* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--
GnuPG-bug-id: 7042
Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--
GnuPG-bug-id: 7042
Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
* g10/options.h (LIST_STORE_X509_NOTATIONS): New.
* g10/gpg.c (parse_list_options): Add "store-x509-notations".
* g10/keylist.c (print_x509_notations): Add arg PK and code to write a
file.
(list_signature_print): Add arg lastpk and handle new option.
(list_keyblock_print): Track last key or subkey and pass to
list_signature_print.
* g10/sign.c (sign_symencrypt_file): Initialize MD for the error case.
--
Reported-by: Falko Strenzke
Fixes-commit: 1ddd69935d
in the not yet released master branch.
* tools/gpg-wks-client.c (mirror_one_key): Test for no domain
specified.
--
The code did not really work if no domain was given. It worked but
filtered out all keys so that no key was actually exported.
* g10/trustdb.c: Move a function and some definitions around.
(user_utk_list): Rename to trusted_key_list. Change all users.
(any_trusted_key_seen): New.
(tdb_register_trusted_key): Set it here. Handle the new value "none".
(verify_own_keys): Do not delete a trusted key from the trustdb if a
trusted-key option was not used.
--
GnuPG-bug-id: 7025
* g10/options.h (EXPORT_REALCLEAN): New. Also re-assign other values
to keep them more in sync with the corresponding import values.
* g10/export.c (parse_export_options): Add "export-realclean".
(do_export_stream): Call clean_all_uids directly with the options
arg.
* g10/import.c (import_one_real): Change for direct use of options in
clean_all_uids.
* g10/key-clean.c (is_trusted_key_sig): New. Stub for now.
(clean_sigs_from_uid): Re-purpose self_only to a general options arg.
Implement EXPORT_REALCLEAN code path.
(clean_one_uid): Re-purpose self_only to a general options arg.
(clean_all_uids): Ditto.
* g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple
flag.
(menu_clean): Re-purpose self_only to a general options arg.
* g10/keyid.c (fpr20_from_pk): Factor code out to ....
(fpr20_from_fpr): new. Remove useless case for ARRAY being NULL.
* g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use
fpr20_from_fpr if needed.
(tdbio_search_trust_bypk): Pass 20 for the fingerprint length.
--
Note that this code has no function yet. Another patch will follow to
extract the trusted-keys flag from the trustdb.
* g10/compress-bz2.c: Replace all log_fatal by log_error,
write_status_error, and g10_exit.
(do_uncompress): Ditto.
--
This gives gpgme a better way to detect corrupted data in the
compression layer.
GnuPG-bug-id: 6977
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program. Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--
GnuPG-bug-id: 7017
* g10/build-packet.c (gpg_mpi_write): Take care of the fact that
get_opaque already returns a bit-exact value.
--
Fixes-commit: ab17f7b6c3
Reported-by: Falko Strenzke <falko.strenzke@mtg.de>
* g10/ecdh.c (pk_ecdh_decrypt): Allocate just the right size of memory
for the session key, simplifying the decrypt process.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keygen.c (struct common_gen_cb_parm_s): New.
(common_gen): Add args common_gen_cb and common_gen_cb_parm. Adjust
all callers.
(do_generate_keypair): Clarify the code by using a better var name.
--
We may eventually also replace the long arg list with that object.
The immediate reason for this change is the followup commit.
* g10/keygen.c (curve_is_448): New.
(do_create_from_keygrip): Pass arg keygen_flags byref so that it can
be updated. Set v5 flag for X448.
(gen_ecc): Ditto.
(do_create): Change keygen_flags as above. For robustness change
checking for Ed448.
(do_generate_keypair): Change keygen_flags as above
(generate_subkeypair): Ditto.
(gen_card_key): Ditto. Support v5 keys.
--
GnuPG-bug-id: 6942
* g10/keygen.c (proc_parameter_file): Don't include RENC in the
default usage.
