gpgme.git
2 years agodoc: Correct documentation for recp arg of gpgme_op_encrypt_sign_start
Daniel Kahn Gillmor [Sat, 25 Feb 2017 21:08:11 +0000 (16:08 -0500)]
doc: Correct documentation for recp arg of gpgme_op_encrypt_sign_start

* doc/gpgme.texi (gpgme_op_encrypt_sign_start): recp is an array of
gpgme_key_t, not a single element.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agopython: Fix test.
Justus Winter [Mon, 20 Feb 2017 09:23:41 +0000 (10:23 +0100)]
python: Fix test.

* lang/python/tests/t-quick-key-manipulation.py: Modify the
configuration file in the ephemeral home directory, not the one used
by all the tests.

Fixes-commit: 15fbac9e72a4d1bff9a3b9e9822f9175b09fbcd5
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Support manipulating the TOFU policy.
Justus Winter [Fri, 17 Feb 2017 16:07:05 +0000 (17:07 +0100)]
python: Support manipulating the TOFU policy.

* NEWS: Update.
* doc/gpgme.texi: Fix typos.
* lang/python/gpg/constants/__init__.py: Import new files.
* lang/python/gpg/constants/tofu/__init__.py: New file.
* lang/python/gpg/constants/tofu/policy.py: New file.
* lang/python/gpg/core.py (Context.key_tofu_policy): New function.
* lang/python/gpgme.i: Nice reprs for gpgme_tofu_info_t.
* lang/python/setup.py.in: Install new package.
* lang/python/tests/t-quick-key-manipulation.py: Extend test.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Support quick key signing.
Justus Winter [Fri, 17 Feb 2017 14:44:35 +0000 (15:44 +0100)]
python: Support quick key signing.

* NEWS: Update.
* doc/gpgme.texi (gpgme_op_keysign): Fix the description of the
'expire' argument.
* lang/python/gpg/constants/__init__.py: Import new file.
* lang/python/gpg/constants/keysign.py: New file.
* lang/python/gpg/core.py (Context.key_sign): New function.
* lang/python/tests/Makefile.am (py_tests): Add new test.
* lang/python/tests/t-quick-key-signing.py: New test.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Fix teardown of ephemeral contexts.
Justus Winter [Fri, 17 Feb 2017 11:18:56 +0000 (12:18 +0100)]
python: Fix teardown of ephemeral contexts.

* lang/python/tests/support.py (EphemeralContext): New function.
* lang/python/tests/t-quick-key-creation.py: Use the new function to
manage ephemeral contexts.
* lang/python/tests/t-quick-key-manipulation.py: Likewise.
* lang/python/tests/t-quick-subkey-creation.py: Likewise.
--

Previously, there was a problem with cleaning up ephemeral home
directories.  shutil.rmtree deleted the agents main socket, gpg-agent
detected that, and deleted the other sockets as well, racing
shutil.rmtree which did not cope will with that.

Fix this by asking the agent nicely to shut down.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Fix using strings as commands in the assuan protocol.
Justus Winter [Fri, 17 Feb 2017 11:10:34 +0000 (12:10 +0100)]
python: Fix using strings as commands in the assuan protocol.

* lang/python/gpg/core.py (Context.assuan_transact): Fix testing
whether the command is a string on Python2.
* lang/python/tests/t-protocol-assuan.py: Improve the test to detect
this problem.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Support adding and revoking UIDs.
Justus Winter [Thu, 16 Feb 2017 16:52:49 +0000 (17:52 +0100)]
python: Support adding and revoking UIDs.

* NEWS: Update.
* lang/python/gpg/core.py (Context.key_add_uid): New function.
(Context.key_revoke_uid): Likewise.
* lang/python/tests/Makefile.am (XTESTS): Add new test.
* lang/python/tests/t-quick-key-manipulation.py: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Support quick subkey creation.
Justus Winter [Thu, 16 Feb 2017 15:38:21 +0000 (16:38 +0100)]
python: Support quick subkey creation.

* NEWS: Update.
* lang/python/gpg/core.py (Context.create_subkey): New function.
* lang/python/tests/Makefile.am (XTESTS): Add new test.
* lang/python/tests/t-quick-subkey-creation.py: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Support quick key creation.
Justus Winter [Thu, 16 Feb 2017 13:53:11 +0000 (14:53 +0100)]
python: Support quick key creation.

* NEWS: Update.
* lang/python/gpg/constants/__init__.py: Import new file.
* lang/python/gpg/constants/create.py: New file.
* lang/python/gpg/core.py (Context.create_key): New function.
* lang/python/tests/Makefile.am (XTESTS): Add new test.
* lang/python/tests/support.py (TemporaryDirectory): New class.
* lang/python/tests/t-quick-key-creation.py: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Fix passphrase callback wrapping.
Justus Winter [Thu, 16 Feb 2017 13:49:27 +0000 (14:49 +0100)]
python: Fix passphrase callback wrapping.

* lang/python/helpers.c (pyPassphraseCb): Cope with 'passphrase_info'
being NULL.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Fix error handling.
Justus Winter [Thu, 16 Feb 2017 13:42:17 +0000 (14:42 +0100)]
python: Fix error handling.

* lang/python/gpgme.i (typemap gpgme_key_t[]): Set an error if a
non-key element is discovered.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocore: Fix expiration time handling when creating keys.
Justus Winter [Wed, 15 Feb 2017 15:17:13 +0000 (16:17 +0100)]
core: Fix expiration time handling when creating keys.

* NEWS: Update.
* doc/gpgme.texi (gpgme_op_createkey): Clarify the meaning of the
'expire' parameter.
(GPGME_CREATE_NOEXPIRE): Document new flag.
(gpgme_op_createsubkey): Clarify the meaning of the 'expire'
parameter.
* src/engine-gpg.c (gpg_add_algo_usage_expire): Fix handling of the
expiration time.
* src/gpgme.h.in (GPGME_CREATE_NOEXPIRE): New macro.
--

Previously, the documentation stated that the expiration time was an
absolute timestamp.  However, this value was passed using the
'seconds=N' syntax to GnuPG which specifies the expiration time in
seconds relative to the creation time.  Fix the documentation.

Furthermore, the documentation stated that using 0 results in keys
that do not expire.  This was communicated to GnuPG by using the
implicit default.  However, as of GnuPG 2.1.17, the default was
changed to create keys that expire within a reasonable timespan.

Fix this discrepancy by aligning the behavior with recent GnuPG
versions: 0 means use a reasonable default, and introduce a flag that
can be used to create keys that do not expire.  Communicate this
explicitly to GnuPG.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Fix build system integration.
Justus Winter [Wed, 15 Feb 2017 10:31:27 +0000 (11:31 +0100)]
python: Fix build system integration.

