1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

9079 Commits

Author SHA1 Message Date
Werner Koch
10f8bb1671
scd:openpgp: Use shared fucntion for the dispserialno.
* scd/app-openpgp.c (wipe_and_free): New.
(wipe_and_free_string): New.
(get_disp_serialno): Remove.  Replace callers by function
app_get_dispserialno.
(get_usage_string): New.
(send_keypair_info): Use new function.
--

The new function has the same behaviour.  The wipe functions are
not yet used.
2023-10-11 09:38:45 +02:00
Werner Koch
fe683a1d7c
scd:openpgp: Some comment updates
--
2023-10-10 16:51:29 +02:00
NIIBE Yutaka
acda0a3f33
scd: Add handling of "Algorithm Information" DO.
* cd/app-openpgp.c (data_objects): Add 0x00FA.
(do_getattr): Add KEY-ATTR-INFO.

--

See the section 4.4.3.11 Algorithm Information in the OpenPGP card
functional specification version 3.4.1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 90d0072165cc5c6888f14462392a211de0c4b232)
Some parts where already here.
2023-10-10 16:37:03 +02:00
Werner Koch
d4208704a7
scd:openpgp: New KEY-STATUS attribute.
* scd/app-openpgp.c (do_getattr): Return KEY-STATUS
--

(cherry picked from commit 21496761226c1020a98e3ec7dd2b9dd013d4386b)
Some things from the original commit where already here.
2023-10-10 16:33:34 +02:00
Werner Koch
216f3fc96a
scd:openpgp: Add attribute "UIF" for convenience.
* scd/app-openpgp.c (do_getattr): New attrubute "UIF".
(do_learn_status): Use that.
--

Actually this is not just convenience but will make it easier to add
new keys to an openpgp card - we will need to change this only at one
place.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 11f0700282c1eeaee8db6686c38aca0900271351)
2023-10-10 16:25:31 +02:00
NIIBE Yutaka
52abdac2d4
scd: Add handling of Ed448 key.
* scd/app-openpgp.c (struct app_local_s): Add ecc.algo field.
(send_key_attr): Use ecc.algo field.
(ecc_read_pubkey): Use ecc.algo field.
(ecc_writekey): Ed448 means EdDSA.
(parse_algorithm_attribute): Set ecc.algo field from card.
Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag.

--

There used to be a possible support of Ed25519 with ECDSA, (instead of
EdDSA).  To distinguish key for Ed25519 for EdDSA, we use the
flag: (flags eddsa).  Ed448 has no support for ECDSA and defaults to
EdDSA even if no such flag.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit b743942a9719be59f1da67cd338248fe7ee5aeab)
2023-10-10 16:17:04 +02:00
Werner Koch
b262a21c61
scd:openpgp: Support the ecdh-params arg for writing keys.
* scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to
compute the fingerprint.  Add a default for use by gnupg 2.2.
(store_fpr): Add arg update.
(rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid
writing the fingerprint back to the card if not set.
(read_public_key): Also add arg meta_update.
(get_public_key): Do not pass it as true here...
(do_genkey): ... but here.
--

This is based on commit c03ba92576e34f791430ab1c68814ff16c81407b and
done here to ease backporting.  There is no functional change.

GnuPG-bug-id: 6378
2023-10-10 16:10:21 +02:00
Werner Koch
d25e960652
scd:openpgp: Handle wrong error return code of Yubikey.
* scd/app-openpgp.c (get_public_key): Handle wrong error code by
Yubikeys.
--

This has been taken from commits
  0db9c83555b4a8a0c52f96e96ec20dbfd3d75272
  946555ea3ceb823b95ed13654ae4fd667daa4337
2023-10-10 16:10:02 +02:00
NIIBE Yutaka
d938abcc5e
scd: Fix description string.
* scd/app-openpgp.c (data_objects): Capitalize the word for usage.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit e6b7e0ff9990813ac9f11b2d9d92596d6379ebfe)
2023-10-10 15:17:29 +02:00
NIIBE Yutaka
7666a45830
scd:openpgp: Support UIF changing command.
* g10/card-util.c (uif, cmdUIF): New.
(card_edit): Add call to uif by cmdUIF.
* scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3.
(do_setattr): Likewise.
(do_learn_status): Learn UIF-1, UIF-2, and UIF-3.

