1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-14 21:47:19 +02:00
Commit graph

10872 commits

Author SHA1 Message Date
Werner Koch
1790caf167
Post release updates
--
2025-07-10 16:31:39 +02:00
Werner Koch
dc62a422a6
Release 2.5.9 2025-07-10 16:07:00 +02:00
Werner Koch
838c1c387c
gpg: Display the correct OpenPGP algo name at 3 places.
* g10/card-util.c (do_change_keyattr): Replace gcry_pk_algo_name by
openpgp_pk_algo_name.
* g10/keyedit.c (show_key_with_all_names): Ditto.
--

For RSA and and DSA the Libgcrypt and the OpenPGP identifiers are the
same.  But for ECC they are different and thus we need to use the
respective function to avoid printing a ? for example EdDSA designated
revocation keys.

Updates-commit: b7f8dec632
2025-07-08 16:34:36 +02:00
Werner Koch
7caefd1259
kbx: Make it easier to enable debug output
* kbx/kbx-client-util.c: New variable.  Uncomment all log_debug and
control them by this variable.
2025-07-08 10:02:30 +02:00
Werner Koch
a0f7cde9da
dirmngr: Add option--user-agent and always use a User-Agent header.
* dirmngr/dirmngr.h (opt): Add user_agent.
* dirmngr/dirmngr.c (oUserAgent): New.
(opts): Add "user-agent".
(parse_rereadable_options): Set option.
* dirmngr/ks-engine-hkp.c (send_request): Send User-Agent.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--

Note that the http_open_document function is not used by dirmngr.  If
it ever gets used we may want to add a way to configure the http.c
module with a user-agent string, so that it is send by the
send_request function and we do not need to explictly do that in the
caller.

GnuPG-bug-id: 7715
2025-07-08 10:02:30 +02:00
Werner Koch
6ec40bee2d
doc: Typo fixes and such
--
2025-07-08 10:02:30 +02:00
NIIBE Yutaka
9444949780
common: Remove openpgp_oid_to_kem_algo.
* common/openpgp-oid.c (oidtable): Don't include kem_algo.
(openpgp_oid_to_kem_algo): Remove.

--

The information is now retrieved by openpgp_oid_to_curve +
gnupg_get_ecc_params.

GnuPG-bug-id: 7698
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-04 14:33:49 +09:00
NIIBE Yutaka
5efabec218
gpg:ecc: Use the common function of gnupg_get_ecc_params.
* g10/pkglue.c (do_encrypt_kem): From ECC_OID, determine the CURVE by
openpgp_oid_to_curve, and then use gnupg_get_ecc_params to get ECC
parameters.
(do_encrypt_ecdh): Likewise.

--

GnuPG-bug-id: 7698
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-04 14:22:40 +09:00
NIIBE Yutaka
5ab9d59ee1
common:ecc: Have a field if the curve of ECC is Weierstrass.
* common/util.h (struct gnupg_ecc_params): Add is_weierstrauss.
* common/kem.c (ecc_table): Update.  Also add secp256k1.

--

GnuPG-bug-id: 7698
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-04 14:19:26 +09:00
NIIBE Yutaka
5e623b71d5
common:kem: Factor out a function to retrieve ECC parameters.
* common/util.h (struct gnupg_ecc_params, gnupg_get_ecc_params): New.
(ECC_SCALAR_LEN_MAX, ECC_POINT_LEN_MAX, ECC_HASH_LEN_MAX): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key, ecc_extract_sk_from_key):
Follow the change of gnupg_get_ecc_params.
(ecc_raw_kem, ecc_pgp_kem_decap, composite_pgp_kem_decrypt): Likewise.
(ecc_kem_decrypt): Likewise.
(get_ecc_params): Move to...
* common/kem.c (gnupg_get_ecc_params): ... here
* g10/pkglue.c (ECC_POINT_LEN_MAX, ECC_HASH_LEN_MAX): Remove duplicates.

