aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/dirinfo.c19
-rw-r--r--src/engine-backend.h8
-rw-r--r--src/engine-gpg.c748
-rw-r--r--src/engine-gpgsm.c18
-rw-r--r--src/engine-uiserver.c18
-rw-r--r--src/engine.c14
-rw-r--r--src/engine.h6
-rw-r--r--src/gpgme.def2
-rw-r--r--src/gpgme.h.in30
-rw-r--r--src/libgpgme.vers3
-rw-r--r--src/sign.c21
-rw-r--r--src/util.h1
-rw-r--r--src/verify.c49
13 files changed, 632 insertions, 305 deletions
diff --git a/src/dirinfo.c b/src/dirinfo.c
index 8ea15d81..60e536f5 100644
--- a/src/dirinfo.c
+++ b/src/dirinfo.c
@@ -59,6 +59,7 @@ enum
WANT_DIRMNGR_NAME,
WANT_PINENTRY_NAME,
WANT_GPG_WKS_CLIENT_NAME,
+ WANT_GPGTAR_NAME,
WANT_GPG_ONE_MODE
};
@@ -88,6 +89,7 @@ static struct {
char *dirmngr_name;
char *pinentry_name;
char *gpg_wks_client_name;
+ char *gpgtar_name;
int gpg_one_mode; /* System is in gpg1 mode. */
} dirinfo;
@@ -407,6 +409,14 @@ get_gpgconf_item (int what)
NULL);
result = dirinfo.gpg_wks_client_name;
break;
+ case WANT_GPGTAR_NAME:
+ if (!dirinfo.gpgtar_name && dirinfo.bindir)
+ dirinfo.gpgtar_name = _gpgme_strconcat (dirinfo.bindir,
+ "/",
+ "gpgtar",
+ NULL);
+ result = dirinfo.gpgtar_name;
+ break;
}
UNLOCK (dirinfo_lock);
return result;
@@ -455,6 +465,13 @@ _gpgme_get_default_gpgconf_name (void)
return get_gpgconf_item (WANT_GPGCONF_NAME);
}
+/* Return the default gpgtar file name. Returns NULL if not known. */
+const char *
+_gpgme_get_default_gpgtar_name (void)
+{
+ return get_gpgconf_item (WANT_GPGTAR_NAME);
+}
+
/* Return the default UI-server socket name. Returns NULL if not
known. */
const char *
@@ -524,6 +541,8 @@ gpgme_get_dirinfo (const char *what)
return get_gpgconf_item (WANT_PINENTRY_NAME);
else if (!strcmp (what, "gpg-wks-client-name"))
return get_gpgconf_item (WANT_GPG_WKS_CLIENT_NAME);
+ else if (!strcmp (what, "gpgtar-name"))
+ return get_gpgconf_item (WANT_GPGTAR_NAME);
else if (!strcmp (what, "agent-ssh-socket"))
return get_gpgconf_item (WANT_AGENT_SSH_SOCKET);
else if (!strcmp (what, "dirmngr-socket"))
diff --git a/src/engine-backend.h b/src/engine-backend.h
index 75ed49cd..d430620b 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -119,12 +119,12 @@ struct engine_ops
gpgme_key_t key,
gpgme_tofu_policy_t policy);
gpgme_error_t (*sign) (void *engine, gpgme_data_t in, gpgme_data_t out,
- gpgme_sig_mode_t mode, int use_armor,
+ gpgme_sig_mode_t flags, int use_armor,
int use_textmode, int include_certs,
gpgme_ctx_t ctx /* FIXME */);
- gpgme_error_t (*verify) (void *engine, gpgme_data_t sig,
- gpgme_data_t signed_text, gpgme_data_t plaintext,
- gpgme_ctx_t ctx);
+ gpgme_error_t (*verify) (void *engine, gpgme_verify_flags_t flags,
+ gpgme_data_t sig, gpgme_data_t signed_text,
+ gpgme_data_t plaintext, gpgme_ctx_t ctx);
gpgme_error_t (*getauditlog) (void *engine, gpgme_data_t output,
unsigned int flags);
gpgme_error_t (*setexpire) (void *engine, gpgme_key_t key,
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 9d20f2ba..41f24d1e 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -57,6 +57,7 @@ struct arg_and_data_s
int inbound; /* True if this is used for reading from gpg. */
int dup_to;
int print_fd; /* Print the fd number and not the special form of it. */
+ int gpg_arg; /* True if this argument is not known by gpgtar. */
int *arg_locp; /* Write back the argv idx of this argument when
building command line to this location. */
char arg[FLEXIBLE_ARRAY_MEMBER]; /* Used if data above is not used. */
@@ -145,6 +146,7 @@ struct engine_gpg
char *trust_model;
struct {
+ unsigned int use_gpgtar : 1;
unsigned int no_symkey_cache : 1;
unsigned int offline : 1;
unsigned int ignore_mdc_error : 1;
@@ -222,11 +224,32 @@ close_notify_handler (int fd, void *opaque)
}
}
+static void
+_append_to_arglist (engine_gpg_t gpg, struct arg_and_data_s *a)
+{
+ a->next = NULL;
+ *gpg->argtail = a;
+ gpg->argtail = &a->next;
+}
+
+static void
+_prepend_to_arglist (engine_gpg_t gpg, struct arg_and_data_s *a)
+{
+ a->next = gpg->arglist;
+ if (!gpg->arglist)
+ {
+ /* If this is the first argument, we need to update the tail
+ pointer. */
+ gpg->argtail = &a->next;
+ }
+ gpg->arglist = a;
+}
+
/* If FRONT is true, push at the front of the list. Use this for
options added late in the process. */
static gpgme_error_t
_add_arg (engine_gpg_t gpg, const char *prefix, const char *arg, size_t arglen,
- int front, int *arg_locp)
+ int front, int *arg_locp, int gpg_arg)
{
struct arg_and_data_s *a;
size_t prefixlen = prefix? strlen (prefix) : 0;
@@ -241,28 +264,16 @@ _add_arg (engine_gpg_t gpg, const char *prefix, const char *arg, size_t arglen,
a->data = NULL;
a->dup_to = -1;
a->arg_locp = arg_locp;
+ a->gpg_arg = gpg_arg;
if (prefixlen)
memcpy (a->arg, prefix, prefixlen);
memcpy (a->arg + prefixlen, arg, arglen);
a->arg[prefixlen + arglen] = 0;
if (front)
- {
- a->next = gpg->arglist;
- if (!gpg->arglist)
- {
- /* If this is the first argument, we need to update the tail
- pointer. */
- gpg->argtail = &a->next;
- }
- gpg->arglist = a;
- }
+ _prepend_to_arglist (gpg, a);
else
- {
- a->next = NULL;
- *gpg->argtail = a;
- gpg->argtail = &a->next;
- }
+ _append_to_arglist (gpg, a);
return 0;
}
@@ -271,37 +282,50 @@ _add_arg (engine_gpg_t gpg, const char *prefix, const char *arg, size_t arglen,
static gpgme_error_t
add_arg_ext (engine_gpg_t gpg, const char *arg, int front)
{
- return _add_arg (gpg, NULL, arg, strlen (arg), front, NULL);
+ return _add_arg (gpg, NULL, arg, strlen (arg), front, NULL, 0);
}
static gpgme_error_t
-add_arg_with_locp (engine_gpg_t gpg, const char *arg, int *locp)
+add_arg_with_locp (engine_gpg_t gpg, const char *arg, int *locp, int front)
{
- return _add_arg (gpg, NULL, arg, strlen (arg), 0, locp);
+ return _add_arg (gpg, NULL, arg, strlen (arg), front, locp, 0);
}
static gpgme_error_t
add_arg (engine_gpg_t gpg, const char *arg)
{
- return _add_arg (gpg, NULL, arg, strlen (arg), 0, NULL);
+ return _add_arg (gpg, NULL, arg, strlen (arg), 0, NULL, 0);
}
