1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9537 Commits

Author SHA1 Message Date
NIIBE Yutaka
bf46db1a1e Support v5 signature generation (not fully working yet).
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-19 21:28:11 +09:00
NIIBE Yutaka
ad7a9b0a6a agent: Support importing v5 key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-13 17:06:28 +09:00
NIIBE Yutaka
92a9c24ea1 Output v5 signature.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-13 16:15:06 +09:00
NIIBE Yutaka
7b24f7e998 Check v5 signature correctly.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-13 13:26:11 +09:00
NIIBE Yutaka
5dc6ef7e69 crypto-refresh secret key handling for v5 key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-12 16:52:39 +09:00
NIIBE Yutaka
d587002389 Allow secret key import with no uidnode for v5 key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-12 16:52:16 +09:00
NIIBE Yutaka
13e6ec6672 Allow issuer fpr in unhashed area.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-12 15:56:47 +09:00
NIIBE Yutaka
e561cb1ae0 Allow no uidnode for v5 key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-12 15:56:34 +09:00
NIIBE Yutaka
4d8decc23c Add v5 signature salt.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-12 15:40:19 +09:00
NIIBE Yutaka
412c8fcdfd Parse v5 signature subpacket.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-12 15:22:05 +09:00
NIIBE Yutaka
bdb5136518 Parse Preferred AEAD cerphersuites subpacket.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-12 14:53:46 +09:00
NIIBE Yutaka
c9315dada4 gpg: Accept GCM and v5 AEAD with v2 SEIPD packet.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-30 22:18:20 +09:00
NIIBE Yutaka
51fe266705 gpg: Accept SEIPDv2 packet.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-25 21:50:32 +09:00
NIIBE Yutaka
07af232493 Fix the semantics of memory_cost.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-22 10:26:48 +09:00
NIIBE Yutaka
19ed445845 Fix length of KEK, no additional data.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-21 16:20:19 +09:00
NIIBE Yutaka
a8a65240fb experiment with Argon2id.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-21 14:23:43 +09:00
NIIBE Yutaka
fe1e64f2dc accept Argon2 as S2K specifier.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-21 11:37:38 +09:00
NIIBE Yutaka
df967c228f start experiment for newer S2K.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-21 11:22:14 +09:00
NIIBE Yutaka
05fdaa1737 sm: Fix use of value NONE in gnupg_isotime_t type.
* common/gettime.h (GNUPG_ISOTIME_NONE): New.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it.
* sm/certlist.c (gpgsm_add_to_certlist): Likewise.
* sm/import.c (check_and_store): Likewise.
* sm/keylist.c (list_cert_colon, list_cert_raw): Likewise.
(list_cert_std): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-18 11:11:12 +09:00
Ingo Klöcker
da04811fe7 po: Fix gender of pronoun in German translation
--

The phrase refers to an insecure "passphrase" which is translated as
"(das) Passwort" (pronoun: "dieses") in German.
2022-02-16 10:50:46 +01:00
Jussi Kivilinna
ab177eed51 g10/mainproc: avoid extra hash contexts when decrypting MDC input
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--

Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:

 AES256.CFB encryption: 783 MB/s
 AES256.CFB decryption: 386 MB/s (before)
 AES256.CFB encryption: 1.3 GB/s (after patch)

Note, AEAD is still significantly faster:

 AES256.OCB encryption: 2.2 GB/s
 AES256.OCB decryption: 3.0 GB/s

GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-08 19:21:18 +02:00
Werner Koch
e23dc755fa
sm: New option --ignore-cert-with-oid.
* sm/gpgsm.c (oIgnoreCertWithOID): New.
(opts): Add option.
(main): Store its value.
* sm/call-agent.c (learn_cb): Test against that list.
2022-02-03 14:17:10 +01:00
NIIBE Yutaka
b2cedc108d gpg: Fix for -Wformat when using uint64_t.
* g10/cipher-aead.c (do_flush): Use PRIu64.
* g10/decrypt-data.c (aead_underflow): Likewise.