* lang/python/Makefile.am (copystamp): Also copy the setup script, and
link the header files.
(all-local): Use local setup script.
(sdist): Fix Python source distribution creation.
(CLEANFILES): Remove now obsolete files.
(install-exec-local): Use local setup script.
* lang/python/setup.py.in: Adjust relative paths to in-tree files.

Fixes-commit: fe65a26ab584bd70fad45c7c4d44330e30a748a4
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Update lists of functions returning gpgme_error_t.
Justus Winter [Wed, 15 Feb 2017 10:28:02 +0000 (11:28 +0100)]
python: Update lists of functions returning gpgme_error_t.

* lang/python/gpg/core.py (Context._errorcheck): Add instructions how
to update the list.  Update list.
(Data._errorcheck): Likewise.
(Context.set_engine_info): Simplify.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocore: Fix error types.
Justus Winter [Wed, 15 Feb 2017 08:45:46 +0000 (09:45 +0100)]
core: Fix error types.

* NEWS: Update.
* src/data.c (gpgme_data_set_flag): Return a 'gpgme_error_t'.
* src/error.c (gpgme_strerror_r): Fix type of first argument.
* src/gpgme.h.in (gpgme_strerror_r): Adapt.
(gpgme_data_set_flag): Likewise.
--
Fix for consistency.  This should not pose problems, because typedef
gpg_error_t gpgme_error_t.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Wrap utility functions.
Justus Winter [Tue, 14 Feb 2017 15:30:30 +0000 (16:30 +0100)]
python: Wrap utility functions.

* NEWS: Update.
* lang/python/gpg/core.py (pubkey_algo_string): New function.
(pubkey_algo_name): Add docstring.
(hash_algo_name): Likewise.
(get_protocol_name): Likewise.
(addrspec_from_uid): New function.
* lang/python/gpgme.i (gpgme_pubkey_algo_string): Result must be
freed.
(gpgme_addrspec_from_uid): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Use the correct function to free buffers.
Justus Winter [Tue, 14 Feb 2017 15:16:05 +0000 (16:16 +0100)]
python: Use the correct function to free buffers.

* lang/python/gpgme.i (char *): Free using 'gpgme_free'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Add keylist mode parameter.
Justus Winter [Tue, 14 Feb 2017 14:56:41 +0000 (15:56 +0100)]
python: Add keylist mode parameter.

* NEWS: Update.
* lang/python/gpg/core.py (Context.keylist): Add 'mode' parameter.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Nicer repr for user ids.
Justus Winter [Tue, 14 Feb 2017 14:55:20 +0000 (15:55 +0100)]
python: Nicer repr for user ids.

* lang/python/gpgme.i (_gpgme_user_id): Provide a nicer repr() for
user ids.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Add convenience functions for the home directory.
Justus Winter [Tue, 14 Feb 2017 12:43:01 +0000 (13:43 +0100)]
python: Add convenience functions for the home directory.

* NEWS: Update.
* lang/python/gpg/core.py (Context.__init__): Add 'home_dir' argument.
(__repr__): Include 'home_dir'.
(Context.home_dir): New property.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoqt: Make sure to remove the tofu.db on clean.
Justus Winter [Tue, 14 Feb 2017 11:45:15 +0000 (12:45 +0100)]
qt: Make sure to remove the tofu.db on clean.

* lang/qt/tests/Makefile.am (CLEANFILES): Add 'tofu.db'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Extend SWIG gpgme_{sub,}key with a __repr__ method.
Tobias Mueller [Tue, 20 Dec 2016 17:02:36 +0000 (18:02 +0100)]
python: Extend SWIG gpgme_{sub,}key with a __repr__ method.

* lang/python/gpgme.i: Added a genericrepr macro and use it for
gpgme_key, gpgme_subkey, and gpgme_key_sig.
--

To look nicer in Python's REPL.

We define a generic __repr__ as a SWIG macro and use that to extend some
defined SWIG objects.

The alternative would have been to write a custom __repr__ function for
each class but that would need to be changed everytime the object's
structure changes. The bindings should be easy to maintain, I guess.
This comes at the expense that the reprs are now relatively long and
contain, for example, both keyid and fingerprint.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Remove the -builtin flag for SWIG.
Tobias Mueller [Tue, 20 Dec 2016 17:02:20 +0000 (18:02 +0100)]
python: Remove the -builtin flag for SWIG.

* lang/python/setup.py.in: Call SWIG without the builtin flag.
--

The SWIG documentation
<http://www.swig.org/Doc2.0/Python.html#Python_nn28> leaves the
impression that -builtin is solely for increasing performance:

    New in SWIG version 2.0.4: The use of Python proxy classes has
    performance implications that may be unacceptable for a high-
    performance library. The new -builtin option instructs SWIG to
    forego the use of proxy classes, and instead create wrapped types as
    new built-in Python types. When this option is used, the following
    section ("Proxy classes") does not apply. Details on the use of the
    -builtin option are in the Built-in Types section.

While not wasting CPU cycles is good, it also prevents Python code being
written in the wrapper itself. That, however, may be useful to make it
easier to extend the wrapper.

Partially reverts: 856bcfe2934237011984fab0bc69800a7c25c34b

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Call SWIG_NewPointerObj rather than SWIG_Python_NewPointerObj.
Tobias Mueller [Tue, 20 Dec 2016 17:01:27 +0000 (18:01 +0100)]
python: Call SWIG_NewPointerObj rather than SWIG_Python_NewPointerObj.

* lang/python/gpgme.i (pygpgme_wrap_gpgme_data_t): Provide a "self"
variable for SWIG_NewPointerObj and call SWIG_NewPointerObj rather than
SWIG_Python_NewPointerObj.
--

SWIG_Python_NewPointerObj seems to be an implementation detail, because
SWIG's documentation does not mention that function at all.  In fact,
SWIG_NewPointerObj is a call to SWIG_Python_NewPointerObj with the first
parameter being either NULL or the "self" variable, depending on whether
SWIG is called with the -builtin flag.  So far, the first parameter was
hard-coded to NULL.  This change also hard-codes it to NULL but makes
it more explicit.  The benefit is that the documented function is being
used and that compilation works regardless of the -builtin flag.

Partially reverts: 856bcfe2934237011984fab0bc69800a7c25c34b

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Conditionally provide py3 argument to SWIG
Tobias Mueller [Tue, 20 Dec 2016 17:00:36 +0000 (18:00 +0100)]
python: Conditionally provide py3 argument to SWIG

* lang/python/setup.py.in: Only call with -py3 when we run under python3
or higher.
--

If we ever remove the -builtin flag and leave the the -py3 flag, SWIG
will generate Python code which will be incompatible with Python 2,
because the py3 flag generates python3 code which is incompatible with
python2.