--

GnuPG-bug-id: 4158
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 0cb65564e022fface5ada4de8e0c2c4c3d0ac8ad)
Also included the relevant part from
commit 0240345728a84d8f235ce05889e83963e52742eb

Note that this patch is mainly to simplifying backporting and not to
support the UIF.
2023-10-10 15:16:22 +02:00
Werner Koch
9e3b7e26a9
scd:openpgp: Small speedup reading card properties.
* scd/app-openpgp.c (struct app_local_s): Add new flag.
(get_cached_data): Force chace use if flag is set.
(app_select_openpgp): Avoid reading DO 6E multiple times.
--

The do not cache property of 6E was introduced so that we can change
for example key attributes without getting into with the cache.
However, for initial reading the cache makes a lot of sense and thus we
now use this hack to only temporary cache.  A better strategy would be
to clear the cache when we change card data but that is more error
prone.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d5fb5983232cf4d60cf6aa00d0ae5a16cf948e19)
2023-10-10 13:59:51 +02:00
Werner Koch
57bfad2c39
scd:openpgp: Allow reading and writing user certs for keys 1 and 2
* scd/iso7816.c (CMD_SELECT_DATA): New.
(iso7816_select_data): New.
* scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2
(do_writecert): Ditto.
(do_setattr): Add CERT-1 and CERT-2.
--

This has been tested with a Zeitcontrol 3.4 card.  A test with a
Yubikey 5 (firmware 5.2.6) claiming to support 3.4 failed.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 37b1c5c2004c1147a13b388863aaa8f0caf7d71f)
2023-10-10 13:54:26 +02:00
Werner Koch
b2363c1dd9
scd: Allow standard keyref scheme for app-openpgp.
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
--

The generic keyref allows for better error detection in case a keyref
is send to a wrong card.  This has been taken from master commit
3231ecdafd71ac47b734469b07170756979ede72 which has additional changed
for gpg-card-tool, which is only available there.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6651a0640d0f1b4dd161210dc55974d9b93b7253)
2023-10-10 13:43:38 +02:00
NIIBE Yutaka
3d368c1a7d
scd:openpgp: Support GET DATA response with no header for DO 0x00FA.
* scd/app-openpgp.c (do_getattr): Support Gnuk, as well.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 43bbc25b0f57dec24412886ff46041e0b1f3de26)
2023-10-10 13:29:49 +02:00
Werner Koch
c4eada0787
scd:openpgp: Pass arg ctrl to more functions.
* scd/app-openpgp.c (verify_a_chv): Add currently unused arg ctrl.
Adjust callers.
(verify_chv3): Ditto.
(verify_chv2): Add arg ctrl.  Adjust callers.
(change_keyattr): Ditto.
(change_rsa_keyattr): Ditto.
(change_keyattr_from_string): Ditto.
(rsa_writekey): Ditto.
(ecc_writekey): Ditto.
--

This helps in backporting from master.
2023-10-10 13:25:23 +02:00
Werner Koch
03aa4e6651
scd:openpgp: Replace assert by log_assert.
* scd/app-openpgp.c: Remope assert.h. Replace all assert by
log_assert.
2023-10-10 12:11:50 +02:00
NIIBE Yutaka
a942986f17
scd:openpgp: Fix computing fingerprint for ECC with SOS.
* scd/app-openpgp.c (count_sos_bits): New.  Count as sos_write does.
(store_fpr): For ECC, use count_sos_bits.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 95156ef9bfb6a3a525454d50ae2f5b538ccbd774)
and
(cherry picked from commit f482e4bd121ff2862bfb53a82f1d5c2cf3524a10)
2023-10-10 12:06:22 +02:00
Werner Koch
24033dc8ae
scd:openpgp: Very minor refactoring
* scd/app-openpgp.c (app_select_openpgp): Move AID definition to ...
(openpgp_aid): new.
2023-10-10 11:55:25 +02:00
Werner Koch
7f8cac5cec
scd:openpgp: Rename an internal variable.
* scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/.
s/max_certlen_3/max_certlen.  Change users.
--

The extcap_v3 flag is set if the version is 3 or later and as such
does not only declare that the v3 extcap layout is used.  Make this
clear by renaming.

