aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* agent: Fix for the prefix 0x40 in the point representation.HEADmasterNIIBE Yutaka28 hours1-0/+10
| | | | | | | | | | * agent/pkdecrypt.c (ECC_CURVE25519_INDEX): New. (ecc_pgp_kem_decap): Handle the prefix 0x40 for Curve25519. -- GnuPG-bug-id: 7676 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Take care of possible buffer overflow in do_auth.NIIBE Yutaka2 days1-1/+3
| | | | | | | | * scd/app-openpgp.c (do_auth): Check the length in the heuristic. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix detecting digest OID in the message to be signed.NIIBE Yutaka3 days1-2/+1
| | | | | | | | | | | * scd/app-openpgp.c (do_auth): Don't exclude Ed25519 for removing digest OID. -- GnuPG-bug-id: 7589 Fixes-commit: 3132bd90dc8db9c7fd19ba201918e95891306dc5 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Japanese Translation.NIIBE Yutaka4 days1-14/+8
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,regexp: Use -DREGEXP_PREFIX=gnupg_.NIIBE Yutaka4 days3-2/+27
| | | | | | | | | | | | * g10/Makefile.am (AM_CPPFLAGS): Add -DREGEXP_PREFIX=gnupg_ * regexp/Makefile.am (AM_CPPFLAGS): Likewise. * regexp/jimregexp.h (ADD_PREFIX): New. (regcomp, regexec, regerror, regfree): Use ADD_PREFIX. -- GnuPG-bug-id: 7668 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgtar: Fix releasing PROC correctly.NIIBE Yutaka4 days2-3/+3
| | | | | | | | | | | * tools/gpgtar-extract.c (gpgtar_extract): Initialize PROC as NULL, and release at the end for the case of jumping to "leave:" label. * tools/gpgtar-list.c (gpgtar_list): Release at the end. -- Fixes-commit: 29bc14f56f6430294f225b6744012ab1f5df62e6 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updates.Werner Koch5 days3-4/+8
| | | | | | | -- Note that this also includes a minor fix in the wixlib description which is actually part of gnupg-w32-2.5.7_20250602.wixlib.
* Release 2.5.7gnupg-2.5.7Werner Koch5 days2-2/+32
|
* nsis: Install the help files.Werner Koch5 days1-2/+15
| | | | | | | | | | * build-aux/speedo/w32/inst.nsi: Install the template files. -- The help files are not very well known but we should at least install some. We also install those for the wks-utils in case we will ever support gpg-wks-server of gpg-mail-tube on Windows. Release 2.5.7
* po: msgmergeWerner Koch5 days26-0/+381
| | | | --
* po: Update German translationWerner Koch5 days1-1/+11
| | | | --
* wks: Use templates for the server responses.Werner Koch5 days12-75/+406
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/helpfile.c (gnupg_get_template): Add arg locale_override and adjust all callers. * tools/wks-receive.c (struct receive_ctx_s): Add field ct_language. (get_language): New. (new_part): Call it. (wks_receive): Pass language to the result callback. * tools/gpg-wks-client.c (short_locale): New. (main): Get and store the current locale. (command_create): Fix a glitch for the Posteo hack. Insert the locale into the confirmation request. (send_confirmation_response): Ditto. * tools/gpg-wks-server.c (struct server_ctx_s): Add field language. (only_ascii): New. (struct my_subst_vars_s, my_subst_vars_cb, my_subst_vars): New. (send_confirmation_request): Use a template. (send_congratulation_message): Ditto. (check_and_publish): Pss ctx to send_congratulation_message. (command_receive_cb): Add arg language. * doc/wks-utils.txt, doc/wks-utils.de.txt: New. * doc/Makefile.am (helpfiles): Add them. -- GnuPG-bug-id: 7381 Note that the subject is not yet translated or templated due to a missing header encoding function.
* gpg-mail-tube: Support templates.Werner Koch8 days5-5/+128
| | | | | | | | | | | | | * tools/gpg-mail-tube.c: Include i18n.h. (main): Call i18n.h (only_ascii): New. (mail_tube_encrypt): Use a template or fallback to the old version. * doc/mail-tube.txt, doc/mail-tube.de.txt: Two standard templates. * doc/Makefile.am (helpfiles): Add them. -- GnuPG-bug-id: 7381
* tools: Add a quoted-printable encoding function.Werner Koch8 days4-2/+227
| | | | | | | * tools/mime-maker.c (mime_maker_qp_encode): New. * tools/t-mime-maker.c: New. * tools/Makefile.am (TESTS): New. (module_tests): Add the first test.