static gpgme_error_t
add_arg_pfx (engine_gpg_t gpg, const char *prefix, const char *arg)
{
- return _add_arg (gpg, prefix, arg, strlen (arg), 0, NULL);
+ return _add_arg (gpg, prefix, arg, strlen (arg), 0, NULL, 0);
+}
+
+static gpgme_error_t
+add_gpg_arg (engine_gpg_t gpg, const char *arg)
+{
+ return _add_arg (gpg, NULL, arg, strlen (arg), 0, NULL, 1);
+}
+
+static gpgme_error_t
+add_gpg_arg_with_value (engine_gpg_t gpg, const char *arg, const char *value,
+ int front)
+{
+ return _add_arg (gpg, arg, value, strlen (value), front, NULL, 1);
}
static gpgme_error_t
add_arg_len (engine_gpg_t gpg, const char *prefix,
const char *arg, size_t arglen)
{
- return _add_arg (gpg, prefix, arg, arglen, 0, NULL);
+ return _add_arg (gpg, prefix, arg, arglen, 0, NULL, 0);
}
static gpgme_error_t
-add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound)
+add_data_ext (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound, int front)
{
struct arg_and_data_s *a;
@@ -311,7 +335,6 @@ add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound)
a = malloc (offsetof (struct arg_and_data_s, arg));
if (!a)
return gpg_error_from_syserror ();
- a->next = NULL;
a->data = data;
a->inbound = inbound;
a->arg_locp = NULL;
@@ -326,12 +349,22 @@ add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound)
a->print_fd = 0;
a->dup_to = dup_to;
}
- *gpg->argtail = a;
- gpg->argtail = &a->next;
+
+ if (front)
+ _prepend_to_arglist (gpg, a);
+ else
+ _append_to_arglist (gpg, a);
+
return 0;
}
+static gpgme_error_t
+add_data (engine_gpg_t gpg, gpgme_data_t data, int dup_to, int inbound)
+{
+ return add_data_ext (gpg, data, dup_to, inbound, 0);
+}
+
/* Return true if the engine's version is at least VERSION. */
static int
have_gpg_version (engine_gpg_t gpg, const char *version)
@@ -540,34 +573,18 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,
if (home_dir)
{
- rc = add_arg (gpg, "--homedir");
- if (!rc)
- rc = add_arg (gpg, home_dir);
+ rc = add_gpg_arg_with_value (gpg, "--homedir=", home_dir, 0);
if (rc)
goto leave;
}
- rc = add_arg (gpg, "--status-fd");
- if (rc)
- goto leave;
-
- {
- char buf[25];
- _gpgme_io_fd2str (buf, sizeof (buf), gpg->status.fd[1]);
- rc = add_arg_with_locp (gpg, buf, &gpg->status.arg_loc);
- if (rc)
- goto leave;
- }
-
- rc = add_arg (gpg, "--no-tty");
- if (!rc)
- rc = add_arg (gpg, "--charset");
+ rc = add_gpg_arg (gpg, "--no-tty");
if (!rc)
- rc = add_arg (gpg, "utf8");
+ rc = add_gpg_arg (gpg, "--charset=utf8");
if (!rc)
- rc = add_arg (gpg, "--enable-progress-filter");
+ rc = add_gpg_arg (gpg, "--enable-progress-filter");
if (!rc && have_gpg_version (gpg, "2.1.11"))
- rc = add_arg (gpg, "--exit-on-status-write-error");
+ rc = add_gpg_arg (gpg, "--exit-on-status-write-error");
if (rc)
goto leave;
@@ -576,9 +593,7 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,
goto leave;
if (dft_display)
{
- rc = add_arg (gpg, "--display");
- if (!rc)
- rc = add_arg (gpg, dft_display);
+ rc = add_gpg_arg_with_value (gpg, "--display=", dft_display, 0);
free (dft_display);
if (rc)
@@ -605,11 +620,7 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,
if (!err)
{
if (*dft_ttyname)
- {
- rc = add_arg (gpg, "--ttyname");
- if (!rc)
- rc = add_arg (gpg, dft_ttyname);
- }
+ rc = add_gpg_arg_with_value (gpg, "--ttyname=", dft_ttyname, 0);
else
rc = 0;
if (!rc)
@@ -619,11 +630,7 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,
goto leave;
if (dft_ttytype)
- {
- rc = add_arg (gpg, "--ttytype");
- if (!rc)
- rc = add_arg (gpg, dft_ttytype);
- }
+ rc = add_gpg_arg_with_value (gpg, "--ttytype=", dft_ttytype, 0);
free (dft_ttytype);
}
@@ -632,16 +639,6 @@ gpg_new (void **engine, const char *file_name, const char *home_dir,
}
}
- rc = gpgme_data_new (&gpg->diagnostics);
- if (rc)
- goto leave;
-
- rc = add_arg (gpg, "--logger-fd");
- if (rc)
- goto leave;
-
- rc = add_data (gpg, gpg->diagnostics, -2, 1);
-
leave:
if (rc)
gpg_release (gpg);
@@ -871,9 +868,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
{
gpgme_error_t err;
struct arg_and_data_s *a;
- struct fd_data_map_s *fd_data_map;
+ struct fd_data_map_s *fd_data_map = NULL;
size_t datac=0, argc=0, allocated_argc=0;
- char **argv;
+ char **argv = NULL;
int need_special = 0;
int use_agent = 0;
char *p;
@@ -907,7 +904,7 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
argc++; /* For argv[0]. */
for (a = gpg->arglist; a; a = a->next)
{
- argc++;
+ argc += 1 + (gpg->flags.use_gpgtar && a->gpg_arg);
if (a->data)
{
/*fprintf (stderr, "build_argv: data\n" );*/
@@ -926,26 +923,24 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
if (use_agent)
argc++;
if (*gpg->request_origin)
- argc++;
+ argc += 1 + !!gpg->flags.use_gpgtar;
if (gpg->auto_key_locate)
- argc++;
+ argc += 1 + !!gpg->flags.use_gpgtar;
if (gpg->trust_model)
- argc++;
+ argc += 1 + !!gpg->flags.use_gpgtar;
if (gpg->flags.no_symkey_cache)
- argc++;
+ argc += 1 + !!gpg->flags.use_gpgtar;
if (gpg->flags.ignore_mdc_error)
- argc++;
+ argc += 1 + !!gpg->flags.use_gpgtar;
if (gpg->flags.offline)
- argc++;
+ argc += 1 + !!gpg->flags.use_gpgtar;
if (gpg->flags.no_auto_check_trustdb)
- argc++;
+ argc += 1 + !!gpg->flags.use_gpgtar;
if (gpg->pinentry_mode)
- argc++;
+ argc += 1 + !!gpg->flags.use_gpgtar;
if (!gpg->cmd.used)
argc++; /* --batch */
- argc++; /* --no-sk-comments */
-
argv = calloc (argc + 1, sizeof *argv);
allocated_argc = argc;
@@ -954,19 +949,18 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
fd_data_map = calloc (datac + 1, sizeof *fd_data_map);
if (!fd_data_map)
{
- int saved_err = gpg_error_from_syserror ();
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc = datac = 0;
argv[argc] = strdup (_gpgme_get_basename (pgmname)); /* argv[0] */
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
if (need_special)
@@ -974,10 +968,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
argv[argc] = strdup ("--enable-special-filenames");
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
