aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS1
-rw-r--r--doc/gpgme.texi10
-rw-r--r--src/context.h3
-rw-r--r--src/decrypt-verify.c3
-rw-r--r--src/decrypt.c3
-rw-r--r--src/engine-backend.h3
-rw-r--r--src/engine-gpg.c9
-rw-r--r--src/engine-gpgsm.c6
-rw-r--r--src/engine-uiserver.c5
-rw-r--r--src/engine.c6
-rw-r--r--src/engine.h3
-rw-r--r--src/gpgme.c8
-rw-r--r--tests/run-verify.c21
13 files changed, 72 insertions, 9 deletions
diff --git a/NEWS b/NEWS
index 25552ad6..71d96001 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ Noteworthy changes in version 1.10.0 (unreleased)
GPGME_DELETE_ALLOW_SECRET NEW.
GPGME_DELETE_FORCE NEW.
gpgme_op_conf_dir NEW.
+ gpgme_set_ctx_flag EXTENDED: New flag 'auto-key-retrieve'.
cpp: DecryptionResult::isDeVs NEW.
cpp: Signature::isDeVs NEW.
py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 5df54f58..8dcc86e6 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3055,6 +3055,16 @@ the context flag "export-session-key" is enabled. Please be aware that
using this feature with GnuPG < 2.1.16 will leak the session key on
many platforms via ps(1).
+@item "auto-key-retrieve"
+Setting the @var{value} to "1" asks the backend to automatically
+retrieve a key for signature verification if possible. Note that this
+option makes a "web bug" like behavior possible. Keyserver or Web Key
+Directory operators can see which keys you request, so by sending you
+a message signed by a brand new key (which you naturally will not have
+on your local keyring), the operator can tell both your IP address and
+the time when you verified the signature.
+
+
@end table
This function returns @code{0} on success.
diff --git a/src/context.h b/src/context.h
index d0542d9f..1e763d2a 100644
--- a/src/context.h
+++ b/src/context.h
@@ -118,6 +118,9 @@ struct gpgme_context
* flag is cleared with each operation. */
unsigned int redraw_suggested : 1;
+ /* True if the option --auto-key-retrieve shall be passed to gpg. */
+ unsigned int auto_key_retrieve : 1;
+
/* Flags for keylist mode. */
gpgme_keylist_mode_t keylist_mode;
diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c
index 66cfe94f..17f79acd 100644
--- a/src/decrypt-verify.c
+++ b/src/decrypt-verify.c
@@ -86,7 +86,8 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous,
flags,
cipher, plain,
ctx->export_session_keys,
- ctx->override_session_key);
+ ctx->override_session_key,
+ ctx->auto_key_retrieve);
}
diff --git a/src/decrypt.c b/src/decrypt.c
index eb7ec4d3..8c2cd4d7 100644
--- a/src/decrypt.c
+++ b/src/decrypt.c
@@ -452,7 +452,8 @@ _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
flags,
cipher, plain,
ctx->export_session_keys,
- ctx->override_session_key);
+ ctx->override_session_key,
+ ctx->auto_key_retrieve);
}
diff --git a/src/engine-backend.h b/src/engine-backend.h
index f41aaeb6..421eb166 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -65,7 +65,8 @@ struct engine_ops
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph,
gpgme_data_t plain, int export_session_key,
- const char *override_session_key);
+ const char *override_session_key,
+ int auto_key_retrieve);
gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags);
gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 9c0d7f7c..5ce04f0a 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1562,7 +1562,8 @@ static gpgme_error_t
gpg_decrypt (void *engine,
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key, const char *override_session_key)
+ int export_session_key, const char *override_session_key,
+ int auto_key_retrieve)
{
engine_gpg_t gpg = engine;
gpgme_error_t err;
@@ -1580,6 +1581,9 @@ gpg_decrypt (void *engine,
if (!err && export_session_key)
err = add_arg (gpg, "--show-session-key");
+ if (!err && auto_key_retrieve)
+ err = add_arg (gpg, "--auto-key-retrieve");
+
if (!err && override_session_key && *override_session_key)
{
if (have_gpg_version (gpg, "2.1.16"))
@@ -2997,6 +3001,9 @@ gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
gpgme_error_t err;
err = append_args_from_sender (gpg, ctx);
+ if (!err && ctx->auto_key_retrieve)
+ err = add_arg (gpg, "--auto-key-retrieve");
+
if (err)
;
else if (plaintext)
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index f23b0bfd..e337fedd 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1130,7 +1130,8 @@ static gpgme_error_t
gpgsm_decrypt (void *engine,