* common: Improve helpfile.c to provide a generic template API.Werner Koch8 days3-31/+83
| | | | | | | | | | | | | | | * common/util.h (GET_TEMPLATE_CURRENT_LOCALE): New. (GET_TEMPLATE_SUBST_ENVVARS): New. (GET_TEMPLATE_CRLF): New. * common/helpfile.c (findkey_fname): Add arg flags and terminate line with CRLF if requested. (findkey_locale): Replace arg only_current_locale by flags and add arg domain. (gnupg_get_help_string): Factor all code out to ... (gnupg_get_template): new. Add arg domain. Handle SUBST flags. Do not trim tralins spaces with the CRLF flag. * common/t-helpfile.c (main): Require domain name and add two options.
* gpgtar: Fix regression exhibited by make checkWerner Koch8 days2-2/+2
| | | | | | | | | | | | | | | | | | | * tools/gpgtar-extract.c (gpgtar_extract): Do final process_release. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- Fixes-commit: 29bc14f56f6430294f225b6744012ab1f5df62e6 Running "make -C tests/openpgp check verbose=3" failed with Creating configuration files Executing: '/home/wk/b/gnupg/tools/gpgtar' '--extract' \ '--directory=.' \ '/tmp/gpgscm-20250530T121329-run-tests-vGAT4R/environment-cache' make: *** [Makefile:998: xcheck] Terminated for unknown reasons. Not calling the gpgrt_process_release fixes this regression. The real cause needs to be investigated.
* scd:piv: Support rsa3072Werner Koch10 days1-17/+55
| | | | | | | | | | | | | * scd/app-piv.c (PIV_ALGORITHM_RSA): Rename to PIV_ALGORITHM_RSA_2048. (PIV_ALGORITHM_RSA_3072): New. (get_key_algorithm_by_dobj): Decide whether to use 3072 or 2048. (do_sign): Support rsa3072. (do_decipher): Ditto. (do_genkey): Ditto. -- Take care: Due to a lack of a PIV token capable of 3072, this has not been tested at all.
* gpg: Allow updating a SHA-1 key certification w/o --force-sign-key.Werner Koch10 days2-1/+13
| | | | | | | * g10/keyedit.c (sign_uids): Add a case for this. -- GnuPG-bug-id: 7663
* doc: Minor speedo build clarificationWerner Koch10 days2-6/+10
| | | | | | | | -- Using the given command line for installation is almost always good, so don't confuse the user with the first sentence. Also explain how to disable systemd for keyboxd and dirmngr.
* dirmngr: Don't install expired sks certificateLucas Mulling via Gnupg-devel10 days1-1/+1
| | | | | | | * dirmngr/Makefile.am (dist_pkgdata_DATA): Remove sks-keyservers.netCA.pem. Signed-off-by: Lucas Mulling <[email protected]>
* gpgsm,tests,tools: Fix memory leaks.NIIBE Yutaka10 days6-8/+23
| | | | | | | | | | | | | * sm/minip12.c (p12_parse): Fix creating new TLV with old TLV. * sm/t-minip12.c (one_file): Release RESULT. * tests/gpgscm/ffi.c (do_process_wait): Call gpgrt_process_release. * tools/gpgconf-comp.c (retrieve_options_from_program): Release PARGS. * tools/gpgtar-extract.c (gpgtar_extract): Release PROC on leave. * tools/gpgtar-list.c (gpgtar_list): Release PROC on leave. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Allow building under Cygwin.Werner Koch11 days1-1/+1
| | | | | | | | | * agent/command-ssh.c (start_command_handler_ssh): Firther protect the SOCKET cast. -- Note that Cygwin is not supported, YMMV. GnuPG-bug-id: 7667
* gpg: Fix ECC_POINT_LEN_MAX to allow NIST curves.NIIBE Yutaka12 days1-1/+1
| | | | | | | | | | * g10/pkglue.c (ECC_POINT_LEN_MAX): NIST P-521 is large. -- GnuPG-bug-id: 7664 Reported-by: Collin Funk Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.Collin Funk via Gnupg-devel14 days1-3/+3
| | | | | | | | | | * common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp if the lengths are equal. -- GnuPG-bug-id: 7662 Signed-off-by: Collin Funk <[email protected]>
* gpg,agent: Clean up around using ECC KEM.NIIBE Yutaka2025-05-237-495/+92
