1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-21 14:47:03 +01:00

2827 Commits

Author SHA1 Message Date
Dario Niedermann
877e3073d7
Do not use C99 feature.
* cipher/rsa.c (secret): Move var decl to the beginning.
--

Trivial patch; ChangeLog written by wk.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-10 15:45:59 +01:00
Jeremie Courreges-Anglas
96f3b1de1c
build: Don't use /dev/srandom on OpenBSD
--
All /dev/*random devices have been equivalent since OpenBSD 4.9, on
purpose (/dev/random doesn't block).  /dev/srandom has been removed in
the OpenBSD 6.3 development cycle, /dev/arandom will likely follow.

Signed-off-by: Jeremie Courreges-Anglas <jca@wxcvbn.org>
2017-11-02 20:19:03 +01:00
Frans Spiesschaert
aa26eda8ab po: update Dutch translation.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-09-06 16:28:29 -04:00
Marcus Brinkmann
eb15d5ed8e doc: Remove documentation for future option --faked-system-time.
doc/gpg.texi: Remove documentation for --faked-system-time.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3329
2017-08-04 20:24:27 +02:00
Daniel Kahn Gillmor
9832a4bacf debian: Remove packaging from upstream repository.
Debian packaging for GnuPG is handled in debian git repositories, and
doesn't belong here in the upstream repository.  The packaging was
significantly out of date anyway.

If you're looking for debian packaging for the 1.4 branch of GnuPG,
please use the following git remote:

    https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-02 08:37:09 -04:00
Joe Hansen
12afc37a94 po: Update Danish translation
Originally reported at:
http://lists.gnupg.org/pipermail/gnupg-i18n/2014-November/000308.html

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-02 03:10:20 -04:00
Frans Spiesschaert
6d5c5204d7 po: Update Dutch translation
Debian-Bug-Id: 845695
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-02 03:07:16 -04:00
Manuel Venturi Porras Peralta
76239356bc po: Update Spanish translation
Debian-Bug-Id: 814541
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-01 12:45:41 -04:00
Werner Koch
84603a0269
Post release updates
--
2017-07-19 11:37:01 +02:00
Werner Koch
6153268aaf
Release 1.4.22 gnupg-1.4.22 2017-07-19 11:19:40 +02:00
Åka Sikrom
5f7667eca8
po: Update Norwegian translation
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-19 11:00:54 +02:00
Werner Koch
9937aa8fda
build: Avoid check gpg --version during make distcheck.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-19 10:55:44 +02:00
Werner Koch
aababe237d
indent: Fix indentation of an if block.
--
2017-07-19 10:12:00 +02:00
NIIBE Yutaka
6b4abf1d49 gpg: Fix memory leak.
* g10/textfilter.c (copy_clearsig_text): Free the buffer.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backport from master commit:
6b9a89e4c7d6f19de62e0a908a8d80c98bf99819)
2017-07-07 21:53:12 +09:00
NIIBE Yutaka
1b1f44846b rsa: Reduce secmem pressure.
* cipher/rsa.c (secret): Don't keep secmem.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-07 21:51:42 +09:00
NIIBE Yutaka
994d5b7075 rsa: Allow different build directory.
* cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs.
* cipher/rsa.c: Change include file.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-07 21:20:56 +09:00
Marcus Brinkmann
8fd9f72e1b rsa: Add exponent blinding.
* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
nonce R for mpi_powm computation.

--

Backport of libgcrypt 8725c99ffa41778f382ca97233183bcd687bb0ce.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
2017-07-07 21:03:10 +09:00
NIIBE Yutaka
554ded4854 mpi: Minor fix for mpi_pow.
* mpi/mpi-pow.c (mpi_powm): Fix allocation size.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-07 15:12:00 +09:00
NIIBE Yutaka
12029f83fd mpi: Same computation for square and multiply for mpi_pow.
* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
the assignment to base_u into the loop.  Copy content refered by RP to
BASE_U except the last of the loop.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backport commit of libgcrypt master:
78130828e9a140a9de4dafadbc844dbb64cb709a)
2017-07-07 14:38:19 +09:00
NIIBE Yutaka
b38f4489f7 mpi: Simplify mpi_powm.
* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.

