* common/openpgpdefs.h (PUBKEY_ALGO_KY768_25519): New.
(PUBKEY_ALGO_KY1024_448): New.
(PUBKEY_ALGO_DIL3_25519): New.
(PUBKEY_ALGO_DIL5_448): New.
(PUBKEY_ALGO_SPHINX_SHA2): New.
* g10/keygen.c (parse_key_parameter_part): Force v5 keys for these
algos.
* g10/keyid.c (pubkey_string): Add mapping.
* g10/misc.c (openpgp_pk_algo_usage): Add standard key usage.
--
See draft-wussler-openpgp-pqc-01.txt for the code points. To limit
the number of algorithms, only MUST and SHOULD algorithms are
considered.
* common/iobuf.c (translate_file_handle): Change the return type to
gnupg_fd_t, not to lose the bits for HANDLE silently.
(do_iobuf_fdopen): Use the type gnupg_fd_t for the first argument.
(do_open): Use do_iobuf_fdopen instead of iobuf_fdopen.
(iobuf_fdopen, iobuf_fdopen_nc): Follow the change of API.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.c (translate_sys2libc_fd_int): Fix the cast.
--
FD should have a valid value here. For erroneous cases, it must be
rejected by argparse handling.
GnuPG-bug-id: 6551
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.c (gnupg_parse_fdstr): Rename from
gnupg_sys2libc_fdstr, as there is no translation any more.
* common/sysutils.h (gnupg_parse_fdstr): Rename from
gnupg_sys2libc_fdstr.
* tools/gpgtar.c (main): Use gnupg_parse_fdstr, in cleaner way.
--
GnuPG-bug-id: 6562
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args. For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.
* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit.
* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.
--
GnuPG-bug-id: 6534
* dirmngr/server.c (cmd_ad_query): Add options --help and --subst.
(cmd_getinfo): Add sub-command "sid".
* dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New.
* dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New.
(getval_for_filter): New.
(map_rid_to_dn): New.
(ks_ldap_query): Support variables.
--
The new variables features makes it easier to write AD queries without
requiring domain specific expressions.
* common/stringhelp.c (substitute_envvars): Factor code out to
(substitute_vars): new.
(subst_getenv): New.
--
This is a generalized version of substitute_envvars.
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.
--
GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.c (gnupg_setenv): Only enable use of _putenv_s with
Security Feature in the CRT.
(gnupg_unsetenv): Use _putenv_s when available.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.c (gnupg_setenv): Use _putenv_s.
--
This may break build on original MinGW, but works well with MinGW-W64.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/homedir.c (gnupg_maybe_make_homedir): Factor some code out to
...
(create_common_conf): new.
(standard_homedir): Call it also from here.
--
Fixes-commit: d9e7488b17
* common/util.h (GNUPG_MODULE_NAME_GPGTAR): New.
* common/homedir.c (gnupg_module_name): Add it.
* tools/gpgtar.c: Include comopt.h.
(enum cmd_and_opt_values): Add oDebug.
(opts): Add --debug.
(any_debug): New.
(main): Parse common.conf.
--
Having a way to see the output of gpgtar is often useful for
debugging. The only effect of the debug option is to show whether
common.conf was read.
* common/openpgp-oid.c (openpgp_curve_to_oid): Repalce strmcp by
ascii_strcasecmp.
(openpgp_oid_or_name_to_curve): Ditto.
(openpgp_is_curve_supported): Ditto.
(get_keyalgo_string): Ditto.
--
It was just to hard to remember the correct capitalization of
names like brainpoolP512r1.
* common/homedir.c (gnupg_maybe_make_homedir): Also create a
common.conf.
* g10/keydb.c: Include comopt.h.
(maybe_create_keyring_or_box): Detect the creation of a common.conf.
* g10/gpg.c (main): Avoid adding more resources in this case.
* sm/keydb.c: Include comopt.h.
(maybe_create_keybox): Detect the creation of a common.conf.
* common/comopt.h (comopt): Remove the conditional "extern".
* common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private
keys.
(pubkey_algo_string): Ditto.
* scd/app-openpgp.c (do_writekey): Switch key attributes
--
The scd WRITEKEY command for OpenPGP cards missed proper support to
aautomagically switch key attributes based on the new key. We had
this only in GENKEY.
GnuPG-bug-id: 6378
* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New.
* dirmngr/crlcache.c (cache_isvalid): Set this status.
(crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
(crl_cache_reload_crl): Move diagnostic to ...
* dirmngr/crlfetch.c (crl_fetch): here.
* dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
* dirmngr/validate.c (check_revocations): Handle new status. Improve
diagnostics.
* common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ.
* common/audit.c (proc_type_verify): Ditto.
--
This avoids repeated loading of CRLs in case of untrusted root
certificates.
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--
Note that this works only if --assume-binary is given. The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.
* common/openpgp-oid.c (oidtable): Add them.
(oid_ed25519_v5, oid_cv25519_v5): New.
