1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

8034 Commits

Author SHA1 Message Date
Werner Koch
fa1b1eaa42
dirmngr: Avoid possible CSRF attacks via http redirects.
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--

With this change a http query will not follow a redirect unless the
Location header gives the same host.  If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:36:07 +01:00
Werner Koch
e5c3a6999a
doc: Clarify use of clear and nodefault in the AKL.
--
2018-11-21 09:20:56 +01:00
Werner Koch
1e700961dd
gpg: Start using OCB mode by default with Libgcrypt 1.9.
* g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
--

GnuPG-bug-id: 4259
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 09:19:10 +01:00
Werner Koch
c8f79cec74
doc: Add NEWS item from recent 2.2 releases.
--
2018-11-16 08:30:47 +01:00
NIIBE Yutaka
e955ca245e card: Display UIF setting.
* g10/call-agent.h (agent_card_info_s): Add UIF fields.
* g10/call-agent.c (learn_status_cb): Put UIF DOs info.
* g10/card-util.c (current_card_status): Output for UIF.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 13:57:31 +09:00
NIIBE Yutaka
05d163aebc scd: Make "learn" report about KDF data object.
* scd/app-openpgp.c (do_learn_status): Report KDF attr.
* g10/card-util.c (current_card_status): Output KDF for with_colons.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 13:56:27 +09:00
NIIBE Yutaka
a5542a4a70 card: Display if KDF is enabled or not.
* g10/call-agent.h (kdf_do_enabled): New field.
* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
* g10/card-util.c (current_card_status): Inform the availability.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 12:31:11 +09:00
Werner Koch
56022fb304
Merge branch 'seckey-sync-work' into master
--
2018-11-14 13:37:41 +01:00
Werner Koch
8b8ea802ca
Remove the gpg-zip script.
* tools/gpg-zip.in: Remove.
* m4/tar-ustar.m4: Remove.
--

Note that the script was even not anymore installed.  See also
GnuPG-bug-id: 4252

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-14 13:31:39 +01:00
NIIBE Yutaka
804a77edd9 agent: Simplify agent_popup_message_stop.
* agent/call-pinentry.c (agent_popup_message_stop): Just kill it.

--

By checking if it's alive or not, we can lower a risk of sending
SIGINT to a wrong process on unusual condition when PID is re-used to
a different process.

That's true, however, since it's alive usually, simply sending SIGINT
is enough here.

Note that here is a race condition for detecting if process is active
or not;  A process can die just after being detected alive.

Moreover, when the process of pinentry accidentally died already, it
should have caused return of assuan_transact and the thread of
popup_message_thread likely already set popup_finished=1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-14 10:45:15 +09:00
Werner Koch
914fa3be22
dirmngr: Support the new WKD draft with the openpgpkey subdomain.
* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
method.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-13 11:35:39 +01:00
Werner Koch
b3a70b67f3
po: Clarify a translator's note.
--
2018-11-13 09:15:15 +01:00
NIIBE Yutaka
d58fe697ac build: Update libgcrypt.m4 and ntbtls.m4.
* m4/libgcrypt.m4: Update from master.
* m4/ntbtls.m4: Update from master.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-13 11:37:37 +09:00
Andre Heinecke
678e4706ee
dirmngr: Add FLUSHCRLs command
Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.

--
This allows it to flush the CRL cache of a running dirmngr
server. This can be useful to debug / analyze CRL issues.

GnuPG-Bug-Id: T3967

Differential Revision: https://dev.gnupg.org/D469

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
(cherry picked from commit 00321a025f)
2018-11-12 13:54:26 +01:00
Werner Koch
6b9f772914
common: Prepare for parsing mail sub-addresses.
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement.  Change all callers to pass false for it.

* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--

Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it.  After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.

To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command

   t-mbox-util --verbose --filter

can be used; to output w/o sub-addresses add --no-sub.

GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-12 07:44:33 +01:00
Werner Koch
bbed4746ed
gpg: Fix format string in gpgcompose.c
--

For size_t  use "%zu"
For ssize_t use "%zd"

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-11 12:20:34 +01:00
Werner Koch
b3095c95ef
common: Add --filter option to t-mbox-util.
* common/t-mbox-util.c (run_filter): New.
(main): Add option parser.
2018-11-11 12:01:47 +01:00
Jussi Kivilinna
b46382dd47 g10/mainproc: avoid extra hash contexts when decrypting AEAD input
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_aead'.
(release_list): Clear 'seen_pkt_encrypted_aead'.
(proc_encrypted): Set 'seen_pkt_encrypted_aead'.
(have_seen_pkt_encrypted_aead): New.
(proc_plaintext): Do not enable extra hash contexts when decryption
AEAD input.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-09 18:07:18 +02:00
Jussi Kivilinna
643ec7c642 g10/armor: optimize radix64 to binary conversion
* g10/armor.c (asctobin): Larger look-up table for fast path.
(initialize): Update 'asctobin' initialization.
(radix64_read): Add fast path for radix64 to binary conversion.
--