--

Even among LP64 data model machines, uint64_t type may differ;
unsigned long or unsigned long long.
Only portable way is use of PRIu64.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-02 11:09:48 +09:00
Werner Koch
57d546674d
dirmngr: Avoid initial delay on the first keyserver access.
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.

* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
--

This delay of 2 or 3 seconds is in particular annoying on Windows.
This is now suppressed, as it should be, if --no-use-tor is used.

The second patch is unrelated
2022-02-01 16:03:06 +01:00
Werner Koch
623a427b0c
sm: Partly revert last commit.
* sm/gpgsm.c (set_debug): Remove doubled code.
--

It was already there; sorry.

Fixes-commit: 51edea995d352a7b557fb0315fa5091dc42065cb
2022-02-01 15:20:29 +01:00
Werner Koch
51edea995d
gpg,sm: Set --verbose and clear --quiet in debug mode.
* g10/gpg.c (set_debug): Tweak options.
* sm/gpgsm.c (set_debug): Ditto.
2022-02-01 15:13:13 +01:00
Werner Koch
934a60de6b
ssh: Fix adding an ed25519 key with a zero length comment.
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--

Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.

The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.

GnuPG-bug-id: 5794
2022-01-28 19:59:11 +01:00
Werner Koch
34ea19aff9
gpg: Allow --dearmor to decode all kinds of armor files.
* g10/filter.h (armor_filter_context_t): New fields dearmor_mode and
dearmor_state.
* g10/dearmor.c (dearmor_file): Set dearmor_mode.
* g10/armor.c (is_armor_header): Magic to switch to generic dearmor
mode.
(parse_header_line): Treat non OpenPGP armor in a special way.
(check_input): Ditto.
(radix64_read): Detect non OpenPGP armor END lines.
2022-01-28 12:09:34 +01:00
Werner Koch
f2d1187fcd
gpgsm: Retire the new --ldapserver.
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and mark it as obsolete.
--

We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.

GnuPG-bug-id: 5801
2022-01-27 15:23:42 +01:00
Werner Koch
ed798a97f5
gpgconf: Teach --show-config the legacy gpgconf.conf.
* tools/gpgconf.c (show_configs): Print gpgconf.conf and a warning.
2022-01-27 14:43:45 +01:00
Werner Koch
977b61ddab
gpgconf: Return again "keyserver" for gpgsm.
* tools/gpgconf-comp.c (known_options_gpgsm): Change "ldapserver" back
to "keyserver".
2022-01-27 14:40:53 +01:00
Werner Koch
8fb23094c2
gpgconf: Fix --list-options for forced options
* tools/gpgconf-comp.c (retrieve_options_from_program): Ignore to to
ignored options.  Add failsafe code to avoid calling percent_escape
with NULL.
--

Remember: When using ARGPARSE_FLAG_WITHATTR the ARGPARSE_OPT_IGNORE
flags in the returned type needs to be considered.

GnuPG-bug-id: 5800
2022-01-26 12:47:56 +01:00
Werner Koch
0b4fdbd5f4
gpgconf: Return --ldapserver and --keyserver from dirmngr.
* dirmngr/dirmngr.c: Reorder two option groups.
* tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to
"ldapserver" and set level to invisible.
(known_options_dirmngr): Add "ldapserver" at the basic level.
* sm/gpgsm.c (opts): No more help text for "ldapserver".
--

GnuPG-bug-id: 5800
2022-01-25 20:24:25 +01:00
Werner Koch
1cf0c407bf
doc: Add comments on the legacy status of gpgconf.conf.
--
2022-01-25 10:10:53 +01:00
Werner Koch
b7e1afe9a4
doc: Minor typo fixes
--
2022-01-24 22:22:34 +01:00
James Bottomley via Gnupg-devel
af2fbd9b01
agent: always use hexgrip when storing key password
--
The current code uses the binary ctrl->keygrip, but all the passphrase
storage engines expect this to be a string, so convert the binary
keygrip to a hex one before passing it in as the keyid.  This fixes a
crash seen in some libsecret implementations where a non-ascii keyid
isn't well handled.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2022-01-24 22:22:05 +01:00
Werner Koch
38e100acb7
gpg: Print Yubikey version correctly.
* g10/call-agent.c (learn_status_cb): Parse APPVERSION.
* g10/call-agent.h (struct agent_card_info_s): Add field appversion.
* g10/card-util.c (print_a_version): New.
(current_card_status): Print version from appversion.
--

This is a regression due to the PIV support.  Note that the newer
gpg-card worked correctly.