--

GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-03 15:45:52 +09:00
Werner Koch
a354018bf3
dirmngr: Use wrapper function for Windows LDAP peculiarities.
* dirmngr/ks-engine-ldap.c (my_ldap_return_with_check): New.
(my_ldap_parse_result): New.
(my_ldap_parse_page_control): New.
(search_and_parse): Use the wrappers.
--

Updates-commit: b3dc2305e1
2025-06-24 13:33:31 +02:00
Zhang Maiyun
b3dc2305e1
dirmngr:w32: Fix ldap_* types
* dirmngr/ks-engine-ldap.c: when compiling with Windows/MinGW headers,
  `ldap_parse_page_control` and `ldap_parse_result` expects `ULONG`.
  This has become a hard error when using GCC 15.

Signed-off-by: Zhang Maiyun <me@maiyun.me>
2025-06-24 11:34:22 +02:00
Werner Koch
49a9171f63
gpg: Do not show the secp256k1 curve in --full-gen-key.
* g10/keygen.c (ask_curve): Add a curve aparemter to no list a curbe in
the menu.
--

This is non-standard curve and thus has severe interop problems.  To
avoid accidental selection of this curve, it may now only be given by
its name.
2025-06-24 08:49:28 +02:00
Werner Koch
e6592f2f46
gpg: Re-add the revocation reason to the sigclass in a "rev" record.
* g10/import.c (get_revocation_reason): Fix setting of r_reason.
--

Note that gpgme has not yet support for parsing the revocation reason.
Due to the split of gpgme it was not tested with gpgmeqt which has its
own parser in its regression tests which kicked it when building
debian packages.

GnuPG-bug-id: 7083
Fixes-commit: 3f825b044b
2025-06-23 12:16:45 +02:00
Werner Koch
63f64a3d8d
Post release updates
--
2025-06-20 17:32:11 +02:00
Werner Koch
49d2dde696
Release 2.5.8 2025-06-20 17:02:20 +02:00
Werner Koch
92db0275c5
po: msgmerge
--
2025-06-20 16:39:01 +02:00
Werner Koch
ce5e903bec
gpg: Print the revocation reasons as comment in the pub record.
* g10/keylist.c (list_keyblock_colon): Print the revocation reasons in
the pub record's comment field.
--

GnuPG-bug-id: 7083
2025-06-20 15:52:54 +02:00
Werner Koch
3f825b044b
gpg: Show revocation reason with a standard -k listing.
* g10/packet.h (struct revoke_info): Extend to carry the recocation
reason.
* g10/getkey.c (sig_to_revoke_info): Extend to strore the reason.
(merge_selfsigs): Extend to also store the reason in the public key.
* g10/keylist.c (list_signature_print): Factor some code out to ...
(print_revocation_reason_comment): new function.
(print_revocation_reason): New.
(print_key_line): Call new function to print the reason.
* g10/import.c (get_revocation_reason): Use
print_revocation_reason_comment and factor some code out to ...
(revocation_reason_code_to_str): new function.

* g10/gpgv.c (revocation_reason_code_to_str): Add stub.
* g10/test-stubs.c (revocation_reason_code_to_str): Ditto.
--

With this change the revocation reason of a revoked key (but not for a
revoked uid or subkey) is now displayed in "gpg -k" listing right
below the primary key fingerprint.  Before that "gpg --checks-sigs"
was required to do show this info.

GnuPG-bug-id: 7083
2025-06-20 15:17:19 +02:00
Werner Koch
22fc07640a
dirmngr: Do not require a keyserver for KS_FETCH.
* dirmngr/server.c (cmd_ks_fetch): Remove check for a keyserver.
--
GnuPG-bug-id: 7693
2025-06-17 16:07:13 +02:00
NIIBE Yutaka
fde915af1c
agent: Fix for the prefix 0x40 in the point representation.
* agent/pkdecrypt.c (ECC_CURVE25519_INDEX): New.
(ecc_pgp_kem_decap): Handle the prefix 0x40 for Curve25519.

