1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9717 Commits

Author SHA1 Message Date
Jussi Kivilinna
ab177eed51 g10/mainproc: avoid extra hash contexts when decrypting MDC input
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--

Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:

 AES256.CFB encryption: 783 MB/s
 AES256.CFB decryption: 386 MB/s (before)
 AES256.CFB encryption: 1.3 GB/s (after patch)

Note, AEAD is still significantly faster:

 AES256.OCB encryption: 2.2 GB/s
 AES256.OCB decryption: 3.0 GB/s

GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-08 19:21:18 +02:00
Werner Koch
e23dc755fa
sm: New option --ignore-cert-with-oid.
* sm/gpgsm.c (oIgnoreCertWithOID): New.
(opts): Add option.
(main): Store its value.
* sm/call-agent.c (learn_cb): Test against that list.
2022-02-03 14:17:10 +01:00
NIIBE Yutaka
b2cedc108d gpg: Fix for -Wformat when using uint64_t.
* g10/cipher-aead.c (do_flush): Use PRIu64.
* g10/decrypt-data.c (aead_underflow): Likewise.

--

Even among LP64 data model machines, uint64_t type may differ;
unsigned long or unsigned long long.
Only portable way is use of PRIu64.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-02 11:09:48 +09:00
Werner Koch
57d546674d
dirmngr: Avoid initial delay on the first keyserver access.
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.

* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
--

This delay of 2 or 3 seconds is in particular annoying on Windows.
This is now suppressed, as it should be, if --no-use-tor is used.

The second patch is unrelated
2022-02-01 16:03:06 +01:00
Werner Koch
623a427b0c
sm: Partly revert last commit.
* sm/gpgsm.c (set_debug): Remove doubled code.
--

It was already there; sorry.

Fixes-commit: 51edea995d352a7b557fb0315fa5091dc42065cb
2022-02-01 15:20:29 +01:00
Werner Koch
51edea995d
gpg,sm: Set --verbose and clear --quiet in debug mode.
* g10/gpg.c (set_debug): Tweak options.
* sm/gpgsm.c (set_debug): Ditto.
2022-02-01 15:13:13 +01:00
Werner Koch
934a60de6b
ssh: Fix adding an ed25519 key with a zero length comment.
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--

Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.

The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.

GnuPG-bug-id: 5794
2022-01-28 19:59:11 +01:00
Werner Koch
34ea19aff9
gpg: Allow --dearmor to decode all kinds of armor files.
* g10/filter.h (armor_filter_context_t): New fields dearmor_mode and
dearmor_state.
* g10/dearmor.c (dearmor_file): Set dearmor_mode.
* g10/armor.c (is_armor_header): Magic to switch to generic dearmor
mode.
(parse_header_line): Treat non OpenPGP armor in a special way.
(check_input): Ditto.
(radix64_read): Detect non OpenPGP armor END lines.
2022-01-28 12:09:34 +01:00
Werner Koch
f2d1187fcd
gpgsm: Retire the new --ldapserver.
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and mark it as obsolete.
--

We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.

GnuPG-bug-id: 5801
2022-01-27 15:23:42 +01:00
Werner Koch
ed798a97f5
gpgconf: Teach --show-config the legacy gpgconf.conf.
* tools/gpgconf.c (show_configs): Print gpgconf.conf and a warning.
2022-01-27 14:43:45 +01:00
Werner Koch
977b61ddab
gpgconf: Return again "keyserver" for gpgsm.
* tools/gpgconf-comp.c (known_options_gpgsm): Change "ldapserver" back
to "keyserver".
2022-01-27 14:40:53 +01:00
Werner Koch
8fb23094c2
gpgconf: Fix --list-options for forced options
* tools/gpgconf-comp.c (retrieve_options_from_program): Ignore to to
ignored options.  Add failsafe code to avoid calling percent_escape
with NULL.
--

Remember: When using ARGPARSE_FLAG_WITHATTR the ARGPARSE_OPT_IGNORE
flags in the returned type needs to be considered.

GnuPG-bug-id: 5800
2022-01-26 12:47:56 +01:00
Werner Koch
0b4fdbd5f4
gpgconf: Return --ldapserver and --keyserver from dirmngr.
* dirmngr/dirmngr.c: Reorder two option groups.
* tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to
"ldapserver" and set level to invisible.
(known_options_dirmngr): Add "ldapserver" at the basic level.
* sm/gpgsm.c (opts): No more help text for "ldapserver".
--