So we conditionally generate SWIG bindings with -py3.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Use one copy of the source tree per Python version.
Justus Winter [Mon, 13 Feb 2017 15:44:53 +0000 (16:44 +0100)]
python: Use one copy of the source tree per Python version.

* lang/python/Makefile.am (copystamp): Create one copy per Python
version.
(all-local): Adapt.
(clean-local): Likewise.
(install-exec-local): Likewise.
* lang/python/tests/run-tests.py: Likewise.
--

Currently, we use one copy of the Python module's source to build for
all Python versions.  This is problematic, because SWIG writes a
wrapper file into the source tree.  Currently, this file works with
both Python 2 and 3, but this is purely by chance.

Improve the situation by creating one copy per Python version so that
SWIG can write version-specific code into each copy.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agobuild: Use macOS' compatibility macros to enable all features.
Justus Winter [Mon, 13 Feb 2017 13:58:07 +0000 (14:58 +0100)]
build: Use macOS' compatibility macros to enable all features.

* configure.ac: On macOS, use the compatibility macros to expose every
feature of the libc.  This is the equivalent of _GNU_SOURCE on GNU
libc.
--
Not defining this leads to compilation errors or superfluous warnings
on macOS.

GnuPG-bug-id: 2910
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoRevert "Disable fd-passing for Apple."
Justus Winter [Mon, 13 Feb 2017 13:01:32 +0000 (14:01 +0100)]
Revert "Disable fd-passing for Apple."

The actual bug has been located, so this can be reverted.

This reverts commit ef5b4ae37d13142e89a051908dc080cda3d24baa.

2 years agoqt: Add missing #include <functional>
Igor Gnatenko [Sat, 11 Feb 2017 07:36:24 +0000 (08:36 +0100)]
qt: Add missing #include <functional>

* lang/qt/src/qgpgmenewcryptoconfig.cpp,
lang/qt/src/threadedjobmixin.h: Include functional.

--
With GCC 7.0, functional is not included transitively and we get:
In file included from qgpgmedeletejob.h:39:0,
                 from qgpgmedeletejob.cpp:38:
threadedjobmixin.h:98:33: error: 'function' in namespace 'std'
    does not name a template type
     void setFunction(const std::function<T_result()> &function)
                                 ^~~~~~~~

std::{function,bind,placeholders,mem_fn} are defined in functional.

References: https://bugzilla.redhat.com/show_bug.cgi?id=1417383
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
GnuPG-Bug-Id: 2955

Commit Message amended by Andre Heinecke

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2 years agoqt: Don't rely on implicit include in t-verify
Andre Heinecke [Tue, 7 Feb 2017 09:01:58 +0000 (10:01 +0100)]
qt: Don't rely on implicit include in t-verify

* lang/qt/tests/t-various.cpp: Include QTemporaryDir

--
This fixes build with some Qt Versions

2 years agodoc: Document that gpgme_op_genkey() parms parameter is not XML.
Daniel Kahn Gillmor [Thu, 26 Jan 2017 23:36:39 +0000 (18:36 -0500)]
doc: Document that gpgme_op_genkey() parms parameter is not XML.

* doc/gpgme.texi (GnupgKeyParms): document that input format is not
true XML.

--

Please see discussion at
https://lists.gnupg.org/pipermail/gnupg-devel/2017-January/032507.html

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agocore: Optimize fork/exec for *BSD and Solaris.
Werner Koch [Fri, 3 Feb 2017 12:56:23 +0000 (13:56 +0100)]
core: Optimize fork/exec for *BSD and Solaris.

* configure.ac (closefrom): Add to ac_check_funcs.
* src/posix-io.c (_gpgme_io_spawn): Use closefrom.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Fix possible deadlock due to get_max_fds.
Werner Koch [Fri, 3 Feb 2017 12:13:22 +0000 (13:13 +0100)]
core: Fix possible deadlock due to get_max_fds.

* src/posix-io.c (get_max_fds): Do not use the Linux optimization.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Minor cleanup of commit 195c735
Werner Koch [Fri, 3 Feb 2017 12:08:39 +0000 (13:08 +0100)]
core: Minor cleanup of commit 195c735

* src/verify.c (parse_tofu_user): For cleanness use gpg_error ...
(_gpgme_verify_status_handler): ... and gpg_err_code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoqt: Add test for tofu conflict
Andre Heinecke [Thu, 2 Feb 2017 16:16:27 +0000 (17:16 +0100)]
qt: Add test for tofu conflict

* lang/qt/tests/t-tofuinfo.cpp (TofuInfoTest::testTofuConflict): New.

2 years agocore: Handle multiple TOFU_USER lines in verify
Andre Heinecke [Thu, 2 Feb 2017 13:02:31 +0000 (14:02 +0100)]
core: Handle multiple TOFU_USER lines in verify

* src/verify.c (op_data_t): Add conflict_user_seen.
(parse_tofu_user): Return ERR_DUP_VALUE for mutltiple TOFU_USERS.
(_gpgme_verify_status_handler): Handle ERR_DUP_VALUE from
parse_tofu_user to ignore the next TOFU_STATS.

--
This fixes TOFU Conflict verification with GnuPG-2.1.17 and 2.1.18

GnuPG-Bug-Id: 2914

2 years agocore: Replace all calls to *sprintf by gpgrt_*sprintf.
Werner Koch [Thu, 2 Feb 2017 11:35:59 +0000 (12:35 +0100)]
core: Replace all calls to *sprintf by gpgrt_*sprintf.

* configure.ac (vasprintf): Remove check.
* src/vasprintf.c: Remove file.
* src/util.h (vasprintf, asprintf): Remove prototypes.  Replace all
calls to vasprintf and asprintf by gpgrt_vasprintf or gpgrt_asprintf.
Also take care to use gpgrt_free on the returned value.
* src/w32-util.c (_gpgme_get_gpgconf_path): Replace a gpgrt_asprintf
by _gpgme_strconcat.
(snprintf): New macro to use gpgrt_snprintf instead of the system's
standard snprintf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Remove unused check for funopen/fopencookie.
Werner Koch [Thu, 2 Feb 2017 11:28:39 +0000 (12:28 +0100)]
core: Remove unused check for funopen/fopencookie.

* configure.ac (funopen): Remove check.
* src/funopen.c: Remove file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Explain in gpgme.h that most stucts are read-only.
Werner Koch [Thu, 2 Feb 2017 09:13:36 +0000 (10:13 +0100)]
core: Explain in gpgme.h that most stucts are read-only.

--

It is common that developers look up only the header file and do not
read the manual.  These comments should make it clear that most
structures in gpgme.h are read-only and may only be allocated by
gpgme.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Un-deprecate gpgme_data_rewind.
Werner Koch [Thu, 2 Feb 2017 08:50:47 +0000 (09:50 +0100)]
core: Un-deprecate gpgme_data_rewind.