--

GnuPG-bug-id: 7676
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-06-06 14:13:05 +09:00
NIIBE Yutaka
27e6622322
scd: Take care of possible buffer overflow in do_auth.
* scd/app-openpgp.c (do_auth): Check the length in the heuristic.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-06-05 10:24:07 +09:00
NIIBE Yutaka
eb7d5d4d85
scd: Fix detecting digest OID in the message to be signed.
* scd/app-openpgp.c (do_auth): Don't exclude Ed25519 for removing
digest OID.

--

GnuPG-bug-id: 7589
Fixes-commit: 3132bd90dc
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-06-04 13:53:58 +09:00
NIIBE Yutaka
2436afa057
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-06-03 14:00:20 +09:00
NIIBE Yutaka
16ee68259d
gpg,regexp: Use -DREGEXP_PREFIX=gnupg_.
* g10/Makefile.am (AM_CPPFLAGS): Add -DREGEXP_PREFIX=gnupg_
* regexp/Makefile.am (AM_CPPFLAGS): Likewise.
* regexp/jimregexp.h (ADD_PREFIX): New.
(regcomp, regexec, regerror, regfree): Use ADD_PREFIX.

--

GnuPG-bug-id: 7668
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-06-03 11:37:07 +09:00
NIIBE Yutaka
95d0adfc56
gpgtar: Fix releasing PROC correctly.
* tools/gpgtar-extract.c (gpgtar_extract): Initialize PROC as NULL,
and release at the end for the case of jumping to "leave:" label.
* tools/gpgtar-list.c (gpgtar_list): Release at the end.

--

Fixes-commit: 29bc14f56f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-06-03 11:12:37 +09:00
Werner Koch
87938a72f2
Post release updates.
--

Note that this also includes a minor fix in the wixlib description
which is actually part of gnupg-w32-2.5.7_20250602.wixlib.
2025-06-02 17:55:13 +02:00
Werner Koch
0eb62ee117
Release 2.5.7 2025-06-02 16:52:18 +02:00
Werner Koch
a83fe3fb1c
nsis: Install the help files.
* build-aux/speedo/w32/inst.nsi: Install the template files.
--

The help files are not very well known but we should at least install
some.  We also install those for the wks-utils in case we will ever
support gpg-wks-server of gpg-mail-tube on Windows.
Release 2.5.7
2025-06-02 16:52:16 +02:00
Werner Koch
bb150d41e6
po: msgmerge
--
2025-06-02 15:43:04 +02:00
Werner Koch
2b5e26dbef
po: Update German translation
--
2025-06-02 15:41:10 +02:00
Werner Koch
e6463d7fe0
wks: Use templates for the server responses.
* common/helpfile.c (gnupg_get_template): Add arg locale_override and
adjust all callers.
* tools/wks-receive.c (struct receive_ctx_s): Add field ct_language.
(get_language): New.
(new_part): Call it.
(wks_receive): Pass language to the result callback.
* tools/gpg-wks-client.c (short_locale): New.
(main): Get and store the current locale.
(command_create): Fix a glitch for the Posteo hack.  Insert the locale
into the confirmation request.
(send_confirmation_response): Ditto.
* tools/gpg-wks-server.c (struct server_ctx_s): Add field language.
(only_ascii): New.
(struct my_subst_vars_s, my_subst_vars_cb, my_subst_vars): New.
(send_confirmation_request): Use a template.
(send_congratulation_message): Ditto.
(check_and_publish): Pss ctx to send_congratulation_message.
(command_receive_cb): Add arg language.

* doc/wks-utils.txt, doc/wks-utils.de.txt: New.
* doc/Makefile.am (helpfiles): Add them.
--

GnuPG-bug-id: 7381

Note that the subject is not yet translated or templated due to a
missing header encoding function.
2025-06-02 12:42:59 +02:00
Werner Koch
982f45c8c7
gpg-mail-tube: Support templates.
* tools/gpg-mail-tube.c: Include i18n.h.
(main): Call i18n.h
(only_ascii): New.
(mail_tube_encrypt): Use a template or fallback to the old version.