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key, const char *override_session_key)
+ int export_session_key, const char *override_session_key,
+ int auto_key_retrieve)
{
engine_gpgsm_t gpgsm = engine;
gpgme_error_t err;
@@ -1142,6 +1143,9 @@ gpgsm_decrypt (void *engine,
(void)export_session_key;
(void)override_session_key;
+ /* --auto-key-retrieve is also not supported. */
+ (void)auto_key_retrieve;
+
if (!gpgsm)
return gpg_error (GPG_ERR_INV_VALUE);
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 3db705d8..bc3f3fbd 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -962,7 +962,8 @@ static gpgme_error_t
uiserver_decrypt (void *engine,
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key, const char *override_session_key)
+ int export_session_key, const char *override_session_key,
+ int auto_key_retrieve)
{
engine_uiserver_t uiserver = engine;
gpgme_error_t err;
@@ -972,6 +973,8 @@ uiserver_decrypt (void *engine,
(void)override_session_key; /* Fixme: We need to see now to add this
* to the UI server protocol */
+ (void)auto_key_retrieve; /* Not yet supported. */
+
if (!uiserver)
return gpg_error (GPG_ERR_INV_VALUE);
diff --git a/src/engine.c b/src/engine.c
index 2c7e625f..28ba9fdf 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -656,7 +656,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph,
gpgme_data_t plain, int export_session_key,
- const char *override_session_key)
+ const char *override_session_key,
+ int auto_key_retrieve)
{
if (!engine)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -665,7 +666,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain,
- export_session_key, override_session_key);
+ export_session_key, override_session_key,
+ auto_key_retrieve);
}
diff --git a/src/engine.h b/src/engine.h
index b71b7e2d..0bf1bb27 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -88,7 +88,8 @@ gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine,
gpgme_data_t ciph,
gpgme_data_t plain,
int export_session_key,
- const char *override_session_key);
+ const char *override_session_key,
+ int auto_key_retrieve);
gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
unsigned int flags);
gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,
diff --git a/src/gpgme.c b/src/gpgme.c
index 2b196a25..d0a5afee 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -531,6 +531,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
if (!ctx->override_session_key)
err = gpg_error_from_syserror ();
}
+ else if (!strcmp (name, "auto-key-retrieve"))
+ {
+ ctx->auto_key_retrieve = abool;
+ }
else
err = gpg_error (GPG_ERR_UNKNOWN_NAME);
@@ -568,6 +572,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
{
return ctx->override_session_key? ctx->override_session_key : "";
}
+ else if (!strcmp (name, "auto-key-retrieve"))
+ {
+ return ctx->auto_key_retrieve? "1":"";
+ }
else
return NULL;
}
diff --git a/tests/run-verify.c b/tests/run-verify.c
index 3abc5728..b22e6446 100644
--- a/tests/run-verify.c
+++ b/tests/run-verify.c
@@ -222,6 +222,7 @@ show_usage (int ex)
" --openpgp use the OpenPGP protocol (default)\n"
" --cms use the CMS protocol\n"
" --sender MBOX use MBOX as sender address\n"
+ " --auto-key-retrieve\n"
, stderr);
exit (ex);
}
@@ -231,6 +232,7 @@ int
main (int argc, char **argv)
{
int last_argc = -1;
+ const char *s;
gpgme_error_t err;
gpgme_ctx_t ctx;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
@@ -241,6 +243,7 @@ main (int argc, char **argv)
gpgme_verify_result_t result;
int print_status = 0;
const char *sender = NULL;
+ int auto_key_retrieve = 0;
if (argc)
{ argc--; argv++; }
@@ -283,6 +286,12 @@ main (int argc, char **argv)
sender = *argv;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--auto-key-retrieve"))
+ {
+ auto_key_retrieve = 1;
+ argc--; argv++;
+ }
+
else if (!strncmp (*argv, "--", 2))
show_usage (1);
@@ -323,6 +332,18 @@ main (int argc, char **argv)
}
/* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */
+ if (auto_key_retrieve)
+ {
+ gpgme_set_ctx_flag (ctx, "auto-key-retrieve", "1");
+ s = gpgme_get_ctx_flag (ctx, "auto-key-retrieve");
+ if (!s || strcmp (s, "1"))
+ {
+ fprintf (stderr, PGM ": gpgme_get_ctx_flag failed for '%s'\n",
+ "auto-key-retrieve");
+ exit (1);
+ }
+ }
+
if (sender)
{
err = gpgme_set_sender (ctx, sender);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 16:57:20 +0000