GnuPG-bug-id: 5787
2022-01-18 08:03:27 +01:00
Werner Koch
ec4a1cffb8
gpgconf: Add command aliases -L -K -R.
* tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts.
--

I have to type them to often ;-)
2022-01-12 20:27:14 +01:00
NIIBE Yutaka
4aeeaa65ad gpg: Fix adding the list of ultimate trusted keys.
* g10/keygen.c (do_generate_keypair): Remove another call to
update_ownertrust.
* g10/trust.c (update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.

--

GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-12 13:34:31 +09:00
Ingo Klöcker
b66854ac93 gpg: Report failed generation of subkey pair via status interface
* g10/keygen.c (generate_subkeypair): On error, write error and
"key not created" message to status interface.
--

This change allows users of the status/command interface to detect
errors when adding a subkey to a key. Similar status messages are
output by do_generate_keypair.

GnuPG-bug-id: 5771
2022-01-11 10:12:07 +01:00
Ingo Klöcker
19b1a28621 gpg: Request keygrip of key to add via command interface
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--

This change makes it possible to add an existing (sub)key to
another key via the status/command interface.

GnuPG-bug-id: 5771
2022-01-11 10:12:07 +01:00
Werner Koch
d445e19365
dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver.
* dirmngr/server.c (make_keyserver_item): Change mapping.
--

It turned out that having the old surfnet keyserver for unencrypted
connections is problematic because that server does not sync with the
Ubuntu server.

GnuPG-bug-id: 5751
2022-01-10 09:13:43 +01:00
Werner Koch
99a8b1f138
gpgtar: List and extract using extended headers.
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--

GnuPG-bug-id: 5754
2022-01-09 18:37:56 +01:00
Werner Koch
3a1c556b2c
gpgtar: Create extended header for long file names
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr.  Detect and store long file and link
names.  Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--

GnuPG-bug-id: 5754
2022-01-09 18:37:56 +01:00
NIIBE Yutaka
f9c9938b28 scd,pcsc: Fix error handling for a reader with reader-port.
* scd/apdu.c (apdu_open_reader): Make sure dl->idx is always
incremented to handle error from open_pcsc_reader correctly.

--

Reported-by: Anže Jenšterle
GnuPG-bug-id: 5758
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-04 14:56:29 +09:00
Werner Koch
4d52ba9431
doc: Fix the title of the man pages to GnuPG 2.3
--
2022-01-03 11:59:46 +01:00
Werner Koch
e836923175
po: Fix German translation
--

Option descriptions of --help should start with an uppercase letter.
2021-12-30 10:25:50 +01:00
Werner Koch
ec311425ca
doc: Typo fixes.
--
2021-12-30 10:24:36 +01:00
Werner Koch
42785d7c8a
gpgconf: Do not list ignored options and mark forced options as r/o.
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--
2021-12-30 10:19:55 +01:00
NIIBE Yutaka
85db1b1a3b build: Remove unused old m4 files.
* m4/glibc2.m4, m4/glibc21.m4: Remove.
* m4/intl.m4, m4/intldir.m4, m4/lock.m4: Remove.
* m4/intdiv0.m4, m4/intmax.m4, m4/inttypes-pri.m4: Remove.
* m4/inttypes.m4, m4/inttypes_h.m4, m4/longdouble.m4: Remove.
* m4/printf-posix.m4, m4/signed.m4, m4/size_max.m4: Remove.
* m4/stdint_h.m4, m4/sys_socket_h.m4, m4/uintmax_t.m4: Remove.
* m4/visibility.m4, m4/wchar_t.m4, m4/wint_t.m4, m4/xsize.m4: Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-22 13:30:10 +09:00