1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

728 Commits

Author SHA1 Message Date
Werner Koch
9607bc0b9f gpg: Make show-uid-validity the default. 2014-06-24 09:53:46 +02:00
Stefan Tomanek
5e933008be gpg: Screen keyserver responses.
* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()

--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.

Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>

Re-indention and minor changes by wk.

Resolved conflicts:
	g10/import.c
	g10/keyserver.c
	g10/main.h
2014-06-24 09:53:04 +02:00
Werner Koch
e790671cb3 gpg: Allow key-to-card upload for cert-only keys
* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
--

Suggested-by: Dominik Heidler <dominik@heidler.eu>
2014-06-24 09:13:38 +02:00
Werner Koch
014b2103fc gpg: Avoid infinite loop in uncompressing garbled packets.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--

A packet like (a3 01 5b ff) leads to an infinite loop.  Using
--max-output won't help if it is a partial packet.  This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed
report.
2014-06-20 20:24:52 +02:00
Werner Koch
d7750a15d5 gpg: New %U expando for the photo viewer.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--

This makes is possible to extract all photos ids from a key to
different files.

(cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5)

Resolved conflicts:
	g10/photoid.c - whitespaces
2014-06-03 08:55:31 +02:00
Werner Koch
8a4bd132f7 gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
--
(cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c)

Resolved conflicts:
	g10/gpg.c - adjust.
	tests/openpgp/defs.inc - no changes
2014-06-03 08:44:08 +02:00
Werner Koch
3d4a36c8c9 gpg: Remove useless diagnostic in MDC verification.
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to
understand.
2014-06-03 08:05:54 +02:00
Werner Koch
3c3d1ab35d gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639
2014-06-03 08:05:50 +02:00
Werner Koch
6af194038a gpg: Graceful skip reading of corrupt MPIs.
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--

This gets gpg 2.x in sync to what gpg 1.4 does.  No need to die for a
broken MPI.

GnuPG-bug-id: 1593
2014-06-02 18:38:04 +02:00
Werner Koch
ce989354fb gpg: Simplify default key listing.
* g10/mainproc.c (list_node): Rework.
--

The old code still merged the first user id into the key packet line
which resulted in all kind of complexity.  --fixed-list-mode is
meanwhile the default and thus we also change this part of the code.

GnuPG-bug-id: 1640
2014-06-02 17:33:18 +02:00
Werner Koch
88ac956836 gpg: Fix bug parsing a zero length user id.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--

The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte.  With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte.  Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".

The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.

(cherry picked from commit 99972bd6e9abea71f270284f49997de5f00208af)

Resolved conflicts:
	g10/getkey.c - ignore whitespace changes.
2014-06-02 11:56:06 +02:00
Werner Koch
b896fccaad gpg: Print a warning if GKR has hijacked gpg-agent.
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--

Note that GUIs may use the gpg status line

[GNUPG:] ERROR check_hijacking 33554509

to detect this and print an appropriate warning.
2014-04-22 12:45:55 +02:00
Werner Koch
efecbb7a3f gpg: Fix use of deprecated RSA_E and RSA_E with newer libgcrypts.
* g10/misc.c (pubkey_get_npkey): Map RSA_E and RSA_S to RSA.
(pubkey_get_nskey): Ditto.
(pubkey_get_nsig): Ditto.
(pubkey_get_nenc): Ditto.
(pubkey_nbits): Take care of RSA_E and RSA_S.
--

The problem was that parse_key did not know about RSA_S and thus used
an opaque MPI which later crashed Libgcrypt. It is possible to fix
that also in Libgcrypt but we better do it here as well.

A test key using RSA_S is 0x98EEB6F7D87171CF.