--

(backport of libgcrypt master commit:
 719468e53133d3bdf12156c5bfdea2bf15f9f6f1)

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-07 14:26:39 +09:00
Marcus Brinkmann
782f804765 mpi: Fix ARM assembler in longlong.h.
* mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
[__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC.

--
This is a backport of libgcrypt 8aa4f2161 and 3b1cc9e6c.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3182
2017-07-04 23:19:51 +02:00
Marcus Brinkmann
7b045f539e doc: Fix typo.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3243
2017-07-03 11:02:42 +02:00
Ineiev
2c2121ff3c g10: Fix secmem leak.
* g10/keygen.c (proc_parameter_file): Fix secmem leak.

--

proc_parameter_file adds certain parameters to the list in the PARA
argument; however, these new entries are leaked because they
are added to head, while the PARA list is released by the caller
of proc_parameter_file.

GnuPG-bug-id: 1371
Signed-off-by: Ineiev <ineiev@gnu.org>
2017-05-10 14:09:54 +09:00
Werner Koch
bb61191aad
gpg: Fix exporting of zero length user ID packets.
* g10/build-packet.c (do_user_id): Avoid indeterminate length header.
--

We are able to import such user ids but when exporting them the
exported data could not be imported again because the parser bails out
on invalid keyrings.  This is now fixed and should be backported.

Note that in 1.4 and 2.0 this is only an issue for attribute packets.
In 2.1 user IDs were also affected.a

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 10:54:10 +02:00
Daniel Kahn Gillmor
23944d0249 spelling: Correct achived to achieved.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-02 13:20:24 +01:00
Neal H. Walfield
f2acaa5d78 tools: Fix option parsing for gpg-zip.
* tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
Correctly set TAR when --tar is specified.  Pass TAR_ARGS to tar.

(cherry-picked by dkg from master branch's
84ebf15b06e435453b2f58775f97a3a1c61a7e55)

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Michael Mönch <michael.moench@marktjagd.de>
GnuPG-bug-id 1351
GnuPG-bug-id 1442
2016-11-02 13:16:52 +01:00
Åka Sikrom
82bc22aa13
po: Update Norwegian translation
--

Minor change: Re-insert the old copyright year 2004. - wk
2016-08-18 16:48:54 +02:00
Werner Koch
06db04ba66
Post release updates
--
2016-08-17 15:29:13 +02:00
Werner Koch
47531220e5
Release 1.4.21 gnupg-1.4.21 2016-08-17 15:08:55 +02:00
Werner Koch
5e1843fc47
gpg: Add dummy option --with-subkey-fingerprint.
* g10/gpg.c (opts): Add dummy option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-17 14:50:35 +02:00
Werner Koch
03376ed88a
po: Auto update
--
2016-08-17 14:41:16 +02:00
Werner Koch
56792b1191
build: Create a swdb file during "make distcheck".
* Makefile.am (distcheck-hook): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-17 14:39:26 +02:00
Werner Koch
96fe65bc46
build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
--
2016-08-17 14:36:25 +02:00
Ineiev
851a9de23a
po: Update Russian translation 2016-08-17 14:31:12 +02:00
Werner Koch
c6dbfe8990
random: Hash continuous areas in the csprng pool.
* cipher/random.c (mix_pool): Store the first hash at the end of the
pool.
--

This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG.
An attacker who obtains 580 bytes of the random number from the
standard RNG can trivially predict the next 20 bytes of output.

This bug does not affect the default generation of
keys because running gpg for key creation creates at most 2 keys from
the pool: For a single 4096 bit RSA key 512 byte of random are
required and thus for the second key (encryption subkey), 20 bytes
could be predicted from the the first key.  However, the security of
an OpenPGP key depends on the primary key (which was generated first)
and thus the 20 predictable bytes should not be a problem.  For the
default key length of 2048 bit nothing will be predictable.

For the former default of DSA+Elgamal key it is complicate to give an
answer: For 2048 bit keys a pool of 30 non-secret candidate primes of
about 300 bits each are first created.  This reads at least 1140 bytes
from the pool and thus parts could be predicted.  At some point a 256
bit secret is read from the pool; which in the worst case might be
partly predictable.

The bug was found and reported by Felix Dörre and Vladimir Klebanov,
Karlsruhe Institute of Technology.  A paper describing the problem in
detail will shortly be published.

