* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen. Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--
Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.
The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time. Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified. Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key. Having a solid way of getting a key matching
a mail address is however a must have.
More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase. The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.
Signed-off-by: Werner Koch <wk@gnupg.org>
This is a backport from master.
(backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b)
* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
(mpi_powm): Access all data in the table and use mpi_set_cond.
--
Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack. This change fixes
this particular data-dependent access pattern.
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
This fixes sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.
(back ported from commit 2183683bd633818dd031b090b5530951de76f392)
Signed-off-by: Werner Koch <wk@gnupg.org>
[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* include/types.h (GNUPG_GCC_ATTR_UNUSED): Define for gcc >= 3.5.
* mpi/mpih-div.c (mpihelp_divmod_1, mpihelp_mod_1): Mark dummy as
unused.
* mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.
--
Due to the use of macros and longlong.h, we use variables which are
only used by some architectures. At least gcc 4.7.2 prints new
warnings about set but not used variables. This patch silences them.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--
We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature. Thus if key
flags are used in any way, the default key capabilities are never
used.
This allows to create a key with key flags set to all zero so it can't
be used. This better reflects common sense.
(cherry picked from commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf)
(cherry picked from commit 0a805ed1604ef3e9b27f3e22a936a2d439300e9f)
Resolved conflicts:
include/cipher.h
* include/cipher.h (PUBKEY_ALGO_ECC): New.
* g10/keyid.c (pubkey_letter): Add letter 'C'.
--
ID 22 will be used for generic ECC, i.e. one which can be used for
ECDSA and ECDH. The only support in 1.4 will pretty printing the
algorithm id.
* include/dotlock.h (dotlock_remove_lockfiles_reclaim): New.
(dotlock_destroy, dotlock_remove_lockfiles): Add a flag to reclaim
memory or not.
* util/dotlock.c (dotlock_create): Use
dotlock_remove_lockfiles_reclaim for atexit.
(dotlock_destroy_unix, dotlock_destroy)
(dotlock_remove_lockfiles): Add a reclaim flag.
(dotlock_remove_lockfiles_reclaim): New.
* g10/signal.c (got_fatal_signal): Disable flag of reclaim memory to
avoid non-async-face call.
* g10/keydb.c (maybe_create_keyring): Follow the API change.
* g10/gpgv.c: Follow the API change.
--
signal handler got_fatal_signal should not call non-async-signal-safe
functions. When malloc is interrupted by a signal, it screws up.
This issue is reported:
https://bugs.g10code.com/gnupg/issue1515http://bugs.debian.org/399904
* common/http.c (send_request, connect_server, http_open): Use a
struct srv instead of a single srvtag so we can pass the chosen host
and port back to the caller.
(connect_server): Use the proper port in the HAVE_GETADDRINFO case.
* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
chosen host and port.
* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.
Backported from ba9e974f1fd85b3dbbfb5e26d7a14f71d07c7cf2
* util/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--
This option is currently of no use. However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG. For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option". To avoid that the following line can be put
above that option in gpg.conf
ignore-invalid-option foobar
This meta option may be given several times or several option names
may be given as arguments (space delimited). Note that this option is
not available on the command line.
(backported from commit 41d564333d35c923f473aa90625d91f8fe18cd0b)
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
* util/membuf.c (put_membuf_str): New.
(get_membuf): Make LEN optional.
--
This fixes an obvious bug in locales where the translated string is
longer than the original. The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.
En passant we also removed the trailing white space on continued
lines.
Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
* include/types.h (U64_C) [!UINT64_C]: Add simple replacement.
--
This could happen with UNIX98-type systems, such as the code on
the netbsd-1-5 branch, and would prevent this package from building
on such systems.
* include/dotlock.h: New. From current gnupg master.
* util/dotlock.c: Ditto. Include util.h. The major changes done in
master are: Factor Unix and W32 specific code out into specific
functions. Define HAVE_POSIX_SYSTEM. Rearrange some functions.
(disable_dotlock): Rename to dotlock_disable.
(create_dotlock): Rename to dotlock_create and add a dummy arg.
(destroy_dotlock): Rename to dotlock_destroy.
(make_dotlock): Rename to dotlock_take.
(release_dotlock): Rename to dotlock_release.
(remove_lockfiles): Rename to dotlock_remove_lockfiles.
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* scripts/git-hooks/commit-msg: New script.
* autogen.sh: Install commit-msg hook for git.
* doc/HACKING: Describe the ChangeLog policy.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
This does not mean we have any kind of ECC support now. It is merely
to avoid printing a question mark for the algorithm.
Trailing white space changes as usual.
For compatibility reasons a few new files had to be added.
Also added estream-printf as this is now used in app-openpgp.c and provides
a better and generic asprintf implementation than the hack we used for the
W32 code in ttyio.c. Card code is not yet finished.
a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).
* http.h: Allow passing srvtag to http_open and http_open_document.
* http.c (http_open, http_open_document): Allow passing srvtag to
http_open and http_open_document.
can contain replacement files that can be linked to keyserver helpers
without bringing in the whole libutil.a. libutil.a contains a complete
copy of libcompat.a so we only need to link to one of them.