* g10/build-packet.c (do_encrypted_aead): New.
(do_symkey_enc): Handle version 5.
(build_packet): Support the ENCRYPTED_AEAD packet.
* g10/cipher.c (MIN_PARTIAL_SIZE): Remove unused macro.
(AEAD_ENC_BUFFER_SIZE): New macro.
(my_iobuf_write): New.
(write_header): Rename to write_cfb_header. Adjust caller.
(set_ocb_nonce_and_ad): New.
(write_ocb_header): New.
(write_ocb_auth_tag): New.
(write_ocb_final_chunk): New.
(do_ocb_flush): New.
(do_ocb_free): New.
(cipher_filter_ocb): New.
* g10/filter.h (cipher_filter_context_t): Add fields for AEAD.
* g10/encrypt.c (encrypt_symmetric): For the use of a session key in
OCB mode.
(encrypt_seskey): Revamp to support OCB.
(use_aead): New.
(encrypt_simple): Support OCB.
(write_symkey_enc): Ditto.
(encrypt_crypt): Ditto.
(encrypt_filter): Handle OCB.
* g10/options.h (opt): Add field force_ocb.
* g10/gpg.c (oForceOCB): New.
(opts): New option "--force-ocb".
(main): Set force_ocb option.
* g10/gpgcompose.c (encrypt_seskey): New.
* g10/keygen.c (aead_available): New global var.
(keygen_set_std_prefs): Set AEAD feature by default in GNUPG mode. Add
parings of aead feature flag.
(keygen_get_std_prefs): Set aead flag.
(add_feature_aead): New.
(keygen_upd_std_prefs): Set OCB as preference if AEAD is enabled.
* g10/pkclist.c (select_aead_from_pklist): New.
(warn_missing_aead_from_pklist): New.
(select_mdc_from_pklist): Remove this unused function.
--
This extends the long available OCB and EAX decryption feature. Due
to the meanwhile expired patent on OCB there is no more reason for
using EAX. Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
In GNUPG mode new keys are now created with the AEAD feature flag set.
Option --rfc4880 is one way to disable this.
GnuPG-bug-id: 6263
* common/tlv.c (parse_ber_header): Protect agains integer overflow.
--
Although there is no concrete case where we use the (nhdr + length),
it is better to protect against this already here.
* common/iobuf.c (iobuf_copy): Use log_assert. Explicitly cast error
return value.
* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.
* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
--
Fixes-commit: 8066f8a3470f9d2f3682a28641a7b09eca29a105
which caused the assertion failure on error.
The second fix avoids repeated error message about non-compliant keys.
GnuPG-bug-id: 6174
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--
Backported-from-master: f0b373cec93bb01f02b9c0a3ab1f3e242b381c3f
Backported-from-master: ce63eaa4f8f3f41aafcaddd8d658dacd522334a8
* common/name-value.c (nvc_write): Take care of Key. Factor some code
out to ...
(write_one_entry): new.
--
The key item is in general not manual editable thus we put it at the
end of a file.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c9fa28bfad297b17e76341ffb40383ce92da5d44)
* common/name-value.c (nve_set): New.
(nvc_set): Use nve_set.
(nvc_delete_named): New.
(nvc_get_string): New.
(nvc_get_boolean): New.
--
This function is required to allow updating a specific line. The
other new functions are backported from master
* common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
string.
(read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key. Indicate whether the HKLM fallback was used.
* common/tlv-builder.c: New.
* common/tlv.c: Remove stuff only used by GnuPG 1.
(put_tlv_to_membuf, get_tlv_length): Move to ...
* common/tlv-builder.c: here.
* common/tlv.h (tlv_builder_t): New.
--
Such code should actually go into libksba and we will eventually do
that. However, for now it is easier to keep it here.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5ea878274ef51c819368f021c69c518b9aef6f82)
- Add coverity meta comment from
commit a95ddffdcd58383cce93677be5e7e11c5c229a98
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
--
Note that the second patch is used to handle Unicode filenames which
are symbolic links.
* common/dotlock.c (read_lockfile): Return FD in R_FD.
(dotlock_take_unix): Fix a race condition by new read_lockfile and
checking with fstat. Describe one race condition in comment.
(dotlock_release_unix): Follow the change of read_lockfile.
--
GnuPG-bug-id: 5884
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/mapstrings.c (struct intmapping_s): New.
(map_static_strings): New.
* common/stringhelp.c (do_strconcat): Rename to ...
(vstrconcat): this and make global.
* common/t-mapstrings.c (test_map_static_strings): New test.
