* build-aux/speedo.mk: Remove support gpgme.
* build-aux/speedo/w32/inst.nsi: Ditto.
* build-aux/speedo/w32/wixlib.wxs: Remove the gpgme components.
--
GPGME is either already availabale on Unix platforms or can be
installed on Widnows with gpg4win. GnuPG itself does not require
gpgme.
* g10/getkey.c (get_pubkey): Factor code out to ...
(get_pubkey_bykid): new. Add feature to return the keyblock.
(get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock.
Request a signing usage.
(get_pubkeyblock_for_sig): Remove.
(finish_lookup): Improve debug output.
* g10/sig-check.c (check_signature): Add arg r_keyblock and pass it
down.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Use the keyblock returned by do_check_sig to
show further information instead of looking it up again with
get_pubkeyblock_for_sig. Also re-check the signature after the import
of an included keyblock.
--
The problem here is that it is possible to import a key from someone
who added a signature subkey from another public key and thus inhibits
that a good signature good be verified.
Such a malicious key signature subkey must have been created w/o the
mandatory backsig which bind a signature subkey to its primary key.
For encryption subkeys this is not an issue because the existence of a
decryption private key is all you need to decrypt something and then
it does not matter if the public subkey or its binding signature has
been put below another primary key; in fact we do the latter for
ADSKs.
GnuPG-bug-id: 7527
* doc/Makefile.am: Ship gnupg.7.html with other html, not with
manpages.
--
Without this change, gnupg.7.html gets placed in /usr/share/manh/
Since it can't be correctly rendered by groff, this is undesirable.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/getkey.c (get_keyblock_byfpr_fast): Add arg primary_only and
implement.
* g10/import.c (import_one_real): Simplify filling the fpr buffer with
zeroes.
(import_one_real): Find key only by primary fingerprint.
--
This should have been done early: When looking up the original
keyblock we want to update, we need to lookup it up only using the
primary key. This avoids to find a key which has the primary key also
has a subkey.
GnuPG-bug-id: 7527
* g10/call-agent.c (agent_crosslink_keys): New.
* g10/keygen.c (common_gen): Store the Link attribute.
--
The Link attribute may be useful to quickly find the other part of a
composite private key.
GnuPG-bug-id: 6638
* g10/options.h (flags): Add field disable_pqc_encryption.
* g10/gpg.c (oDisablePQCEncryption): New.
(opts): Add --option.
(main): Set option.
* g10/getkey.c (finish_lookup): Skip subkeys if option is set.
--
This option can be used to avoid the use of Kyber encryption subkeys
if this does not make sense (i.e. protection of local files).
* kbx/keybox-fwddecl.h: New.
* kbx/keybox.h: Replace typedef for KEYBOX_HANDLE by including the new
file.
* g10/keydb-private.h: Ditto.
--
The duplicated typedef was a bit ugly and will fail, depending on
compiler, iof for example building without keyboxd. Fix only tested
in the standard case but the fix is obvious.
* tests/gpgscm/ffi.c (do_process_spawn_io): Fix use of FD_ISSET.
--
This bug was detected on an i686 with gcc 4.1 and Linux 2.6.18
Fixes-commit: 1b0ce9918c321a5060fb7c59a234ab683187e8c1
* tests/gpgscm/scheme.c (MY_GCC_VERSION): New.
(type_to_string): Use gcc build in only when supported.
--
Note that we do not wnat to use the GPGRT macro to keep this file as
close to upstream as possible.
* g10/gpg.c (set_compliance_option) <oDE_VS>: Change.
--
This version has not yet been evaluated and thus we are able to
change it to a more useful default.
* g10/gpg.c (set_compliance_option): Base most settings on oGnuPG.
For oGnuPG explictly clear the allow_old_cipher_algos flag.
--
Note that --allow-old-cipher-algos must now come after a compliance
settings. This avoids a bug when first setting oRFC2440 and then
oGnuPG which would not clear the flag.