Likewise for max_certlen_3.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit bbdb48ec0ddd99ce23fcba42949c00a2594fb9a5)
2023-10-10 11:46:14 +02:00
Werner Koch
9976285ff0
sm: Support more HMAC algos in the pkcs#12 parser.
* sm/minip12.c (oid_hmacWithSHA1): New.  Also for the SHA-2 algos.
(digest_algo_from_oid): New.
(set_key_iv_pbes2): Add arg digest_algo.
(crypt_block): Ditto.
(decrypt_block): Ditto.
(parse_bag_encrypted_data): Parse the optional prf part and get the
hmac algorithm.
(parse_shrouded_key_bag): Ditto.
(p12_build): Pass SHA1 for digest_algo.

* sm/t-minip12.c (run_one_test): Print failed values in verbose mode.

* tests/samplekeys/nistp256-openssl-self-signed.p12: New.
* tests/samplekeys/Description-p12: Add this one.
* tests/Makefile.am (EXTRA_DIST): Ditto.
--

This supports the modern algorithms, i.e. using SHA256 for the KDF
which is the default in openssl unless the -legacy option is used.

GnuPG-bug-id: 6536
2023-10-06 11:22:59 +02:00
Werner Koch
1e9ac18f88
common,w32: Add missing GetLastError->errno mapping.
* common/iobuf.c (file_filter, sock_filter): Add missing mapping.
--

GnuPG-bug-id: 6528
(cherry picked from commit 5e94470d053ec93f79acb03635e67839a5a1e6a8)

Also includes commit a3be97df4ddfce008dcc6e877e9fb98c71656ec6
2023-10-05 15:30:42 +02:00
Werner Koch
bb157044a0
sm: Improve the octet string cramming for pkcs#12
* sm/minip12.c (need_octet_string_cramming): New.
(tlv_expect_object, tlv_expect_octet_string): Run the test before
cramming.

* sm/minip12.c (ENABLE_DER_STRUCT_DUMPING): New but undefined macro
for debug purposes.
(bag_decrypted_data_p, bag_data_p): Use macro to allow dumping.
--

This bug was exhibited by importing a gpgsm exported EC certificate.

We use an extra test instead of retrying to allow retruning an error
from malloc failure.  And well, for easier reading of the code.

GnuPG-bug-id: 6536
(cherry picked from commit c1f78634ec3927ddcfdc4687bc6e408c658a0ece)
2023-10-05 10:32:57 +02:00
Werner Koch
a0ac529d08
Update NEWS
--
2023-10-02 16:38:16 +02:00
Werner Koch
45a1ab5017
common: Improve lock strategy for dotlock.
* common/dotlock.c (next_wait_interval): New.
(dotlock_take_unix): Use new function.
(dotlock_take_w32): Ditto.
--

In particular when using a dotlock file for protecting the spawning
and several processes try to spawn the agent or another component, we
often run into long delays.  The solution is to is to exponential
backoff and also to reduce the initial delay from 50ms to 4ms.  We
further limit the maximum wait period to about 2 seconds and then
repeat at intervals of 512, 1024 and 2048ms.  In the wait-forever case
we add a small random value to have different intervals per process.

GnuPG-bug-id: 3380

For testing this code snippet in the spawning function might be
useful:

          const char *s;
          if ((s=getenv("hold_gpg_file")))
            while (!gnupg_access (s, F_OK))
              gnupg_sleep (1);
2023-10-02 14:40:08 +02:00
Werner Koch
d546fdd531
dirmngr: Add code to support the negotiation auth method.
* dirmngr/http.c (enum auth_negotiate_states): New.
(struct proxy_info_s): Add new fields.
(release_proxy_info): Free Windows stuff.
(proxy_get_token): New. Implemented only for Windows for now.
(run_proxy_connect): Add support for auth method Negotiation.
(store_header): Keep some header lines separate.
--

The code does something but I have not yet been able to test it due
to problems setting up Squid with AD authentication.  As of now it
will respond with a failure but that should not be worse than not to
implement Negotiation.