* src/gpgme.h.in (gpgme_data_rewind): Un-deprecate.
* src/data-compat.c (gpgme_data_rewind): Move to ...
* src/data.c (gpgme_data_rewind): here.
--

That function is very convenient because it is required a lot with
memory streams.  It also documents the intention of the caller better
than gpgme_data_seek with its addition parameters and the need to map
system errors.  Thus it does not make sense to make it a first class
citizen again.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Move all deprecated stuff to the end of gpgme.h.
Werner Koch [Thu, 2 Feb 2017 08:46:01 +0000 (09:46 +0100)]
core: Move all deprecated stuff to the end of gpgme.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Cleanup gpgme_key_unref frees
Andre Heinecke [Wed, 1 Feb 2017 17:06:54 +0000 (18:06 +0100)]
core: Cleanup gpgme_key_unref frees

* src/key.c (gpgme_key_unref): Nowadays we assume free(NULL) is ok.

2 years agocore: Fix leakage of address for mail only uids
Andre Heinecke [Wed, 1 Feb 2017 17:03:35 +0000 (18:03 +0100)]
core: Fix leakage of address for mail only uids

* src/key.c (gpgme_key_unref): Always free address if set.
(_gpgme_key_append_name): Remove memory optimization for address.

--
The check if address is not allocated would now be more complicated
then just comparing it to email because email is set to address
also when an email was not parsed from the user id.

2 years agocore: Improve mailbox only uid handling
Andre Heinecke [Wed, 1 Feb 2017 15:16:22 +0000 (16:16 +0100)]
core: Improve mailbox only uid handling

* src/key.c (_gpgme_key_append_name): Set email and remove name
for uid only keys.

--
If we have a name and no email but the name can be parsed as
an address we now treat the address as email and remove the name.

This fixes downstream users that rely on email to show email
addresses and don't expilicity handle this case.

E.g. A userid foo@example.com was:
uid->name = "foo@example.com"
uid->email = ""
uid->address = "foo@example.com"

It is now:
uid->name = ""
uid->email = "foo@example.com"
uid->address = "foo@example.com"

2 years agoqt: Increase timeout when waiting for signals.
Justus Winter [Tue, 31 Jan 2017 09:47:00 +0000 (10:47 +0100)]
qt: Increase timeout when waiting for signals.

* lang/qt/tests/t-support.h (QSIGNALSPY_TIMEOUT): New macro.
* lang/qt/tests/t-encrypt.cpp: Use the new macro as timeout when
waiting for signals.
* lang/qt/tests/t-keylist.cpp: Likewise.
* lang/qt/tests/t-keylocate.cpp: Likewise.
* lang/qt/tests/t-ownertrust.cpp: Likewise.
* lang/qt/tests/t-wkspublish.cpp: Likewise.
--
Increase the timeout when waiting for signals from 5 seconds to 60.
This addresses intermittent test failures on slow machines.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocore: Add new context flag "redraw".
Werner Koch [Tue, 31 Jan 2017 08:44:29 +0000 (09:44 +0100)]
core: Add new context flag "redraw".

* src/context.h (struct gpgme_context): New field 'redraw_suggested'.
* src/op-support.c (_gpgme_op_reset): Clear REDRAW_SUGGESTED.
* src/progress.c (_gpgme_progress_status_handler): Set REDRAW_SUGGESTED.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "redraw".
* tests/run-sign.c (main): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Reduce iterations / threads
Andre Heinecke [Mon, 30 Jan 2017 13:19:52 +0000 (14:19 +0100)]
tests: Reduce iterations / threads

* tests/gpg/t-gpgconf.c (main): Reduce iterations to 10.
* tests/gpg/t-thread-keylist-verify.c,
tests/gpg/t-thread-keylist.c (THREAD_COUNT): Reduce to 10.

--
While these tests tested for race conditions a smaller number
of iteration should still show problems if they are run on
multiple systems and regulary. While the 100 Thread count in
the t-thread tests could lead to resource problems.

2 years agopython: Ensure quick-random is used if gpg is gpg2
Andre Heinecke [Thu, 26 Jan 2017 09:44:02 +0000 (10:44 +0100)]
python: Ensure quick-random is used if gpg is gpg2

* lang/python/tests/Makefile.am (gpg.conf): Configure
agent-program accordingly.

2 years agopython: default op_keylist_start parameters.
Tobias Mueller [Sat, 3 Dec 2016 22:12:37 +0000 (23:12 +0100)]
python: default op_keylist_start parameters.

* lang/python/gpgme.i: Added gpgme_op_keylist_start with defaults
* lang/python/tests/t-keylist.py: Added tests for default parameters
--

To increase the ease of use, op_keylist_start
parameters default to sensible values.
The empty string matches all keys.
We assume that the user wants to retrieve public keys most of the time,
so we default to public keys rather than secret keys.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agotests: Use --debug-quick-random for tests
Andre Heinecke [Wed, 25 Jan 2017 13:10:18 +0000 (14:10 +0100)]
tests: Use --debug-quick-random for tests

* tests/start-stop-agent: Don't autostart agent on --stop and
running check. Use --debug-quick-random when starting.

--
This should speed up the tests especially on low entropy systems.
Possibly fixing a hang on pythons op_genkey test in the Launchpad
build enviorment (see launchpad issue 1655298)

2 years agow32: Fix closing file descriptors.
Justus Winter [Mon, 23 Jan 2017 14:08:23 +0000 (15:08 +0100)]
w32: Fix closing file descriptors.

* src/w32-io.c (writer): Only stop once the buffer is drained.
(destroy_writer): Wait for the writers buffer to be drained.  This
aligns '_gpgme_io_close's behavior with close(2) and fclose(3).

GnuPG-bug-id: 2881
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Add safeguards against nullptr deref
Andre Heinecke [Tue, 17 Jan 2017 14:20:56 +0000 (15:20 +0100)]
tests: Add safeguards against nullptr deref

* t-gpgconf.c (main): Test some values before dereferencing them.

2 years agoqt: Use QVERIFY instead of Q_ASSERT in conf test
Andre Heinecke [Mon, 16 Jan 2017 13:16:20 +0000 (14:16 +0100)]
qt: Use QVERIFY instead of Q_ASSERT in conf test

* lang/qt/tests/t-config.cpp: Use QVERIFY instead of Q_ASSERT.

2 years agoqt: Add test for CryptoConfig
Andre Heinecke [Wed, 21 Dec 2016 09:32:25 +0000 (10:32 +0100)]
qt: Add test for CryptoConfig

* lang/qt/tests/t-config.cpp: New.
* lang/qt/tests/Makefile.am: Update accordingly.

