1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

756 Commits

Author SHA1 Message Date
Werner Koch
d2b0e61313 gpg: Fix possible read of unallocated memory
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--

The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.

This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done.  The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen.  Nevertheless such a bug needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-13 10:44:11 +09:00
NIIBE Yutaka
4f0d526b7d gpg: release DEK soon after its use.
* g10/keygen.c (generate_subkeypair): Release DEK soon.

--

This fixes the out_of_core error in the test case of adding
RSA-4096 subkey to RSA-4096 primary key with configuration:

    s2k-cipher-algo S10

Debian-bug-id: 772780

Cherry-picked da66ad5bba4215b9ddd0cb927a89aa75355632aa from
STABLE-BRANCH-1-4 branch.
2014-12-12 17:46:45 +09:00
Werner Koch
1f9dfe1fed gpg: Fix use of uninit.value in listing sig subpkts.
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8)
2014-11-24 19:27:20 +01:00
Werner Koch
7a068ac50b gpg: Fix off-by-one read in the attribute subpacket parser.
* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 0988764397f99db4efef1eabcdb8072d6159af76)
2014-11-24 19:27:20 +01:00
Werner Koch
92a7949ae6 gpg: Fix a NULL-deref for invalid input data.
* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)
2014-11-24 19:27:20 +01:00
Werner Koch
a5ca45e616 gpg: Make the use of "--verify FILE" for detached sigs harder.
* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 69384568f66a48eff3968bb1714aa13925580e9f)
2014-11-14 09:36:19 +01:00
Werner Koch
da95d0d378 gpg: Add import option "keep-ownertrust".
* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import

(cherry-picked from commit ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39)
2014-11-12 10:23:53 +01:00
Werner Koch
eb756e2510 gpg: Show v3 key fingerprints as all zero.
* g10/keyid.c (fingerprint_from_pk): Show v3 fingerprints as all zero.
--

MD5 is considered broken for a long time now.  To make it easier for
users to notice that a listing shows a v3 key, the fingerprint is now
displayed as 16 zero bytes unless --allow-weak-digest-algos is active.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-11 19:44:13 +02:00
Werner Koch
9112fed78b gpg: Avoid using cached MD5 signature status.
* g10/sig-check.c (check_key_signature2): Avoid using a cached MD5
signature status.
* g10/keyring.c (keyring_get_keyblock): Ditto.
(write_keyblock): Ditto.

* g10/sig-check.c (do_check): Move reject warning to ...
* g10/misc.c (print_md5_rejected_note): new.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-11 19:41:51 +02:00
Daniel Kahn Gillmor
f952fe8c6d gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from
STABLE-BRANCH-1-4 against STABLE-BRANCH-2-0

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732
2014-10-03 20:24:03 +02:00
Daniel Kahn Gillmor
dcb5fa8747 gpg: --compress-sigs and --compress-keys are not no-ops in 2.0
* g10/gpg.c: Cleanup argument parsing.

--

c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab mistakenly marked
compress-sigs and compress-keys as no-ops on the 2.0.x branch.

These options still have an effect on the 2.0.x branch, and the
duplicate declaration also causes the gpg argument parser to fail when
shortened versions of the option are present, like:

  gpg: option "--compress-k" is ambiguous
2014-10-02 16:09:01 +02:00
Daniel Kahn Gillmor
3e14da863a gpg: Avoid duplicate declaration of {no-,}sk-comments noops.
* g10/gpg.c: Cleanup argument parsing.

--

With c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab, the GnuPG 2.0.x branch
accidentally introduced a second (identical) argument parser for both
--sk-comments, and for --no-sk-comments.

This caused short versions (e.g. omitting the trailing "s", as gpgme
does) of either command to fail with:

   gpg: option "--sk-comment" is ambiguous
2014-10-02 16:08:06 +02:00
Werner Koch
36179da032 gpg: Default to SHA-256 for all signature types on RSA keys.
* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
--

(Backported from commit d33246700578cddd1cb8ed8164cfbba50aba4ef3)
2014-09-27 15:36:02 +02:00
Werner Koch
b9b6ac9d26 gpg: Add shortcut for setting key capabilities.
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
2014-09-26 14:44:44 +02:00
Daniel Kahn Gillmor
c76117f8b0 gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
* g10/gpg.c: Add config options that should belong in scdaemon.conf
* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

--

In gpg2, the following options are only relevant for scdaemon:

 reader-port
 ctapi-driver
 pcsc-driver
 disable-ccid

but in gpg1, they are options for gpg itself.

Some users of gpg1 might have these options in their
~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that
config file.

gpg2 should not fail hard, though giving a warning (and suggesting a
move to scdaemon.conf) seems OK.

This patch does *not* reintroduce any documentation for these options
in gpg.texi, even to indicate that they are "dummy" options, since
scdaemon.texi contains the appropriate documentation.

