1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-13 22:08:52 +01:00
Commit Graph

1203 Commits

Author SHA1 Message Date
Werner Koch
45e3b81114 gpg: Allow compressed data with algorithm 0.
* g10/mainproc.c (proc_compressed): Remove superfluous check for
an algorithm number of 0.
--

(backport from commit 88633bf3d4)

GnuPG-bug-id: 1326, 1684
2014-08-20 12:05:16 +02:00
Werner Koch
d58552760b gpg: Fix regression due to the keyserver import filter.
* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
to take subpakets in account.
* g10/import.c (import_one, import_secret_one): Pass keyblock to
filter.
--

GnuPG-bug-id: 1680

Resolved conflicts:
	g10/main.h - s/import_filter/import_filter_t/g
2014-08-06 18:43:40 +02:00
Werner Koch
dcf58b3471 Add kbnode_t for easier backporting.
* g10/global.h (kbnode_t): New.
2014-08-06 18:33:21 +02:00
Werner Koch
aae7ec516b Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--

It was possible to create 16k RSA keys in batch mode. In addition to
the silliness of such keys, they have the major drawback that GnuPG,
with its limited amount of specially secured memory areas, the use of
such keys may lead to an "out of secure memory" condition.
2014-06-30 19:40:58 +02:00
Werner Koch
955524f435 Make screening of keyserver result work with multi-key commands.
* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
(keyserver_retrieval_filter): Use new struct and check all
descriptions.
(keyserver_spawn): Pass filter arg suing the new struct.
--

This is a fix for commit 52303043.

The old code did only work for a single key.  It failed as soon as
several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
B C").
2014-06-30 19:40:44 +02:00
Werner Koch
0d0961c483 Fix syntax error introduced with 60bd6488
* g10/apdu.c (pcsc_dword_t): Fix syntax error.
2014-06-23 17:14:55 +02:00
Stefan Tomanek
5230304349 Screen keyserver responses.
* g10/main.h: Typedef import_filter for filter callbacks.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()

--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.

Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>

Re-indention and minor changes by wk.
2014-06-23 15:34:36 +02:00
Werner Koch
8eab483a1c Print hash algorithm in sig records
* g10/keylist.c (list_keyblock_colon): Print field 16.
--

We have this info already in gnupg-2 and it is easy to add it to 1.4.

Debian-bug-id: 672658

Patch written and tested by Daniel Leidert.  See above.
2014-06-23 14:57:32 +02:00
Werner Koch
01bd0558dd Remove useless diagnostic in MDC verification.
* g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC
packet header and a bad MDC.
--

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to understand.
2014-06-23 13:24:43 +02:00
Werner Koch
60bd6488c0 PC/SC cleanup.
* g10/apdu.c (pcsc_dword_t): New.  It was named as DWORD (double-word)
when a word was 16-bit.
(struct reader_table_s): Fixes for types.
(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
Throughout: Fixes for types.
--

GnuPG-bug-id: 1358

This is a backport of commit ae22d629b6.
2014-06-23 09:58:34 +02:00
Werner Koch
4239780d5a gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
INV_RECP.
--

GnuPG-bug-id: 1650

Note that this patch is a bit more limited than the one in 2.1.
2014-06-23 09:25:45 +02:00
Werner Koch
11fdfcf82b gpg: Avoid infinite loop in uncompressing garbled packets.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--

A packet like (a3 01 5b ff) leads to an infinite loop.  Using
--max-output won't help if it is a partial packet.  This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed
report.
2014-06-20 20:23:19 +02:00
Werner Koch
23191d7851 gpg: Need to init the trustdb for import.
* g10/trustdb.c (clear_ownertrusts): Init trustdb.
--

This is actually a hack to fix a bug introduced with commit 2528178.
Debian uses it and thus we should do too.