GnuPG-bug-id: 5800
2022-01-25 20:24:25 +01:00
Werner Koch
1cf0c407bf
doc: Add comments on the legacy status of gpgconf.conf.
--
2022-01-25 10:10:53 +01:00
Werner Koch
b7e1afe9a4
doc: Minor typo fixes
--
2022-01-24 22:22:34 +01:00
James Bottomley via Gnupg-devel
af2fbd9b01
agent: always use hexgrip when storing key password
--
The current code uses the binary ctrl->keygrip, but all the passphrase
storage engines expect this to be a string, so convert the binary
keygrip to a hex one before passing it in as the keyid.  This fixes a
crash seen in some libsecret implementations where a non-ascii keyid
isn't well handled.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2022-01-24 22:22:05 +01:00
Werner Koch
38e100acb7
gpg: Print Yubikey version correctly.
* g10/call-agent.c (learn_status_cb): Parse APPVERSION.
* g10/call-agent.h (struct agent_card_info_s): Add field appversion.
* g10/card-util.c (print_a_version): New.
(current_card_status): Print version from appversion.
--

This is a regression due to the PIV support.  Note that the newer
gpg-card worked correctly.

GnuPG-bug-id: 5787
2022-01-18 08:03:27 +01:00
Werner Koch
ec4a1cffb8
gpgconf: Add command aliases -L -K -R.
* tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts.
--

I have to type them to often ;-)
2022-01-12 20:27:14 +01:00
NIIBE Yutaka
4aeeaa65ad gpg: Fix adding the list of ultimate trusted keys.
* g10/keygen.c (do_generate_keypair): Remove another call to
update_ownertrust.
* g10/trust.c (update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.

--

GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-12 13:34:31 +09:00
Ingo Klöcker
b66854ac93 gpg: Report failed generation of subkey pair via status interface
* g10/keygen.c (generate_subkeypair): On error, write error and
"key not created" message to status interface.
--

This change allows users of the status/command interface to detect
errors when adding a subkey to a key. Similar status messages are
output by do_generate_keypair.

GnuPG-bug-id: 5771
2022-01-11 10:12:07 +01:00
Ingo Klöcker
19b1a28621 gpg: Request keygrip of key to add via command interface
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--

This change makes it possible to add an existing (sub)key to
another key via the status/command interface.

GnuPG-bug-id: 5771
2022-01-11 10:12:07 +01:00
Werner Koch
d445e19365
dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver.
* dirmngr/server.c (make_keyserver_item): Change mapping.
--

It turned out that having the old surfnet keyserver for unencrypted
connections is problematic because that server does not sync with the
Ubuntu server.

GnuPG-bug-id: 5751
2022-01-10 09:13:43 +01:00
Werner Koch
99a8b1f138
gpgtar: List and extract using extended headers.
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--

GnuPG-bug-id: 5754
2022-01-09 18:37:56 +01:00
Werner Koch
3a1c556b2c
gpgtar: Create extended header for long file names
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr.  Detect and store long file and link
names.  Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--

GnuPG-bug-id: 5754
2022-01-09 18:37:56 +01:00
NIIBE Yutaka
f9c9938b28 scd,pcsc: Fix error handling for a reader with reader-port.
* scd/apdu.c (apdu_open_reader): Make sure dl->idx is always
incremented to handle error from open_pcsc_reader correctly.

--

Reported-by: Anže Jenšterle
GnuPG-bug-id: 5758
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-04 14:56:29 +09:00
Werner Koch
4d52ba9431
doc: Fix the title of the man pages to GnuPG 2.3
--
2022-01-03 11:59:46 +01:00
Werner Koch
e836923175
po: Fix German translation
--

Option descriptions of --help should start with an uppercase letter.
2021-12-30 10:25:50 +01:00
Werner Koch
ec311425ca
doc: Typo fixes.
--
2021-12-30 10:24:36 +01:00
Werner Koch
42785d7c8a
gpgconf: Do not list ignored options and mark forced options as r/o.
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--
2021-12-30 10:19:55 +01:00
NIIBE Yutaka
85db1b1a3b build: Remove unused old m4 files.
* m4/glibc2.m4, m4/glibc21.m4: Remove.
* m4/intl.m4, m4/intldir.m4, m4/lock.m4: Remove.
* m4/intdiv0.m4, m4/intmax.m4, m4/inttypes-pri.m4: Remove.
* m4/inttypes.m4, m4/inttypes_h.m4, m4/longdouble.m4: Remove.
* m4/printf-posix.m4, m4/signed.m4, m4/size_max.m4: Remove.
* m4/stdint_h.m4, m4/sys_socket_h.m4, m4/uintmax_t.m4: Remove.
* m4/visibility.m4, m4/wchar_t.m4, m4/wint_t.m4, m4/xsize.m4: Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-22 13:30:10 +09:00
NIIBE Yutaka
6b4441a7de build: Update for newer autoconf.
* configure.ac (AC_PREREQ): Use >= 2.69.
(AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER.
(AC_HEADER_STDC, AC_HEADER_TIME): Remove obsolete macros.
(sys/time.h): Add the check of the header.
(time_t): Don't use TIME_WITH_SYS_TIME.
* acinclude.m4 (AC_HEADER_TIME): Don't require.
Don't use TIME_WITH_SYS_TIME.
* dirmngr/dns.c: Don't use TIME_WITH_SYS_TIME.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-22 10:36:26 +09:00
NIIBE Yutaka
82b289328d po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-21 10:12:46 +09:00
NIIBE Yutaka
c3db27fa85 agent: Fix comment for .po generation.
* agent/call-pinentry.c (setup_formatted_passphrase): Move comment to
inside.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-21 10:11:04 +09:00
Werner Koch
02b59e282e
Post release updates.
--
2021-12-20 23:02:49 +01:00
Werner Koch
f74c65fd9b
Release 2.3.4 gnupg-2.3.4 2021-12-20 22:03:05 +01:00
Werner Koch
6105287252
gpg: Correctly set the ownertrust for a new key.
* g10/keygen.c (do_generate_keypair): Use update_ownertrust.
--