Supporting Negotiation using GSS for Unix should eventually also be
done.

GnuPG-bug-id: 6719
2023-10-02 13:01:08 +02:00
Werner Koch
7f2f970540
dirmngr: Extended the http_get_header function.
* dirmngr/http.c (send_request): Add arg 'skip'.  Adjust all callers.
--

GnuPG-bug-id: 6719
2023-10-02 13:01:01 +02:00
Werner Koch
c1cd185385
common: Add new function b64decode.
* common/b64dec.c (b64decode): New.
* common/t-b64.c: Change license to LGPL.
(oops): New macro.
(hex2buffer): New.
(test_b64decode): New.
(main): Default to run the new test.
* common/Makefile.am (module_maint_tests): Move t-b64 to ...
(module_tests): here.
--

Sometimes we have a short base64 encoded string we need todecode.
This function makes it simpler.

License change of the test module justified because I am the single
author of the code.
2023-09-29 11:34:06 +02:00
Werner Koch
9f1c11cd3f
dirmngr: Fix handling of the HTTP Content-Length
* dirmngr/http.c (cookie_s): Add fields pending, up_to_empty_line,
last_was_lf, and last_was_lfcr.
(http_context_s): Add field keep-alive.
(http_wait_response): Set up_to_empty_line.  Take care of keep_alive
flag.
(coookie_read): Implement detection of empty lines.
(cookie_write): Free the pending buffer.
--

The problem we fix here is that we already buffered stuff beyond the
empty line which marks the start of the content-length counting.  Thus
we tried to wait for more bytes despite that everything had already
been read.  This bug might have showed up more often in the real world
since the we changed the BUFSIZ on Windows from 512 byte to 8k.  It
also depends on the length of the headers and whether the server
closed the connection so that we ignored the Content-Length.

The bug was introduced earlier than 2010 and could have the effect
that a connection got stuck until the network layer timed out.

Note that the keep-alive parts of the patch are not yet used.
2023-09-26 12:37:45 +02:00
Werner Koch
50da09fb62
common: Add gnupg_memstr to repalce static versions.
* common/stringhelp.c (gnupg_memstr): New.
* common/mbox-util.c (my_memstr): Remove.
(is_valid_mailbox_mem): Use gnupg_memstr.
* common/recsel.c (my_memstr): Remove.
(recsel_select): Use gnupg_memstr.
2023-09-26 12:37:45 +02:00
Werner Koch
5fd5e7433d
dirmngr: Require gnutls 3.2
* dirmngr/http.c: Remove gnutls version specific code.
(send_request): Factor some code out to ...
(run_proxy_connect): new.
(mk_proxy_request): new.
(mk_std_request): new.
* configure.ac (NEED_GNUTLS_VERSION): Require 3.2.
--

This patch is to factor out some code and also to remove support for
legacy gnutls versions.  Note that gnutls 3.2 was released 10 years
ago.
2023-09-26 12:37:45 +02:00
NIIBE Yutaka
8e3d4f5b63
gpg: Keep the integrity of the code for KEYINFO command.
* g10/call-agent.c (struct keyinfo_data_parm_s): Remove CARD_AVAILABLE
field.
(keyinfo_status_cb): Don't touch CARD_AVAILABLE field.
(agent_probe_secret_key); Don't check CARD_AVAILABLE field.
* g10/import.c (do_transfer): Check if it's card key or not.

--

In 2.2 branch, gpg-agent doesn't have a capability to report if card
is available or not by KEYINFO command.  Thus, this clean up.

GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-09-26 10:05:05 +09:00
NIIBE Yutaka
ff42ed0d69
gpg: Enhance agent_probe_secret_key to return bigger value.
* g10/call-agent.c (keyinfo_status_cb): Parse more fields.
(agent_probe_secret_key): Use KEYINFO and returns bigger value
representing the preference.