| | | | | | | | | | | | | | | | | | | | | | * common/util.h (gnupg_ecc_kem_kdf): Change the last two args. * common/kem.c (gnupg_ecc_kem_kdf): The last arguments are KDF_PARAMS and its length. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Follow the change. * g10/pkglue.c (do_encrypt_kem): Follow the change. * g10/ecdh.c (extract_secret_x, derive_kek): Remove. (gnupg_ecc_6637_kdf): Remove. (ecc_build_kdf_params): Rename from build_kdf_params, changing arguments. * g10/pkglue.c (do_encrypt_ecdh): Refactor by ecc_build_kdf_params and gnupg_ecc_kem_kdf. * g10/pkglue.h (pk_ecdh_decrypt, gnupg_ecc_6637_kdf): Remove. (ecc_build_kdf_params): New. * g10/pubkey-enc.c (ecdh_sexp_build): Use ecc_build_kdf_params. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix argument name of gnupg_ecc_kem_kdf.NIIBE Yutaka2025-05-232-6/+11
| | | | | | | | | | * common/kem.c (gnupg_ecc_kem_kdf): Rename to kdf_params. -- It's KDF parameters composed by OpenPGP layer. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Use ECC KEM interface for decryption.NIIBE Yutaka2025-05-222-29/+83
| | | | | | | | | | | | | * g10/call-agent.c (agent_pkdecrypt): Use --kem=PGP for PUBKEY_ALGO_ECDH. * g10/pubkey-enc.c (ecdh_sexp_build): New. (get_it): Use ecdh_sexp_build for PUBKEY_ALGO_ECDH. And don't use pk_ecdh_decrypt since it's done by agent. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add support for TPM2 for ECC KEM.NIIBE Yutaka2025-05-223-2/+51
| | | | | | | | | | | * agent/agent.h (agent_tpm2d_ecc_kem): New. * agent/divert-tpm2.c (agent_tpm2d_ecc_kem): New. * agent/pkdecrypt.c (ecc_pgp_kem_decap): Call agent_tpm2d_ecc_kem. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Finish ECC KEM, adding support for NIST curves.NIIBE Yutaka2025-05-222-17/+42
| | | | | | | | | | | | | * agent/command.c (cmd_pkdecrypt): ECC KEM PGP doesn't use OPTION. * agent/pkdecrypt.c (ecc_table): Add NIST curves. (ECC_SCALAR_LEN_MAX, ECC_POINT_LEN_MAX): Fix for NIST curves. (composite_pgp_kem_decrypt): Take care of error by gcry_cipher_setkey. (ecc_kem_decrypt): Fix un-wrapping the session key. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Support ECC KEM by PKDECRYPT --kem.NIIBE Yutaka2025-05-214-64/+251
| | | | | | | | | | | | | | | | * common/kem.c (gnupg_ecc_kem_kdf): Support traditional KDF of RFC 6637. * common/util.h (gnupg_ecc_kem_kdf): Add FIXED_INFO argument. * g10/pkglue.c (do_encrypt_kem): Follow the change. * agent/pkdecrypt.c (ecc_pgp_kem_decap): Return ECC parameters. (composite_pgp_kem_decrypt): Follow the changes. (ecc_kem_decrypt): New. (agent_kem_decrypt): Support ECC KEM. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Add a note to READ on how to disable the systemd activation.Werner Koch2025-05-201-2/+12
| | | | | | | | -- A common problem with a self-build gnupg is that systemd starts another version of a daemon while the self-build gnupg has a different idea on the provided features of those daemons.
* agent: Refactor ECC KEM decap operation.NIIBE Yutaka2025-05-201-39/+41
| | | | | | | | | | | | * agent/pkdecrypt.c (ecc_table): Don't include shared_len. (ecc_pgp_kem_decap): Rename from ecc_pgp_kem_decrypt and only do ECC KEM decap operation. (composite_pgp_kem_decrypt): Move ECC KDF call here. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Use the KEM API for ECC encryption.NIIBE Yutaka2025-05-194-252/+346
| | | | | | | | | | | | | | | | | * g10/ecdh.c (gnupg_ecc_6637_kdf): New. (pk_ecdh_encrypt_with_shared_point, gen_k): Remove. (pk_ecdh_generate_ephemeral_key): Remove. * g10/pkglue.c (get_data_from_sexp): Remove. (do_encrypt_ecdh): Use gcry_kem_encap of the KEM API, gnupg_ecc_6637_kdf, and AESWRAP. * g10/pkglue.h (gnupg_ecc_6637_kdf): New. (pk_ecdh_encrypt_with_shared_point): Remove. (pk_ecdh_generate_ephemeral_key, pk_ecdh_encrypt): Remove. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Remove unused variable.Werner Koch2025-05-161-3/+0
| | | | * g10/export.c (do_export): Remove zfx.