--
Note that for this LTS version we now print g10 Code as the first
copyright holder with --version. This is to avoid confusion at our
customers, now that we also provide a Linux^WGNU/Linux version of
GnuPG VS-Desktop and the Windows version has always shown g10 Code.
* common/homedir.c (w32_try_mkdir): Remove.
(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
(_gnupg_socketdir_internal): Ditto.
--
The w32_try_mkdir was once introduced for WindowsCE and unfortunately
at a too brief inspection it looks like it does the utf8->wchar
conversion. Which it does not. Thus I obviously never tested the
switch to from APPDATA to LOCAL_APPDATA with a non-ascii account name.
That might have been due to the use of the very same code for the
homedir - but there is other code in gpg to create the homedir; thus a
failure here is mostly fixed later.
The missing error diagnostic was - and is - on purpose to avoid such
error messages due to a race between several running gpg instances.
GnuPG-bug-id: 5537
* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
have a default. Remove runtime flag.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
(known_options_gpg_agent): Add a few missing runtime flags. Remove
"options". Add "check-sym-passphrase-pattern".
(known_options_scdaemon, known_options_gpgsm): Remove "options".
(dirmngr): Ditto.
* tools/gpgconf-comp.c (is_known_option): Return only options having a
value for name. Thus we list list options from the known_options
tables.
* common/argparse.c (gnupg_argparse): Set attribute flags
--
GnuPG-bug-id: 5799
This is a backport from the fix in libgpg-error in case gnupg 2.2 is
build against an older version of libgpg-error.
* common/w32-reg.c (read_w32_registry_string): Add another fallback.
--
We use the same method in gpgme and libgpg-error since 2017 - should
be done here as well. Thus the fallback also happens if the key
exists but not the actual entry.
* common/miscellaneous.c (gnupg_reallocarray): New.
(xreallocarray): New.
--
Taken from libgpg-error so that we can build with older versions of
libgpg-error.
* common/w32-reg.c (get_root_key): Add short version of the root
classes.
--
The code here is only used by gpgconf's new --show-configs command.
Usually on Windows the code from gpgrt is used for reading the
registry. This one here is an exception and when backporting it I
missed to add the HKCU etc al string.
Fixes-commit: 6c6c404883e52545ed38293384c95fdacb7227c4
GnuPG-bug-id: 5724
* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
(i18n_localegettext): Ditto.
* tools/gpgconf-comp.c (my_dgettext): Ditto.
--
On Unix, gnupg_localedir() returns the locale directory relative to
the root directory of the gnupg installation if specified in the
gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR.
GnuPG-bug-id: 5999
* common/homedir.c (MYPROC_SELF_EXE): New.
(unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as
fallback.
--
In addition this adds a fallback method for AIX etc which do not have
an easy way to get the info.
* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
(gnupg_sysconfdir): Return it.
--
Our regression test suite has the problem that we can't disable the
use of the global config files or test them using the regualr
binaries. This new keyword will allow us to overcome the problem.
* common/homedir.c (unix_rootdir): New.
(gnupg_bindir): Use it.
(gnupg_libexecdir): Use it.
(gnupg_libdir): Use it.
(gnupg_datadir): Use it.
(gnupg_localedir): Use it.
--
This feature is useful for building and using an AppImage version of
gnupg and probably also for some other use cases.
GnuPG-bug-id: 5999
Here is a sample gpgconf.ctl file
--8<---------------cut here---------------start------------->8---
# gpgconf.ctl
#
# This file is used to change the directories where the gpg components
# are installed. It does not change the configuration directories.
# The file is expected in the same directory as gpgconf. The physical
# installation directories are evaluated and no symlinks. Blank lines
# and lines starting with pound signed are ignored. No errors are
# printed for unknown keywords or commands. The only defined key for
# now is "rootdir" which must be followed by one optional space, an
# equal sign, and the value for the root directory. Environment
# variables are substituted in standard shell manner, the final value
# must start with a slash, trailing slashed are stripped.
rootdir = $APPDIR/gnupg
--8<---------------cut here---------------end--------------->8---
* common/stringhelp.c (substitute_envvars): New. Based on code in
gpg-connect-agent.
* common/t-stringhelp.c: Include sysutils.h.
(test_substitute_envvars): New.
--
GnuPG-bug-id: 5599
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--
This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d
* common/membuf.c (put_membuf): Allow NULL for the second arg.
--
Cherry-picked from master commit of:
f271c6916469c0054c143adb4cee0588866a2a61
There has been such a use case in keybox-blob.c.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/miscellaneous.c (decode_c_string): New.