--

Backport the commit of:
	8748c50bfaa8df2b1e59c301d15fd6b9ddbd9c47

GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-09-25 13:24:35 +09:00
Werner Koch
9fe73df21a
dirmngr: Improve error codes returned from http fetching.
* dirmngr/ks-engine-http.c (ks_http_fetch): Return better error codes.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/t-http.c (main): New option --try-proxy.
2023-09-19 16:14:01 +02:00
Werner Koch
63acf06efb
dirmngr: Implement automatic proxy detection on Windows.
* dirmngr/http.c [W32]: Include winhttp.h
(w32_get_internet_session): New.
(w32_get_proxy): New.
(get_proxy_for_url): Implement automatic proxy detection and fix error
in last patch.
(http_reinitialize): New.
* dirmngr/dirmngr.c (dirmngr_sighup_action): Call reinitialize.
* dirmngr/Makefile.am (NETLIBS) [W32]: Link with winhttp.
--

GnuPG-bug-id: 5768
2023-09-19 15:04:49 +02:00
Werner Koch
7659c0a2b0
dirmngr: Further simplify the http code and improve a message.
* dirmngr/http.c (make_fp_write, make_fp_read): New.
(http_raw_connect): Use new functions.
(http_wait_response): Ditto.
(send_request): Ditto.  Change proxy error diagnostic.
(connect_server): Improve error message for host not found.
--

GnuPG-bug-id: 5768
2023-09-19 12:50:20 +02:00
Werner Koch
f4b72c4eb7
dirmngr: Cleanup the http module.
* configure.ac (NEED_NTBTLS_VERSION): Require at least 0.2.0 so that
we can remove a conditional compilation.

* dirmngr/http.c (struct proxy_info_s): New.
(release_proxy_info): New to keep proxy information in one object.
(send_request): Factor some code out to ...
(get_proxy_for_url): this,
(send_request_basic_checks): this,
(send_request_set_sni): this,
(run_ntbtls_handshake): this,
(run_gnutls_handshake): and this.
--

Note that this also removes some never used code.  For example the
NTBTLS handshake has code taken from GNUTLS which was never used due
to the different ways on how the certificates are checked.

The proxy code has been factored out to make to prepare further
authentication methods.  The proxy_info_t was introduced for the same
reason.

Tested against gnutls and ntbtls builds.  No proxy tests yet done,
because we need more sophisticated tests anyway.

GnuPG-bug-id: 5768
2023-09-18 17:37:47 +02:00
Werner Koch
de84c58d90
gpg: Fix --no-utf8-strings.
* g10/gpg.c (main): Ignore --no-utf8-strings only on Windows.
--

Fixes-commit: b912f07cdf00043b97fca54e4113fab277726e03
Reported-by: Ingo Klöcker
2023-09-18 11:29:21 +02:00
Werner Koch
936954a18a
dirmngr: Relax the detection of the "none" keyserver.
* dirmngr/server.c (cmd_keyserver): Ignore also hkps://none.
(ensure_keyserver): Better ignore also "none" with a hkp or hpks
scheme.
--

GnuPG-bug-id: 6708
2023-09-11 11:31:32 +02:00
Werner Koch
1964a2a4ae
speedo,w32: Adjustments for the new Unicode NSIS plugins.
* build-aux/speedo/w32/inst.nsi: Convert to UTF-8.  Add Unicode
statement.
* build-aux/speedo.mk (installer): Remove -INPUTCHARSET.
--

GnuPG-bug-id: 6448
(cherry picked from commit 7e1f36b2425e0ee041bd16b1ec51b8128329aab9)
2023-09-08 15:33:04 +02:00
Werner Koch
e2b549f1c7
speedo: Update NSIS helper DLL from Gpg4win
* build-aux/speedo/w32/inst.nsi: Re-enable run-once check.
* build-aux/speedo/w32/exdll.c: New.
* build-aux/speedo.mk (g4wihelp.dll): Change build commands.
--

