1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

2815 Commits

Author SHA1 Message Date
Werner Koch
aababe237d
indent: Fix indentation of an if block.
--
2017-07-19 10:12:00 +02:00
NIIBE Yutaka
6b4abf1d49 gpg: Fix memory leak.
* g10/textfilter.c (copy_clearsig_text): Free the buffer.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backport from master commit:
6b9a89e4c7d6f19de62e0a908a8d80c98bf99819)
2017-07-07 21:53:12 +09:00
NIIBE Yutaka
1b1f44846b rsa: Reduce secmem pressure.
* cipher/rsa.c (secret): Don't keep secmem.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-07 21:51:42 +09:00
NIIBE Yutaka
994d5b7075 rsa: Allow different build directory.
* cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs.
* cipher/rsa.c: Change include file.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-07 21:20:56 +09:00
Marcus Brinkmann
8fd9f72e1b rsa: Add exponent blinding.
* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
nonce R for mpi_powm computation.

--

Backport of libgcrypt 8725c99ffa41778f382ca97233183bcd687bb0ce.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
2017-07-07 21:03:10 +09:00
NIIBE Yutaka
554ded4854 mpi: Minor fix for mpi_pow.
* mpi/mpi-pow.c (mpi_powm): Fix allocation size.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-07 15:12:00 +09:00
NIIBE Yutaka
12029f83fd mpi: Same computation for square and multiply for mpi_pow.
* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
the assignment to base_u into the loop.  Copy content refered by RP to
BASE_U except the last of the loop.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backport commit of libgcrypt master:
78130828e9a140a9de4dafadbc844dbb64cb709a)
2017-07-07 14:38:19 +09:00
NIIBE Yutaka
b38f4489f7 mpi: Simplify mpi_powm.
* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.

--

(backport of libgcrypt master commit:
 719468e53133d3bdf12156c5bfdea2bf15f9f6f1)

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-07 14:26:39 +09:00
Marcus Brinkmann
782f804765 mpi: Fix ARM assembler in longlong.h.
* mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
[__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC.

--
This is a backport of libgcrypt 8aa4f2161 and 3b1cc9e6c.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3182
2017-07-04 23:19:51 +02:00
Marcus Brinkmann
7b045f539e doc: Fix typo.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3243
2017-07-03 11:02:42 +02:00
Ineiev
2c2121ff3c g10: Fix secmem leak.
* g10/keygen.c (proc_parameter_file): Fix secmem leak.

--

proc_parameter_file adds certain parameters to the list in the PARA
argument; however, these new entries are leaked because they
are added to head, while the PARA list is released by the caller
of proc_parameter_file.

GnuPG-bug-id: 1371
Signed-off-by: Ineiev <ineiev@gnu.org>
2017-05-10 14:09:54 +09:00
Werner Koch
bb61191aad
gpg: Fix exporting of zero length user ID packets.
* g10/build-packet.c (do_user_id): Avoid indeterminate length header.
--

We are able to import such user ids but when exporting them the
exported data could not be imported again because the parser bails out
on invalid keyrings.  This is now fixed and should be backported.

Note that in 1.4 and 2.0 this is only an issue for attribute packets.
In 2.1 user IDs were also affected.a

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 10:54:10 +02:00
Daniel Kahn Gillmor
23944d0249 spelling: Correct achived to achieved.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-02 13:20:24 +01:00
Neal H. Walfield
f2acaa5d78 tools: Fix option parsing for gpg-zip.
* tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
Correctly set TAR when --tar is specified.  Pass TAR_ARGS to tar.

(cherry-picked by dkg from master branch's
84ebf15b06e435453b2f58775f97a3a1c61a7e55)

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Michael Mönch <michael.moench@marktjagd.de>
GnuPG-bug-id 1351
GnuPG-bug-id 1442
2016-11-02 13:16:52 +01:00
Åka Sikrom
82bc22aa13
po: Update Norwegian translation
--

Minor change: Re-insert the old copyright year 2004. - wk
2016-08-18 16:48:54 +02:00
Werner Koch
06db04ba66
Post release updates
--
2016-08-17 15:29:13 +02:00
Werner Koch
47531220e5
Release 1.4.21 gnupg-1.4.21 2016-08-17 15:08:55 +02:00
Werner Koch
5e1843fc47
gpg: Add dummy option --with-subkey-fingerprint.
* g10/gpg.c (opts): Add dummy option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-17 14:50:35 +02:00
Werner Koch
03376ed88a
po: Auto update
--
2016-08-17 14:41:16 +02:00
Werner Koch
56792b1191
build: Create a swdb file during "make distcheck".
* Makefile.am (distcheck-hook): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-17 14:39:26 +02:00
Werner Koch
96fe65bc46
build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
--
2016-08-17 14:36:25 +02:00
Ineiev
851a9de23a
po: Update Russian translation 2016-08-17 14:31:12 +02:00
Werner Koch
c6dbfe8990
random: Hash continuous areas in the csprng pool.
* cipher/random.c (mix_pool): Store the first hash at the end of the
pool.
--

This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG.
An attacker who obtains 580 bytes of the random number from the
standard RNG can trivially predict the next 20 bytes of output.

