| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/armor.c (armor_filter): Fix faulty double increment.
* common/iobuf.c (underflow_target): Assert that the filter
implementations behave well.
--
This fixes a bug in a code path which can only be reached with special
crafted input data and would then error out at an upper layer due to
corrupt input (every second byte in the buffer is unitialized
garbage). No fuzzing has yet hit this case and we don't have a test
case for this code path. However memory corruption can never be
tolerated as it always has the protential for remode code execution.
Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073
which fixed
Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f
The bug was introduced on 1999-01-07 by me:
* armor.c: Rewrote large parts.
which I fixed on 1999-03-02 but missed to fix the other case:
* armor.c (armor_filter): Fixed armor bypassing.
Below is base64+gzipped test data which can be used with valgrind to
show access to uninitalized memory in write(2) in the unpatched code.
--8<---------------cut here---------------start------------->8---
H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze
a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA
gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA==
--8<---------------cut here---------------end--------------->8---
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--
Comments with stars on the left side are easier to read. Also a
long comment in the form
if (...)
/* This is a comment
* for the next block */
{
...
}
makes it hard to see the start of a block or hides a forgotten block.
In contrast to GNU common use we don't want this but put the comment
either into the block or with adjusted wording above the condition.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/iobuf.c (direct_open) [W32]: Always use a share mode read or
write.
* kbx/keybox-init.c (_keybox_ll_open): Ditto. This requires the
latest gpgrt to work.
--
Cherry pick 2.2 commit:
3971b2528f465dcac0ea75c77840cb22b6a969d3
This change might help with
GnuPG-bug-id: 7829
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/asshelp.c (start_new_service) [HAVE_W32_SYSTEM]: Remove the
socket before starting the daemon.
--
Forward port of the 2.2 commit:
7e2133bc16f86e6d8230688f500e95fd3bdbd28c
GnuPG-bug-id: 7829
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_rename_file): Factor out the wait function
to ...
(w32_wait_when_sharing_violation): New.
(w32_remove): New.
(gnupg_remove_ext): New.
(gnupg_remove): Now a wrapper arounf gnupg_remove_ext.
(gnupg_rename_file) [W32]: Use 32_remove with indefinite wait for
sharing violation.
--
Forward port of 2.2 commits:
7e3050547314f8c1625f2a1d9e116ff0b534a2bf
8491117f091ae9db1c1df2e6b9199ccde82a7d0a
This is based on a suggestion by Gniibe in
GnuPG-bug-id: 7829
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (NEED_GPGRT_VERSION): Require 1.56.
* g13/g13.c (main): Remove support of old gpgrt.
* sm/gpgsm.c (main): Likewise.
* tools/gpg-wks-client.c (wrong_args, main): Likewise.
* tools/gpgconf.c (my_read_reg_string): Likewise.
* common/util.h (GPG_ERR_UNEXPECTED_PACKET): Likewise.
* common/mapstrings.c (map_static_macro_string): Likewise.
--
GnuPG-bug-id: 7855
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/init.c [HAVE_W32_SYSTEM] (windows_semihosted_by_wine): New.
(_init_common_subsystems): Initialize the variable.
* common/stringhelp.c (change_slashes): Don't change slashes
under semi-hosted environment.
* common/util.h [HAVE_W32_SYSTEM] (windows_semihosted_by_wine): New.
* dirmngr/dns-stuff.c [HAVE_W32_SYSTEM] (check_inet_support): Disable
the check by "..localmachine" under semi-hosted environment.
--
GnuPG-bug-id: 7138
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (agent_kem_decrypt): Remove OPTION argument.
* agent/command.c (cmd_pkdecrypt): No option is needed.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use
gnupg_ecc_kem_simple_kdf.
(ecc_kem_decrypt): Support the S/MIME case too. Follow the change of
gnupg_ecc_kem_kdf.
(agent_kem_decrypt): Remove OPTION argument. Also support the S/MIME
case.
* common/kem.c (gnupg_ecc_kem_kdf): Support the S/MIME case too.
Don't support simple ECC part for combined KEM.
(gnupg_ecc_kem_simple_kdf): New.
* common/util.h (gnupg_ecc_kem_kdf): Support the S/MIME case too.