GnuPG-bug-id: 1622
2014-03-06 16:11:34 +01:00
Werner Koch
fa3f555d75 Change --show-session-key to print the session key earlier.
* g10/mainproc.c (proc_encrypted): Move show_session_key code to ...
* g10/decrypt-data.c (decrypt_data): here.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

This is the same feature as
commit 101a54add3 for 2.1 and
commit 3ae90ff28c for 2.0.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-12-11 10:50:55 +01:00
Werner Koch
4466fdba7b Update config.{guess,sub} and some copyright notices.
* scripts/config.guess, scripts/config.sub: Update to version
2013-11-29.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-12-10 20:33:48 +01:00
Werner Koch
93a96e3c0c Use blinding for the RSA secret operation.
* cipher/random.c (randomize_mpi): New.
* g10/gpgv.c (randomize_mpi): New stub.
* cipher/rsa.c (USE_BLINDING): Define macro.
(secret): Implement blinding.
--

GPG 1.x has never used any protection against timing attacks on the
RSA secret operation.  The rationale for this has been that there was
no way to mount a remote timing attack on GnuPG.  With the turning up
of Acoustic Cryptanalysis (http://cs.tau.ac.il/~tromer/acoustic) this
assumption no longer holds true and thus we need to do do something
about it.  Blinding seems to be a suitable mitigation to the threat of
key extraction.  It does not help against distinguishing used keys,
though.

Note that GPG 2.x uses Libgcrypt which does blinding by default.

The performance penalty is negligible: Modifying the core pubkey_sign
or pubkey_decrypt function to run 100 times in a loop, the entire
execution times for signing or decrypting a small message using a 4K
RSA key on a Thinkpad X220 are

  Without blinding:  5.2s  (8.9s)
  With blinding:     5.6s  (9.3s)

The numbers in parentheses give the values without the recently
implemented k-ary exponentiation code.  Thus for the next release the
user will actually experience faster signing and decryption.  A
drawback of blinding is that we need random numbers even for
decryption (albeit at low quality).

Signed-off-by: Werner Koch <wk@gnupg.org>

CVE-id: CVE-2013-4576
2013-12-03 09:25:57 +01:00
Werner Koch
b135372176 gpg: Change armor Version header to emit only the major version.
* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e951782e93)

Resolved conflicts:
	NEWS
	g10/armor.c
	g10/gpg.c
2013-11-27 11:00:55 +01:00
Werner Koch
0bdf121d1d Print the keyid for key packets with --list-packets.
* g10/parse-packet.c (parse_key): Add keyid printing.
--

This is backport from GnuPG-2.  Note that the --list-packets command
is for debugging only and not part iof the stable API.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-18 10:24:32 +02:00
Werner Koch
2528178e7e gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1)

Resolved conflicts:
	g10/gpg.c
	g10/tdbio.h
	g10/trustdb.c
 (indentation fixes)
2013-10-11 09:35:01 +02:00
Werner Koch
4a06d9a600 gpg: Print a "not found" message for an unknown key in --key-edit.
* g10/keyedit.c (keyedit_menu): Print message.
--

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0bf54e60d3)
2013-10-04 20:59:45 +02:00
Werner Koch
d74dd36c11 gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e7abed3448)

Resolved conflicts:
	g10/options.h
2013-10-04 20:58:51 +02:00
Daniel Kahn Gillmor
fe0fb5e6b0 gpg: Allow setting of all zero key flags
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
(cherry picked from commit b693ec02c4)
(cherry picked from commit dd868acb0d)
2013-10-04 20:54:10 +02:00
Werner Koch
27d0f32f77 gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.
(cherry picked from commit 4bde12206c)
(cherry picked from commit 0a805ed160)

Resolved conflicts:
	include/cipher.h
2013-10-04 20:53:51 +02:00
Werner Koch
d90a1d2340 gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-02 09:29:47 +02:00
Werner Koch
6ed7056197 gpg: Use 2048 as the default keysize in batch mode.
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:19:14 +02:00
Werner Koch
a1a59e6a53 gpg: No need to create a trustdb when encrypting with --always-trust.
* g10/gpg.c (main): Special case setup_trustdb for --encrypt.
--

(back ported from commit 498b9a95dc)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-02 09:17:52 +02:00
Werner Koch
801803ab6e Prepare for a forthcoming new algorithm id.
* include/cipher.h (PUBKEY_ALGO_ECC): New.
* g10/keyid.c (pubkey_letter): Add letter 'C'.
--

