1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

161 Commits

Author SHA1 Message Date
Werner Koch
3627123dc8 Use inline functions to convert buffer data to scalars.
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

This fixes sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.

(back ported from commit 2183683bd633818dd031b090b5530951de76f392)

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-12 20:34:44 +01:00
Werner Koch
b2359db21c gpg: Allow predefined names as answer to the keygen.algo prompt.
* g10/keygen.c (ask_algo): Add list of strings.

--
Signed-off-by: Werner Koch <wk@gnupg.org>
(backported from commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7)
2015-01-28 09:24:20 +01:00
NIIBE Yutaka
4f0d526b7d gpg: release DEK soon after its use.
* g10/keygen.c (generate_subkeypair): Release DEK soon.

--

This fixes the out_of_core error in the test case of adding
RSA-4096 subkey to RSA-4096 primary key with configuration:

    s2k-cipher-algo S10

Debian-bug-id: 772780

Cherry-picked da66ad5bba4215b9ddd0cb927a89aa75355632aa from
STABLE-BRANCH-1-4 branch.
2014-12-12 17:46:45 +09:00
Daniel Kahn Gillmor
f952fe8c6d gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from
STABLE-BRANCH-1-4 against STABLE-BRANCH-2-0

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732
2014-10-03 20:24:03 +02:00
Werner Koch
b9b6ac9d26 gpg: Add shortcut for setting key capabilities.
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
2014-09-26 14:44:44 +02:00
Werner Koch
48d92bcc88 gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
2014-06-27 09:50:54 +02:00
Werner Koch
3c3d1ab35d gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639
2014-06-03 08:05:50 +02:00
Werner Koch
6286d01ba3 gpg: Fix --version output and explicitly disable ECC.
* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E.  Return an error for ECC algos.
(openpgp_pk_test_algo2):  Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--

Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks.  This patches fixes that and
also make sure that gpg does advertise any ECC features.  The patch in
build_list is not really needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-11 09:18:01 +02:00
Daniel Kahn Gillmor
dd868acb0d gpg: Allow setting of all zero key flags
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
2013-10-04 08:54:25 +02:00
Daniel Kahn Gillmor
89f6706ada Remove trailing white space from some files.
--
2013-10-04 08:53:27 +02:00
Werner Koch
0f18295ac8 gpg: Use 2048 as the default keysize in batch mode.
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:19:47 +02:00
Werner Koch
18936a1970 Fix bug#1307. 2011-01-10 19:35:10 +01:00
Werner Koch
7343086808 Fix memory leak 2010-09-29 18:42:43 +00:00
Werner Koch
a76c7b96e5 Fix bug#1186 2010-02-17 10:26:32 +00:00
Werner Koch
198fa522d1 Allow for default algorithms in a parameter file 2009-12-04 19:58:28 +00:00
Werner Koch
ae7b03d427 Backported some stuff from trunk 2009-12-03 19:39:39 +00:00
Werner Koch
35ab964c86 Fix bug#1122.
Note that msgmerge 0.17 is completely broken as it always
prepends a fuzzy null entry to all po files.
2009-09-03 20:51:55 +00:00
Werner Koch
830dae2873 Print status of CRL checks in the audit log. 2009-07-23 15:18:58 +00:00
Werner Koch
7ae15f0027 Fix bug 1091.
Doc fixes.
Replace assert by error message.
2009-07-20 11:02:20 +00:00
Werner Koch
e50cac1d84 Changed default hash algorithm preferences 2009-07-09 08:52:31 +00:00
Werner Koch
556d4ed983 Allow generation of DSA2 keys without --enable-dsa2. 2009-05-20 09:57:10 +00:00
Werner Koch
ad6326185e Fix bug#1056. 2009-05-20 09:08:48 +00:00
Werner Koch
f61e15670a Changed default algo and size. 2009-05-17 13:08:18 +00:00
Werner Koch
c4e92c3344 Made card key generate with backup key work for 2048 bit.
Improved card key generation prompts.
2009-05-15 19:26:46 +00:00
Werner Koch
a766a37290 Print keyid in gpg --list-packets.
Add some not yet code to app-nks.c
Changed batch mode expiration time computation
2009-05-13 11:42:34 +00:00
Werner Koch
82ab848ea4 Update spanish translation.
Cleanups.
Allow utf-8 in email addresses.
2009-01-08 15:48:51 +00:00
Werner Koch
6558568912 Make gpg not depend on the RIPE-MD160 implementaion in Libgcrypt.
Fix SIG_ID computation.
2008-12-11 17:44:52 +00:00
Werner Koch
9874c62a10 Flush keyserver search output.
Add trustdb chnages from 1.4.
Check algo usage for batch key generation.
2008-12-09 10:46:29 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
ac5c3fab30 Cehck for expire date overflows. 2008-08-11 08:08:08 +00:00
Werner Koch
aa68a60301 Add controlo statement %ask-passphrase 2008-06-16 15:48:33 +00:00
Werner Koch
49b2db7636 Changes the header presented before requesting the user ID. 2008-06-01 19:44:05 +00:00
Werner Koch
8c20500a5d Allow configuraton of pinentry tooltip.
Other minor buf fixes.
2007-12-04 11:23:31 +00:00
Werner Koch
4631bc8ddf Fixed card key generation of gpg2.
Reveal less information about timings while generating a key.
2007-07-05 16:58:19 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
b861561e47 Included LIBICONV in all Makefiles.
g10/
	* passphrase.c (passphrase_get): Set the cancel flag on all error
	from the agent.  Fixes a bug reported by Tom Duerbusch.
sm/
	* gpgsm.c (main): Let --gen-key print a more informative error
	message.
2007-01-31 14:24:41 +00:00
Werner Koch
006c5af165 * parse-packet.c (read_protected_v3_mpi): Make sure to stop
reading even for corrupted packets.
	* keygen.c (generate_user_id): Need to allocate one byte more.
	Reported by Felix von Leitner.
2007-01-15 19:31:24 +00:00
Werner Koch
0173cd5a98 Fixes for CVE-2006-6235 2006-12-06 10:16:50 +00:00
Werner Koch
13e646d938 Final fix which should now pass all tests. 2006-11-21 19:33:04 +00:00
Werner Koch
e50c5f39cc No more warnings for AMD64 (at least when cross-compiling). Thus tehre is a
good chance that gpg2 will now work. 
Other cleanups.
Updated gettext.
2006-11-21 11:00:14 +00:00
Werner Koch
df52700f5c Fixes 2006-10-19 14:22:06 +00:00
Werner Koch
03d3322e5f Take advantage of newer gpg-error features. 2006-09-14 16:50:33 +00:00
Werner Koch
0ebd23fa76 Migrated more stuff to doc/
Migrated the gpg regression tests.
Some changes tp the gpg code to fix bugs and
for the use in testing. 
make distcheck works now with gpg enabled.
2006-08-21 20:20:23 +00:00
Werner Koch
b744f963d7 With --enable-gpg the keyservers are now build and a first test using gpg2
shows no prblems.   Needs more testing of course.
2006-08-16 10:47:53 +00:00
Werner Koch
6c208fea32 A couple of fixes. gpg2's key generation does now work. 2006-06-30 09:42:08 +00:00
Werner Koch
f081ad529d Ported patches from 1.4.x 2006-06-27 14:30:59 +00:00
Werner Koch
b61df862a7 Still making gpg2 work.
At least the keyids are now correctly computed again.
2006-05-24 11:12:28 +00:00
Werner Koch
fbe4ac37f6 g10/ does build again. 2006-05-23 16:19:43 +00:00
Werner Koch
00ffc478de Merged recent changes from 1.4 2006-04-28 14:31:29 +00:00
Werner Koch
d0907e64f4 Continued with merging.
Still does not build.
2006-04-19 13:24:36 +00:00