(gnupg_ecc_kem_simple_kdf): New.
* g10/pkglue.c (do_encrypt_kem): Use gnupg_ecc_kem_simple_kdf.
Use gnupg_ecc_kem_kdf with IS_GPG=1.
--
GnuPG-bug-id: 7811
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* common/homedir.c [HAVE_W32_SYSTEM] (gnupg_isatty): New.
* common/util.h (gnupg_isatty): Make it available on Windows.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_cipher_is_compliant): Support OCB for
gpg.
(gnupg_cipher_is_allowed): Ditto.
* g10/mainproc.c (proc_encrypted): Determine cipher mode and pass it
for the is_compliant test.
--
This patch also switches from just assuming CFB mode to passing the
correct mode to gnupg_cipher_is_compliant. Except for the legacy EAX
mode we only have these two modes and thus it does not really matter.
But correcting this is more future proof.
This was found while fixing
GnuPG-bug-id: 7804
|
| |
|
|
| |
* common/sysutils.c (output_debug_string): New.
|
| |
|
|
|
| |
* common/iobuf.c (is_file_compressed): Increase size of magic array.
Add magic for 7z.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_manu_notation_value): New.
* g10/build-packet.c (name_value_to_notation): New.
* g10/options.h (COMPAT_NO_MANU): New.
(LIST_SHOW_HIDDEN_NOTATIONS): New.
(VERIFY_SHOW_HIDDEN_NOTATIONS): New.
* g10/gpg.c (compatibility_flags): Add "no-manu".
(parse_list_options): Add "show-hidden-notations".
(main): Ditto for verify-options.
* g10/import.c (list_standalone_revocation): Implement new list option.
* g10/mainproc.c (check_sig_and_print):Ditto
* g10/keyedit.c (keyedit_print_one_sig): Ditto.
* g10/keylist.c (list_signature_print): Ditto.
(show_notation): Handle hidden notation.
* sm/keylist.c (oidtranstbl): Add OID for manu.
* g10/sign.c (mk_notation_policy_etc): Add arg with_manu and insert
extra notation.
(write_signature_packets): Request manu notation in certain cases.
(make_keysig_packet): Ditto.
--
See DETAILS for a description of the format. Obviously this leaks the
version of the used GnuPG version (major and minor only) and the fact
that it was generated by GnuPG. However, by close inspection of the
order of packets and and other meta data similar information can be
found. We include this information to help the support desk to figure
out problems. Sometimes users have very very old versions and the
help desk needs to employ core developers to figure the cause. Having
this information may eventually allow for better user support. This
feature can be disabled unless certain compliance modes are enabled.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/openpgp-oid.c (oidtable): Don't include kem_algo.
(openpgp_oid_to_kem_algo): Remove.
--
The information is now retrieved by openpgp_oid_to_curve +
gnupg_get_ecc_params.
GnuPG-bug-id: 7698
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* common/util.h (struct gnupg_ecc_params): Add is_weierstrauss.
* common/kem.c (ecc_table): Update. Also add secp256k1.
--
GnuPG-bug-id: 7698
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (struct gnupg_ecc_params, gnupg_get_ecc_params): New.
(ECC_SCALAR_LEN_MAX, ECC_POINT_LEN_MAX, ECC_HASH_LEN_MAX): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key, ecc_extract_sk_from_key):
Follow the change of gnupg_get_ecc_params.
(ecc_raw_kem, ecc_pgp_kem_decap, composite_pgp_kem_decrypt): Likewise.
(ecc_kem_decrypt): Likewise.
(get_ecc_params): Move to...
* common/kem.c (gnupg_get_ecc_params): ... here
* g10/pkglue.c (ECC_POINT_LEN_MAX, ECC_HASH_LEN_MAX): Remove duplicates.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/helpfile.c (gnupg_get_template): Add arg locale_override and
adjust all callers.
* tools/wks-receive.c (struct receive_ctx_s): Add field ct_language.
(get_language): New.
(new_part): Call it.
(wks_receive): Pass language to the result callback.
* tools/gpg-wks-client.c (short_locale): New.
(main): Get and store the current locale.
(command_create): Fix a glitch for the Posteo hack. Insert the locale
into the confirmation request.