@@ -986,10 +979,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
argv[argc] = strdup ("--use-agent");
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
@@ -998,92 +990,162 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
if (*gpg->request_origin)
{
+ if (gpg->flags.use_gpgtar)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = _gpgme_strconcat ("--request-origin=",
gpg->request_origin, NULL);
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
if (gpg->auto_key_locate)
{
+ if (gpg->flags.use_gpgtar)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = strdup (gpg->auto_key_locate);
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
if (gpg->trust_model)
{
+ if (gpg->flags.use_gpgtar)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = strdup (gpg->trust_model);
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
if (gpg->flags.no_symkey_cache)
{
+ if (gpg->flags.use_gpgtar)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = strdup ("--no-symkey-cache");
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
if (gpg->flags.ignore_mdc_error)
{
+ if (gpg->flags.use_gpgtar)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = strdup ("--ignore-mdc-error");
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
if (gpg->flags.offline)
{
+ if (gpg->flags.use_gpgtar)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = strdup ("--disable-dirmngr");
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
if (gpg->flags.no_auto_check_trustdb)
{
+ if (gpg->flags.use_gpgtar)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = strdup ("--no-auto-check-trustdb");
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
@@ -1101,13 +1163,23 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
}
if (s)
{
+ if (gpg->flags.use_gpgtar)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = strdup (s);
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
@@ -1118,22 +1190,12 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
argv[argc] = strdup ("--batch");
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
- argv[argc] = strdup ("--no-sk-comments");
- if (!argv[argc])
- {
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
- }
- argc++;
for (a = gpg->arglist; a; a = a->next)
{
if (a->arg_locp)
@@ -1151,10 +1213,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
if (_gpgme_io_pipe (fds, fd_data_map[datac].inbound ? 1 : 0)
== -1)
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
if (_gpgme_io_set_close_notify (fds[0],
close_notify_handler, gpg)
@@ -1202,10 +1263,9 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
argv[argc] = malloc (buflen);
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
ptr = argv[argc];
@@ -1224,13 +1284,23 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
}
else
{
+ if (gpg->flags.use_gpgtar && a->gpg_arg)
+ {
+ argv[argc] = strdup ("--gpg-args");
+ if (!argv[argc])
+ {
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
+ }
+ argc++;
+ }
argv[argc] = strdup (a->arg);
if (!argv[argc])
{
- int saved_err = gpg_error_from_syserror ();
- free (fd_data_map);
- free_argv (argv);
- return saved_err;
+ err = gpg_error_from_syserror ();
+ if (err)
+ goto leave;
}
argc++;
}
@@ -1241,9 +1311,18 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
allocated array like ccparray in gnupg. */
assert (argc <= allocated_argc);
- gpg->argv = argv;
- gpg->fd_data_map = fd_data_map;
- return 0;
+leave:
+ if (err)
+ {
+ free (fd_data_map);
+ free_argv (argv);
+ }
+ else
+ {
+ gpg->argv = argv;
+ gpg->fd_data_map = fd_data_map;
+ }
+ return err;
}
@@ -1561,28 +1640,65 @@ start (engine_gpg_t gpg)
if (!gpg)
return gpg_error (GPG_ERR_INV_VALUE);
- if (!gpg->file_name && !_gpgme_get_default_gpg_name ())
+ if (!gpg->flags.use_gpgtar)
+ pgmname = gpg->file_name ? gpg->file_name : _gpgme_get_default_gpg_name ();
+ else
+ pgmname = _gpgme_get_default_gpgtar_name ();
+ if (!pgmname)
return trace_gpg_error (GPG_ERR_INV_ENGINE);
+ rc = gpgme_data_new (&gpg->diagnostics);
+ if (rc)
+ return rc;
+
+ if (gpg->flags.use_gpgtar)
+ {
+ /* Read the diagnostics output from gpgtar's stderr. */
+ rc = add_data (gpg, gpg->diagnostics, 2, 1);
+ if (rc)
+ return rc;
+ }
+ else
+ {
+ rc = add_data_ext (gpg, gpg->diagnostics, -2, 1, 1);
+ if (rc)
+ return rc;
+
+ rc = add_arg_ext (gpg, "--logger-fd", 1);
+ if (rc)
+ return rc;
+ }
+
+ if (!gpg->flags.use_gpgtar || have_gpg_version (gpg, "2.4.1"))
+ {
+ /* Do not pass --status-fd to gpgtar for gpg < 2.4.1. */
+ {
+ char buf[25];
+ _gpgme_io_fd2str (buf, sizeof (buf), gpg->status.fd[1]);
+ rc = add_arg_with_locp (gpg, buf, &gpg->status.arg_loc, 1);
+ if (rc)
+ return rc;
+ }
+
+ rc = add_arg_ext (gpg, "--status-fd", 1);
+ if (rc)
+ return rc;
+ }
+
if (gpg->lc_ctype)
{
- rc = add_arg_ext (gpg, gpg->lc_ctype, 1);
- if (!rc)
- rc = add_arg_ext (gpg, "--lc-ctype", 1);
+ rc = add_gpg_arg_with_value (gpg, "--lc-ctype=", gpg->lc_ctype, 1);
if (rc)
return rc;
}
if (gpg->lc_messages)
{
- rc = add_arg_ext (gpg, gpg->lc_messages, 1);
- if (!rc)
- rc = add_arg_ext (gpg, "--lc-messages", 1);
+ rc = add_gpg_arg_with_value (gpg, "--lc-messages=", gpg->lc_messages, 1);
if (rc)
return rc;
}
- pgmname = gpg->file_name ? gpg->file_name : _gpgme_get_default_gpg_name ();
rc = build_argv (gpg, pgmname);
if (rc)
return rc;
@@ -1714,6 +1830,14 @@ gpg_decrypt (void *engine,
engine_gpg_t gpg = engine;
gpgme_error_t err;
+ gpg->flags.use_gpgtar = !!(flags & GPGME_DECRYPT_ARCHIVE);
+
+ if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1"))
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ if (gpg->flags.use_gpgtar && (flags & GPGME_DECRYPT_UNWRAP))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
err = add_arg (gpg, "--decrypt");
if (!err && (flags & GPGME_DECRYPT_UNWRAP))
@@ -1725,17 +1849,17 @@ gpg_decrypt (void *engine,
}
if (!err && export_session_key)
- err = add_arg (gpg, "--show-session-key");
+ err = add_gpg_arg (gpg, "--show-session-key");
if (!err && auto_key_retrieve)