2 years agotests: Fix distcheck.
Justus Winter [Mon, 16 Jan 2017 12:21:02 +0000 (13:21 +0100)]
tests: Fix distcheck.

* tests/gpg/Makefile.am (CLEANFILES): Remove gpgconf backups.

Fixes-commit: ea7bb62f5d981615847528b3ce53be9cc4d741a7
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoFix changing options with gpgconf.
Justus Winter [Thu, 12 Jan 2017 13:05:15 +0000 (14:05 +0100)]
Fix changing options with gpgconf.

* src/engine-gpgconf.c (gpgconf_write): Connect a pipe to the child's
stderr, and wait for it to be closed as an indication that gpgconf has
exited.  Also improve error handling.

GnuPG-bug-id: 2881
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Improve the gpgconf test.
Justus Winter [Thu, 12 Jan 2017 13:01:00 +0000 (14:01 +0100)]
tests: Improve the gpgconf test.

* tests/gpg/t-gpgconf.c: Include support functions.
(fail_if_err): Remove macro.
(init_gpgme): Remove function.
(lookup): New function.
(main): Update some values and verify that the changes are applied.
* tests/gpg/t-support.h (test): New assert-like macro.

GnuPG-bug-id: 2881
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Enable gpgconf test.
Justus Winter [Mon, 9 Jan 2017 12:09:39 +0000 (13:09 +0100)]
tests: Enable gpgconf test.

--
Fixes: 02ba35c1b6a2cbb3361b2f2ad507c53564b2be0b
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoqt: Add support for stringValueList in CryptoConf
Andre Heinecke [Thu, 12 Jan 2017 11:57:00 +0000 (12:57 +0100)]
qt: Add support for stringValueList in CryptoConf

* lang/qt/src/Makefile.am (qgpgme_sources): Add cryptoconfig.cpp
* lang/qt/src/cryptoconfig.cpp: New.
* lang/qt/src/cryptoconfig.h (CryptoConfigEntry::stringValueList):
New.
* lang/qt/src/qgpgmenewcryptoconfig.cpp
(QGpgMENewCryptoConfigEntry::stringValueList): New.
* lang/qt/src/qgpgmenewcryptoconfig.h: Update accordingly.

--
This is a pardigm change in cryptoconfig.h to avoid ABI breaks
with each new config value we support it now has an implementation
that is directly related to qgpgmenewcryptoconfig, which is now
the only one.

2 years agoqt: Don't use qstrdup in test passphrase cb
Andre Heinecke [Thu, 12 Jan 2017 10:44:11 +0000 (11:44 +0100)]
qt: Don't use qstrdup in test passphrase cb

* lang/qt/tests/t-support.h (TestPassphraseProvider::getPassphrase):
Use gpgrt_asprintf instead of strdup.

--
To avoid problems on MacOS we want to avoid strdup so that
qgpgme can be built without extensions. But qstrdup allocates
with new and not with malloc, so use gpgrt_asprintf instead.

2 years agoqt: Clean up test dirs on failure
Andre Heinecke [Wed, 11 Jan 2017 15:20:31 +0000 (16:20 +0100)]
qt: Clean up test dirs on failure

* t-encrypt.cpp,
t-keylist.cpp,
t-keylocate.cpp,
t-ownertrust.cpp,
t-tofuinfo.cpp,
t-various.cpp,
t-verify.cpp,
t-wkspublish.cpp: Use QVERIFY instead of Q_ASSERT

2 years agoqt: Add test for uid functions
Andre Heinecke [Wed, 11 Jan 2017 15:18:17 +0000 (16:18 +0100)]
qt: Add test for uid functions

* lang/qt/tests/t-various.cpp: New.
* lang/qt/tests/Makefile.am: Update accordingly.

2 years agocpp: Add revuid and adduid support
Andre Heinecke [Wed, 11 Jan 2017 15:14:45 +0000 (16:14 +0100)]
cpp: Add revuid and adduid support

* lang/cpp/src/context.cpp
(Context::revUid, Context::startRevUid),
(Context::addUid, Context::startAddUid): New.
* lang/cpp/src/context.h: Declare new functions.
* lang/cpp/src/key.cpp (Key::UserID::revoke)
(Key::addUid): Idomatic helpers.
lang/cpp/src/key.h: Declare new functions.
* NEWS: Update accordingly.

2 years agoFix Qgpgme build for macos
Andre Heinecke [Wed, 11 Jan 2017 14:52:44 +0000 (15:52 +0100)]
Fix Qgpgme build for macos

* lang/qt/src/dn.cpp: Include string.h
(parse_dn_part): Use qstrdup.
* lang/qt/tests/t-support.h (getPassphrase): Use qstrdup.

2 years agoFix cmake configuration files for MacOS
Andre Heinecke [Wed, 11 Jan 2017 14:49:00 +0000 (15:49 +0100)]
Fix cmake configuration files for MacOS

* configure.ac: Set HAVE_MACOS_SYSTEM conditional.
* lang/qt/src/Makefile.am,
lang/cpp/src/Makefile.am,
lang/qt/src/QGpgmeConfig.cmake.in.in,
lang/cpp/src/GpgmeConfig.cmake.in.in: Use libsuffix again to
distinguish between macos .dylib

--
GnuPG-Bug-Id: 2884

2 years agopython: Improve compatibility with Scheme tests.
Justus Winter [Tue, 3 Jan 2017 14:27:49 +0000 (15:27 +0100)]
python: Improve compatibility with Scheme tests.

* lang/python/tests/run-tests.py: Add stub --parallel option.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopython: Add a switch '--quiet' to the test runner.
Justus Winter [Wed, 30 Nov 2016 09:39:25 +0000 (10:39 +0100)]
python: Add a switch '--quiet' to the test runner.

* lang/python/tests/run-tests.py: Add and honor a switch '--quiet'.
This way we can use this script to run Python tests one by one without
the noise, and the script will setup the necessary environment for us.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoqt: Update config sync doc / comment
Andre Heinecke [Mon, 2 Jan 2017 13:03:08 +0000 (14:03 +0100)]
qt: Update config sync doc / comment

* lang/qt/src/cryptoconfig.h (CryptoConfig::sync): Document
that runtime option is always set.
* lang/qt/Src/qgpgmenewcryptoconfig.cpp
(QGpgMENewCryptoConfigComponent::sync): Remove outdated comment
and warn on error.

2 years agocore: Always use runtime for gpgconf changes
Andre Heinecke [Mon, 2 Jan 2017 12:11:10 +0000 (13:11 +0100)]
core: Always use runtime for gpgconf changes

* src/engine-gpgconf.c (gpgconf_write): Add --runtime.
* src/gpgme.h.in (gpgme_conf_opt_change): Document this
behavior.

--
If a tool uses GPGME for changing configuration values it
needs a way to ensure that these changes take effect. Otherwise
users may change and see config values and do not understand
why they are not working.