This bug does not affect the default generation of
keys because running gpg for key creation creates at most 2 keys from
the pool: For a single 4096 bit RSA key 512 byte of random are
required and thus for the second key (encryption subkey), 20 bytes
could be predicted from the the first key.  However, the security of
an OpenPGP key depends on the primary key (which was generated first)
and thus the 20 predictable bytes should not be a problem.  For the
default key length of 2048 bit nothing will be predictable.

For the former default of DSA+Elgamal key it is complicate to give an
answer: For 2048 bit keys a pool of 30 non-secret candidate primes of
about 300 bits each are first created.  This reads at least 1140 bytes
from the pool and thus parts could be predicted.  At some point a 256
bit secret is read from the pool; which in the worst case might be
partly predictable.

The bug was found and reported by Felix Dörre and Vladimir Klebanov,
Karlsruhe Institute of Technology.  A paper describing the problem in
detail will shortly be published.

CVE-id: CVE-2016-6313
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-17 11:15:50 +02:00
Werner Koch
e23eec8c9a
cipher: Improve readability by using a macro.
* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-17 11:03:07 +02:00
Daniel Kahn Gillmor
61539efc2b gpg: Avoid publishing the GnuPG version by default
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

--

The version of GnuPG in use is not particularly helpful.  It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.

Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.

It's probably better to take the more parsimonious approach to
metadata production by default.

(backport of master commit c9387e41db7520d176edd3d6613b85875bdeb32c)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-09 12:33:44 +02:00
Daniel Kahn Gillmor
15d1327234 Clean up "allow to"
* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
  "allow to" with clearer text

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-04 12:37:41 +02:00
Daniel Kahn Gillmor
1820889e3c Fix spelling: "occured" should be "occurred"
* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
  util/regcomp.c, util/regex_internal.c: correct the spelling of
  "occured" to "occurred"

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-04 12:37:34 +02:00
NIIBE Yutaka
f474b161f6 g10: Fix checking key for signature validation.
* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.

--

(backport of master
commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-04 17:14:26 +09:00
Justus Winter
0f6bda4ccd Partially revert "g10: Fix another race condition for trustdb access."
This amends db246f8b which accidentally included the compiled
translation files.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-08-03 17:18:43 +02:00
NIIBE Yutaka
cf01cf8b88 gpgv: Tweak default options for extra security.
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status.  Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.

--

(backport of master
commit e32c575e0f3704e7563048eea6d26844bdfc494b)

It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings.  In such a use case, it is possible that
the key validation itself is skipped.

For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-09 10:41:08 +09:00
NIIBE Yutaka
ca1fc59626 g10: Fix keysize with --expert.
* g10/keygen.c (ask_keysize): It's 768 only for DSA.

--

GnuPG-bug-id: 2238
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-06 11:45:05 +09:00
NIIBE Yutaka
39e32d375e g10: Fix --list-packets.
* g10/gpg.c (main): Call set_packet_list_mode after assignment of
opt.list_packets.
* g10/mainproc.c (do_proc_packets): Don't stop processing with
--list-packets as the comment says.
* g10/options.h (list_packets): Fix the comment.
* g10/parse-packet.c: Fix the condition for opt.list_packets.

--

(backport from 2.0 commit 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b
which is backport of master
commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a)

Debian-bug-id: 828109
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-28 16:10:14 +09:00
Niibe Yutaka
db246f8b18 g10: Fix another race condition for trustdb access.
* g10/tdbio.c (create_version_record): Call create_hashtable to always
make hashtable, together with the version record.
(get_trusthashrec): Remove call to create_hashtable.

--

GnuPG-bug-id: 1675
Thanks to Scott Moser to reproducible script and patience.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(backport from master
 commit 35a3ce2acf78a95fecbccfd8db0560cca24232df)
2016-06-15 09:01:00 +09:00
Werner Koch
536c721183
doc: Remove non-implemented option --skip-hidden-recipients.
--

GnuPG-bug-id: 1394

Note that --try-secret-key was already removed with commit
2889a70c102271a1b6ff529bafb6748c4e773014

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 18:03:43 +02:00
Werner Koch
bedcef6352
doc: Explain that gpg-preset-passphrase can't be used.
--
2016-04-22 10:00:30 +02:00
Justus Winter
6a9e8e9161 po: Fix misleading german translation.
--
GnuPG-bug-id: 2239
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-04 18:06:32 +02:00
NIIBE Yutaka
d957e4388f g10: Make sure to have the directory for trustdb.
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
the directory and create it if none before calling take_write_lock.

--

Thanks to Marc Deslauriers for the bug report and his patch.