--
Testplan:
$ gpg --gen-key --batch <<EOF
Key-Type: EDDSA
Key-Curve: ed448
Key-Usage: cert
Name-Real: Meh Muh
Name-Email: test-3@example.org
Expire-Date: 2025-01-01
Passphrase: abc
subkey-type: ecdh
Subkey-curve: cv448
EOF
and check that the R flag does not show up in the usage.
* g10/keygen.c (parse_revocation_key): Actually allow for v4
fingerprints.
--
Note that the use of the parameter file is deprecated.
GnuPG-bug-id: 6923
* g10/sign.c (do_sign): Skip compliance check for revocation certs.
--
It just does not make sense to inhibit the creation of revocations
depending on the compliance mode. We do this only for key revocation
but not for another kind of revocation because the rationale for uid
or subkey revocation is more complicated to explain.
* g10/parse-packet.c (parse_key): Detect the SKI algo 253.
--
As long as we have not yet implemented this we should at least be
able to detect this case.
* g10/call-agent.c (agent_probe_secret_key): Do not return an error
but 0.
* g10/getkey.c (finish_lookup): Improve the selection of secret keys.
--
GnuPG-bug-id: 6831
* g10/call-keyboxd.c (keydb_default_status_cb): New.
(keydb_update_keyblock): Add new status callback.
(keydb_insert_keyblock): Ditto.
(keydb_delete_keyblock): Ditto.
(search_status_cb): Also try the new status callback.
* sm/keydb.c (keydb_default_status_cb): New.
(keydb_insert_cert): Add new status callback.
(keydb_delete): Ditto
(search_status_cb): Also try the new status callback.
--
GnuPG-bug-id: 6838
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.
--
Cherry-pick from master commit of:
2f872fa68c
GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
GnuPG-bug-id: 6654
The drawback of this solution is that we don't see any IPC lines from
the assuan_transact. Everything else would require larger changes to
libassuan.
* g10/misc.c (pubkey_get_nenc): Add ky768 and ky1024 values.
* g10/parse-packet.c (read_octet_string): New.
(read_size_body): Rename to ...
(read_sized_octet_string): this and change args to update-able PKTLEN.
(parse_pubkeyenc): Split general parsing loop for easier reading.
Implement parser for the Kyber algorithms.
--
Take care: this has not been tested at all, it merely passes the
regression test for the other algos.
Kyber is also known as ML-KEM in FIPS-203.
The list mode is slighly changed: In case of a parsing error no data
is printed - before that already parsed data was printed.
GnuPG-bug-id: 6815
* g10/sign.c (sign_file): Initialize gcry_md_hd_t to NULL.
--
There are several jumps to leave before gcry_md_open is called so
md should be initialized to NULL to avoid calling gcry_md_close
on an uninitalized variable.
GnuPG-Bug-Id: T6780
* g10/keygen.c (parse_expire_string_with_ct): Use new function
scan_secondsstr.
(parse_creation_string): Ditto.
--
Noet that we cap the seconds at the year 2106.
GnuPG-bug-id: 6736
Modelled after key_expires/key_expires_d.
This should be useful to detect upcoming certification expiry, so the
certifications can be renewed in advance of the expiry.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* g10/trustdb.c (tdb_clear_ownertrusts): Detect stale validity
records.
--
GnuPG-bug-id: 6399
This problem was introduced by an actually very useful patch
2002-12-13 David Shaw <dshaw@jabberwocky.com>
[...]
* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.
[the last part]
The bug exhibited itself only after signing a key, deleting that key
and then re-importing the original non-signed key.
* common/asshelp.h (ASSHELP_FLAG_AUTOSTART): New.
* common/asshelp.c (start_new_service): Rename arg autostart to flags
and adjust checks.
(start_new_gpg_agent): Likewise. Change all callers.
(start_new_keyboxd): Likewise. Change all callers.
(start_new_dirmngr): Likewise. Change all callers.
--
It is easier to have a generic flags arg instead of adding more and
more dedicated args. verbose and debug are kept as they are because
they are not boolean.
* g10/keygen.c (parse_expire_string_with_ct): New function, optionally
supply the creation time.