2 years agoFix gpg_addkey() to work with GPGME_CREATE_NOPASSWD as well.
Ben Kibbey [Sat, 31 Dec 2016 23:09:49 +0000 (18:09 -0500)]
Fix gpg_addkey() to work with GPGME_CREATE_NOPASSWD as well.

* src/engine-gpg.c (gpg_addkey): Pass --batch to gpg when
GPGME_CREATE_NOPASSWD is set to fix pinentry without loopback mode.

--
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2 years agoFix GPGME_CREATE_NOPASSWD without pinentry loopback.
Ben Kibbey [Tue, 27 Dec 2016 00:57:22 +0000 (19:57 -0500)]
Fix GPGME_CREATE_NOPASSWD without pinentry loopback.

* src/engine-gpg.c(gpg_createkey): Pass --batch to gpg when
GPGME_CREATE_NOPASSWD is set.

--
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2 years agoQt: Make sure extended grep is used with '|'.
Raphael Kubo da Costa [Sun, 18 Dec 2016 10:41:33 +0000 (11:41 +0100)]
Qt: Make sure extended grep is used with '|'.

* m4/qt.m4: Use grep -E when using the alternation character.
--

POSIX specifies '|' is only supposed to work as an alternation special
character when grep is used in extended mode. The code worked fine
with GNU grep because it accepts extended regular expressions by
default, but other POSIX-compliant implementations might fail and take
it literally.

Signed-off-by: Raphael Kubo da Costa <rakuco@FreeBSD.org>
2 years agocpp: Ensure that hasSecret is correct after update
Andre Heinecke [Fri, 16 Dec 2016 18:09:13 +0000 (19:09 +0100)]
cpp: Ensure that hasSecret is correct after update

* lang/cpp/src/key.cpp (Key::update): Check for
a secret key first before listing public keys.

--
This is a performance delay but the update should
only be called in a non gui thread anyway. The information
if we have the secret key for this key is important to provide
after update.

2 years agocpp: Fix addrSpec for keys without email
Andre Heinecke [Thu, 15 Dec 2016 10:31:14 +0000 (11:31 +0100)]
cpp: Fix addrSpec for keys without email

* lang/cpp/src/key.cpp (UserID::addrSpec): Use uid->address instead
of normalizing again.
(&operator<<(std::ostream &, const UserID &): Print it.

--
This saves a normalization and fixes the case where a user id
is just a mail address without name, in that case gpgme sets
"address" but not email. Because the email is then the name.

2 years agocpp: Fix update of partial key in verifyresult
Andre Heinecke [Thu, 15 Dec 2016 10:24:43 +0000 (11:24 +0100)]
cpp: Fix update of partial key in verifyresult

* lang/cpp/src/verificationresult.cpp
(Signature::key(bool,bool)): Don't update the returned copy
but the actual key of the signature.

--
The whole point of the update is to change the partial key
from the signature (e.g. only fingerprint and one uid as we
would have from tofu) to a fully keylisted one.

2 years agodoc: Let's suggest GNU guidelines for bit checking.
Werner Koch [Wed, 7 Dec 2016 22:25:50 +0000 (23:25 +0100)]
doc: Let's suggest GNU guidelines for bit checking.

--

While educating students we can also get them to use useful habits, in
particular to parenthese bit tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoClarify what "checking on bit" means
Andre Heinecke [Wed, 7 Dec 2016 20:41:34 +0000 (21:41 +0100)]
Clarify what "checking on bit" means

* doc/gpgme.texi (gpgme_sigsum_t summary): Clarify what "you
can check one bit means"

--
It was unclear which bit to test for is. And tests
with students have shown that they would "test" for
this one bit by using if(sig.summary == GPGME_SIGSUM_VALID)
which would fail because valid sigs are also SIGSUM_GREEN.

So lets give an example for people not used to checking bits and
clarify through this example which bit is meant to be checked.

2 years agopython: Try to be more helpful when given a string to encrypt().
Tobias Mueller [Fri, 2 Dec 2016 22:37:27 +0000 (23:37 +0100)]
python: Try to be more helpful when given a string to encrypt().

* lang/python/helpers.c (_gpg_obj2gpgme_data_t): Extended error
message.
* lang/python/tests/t-encrypt.py: Test for "encode" in error message.
--
The motivation is to help the user when encrypting fails. I claim that
it is not obvious to not being able to encrypt a string directly.  To
nudge the user into encoding it to bytes, the error message is a bit
extended.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Define a macro for wrapping fragile result objects.
Tobias Mueller [Thu, 1 Dec 2016 20:15:12 +0000 (21:15 +0100)]
python: Define a macro for wrapping fragile result objects.

* lang/python/gpgme.i (wrapresult): New Macro.
--

This reduces the amount of copy and pasted code at the expense of a
slightly more complicated logic with a macro.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Check "buffer" when writing to sys.stdout for python2 compat.
Tobias Mueller [Wed, 30 Nov 2016 22:08:47 +0000 (23:08 +0100)]
python: Check "buffer" when writing to sys.stdout for python2 compat.

* lang/python/tests/support.py (print_data): Add check for buffer.
--

When running with something like make -C lang/python check verbose=2 the
test would fail under python2, because the file objects do not have a
buffer property.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Make Context have a repr method.
Tobias Mueller [Tue, 29 Nov 2016 22:26:20 +0000 (23:26 +0100)]
python: Make Context have a repr method.

* lang/python/gpg/core.py (Context.__repr__): New function.
--

This makes Context objects look nicer in a REPL.

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Make Results have a nicer __repr__.
Tobias Mueller [Wed, 30 Nov 2016 07:47:29 +0000 (08:47 +0100)]
python: Make Results have a nicer __repr__.

* lang/python/gpg/results.py (Result.__str__): Renamed to '__repr__'
...
* lang/python/gpg/results.py (Result.__repr__): ... and added fields.
--

So that it looks a bit nicer in the Python REPL.

It looked like this before:

In [2]: gpg.core.get_engine_info()[0]
Out[2]:
<gpg.results.EngineInfo at 0x7fb23509a240>

Now the output is

In [2]: gpg.core.get_engine_info()[0]
Out[2]:
EngineInfo(file_name='/usr/bin/gpg2', home_dir=None,
protocol=0, req_version='1.4.0', version='2.1.11')

This also applies to other results, e.g. the ImportResult.

Note that the format now changed from "<Class >" to "Class()". The
Python documentation on repr states: "For many object types, including
most builtins, eval(repr(obj)) == obj."

Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
2 years agopython: Fix removing the TOFU database.
Justus Winter [Fri, 25 Nov 2016 08:55:42 +0000 (09:55 +0100)]
python: Fix removing the TOFU database.