* gpg: Do not allow compressed key packets on import.Werner Koch2025-05-164-6/+11
| | | | | | | | | | | | | | * g10/import.c (read_block): Bail out on compressed packets. * g10/options.h (COMPAT_COMPR_KEYS): New. * g10/gpg.c (compatibility_flags): Add "compr-keys". * common/util.h: Remove replacement code not any longer needed. (GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code. -- Compressed key packets do not make much sense but historically they were supported. Thus we also add a compatibility flag. GnuPG-bug-id: 7014
* Revert "w32: On socket nonce mismatch close the socket."Werner Koch2025-05-164-19/+11
| | | | | | | | | | | | | | | | -- The commit was entirely bogus because the check_nonce function closes the socket itself if it returns with true. Thus closing the socket by the caller in the true case was bogus. The more likely cause for the hangs on Windows are in scdaemon: * scd: Fix posssible lockup on Windows due to a lost select result. [rGa7ec3792c5] GnuPG-bug-id: 7434 Fixes-commit: 73f6c2dd4d3e5b58faf69821726988ae984fad89.
* common: Add KEM constants for NIST curves.NIIBE Yutaka2025-05-161-3/+6
| | | | | | | | | | * common/openpgp-oid.c (oidtable): Fill the information for KEM API for NIST curves. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Support the use case of composite PQC for prompting.NIIBE Yutaka2025-05-142-27/+35
| | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Take care of the case where GRIP==CTRL->keygrip1. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use NULL for the GRIP, it's for crypto operation where prompt is expected. -- GnuPG-bug-id: 7648 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work.Werner Koch2025-05-131-1/+2
| | | | | | | | | | * g10/keylist.c (list_keyblock_simple): Take care of show-unusable-uids. -- This allows to upload revoked keys to a WKD. Suggested-by: Uwe Kleine-König
* gpgsm: Just print a note for an empty subject during import.Werner Koch2025-05-131-7/+3
| | | | | | | | | | | * sm/certchain.c (gpgsm_walk_cert_chain): Handle an empty subject. -- During import a certificate was imported but gpgsm used log_error when trying to figure out whether this is a root cert. This patch changes this to just print a note. GnuPG-bug-id: 7171
* agent: We should use a macro for the keygrip len in new code.Werner Koch2025-05-131-2/+2
| | | | * agent/divert-scd.c (agent_card_ecc_kem): Use KEYGRIP_LEN constant.
* agent: Fix ECC key on smartcard for composite KEM with PQC.NIIBE Yutaka2025-05-132-5/+9
| | | | | | | | | | * agent/divert-scd.c (agent_card_ecc_kem): Convert binary keygrip to HEXto call agent_card_pkdecrypt. Handle the case with prefix. -- GnuPG-bug-id: 7648 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Recover the old behavior with max-cache-ttl=0.NIIBE Yutaka2025-05-132-27/+20
| | | | | | | | | | | | * agent/cache.c (compute_expiration): Expire newly created entry when max-cache-ttl is zero. -- Fixes-commit: 92de0387f04b1e87a4a49ed063323624f25ac3ef GnuPG-bug-id: 6681 Suggested-by: Lucas Mulling <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fully implement the group key flag.Werner Koch2025-05-122-4/+7
| | | | | | | | | | * g10/getkey.c (merge_selfsigs_main): Do not mask out the group bit. (merge_selfsigs_subkey): Ditto/ * g10/keygen.c (ask_key_flags_with_mask): Ditto. (proc_parameter_file): Ditto. -- Updates-commit: 0988e49c45d0fb73d0b536aa027bd114f9dc65a7
* Update distsigkeyWerner Koch2025-05-091-0/+0
| | | | | | -- Added Alexander. Removed Andre.
* Post release updatesWerner Koch2025-05-082-1/+5
| | | | --
* Release 2.5.6gnupg-2.5.6Werner Koch2025-05-081-1/+6
|
* tests:gpgscm: Fix build error on AIX.Collin Funk via Gnupg-devel2025-05-081-0/+5
| | | | | | | | | * tests/gpgscm/ffi.c (ffi_init): Undefine 'open' so it does not get expanded to 'open64' in the ffi_define_function macro. -- GnuPG-bug-id: 7632 Signed-off-by: Collin Funk <[email protected]>
* common: Add Solaris support to get_signal_name.Collin Funk via Gnupg-devel2025-05-082-3/+7
| | | | | | | | | | * configure.ac: Check for _sys_siglist. * common/signal.c (get_signal_name): Use _sys_siglist. -- GnuPG-bug-id: 7638 Signed-off-by: Collin Funk <[email protected]>
* po: Fix misspelled italian translation for 'encrypted'Mattia Narducci via Gnupg-devel2025-05-081-2/+2
| | | | | | | [[PGP Signed Part:No public key for 4893CA2AF4416CED created at 2025-04-16T23:13:02+0200 using EDDSA]] -- Signed-off-by: Mattia Narducci <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 09:13:54 +0000