* doc/mail-tube.txt, doc/mail-tube.de.txt: Two standard templates.
* doc/Makefile.am (helpfiles): Add them.
--

GnuPG-bug-id: 7381
2025-05-30 14:55:12 +02:00
Werner Koch
61514f7cd8
tools: Add a quoted-printable encoding function.
* tools/mime-maker.c (mime_maker_qp_encode): New.
* tools/t-mime-maker.c: New.
* tools/Makefile.am (TESTS): New.
(module_tests): Add the first test.
2025-05-30 14:19:03 +02:00
Werner Koch
8d837279bc
common: Improve helpfile.c to provide a generic template API.
* common/util.h (GET_TEMPLATE_CURRENT_LOCALE): New.
(GET_TEMPLATE_SUBST_ENVVARS): New.
(GET_TEMPLATE_CRLF): New.
* common/helpfile.c (findkey_fname): Add arg flags and terminate line
with CRLF if requested.
(findkey_locale): Replace arg only_current_locale by flags and add arg
domain.
(gnupg_get_help_string): Factor all code out to ...
(gnupg_get_template): new.  Add arg domain.  Handle SUBST flags.  Do
not trim tralins spaces with the CRLF flag.

* common/t-helpfile.c (main): Require domain name and add two options.
2025-05-30 14:19:02 +02:00
Werner Koch
ef5fa47ee8
gpgtar: Fix regression exhibited by make check
* tools/gpgtar-extract.c (gpgtar_extract): Do final process_release.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--

Fixes-commit: 29bc14f56f

Running "make -C tests/openpgp check verbose=3" failed with

  Creating configuration files
  Executing: '/home/wk/b/gnupg/tools/gpgtar' '--extract' \
     '--directory=.' \
     '/tmp/gpgscm-20250530T121329-run-tests-vGAT4R/environment-cache'
  make: *** [Makefile:998: xcheck] Terminated

for unknown reasons.  Not calling the gpgrt_process_release fixes this
regression.  The real cause needs to be investigated.
2025-05-30 14:18:57 +02:00
Werner Koch
e2732b8e19
scd:piv: Support rsa3072
* scd/app-piv.c (PIV_ALGORITHM_RSA): Rename to PIV_ALGORITHM_RSA_2048.
(PIV_ALGORITHM_RSA_3072): New.
(get_key_algorithm_by_dobj): Decide whether to use 3072 or 2048.
(do_sign): Support rsa3072.
(do_decipher): Ditto.
(do_genkey): Ditto.
--

Take care: Due to a lack of a PIV token capable of 3072, this has
not been tested at all.
2025-05-28 11:06:23 +02:00
Werner Koch
15a71f108d
gpg: Allow updating a SHA-1 key certification w/o --force-sign-key.
* g10/keyedit.c (sign_uids): Add a case for this.
--

GnuPG-bug-id:  7663
2025-05-28 10:41:32 +02:00
Werner Koch
e8eb92019f
doc: Minor speedo build clarification
--

Using the given command line for installation is almost always good,
so don't confuse the user with the first sentence.  Also explain how
to disable systemd for keyboxd and dirmngr.
2025-05-28 10:36:09 +02:00
Lucas Mulling via Gnupg-devel
018a2289ba
dirmngr: Don't install expired sks certificate
* dirmngr/Makefile.am (dist_pkgdata_DATA): Remove
  sks-keyservers.netCA.pem.

Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
2025-05-28 10:27:17 +02:00
NIIBE Yutaka
29bc14f56f
gpgsm,tests,tools: Fix memory leaks.
* sm/minip12.c (p12_parse): Fix creating new TLV with old TLV.
* sm/t-minip12.c (one_file): Release RESULT.
* tests/gpgscm/ffi.c (do_process_wait): Call gpgrt_process_release.
* tools/gpgconf-comp.c (retrieve_options_from_program): Release PARGS.
* tools/gpgtar-extract.c (gpgtar_extract): Release PROC on leave.
* tools/gpgtar-list.c (gpgtar_list): Release PROC on leave.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-28 15:50:10 +09:00
Werner Koch
1587b387c0
agent: Allow building under Cygwin.
* agent/command-ssh.c (start_command_handler_ssh): Firther protect the
SOCKET cast.
--

Note that Cygwin is not supported, YMMV.
GnuPG-bug-id: 7667
2025-05-27 11:14:37 +02:00
NIIBE Yutaka
0c7e7ec0c8
gpg: Fix ECC_POINT_LEN_MAX to allow NIST curves.
* g10/pkglue.c (ECC_POINT_LEN_MAX): NIST P-521 is large.