(send_confirmation_response): Ditto.
* tools/gpg-wks-server.c (struct server_ctx_s): Add field language.
(only_ascii): New.
(struct my_subst_vars_s, my_subst_vars_cb, my_subst_vars): New.
(send_confirmation_request): Use a template.
(send_congratulation_message): Ditto.
(check_and_publish): Pss ctx to send_congratulation_message.
(command_receive_cb): Add arg language.
* doc/wks-utils.txt, doc/wks-utils.de.txt: New.
* doc/Makefile.am (helpfiles): Add them.
--
GnuPG-bug-id: 7381
Note that the subject is not yet translated or templated due to a
missing header encoding function.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (GET_TEMPLATE_CURRENT_LOCALE): New.
(GET_TEMPLATE_SUBST_ENVVARS): New.
(GET_TEMPLATE_CRLF): New.
* common/helpfile.c (findkey_fname): Add arg flags and terminate line
with CRLF if requested.
(findkey_locale): Replace arg only_current_locale by flags and add arg
domain.
(gnupg_get_help_string): Factor all code out to ...
(gnupg_get_template): new. Add arg domain. Handle SUBST flags. Do
not trim tralins spaces with the CRLF flag.
* common/t-helpfile.c (main): Require domain name and add two options.
|
| |
|
|
|
|
|
|
|
|
| |
* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp
if the lengths are equal.
--
GnuPG-bug-id: 7662
Signed-off-by: Collin Funk <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (gnupg_ecc_kem_kdf): Change the last two args.
* common/kem.c (gnupg_ecc_kem_kdf): The last arguments are KDF_PARAMS
and its length.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Follow the change.
* g10/pkglue.c (do_encrypt_kem): Follow the change.
* g10/ecdh.c (extract_secret_x, derive_kek): Remove.
(gnupg_ecc_6637_kdf): Remove.
(ecc_build_kdf_params): Rename from build_kdf_params, changing
arguments.
* g10/pkglue.c (do_encrypt_ecdh): Refactor by ecc_build_kdf_params and
gnupg_ecc_kem_kdf.
* g10/pkglue.h (pk_ecdh_decrypt, gnupg_ecc_6637_kdf): Remove.
(ecc_build_kdf_params): New.
* g10/pubkey-enc.c (ecdh_sexp_build): Use ecc_build_kdf_params.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* common/kem.c (gnupg_ecc_kem_kdf): Rename to kdf_params.
--
It's KDF parameters composed by OpenPGP layer.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/kem.c (gnupg_ecc_kem_kdf): Support traditional KDF of RFC
6637.
* common/util.h (gnupg_ecc_kem_kdf): Add FIXED_INFO argument.
* g10/pkglue.c (do_encrypt_kem): Follow the change.
* agent/pkdecrypt.c (ecc_pgp_kem_decap): Return ECC parameters.
(composite_pgp_kem_decrypt): Follow the changes.
(ecc_kem_decrypt): New.
(agent_kem_decrypt): Support ECC KEM.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/ecdh.c (gnupg_ecc_6637_kdf): New.
(pk_ecdh_encrypt_with_shared_point, gen_k): Remove.
(pk_ecdh_generate_ephemeral_key): Remove.
* g10/pkglue.c (get_data_from_sexp): Remove.
(do_encrypt_ecdh): Use gcry_kem_encap of the KEM API,
gnupg_ecc_6637_kdf, and AESWRAP.
* g10/pkglue.h (gnupg_ecc_6637_kdf): New.
(pk_ecdh_encrypt_with_shared_point): Remove.
(pk_ecdh_generate_ephemeral_key, pk_ecdh_encrypt): Remove.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Bail out on compressed packets.
* g10/options.h (COMPAT_COMPR_KEYS): New.
* g10/gpg.c (compatibility_flags): Add "compr-keys".
* common/util.h: Remove replacement code not any longer needed.
(GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code.
--
Compressed key packets do not make much sense but historically they
were supported. Thus we also add a compatibility flag.
GnuPG-bug-id: 7014
|
| |
|
|
|
|
|
|
|
|
| |
* common/openpgp-oid.c (oidtable): Fill the information for KEM
API for NIST curves.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac: Check for _sys_siglist.