* lang/python/Makefile.am (CLEANFILES): Move 'tofu.db'...
* lang/python/tests/Makefile.am (CLEANFILES): ... here.

Fixes-commit: 9b22f82afc5518961e4bea1fc516b79800e379a2
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Remove tofu.db.
Justus Winter [Fri, 25 Nov 2016 08:13:01 +0000 (09:13 +0100)]
tests: Remove tofu.db.

* lang/python/Makefile.am (CLEANFILES): Add 'tofu.db'.
* tests/gpg/Makefile.am (CLEANFILES): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoRemove a forgotten instance of @libsuffix@
Heiko Becker [Wed, 16 Nov 2016 22:09:45 +0000 (23:09 +0100)]
Remove a forgotten instance of @libsuffix@

* lang/cpp/src/GpgmeppConfig.cmake.in.in: Remove a forgotten
instance of @libsuffix@.
--

b2c07bd47bd608afa5cc819b60a7b5bb8c9dd96a removed @libsuffix@ from
cmake config files, but missed one instance.

Signed-off-by: Heiko Becker <heirecka@exherbo.org>
2 years agoPost release updates.
Werner Koch [Wed, 16 Nov 2016 13:03:40 +0000 (14:03 +0100)]
Post release updates.

--

2 years agoRelease 1.8.0 gpgme-1.8.0
Werner Koch [Wed, 16 Nov 2016 12:29:02 +0000 (13:29 +0100)]
Release 1.8.0

* configure.ac: Set version to 1.8.0.  Set LT version C28/A17/RO.
Set CPP LT version to C9/A3/R0.  Set Qt LT version to C8/A1/R0.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Replace http: by https: in core source files.
Werner Koch [Wed, 16 Nov 2016 12:27:00 +0000 (13:27 +0100)]
doc: Replace http: by https: in core source files.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Do not leak the override session key to ps(1).
Werner Koch [Wed, 16 Nov 2016 09:12:19 +0000 (10:12 +0100)]
core: Do not leak the override session key to ps(1).

* src/engine-gpg.c (struct engine_gpg): New field
override_session_key.
(gpg_release): Free that field.
(gpg_decrypt): With gnupg 2.1.16 use --override-session-key-fd.

* tests/run-decrypt.c (main): Fix setting over the override key.
--

Note that this works only with gnupg 2.1.16 and later.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc,tests: Require use of ctx_flag before use of session_key.
Daniel Kahn Gillmor [Wed, 16 Nov 2016 05:10:22 +0000 (14:10 +0900)]
doc,tests: Require use of ctx_flag before use of session_key.

* doc/gpgme.texi: Document requirements of verifying that it is OK to
use session_key.
* tests/run-decrypt.c: Ensure that we fail if we're unable to access
the session key, so that we do not violate the guidance above.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Changed the description

 -@code{gpgme_set_ctx_flag (ctx, "export-session-key")} returns
 -@code{GPG_ERR_NO_ERROR} or @code{gpgme_get_ctx_flag (ctx,
 -"export-session-key")} returns @code{"1"}.
 +@code{gpgme_set_ctx_flag (ctx, "export-session-key")} returns success
 +or @code{gpgme_get_ctx_flag (ctx, "export-session-key")} returns true
 +(non-empty string).

to get gpgme_get_ctx_flag for boolean values in sync with its own
description.

Note that I don't agree with the above suggestion but it does not
really harm to have it in the man page.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoqt, cpp: Add cmake config files for w32
Andre Heinecke [Tue, 15 Nov 2016 13:33:31 +0000 (14:33 +0100)]
qt, cpp: Add cmake config files for w32

* lang/cpp/src/GpgmeppConfig-w32.cmake.in.in
lang/qt/src/QGpgmeConfig-w32.cmake.in.in: New.
* lang/cpp/src/GpgmeppConfig.cmake.in.in,
lang/qt/src/QGpgmeConfig.cmake.in.in: Remove libsuffix handling.
* lang/cpp/src/Makefile.am,
lang/qt/src/Makefile.am: Create / install w32 config files.
* configure.ac: Configure them.

--
To work with DLL's cmake needs to know about the implib and
the final DLL. So the config files look different enough
that it's better to use alternative files.

2 years agoqt: Use new style connect in th..mixin
Andre Heinecke [Tue, 15 Nov 2016 11:30:56 +0000 (12:30 +0100)]
qt: Use new style connect in th..mixin

* lang/qt/src/threadedjobmixin.h
(ThreadedJobMixin::lateInitialization): Use new style connect.

2 years agodoc: Fix typos.
Daniel Kahn Gillmor [Tue, 15 Nov 2016 10:53:35 +0000 (19:53 +0900)]
doc: Fix typos.

--

2 years agocore: Implement context flag "override-session-key".
Werner Koch [Tue, 15 Nov 2016 09:29:48 +0000 (10:29 +0100)]
core: Implement context flag "override-session-key".

* src/gpgme.c (gpgme_set_ctx_flag): Add flags "export-session-key" and
"override-session-key".
(gpgme_get_ctx_flag): Ditto.
(gpgme_set_export_session_keys): Remove.
(gpgme_get_export_session_keys): Remove.
* src/gpgme.def, src/libgpgme.vers: Remove them.
* src/context.h (struct gpgme_context): Add field
override_session_key.
* src/decrypt-verify.c (decrypt_verify_start): Pass
override_session_key value to the engine.
* src/decrypt.c (decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt): Ditto.
(_gpgme_engine_op_decrypt_verify): Ditto.
* src/engine-backend.h (struct engine_ops): Extend DECRYPT and
DECRYPT_VERIFY_START with override_session_key.
* src/engine-uiserver.c (_uiserver_decrypt): Add stub arg
override_session_key.
(uiserver_decrypt): Ditto.
(uiserver_decrypt_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Ditto.
* src/engine-gpg.c (gpg_decrypt): Add arg override_session_key and set
corresponding gpg option.

* tests/run-decrypt.c (print_result): Print the session key if
available.
(main): Add options --export-session-key and --override-session-key.

--

To keep the number of context manipulation functions at bay, this
patches removes the just added gpgme_set_export_session_keys and
gpgme_get_export_session_keys by flags for the generic context
function.

The patch also implements the --override-session-key feature.

GnuPG-bug-id: 2754
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Add public function gpgme_get_ctx_flag.
Werner Koch [Tue, 15 Nov 2016 08:24:17 +0000 (09:24 +0100)]
core: Add public function gpgme_get_ctx_flag.

* src/gpgme.h.in (gpgme_get_ctx_flag): New.
* src/gpgme.c (gpgme_set_ctx_flag): Move down the file and add a trace
statement.
(gpgme_get_ctx_flag): New.
* src/gpgme.def, src/libgpgme.vers: Add new interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocore: Enable extraction of session keys.
Daniel Kahn Gillmor [Fri, 11 Nov 2016 07:49:28 +0000 (16:49 +0900)]
core: Enable extraction of session keys.