GnuPG-bug-id: 2246

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backport from master
 commit 2f3e42047d17313eeb38d354048f343158402a8d)
2016-02-12 10:18:29 +09:00
Werner Koch
22caa5c2d4
Fix possible sign extension problem with newer compilers.
* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
* cipher/blowfish.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
* cipher/camellia.c (CAMELLIA_RR8): Ditto.
* cipher/cast5.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
(do_cast_setkey): Ditto.
* cipher/twofish.c (INPACK): Ditto.
* util/iobuf.c (block_filter): Ditto.
--

For cipher/des.c
Reported-by: Balint Reczey <balint@balintreczey.hu>

See commit 57af33d9e7c9b20b413b96882e670e75a67a5e65 for details.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-01 18:15:28 +01:00
NIIBE Yutaka
aa4a3aa3e7 g10: Fix iobuf API of filter function for alignment.
* include/iobuf.h (struct iobuf_struct): Remove DESC.
* util/iobuf.c (iobuf_desc): New.
(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
(file_filter, sock_filter, block_filter): Fill the description.
* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
g10/progress.c, g10/textfilter.c: Likewise.

--

Newer GCC warns against possible alignment difference of pointers.
This change can silence those warnings.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backported from 2.1 commit 3f52c7da3940ec06572270d511000dc7fe9c27d2)
2016-01-26 15:38:27 +09:00
Werner Koch
a38dffde7b
Fix possible AIX problem with sysconf in rndunix.
* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
(start_gatherer): Detect misbehaving sysconf.
--

See
GnuPG-bug-id: 1778
for the reason of this patch. There is no concrete bug report but this
chnage should not harm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-15 15:52:11 +01:00
NIIBE Yutaka
e26706700f Fix to support git worktree.
* Makefile.am: Use -e for testing .git.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

(backport commit of 96237b9a63a50aed1884cb06f84279b977d6a8fa)
2016-01-13 17:44:46 +09:00
NIIBE Yutaka
d908e7d238 po: Update Japanese translation. 2015-12-21 21:27:53 +09:00
Werner Koch
20be8ab9fb
Post release updates.
--
2015-12-20 09:01:18 +01:00
Werner Koch
19549aec29
Release 1.4.20 gnupg-1.4.20 2015-12-19 16:56:33 +01:00
Werner Koch
56daf9b6e5
w32: Avoid warning when using newer mingw versions.
* g10/tdbio.c (ftruncate): Do not define if already defined.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-19 16:56:31 +01:00
Werner Koch
2ef92bb3f8
po: Auto-update
--
2015-12-19 16:56:24 +01:00
Werner Koch
84fe2e553d
po: Update German translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-19 16:55:57 +01:00
Ineiev
2561aaec96
po: Update Russian translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-19 15:32:58 +01:00
Daniel Kahn Gillmor
924518b10d
gpg: Add option --weak-digest to gpg and gpgv.
* g10/options.h: Add weak_digests linked list to opts.
* g10/main.h: Declare weakhash linked list struct and
additional_weak_digest() function to insert newly-declared weak
digests into opts.
* g10/misc.c: (additional_weak_digest): New function.
(print_digest_algo_note): Check for deprecated digests.
* g10/sig-check.c: (do_check): Reject all weak digests.
* g10/gpg.c: Add --weak-digest option to gpg.
* doc/gpg.texi: Document gpg --weak-digest option.
* g10/gpgv.c: Add --weak-digest option to gpgv.
* doc/gpgv.texi: Document gpgv --weak-digest option.

--
gpg and gpgv treat signatures made over MD5 as unreliable, unless the
user supplies --allow-weak-digests to gpg.  Signatures over any other
digest are considered acceptable.

Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC
4880, the collision-resistance of SHA-1 is weaker than anyone would
like it to be.

Some operators of high-value targets that depend on OpenPGP signatures
may wish to require their signers to use a stronger digest algorithm
than SHA1, even if the OpenPGP ecosystem at large cannot deprecate
SHA1 entirely today.

This changeset adds a new "--weak-digest DIGEST" option for both gpg
and gpgv, which makes it straightforward for anyone to treat any
signature or certification made over the specified digest as
unreliable.

This option can be supplied multiple times if the operator wishes to
deprecate multiple digest algorithms, and will be ignored completely
if the operator supplies --allow-weak-digests (as before).

MD5 is always considered weak, regardless of any further
--weak-digest options supplied.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

(this is a rough cherry-pick of applying the following commits to
 STABLE-BRANCH-1-4:
  76afaed65e3b0ddfa4923cb577ada43217dd4b18
  b98939812abf6c643c752ce7c325f98039a1a9e2
  91015d021b3dcbe21ad0e580a4f34c523abf9e72
)
2015-12-19 15:14:27 +01:00
Werner Koch
43e5d28c6d
gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
--
(cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c)

Resolved conflicts:
	g10/gpg.c - adjust.
	tests/openpgp/defs.inc - no changes
2015-12-19 15:11:56 +01:00