* common/signal.c (get_signal_name): Use _sys_siglist.
--
GnuPG-bug-id: 7638
Signed-off-by: Collin Funk <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* sm/verify.c (gpgsm_verify): Always print info that a certs-only
message has been processed.
--
Prior to this patch the message was only printed if no data file has
been given.
Reported-by: Albrecht Dreß
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/recsel.c (recsel_select): Change processing of NULL values.
* common/t-recsel.c (run_test_2): Adjust for this change. Also a type
fix for s/"letter"/"letters"/.
--
The getval function may return NULL which indicates that there is no
useful value available. For example because the propertyname is not
defined for some external context (e.g. in gpg the packet type). This
also required to fix the test for boolean tests of a non existing
property name.
Reported-by: shniubobo at gnupg-users on 2025-04-18.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c: Include recsel.h.
(debug_flags): New flag "recsel".
(set_debug): Set it.
* g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New.
* g10/import.c (impex_filter_getval): Add debug diagnostics.
* g10/keylist.c (parse_and_set_list_filter): Dump the record filter.
* common/recsel.c (recsel_debug): New variable.
(recsel_set_debug): New function.
(recsel_select): Add debug output if requested.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/ksba-io-support.c (has_only_base64): Use memchr since calling
strchr on a non-NUL terminated string is undefined behavior.
--
Signed-off-by: Collin Funk <[email protected]>
This patch has been stripped from Colin's original patch because this
is not just about a warning but an actual bug. That bug was
introduced in 2003 by me. - wk
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/recsel.c (struct recsel_expr_s): Add field lefta.
(recsel_parse_expr): Parse it.
(recsel_select): Implement selection.
--
This flags makes it for example easy to select keys last updated from
an ldap server:
gpg --list-filter 'select=origin=ks && -^ url =~ ldap' \
-k --with-key-origin
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/asshelp.c (log_libassuan_system_error): New.
* agent/gpg-agent.c (create_server_socket): Use new log function.
(handle_connections): Log system error code for a failed accept.
* dirmngr/dirmngr.c (handle_connections): Ditto.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
* tpm2d/tpm2daemon.c (handle_connections): Ditto.
* dirmngr/dirmngr.c (main): Log system error code for a failed bin.
* kbx/keyboxd.c (create_server_socket): Ditto.
* scd/scdaemon.c (create_server_socket): Ditto.
* tpm2d/tpm2daemon.c (create_server_socket): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/session-env.c (stdenvnames): Add field "disabled".
(INITIAL_ARRAYSIZE): Increase size a bit.
(session_env_mod_stdenvnames): New.
(session_env_list_stdenvnames): Handle the disabled flag.
* agent/gpg-agent.c (oChangeStdEnvName): New.
(opts): Add --change-std-env-name.
(main): Implement option.
--
GnuPG-bug-id: 7522
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (NEED_GPGRT_VERSION): Bump to 1.51.
* g10/keydb.c (internal_keydb_update_keyblock) [!USE_TOFU]: Mark an
arg unused.
* common/homedir.c (create_common_conf) [!BUILD_WITH_KEYBOXD]: Mark an
arg unused.
|
| |
|
|
|
|
|
|
| |
* common/compliance.c (get_assumed_de_vs_compliance): Also consider a
registry entry.
--
On Windows it is easier to set the registry key than to use an envvar.
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/asshelp.c (SECS_TO_WAIT_FOR_AGENT): Change from 5 to 8
seconds.
(SECS_TO_WAIT_FOR_KEYBOXD): Ditto.
(SECS_TO_WAIT_FOR_DIRMNGR): Ditto.
--
Experience on Windows showed that right after re-booting we may need
some more time to get things up.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_pk_is_compliant) <CO_DE_VS>: Consider
Brainpool Kyber variants compliant.
(gnupg_pk_is_allowed): Ditto.
(assumed_de_vs_compliance): Remove variable.
(get_assumed_de_vs_compliance): New.
(get_compliance_cache): Use new accessor.
(gnupg_status_compliance_flag): Ditto.
--
Use
GNUPG_ASSUME_COMPLIANCE=de-vs gpg --compliance=de-vs ....
for testing. This returns 2023 instead of 23 to indicate the
non-approval state.