--
This is basically a copy from the code we use in gpgme and gpa.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6ecedd0b25b6b1a33be63b99f2a8256370000521)
* common/recsel.c (recsel_parse_expr): Add flag -t.
* common/stringhelp.c (strtokenize): Factor code out to
do_strtokenize.
(strtokenize_nt): New.
(do_strtokenize): Add arg trim to support the strtokenize_nt.
* common/t-stringhelp.c (test_strtokenize_nt): New test cases.
* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
flag -t.
--
This fixes a bug with user ids with leading spaces because:
wks-client lists all mail addresses from the key and matches them to the
requested mail address.
If there are several user-ids all with the same mail address
wks-client picks one of them and then extracts exactly that user id.
However, here it does not match by the mail address but by the full
user-id so that we can be sure that there will be only one user-id in
the final key.
The filter built expression unfortunately strips leading blanks but
requires a verbatim match. Thus it won't find the user id again and
errors out.
The new -t flag and a non-trimming strtokenize solves the problem.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
instead of the constant which makes a difference on Windows.
(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
(gnupg_cachedir): Remove unsued function.
* common/sysutils.c (gnupg_rmdir): New.
* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
--
That is actually a more correct directory than APPDATA. This fixes
a problem with installations where the APPDATA is non a network drive
and the resulting socket filename is truncated in our socket helper
function (because we use sockaddr also for our local socket
emulation on Windows).
LOCAL_APPDATA is expected to be on the local box and thus in the
majority of cases the resulting socket file name will be short enough.
GnuPG-bug-id: 5537
Signed-off-by: Werner Koch <wk@gnupg.org>
Backport-from-master: 0802cbb59b21e06e16b4fd8596934c5565e7f659
* common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
QT_QPA_PLATFORM.
--
On Unix systems (except Darwin), Qt uses those two environment
variables additionally to DISPLAY and WAYLAND_DISPLAY to figure out
whether to use X11 or Wayland. For example, QT_QPA_PLATFORM needs
to be set to "wayland" to make Qt use Wayland on Gnome.
GnuPG-bug-id: 3659
* common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
errors.
--
For unknown reasons some versions of Fedora or RHEL provide a patched
version of Libgcrypt with Brainpool support removed. We better ignore
this error because it is a regression in 2.2.28 although that older
versions could not used Brainpool keys.
GnuPG-bug-id: 5502
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
error.
--
To test this switch the Windows Console to "legacy mode"
set LANG=de
gpg --card-edit
and enter an invalid command. The response contains an Umlaut and old
Windows versions (and the legacy console) don't have a proper font
installed for this. Without this patch this runs into a log_fatal
error.
The mitigation we implement is to fallback to WriteConsoleA, that is
accepting wrong encoding and to print a note about the problem.
GnuPG-bug-id: 5491
* g10/openfile.c (overwrite_filep): Use gnupg_access.
--
As said, this is just an obvious but partial fix. We need to review
things for the output module.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-w32.c (gnupg_spawn_process): Change to use
CreateProcessW.
(gnupg_spawn_process_fd): Ditto.
(gnupg_spawn_process_detached): Ditto.
* g10/exec.c (w32_system): Ditto.
--
GnuPG-bug-id: 4398
We do not use this weirdo CREATE_UNICODE_ENVIRONMENT flag because it
does not make any sense to have non-ASCII names in the environment. I
can't imagine why this should be used at all and rationale for this
API features is, well, sparse.
(cherry picked from commit cf2f6d8a3f0594c03c383b4989a3041e9c4536d7)
* common/exechelp-w32.c (gnupg_spawn_process_detached): Add
CREATE_BREAKAWAY_FROM_JOB creation flag if required.
--
When the gpg process is assigned to a W32 "Job" the
child processes are killed once the Job is finished.
As we want our detached processes to linger e.g.
gpg-agent the breakaway flag is required in
that case.
GnuPG-Bug-Id: T4333
Thanks to Jan Echternach for reporting this and providing
a patch.
Signed-off-by: Andre Heinecke <aheinecke@gnupg.org>
(cherry picked from commit 03df28b18b92b3fd3d2ba1000903c088dc5b0fcf)
* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
UTF-8 for input and putput. Switch gettext to UTF-8.
* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
--
With this patch the former patch to use ReadConsoleW and WriteConsoleW
in ttyio.c are kind of superfluous because the ANSI version of these
functions are also able to read/write UTF-8 directly given the console
code page has been set correctly. However, this seems to work only
with recent versions of Windows-10.
GnuPG-bug-id: 4365
(cherry picked from commit 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8)
Removed changes for "gpgconf --show-codepages" of the original patch.