* autogen.sh: Update to version 2024-07-04 from libgpg-error.
* configure.ac (BUILD_REVISION): Rename the ac_define by
BUILD_COMMITID.
* tools/gpgconf.c (show_version_gnupg): Use it here.
--
(cherry picked from commit 736579331b)
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_it): Print a note if an ADSK key was used.
Use the new get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--
This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
"oops: public key not found for preference check\n"
due to ADSK keys. The error is mostly harmless but lets gpg return
with an exit code of 2.
Backported-from-master: 882ab7fef9
* agent/findkey.c (agent_write_private_key): Init FP.
--
With
Fixes-commit: 3b69d8bf71
we took a shortcut but forgot to init FP which is usually set after
the new check. At least in the AppImage this always triggered a segv
and gpg or Kleopatra had to restart the agent. Not a problem in 2.4
becuase this code is a hack we don't need in 2.4 due to that new
ephemeral key storing feature.
GnuPG-bug-id: 6944
* common/util.h (GPG_ERR_BAD_RESET_CODE): New replacement.
(GPG_ERR_NO_RESET_CODE): New.
(GPG_ERR_BAD_PUK): New.
--
But as least 1.38 is required. Tested with 1.42
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro. Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff. Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO. Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags. More debug output. Handle cramming
here. Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates. Adjust for
changes in _tlv_parser_next. Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.
* sm/minip12.c (dump_to_file): New. Enable in debug mode and if an
envvar ist set. Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
* common/tlv-parser.c: New
* common/Makefile.am: Add new file.
--
GnuPG-bug-id: 7213
Backported-from-master: 690fd61a0c
This backport required to introduce the new tlv-parser.c file and
remove most source copied stuff from minip12.c. Thus the above
ChangeList is not fully correct.
* g10/getkey.c (lookup): Skip keys with unknown algos.
--
If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out. Thus decryption of proper
messages was not possible. This fix skips such secret keys.
* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.
--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40c
(cherry picked from commit dcb0b6fd48)
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
(cherry picked from commit 379fc5569d)
* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 021c27510b)
* scd/app-openpgp.c (pin2hash_if_kdf): DEK had been changed to pointer
to allocated memory, so, we need to use DEKLEN for the length.
--
GnuPG-bug-id: 7121
Fixes-commit: 20e85585ed
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/options.h (COMPAT_VSD_ALLOW_OCB): Remove.
* g10/gpg.c (compatibility_flags): Remove "vsd-allow_ocb".
(main): Alwas set CO_EXTRA_INFO_VSD_ALLOW_OCB.
* g10/keygen.c (keygen_set_std_prefs): Always set OCB feature flag.
* g10/encrypt.c (use_aead): Always OCB also in de-vs mode.
* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): Remove.
* sm/gpgsm.c (compatibility_flags): Remove "allow-ecc-encr".
* sm/encrypt.c (encrypt_dek): Always allow ecc encryption.
* sm/certreqgen.c (proc_parameters): Likewise.
--
Both feature are meanwhile approved in de-vs mode thus there is no
more need for the flags.
* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages. Add a direct way to set it iff the key is encryption capable.
--
This could be done by using "set your own capabilities" for an RSA
key. In fact it was always set in this case.
GnuPG-bug-id: 7072
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--
GnuPG-bug-id: 7042
Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
* tools/gpg-check-pattern.c (read_file): Check length before calling
fread.
--
The problem with an empty file is that es_fread is called to read one
element of length zero which seems to be undefined behaviour and
results in ENOENT on my test box.
* tools/gpg-wks-client.c (mirror_one_key): Test for no domain
specified.
--
The code did not really work if no domain was given. It worked but
filtered out all keys so that no key was actually exported.
* g10/trustdb.c: Move some definitions around.
(user_utk_list): Rename to trusted_key_list. Change all users.
(any_trusted_key_seen): New.
(tdb_register_trusted_key): Set it here. Handle the new value "none".
(verify_own_keys): Do not delete a trusted key from the trustdb if a
trusted-key option was not used.
--
GnuPG-bug-id: 7025
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.
--
GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
available regardless of USE_TLS.
(send_request): Remove USE_TLS.
--
Since quite some time building w/o TLS won't work.
GnuPG-bug-id: 6997
* configure.ac: Require libgpg-error 1.38 and libksba 1.4.0
* common/util.h: Remove error number substitutes.
--
These versions were already needed for a successful compilation,
but it was not reflected by configure.
GnuPG-bug-id: 6974
Signed-off-by: Ángel González <angel@pgp.16bits.net>
util.h patch by wk.
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: efe325ffdf
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length
is longer than MINLEN.
--
GnuPG-bug-id: 6843
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 2376cdff13)
* scd/app-openpgp.c (wipe_and_free_string, wipe_and_free): Enable
functions.
(pin2hash_if_kdf): Change interface. The input PIN is not anymore
changed. Further there are no more assumptions about the length of
the provided buffer.
(verify_a_chv): Adjust for changed pin2hash_if_kdf.
(verify_chv2): Ditto
(verify_chv3): Ditto.
(do_change_pin): Ditto.
(do_sign): Ditto.
--
Note that this a part of the patch
63bda3aad8 which we used in 2.4 to
implement a PIN cache. For easier backporting we need to add this
here.
* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.
* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.
--
This was a regression in 2.2.42. We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42. With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.
GnuPG-bug-id: 6944