GnuPG-bug-id: 6638
|
| |
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_status_compliance_flag): Fix test.
--
In general the cache is used to query this flag but in this function
it is used directly and we need to adjust the test.
Thanks to Ingo for reporting this.
|
| |
|
|
|
|
|
|
|
|
| |
* common/homedir.c (_gnupg_socketdir_internal): Check return code
of gnupg_mkdir and handle the case of GPG_ERR_EEXIST.
--
GnuPG-bug-id: 7332
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (openpgp_curve_to_oid): Add new argument to select OID
by OpenPGP version.
* common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning
selected OID for Curve25519.
* common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change,
selecting by the version.
* g10/export.c (match_curve_skey_pk): Likewise.
(transfer_format_to_openpgp): Likewise.
* g10/gpg.c (list_config): Likewise, print new OID.
* g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version.
* sm/encrypt.c (ecdh_encrypt): Likewise, don't care.
* sm/minip12.c (build_ecc_key_sequence): Likewise, new OID.
* scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't
care.
(ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise,
old OID.
--
GnuPG-bug-id: 7316
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/sexputil.c (pubkey_algo_string): Use
openpgp_oid_or_name_to_curve.
* g10/card-util.c (current_card_status, ask_card_keyattr): Likewise.
* scd/app-piv.c (writekey_ecc): Likewise.
* sm/fingerprint.c (gpgsm_get_key_algo_info): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (assumed_de_vs_compliance): New.
(get_compliance_cache): Check envvar and fake compliance.
(gnupg_status_compliance_flag): Return 2023 for de-vs if in faked
mode.
* g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023.
--
The user visible changes are that
GNUPG_ASSUME_COMPLIANCE=de-vs gpgconf --list-options gpg \
| awk -F: '$1=="compliance_de_vs" {print $8}'
returns 2023 if "compliance de-vs" is found in gpg.conf. If
eventually the software is arpproved the returned value will be 23 and
not 1 as it was before. Consumers should check whether they see value
of true (Kleopatra does this right now) and also check whether the
value is > 2000 and in this case print a beta/non-approved warning.
The envvar is currently used to assume that the underlying libgcrypt
is compliant and approved. This is not yet the case but eventually
libgcrypt will announce this itself and from then on the envvar is not
anymore required for testing.
|
| |
|
|
|
|
|
|
|
| |
* common/exectool.c (gnupg_exec_tool_stream): Initialize extrapipe.
--
Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* common/exectool.c (gnupg_exec_tool_stream): Add diagnostic.
--
This should help if something is broken with poll.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (--enable-gpg-is-gpg2): Remove option.
(USE_GPG2_HACK): Remove var.
* common/homedir.c (gnupg_module_name): Remove code for gpg2
installation option.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (noinst_PROGRAMS): Ditto.
* doc/gpg.texi: Ditto.
* doc/gpgv.texi: Ditto.
--
This option and all its build stuff does not make anymore sense. gpg1
is way too old for anyone to use on a regualar base along with a
standard gpg. It is better to rename that single gpg (1.4) binary to
gpg1 and adjust any scripts.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8.
* g10/keygen.c (do_generate_keypair): Remove the experimental algo
note ...
(write_keybinding): and the experimental notation data.
(ask_algo): Add a mode 16 for a Kyber subkey.
(generate_subkeypair): Set parameters for mode 16.
--
GnuPG-bug-id: 6815
|
| |
|
|
|
|
|
| |
* common/asshelp.c (start_new_service): Drop that option.
--
This avoids a useless warnings.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro. Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff. Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO. Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags. More debug output. Handle cramming
here. Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates. Adjust for
changes in _tlv_parser_next. Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.
* sm/minip12.c (dump_to_file): New. Enablein debug mode and if a
envvar ist set. Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
--
GnuPG-bug-id: 7213
Fixing this took way too long; I should have earlier explained the
code to a co-hacker to find the problem myself in my code by this.
|
| |
|
|
|
| |
--
This reverts commit cc78b26a4729db2280334214e21a8847e95d2ab0.
|
| |
|
|
|
|
|
|
|
| |
* common/dotlock.c (dotlock_detect_tname): Close directory on errors.
--
GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <[email protected]>
|