ID 22 will be used for generic ECC, i.e. one which can be used for
ECDSA and ECDH.  The only support in 1.4 will pretty printing the
algorithm id.
2013-07-25 10:37:41 +02:00
NIIBE Yutaka
f61d8fa5a7 gpg: fix previous change
* g10/gpgv.c: Fix void dotlock_remove_lockfiles.
2013-07-16 09:21:54 +09:00
NIIBE Yutaka
212a325d42 gpg: signal handling fix
* include/dotlock.h (dotlock_remove_lockfiles_reclaim): New.
  (dotlock_destroy, dotlock_remove_lockfiles): Add a flag to reclaim
  memory or not.
* util/dotlock.c (dotlock_create): Use
  dotlock_remove_lockfiles_reclaim for atexit.
  (dotlock_destroy_unix, dotlock_destroy)
  (dotlock_remove_lockfiles): Add a reclaim flag.
  (dotlock_remove_lockfiles_reclaim): New.
* g10/signal.c (got_fatal_signal): Disable flag of reclaim memory to
  avoid non-async-face call.
* g10/keydb.c (maybe_create_keyring): Follow the API change.
* g10/gpgv.c: Follow the API change.

--

signal handler got_fatal_signal should not call non-async-signal-safe
functions.  When malloc is interrupted by a signal, it screws up.

This issue is reported:
https://bugs.g10code.com/gnupg/issue1515
http://bugs.debian.org/399904
2013-07-12 17:26:55 +09:00
Christian Aistleitner
ff5cfadc2c Fix honoring --cert-digest-algo when recreating a cert
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data.
2013-01-11 13:33:44 +01:00
Werner Koch
3a4b96e665 gpg: Suppress "public key already present" in quiet mode.
* g10/pkclist.c (build_pk_list): Print two diagnostics only in
non-quiet mode.
--

(back-ported from commit 8325d61659)
2012-12-20 09:44:09 +01:00
Werner Koch
f795a0d59e Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--

A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring.  This change skips all
packets which are not allowed in a keyblock.

GnuPG-bug-id: 1455
2012-12-20 09:43:41 +01:00
Werner Koch
3d56d486e1 Remove trailing white space from some files
--
2012-12-19 14:05:56 +01:00
Werner Koch
e33e74e3a4 Fix potential heap corruption in "gpg -v --version"
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
* util/membuf.c (put_membuf_str): New.
(get_membuf): Make LEN optional.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
2012-12-15 11:28:00 +01:00
NIIBE Yutaka
09dd073096 Card: Fix the process of writing key or generating key.
* g10/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
--

(cherry picked from commit e7dca3e83e)
2012-12-13 17:25:57 +01:00
David Shaw
d42dcbfa92 The keyserver search menu should honor --keyid-format
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
  full fingerprints from the keyserver (the comment in the code was
  correct, the code was not).
2012-11-29 12:00:46 -05:00
Werner Koch
64e7c237db Create off-line card encryption key with the right size.
* g10/keygen.c (gen_card_key_with_backup): Get the size of the key
from the card.
--

Formerly the off-line encryption key was created with a fixed length
of 1024 bit.  With this change the key is created as expected.

GnuPG-bug-id: 1230
2012-11-08 15:59:47 +01:00
Werner Koch
b1eac93431 Support the not anymore patented IDEA cipher algorithm.
* cipher/idea.c: New.  Take from Libgcrypt master and adjust for
direct use in GnuPG.
* cipher/idea-stub.c: Remove.
* cipher/Makefile.am: Add idea.c and remove idea-stub.c rules.
* configure.ac: Remove idea-stub code.
* g10/gpg.c (check_permissions): Remove code path for ITEM==2.
(main): Make --load-extension a dummy option.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
* g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA.
* g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA.
* g10/status.h (STATUS_RSA_OR_IDEA): Remove.