(parse_expire_string): Use parse_expire_string_with_ct with no
creation time.
(proc_parameter_file): Use parse_expire_string_with_ct possibly with
the creation time.
--
Cherry-pick from master commit of:
b07b5144ff
GnuPG-bug-id: 5252
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keygen.c (parse_expire_string_with_ct): New function, optionally
supply the creation time.
(parse_expire_string): Use parse_expire_string_with_ct with no
creation time.
(proc_parameter_file): Use parse_expire_string_with_ct possibly with
the creation time.
--
GnuPG-bug-id: 5252
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/openpgpdefs.h (PUBKEY_ALGO_KY768_25519): New.
(PUBKEY_ALGO_KY1024_448): New.
(PUBKEY_ALGO_DIL3_25519): New.
(PUBKEY_ALGO_DIL5_448): New.
(PUBKEY_ALGO_SPHINX_SHA2): New.
* g10/keygen.c (parse_key_parameter_part): Force v5 keys for these
algos.
* g10/keyid.c (pubkey_string): Add mapping.
* g10/misc.c (openpgp_pk_algo_usage): Add standard key usage.
--
See draft-wussler-openpgp-pqc-01.txt for the code points. To limit
the number of algorithms, only MUST and SHOULD algorithms are
considered.
* g10/photoid.c (w32_system): Add comment about hInstApp, why we use
the integer value of possibly smaller size for the debug output.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (opts): Use string for oLoggerFD, oOverrideSessionKeyFD,
oStatusFD, oAttributeFD, oCommandFD, and oPassphraseFD.
(main): Use translate_sys2libc_fdstr.
* g10/gpgv.c (opts): Use string for oLoggerFD, and oStatusFD.
(main): Use translate_sys2libc_fdstr.
* sm/gpgsm.c (opts): Use string for oLoggerFD, oStatusFD, and
oPassphraseFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpg-auth.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
tools/gpg-card.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpg-pair-tool.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpg-wks-client.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpgconf.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpgtar-create.c (gpgtar_create): Fix for opt.status_fd.
* tools/gpgtar-extract.c (gpgtar_extract): Fix for opt.status_fd.
* tools/gpgtar-list.c (gpgtar_list): Fix for opt.status_fd.
* tools/gpgtar.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpgtar.h (opts): Use string for oStatusFD.
--
GnuPG-bug-id: 6551
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args. For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.
* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit.
* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.
--
GnuPG-bug-id: 6534
* g10/import.c (impex_filter_getval): Support new filter properties.
--
Here is how to list all subkeys expiring in the year 2061:
gpg --list-keys --list-filter
'select= sub/key_expires_d -gt 2061-01-01 \
&& sub/key_expires_d -lt 2061-12-31'
To list all primary key expirations, use the "pub/" prefix and to list
all expiration dates use no prefix.
GnuPG-bug-id: 6509
* g10/call-keyboxd.c (gpg_keyboxd_deinit_session_data): Release
the assuan connection before kbx_client_data_release.
(open_context): Enable use of the data pipe.
* sm/keydb.c (gpgsm_keydb_deinit_session_data): Release the
assuan connection before kbx_client_data_release.
(open_context): Enable use of the data pipe.
* kbx/kbx-client-util.c (struct kbx_client_data_s): Add THD field.
(prepare_data_pipe): Close the pipe output end as it's been sent
already. Remember the KCD->THD, so that it can be joined later.
(datastream_thread): Finish when reading no data from the pipe.
(kbx_client_data_release): Join the thread. Then, we can safely
call es_fclose on the FP.
--
GnuPG-bug-id: 6512
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/mainproc.c (check_sig_and_print): Don't abort computation in
the function, but returns an error.
(proc_tree): Break the loop, when check_sig_and_print returns an
error.
--
GnuPG-bug-id: 6512
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--
If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to. The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.
This is related to
GnuPG-bug-id: 6504
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--
If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to. The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.
This is related to
GnuPG-bug-id: 6504
