[git] GPGME - branch, master, updated. gpgme-1.9.0-73-g47f61df
by Werner Koch
cvs at cvs.gnupg.org
Thu Aug 24 17:22:36 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via 47f61df0704485b8165c9cf2a27ad57bcd864239 (commit)
from 6745eb69e27bc73fece88c5e4e0b0bca13fa8b11 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 47f61df0704485b8165c9cf2a27ad57bcd864239
Author: Werner Koch <wk at gnupg.org>
Date: Thu Aug 24 17:17:11 2017 +0200
core: New context flag "auto-key-retrieve"
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag
"auto-key-retrieve".
* src/context.h (gpgme_context): New field auto_key_retrieve.
* src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve
to field 'decrypt'.
* src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass
option --auto-key-retrieve to gpg. Adjust all callers.
(gpg_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve.
* src/engine-uiserver.c (uiserver_decrypt): Ditto.
* tests/run-verify.c (main): Add option --auto-key-retrieve.
--
This makes the --auto-key-retrieve option available in the GPGME API.
Test plan:
Run
GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE
with and without its new option --auto-key-retrieve and check in the
trace stored in "out" whether --auto-key-retrieve was passed to gpg.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/NEWS b/NEWS
index 25552ad..71d9600 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ Noteworthy changes in version 1.10.0 (unreleased)
GPGME_DELETE_ALLOW_SECRET NEW.
GPGME_DELETE_FORCE NEW.
gpgme_op_conf_dir NEW.
+ gpgme_set_ctx_flag EXTENDED: New flag 'auto-key-retrieve'.
cpp: DecryptionResult::isDeVs NEW.
cpp: Signature::isDeVs NEW.
py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 5df54f5..8dcc86e 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3055,6 +3055,16 @@ the context flag "export-session-key" is enabled. Please be aware that
using this feature with GnuPG < 2.1.16 will leak the session key on
many platforms via ps(1).
+ at item "auto-key-retrieve"
+Setting the @var{value} to "1" asks the backend to automatically
+retrieve a key for signature verification if possible. Note that this
+option makes a "web bug" like behavior possible. Keyserver or Web Key
+Directory operators can see which keys you request, so by sending you
+a message signed by a brand new key (which you naturally will not have
+on your local keyring), the operator can tell both your IP address and
+the time when you verified the signature.
+
+
@end table
This function returns @code{0} on success.
diff --git a/src/context.h b/src/context.h
index d0542d9..1e763d2 100644
--- a/src/context.h
+++ b/src/context.h
@@ -118,6 +118,9 @@ struct gpgme_context
* flag is cleared with each operation. */
unsigned int redraw_suggested : 1;
+ /* True if the option --auto-key-retrieve shall be passed to gpg. */
+ unsigned int auto_key_retrieve : 1;
+
/* Flags for keylist mode. */
gpgme_keylist_mode_t keylist_mode;
diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c
index 66cfe94..17f79ac 100644
--- a/src/decrypt-verify.c
+++ b/src/decrypt-verify.c
@@ -86,7 +86,8 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous,
flags,
cipher, plain,
ctx->export_session_keys,
- ctx->override_session_key);
+ ctx->override_session_key,
+ ctx->auto_key_retrieve);
}
diff --git a/src/decrypt.c b/src/decrypt.c
index eb7ec4d..8c2cd4d 100644
--- a/src/decrypt.c
+++ b/src/decrypt.c
@@ -452,7 +452,8 @@ _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
flags,
cipher, plain,
ctx->export_session_keys,
- ctx->override_session_key);
+ ctx->override_session_key,
+ ctx->auto_key_retrieve);
}
diff --git a/src/engine-backend.h b/src/engine-backend.h
index f41aaeb..421eb16 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -65,7 +65,8 @@ struct engine_ops
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph,
gpgme_data_t plain, int export_session_key,
- const char *override_session_key);
+ const char *override_session_key,
+ int auto_key_retrieve);
gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags);
gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 9c0d7f7..5ce04f0 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1562,7 +1562,8 @@ static gpgme_error_t
gpg_decrypt (void *engine,
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key, const char *override_session_key)
+ int export_session_key, const char *override_session_key,
+ int auto_key_retrieve)
{
engine_gpg_t gpg = engine;
gpgme_error_t err;
@@ -1580,6 +1581,9 @@ gpg_decrypt (void *engine,
if (!err && export_session_key)
err = add_arg (gpg, "--show-session-key");
+ if (!err && auto_key_retrieve)
+ err = add_arg (gpg, "--auto-key-retrieve");
+
if (!err && override_session_key && *override_session_key)
{
if (have_gpg_version (gpg, "2.1.16"))
@@ -2997,6 +3001,9 @@ gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
gpgme_error_t err;
err = append_args_from_sender (gpg, ctx);
+ if (!err && ctx->auto_key_retrieve)
+ err = add_arg (gpg, "--auto-key-retrieve");
+
if (err)
;
else if (plaintext)
