCRLAST.
* src/keylist.c (parse_tfs_record): Parse to ENCRFIRST and ENCRLAST.
* src/verify.c (parse_tofu_stats): Ditto.
* tests/run-keylist.c (main): Adjust and print encrypt stats.
* tests/run-verify.c (print_result): Ditto.
* lang/cpp/src/tofuinfo.h (TofuInfo): Rename firstSeen to signFirst
and lastSeen to signLast. Add encrCount, encrFirst and encrLast.
* lang/cpp/src/tofuinfo.cpp (encrCount, encrFirst, encrLast): New.
--
The latest GnuPG commits have the needed changes but we also allow the
use of currently released GnuPG version.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (_gpgme_tofu_info): Change 'firstseen' and 'lastseen'
to a timestamp value.
* src/verify.c (parse_tofu_stats): Do not cap these values at UINT_MAX.
--
Using an unsigned long here is okay: We will never get an error and
even on machines where unsigned long is 32 bit (e.g. Windows64) this
allows us to operate until 2106. By then Windows will be a footnote
in history or Windows128 has changed that type to something larger
than 32 bit ;-)
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (parse_tofu_user): Add arg 'protocol' and store it in
the KEY.
(_gpgme_verify_status_handler): Pass protocol.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (struct _gpgme_signature): Remove field 'tofu'. Add
field 'key'.
(struct _gpgme_key): Add field 'fpr'.
(struct _gpgme_user_id): Add field 'tofu'.
(struct _gpgme_tofu_info): Remove fields 'address' and 'fpr'.
* src/key.c (gpgme_key_unref): Release TOFU and FPR.
* src/keylist.c (keylist_colon_handler): Store the fingerprint of the
first subkey also in KEY.
* src/verify.c (release_tofu_info): Remove.
(release_op_data): Release KEY.
(parse_tofu_user): Rewrite for new data structure.
(parse_tofu_stats): Ditto.
(parse_tofu_stats_long): Ditto.
* tests/run-verify.c (print_result): Ditto.
* tests/run-keylist.c (main): Print more fields.
--
TOFU information are now associated with the user ID and not with a
separate object.
Note that this breaks code relying on the former non-released TOFU
feature. The C++ bindings won't work right now.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (GPGME_STATUS_NOTATION_FLAGS): New.
* src/status-table.c (status_table): Add new status.
* src/verify.c (parse_notation): Handle flags. Also fix NOTATION_DATA
in case gpg would not percent-escape spaces.
(_gpgme_verify_status_handler): Handle flags.
* tests/run-verify.c (print_result): Print notaion data.
--
Note that this does only work with the soon to be released GnuPG
2.1.13.
* src/verify.c (verify_start): Do not return GPG_ERR_INV_VALUES when
when SIGNED_TEXT is not given.
--
The original idea behind this restriction probably was that it is
useless to verify a non-detached signatures without also returning the
signed text. However, it is sometimes useful to just check the
signature, for example to see who signed it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (GPGME_STATUS_FAILURE): New.
* src/status-table.c (FAILURE): New.
* src/op-support.c (_gpgme_parse_failure): New.
* src/passphrase.c (_gpgme_passphrase_status_handler): Forward FAILURE
status line to the status callback.
* src/decrypt.c (op_data_t): Add field failure_code.
(_gpgme_decrypt_status_handler): Parse that code and act upon it on EOF.
* src/encrypt.c (op_data_t): Add field failure_code.
(_gpgme_encrypt_status_handler): Parse that code and act upon it on EOF.
* src/genkey.c (op_data_t): Add field failure_code.
(genkey_status_handler): Parse that code and act upon it on EOF.
* src/passwd.c (op_data_t): Add field failure_code.
(passwd_status_handler): Parse that code and act upon it on EOF.
* src/sign.c (op_data_t): Add field failure_code.
(_gpgme_sign_status_handler): Parse that code and act upon it on EOF.
* src/verify.c (op_data_t): Add field failure_code.
(_gpgme_verify_status_handler): Parse that code and act upon it on EOF.
--
This requires GnuPG 2.1.8 to actually make a difference.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/verify.c (calc_sig_summary): Handle GPG_ERR_CERT_REVOKED.
--
parse_new_sig() handles a revoked key by setting sig->status to
GPG_ERR_CERT_REVOKED, but then later calc_sig_summary() expects that
code in sig->validity_reason.
Additional comments added by wk.
* src/debug.h: Include "gpgme.h"
(_gpgme_trace_gpgme_error): New.
(trace_gpg_error): New macro. Use it in all files where we return
GPG_ERR_INV_ENGINE; also "include debug.h" as needed.
--
This is a pretty common error code but often it is hard to figure out
the actual cause. With debug level 4 we now print the file name and
line number where this error code is generated by gpgme. Along with
the git revision printed in the first log lines, this should give us
an easier way to track down the problems related to this error code.
* src/verify.c (gpgme_op_verify_result): Update summary field.
--
This is actually a hack to solve the problem that GPGME currently does
not emit ERRSIG for a missing public key.
* configure.ac: Require libgpg-error 1.8.
src/
2010-05-06 Marcus Brinkmann <marcus@g10code.de>
* sign.c, data-user.c, conversion.c, debug.c, verify.c, data.c,
decrypt.c, delete.c, assuan-support.c, import.c, engine-gpgsm.c,
data-mem.c, op-support.c, w32-io.c, w32-util.c, data-compat.c: Use
gpg_error_from_syserror instead gpg_error_from_errno, and use
gpg_err_set_errno to set error number.
* setenv.c: Include <gpg-error.h> and define __set_errno to use
gpg_err_set_errno.
* gpgme-tool.c (ARGP_ERR_UNKNOWN): Define to EDEADLOCK (which is
mapped in Windows CE) instead of E2BIG (which is not).
(gt_import_keys): Initialize err.