GnuPG-bug-id: 5742
2021-12-20 22:03:03 +01:00
Werner Koch
69195ab255
po: auto update 2021-12-20 20:53:54 +01:00
Werner Koch
2559407c95
po: Update German translation
--
2021-12-20 20:52:45 +01:00
Werner Koch
afe5fcda52
gpg: Add unfinished code for --export-secret-ssh-key.
* g10/gpg.c (exportSecretSshKey): New.
(opts): Add --export-secret-ssh-key.
(main): Implement option.
* g10/export.c (do_export_stream): Factor keywrap key code out to ...
(get_keywrap_key): new.
(mb_write_uint32, mb_write_uint8)
(mb_write_data, mb_write_cstring)
(mb_write_string, mb_write_mpi): New.
(receive_raw_seckey_from_agent): New.
(export_secret_ssh_key): New.
--

Due to time constraints the code is not yet ready.
2021-12-20 19:34:34 +01:00
Werner Koch
ace15e1b09
gpg: Allow passing a keygrip as description to pinentry.
* g10/keydb.h (FORMAT_KEYDESC_KEYGRIP): New.
* g10/passphrase.c (gpg_format_keydesc): Add new mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-12-20 19:34:34 +01:00
Werner Koch
da39102216
common: Add set_membuf_err.
* common/membuf.c (set_membuf_err): New.
2021-12-20 19:34:34 +01:00
Werner Koch
038136ea48
wkd: Don't beg for donations
* tools/gpg-wks-server.c (send_congratulation_message): Remove
donation hint from message.
--
2021-12-20 19:34:34 +01:00
Ingo Klöcker
c7fa4c7f8b dirmngr: Ask keyservers to provide the key fingerprints
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to
request URL.
--

Some keyservers, e.g. keyserver.ubuntu.com (Hockeypuck), do not
provide the key fingerprints by default. Therefore, we ask for the
fingerprints explicitly.

GnuPG-bug-id: 5741
2021-12-20 09:25:26 +01:00
NIIBE Yutaka
a9b95b20a8 dirmngr: Fix ldap-url.c.
* dirmngr/ldap-url.c (ldap_charray2str): Use memcpy instead of strncpy
when length is computed by strlen beforhand.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-17 13:33:40 +09:00
NIIBE Yutaka
e08225030d w32: Prepare for the case gcrypt.h will not include winsock2.h.
* common/dynload.h: Include specific headers only.
* common/exechelp-w32.c: Include <windows.h>.
* common/gettime.c: Likewise.
* common/utf8conv.c: Likewise.
* tests/gpgscm/ffi.c: Likewise.
* tools/gpgconf.c: Likewise.
* configure.ac: Check winsock2.h, removing gl_HEADER_SYS_SOCKET.

--

GnuPG-bug-id: 5731
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-17 13:32:14 +09:00
NIIBE Yutaka
61ac580a20 gpg: Emit compatible Ed25519 signature.
* g10/pkglue.c (sexp_extract_param_sos_nlz): New.
* g10/pkglue.h: Add the declaration.
* g10/sign.c (do_sign): Use sexp_extract_param_sos_nlz for Ed25519.

--

Ed25519 signature in GnuPG 2.2 has no leading zeros.

GnuPG-bug-id: 5331
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-10 15:43:28 +09:00
Jakub Jelen
426d82fcf1 gpg: Fix function prototype to match declaration.
* g10/test-stubs.c (keyserver_import_mbox): Fix prototype
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:48 +09:00
Jakub Jelen
46efee8cb7 kbx: Fix allocation check
* kbx/kbxserver.c (cmd_search): Fix allocation check
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:33 +09:00
Jakub Jelen
6ee3eb4202 homedir: Avoid memory leaks on errors
* common/homedir.c (unix_rootdir): Free allocated memory on error path
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:33 +09:00
Jakub Jelen
940af3f052 dirmngr: Avoid memory leaks on errors
* dirmngr/ldap-misc.c (ldap_parse_extfilter): Avoid direct return
  without freeing resources on errors.
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:33 +09:00