- err = add_arg (gpg, "--auto-key-retrieve");
+ err = add_gpg_arg (gpg, "--auto-key-retrieve");
if (!err && gpg->flags.auto_key_import)
- err = add_arg (gpg, "--auto-key-import");
+ err = add_gpg_arg (gpg, "--auto-key-import");
if (!err && override_session_key && *override_session_key)
{
- if (have_gpg_version (gpg, "2.1.16"))
+ if (have_gpg_version (gpg, "2.1.16") && !gpg->flags.use_gpgtar)
{
gpgme_data_release (gpg->override_session_key);
TRACE (DEBUG_ENGINE, "override", gpg, "seskey='%s' len=%zu\n",
@@ -1765,25 +1889,43 @@ gpg_decrypt (void *engine,
else
{
/* Using that option may leak the session key via ps(1). */
- err = add_arg (gpg, "--override-session-key");
- if (!err)
- err = add_arg (gpg, override_session_key);
+ err = add_gpg_arg_with_value (gpg, "--override-session-key=",
+ override_session_key, 0);
}
}
/* Tell the gpg object about the data. */
- if (!err)
- err = add_arg (gpg, "--output");
- if (!err)
- err = add_arg (gpg, "-");
- if (!err)
- err = add_data (gpg, plain, 1, 1);
- if (!err)
- err = add_input_size_hint (gpg, ciph);
- if (!err)
- err = add_arg (gpg, "--");
- if (!err)
- err = add_data (gpg, ciph, -1, 0);
+ if (gpg->flags.use_gpgtar)
+ {
+ const char *file_name = gpgme_data_get_file_name (plain);
+ if (!err && file_name)
+ {
+ err = add_arg (gpg, "--directory");
+ if (!err)
+ err = add_arg (gpg, file_name);
+ }
+ if (!err)
+ err = add_input_size_hint (gpg, ciph);
+ if (!err)
+ err = add_arg (gpg, "--");
+ if (!err)
+ err = add_data (gpg, ciph, 0, 0);
+ }
+ else
+ {
+ if (!err)
+ err = add_arg (gpg, "--output");
+ if (!err)
+ err = add_arg (gpg, "-");
+ if (!err)
+ err = add_data (gpg, plain, 1, 1);
+ if (!err)
+ err = add_input_size_hint (gpg, ciph);
+ if (!err)
+ err = add_arg (gpg, "--");
+ if (!err)
+ err = add_data (gpg, ciph, -1, 0);
+ }
if (!err)
err = start (gpg);
@@ -1867,16 +2009,11 @@ append_args_from_signers (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */)
static gpgme_error_t
append_args_from_sender (engine_gpg_t gpg, gpgme_ctx_t ctx)
{
- gpgme_error_t err;
+ gpgme_error_t err = 0;
if (ctx->sender && have_gpg_version (gpg, "2.1.15"))
- {
- err = add_arg (gpg, "--sender");
- if (!err)
- err = add_arg (gpg, ctx->sender);
- }
- else
- err = 0;
+ err = add_gpg_arg_with_value (gpg, "--sender=", ctx->sender, 0);
+
return err;
}
@@ -1930,14 +2067,12 @@ append_args_from_sig_notations (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */,
if (!err)
{
if ((flags & NOTATION_FLAG_SET))
- err = add_arg (gpg, "--set-notation");
+ err = add_gpg_arg_with_value (gpg, "--set-notation=", arg, 0);
else if ((flags & NOTATION_FLAG_CERT))
- err = add_arg (gpg, "--cert-notation");
+ err = add_gpg_arg_with_value (gpg, "--cert-notation=", arg, 0);
else
- err = add_arg (gpg, "--sig-notation");
+ err = add_gpg_arg_with_value (gpg, "--sig-notation=", arg, 0);
}
- if (!err)
- err = add_arg (gpg, arg);
if (arg)
free (arg);
@@ -1964,9 +2099,7 @@ append_args_from_sig_notations (engine_gpg_t gpg, gpgme_ctx_t ctx /* FIXME */,
value = notation->value;
if (!err)
- err = add_arg (gpg, "--sig-policy-url");
- if (!err)
- err = add_arg (gpg, value);
+ err = add_gpg_arg_with_value (gpg, "--sig-policy-url=", value, 0);
if (value != notation->value)
free (value);
@@ -2199,6 +2332,14 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
engine_gpg_t gpg = engine;
gpgme_error_t err = 0;
+ gpg->flags.use_gpgtar = !!(flags & GPGME_ENCRYPT_ARCHIVE);
+
+ if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1"))
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ if (gpg->flags.use_gpgtar && (flags & GPGME_ENCRYPT_WRAP))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
if (recp || recpstring)
err = add_arg (gpg, "--encrypt");
@@ -2206,7 +2347,7 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
err = add_arg (gpg, "--symmetric");
if (!err && use_armor)
- err = add_arg (gpg, "--armor");
+ err = add_gpg_arg (gpg, "--armor");
if (!err && (flags & GPGME_ENCRYPT_WRAP))
{
@@ -2216,31 +2357,31 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
* the encryption would add an additional compression layer.
* We better suppress that. */
flags |= GPGME_ENCRYPT_NO_COMPRESS;
- err = add_arg (gpg, "--no-literal");
+ err = add_gpg_arg (gpg, "--no-literal");
}
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
- err = add_arg (gpg, "--compress-algo=none");
+ err = add_gpg_arg (gpg, "--compress-algo=none");
if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
- err = add_arg (gpg, "--throw-keyids");
+ err = add_gpg_arg (gpg, "--throw-keyids");
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
&& have_gpg_version (gpg, "2.1.14"))
- err = add_arg (gpg, "--mimemode");
+ err = add_gpg_arg (gpg, "--mimemode");
if (!err && gpg->flags.include_key_block)
- err = add_arg (gpg, "--include-key-block");
+ err = add_gpg_arg (gpg, "--include-key-block");
if (recp || recpstring)
{
/* If we know that all recipients are valid (full or ultimate trust)
we can suppress further checks. */
if (!err && (flags & GPGME_ENCRYPT_ALWAYS_TRUST))
- err = add_arg (gpg, "--always-trust");
+ err = add_gpg_arg (gpg, "--always-trust");
if (!err && (flags & GPGME_ENCRYPT_NO_ENCRYPT_TO))
- err = add_arg (gpg, "--no-encrypt-to");
+ err = add_gpg_arg (gpg, "--no-encrypt-to");
if (!err && !recp && recpstring)
err = append_args_from_recipients_string (gpg, flags, recpstring);
@@ -2255,19 +2396,39 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
err = add_arg (gpg, "-");
if (!err)
err = add_data (gpg, ciph, 1, 1);
- if (gpgme_data_get_file_name (plain))
+ if (gpg->flags.use_gpgtar)
{
+ const char *file_name = gpgme_data_get_file_name (plain);
+ if (!err && file_name)
+ {
+ err = add_arg (gpg, "--directory");
+ if (!err)
+ err = add_arg (gpg, file_name);
+ }
+ if (!err)
+ err = add_arg (gpg, "--files-from");
+ if (!err)
+ err = add_arg (gpg, "-");
+ if (!err)
+ err = add_arg (gpg, "--null");
if (!err)
- err = add_arg (gpg, "--set-filename");