GnuPG-bug-id: T7501
* doc/gpg.texi (Compliance options): Explain that when multiple
--compliance options are given, the final one supersedes any previous
option.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (set_compliance_option): oPGP7 and oPGP8 both restore
policy-relevant default options before setting the compliance flag.
--
With this change, any ordering of --compliance options will always
result in the options selected from the last option given.
GnuPG-bug-id: 7501
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (set_compliance_option): oGnuPG restores default
policy-affected options, moved from...
(main): ...here. Invoke set_compliance_option(oGnuPG) directly
instead of just setting opt.compliance.
--
Some of these default option values (flags.dsa2, rfc2440_text,
allow_non_selfsigned_uid, allow_freeform_uid) had to be inferrerd from
the fact that the opt struct is static and therefore initialized to
zero by the compiler.
With this change, --compliance=gnupg now completely reverts to the
defaults that were changed from other --compliance= options.
GnuPG-bug-id: T7501
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (set_compliance_option): clear
opt.flags.require_cross_cert with oRFC2440
--
This aligns with the expectations in RFC 2440, which doesn't specify
any cross-certifications. As doc/gpg.texi says: "This is dangerous",
but it aligns with the specification.
The comment above says that 4880 is the same as 2440, "but with [...]
--require-cross-certification", so we align the code with the intent
from the comment. It looks like opt.require_cross_cert was turned on
by default after that comment (and the oRFC2440 section) was written,
but the oRFC2440 section was never updated to turn it off.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/command-ssh.c (ssh_send_available_keys): Adjust key counter
for skipped keys.
--
Fixes-commit: 8b8a8b246c443d5631a88ec59b88edf00aa0ff51
which introduced a regression due to an extra variable for counting
the keys.
The bug showed up for example if a card with a Brainpool Auth key was
also used. Unfortunately OpenSSH still does not allow for Brainpool
keys.
* tools/gpg-authcode-sign.sh: Skip too short files and rename certain
files to ".dll".
--
osslsigncode requires file suffixes of exe or dll but not dll-x or
dll-ex which we use in our gpg4win build system. This adds
workarounds for this and for short dummy files.
* g10/card-util.c (USER_PIN_DEFAULT): Move to the top. Same for the
other constants.
(show_pin_hint): New.
(generate_card_keys): Use show_pin_hint.
(do_change_keyattr): Also show pin hint here.
(change_name): And here.
--
We used to show a hint for the default PINs only before generate.
However it is often useful to first change the attributes and thus the
hint should be show here as well.
The above is only done if no name has yet been set, thus before
setting the name we also show the hint.
* agent/gpg-agent.c (opts): Rename option supervised.
* dirmngr/dirmngr.c (opts): Ditto.
--
The --supervised way to start gpg-agent has been deprecated for 2.5
years and will probably entirely removed with version 2.6.0. To allow
its use until its removal the systemd service description need to be
adjusted to use this option. The reason for the deprecation are
conflicts with the way systemd starts gpg-agent and gpg expects how
gpg-agent is started. In particular gpg expects that the gpg-agent
matching its own version is started. Further the systemd way is not
portable to other platforms and long term experience on Windows has
show that the standard way of starting gpg-agent is less error prone.
Note to those who want to re-introduse this option: Pretty please do
not use socket names conflicting with our standard socket names. For
example use /run/user/1000/foo-gnupg/S.gpg-agent.
* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
PQC encryption was required or if all recipient keys are Kyber keys.
--
If --require-pqc-encryption was set, then it should be safe to always
force AES-256, without even checking if we are encrypting to Kyber keys
(if some recipients do not have Kyber keys, --require-pqc-encryption
will fail elsewhere).
Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless
the user explicitly requested another algo, in which case we assume they
know what they are doing.
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Man page entry extended
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session
key of less than 32 octets encrypted to a Kyber key.
--
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
--
(proofread by the debian-l10n-french team)
GnuPG-bug-id:7469
Changed original patch to use positional arguments for
"un hachage de %1$u bits n'est pa[...]"