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index f23b0bf..e337fed 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1130,7 +1130,8 @@ static gpgme_error_t
gpgsm_decrypt (void *engine,
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key, const char *override_session_key)
+ int export_session_key, const char *override_session_key,
+ int auto_key_retrieve)
{
engine_gpgsm_t gpgsm = engine;
gpgme_error_t err;
@@ -1142,6 +1143,9 @@ gpgsm_decrypt (void *engine,
(void)export_session_key;
(void)override_session_key;
+ /* --auto-key-retrieve is also not supported. */
+ (void)auto_key_retrieve;
+
if (!gpgsm)
return gpg_error (GPG_ERR_INV_VALUE);
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 3db705d..bc3f3fb 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -962,7 +962,8 @@ static gpgme_error_t
uiserver_decrypt (void *engine,
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain,
- int export_session_key, const char *override_session_key)
+ int export_session_key, const char *override_session_key,
+ int auto_key_retrieve)
{
engine_uiserver_t uiserver = engine;
gpgme_error_t err;
@@ -972,6 +973,8 @@ uiserver_decrypt (void *engine,
(void)override_session_key; /* Fixme: We need to see now to add this
* to the UI server protocol */
+ (void)auto_key_retrieve; /* Not yet supported. */
+
if (!uiserver)
return gpg_error (GPG_ERR_INV_VALUE);
diff --git a/src/engine.c b/src/engine.c
index 2c7e625..28ba9fd 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -656,7 +656,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
gpgme_decrypt_flags_t flags,
gpgme_data_t ciph,
gpgme_data_t plain, int export_session_key,
- const char *override_session_key)
+ const char *override_session_key,
+ int auto_key_retrieve)
{
if (!engine)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -665,7 +666,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain,
- export_session_key, override_session_key);
+ export_session_key, override_session_key,
+ auto_key_retrieve);
}
diff --git a/src/engine.h b/src/engine.h
index b71b7e2..0bf1bb2 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -88,7 +88,8 @@ gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine,
gpgme_data_t ciph,
gpgme_data_t plain,
int export_session_key,
- const char *override_session_key);
+ const char *override_session_key,
+ int auto_key_retrieve);
gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
unsigned int flags);
gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,
diff --git a/src/gpgme.c b/src/gpgme.c
index 2b196a2..d0a5afe 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -531,6 +531,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
if (!ctx->override_session_key)
err = gpg_error_from_syserror ();
}
+ else if (!strcmp (name, "auto-key-retrieve"))
+ {
+ ctx->auto_key_retrieve = abool;
+ }
else
err = gpg_error (GPG_ERR_UNKNOWN_NAME);
@@ -568,6 +572,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
{
return ctx->override_session_key? ctx->override_session_key : "";
}
+ else if (!strcmp (name, "auto-key-retrieve"))
+ {
+ return ctx->auto_key_retrieve? "1":"";
+ }
else
return NULL;
}
diff --git a/tests/run-verify.c b/tests/run-verify.c
index 3abc572..b22e644 100644
--- a/tests/run-verify.c
+++ b/tests/run-verify.c
@@ -222,6 +222,7 @@ show_usage (int ex)
" --openpgp use the OpenPGP protocol (default)\n"
" --cms use the CMS protocol\n"
" --sender MBOX use MBOX as sender address\n"
+ " --auto-key-retrieve\n"
, stderr);
exit (ex);
}
@@ -231,6 +232,7 @@ int
main (int argc, char **argv)
{
int last_argc = -1;
+ const char *s;
gpgme_error_t err;
gpgme_ctx_t ctx;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
@@ -241,6 +243,7 @@ main (int argc, char **argv)
gpgme_verify_result_t result;
int print_status = 0;
const char *sender = NULL;
+ int auto_key_retrieve = 0;
if (argc)
{ argc--; argv++; }
@@ -283,6 +286,12 @@ main (int argc, char **argv)
sender = *argv;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--auto-key-retrieve"))
+ {
+ auto_key_retrieve = 1;
+ argc--; argv++;
+ }
+
else if (!strncmp (*argv, "--", 2))
show_usage (1);
@@ -323,6 +332,18 @@ main (int argc, char **argv)
}
/* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */
+ if (auto_key_retrieve)
+ {
+ gpgme_set_ctx_flag (ctx, "auto-key-retrieve", "1");
+ s = gpgme_get_ctx_flag (ctx, "auto-key-retrieve");
+ if (!s || strcmp (s, "1"))
+ {
+ fprintf (stderr, PGM ": gpgme_get_ctx_flag failed for '%s'\n",
+ "auto-key-retrieve");
+ exit (1);
+ }
+ }
+
if (sender)
{
err = gpgme_set_sender (ctx, sender);
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
doc/gpgme.texi | 10 ++++++++++
src/context.h | 3 +++
src/decrypt-verify.c | 3 ++-
src/decrypt.c | 3 ++-
src/engine-backend.h | 3 ++-
src/engine-gpg.c | 9 ++++++++-
src/engine-gpgsm.c | 6 +++++-
src/engine-uiserver.c | 5 ++++-
src/engine.c | 6 ++++--
src/engine.h | 3 ++-
src/gpgme.c | 8 ++++++++
tests/run-verify.c | 21 +++++++++++++++++++++
13 files changed, 72 insertions(+), 9 deletions(-)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
More information about the Gnupg-commits
mailing list