1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-12 21:58:50 +01:00
Commit Graph

257 Commits

Author SHA1 Message Date
NIIBE Yutaka
aa4a3aa3e7 g10: Fix iobuf API of filter function for alignment.
* include/iobuf.h (struct iobuf_struct): Remove DESC.
* util/iobuf.c (iobuf_desc): New.
(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
(file_filter, sock_filter, block_filter): Fill the description.
* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
g10/progress.c, g10/textfilter.c: Likewise.

--

Newer GCC warns against possible alignment difference of pointers.
This change can silence those warnings.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backported from 2.1 commit 3f52c7da39)
2016-01-26 15:38:27 +09:00
Werner Koch
52c6c30647
Switch to a hash and CERT record based PKA system.
* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen.  Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--

Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.

The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time.  Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified.  Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key.  Having a solid way of getting a key matching
a mail address is however a must have.

More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase.  The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from master.
(backported from commit 2fc27c8696)
2015-02-26 18:30:08 +01:00
Werner Koch
484d073058
Add new function strconcat.
* include/util.h (GNUPG_GCC_A_SENTINEL): New.
* util/strgutil.c (do_strconcat, strconcat): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-26 16:05:19 +01:00
Werner Koch
2e7a3ed390
Add convenience function to hash a buffer.
* cipher/sha1.c (sha1_hash_buffer): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-26 15:35:49 +01:00
Werner Koch
d2323ce6fd
Allow requesting only an IPGP certtype with dns_cert().
* util/cert.c (get_cert): Add arg want_ipgp.  Change callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-26 15:17:56 +01:00
NIIBE Yutaka
6cbc75e712 mpi: Avoid data-dependent timing variations in mpi_powm.
* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
(mpi_powm): Access all data in the table and use mpi_set_cond.

--

Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack.  This change fixes
this particular data-dependent access pattern.
2015-02-26 21:00:05 +09:00
Werner Koch
57af33d9e7
Use inline functions to convert buffer data to scalars.
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

This fixes sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.

(back ported from commit 2183683bd6)

Signed-off-by: Werner Koch <wk@gnupg.org>

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-02-23 10:47:26 +01:00
Werner Koch
b89f57fe5d mpi: Suppress set-but-unused-variables warnings.
* include/types.h (GNUPG_GCC_ATTR_UNUSED): Define for gcc >= 3.5.
* mpi/mpih-div.c (mpihelp_divmod_1, mpihelp_mod_1): Mark dummy as
 unused.
* mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.
--

Due to the use of macros and longlong.h, we use variables which are
only used by some architectures.  At least gcc 4.7.2 prints new
warnings about set but not used variables.  This patch silences them.
2014-08-20 13:25:17 +02:00
Werner Koch
27d0f32f77 gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.
(cherry picked from commit 4bde12206c)
(cherry picked from commit 0a805ed160)

Resolved conflicts:
	include/cipher.h
2013-10-04 20:53:51 +02:00
Werner Koch
801803ab6e Prepare for a forthcoming new algorithm id.
* include/cipher.h (PUBKEY_ALGO_ECC): New.
* g10/keyid.c (pubkey_letter): Add letter 'C'.
--

ID 22 will be used for generic ECC, i.e. one which can be used for
ECDSA and ECDH.  The only support in 1.4 will pretty printing the
algorithm id.
2013-07-25 10:37:41 +02:00
NIIBE Yutaka
212a325d42 gpg: signal handling fix
* include/dotlock.h (dotlock_remove_lockfiles_reclaim): New.
  (dotlock_destroy, dotlock_remove_lockfiles): Add a flag to reclaim
  memory or not.
* util/dotlock.c (dotlock_create): Use
  dotlock_remove_lockfiles_reclaim for atexit.
  (dotlock_destroy_unix, dotlock_destroy)
  (dotlock_remove_lockfiles): Add a reclaim flag.
  (dotlock_remove_lockfiles_reclaim): New.
* g10/signal.c (got_fatal_signal): Disable flag of reclaim memory to
  avoid non-async-face call.
* g10/keydb.c (maybe_create_keyring): Follow the API change.
* g10/gpgv.c: Follow the API change.