--

To keep the number of actually used algorithms low, we support IDEA
only in a basically read-only way (unless --pgp2 is used during key
generation).  It does not make sense to suggest the use of this old 64
bit blocksize algorithm.  However, there is old data available where
it might be helpful to have IDEA available.
2012-11-08 13:25:02 +01:00
Werner Koch
a76efe1b05 Fix typos spotted during translations
* g10/gpg.c: uppercase after Syntax
* util/secmem.c (print_warn): Update URL.
2012-08-24 16:37:44 +02:00
David Prévot
e393ae3e29 Actually show translators comments in PO files
--

Note that strings marked for gettext need to immediately follow a
TRANSLATOR comment block.
2012-08-24 16:32:40 +02:00
Werner Koch
7a852fba6c With --quiet do not print reading passphrase from fd message.
Fix for bug#1403.
* g10/passphrase.c (read_passphrase_from_fd): Act on --quiet.
2012-04-29 11:54:28 +02:00
David Shaw
509fe4ce5d Honor --cert-digest-algo when recreating a cert.
* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
  recreating a cert.

This is used by various things in --edit-key like setpref, primary,
etc.  Suggested by Christian Aistleitner.
2012-01-31 21:30:05 -05:00
David Shaw
561d89803b Merge branch 'STABLE-BRANCH-1-4' of git+ssh://playfair.gnupg.org/git/gnupg into STABLE-BRANCH-1-4 2012-01-19 22:34:45 -05:00
David Shaw
f310735975 Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level

* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
  pending_check_trustdb is true (set when we detect a trustdb
  parameter has changed).

* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
  listing for min_cert_level not matching.

* g10/tdbio.c (tdbio_update_version_record, create_version_record,
  tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
  tdbio_write_record): Add a byte for min_cert_level in the tdbio
  version record.
2012-01-19 22:33:51 -05:00
Werner Koch
cfb193a1de Add a DECRYPTION_INFO status.
* g10/status.h (STATUS_DECRYPTION_INFO): New.
* g10/status.c (get_status_string): Add new status string.
* g10/encr-data.c: Include status.h.
(decrypt_data): Print STATUS_DECRYPTION_INFO.
--
This is  backport of commit  5667e33.

DECRYPTION_INFO <mdc_method> <sym_algo>
   Print information about the symmetric encryption algorithm and
   the MDC method.  This will be emitted even if the decryption
   fails.
2012-01-13 16:20:53 +01:00
Werner Koch
02f282368e gpg: Remove unused fields from a trust data structure.
The functions tdbio_read_record and tdbio_write_record control the
actual on-disk format.  Thus there is no need to keep reserved fields
in the internal data structure.

* g10/tdbio.h (struct trust_record): Remove reserved fields.
2012-01-12 12:19:54 +01:00
Werner Koch
9b2a98ea14 Allow use of a standard space separated fingerprint.
We allow a single or a double space in the middle of the fingerprint
to help with c+p fingerprints from an HTML pages which are not being
enclosed in a "pre" tag.
* g10/getkey.c (classify_user_id): Check for space separated GPG
fingerprint.
--
This is a backport of commit 957fe72 and 372fb4f.
2012-01-10 15:34:02 +01:00
Werner Koch
b9333cd890 Replace file locking by the new portable dotlock code.
* include/dotlock.h: New.  From current gnupg master.
* util/dotlock.c: Ditto.  Include util.h.  The major changes done in
master are: Factor Unix and W32 specific code out into specific
functions.  Define HAVE_POSIX_SYSTEM.  Rearrange some functions.
(disable_dotlock): Rename to dotlock_disable.
(create_dotlock): Rename to dotlock_create and add a dummy arg.
(destroy_dotlock): Rename to dotlock_destroy.
(make_dotlock): Rename to dotlock_take.
(release_dotlock): Rename to dotlock_release.
(remove_lockfiles): Rename to dotlock_remove_lockfiles.
2012-01-10 15:16:44 +01:00
Werner Koch
dccdcef319 Update copyright years.
* util/argparse.c (default_strusage): Update printed copyright year.
2012-01-10 11:51:19 +01:00
Werner Koch
76b73caf91 Rename all ChangeLog files to ChangeLog-2011.
* ChangeLog: New file.
2011-12-02 19:42:56 +01:00