This patch adds fast path for radix64 to binary conversion in
armored decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
               gpg process
armor:         user time    pipe transfer rate
 decrypt-aead:  9.8          200 MB/s
 decrypt-cfb:   11.9         168 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
e8142cc69a g10/armor: optimize binary to radix64 conversion
* g10/armor.c (bintoasc): Change to read-only.
(initialize): Use const pointer for 'bintoasc'.
(armor_output_buf_as_radix64): New function for faster binary to
radix64 conversion.
(armor_filter): Use new conversion function.
--

This patch adds faster binary to radix64 conversion to speed up
armored encryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  2.7          523 MB/s
 encrypt-cfb:   6.7          264 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
e486d4f025 g10/armor: use libgcrypt's CRC24 implementation
* g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove.
(new_armor_context): Open libgcrypt CRC24 context.
(release_armor_context): Close CRC24 context.
(initialize): Remove CRC table generation.
(get_afx_crc): New.
(check_input, fake_packet, radix64_read, armor_filter): Update to use
CRC24 context.
* g10/filter.h (armor_filter_context_t): Replace crc intermediate value
with libgcrypt md context pointer.
--

This patch changes armor filter to use optimized CRC24 implementation
from libgcrypt to speed up encryption and decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc opt)
-----------------------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  8.7          211 MB/s
 decrypt-aead:  17.6         116 MB/s
 encrypt-cfb:   12.6         153 MB/s
 decrypt-cfb:   19.6         105 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
2b5718c1f7 common/iobuf: optimize iobuf_read_line
* common/iobuf.c (iobuf_read_line): Add fast path for finding '\n'
character in buffer.
--

This patch reduce per byte overhead in iobuf_read_line by avoiding
using iobuf_get when possible and use memchr to find '\n'. This
speeds armored decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf opt)
-------------------------
               gpg process
armor:         user time    pipe transfer rate
 decrypt-aead:  22.5         92 MB/s
 decrypt-cfb:   24.4         85 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
47424881b2 g10/armor: remove unused unarmor_pump code
* g10/armor.c (unarmor_state_e, unarmor_pump_s, unarmor_pump_new)
(unarmor_pump_release, unarmor_pump): Remove.
* g10/filter.h (UnarmorPump, unarmor_pump_new, unarmor_pump_release)
(unarmor_pump): Remove.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
a571bb8df5 g10/armor: fix eof checks in radix64_read
* g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead
of 'c == -1', as 'c' is never set to this value.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
5d6c080522 g10/decrypt-data: use iobuf_read for higher performance
* g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get
for reading data.
--

This patch reduces iobuf_read per byte processing overhead and speeds
up decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
	       gpg process
no-armor:      user time    pipe transfer rate
 encrypt-aead:  1.02         1.0 GB/s
 decrypt-aead:  10.8         185 MB/s
 encrypt-cfb:   4.8          342 MB/s
 decrypt-cfb:   12.7         157 MB/s

               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt opt)
-------------------
               gpg process
no-armor:      user time    pipe transfer rate
 decrypt-aead:  7.3          263 MB/s
 decrypt-cfb:   9.3          211 MB/s

               gpg process
armor:         user time    pipe transfer rate
 decrypt-aead:  27.0         77 MB/s
 decrypt-cfb:   29.0         72 MB/s

Note: decryption results are much slower than encryption because of
extra SHA1 & RIPEMD160 hashing.

GnuPG-bug-id: 3786
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
e2b9095de3 g10/decrypt-data: use fill_buffer in more places
* g10/decrypt-data.c (mdc_decode_filter, decode_filter): Use
fill_buffer.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
NIIBE Yutaka
69930f6884 gpgcompose: Fix --sk-esk.
* g10/gpgcompose.c (sk_esk): Copy the result content correctly.
Don't forget to free the result.

--

Fixes-commit: 0131d4369a
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-08 20:52:38 +09:00
NIIBE Yutaka
7fc3decc2e g10: Fix log_debug formatting.
* g10/cipher-aead.c (do_flush): No cast is correct.
* g10/decrypt-data.c (aead_underflow): No cast needed.
Use "%j" for uint64_t for chunklen.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-08 12:14:23 +09:00
NIIBE Yutaka
01b77ebbb7 g10: Fix print_keygrip for smartcard.
* g10/card-util.c (print_keygrip): Use tty_fprintf.

