GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
03bcb7f4c1
gpgme/TODO
Marcus Brinkmann 03bcb7f4c1 doc/ 
2003-05-27  Marcus Brinkmann  <marcus@g10code.de>

	* gpgme.texi (Passphrase Callback): Document new prototype.

gpgme/
2003-05-26  Marcus Brinkmann  <marcus@g10code.de>

	* engine.h (EngineCommandHandler): Change last argument to int fd.
	* gpgme.h (gpgme_passphrase_cb_t): Rewritten to take parts of the
	description and fd.
	(gpgme_edit_cb_t): Change last argument to int fd.
	* ops.h (_gpgme_passphrase_command_handler_internal): New prototype.
	* passphrase.c: Include <assert.h>.
	(op_data_t): Rename userid_hint to uid_hint, remove last_pw_handle.
	(release_op_data): Check values before calling free.
	(_gpgme_passphrase_status_handler): Likewise.
	(_gpgme_passphrase_command_handler_internal): New function.
	(_gpgme_passphrase_command_handler): Rewritten.
	* edit.c (edit_status_handler): Pass -1 as fd argument.
	(command_handler): Update prototype.  New variable processed.  Use
	it to store return value of
	_gpgme_passphrase_command_handler_internal which is now used
	instead _gpgme_passphrase_command_handler.  Use it also to check
	if we should call the user's edit function.  Pass fd to user's
	edit function.
	* rungpg.c (struct gpg_object_s): Change type of cmd.cb_data to
	void *.
	(gpg_release): Check value before calling free.  Do not release
	cmd.cb_data.
	(command_cb): Function removed.
	(command_handler): New function.  Thus we don't use a data object
	for command handler stuff anymore, but handle it directly.  This
	allows proper error reporting (cancel of passphrase requests, for
	example).  Also all callbacks work via direct writes to the file
	descriptor (so that passphrases are not kept in insecure memory).
	(gpg_set_command_handler): Rewritten to use even more ugly hacks.
	(read_status): Check cmd.keyword before calling free.  Install
	command_handler as the I/O callback handler with GPG as private
	data.

tests/
2003-05-27  Marcus Brinkmann  <marcus@g10code.de>

	* (t-decrypt-verify.c, t-decrypt.c, t-edit.c, t-encrypt-sign.c,
	t-encrypt-sym.c, t-sign.c, t-signers.c): Include <unistd.h>.
	(passphrase_cb): Rewritten.
	* t-edit.c (edit_fnc): Rewritten.
2003-05-27 01:31:06 +00:00

122 lines
5.1 KiB
Plaintext
Raw Blame History

Hey Emacs, this is -*- outline -*- mode!
* ABI's to break:
** Change gpgme_recipient_t stuff to gpgme_user_id_t (encrypt, export, ...).
** Compatibility interfaces that can be removed in future versions:
*** gpgme_data_new_from_filepart
*** gpgme_data_new_from_file
*** gpgme_data_new_with_read_cb
*** gpgme_data_rewind
*** GPGME_Busy, GPGME_No_Request
*** GPGME_Invalid_Recipient, GPGME_No_Recipients
*** GPGME_No_Passphrase
*** gpgme_op_import_ext
*** gpgme_get_sig_key
*** gpgme_get_sig_ulong_attr
*** gpgme_get_sig_string_attr
*** GPGME_SIG_STAT_*
*** gpgme_get_sig_status
*** gpgme_trust_item_release
*** gpgme_trust_item_get_string_attr
*** gpgme_trust_item_get_ulong_attr
*** gpgme_attr_t
*** GPGME_Invalid_Type, GPGME_Invalid_Mode
*** All Gpgme* typedefs.
* Thread support:
** Build thread modules for static linking (which just suck in the
desired symbols the hard way). !!
** Ordering the libs is important, but libtool gets it wrong. Argh.
* New features:
** notification system
We need a simple notification system, probably a simple callback
with a string and some optional arguments. This is for example
required to notify an application of a changed smartcard, The
application can then do whatever is required. There are other
usages too. This notfication system should be independent of any
contextes of course.
** --learn-code support
This might be integrated with import. we still need to work out how
to learn a card when gpg and gpgsm have support for smartcards.
** set_locale for thread safe and env independent locale selection.
** How to terminate a pending operation? Something like gpgme_op_reset,
but where are you allowed to call it (think callback handlers).
Then gpgme_op_*list_end can go.
** Might need a stat() for data objects and use it for length param to gpg.
** Allow to export secret keys.
** Implement support for photo ids.
** New features requested by our dear users, but rejected or left for
later consideration:
*** Selecting the key ring, setting the version or comment in output.
Rejected because the naive implementation is engine specific, the
configuration is part of the engine's configuration or readily
worked around in a different way
*** Selecting the symmetric cipher.
*** Exchanging keys with key servers.
* Documentation
** Document validity and trust issues.
* Engines
** Do not create/destroy engines, but create engine and then reset it.
Internally the reset operation still spawns a new engine process,
but this can be replaced with a reset later. Also, be very sure to
release everything properly at a reset and at an error. Think hard
about where to guarantee what (ie, what happens if start fails, are
the fds unregistered immediately - i think so?)
** Optimize the case where a data object has an underlying fd we can pass
directly to the engine.
** Move code common to all engines up from gpg to engine.
** engine operations can return General Error on unknown protocol
(it's an internal error, as select_protocol checks already).
** When server mode is implemented properly, more care has to be taken to
release all resources on error (for example to free assuan_cmd).
* Operations
** If no passphrase cb is installed, status handler is not run even if
password is required by crypto engine. !!
** Export status handler need much more work. !!!
** Import should return a useful error when one happened.
*** Import does not take notice of NODATA status report.
*** When GPGSM does issue IMPORT_OK status reports, make sure to check for them
in tests/gpgs m/t-import.c.
** Genkey should return something more useful than General_Error.
** Factor out common code in _op_*_start functions.
** Optimize the file descriptor list, so the number of open fds is
always known easily.
** Encryption: It should be verified that the behaviour for partially untrusted
recipients is correct.
** When GPG issues INV_something for invalid signers, catch them.
* Error Values
** Map ASSUAN/GpgSM ERR error values in a better way than is done now. !!
** Verify (and document) if Read_Error, Write_Error, Pipe_Error set errno.
* Tests
** Write a fake gpg-agent so that we can supply known passphrases to
gpgsm and setup the configuration files to use the agent. Without
this we are testing a currently running gpg-agent which is not a
clever idea. !
** t-data
*** Test gpgme_data_release_and_get_mem.
*** Test gpgme_data_seek for invalid types.
* Debug
** Handle malloc and vasprintf errors. But decide first if they should be
ignored (and logged with 255?!), or really be assertions. !
* Build suite
** Make sure everything is cleaned correctly (esp. test area).
Bugs reported by Stephane Corthesy:
> In GpgmeRecipients, would it be possible to provide a function which
> would return the validity assigned to a name contained in the
> GpgmeRecipients instance?
> passphrase callback. If I use the same GpgmeContext as the one which
> is currently asking for a passphrase, my app crashes: the r_hd in
> the
> callback has become invalid; if I use a brand new one, the callback
> is called recursively, when I ask to enumerate keys.
Reference in New Issue View Git Blame Copy Permalink