GnuPG-bug-id: 6448
(cherry picked from commit 7359665addda3d47768ed0d64cdb45a65ad2b03d)
2023-09-08 15:30:24 +02:00
Werner Koch
6c9db01101
gpg: New option --add-desig-revoker
* g10/gpg.c (oAddDesigRevoker): New.
(opts): Add new option.
* g10/options.h (opt): Add field desig_revokers.
* g10/keygen.c (get_parameter_idx): New.
(get_parameter): Make use of get_parameter_idx.
(prepare_desig_revoker): New.
(get_parameter_revkey): Add arg idx.
(proc_parameter_file): Add designated revokers.
(do_generate_keypair): Write all designated revokers.
--

(cherry picked from commit 3d094e2bcf6c9ed2cd405623f2dbc6131d04366f)

Support for v5 desig revokers has been removed.  However, we should
check whether we can add a longer v4 desig revoker fingerprint in
addition to the regular v4 desig revoker.
2023-09-07 19:05:39 +02:00
Werner Koch
8c8608425a
Prepare NEWS for a snapshot release
--
2023-09-07 17:35:01 +02:00
Werner Koch
8d01725a96
common: Never remove /dev/null.
* common/sysutils.c (gnupg_remove): Detect /dev/null.
--

GnuPG-bug-id: 6556
(cherry picked from commit 7f9e05d73f2ca1ecde1b7ba406d139a19d007998)
2023-09-07 17:27:14 +02:00
Werner Koch
6d45fcdd3c
agent: Add trustlist flag "de-vs".
* agent/trustlist.c (struct trustitem_s): Add field de_vs.
(read_one_trustfile): Parse it.
(istrusted_internal): Emit TRUSTLISTFLAG status line.
* sm/gpgsm.h (struct rootca_flags_s): Add field de_vs.
* sm/call-agent.c (istrusted_status_cb): Detect the flags.

* sm/sign.c (write_detached_signature): Remove unused vars.
--

Right now this flag has no effect; we first need to specify the exact
behaviour.

GnuPG-bug-id: 5079
(cherry picked from commit a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f)
2023-09-07 17:14:10 +02:00
Werner Koch
7e320a89c2
agent: New flag "qual" for the trustlist.txt.
* agent/trustlist.c (struct trustitem_s): Add flag "qual".
(read_one_trustfile): Rename arg "allow_include" to "systrust" and
change callers.  Parse new flag "qual".
(istrusted_internal): Print all flags.
* sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag.
* sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified".
* sm/certchain.c (do_validate_chain): Take care of the qualified flag.
--

(cherry picked from commit 7c8c6060616ab91f5490e91a0fb9efc9aee9f58e)
2023-09-07 17:12:33 +02:00
Werner Koch
3d3b941ce9
gpgsm: Create binary detached sigs with definite form length octets.
* sm/sign.c: Include tlv.h.
(write_detached_signature): New,
(gpgsm_sign): Fixup binary detached signatures.
--

This helps some other software to verify detached signatures.

(cherry picked from commit 8996b0b655952fa6b5bb678a92d3106f72f80f2a)
2023-09-07 16:44:29 +02:00
Werner Koch
6bdf11f671
gpgsm: Strip trailing zeroes from detached signatures.
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--

Note that this works only if --assume-binary is given.  The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.

(cherry picked from commit 2a13f7f9dc75265ece649e30fecd3dc694b1240e)
2023-09-07 16:38:35 +02:00
Werner Koch
a6e47400c7
doc: Add missing NEWS entry for next release
--
2023-09-07 11:10:00 +02:00
Werner Koch
ac498107cd
build: Fix make distcheck
--
2023-09-06 16:23:43 +02:00
Werner Koch
80e442348d
gpg: Fix validity of re-imported keys.
* g10/trustdb.c (tdb_clear_ownertrusts): Detect stale validity
records.
--

GnuPG-bug-id: 6399

This problem was introduced by an actually very useful patch

  2002-12-13  David Shaw  <dshaw@jabberwocky.com>
  [...]
  * import.c (import_keys_internal): Used here so we don't rebuild
  the trustdb if it is still clean.
  (import_one, chk_self_sigs): Only mark trustdb dirty if the key
  that is being imported has any sigs other than self-sigs.
  Suggested by Adrian von Bidder.

[the last part]

The bug exhibited itself only after signing a key, deleting that key
and then re-importing the original non-signed key.
2023-09-06 12:09:55 +02:00