1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

202 Commits

Author SHA1 Message Date
NIIBE Yutaka
f3b00d88ef g10: detects public key encryption packet error properly.
g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
encryption.

--

(backported from 2.1 commit c771963140cad7c1c25349bcde27e427effc0058)
2015-05-19 10:47:42 +09:00
Werner Koch
52c6c30647
Switch to a hash and CERT record based PKA system.
* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen.  Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--

Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.

The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time.  Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified.  Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key.  Having a solid way of getting a key matching
a mail address is however a must have.

More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase.  The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from master.
(backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b)
2015-02-26 18:30:08 +01:00
Werner Koch
69767ccf42 gpg: Fix a NULL-deref for invalid input data.
* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)
2014-11-24 19:32:47 +01:00
Werner Koch
fbb50867f8 gpg: Make the use of "--verify FILE" for detached sigs harder.
* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 69384568f66a48eff3968bb1714aa13925580e9f)

Updated doc/gpg.texi.
2014-11-14 19:41:24 +01:00
Werner Koch
45e3b81114 gpg: Allow compressed data with algorithm 0.
* g10/mainproc.c (proc_compressed): Remove superfluous check for
an algorithm number of 0.
--

(backport from commit 88633bf3d417aeb5ea0f75508aba8e32adc8acef)

GnuPG-bug-id: 1326, 1684
2014-08-20 12:05:16 +02:00
Werner Koch
fa3f555d75 Change --show-session-key to print the session key earlier.
* g10/mainproc.c (proc_encrypted): Move show_session_key code to ...
* g10/decrypt-data.c (decrypt_data): here.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

This is the same feature as
commit 101a54add351ff62793cbfbf3877787c4791f833 for 2.1 and
commit 3ae90ff28c500967cb90b1176299d2ca01ef450f for 2.0.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-12-11 10:50:55 +01:00
Werner Koch
d90a1d2340 gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-02 09:29:47 +02:00
Werner Koch
b1eac93431 Support the not anymore patented IDEA cipher algorithm.
* cipher/idea.c: New.  Take from Libgcrypt master and adjust for
direct use in GnuPG.
* cipher/idea-stub.c: Remove.
* cipher/Makefile.am: Add idea.c and remove idea-stub.c rules.
* configure.ac: Remove idea-stub code.
* g10/gpg.c (check_permissions): Remove code path for ITEM==2.
(main): Make --load-extension a dummy option.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
* g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA.
* g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA.
* g10/status.h (STATUS_RSA_OR_IDEA): Remove.

--

To keep the number of actually used algorithms low, we support IDEA
only in a basically read-only way (unless --pgp2 is used during key
generation).  It does not make sense to suggest the use of this old 64
bit blocksize algorithm.  However, there is old data available where
it might be helpful to have IDEA available.
2012-11-08 13:25:02 +01:00
Werner Koch
04b0b050ff Add pubkey letters e and E for ECC.
This does not mean we have any kind of ECC support now.  It is merely
to avoid printing a question mark for the algorithm.

Trailing white space changes as usual.
2011-07-01 10:21:08 +02:00
Werner Koch
690dc98c6f Minor fixes 2010-08-31 08:42:38 +00:00
David Shaw
0042cda87c * main.h, mainproc.c (check_sig_and_print), keylist.c
(list_keyblock_print), pkclist.c (do_edit_ownertrust), keyedit.c
 (menu_showphoto), photoid.c (generate_photo_id, show_photos), misc.c
 (pct_expando): Add %v and %V expandos so that displaying photo IDs
 can show the attribute validity tag (%v) and string (%V).  Originally
 by Daniel Gillmor.
2008-10-03 19:54:30 +00:00
Werner Koch
81685cc799 Updated ZH po file.
Allow de/encryption using legacy type 20 keys.
Updated config.{sub,guess}
2007-12-12 18:26:25 +00:00
Werner Koch
7d67e4a497 Allow decryption using type 20 Elgamal keys. 2007-12-11 13:21:30 +00:00
Werner Koch
9a2a818887 Switched to GPLv3.
Updated gettext.
2007-10-23 10:48:09 +00:00
David Shaw
2e81dd1b98 * packet.h, mainproc.c (reset_literals_seen): New function to reset
the literals count.

* verify.c (verify_one_file), decrypt.c (decrypt_messages): Call it
here so we allow multiple literals in --multifile mode (in different
files - not concatenated together).
2007-04-17 04:00:38 +00:00
Werner Koch
7cb81bb3ef Preparing 1.4.7 2007-03-05 10:22:56 +00:00
Werner Koch
4fdc6387c3 Fixed segv 2006-04-08 01:23:23 +00:00
David Shaw
5531da1cfc * mainproc.c (get_pka_address): Fix bug introduced as part of
sig_to_notation conversion.  Noted by Peter Palfradrer.
2006-03-22 14:37:53 +00:00
Werner Koch
cf10c31a3f Preparing for an RC23 2006-03-09 12:45:02 +00:00
David Shaw
5460153264 * mainproc.c (get_pka_address), keylist.c (show_notation): Remove
duplicate code by using notation functions.
2006-03-09 03:35:26 +00:00
David Shaw
90d8377276 * options.h, mainproc.c (check_sig_and_print), gpg.c (main):
pka-lookups, not pka-lookup.

* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
2006-03-08 02:40:42 +00:00
David Shaw
4f9efb7a79 * options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
2006-03-07 20:14:20 +00:00
Werner Koch
4aeb4d4b10 More tests added; make distcheck works 2006-03-07 11:05:41 +00:00
David Shaw
5d2060e211 * mainproc.c (proc_compressed): "Uncompressed" is not a valid compression
algorithm.
2006-03-06 23:14:13 +00:00
Werner Koch
3e08d87168 Stricter test of allowed signature packet compositions.
There is still one problem to solve.
2006-03-06 21:28:25 +00:00
Werner Koch
a200f76dcf Fixed problem with PGP2 style signatures and mutilple plaintext data 2006-03-06 12:28:46 +00:00
Werner Koch
09203be1c6 Replaced an assert and fixed batch mode issue in cardglue. 2006-03-05 15:13:18 +00:00
David Shaw
477defdb1b * options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
2006-02-22 20:20:58 +00:00
Werner Koch
966cd80d88 Fixed a wrong return code with gpg --verify 2006-02-14 10:17:57 +00:00
David Shaw
1315171b07 * mainproc.c (check_sig_and_print), keyserver.c
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.
2006-01-01 18:12:57 +00:00
Werner Koch
f1482aab4e Finished PKA feature 2005-12-20 20:19:16 +00:00
Werner Koch
0edfbba804 Made strings translatable. Minor fixes. 2005-12-08 07:42:41 +00:00
Werner Koch
d0b9ff171d * mainproc.c (proc_symkey_enc): Take care of a canceled passphrase
prompt.
2005-09-20 08:19:50 +00:00
Werner Koch
2ce542ad52 auto retrieve keys from PKA. Thsi allows to specify an email address
so that gpg can get the key from DNS.  This helps with opportunistic
encryption.  No integration with the trust modell yet.
2005-08-05 14:46:59 +00:00
Werner Koch
986a137c58 Implemented PKA trust model 2005-07-28 18:59:36 +00:00
Werner Koch
a1cdf3c75f Converted all m_free to xfree etc. 2005-07-27 18:10:56 +00:00
Werner Koch
7d4043ca57 Updated FSF street address and preparations for a release candidate. 2005-05-31 08:39:18 +00:00
David Shaw
edc0862448 * mainproc.c (symkey_decrypt_seskey): There is no need to have an
extra check for a bad passphrase and/or unknown cipher algorithm here.
We'll fail quite happily later, and usually with a better error
message to boot.
2005-04-22 03:21:14 +00:00
David Shaw
727cda9758 * mainproc.c (proc_plaintext): Properly handle SIG+LITERAL (old-style PGP)
signatures that use hashes other than SHA-1, RIPEMD160, or MD5.
2005-04-01 16:22:34 +00:00
David Shaw
a3ea962679 Disable the "quick check" bytes for PK decryptions. This is in
regards to the Mister and Zuccherato attack on OpenPGP CFB mode.
2005-02-10 04:06:30 +00:00
Werner Koch
334e3e96d2 Updated to match the switch to the NSIS installer. 2005-02-03 09:32:53 +00:00
David Shaw
65077adf83 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Rename
verify-option show-validity to show-uid-validity to match the similar
list-option.

* app-openpgp.c (verify_chv3): Fix typo.
2004-10-21 19:18:47 +00:00
David Shaw
bf079613b7 * pkclist.c (do_edit_ownertrust): Use the same translated string for
showing the user ID as mainproc.c:print_pkenc_list.

* mainproc.c (print_pkenc_list): Allow translating the quotes around the
user ID.

* card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" -> `%s'
quoting for things that aren't user IDs.

* keyserver.c (keyserver_spawn): If there is no keyserver host, print the
whole URI since it is self-contained.
2004-10-11 21:08:37 +00:00
David Shaw
4737923d56 * pkclist.c (build_pk_list): Keystrify.
* mainproc.c (check_sig_and_print), pkclist.c (do_edit_ownertrust):
Improve translatability of user ID prompts.
2004-10-07 21:14:31 +00:00
David Shaw
8da1dfeed0 * keyedit.c, keylist.c, keyserver.c, mainproc.c: The
revoked/expired/expires string change of 2004-09-29 was too simple.  Use
two styles for each tag.
2004-10-06 19:51:45 +00:00
David Shaw
742682bf95 * keyedit.c, keylist.c, keyserver.c, mainproc.c: Reduce the many
variations of "revoked" ("revoked", "[revoked]", " [revoked]", "[revoked]
") "and" expired down to two to simplify translation.
2004-09-29 17:41:58 +00:00
David Shaw
d937ace2f8 * mainproc.c (check_sig_and_print), keyedit.c (show_prefs,
menu_set_keyserver_url): Make sure that keyserver URLs with control
characters inside are printed properly.  In fact, handle them as UTF8.
2004-09-22 03:16:41 +00:00
David Shaw
673894ef48 * keyedit.c (sign_uids): Properly handle remaking a self-sig on revoked or
expired user IDs.  Also, once we've established that a given uid cannot or
will not be signed, don't continue to ask about each sig.

* mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K
hash algorithm before we try to generate a passphrase using it.  This
prevents hitting BUG() when generating a passphrase using a hash that we
don't have.

* sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign
--symmetric messages.
2004-07-15 21:16:54 +00:00
Werner Koch
3624da002f some late minor fixes. 2004-05-22 11:33:47 +00:00
David Shaw
bc3f1a148f * mainproc.c (check_sig_and_print): If we're honoring preferred
keyservers, and auto-key-retrieve is set, try and get a missing key from
the preferred keyserver subpacket when we verify the sig.

* gpgv.c (parse_preferred_keyserver, free_keyserver_spec): Stubs.

* keyserver.c (keyidlist): Use new parse_preferred_keyserver function.
(keyserver_work): Use the passed-in keyserver spec rather than the options
global one.

* keyserver-internal.h, keyserver.c (parse_preferred_keyserver): New
function to take a sig and return a split out keyserver_spec.
(keyserver_import_keyid): Now takes a keyserver_spec.
2004-05-22 03:50:20 +00:00