* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp
if the lengths are equal.
--
GnuPG-bug-id: 7662
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
* g10/call-agent.c (agent_pkdecrypt): Use --kem=PGP for
PUBKEY_ALGO_ECDH.
* g10/pubkey-enc.c (ecdh_sexp_build): New.
(get_it): Use ecdh_sexp_build for PUBKEY_ALGO_ECDH. And don't use
pk_ecdh_decrypt since it's done by agent.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
A common problem with a self-build gnupg is that systemd starts
another version of a daemon while the self-build gnupg has a different
idea on the provided features of those daemons.
* g10/import.c (read_block): Bail out on compressed packets.
* g10/options.h (COMPAT_COMPR_KEYS): New.
* g10/gpg.c (compatibility_flags): Add "compr-keys".
* common/util.h: Remove replacement code not any longer needed.
(GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code.
--
Compressed key packets do not make much sense but historically they
were supported. Thus we also add a compatibility flag.
GnuPG-bug-id: 7014
--
The commit was entirely bogus because the check_nonce function closes
the socket itself if it returns with true. Thus closing the socket by
the caller in the true case was bogus.
The more likely cause for the hangs on Windows are in scdaemon:
* scd: Fix posssible lockup on Windows due to a lost select
result. [rGa7ec3792c5]
GnuPG-bug-id: 7434
Fixes-commit: 73f6c2dd4d3e5b58faf69821726988ae984fad89.
* common/openpgp-oid.c (oidtable): Fill the information for KEM
API for NIST curves.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/findkey.c (agent_key_from_file): Take care of the case
where GRIP==CTRL->keygrip1.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use NULL for the
GRIP, it's for crypto operation where prompt is expected.
--
GnuPG-bug-id: 7648
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keylist.c (list_keyblock_simple): Take care of
show-unusable-uids.
--
This allows to upload revoked keys to a WKD.
Suggested-by: Uwe Kleine-König
* sm/certchain.c (gpgsm_walk_cert_chain): Handle an empty subject.
--
During import a certificate was imported but gpgsm used log_error when
trying to figure out whether this is a root cert. This patch changes
this to just print a note.
GnuPG-bug-id: 7171
* g10/getkey.c (merge_selfsigs_main): Do not mask out the group bit.
(merge_selfsigs_subkey): Ditto/
* g10/keygen.c (ask_key_flags_with_mask): Ditto.
(proc_parameter_file): Ditto.
--
Updates-commit: 0988e49c45d0fb73d0b536aa027bd114f9dc65a7
* tests/gpgscm/ffi.c (ffi_init): Undefine 'open' so it does not get
expanded to 'open64' in the ffi_define_function macro.
--
GnuPG-bug-id: 7632
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
[[PGP Signed Part:No public key for 4893CA2AF4416CED created at 2025-04-16T23:13:02+0200 using EDDSA]]
--
Signed-off-by: Mattia Narducci <mattianarducci1@gmail.com>
* sm/verify.c (gpgsm_verify): Always print info that a certs-only
message has been processed.
--
Prior to this patch the message was only printed if no data file has
been given.
Reported-by: Albrecht Dreß
* g10/getkey.c (get_pubkey_for_sig): Keep a requested
PUBKEY_USAGE_CERT.
(finish_lookup): For correctness in future use cases allow
PUBKEY_USAGE_CERT to also trigger verify mode.
--
The case here was that a cert-only primary key was removed with
export-clean.
GnuPG-bug-id: 7583
* common/recsel.c (recsel_select): Change processing of NULL values.
* common/t-recsel.c (run_test_2): Adjust for this change. Also a type
fix for s/"letter"/"letters"/.
--
The getval function may return NULL which indicates that there is no
useful value available. For example because the propertyname is not
defined for some external context (e.g. in gpg the packet type). This
also required to fix the test for boolean tests of a non existing
property name.
Reported-by: shniubobo at gnupg-users on 2025-04-18.
* g10/gpg.c: Include recsel.h.
(debug_flags): New flag "recsel".
(set_debug): Set it.
* g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New.
* g10/import.c (impex_filter_getval): Add debug diagnostics.
* g10/keylist.c (parse_and_set_list_filter): Dump the record filter.
* common/recsel.c (recsel_debug): New variable.
(recsel_set_debug): New function.
(recsel_select): Add debug output if requested.
* common/ksba-io-support.c (has_only_base64): Use memchr since calling
strchr on a non-NUL terminated string is undefined behavior.
--
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
This patch has been stripped from Colin's original patch because this
is not just about a warning but an actual bug. That bug was
introduced in 2003 by me. - wk
* g10/gpg.c (aQuickTSignKey): New.
(opts): Add new command.
(main): Parse args for it.
* g10/keyedit.c: Include mbox-util.h.
(parse_trustsig_string): New.
(sign_uids): Add arg trustsig for use in quick mode.
(keyedit_quick_sign): Also add arg trustsig and print a diagnostic on
error.
* scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label.
--
Some versions of the CardOS personalisation software seem to store a
missing labels as zero-length object instead of not storing the object
at all.
Due to a lack of such a card this patch has not been tested.
* tests/gpgscm/opdefines.h: Change the order of arguments.
* tests/gpgscm/scheme-private.h (_OP_DEF): OP comes first, and use
variadic args for the macro.
* tests/gpgscm/scheme.c (_OP_DEF): Likewise.
(TST_*): Use integers.
(check_arguments): Follow the change of TST_LIST.
--
GnuPG-bug-id: 7623
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* kbx/backend-sqlite.c (run_select_statement): Convert with
ascii_strlwr when the mode is KEYDB_SEARCH_MODE_MAIL.
--
GnuPG-bug-id: 7576
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm/certlist.c (gpgsm_add_to_certlist): Track expired error. Make
the expired check easier to read by using if and case.
--
Original ChangeLog:
If all selected certificates are expired, don't mislead the user
saying that no certificate was found. Instead, return the error
of the first certificate selected.
* sm/certlist.c: if one expired certificate was found, don't return
no certificate found, return instead the expiration error
I heavily changed Ramon's original patch and hope that I don't
introduced a regression to his patch. - wk@gnupg.org
* sm/certchain.c (check_validity_period_cm): Add arg no_log_expired to
avoid bumping of the error counter due to the do_list function.
* sm/certlist.c (gpgsm_add_to_certlist): Set no_log_expired when
checking the expiration.
--
I modified the original patch to make the patch smaller and the code
easier to read. - wk@gnupg.org