+ err = add_arg (gpg, "--utf8-strings");
+ /* Pass the filenames to gpgtar's stdin. */
if (!err)
- err = add_arg (gpg, gpgme_data_get_file_name (plain));
+ err = add_data (gpg, plain, 0, 0);
+ }
+ else
+ {
+ const char *file_name = gpgme_data_get_file_name (plain);
+ if (!err && file_name)
+ err = add_gpg_arg_with_value (gpg, "--set-filename=", file_name, 0);
+ if (!err)
+ err = add_input_size_hint (gpg, plain);
+ if (!err)
+ err = add_arg (gpg, "--");
+ if (!err)
+ err = add_data (gpg, plain, -1, 0);
}
- if (!err)
- err = add_input_size_hint (gpg, plain);
- if (!err)
- err = add_arg (gpg, "--");
- if (!err)
- err = add_data (gpg, plain, -1, 0);
if (!err)
err = start (gpg);
@@ -2286,6 +2447,11 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
engine_gpg_t gpg = engine;
gpgme_error_t err = 0;
+ gpg->flags.use_gpgtar = !!(flags & GPGME_ENCRYPT_ARCHIVE);
+
+ if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1"))
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
if (recp || recpstring)
err = add_arg (gpg, "--encrypt");
@@ -2295,30 +2461,30 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
if (!err)
err = add_arg (gpg, "--sign");
if (!err && use_armor)
- err = add_arg (gpg, "--armor");
+ err = add_gpg_arg (gpg, "--armor");
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
- err = add_arg (gpg, "--compress-algo=none");
+ err = add_gpg_arg (gpg, "--compress-algo=none");
if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
- err = add_arg (gpg, "--throw-keyids");
+ err = add_gpg_arg (gpg, "--throw-keyids");
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
&& have_gpg_version (gpg, "2.1.14"))
- err = add_arg (gpg, "--mimemode");
+ err = add_gpg_arg (gpg, "--mimemode");
if (!err && gpg->flags.include_key_block)
- err = add_arg (gpg, "--include-key-block");
+ err = add_gpg_arg (gpg, "--include-key-block");
if (recp || recpstring)
{
/* If we know that all recipients are valid (full or ultimate trust)
we can suppress further checks. */
if (!err && (flags & GPGME_ENCRYPT_ALWAYS_TRUST))
- err = add_arg (gpg, "--always-trust");
+ err = add_gpg_arg (gpg, "--always-trust");
if (!err && (flags & GPGME_ENCRYPT_NO_ENCRYPT_TO))
- err = add_arg (gpg, "--no-encrypt-to");
+ err = add_gpg_arg (gpg, "--no-encrypt-to");
if (!err && !recp && recpstring)
err = append_args_from_recipients_string (gpg, flags, recpstring);
@@ -2342,19 +2508,39 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
err = add_arg (gpg, "-");
if (!err)
err = add_data (gpg, ciph, 1, 1);
- if (gpgme_data_get_file_name (plain))
+ if (gpg->flags.use_gpgtar)
{
+ const char *file_name = gpgme_data_get_file_name (plain);
+ if (!err && file_name)
+ {
+ err = add_arg (gpg, "--directory");
+ if (!err)
+ err = add_arg (gpg, file_name);
+ }
if (!err)
- err = add_arg (gpg, "--set-filename");
+ err = add_arg (gpg, "--files-from");
if (!err)
- err = add_arg (gpg, gpgme_data_get_file_name (plain));
+ err = add_arg (gpg, "-");
+ if (!err)
+ err = add_arg (gpg, "--null");
+ if (!err)
+ err = add_arg (gpg, "--utf8-strings");
+ /* Pass the filenames to gpgtar's stdin. */
+ if (!err)
+ err = add_data (gpg, plain, 0, 0);
+ }
+ else
+ {
+ const char *file_name = gpgme_data_get_file_name (plain);
+ if (!err && file_name)
+ err = add_gpg_arg_with_value (gpg, "--set-filename=", file_name, 0);
+ if (!err)
+ err = add_input_size_hint (gpg, plain);
+ if (!err)
+ err = add_arg (gpg, "--");
+ if (!err)
+ err = add_data (gpg, plain, -1, 0);
}
- if (!err)
- err = add_input_size_hint (gpg, plain);
- if (!err)
- err = add_arg (gpg, "--");
- if (!err)
- err = add_data (gpg, plain, -1, 0);
if (!err)
err = start (gpg);
@@ -3394,7 +3580,7 @@ gpg_tofu_policy (void *engine, gpgme_key_t key, gpgme_tofu_policy_t policy)
static gpgme_error_t
gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
- gpgme_sig_mode_t mode, int use_armor, int use_textmode,
+ gpgme_sig_mode_t flags, int use_armor, int use_textmode,
int include_certs, gpgme_ctx_t ctx /* FIXME */)
{
engine_gpg_t gpg = engine;
@@ -3402,27 +3588,36 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
(void)include_certs;
- if (mode == GPGME_SIG_MODE_CLEAR)
+ if ((flags != GPGME_SIG_MODE_NORMAL) && (flags != GPGME_SIG_MODE_DETACH)
+ && (flags != GPGME_SIG_MODE_CLEAR) && (flags != GPGME_SIG_MODE_ARCHIVE))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ gpg->flags.use_gpgtar = !!(flags & GPGME_SIG_MODE_ARCHIVE);
+
+ if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1"))
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ if (flags & GPGME_SIG_MODE_CLEAR)
err = add_arg (gpg, "--clearsign");
else
{
err = add_arg (gpg, "--sign");
- if (!err && mode == GPGME_SIG_MODE_DETACH)
+ if (!err && (flags & GPGME_SIG_MODE_DETACH))
err = add_arg (gpg, "--detach");
if (!err && use_armor)
- err = add_arg (gpg, "--armor");
+ err = add_gpg_arg (gpg, "--armor");
if (!err)
{
if (gpgme_data_get_encoding (in) == GPGME_DATA_ENCODING_MIME
&& have_gpg_version (gpg, "2.1.14"))
- err = add_arg (gpg, "--mimemode");
+ err = add_gpg_arg (gpg, "--mimemode");
else if (use_textmode)
- err = add_arg (gpg, "--textmode");
+ err = add_gpg_arg (gpg, "--textmode");
}
}
if (!err && gpg->flags.include_key_block)
- err = add_arg (gpg, "--include-key-block");
+ err = add_gpg_arg (gpg, "--include-key-block");
if (!err)
err = append_args_from_signers (gpg, ctx);
if (!err)
@@ -3430,21 +3625,41 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
if (!err)
err = append_args_from_sig_notations (gpg, ctx, NOTATION_FLAG_SIG);
- if (gpgme_data_get_file_name (in))
+ /* Tell the gpg object about the data. */
+ if (gpg->flags.use_gpgtar)
{
+ const char *file_name = gpgme_data_get_file_name (in);
+ if (!err && file_name)
+ {
+ err = add_arg (gpg, "--directory");
+ if (!err)
+ err = add_arg (gpg, file_name);
+ }
if (!err)
- err = add_arg (gpg, "--set-filename");
+ err = add_arg (gpg, "--files-from");
if (!err)
- err = add_arg (gpg, gpgme_data_get_file_name (in));