CVE-id: CVE-2016-6313
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-17 11:15:50 +02:00
Werner Koch
e23eec8c9a
cipher: Improve readability by using a macro.
* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-17 11:03:07 +02:00
Daniel Kahn Gillmor
61539efc2b gpg: Avoid publishing the GnuPG version by default
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

--

The version of GnuPG in use is not particularly helpful.  It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.

Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.

It's probably better to take the more parsimonious approach to
metadata production by default.

(backport of master commit c9387e41db7520d176edd3d6613b85875bdeb32c)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-09 12:33:44 +02:00
Daniel Kahn Gillmor
15d1327234 Clean up "allow to"
* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
  "allow to" with clearer text

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-04 12:37:41 +02:00
Daniel Kahn Gillmor
1820889e3c Fix spelling: "occured" should be "occurred"
* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
  util/regcomp.c, util/regex_internal.c: correct the spelling of
  "occured" to "occurred"

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-04 12:37:34 +02:00
NIIBE Yutaka
f474b161f6 g10: Fix checking key for signature validation.
* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.

--

(backport of master
commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-04 17:14:26 +09:00
Justus Winter
0f6bda4ccd Partially revert "g10: Fix another race condition for trustdb access."
This amends db246f8b which accidentally included the compiled
translation files.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-08-03 17:18:43 +02:00
NIIBE Yutaka
cf01cf8b88 gpgv: Tweak default options for extra security.
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status.  Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.

--

(backport of master
commit e32c575e0f3704e7563048eea6d26844bdfc494b)

It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings.  In such a use case, it is possible that
the key validation itself is skipped.

For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-09 10:41:08 +09:00
NIIBE Yutaka
ca1fc59626 g10: Fix keysize with --expert.
* g10/keygen.c (ask_keysize): It's 768 only for DSA.

--

GnuPG-bug-id: 2238
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-06 11:45:05 +09:00
NIIBE Yutaka
39e32d375e g10: Fix --list-packets.
* g10/gpg.c (main): Call set_packet_list_mode after assignment of
opt.list_packets.
* g10/mainproc.c (do_proc_packets): Don't stop processing with
--list-packets as the comment says.
* g10/options.h (list_packets): Fix the comment.
* g10/parse-packet.c: Fix the condition for opt.list_packets.

--

(backport from 2.0 commit 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b
which is backport of master
commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a)

Debian-bug-id: 828109
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-28 16:10:14 +09:00
Niibe Yutaka
db246f8b18 g10: Fix another race condition for trustdb access.
* g10/tdbio.c (create_version_record): Call create_hashtable to always
make hashtable, together with the version record.
(get_trusthashrec): Remove call to create_hashtable.

--

GnuPG-bug-id: 1675
Thanks to Scott Moser to reproducible script and patience.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(backport from master
 commit 35a3ce2acf78a95fecbccfd8db0560cca24232df)
2016-06-15 09:01:00 +09:00
Werner Koch
536c721183
doc: Remove non-implemented option --skip-hidden-recipients.
--

GnuPG-bug-id: 1394

Note that --try-secret-key was already removed with commit
2889a70c102271a1b6ff529bafb6748c4e773014

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 18:03:43 +02:00
Werner Koch
bedcef6352
doc: Explain that gpg-preset-passphrase can't be used.
--
2016-04-22 10:00:30 +02:00
Justus Winter
6a9e8e9161 po: Fix misleading german translation.
--
GnuPG-bug-id: 2239
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-04 18:06:32 +02:00
NIIBE Yutaka
d957e4388f g10: Make sure to have the directory for trustdb.
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
the directory and create it if none before calling take_write_lock.

--

Thanks to Marc Deslauriers for the bug report and his patch.

GnuPG-bug-id: 2246

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backport from master
 commit 2f3e42047d17313eeb38d354048f343158402a8d)
2016-02-12 10:18:29 +09:00
Werner Koch
22caa5c2d4
Fix possible sign extension problem with newer compilers.
* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
* cipher/blowfish.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
* cipher/camellia.c (CAMELLIA_RR8): Ditto.
* cipher/cast5.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
(do_cast_setkey): Ditto.
* cipher/twofish.c (INPACK): Ditto.
* util/iobuf.c (block_filter): Ditto.
--

For cipher/des.c
Reported-by: Balint Reczey <balint@balintreczey.hu>

See commit 57af33d9e7c9b20b413b96882e670e75a67a5e65 for details.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-01 18:15:28 +01:00