--

signal handler got_fatal_signal should not call non-async-signal-safe
functions.  When malloc is interrupted by a signal, it screws up.

This issue is reported:
https://bugs.g10code.com/gnupg/issue1515
http://bugs.debian.org/399904
2013-07-12 17:26:55 +09:00
Werner Koch
3d56d486e1 Remove trailing white space from some files
--
2012-12-19 14:05:56 +01:00
David Shaw
f2f12f41ef Fix issue 1446: honor ports given in SRV responses.
* common/http.c (send_request, connect_server, http_open): Use a
  struct srv instead of a single srvtag so we can pass the chosen host
  and port back to the caller.
  (connect_server): Use the proper port in the HAVE_GETADDRINFO case.

* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
  chosen host and port.

* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.

Backported from ba9e974f1f
2012-12-18 21:58:53 -05:00
Werner Koch
8044a5acea Add meta option ignore-invalid-option.
* util/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--

This option is currently of no use.  However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG.  For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option".  To avoid that the following line can be put
above that option in gpg.conf

  ignore-invalid-option foobar

This meta option may be given several times or several option names
may be given as arguments (space delimited).  Note that this option is
not available on the command line.

(backported from commit 41d564333d)
2012-12-18 18:26:56 +01:00
Werner Koch
e33e74e3a4 Fix potential heap corruption in "gpg -v --version"
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
* util/membuf.c (put_membuf_str): New.
(get_membuf): Make LEN optional.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
2012-12-15 11:28:00 +01:00
Thomas Klausner
6a41f385c4 Handle systems which have uint64_t but not the UINT64_C macro.
* include/types.h (U64_C) [!UINT64_C]: Add simple replacement.

--
This could happen with UNIX98-type systems, such as the code on
the netbsd-1-5 branch, and would prevent this package from building
on such systems.
2012-11-06 17:55:31 +01:00
Werner Koch
6209066437 Indent nested cpp directives for better readability.
--
2012-11-06 17:44:11 +01:00
David Shaw
cb8ebf792e Distribute dotlock.h 2012-01-11 01:23:59 -05:00
Werner Koch
b9333cd890 Replace file locking by the new portable dotlock code.
* include/dotlock.h: New.  From current gnupg master.
* util/dotlock.c: Ditto.  Include util.h.  The major changes done in
master are: Factor Unix and W32 specific code out into specific
functions.  Define HAVE_POSIX_SYSTEM.  Rearrange some functions.
(disable_dotlock): Rename to dotlock_disable.
(create_dotlock): Rename to dotlock_create and add a dummy arg.
(destroy_dotlock): Rename to dotlock_destroy.
(make_dotlock): Rename to dotlock_take.
(release_dotlock): Rename to dotlock_release.
(remove_lockfiles): Rename to dotlock_remove_lockfiles.
2012-01-10 15:16:44 +01:00
Werner Koch
120b0ce136 Generate the ChangeLog from commit logs.
* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* scripts/git-hooks/commit-msg: New script.
* autogen.sh: Install commit-msg hook for git.
* doc/HACKING: Describe the ChangeLog policy.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
2011-12-02 21:33:07 +01:00
Werner Koch
76b73caf91 Rename all ChangeLog files to ChangeLog-2011.
* ChangeLog: New file.
2011-12-02 19:42:56 +01:00
Werner Koch
04b0b050ff Add pubkey letters e and E for ECC.
This does not mean we have any kind of ECC support now.  It is merely
to avoid printing a question mark for the algorithm.