Debian-bug-id: 762844

Program names factored out from obsolete_scdaemon_option to make
reuse without new translations easier. -wk

This is a backport of commit 371c2b14b0347209efd23b4e54e1981a12d7aeab
with parts of 20c6da50d4f6264d26d113d7de606971f719a0ca but without those
which would change existing translated strings. -wk
2014-09-25 22:28:36 +02:00
Kristian Fiskerstrand
07006c9916 gpg: Need to init the trustdb for import.
* g10/trustdb.c (clear_ownertrusts): Init trustdb.

--

This was fixed in 1.4 branch in commit
23191d7851eae2217ecdac6484349849a24fd94a but was not applied to the
2.0 branch that exhibits the same problem. This is actually a hack
to fix a bug introduced with commit 2528178.

GnuPG-bug-id: 1622
2014-09-03 09:46:30 +02:00
Werner Koch
c45b9819e8 gpg: Allow for positional parameters in the passphrase prompt.
* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
--

Without that at least the French translation does not always work
because it requires positional parameters.  Windows for example does
not support them as they are not defined by C99 but by POSIX.
2014-08-26 10:16:44 +02:00
Werner Koch
90397c9343 Remove trailing white space from two files.
--
2014-08-12 16:03:02 +02:00
Werner Koch
088f82c0b5 gpg: Fix regression due to the keyserver import filter.
* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
to take subpakets in account.
* g10/import.c (import_one, import_secret_one): Pass keyblock to
filter.
--

GnuPG-bug-id: 1680
2014-08-06 17:11:21 +02:00
Werner Koch
25d5480e98 gpg: Add kbnode_t for easier backporting.
* g10/gpg.h (kbnode_t): New.
2014-08-06 17:09:15 +02:00
Simon Josefsson
4500d3cb6d Add OpenPGP card manufacturer Yubico (6). 2014-07-21 16:05:54 +02:00
Werner Koch
9a1e195348 gpg: Cap size of attribute packets at 16MB.
* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--

Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload.  This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte.  The fix is
obvious.

In addition we cap the size of attribute packets similar to what we do
with user id packets.  OpenPGP keys are not the proper way to store
movies.

Resolved conflicts:
	g10/parse-packet.c - indentation.  Use plain fprintf.
2014-07-21 14:46:41 +02:00
Werner Koch
48d92bcc88 gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
2014-06-27 09:50:54 +02:00
Werner Koch
044847a0e2 gpg: Make screening of keyserver result work with multi-key commands.
* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
(keyserver_retrieval_filter): Use new struct and check all
descriptions.
(keyserver_spawn): Pass filter arg suing the new struct.
--

This is a fix for commit 5e933008.

The old code did only work for a single key.  It failed as soon as
several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
B C").
2014-06-25 14:33:34 +02:00
Kristian Fiskerstrand
1242a72923 gpg: Fix a couple of spelling errors 2014-06-24 14:37:26 +02:00
Werner Koch
8e39fe810d gpg: Do not link gpgv against libassuan.
* g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS.
--

This is not required.

GnuPG-bug-id: 1533
2014-06-24 13:52:02 +02:00
Werner Koch
2daa112a74 Improve configure option --with-libgpg-error-prefix
--
GnuPG-bug-id: 1561

Note that this is not a complete solution.  The libgpg-error include
directory has now a higher preference but ld may not pick up the right
library if another one is installed.  The problem is that the -L
option and the -l options are not emitted separately by
gpg-error-config.
2014-06-24 10:36:15 +02:00
Werner Koch
76b0b076d0 gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
INV_RECP.
--

GnuPG-bug-id: 1650

Note that this patch is a bit more limited than the one in 2.1.
2014-06-24 10:08:39 +02:00
Werner Koch
9607bc0b9f gpg: Make show-uid-validity the default. 2014-06-24 09:53:46 +02:00
Stefan Tomanek
5e933008be gpg: Screen keyserver responses.
* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()

--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.

Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>

Re-indention and minor changes by wk.

Resolved conflicts:
	g10/import.c
	g10/keyserver.c
	g10/main.h
2014-06-24 09:53:04 +02:00
Werner Koch
e790671cb3 gpg: Allow key-to-card upload for cert-only keys
* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
--

Suggested-by: Dominik Heidler <dominik@heidler.eu>
2014-06-24 09:13:38 +02:00
Werner Koch
014b2103fc gpg: Avoid infinite loop in uncompressing garbled packets.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--

A packet like (a3 01 5b ff) leads to an infinite loop.  Using
--max-output won't help if it is a partial packet.  This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed
report.
2014-06-20 20:24:52 +02:00
Werner Koch
d7750a15d5 gpg: New %U expando for the photo viewer.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--

This makes is possible to extract all photos ids from a key to
different files.

(cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5)

Resolved conflicts:
	g10/photoid.c - whitespaces
2014-06-03 08:55:31 +02:00
Werner Koch
8a4bd132f7 gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
--
(cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c)

Resolved conflicts:
	g10/gpg.c - adjust.
	tests/openpgp/defs.inc - no changes
2014-06-03 08:44:08 +02:00
Werner Koch
3d4a36c8c9 gpg: Remove useless diagnostic in MDC verification.
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to
understand.
2014-06-03 08:05:54 +02:00
Werner Koch
3c3d1ab35d gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639
2014-06-03 08:05:50 +02:00
Werner Koch
6af194038a gpg: Graceful skip reading of corrupt MPIs.
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--

This gets gpg 2.x in sync to what gpg 1.4 does.  No need to die for a
broken MPI.

GnuPG-bug-id: 1593
2014-06-02 18:38:04 +02:00
Werner Koch
ce989354fb gpg: Simplify default key listing.
* g10/mainproc.c (list_node): Rework.
--

The old code still merged the first user id into the key packet line
which resulted in all kind of complexity.  --fixed-list-mode is
meanwhile the default and thus we also change this part of the code.

GnuPG-bug-id: 1640
2014-06-02 17:33:18 +02:00
Werner Koch
88ac956836 gpg: Fix bug parsing a zero length user id.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--

The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte.  With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte.  Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".

The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.

(cherry picked from commit 99972bd6e9abea71f270284f49997de5f00208af)

Resolved conflicts:
	g10/getkey.c - ignore whitespace changes.
2014-06-02 11:56:06 +02:00
Werner Koch
b896fccaad gpg: Print a warning if GKR has hijacked gpg-agent.
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--

Note that GUIs may use the gpg status line

[GNUPG:] ERROR check_hijacking 33554509

to detect this and print an appropriate warning.
2014-04-22 12:45:55 +02:00
Werner Koch
efecbb7a3f gpg: Fix use of deprecated RSA_E and RSA_E with newer libgcrypts.
* g10/misc.c (pubkey_get_npkey): Map RSA_E and RSA_S to RSA.
(pubkey_get_nskey): Ditto.
(pubkey_get_nsig): Ditto.
(pubkey_get_nenc): Ditto.
(pubkey_nbits): Take care of RSA_E and RSA_S.
--

The problem was that parse_key did not know about RSA_S and thus used
an opaque MPI which later crashed Libgcrypt. It is possible to fix
that also in Libgcrypt but we better do it here as well.

A test key using RSA_S is 0x98EEB6F7D87171CF.

Reported-by: Hanno Böck
2014-04-16 14:50:02 +02:00
Werner Koch
3ae90ff28c gpg: Change --show-session-key to print the session key earlier.
* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 101a54add351ff62793cbfbf3877787c4791f833)

Resolved Conflicts:
	doc/DETAILS    - removed
	g10/cpr.c      - replace estream fucntion by stdio.
	g10/mainproc.c - Adjust for changed calling convention.
2013-12-11 10:33:25 +01:00
Werner Koch
fd5f452496 gpg: Change armor Version header to emit only the major version.
* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e951782e937ce290be0d89d83e84b3daea997587)

Resolved conflicts:
	NEWS
	g10/armor.c
	g10/gpg.c
2013-11-27 09:32:43 +01:00
Werner Koch
1a0eeaacd1 gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-11 09:25:58 +02:00
Werner Koch
6286d01ba3 gpg: Fix --version output and explicitly disable ECC.
* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E.  Return an error for ECC algos.
(openpgp_pk_test_algo2):  Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--

Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks.  This patches fixes that and
also make sure that gpg does advertise any ECC features.  The patch in
build_list is not really needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-11 09:18:01 +02:00
Werner Koch
0bf54e60d3 gpg: Print a "not found" message for an unknown key in --key-edit.
* g10/keyedit.c (keyedit_menu): Print message.
--

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 18:34:56 +02:00
Werner Koch
1f842011f6 gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.
* g10/misc.c (print_pubkey_algo_note): Map the algo.
(openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
(pubkey_get_nenc): Return 0 for ECC algorithms.
--

Libgcrypt 1.6 features algorithm 18 (generic ECC).  Because of the
missing mapping and no real support for the OpenPGP ECC format, this
led to parsing errors of ECC packets.  We better better explicitly
tell gpg that we ECC is not supported.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 18:01:40 +02:00
Werner Koch
e7abed3448 gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 13:44:39 +02:00
Daniel Kahn Gillmor
dd868acb0d gpg: Allow setting of all zero key flags
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
2013-10-04 08:54:25 +02:00
Werner Koch
0a805ed160 gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.
(cherry picked from commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf)
2013-10-04 08:53:49 +02:00