+ err = add_arg (gpg, "-");
+ if (!err)
+ err = add_arg (gpg, "--null");
+ if (!err)
+ err = add_arg (gpg, "--utf8-strings");
+ /* Pass the filenames to gpgtar's stdin. */
+ if (!err)
+ err = add_data (gpg, in, 0, 0);
+ }
+ else
+ {
+ const char *file_name = gpgme_data_get_file_name (in);
+ if (!err && file_name)
+ err = add_gpg_arg_with_value (gpg, "--set-filename=", file_name, 0);
+ if (!err)
+ err = add_input_size_hint (gpg, in);
+ if (!err)
+ err = add_arg (gpg, "--");
+ if (!err)
+ err = add_data (gpg, in, -1, 0);
}
- /* Tell the gpg object about the data. */
- if (!err)
- err = add_input_size_hint (gpg, in);
- if (!err)
- err = add_arg (gpg, "--");
- if (!err)
- err = add_data (gpg, in, -1, 0);
if (!err)
err = add_data (gpg, out, 1, 1);
@@ -3455,20 +3670,43 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
}
static gpgme_error_t
-gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
- gpgme_data_t plaintext, gpgme_ctx_t ctx)
+gpg_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig,
+ gpgme_data_t signed_text, gpgme_data_t plaintext, gpgme_ctx_t ctx)
{
engine_gpg_t gpg = engine;
gpgme_error_t err;
+ gpg->flags.use_gpgtar = !!(flags & GPGME_VERIFY_ARCHIVE);
+
+ if (gpg->flags.use_gpgtar && !have_gpg_version (gpg, "2.4.1"))
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
err = append_args_from_sender (gpg, ctx);
if (!err && gpg->flags.auto_key_import)
- err = add_arg (gpg, "--auto-key-import");
+ err = add_gpg_arg (gpg, "--auto-key-import");
if (!err && ctx->auto_key_retrieve)
- err = add_arg (gpg, "--auto-key-retrieve");
+ err = add_gpg_arg (gpg, "--auto-key-retrieve");
if (err)
;
+ else if (gpg->flags.use_gpgtar)
+ {
+ const char *file_name = gpgme_data_get_file_name (plaintext);
+ if (!err && file_name)
+ {
+ err = add_arg (gpg, "--directory");
+ if (!err)
+ err = add_arg (gpg, file_name);
+ }
+ /* gpgtar uses --decrypt also for signed-only archives */
+ err = add_arg (gpg, "--decrypt");
+ if (!err)
+ err = add_input_size_hint (gpg, sig);
+ if (!err)
+ err = add_arg (gpg, "--");
+ if (!err)
+ err = add_data (gpg, sig, 0, 0);
+ }
else if (plaintext)
{
/* Normal or cleartext signature. */
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index 9ab05551..7ac4f2db 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1469,6 +1469,9 @@ gpgsm_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
if (!recp && !recpstring) /* Symmetric only */
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ if (flags & GPGME_ENCRYPT_ARCHIVE)
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
if ((flags & GPGME_ENCRYPT_NO_ENCRYPT_TO))
{
err = gpgsm_assuan_simple_command (gpgsm,
@@ -2040,7 +2043,7 @@ gpgsm_keylist_ext (void *engine, const char *pattern[], int secret_only,
static gpgme_error_t
gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
- gpgme_sig_mode_t mode, int use_armor, int use_textmode,
+ gpgme_sig_mode_t flags, int use_armor, int use_textmode,
int include_certs, gpgme_ctx_t ctx /* FIXME */)
{
engine_gpgsm_t gpgsm = engine;
@@ -2054,6 +2057,9 @@ gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
if (!gpgsm)
return gpg_error (GPG_ERR_INV_VALUE);
+ if (flags & (GPGME_SIG_MODE_CLEAR | GPGME_SIG_MODE_ARCHIVE))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
/* FIXME: This does not work as RESET does not reset it so we can't
revert back to default. */
if (include_certs != GPGME_INCLUDE_CERTS_DEFAULT)
@@ -2102,15 +2108,16 @@ gpgsm_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
gpgsm_clear_fd (gpgsm, MESSAGE_FD);
gpgsm->inline_data = NULL;
- err = start (gpgsm, mode == GPGME_SIG_MODE_DETACH
+ err = start (gpgsm, (flags & GPGME_SIG_MODE_DETACH)
? "SIGN --detached" : "SIGN");
return err;
}
static gpgme_error_t
-gpgsm_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
- gpgme_data_t plaintext, gpgme_ctx_t ctx)
+gpgsm_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig,
+ gpgme_data_t signed_text, gpgme_data_t plaintext,
+ gpgme_ctx_t ctx)
{
engine_gpgsm_t gpgsm = engine;
gpgme_error_t err;
@@ -2120,6 +2127,9 @@ gpgsm_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
if (!gpgsm)
return gpg_error (GPG_ERR_INV_VALUE);
+ if (flags & GPGME_VERIFY_ARCHIVE)
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
gpgsm->input_cb.data = sig;
err = gpgsm_set_fd (gpgsm, INPUT_FD, map_data_enc (gpgsm->input_cb.data));
if (err)
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 9fce1de4..a298bec6 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -1145,6 +1145,9 @@ uiserver_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
else
return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
+ if (flags & GPGME_ENCRYPT_ARCHIVE)
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
if (flags & GPGME_ENCRYPT_PREPARE)
{
if (!recp || plain || ciph)
@@ -1211,7 +1214,7 @@ uiserver_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
static gpgme_error_t
uiserver_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
- gpgme_sig_mode_t mode, int use_armor, int use_textmode,
+ gpgme_sig_mode_t flags, int use_armor, int use_textmode,
int include_certs, gpgme_ctx_t ctx /* FIXME */)
{
engine_uiserver_t uiserver = engine;
@@ -1234,8 +1237,11 @@ uiserver_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
else
return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
+ if (flags & (GPGME_SIG_MODE_CLEAR | GPGME_SIG_MODE_ARCHIVE))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
if (gpgrt_asprintf (&cmd, "SIGN%s%s", protocol,
- (mode == GPGME_SIG_MODE_DETACH) ? " --detached" : "") < 0)
+ (flags & GPGME_SIG_MODE_DETACH) ? " --detached" : "") < 0)
return gpg_error_from_syserror ();
key = gpgme_signers_enum (ctx, 0);
@@ -1291,8 +1297,9 @@ uiserver_sign (void *engine, gpgme_data_t in, gpgme_data_t out,
/* FIXME: Missing a way to specify --silent. */
static gpgme_error_t
-uiserver_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
- gpgme_data_t plaintext, gpgme_ctx_t ctx)