Trailing white space changes as usual.
2011-07-01 10:21:08 +02:00
Werner Koch
aa29ba1689 Minor changes to help the VMS port 2010-09-28 10:07:30 +00:00
Werner Koch
7956620485 Fix a W32 problem 2009-09-03 15:27:30 +00:00
Werner Koch
20fe42d10b Restructured the compat functions and changed its license.
New fucntion xstrconcat for future use.
2009-08-25 20:00:24 +00:00
David Shaw
00310b1aa8 Try and detect mis-coded Latin1 and convert it to UTF8. Whether the
heuristics succeed or not, the resulting string must be valid UTF8 as
LDAP requires that.  This is bug 1055.
2009-08-12 05:01:08 +00:00
Werner Koch
3459c6b015 First set of changes to backport the new card code from 2.0.
For compatibility reasons a few new files had to be added.
Also added estream-printf as this is now used in app-openpgp.c and provides
a better and generic asprintf implementation than the hack we used for the
W32 code in ttyio.c.  Card code is not yet finished.
2009-07-21 14:30:13 +00:00
David Shaw
e8436d575e Avoid caches to get the most recent copy of the key. This is bug
#1061
2009-05-26 14:15:56 +00:00
Werner Koch
0bbe6eda34 Fixed bug1058. 2009-05-22 15:38:49 +00:00
Werner Koch
631a0de335 Backport of Creation-Date parameter for unattended key generation. 2009-05-05 11:44:56 +00:00
David Shaw
a1ec7163d9 Distribute srv.h 2009-04-06 03:18:30 +00:00
David Shaw
2933e3d094 * srv.h: Move to include/srv.h.
* http.c (send_request): Pass in srvtag...  (http_open): ...from here.
2009-04-06 03:18:07 +00:00
David Shaw
a929f4c78e * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): Add
a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).

* http.h: Allow passing srvtag to http_open and http_open_document.

 * http.c (http_open, http_open_document): Allow passing srvtag to
http_open and http_open_document.
2009-04-03 03:59:07 +00:00
David Shaw
18f6e7e5d8 Add Camellia-192. 2008-04-17 17:40:30 +00:00
David Shaw
bc15e25d7a Add 128-bit variant of Camellia. 2007-11-29 14:51:08 +00:00
Werner Koch
9a2a818887 Switched to GPLv3.
Updated gettext.
2007-10-23 10:48:09 +00:00
Werner Koch
d1a13319bb Improved detection of ketrings specified several times. 2007-08-24 09:51:58 +00:00
David Shaw
7cf79c128a Add Camellia. Do not enable this if you are not doing interop
testing.  It is not (yet) legal OpenPGP, is not interop tested yet
(obviously), and it's a great way to lose your data.  Just don't do
it.
2007-06-13 15:28:11 +00:00
David Shaw
20af3fea15 Move some ascii_foo functions to libcompat 2007-04-16 22:32:28 +00:00
Werner Koch
9f433cccca Removed the use of g10defs.h.
This required some code cleanups and the introduction of
a few accessor ducntions in mpi.
2006-12-11 19:54:53 +00:00
Werner Koch
d8ff6704c8 Preparing a release 2006-12-06 09:52:40 +00:00
David Shaw
da5efeb143 Add compat.h to distfiles 2006-09-28 20:12:32 +00:00
David Shaw
6f32b4e4d1 Move strsep() and ascii_isspace() to libcompat. 2006-09-28 19:53:17 +00:00
David Shaw
b17fcc5d51 Put in the basic wiring (just hextobyte for now) for a libcompat.a that
can contain replacement files that can be linked to keyserver helpers
without bringing in the whole libutil.a.  libutil.a contains a complete 
copy of libcompat.a so we only need to link to one of them.
2006-09-28 19:36:55 +00:00
Werner Koch
ccd5fc4758 Fixed memory allocation bug and typos. 2006-07-26 11:25:36 +00:00
David Shaw
2f94329422 The plumbing necessary to create DSA keys with variable sized q.
Not yet used (q==160).
2006-04-20 18:40:37 +00:00
David Shaw
f0902a6aef Add SHA-224 support 2006-04-20 02:05:32 +00:00
David Shaw
e0ad2bda52 * cert.c (get_cert): Handle the fixed IPGP type with fingerprint. 2006-03-16 22:40:04 +00:00
Werner Koch
966cd80d88 Fixed a wrong return code with gpg --verify 2006-02-14 10:17:57 +00:00
David Shaw
7f13d486b0 New code to do DNS CERT queries. 2005-12-23 18:15:24 +00:00