(openpgp_oidbuf_is_ed25519): Take new OID in account.
(openpgp_oidbuf_is_cv25519): Ditto.
--
ed25519 is used in GnuPG and other implementations since 2015 and thus
we can't simply switch to the shorter OIDs. However, we have not
widely used them with v5 keys (only ed448 forced the use of v5) and
thus it might be possible to use the new OIDs with v5 keys.
Note that Libgcrypt supports the new OIDs even in 1.8.
* common/name-value.c (nvc_get_boolean): Rewrite.
--
The function may now return a positive or negative number instead of
just 1 for true. All callers were already prepared for this.
GnuPG-bug-id: 6212
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--
The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key. The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.
Fixes-commit: fb26e144ad
GnuPG-bug-id: 5655
* common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature.
(file_filter): Implement peeking.
(iobuf_ioctl): Add new IOBUF_IOCTL_PEEK.
* common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New.
* common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF.
* g10/encrypt.c (encrypt_simple): Peek before detecting compression.
(encrypt_crypt): Ditto.
* g10/sign.c (sign_file): Also detect already compressed data.
* g10/options.h (opt): Add explicit_compress_option.
* g10/gpg.c (main): Set opt.explicit_compress_option for -z.
--
Note that this patch also introduces a compression check for signing
which was never done in the past.
GnuPG-bug-id: 6332
* common/compliance.c (gnupg_pk_is_compliant): Also consider the
gcrypt vids for ECDSA et al.
(gnupg_pk_is_allowed): Ditto.
* sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance
notice for a non-compliant key.
* sm/certchain.c (gpgsm_validate_chain): Silence the "switching to
chain model".
* common/sysutils.c (gnupg_unsetenv): Don't use nonstandard extension
of "NAME", but "NAME=".
--
Microsoft implementation of putenv works to remove an environment
variable by "NAME=".
POSIX doesn't say that putenv with "NAME=" has same effect. GNU
implementation doesn't support this way for removal of environment
variable.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.c (gnupg_tmpfile): Use different value for next
attempt.
--
The resolution of system timer is typically in the range of 10
milliseconds to 16 milliseconds. Thus, before the change, it may
fail. Actually, it failed with Wine emulation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/tlv.c (parse_ber_header): Protect agains integer overflow.
--
Although there is no concrete case where we use the (nhdr + length),
it is better to protect against this already here.
* common/homedir.c (unix_rootdir): Add ".enable" statement to
gpgconf.ctl
* tests/gpgconf.ctl.in: Use this statement.
* tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Enable .enable.
(TESTS_ENVIRONMENT): Ditto.
* tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/migrations/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto.
--
Without that it was required to delete the gpgconf.ctl to run manual
tests.
What a hack.
* common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for
ECC curve.
--
See oidtable in common/openpgp-oid.c.
Fixes-commit: 8e650dbd48
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/comopt.c (opts): Add "no-autostart".
(parse_comopt): Set it.
* common/comopt.h (comopt): Add no_autostart.
* g10/gpg.c (main): Take care of the new option.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add.
(main): Parse common options and handle new option.
* tools/gpg-card.c (main): Ditto.
(cmd_yubikey): Fix minor error reporting issue.
* common/util.h (GNUPG_MODULE_NAME_CARD): New const.
* common/homedir.c (gnupg_module_name): Support it.
--
Having a global option makes it easier to use disable autostart on a
server which is required to use a remote gpg-agent reliable.
* common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and
change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key. Indicate whether the HKLM fallback was used.
--
Note that this is backport from 2.2. The new support there for
REG_DWORD needs to be implemented in libgpg-error, though.
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--
This is similar to parse_debug_flags but does not support specifying a
value. This way we can more easily change the internal values or
re-use them for other purposes.
* common/dynload.h (dlopen): Use LoadLibraryEx and remove Windows CE
support.
--
Mingw's libloadapi.h has no prototype for LoadLibrary. Thus we use
LoadLibraryEx which is available Since Windows XP.
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
--
Note that the second patch is used to handle Unicode filenames which
are symbolic links.
* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.
--
GnuPG-bug-id: 5941
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/t-ssh-utils.c (FLAGS_NOFIPS): New.
(sample_keys): Add flags member.
(main): Detect if libgcrypt is in FIPS mode, try SHA256 fingerprints
first and expect the MD5 ones will fail.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* common/exechelp-w32.c (handle_to_fd): Use intptr_t.
(gnupg_wait_processes): Fix to use pid_to_handle.
--
Both of original MinGW and MinGW-W64 use intptr_t for the first
argument of _open_osfhandle. So, intptr_t is better here.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/dotlock.c (dotlock_take_unix): Do same when same PID
process detects stale lockfile. Add comment.
--
GnuPG-bug-id: 5884
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/mapstrings.c (struct intmapping_s): New.
(map_static_strings): New.
* common/stringhelp.c (do_strconcat): Rename to ...
(vstrconcat): this and make global.
* common/t-mapstrings.c (test_map_static_strings): New test.