+uiserver_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig,
+ gpgme_data_t signed_text, gpgme_data_t plaintext,
+ gpgme_ctx_t ctx)
{
engine_uiserver_t uiserver = engine;
gpgme_error_t err;
@@ -1313,6 +1320,9 @@ uiserver_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
else
return gpgme_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
+ if (flags & GPGME_VERIFY_ARCHIVE)
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
if (gpgrt_asprintf (&cmd, "VERIFY%s", protocol) < 0)
return gpg_error_from_syserror ();
diff --git a/src/engine.c b/src/engine.c
index 895b7e1a..ab399e73 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -912,7 +912,7 @@ _gpgme_engine_op_keylist_data (engine_t engine, gpgme_keylist_mode_t mode,
gpgme_error_t
_gpgme_engine_op_sign (engine_t engine, gpgme_data_t in, gpgme_data_t out,
- gpgme_sig_mode_t mode, int use_armor,
+ gpgme_sig_mode_t flags, int use_armor,
int use_textmode, int include_certs,
gpgme_ctx_t ctx /* FIXME */)
{
@@ -922,7 +922,7 @@ _gpgme_engine_op_sign (engine_t engine, gpgme_data_t in, gpgme_data_t out,
if (!engine->ops->sign)
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
- return (*engine->ops->sign) (engine->engine, in, out, mode, use_armor,
+ return (*engine->ops->sign) (engine->engine, in, out, flags, use_armor,
use_textmode, include_certs, ctx);
}
@@ -940,9 +940,9 @@ _gpgme_engine_op_trustlist (engine_t engine, const char *pattern)
gpgme_error_t
-_gpgme_engine_op_verify (engine_t engine, gpgme_data_t sig,
- gpgme_data_t signed_text, gpgme_data_t plaintext,
- gpgme_ctx_t ctx)
+_gpgme_engine_op_verify (engine_t engine, gpgme_verify_flags_t flags,
+ gpgme_data_t sig, gpgme_data_t signed_text,
+ gpgme_data_t plaintext, gpgme_ctx_t ctx)
{
if (!engine)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -950,8 +950,8 @@ _gpgme_engine_op_verify (engine_t engine, gpgme_data_t sig,
if (!engine->ops->verify)
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
- return (*engine->ops->verify) (engine->engine, sig, signed_text, plaintext,
- ctx);
+ return (*engine->ops->verify) (engine->engine, flags, sig, signed_text,
+ plaintext, ctx);
}
diff --git a/src/engine.h b/src/engine.h
index d580d997..59d159a4 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -160,13 +160,15 @@ gpgme_error_t _gpgme_engine_op_keylist_data (engine_t engine,
gpgme_keylist_mode_t mode,
gpgme_data_t data);
gpgme_error_t _gpgme_engine_op_sign (engine_t engine, gpgme_data_t in,
- gpgme_data_t out, gpgme_sig_mode_t mode,
+ gpgme_data_t out, gpgme_sig_mode_t flags,
int use_armor, int use_textmode,
int include_certs,
gpgme_ctx_t ctx /* FIXME */);
gpgme_error_t _gpgme_engine_op_trustlist (engine_t engine,
const char *pattern);
-gpgme_error_t _gpgme_engine_op_verify (engine_t engine, gpgme_data_t sig,
+gpgme_error_t _gpgme_engine_op_verify (engine_t engine,
+ gpgme_verify_flags_t flags,
+ gpgme_data_t sig,
gpgme_data_t signed_text,
gpgme_data_t plaintext,
gpgme_ctx_t ctx);
diff --git a/src/gpgme.def b/src/gpgme.def
index d8ccd4ca..67c189c7 100644
--- a/src/gpgme.def
+++ b/src/gpgme.def
@@ -283,5 +283,7 @@ EXPORTS
gpgme_op_receive_keys @209
gpgme_op_receive_keys_start @210
+ gpgme_op_verify_ext @211
+ gpgme_op_verify_ext_start @212
; END
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 502d68cd..3ea07a81 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -303,12 +303,13 @@ typedef enum
gpgme_hash_algo_t;
-/* The available signature modes. */
+/* The available signature mode flags. */
typedef enum
{
GPGME_SIG_MODE_NORMAL = 0,
GPGME_SIG_MODE_DETACH = 1,
- GPGME_SIG_MODE_CLEAR = 2
+ GPGME_SIG_MODE_CLEAR = 2,
+ GPGME_SIG_MODE_ARCHIVE = 4
}
gpgme_sig_mode_t;
@@ -1299,7 +1300,8 @@ typedef enum
GPGME_ENCRYPT_SYMMETRIC = 32,
GPGME_ENCRYPT_THROW_KEYIDS = 64,
GPGME_ENCRYPT_WRAP = 128,
- GPGME_ENCRYPT_WANT_ADDRESS = 256
+ GPGME_ENCRYPT_WANT_ADDRESS = 256,
+ GPGME_ENCRYPT_ARCHIVE = 512
}
gpgme_encrypt_flags_t;
@@ -1424,6 +1426,7 @@ gpgme_decrypt_result_t gpgme_op_decrypt_result (gpgme_ctx_t ctx);
typedef enum
{
GPGME_DECRYPT_VERIFY = 1,
+ GPGME_DECRYPT_ARCHIVE = 2,
GPGME_DECRYPT_UNWRAP = 128
}
gpgme_decrypt_flags_t;
@@ -1519,10 +1522,10 @@ gpgme_sign_result_t gpgme_op_sign_result (gpgme_ctx_t ctx);
/* Sign the plaintext PLAIN and store the signature in SIG. */
gpgme_error_t gpgme_op_sign_start (gpgme_ctx_t ctx,
gpgme_data_t plain, gpgme_data_t sig,
- gpgme_sig_mode_t mode);
+ gpgme_sig_mode_t flags);
gpgme_error_t gpgme_op_sign (gpgme_ctx_t ctx,
gpgme_data_t plain, gpgme_data_t sig,
- gpgme_sig_mode_t mode);
+ gpgme_sig_mode_t flags);
/*
@@ -1631,6 +1634,13 @@ typedef struct _gpgme_op_verify_result *gpgme_verify_result_t;
/* Retrieve a pointer to the result of the verify operation. */
gpgme_verify_result_t gpgme_op_verify_result (gpgme_ctx_t ctx);
+/* The valid verify flags. */
+typedef enum
+ {
+ GPGME_VERIFY_ARCHIVE = 1
+ }
+gpgme_verify_flags_t;
+
/* Verify within CTX that SIG is a valid signature for TEXT. */
gpgme_error_t gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig,
gpgme_data_t signed_text,
@@ -1638,6 +1648,16 @@ gpgme_error_t gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig,
gpgme_error_t gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig,
gpgme_data_t signed_text,
gpgme_data_t plaintext);
+gpgme_error_t gpgme_op_verify_ext_start (gpgme_ctx_t ctx,
+ gpgme_verify_flags_t flags,
+ gpgme_data_t sig,
+ gpgme_data_t signed_text,
+ gpgme_data_t plaintext);
+gpgme_error_t gpgme_op_verify_ext (gpgme_ctx_t ctx,
+ gpgme_verify_flags_t flags,
+ gpgme_data_t sig,
+ gpgme_data_t signed_text,
+ gpgme_data_t plaintext);
/*
diff --git a/src/libgpgme.vers b/src/libgpgme.vers
index 86d2a5df..20ae9fea 100644
--- a/src/libgpgme.vers
+++ b/src/libgpgme.vers
@@ -282,6 +282,9 @@ GPGME_1.0 {
gpgme_op_receive_keys;
gpgme_op_receive_keys_start;
+ gpgme_op_verify_ext;
+ gpgme_op_verify_ext_start;
+
local:
*;
diff --git a/src/sign.c b/src/sign.c
index 31db9bde..7198d934 100644
--- a/src/sign.c
+++ b/src/sign.c