* src/gpgme.c (gpgme_set_export_session_keys): New function.
(gpgme_get_export_session_keys): New function.
* src/gpgme.h.in (struct _gpgme_op_decrypt_result): Add session_key
member.
(gpgme_{set,get}_export_session_keys): Declare new functions.
* src/libgpgme.vers, src/gpgme.def: Export new functions in shared
object.
* src/engine.h: (_gpgme_engine_op_decrypt) Add export_session_key
parameter.
(_gpgme_engine_op_decrypt_verify): Add export_session_key parameter.
* src/engine-backend.h: (struct engine_ops): Change function
pointer declarations to match.
* src/context.h (struct gpgme_context): Add export_session_keys member.
* src/decrypt.c (release_op_data): Free result.session_key.
(_gpgme_decrypt_status_handler): Store a copy of the exported session
key.
(decrypt_start): Pass export_session_keys from the context.
* src/decrypt-verify.c (decrypt_verify_start): Pass
export_session_keys from context.
* src/engine.c (_gpgme_engine_op_decrypt): Pass through
export_session_key flag.
(_gpgme_engine_op_decrypt_verify): Pass through export_session_key
flag.
* src/engine-gpg.c (gpg_decrypt): If export_session_key is set, add
--export-session-key to argument list.
* src/engine-gpgsm.c (gpgsm_decrypt): Ignore export_session_key for
now, since gpgsm offers no such mechanism.
* src/engine-uiserver.c (_uiserver_decrypt): If export_session_key is
set, add --export-session-key flag to cmd.
* doc/gpgme.texi: Document new functions and session_key member of
decrypt_result_t.
* doc/uiserver.texi: Add --export-session-key flag to DECRYPT command.

--

gpg(1) documents session key export as useful for key escrow, and is
rightly dubious of that use case.  However, session key export is also
useful in other use cases.  Two examples from MUA development (where
this functionality would be specifically useful to me right now):

 * If the MUA stores a local copy of the session key upon decrypting
   the message, it can re-decrypt the message without expensive
   asymmetric operations.  When rendering a thread with dozens of
   encrypted messages, this can represent a significant speedup.

 * A user may have expired encryption-capable secret key material,
   along with many messages encrypted to that material.  If she stores
   the session keys for those messages she wants to keep, she can
   destroy her secret key material and make any messages she has
   deleted completely unrecoverable, even to an attacker who gets her
   remaining secret keys in the future.

This patchset makes a two specific implementation decisions that could
have gone in different ways.  I welcome feedback on preferred outcomes.

 0) session key representation: we currently represent the session key
    as an opaque textual string, rather than trying to provide any
    sort of in-memory structure.  While it wouldn't be hard to parse
    the data produced by gpg's --export-session-key, I chose to use
    the opaque string rather than lock in a particular data format.

 1) API/ABI: i've added a member to gpgme_op_decrypt_result_t.  This
    has the potential to cause an out-of-bound memory access if
    someone uses code compiled against the newer verision, but linked
    at runtime against an older version.  I've attempted to limit that
    risk by documenting that users must verify
    gpgme_get_export_session_keys() before accessing this new struct
    member -- this means that code expecting this capability will
    require the symbol at link-time, and will refuse to link against
    older versions.

    Another approach to solving this problem would be to avoid
    modifying gpgme_op_decrypt_result_t, and to introduce instead a
    new function gpgme_op_session_key(), which could be called in the
    same places as gpgme_op_decrypt_result().  Depending on the
    representation of the session key, this might introduce new
    memory-management burdens on the user of the library, and the
    session key is certainly part of a decryption result, so it seemed
    simpler to go with what i have here.

If anyone has strong preferences that these choices should be solved
in a different way, i'm happy to hear them.

Additionally, I note that i'm also still pretty unclear about how the
"UI Server" fits into this whole ecosystem. In particular, I don't
know whether it's kosher to just add an --export-session-key flag to
the DECRYPT operation without actually having implemented it anywhere,
but i don't see where i would actually implement it either :/

If this patch (or some variant) is adopted, i will supply another
patch that permits offering a session key during decryption (e.g. "gpg
--override-session-key"), but I wanted to get these implementation
choices ironed out first.

Gnupg-Bug-Id: 2754
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
On the concern of adding a new field to a structure: It may not be
clearly documented but we don't expect that a user ever allocates such
a structure - those result structure may only be created bu gpgme and
are read-only for the user.  Adding a new member constitutes a
compatible ABI change and thus an older SO may not be used by code
compiled with a header for the newer API.  Unless someone tinkers with
the build system, this should never happen.  We have added new fields
to result structure may times and I can't remember any problems.

 - wk

2 years agoqt: Add API to get the context for a Job
Andre Heinecke [Mon, 14 Nov 2016 19:40:29 +0000 (20:40 +0100)]
qt: Add API to get the context for a Job

* lang/qt/src/job.cpp,
lang/qt/src/job.h (Job::context): New.
* lang/qt/src/threadedjobmixin.cpp
(ThreadedJobMixin::~ThreadedJobMixin): New. Unregister context.
(ThreadedJobMixin::lateInitialization): Register context.
* NEWS: Update for cpp and qt.

--
The global map hack is necessary because the job class does
not know about the context which is held in threadedjobmixin.
Adding a virtual function in Job would be an ABI break which
I'd like to avoid at this point. Although QGpgME's API will
need a big ABI break to make it ABI maintainable. The virtual
jobs -> implementation classes are nearly unmaintainable ABI wise.

The context is exposed to provide more flexibility to users, e.g.
to add a passphrase callback or to set the sender in a context.

2 years agocpp: Add get / set Sender API
Andre Heinecke [Mon, 14 Nov 2016 15:13:27 +0000 (16:13 +0100)]
cpp: Add get / set Sender API

* cpp/src/context.cpp, cpp/src/context.h (Context::setSender),
(Context::getSender): Add simple wrappers.

2 years agoqt, cpp: Enable dll build for windows
Andre Heinecke [Mon, 14 Nov 2016 18:37:34 +0000 (19:37 +0100)]
qt, cpp: Enable dll build for windows

* lang/cpp/src/Makefile.am,
lang/qt/src/Makefile.am: Add -no-undefined to LDFLAGS.

2 years agow32: Fix build of w32-glib
Andre Heinecke [Mon, 14 Nov 2016 16:18:50 +0000 (17:18 +0100)]
w32: Fix build of w32-glib

* src/Makefile.am (main_sources): Remove system_components_not_extra.
(libgpgme_la_SOURCES): Add system_components_not_extra.
(libgpgme_glib_la_SOURCES): Remove duplicated ath files.