Reported-by: Hanno Böck
2014-04-16 14:50:02 +02:00
Werner Koch
3ae90ff28c gpg: Change --show-session-key to print the session key earlier.
* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 101a54add351ff62793cbfbf3877787c4791f833)

Resolved Conflicts:
	doc/DETAILS    - removed
	g10/cpr.c      - replace estream fucntion by stdio.
	g10/mainproc.c - Adjust for changed calling convention.
2013-12-11 10:33:25 +01:00
Werner Koch
fd5f452496 gpg: Change armor Version header to emit only the major version.
* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e951782e937ce290be0d89d83e84b3daea997587)

Resolved conflicts:
	NEWS
	g10/armor.c
	g10/gpg.c
2013-11-27 09:32:43 +01:00
Werner Koch
1a0eeaacd1 gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-11 09:25:58 +02:00
Werner Koch
6286d01ba3 gpg: Fix --version output and explicitly disable ECC.
* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E.  Return an error for ECC algos.
(openpgp_pk_test_algo2):  Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--

Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks.  This patches fixes that and
also make sure that gpg does advertise any ECC features.  The patch in
build_list is not really needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-11 09:18:01 +02:00
Werner Koch
0bf54e60d3 gpg: Print a "not found" message for an unknown key in --key-edit.
* g10/keyedit.c (keyedit_menu): Print message.
--

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 18:34:56 +02:00
Werner Koch
1f842011f6 gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.
* g10/misc.c (print_pubkey_algo_note): Map the algo.
(openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
(pubkey_get_nenc): Return 0 for ECC algorithms.
--

Libgcrypt 1.6 features algorithm 18 (generic ECC).  Because of the
missing mapping and no real support for the OpenPGP ECC format, this
led to parsing errors of ECC packets.  We better better explicitly
tell gpg that we ECC is not supported.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 18:01:40 +02:00
Werner Koch
e7abed3448 gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 13:44:39 +02:00
Daniel Kahn Gillmor
dd868acb0d gpg: Allow setting of all zero key flags
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
2013-10-04 08:54:25 +02:00
Werner Koch
0a805ed160 gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.
(cherry picked from commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf)
2013-10-04 08:53:49 +02:00
Daniel Kahn Gillmor
89f6706ada Remove trailing white space from some files.
--
2013-10-04 08:53:27 +02:00
Werner Koch
35e40e2d51 gpg: Limit the nesting level of I/O filters.
* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.

* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY.  Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--

This is a more general fix for the nested compression packet bug.  In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream.  This patch also reduces the
number of error messages for the non-import case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 08:20:49 +02:00
Werner Koch
cd1b696b28 gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-02 09:17:38 +02:00
Werner Koch
0f18295ac8 gpg: Use 2048 as the default keysize in batch mode.
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:19:47 +02:00
Werner Koch
3966eb2445 gpgv: Init Libgcrypt to avoid syslog warning.
* g10/gpgv.c (main): Check libgcrypt version and disable secure
memory.
--

GnuPG-bug-id: 1376
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-19 11:22:11 +02:00
Werner Koch
f3c5cc8bcd gpg: Remove legacy keyserver examples from the template conf file.
* g10/options.skel: Update.
2013-08-06 10:04:12 +02:00
Werner Koch
7c028efc18 gpg: No need to create a trustdb when encrypting with --always-trust.
* g10/gpg.c (main): Special case setup_trustdb for --encrypt.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 498b9a95dc65c43240835d64cc92d8fb43014d53)
2013-08-02 09:26:32 +02:00
Ian Abbott
049b3d9ca0 w32: Add icons and version information.
* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-07 21:17:04 +02:00
Jedi
42c44e9ccd Fix a typo and a wrong code indentation.
--

Reported-by: NIIBE Yutaka <gniibe@fsij.org>
2013-04-25 09:33:33 +02:00
Werner Koch
40ca0022a7 w32: Almost everywhere include winsock2.h before windows.h.
--

This is required by newer mingw toolchain versions which demand that
winsock2.h is included before windows.h.  Now, due to the use of
socket definitions in pth.h we need to include winsock2.h also in
pth.h, now pth.h is often included after an include of windows.h and
thus the compiler spits out a warning.  To avoid that we include
winsock2.h at all places the compiler complains about.
2013-04-23 18:06:46 +02:00
Werner Koch
3402a84720 Fix potential heap corruption in "gpg -v --version".
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>

(cherry picked from commit e33e74e3a4b2b4a0341f933410ddd5db7a12515e)

Note that this version uses utf8_charcount to get the indentation
mostly right.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-22 20:25:35 +02:00
Werner Koch
7db5c81e3a Comment fixes.
--