--

GnuPG-bug-id: 7664
Reported-by: Collin Funk
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-26 11:28:02 +09:00
Collin Funk via Gnupg-devel
01cb3ba62d
common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.
* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp
if the lengths are equal.

--

GnuPG-bug-id: 7662
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
2025-05-24 13:31:24 +02:00
NIIBE Yutaka
681d754043
gpg,agent: Clean up around using ECC KEM.
* common/util.h (gnupg_ecc_kem_kdf): Change the last two args.
* common/kem.c (gnupg_ecc_kem_kdf): The last arguments are KDF_PARAMS
and its length.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Follow the change.
* g10/pkglue.c (do_encrypt_kem): Follow the change.
* g10/ecdh.c (extract_secret_x, derive_kek): Remove.
(gnupg_ecc_6637_kdf): Remove.
(ecc_build_kdf_params): Rename from build_kdf_params, changing
arguments.
* g10/pkglue.c (do_encrypt_ecdh): Refactor by ecc_build_kdf_params and
gnupg_ecc_kem_kdf.
* g10/pkglue.h (pk_ecdh_decrypt, gnupg_ecc_6637_kdf): Remove.
(ecc_build_kdf_params): New.
* g10/pubkey-enc.c (ecdh_sexp_build): Use ecc_build_kdf_params.

--

GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-23 16:59:38 +09:00
NIIBE Yutaka
37bec0df7b
common: Fix argument name of gnupg_ecc_kem_kdf.
* common/kem.c (gnupg_ecc_kem_kdf): Rename to kdf_params.

--

It's KDF parameters composed by OpenPGP layer.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-23 10:42:44 +09:00
NIIBE Yutaka
07e8ca2a9b
gpg: Use ECC KEM interface for decryption.
* g10/call-agent.c (agent_pkdecrypt): Use --kem=PGP for
PUBKEY_ALGO_ECDH.
* g10/pubkey-enc.c (ecdh_sexp_build): New.
(get_it): Use ecdh_sexp_build for PUBKEY_ALGO_ECDH.  And don't use
pk_ecdh_decrypt since it's done by agent.

--

GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-22 14:36:38 +09:00
NIIBE Yutaka
04782e7fd6
agent: Add support for TPM2 for ECC KEM.
* agent/agent.h (agent_tpm2d_ecc_kem): New.
* agent/divert-tpm2.c (agent_tpm2d_ecc_kem): New.
* agent/pkdecrypt.c (ecc_pgp_kem_decap): Call agent_tpm2d_ecc_kem.

--

GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-22 14:34:05 +09:00
NIIBE Yutaka
b956f47e2a
agent: Finish ECC KEM, adding support for NIST curves.
* agent/command.c (cmd_pkdecrypt): ECC KEM PGP doesn't use OPTION.
* agent/pkdecrypt.c (ecc_table): Add NIST curves.
(ECC_SCALAR_LEN_MAX, ECC_POINT_LEN_MAX): Fix for NIST curves.
(composite_pgp_kem_decrypt): Take care of error by gcry_cipher_setkey.
(ecc_kem_decrypt): Fix un-wrapping the session key.

--

GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-22 14:29:51 +09:00
NIIBE Yutaka
57a3d23925
agent: Support ECC KEM by PKDECRYPT --kem.
* common/kem.c (gnupg_ecc_kem_kdf): Support traditional KDF of RFC
6637.
* common/util.h (gnupg_ecc_kem_kdf): Add FIXED_INFO argument.
* g10/pkglue.c (do_encrypt_kem): Follow the change.
* agent/pkdecrypt.c (ecc_pgp_kem_decap): Return ECC parameters.
(composite_pgp_kem_decrypt): Follow the changes.
(ecc_kem_decrypt): New.
(agent_kem_decrypt): Support ECC KEM.

--

GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-21 14:49:56 +09:00