From 660926a5cd6daedab2f7b9df935bb3f7f5776169 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 31 Oct 2024 15:11:55 +0100 Subject: [PATCH] gpg: Allow the use of an ADSK subkey as ADSK subkey. * g10/packet.h (PKT_public_key): Increased size of req_usage to 16. * g10/getkey.c (key_byname): Set allow_adsk in the context if ir was requested via req_usage. (finish_lookup): Allow RENC usage matching. * g10/keyedit.c (append_adsk_to_key): Adjust the assert. * g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey. -- If an ADSK is to be added it may happen that an ADSK subkey is found first and this should then be used even that it does not have the E usage. However, it used to have that E usage when it was added. While testing this I found another pecularity: If you do gpg -k ADSK_SUBKEY_FPR without the '!' suffix and no corresponding encryption subkey is dound, you will get an unusabe key error. I hesitate to fix that due to possible side-effects. GnuPG-bug-id: 6882 Backported-from-master: d30e345692440b9c6677118c1d20b9d17d80f873 Reference link: https://dev.gnupg.org/rG794950ec755eab3729d5a5905cbbc2e2d98b8699 (sbg: for fixing the poc failed, we only backport the type of req_usage change line) Note that we still use the NO_AKL and not the newer TRY_LDAP in 2.2. We may want to backport that change as well. Signed-off-by: baogen shang --- g10/packet.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/g10/packet.h b/g10/packet.h index ca7aad9..9e7685c 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -387,7 +387,7 @@ typedef struct /* The public key algorithm. (Serialized.) */ byte pubkey_algo; byte pubkey_usage; /* for now only used to pass it to getkey() */ - byte req_usage; /* hack to pass a request to getkey() */ + u16 req_usage; /* hack to pass a request to getkey() */ u32 has_expired; /* set to the expiration date if expired */ /* keyid of the primary key. Never access this value directly. Instead, use pk_main_keyid(). */ -- 2.33.0