Reported-by: Daniel Kahn Gillmor
2013-04-22 19:59:34 +02:00
Christian Aistleitner
3cfe527fa5 gpg: Fix honoring --cert-digest-algo when recreating a cert
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data and for hash computation.
2013-01-11 13:51:18 +01:00
Werner Koch
f395a3e7ef gpg: Detect Keybox files and print a diagnostic.
* g10/keydb.c (KEYDB_RESOURCE_TYPE_KEYBOX): New.
(keydb_add_resource): Handle scheme "gnupg-kbx:".  Detect Keybox
magic.  Print wanrning note for Keybox.
(keydb_new, keydb_release, keydb_get_resource_name)
(lock_all, unlock_all, keydb_get_keyblock)
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_locate_writable, keydb_rebuild_caches, keydb_search_reset)
(keydb_search2): Ignore Keybox type in switches.
* g10/gpg.h (G10ERR_UNSUPPORTED): Map to correct gpg-error value.
--

GnuPG 2.1 will support Keybox files in GPG and thus users might see
weird error messages if they accidentally use a keybox file with 2.0.
Better print a note here.
2013-01-03 20:21:20 +01:00
Werner Koch
c291ebaf6f Remove trailing white space from some files.
--
2013-01-03 20:11:54 +01:00
Werner Koch
498882296f gpg: Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--

A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring.  This change skips all
packets which are not allowed in a keyblock.

GnuPG-bug-id: 1455

(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
2012-12-20 11:52:04 +01:00
Werner Koch
d23ec86095 gpg: Make commit 258192d4 actually work
* g10/sign.c (update_keysig_packet): Use digest_algo.
2012-12-19 11:47:23 +01:00
Werner Koch
75404e2dad gpg: Suppress "public key already present" in quiet mode.
* g10/pkclist.c (build_pk_list): Print two diagnostics only in
non-quiet mode.
--

(back-ported from commit 8325d616593187ff227853de0295e3269b96edcb)
2012-12-19 11:29:37 +01:00
Werner Koch
febb8ace98 Remove trailing white space from a file
--
2012-12-19 11:27:11 +01:00
David Shaw
3d0c386011 The keyserver search menu should honor --keyid-format
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
  full fingerprints from the keyserver (the comment in the code was
  correct, the code was not).
2012-11-29 13:06:39 -05:00
Werner Koch
978878b1be Fix printing of ECC algo names in hkp keyserver listings.
* g10/misc.c (map_pk_openpgp_to_gcry): New.
* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
--

Although we don't have support for ECC, we want to print a proper
algorithm name in keyserver listings.  This will only work while using
a ECC enabled Libgcrypt.  Problem reported by Kristian Fiskerstrand.
2012-11-27 17:35:16 +01:00
Werner Koch
ab4ea45f54 Allow decryption with card keys > 3072 bit
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.

--

Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
2012-11-06 14:39:22 +01:00
David Prévot
1c2f80cf1b Fix typos spotted during translations
agent/genkey.c: s/to to/to/
sm/*.c: s/failed to allocated/failed to allocate/
sm/certlist.c: s/should have not/should not have/

Consistency fix:

* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
2012-08-24 10:34:43 +02:00
David Prévot
bc95b35289 Actually show translators comments in PO files 2012-08-24 10:33:28 +02:00
Werner Koch
b8d7b33d69 Add provisions to build with Libgcrypt 1.6.
Replace gcry_md_start_debug by gcry_md_debug in all files.

* agent/gpg-agent.c (fixed_gcry_pth_init): Use only if
GCRY_THREAD_OPTION_VERSION is 0
* scd/scdaemon.c (fixed_gcry_pth_init): Ditto.
--

Libgcrypt 1.6 will have some minor API changes.  In particular some
deprecated macros and functions will be removed.  PTH will also be
dropped in favor of a thread model neutral locking method.
2012-05-24 10:55:11 +02:00
Werner Koch
a4b22d8edf Print the hash algorithm in colon mode key listing.
* g10/keylist.c (list_keyblock_colon): Print digest_algo.
2012-05-24 10:50:14 +02:00
Werner Koch
88633bf3d4 Allow compressed data with algorithm 0.
* g10/mainproc.c (proc_compressed): Remove superfluous check for
an algorithm number of 0.  This is bug#1326.
2012-03-26 15:14:55 +02:00
David Shaw
258192d4d4 Honor --cert-digest-algo when recreating a cert.
* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
  recreating a cert.

This is used by various things in --edit-key like setpref, primary,
etc.  Suggested by Christian Aistleitner.
2012-01-31 21:41:03 -05:00