@@ -431,7 +431,7 @@ _gpgme_op_sign_init_result (gpgme_ctx_t ctx)
static gpgme_error_t
sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,
- gpgme_data_t sig, gpgme_sig_mode_t mode)
+ gpgme_data_t sig, gpgme_sig_mode_t flags)
{
gpgme_error_t err;
@@ -446,8 +446,9 @@ sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,
if (err)
return err;
- if (mode != GPGME_SIG_MODE_NORMAL && mode != GPGME_SIG_MODE_DETACH
- && mode != GPGME_SIG_MODE_CLEAR)
+ if (flags & ~(GPGME_SIG_MODE_DETACH
+ |GPGME_SIG_MODE_CLEAR
+ |GPGME_SIG_MODE_ARCHIVE))
return gpg_error (GPG_ERR_INV_VALUE);
if (!plain)
@@ -466,7 +467,7 @@ sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,
_gpgme_engine_set_status_handler (ctx->engine, sign_status_handler,
ctx);
- return _gpgme_engine_op_sign (ctx->engine, plain, sig, mode, ctx->use_armor,
+ return _gpgme_engine_op_sign (ctx->engine, plain, sig, flags, ctx->use_armor,
ctx->use_textmode, ctx->include_certs,
ctx /* FIXME */);
}
@@ -475,16 +476,16 @@ sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,
/* Sign the plaintext PLAIN and store the signature in SIG. */
gpgme_error_t
gpgme_op_sign_start (gpgme_ctx_t ctx, gpgme_data_t plain, gpgme_data_t sig,
- gpgme_sig_mode_t mode)
+ gpgme_sig_mode_t flags)
{
gpg_error_t err;
TRACE_BEG (DEBUG_CTX, "gpgme_op_sign_start", ctx,
- "plain=%p, sig=%p, mode=%i", plain, sig, mode);
+ "plain=%p, sig=%p, flags=%i", plain, sig, flags);
if (!ctx)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
- err = sign_start (ctx, 0, plain, sig, mode);
+ err = sign_start (ctx, 0, plain, sig, flags);
return TRACE_ERR (err);
}
@@ -492,17 +493,17 @@ gpgme_op_sign_start (gpgme_ctx_t ctx, gpgme_data_t plain, gpgme_data_t sig,
/* Sign the plaintext PLAIN and store the signature in SIG. */
gpgme_error_t
gpgme_op_sign (gpgme_ctx_t ctx, gpgme_data_t plain, gpgme_data_t sig,
- gpgme_sig_mode_t mode)
+ gpgme_sig_mode_t flags)
{
gpgme_error_t err;
TRACE_BEG (DEBUG_CTX, "gpgme_op_sign", ctx,
- "plain=%p, sig=%p, mode=%i", plain, sig, mode);
+ "plain=%p, sig=%p, flags=%i", plain, sig, flags);
if (!ctx)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
- err = sign_start (ctx, 1, plain, sig, mode);
+ err = sign_start (ctx, 1, plain, sig, flags);
if (!err)
err = _gpgme_wait_one (ctx);
return TRACE_ERR (err);
diff --git a/src/util.h b/src/util.h
index 89075848..90213b10 100644
--- a/src/util.h
+++ b/src/util.h
@@ -56,6 +56,7 @@ const char *_gpgme_get_default_gpg_name (void);
const char *_gpgme_get_default_gpgsm_name (void);
const char *_gpgme_get_default_g13_name (void);
const char *_gpgme_get_default_gpgconf_name (void);
+const char *_gpgme_get_default_gpgtar_name (void);
const char *_gpgme_get_default_uisrv_socket (void);
int _gpgme_in_gpg_one_mode (void);
diff --git a/src/verify.c b/src/verify.c
index 81b2ff92..a8467156 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -1135,8 +1135,9 @@ _gpgme_op_verify_init_result (gpgme_ctx_t ctx)
static gpgme_error_t
-verify_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t sig,
- gpgme_data_t signed_text, gpgme_data_t plaintext)
+verify_start (gpgme_ctx_t ctx, int synchronous, gpgme_verify_flags_t flags,
+ gpgme_data_t sig, gpgme_data_t signed_text,
+ gpgme_data_t plaintext)
{
gpgme_error_t err;
@@ -1153,26 +1154,45 @@ verify_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t sig,
if (!sig)
return gpg_error (GPG_ERR_NO_DATA);
- return _gpgme_engine_op_verify (ctx->engine, sig, signed_text, plaintext,
- ctx);
+ return _gpgme_engine_op_verify (ctx->engine, flags, sig, signed_text,
+ plaintext, ctx);
}
-/* Decrypt ciphertext CIPHER and make a signature verification within
- CTX and store the resulting plaintext in PLAIN. */
+/* Old version of gpgme_op_verify_ext_start without FLAGS. */
gpgme_error_t
gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig,
gpgme_data_t signed_text, gpgme_data_t plaintext)
{
+ return gpgme_op_verify_ext_start (ctx, 0, sig, signed_text, plaintext);
+}
+
+
+/* Old version of gpgme_op_verify_ext without FLAGS. */
+gpgme_error_t
+gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t signed_text,
+ gpgme_data_t plaintext)
+{
+ return gpgme_op_verify_ext (ctx, 0, sig, signed_text, plaintext);
+}
+
+
+/* Decrypt ciphertext CIPHER and make a signature verification within
+ CTX and store the resulting plaintext in PLAIN. */
+gpgme_error_t
+gpgme_op_verify_ext_start (gpgme_ctx_t ctx, gpgme_verify_flags_t flags,
+ gpgme_data_t sig, gpgme_data_t signed_text,
+ gpgme_data_t plaintext)
+{
gpg_error_t err;
TRACE_BEG (DEBUG_CTX, "gpgme_op_verify_start", ctx,
- "sig=%p, signed_text=%p, plaintext=%p",
- sig, signed_text, plaintext);
+ "flags=0x%x, sig=%p, signed_text=%p, plaintext=%p",
+ flags, sig, signed_text, plaintext);
if (!ctx)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
- err = verify_start (ctx, 0, sig, signed_text, plaintext);
+ err = verify_start (ctx, 0, flags, sig, signed_text, plaintext);
return TRACE_ERR (err);
}
@@ -1180,19 +1200,20 @@ gpgme_op_verify_start (gpgme_ctx_t ctx, gpgme_data_t sig,
/* Decrypt ciphertext CIPHER and make a signature verification within
CTX and store the resulting plaintext in PLAIN. */
gpgme_error_t
-gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t signed_text,
- gpgme_data_t plaintext)
+gpgme_op_verify_ext (gpgme_ctx_t ctx, gpgme_verify_flags_t flags,
+ gpgme_data_t sig, gpgme_data_t signed_text,
+ gpgme_data_t plaintext)
{
gpgme_error_t err;
TRACE_BEG (DEBUG_CTX, "gpgme_op_verify", ctx,
- "sig=%p, signed_text=%p, plaintext=%p",
- sig, signed_text, plaintext);
+ "flags=0x%x, sig=%p, signed_text=%p, plaintext=%p",
+ flags, sig, signed_text, plaintext);
if (!ctx)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
- err = verify_start (ctx, 1, sig, signed_text, plaintext);
+ err = verify_start (ctx, 1, flags, sig, signed_text, plaintext);
if (!err)
err = _gpgme_wait_one (ctx);
return TRACE_ERR (err);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 14:47:25 +0000