--

Reported-by: Joey Pabalinas <joeypabalinas@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-06 15:37:04 +09:00
Werner Koch
e3a1e80d13
wks: New option --with-colons for gpg-wks-client.
* tools/gpg-wks.h (opt): Add field with_colons.
* tools/gpg-wks-client.c (oWithColons): New const.
(opts, parse_arguments): Add option --with-colons.
(main): Change aSupported to take several domains in --with-colons
mode.
(command_send): Factor policy getting code out to ...
(get_policy_and_sa): New function.
(command_supported): Make use of new function.
--

In addition to this the --create command now also supports a
submission address only in the policy file.  That means the
submission-address file is not anymore required and can be replaced by
the policy file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-05 20:58:27 +01:00
Werner Koch
d7323bb2d9
speedo: Remove obsolete configure option of gpgme.
* build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
--disable-w32-qt option.
--

This option is obsolete since GPGME 1.7 (in 2016)

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-05 12:47:44 +01:00
Werner Koch
a3a5a24519
dirmngr: Fix LDAP port parsing.
* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
--

Reportted-by: Tomas Mraz
GnuPG-bug-id: 4230
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-05 09:00:02 +01:00
NIIBE Yutaka
8e84efbe35 build: Update *.m4 from libraries.
* m4/gpg-error.m4: Update from master.
* m4/ksba.m4: Ditto.
* m4/libassuan.m4: Ditto.
* m4/libgcrypt.m4: Ditto.
* m4/npth.m4: Ditto.
* m4/ntbtls.m4: Ditto.

--

Do it again today.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-02 13:06:43 +09:00
NIIBE Yutaka
fd7aee6a97 build: Update *.m4 from libraries.
* m4/gpg-error.m4: Update from master.
* m4/ksba.m4: Ditto.
* m4/libassuan.m4: Ditto.
* m4/libgcrypt.m4: Ditto.
* m4/npth.m4: Ditto.
* m4/ntbtls.m4: Ditto.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-31 08:20:37 +09:00
Werner Koch
b83fed64f8
build: By default build wks-tools on all Unix platforms.
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-26 14:56:59 +02:00
Werner Koch
f248416bc9
wkd: Add option --directory to the server.
* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--

Note that a policy file is meanwhile required and thus is is useful to
create it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-26 14:56:59 +02:00
NIIBE Yutaka
4249e9a2bf kbx: Increase size of field for fingerprint.
* kbx/keybox-search-desc.h (fpr): Increase the size.

--

In the function keydb_search_fpr in g10/keydb.c, it is copied using
MAX_FINGERPRINT_LEN.  So, more size is required.

Fixes-commit: ecbbafb88d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-26 12:38:43 +09:00
Daniel Kahn Gillmor
a7c5d65eb5 all: fix more spelling errors 2018-10-25 16:53:05 -04:00
Daniel Kahn Gillmor
b39ece7d35 headers: fix spelling
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-25 16:53:05 -04:00
Werner Koch
11e9b704b5
speedo: Sign the windows installer with a timestamp.
--
2018-10-25 18:26:34 +02:00
Werner Koch
2b57a8159c
dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--

GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-25 17:34:24 +02:00
NIIBE Yutaka
0240345728 g10,scd: Improve UIF support.
* g10/call-agent.c (learn_status_cb): Parse "bt" flag.
* g10/call-agent.h: New member field "bt".
* g10/card-util.c (uif): Limit its access only when it is supported.
* scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
when there is a button.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-25 16:20:20 +09:00
Daniel Kahn Gillmor
54eb375ff1 all: fix spelling and typos
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 15:56:18 -04:00
Daniel Kahn Gillmor
ef540d1af0 doc: fix spelling mistakes
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 14:39:56 -04:00
Werner Koch
bafcf70951
agent: Fix possible uninitalized use of CTX in simple_pwquery.
* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
--

GnuPG-bug-id: 4223
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:22:17 +02:00
Werner Koch
2bdc4b6ed9
agent: Fix possible release of unitialize var in a genkey error case.
* agent/command.c (cmd_genkey): Initialize 'value'.
--

GnuPG-bug-id: 4222
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:16:26 +02:00
Werner Koch
7385e1babf
ssh: Fix possible infinite loop in case of an read error.
* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
than EOF.
--

GnuPG-bug-id: 4221
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:11:33 +02:00
Werner Koch
378719f25f
tools: Fix FILE memory leak in gpg-connect-agent.
* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
stream.

GnuPG-bug-id: 4220
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:04:52 +02:00
Werner Koch
793fd8d876
sm: Use the correct string in an error message.
* sm/gpgsm.c (main): Fix error message.
--

GnuPG-bug-id: 4219
2018-10-24 19:55:19 +02:00
Werner Koch
64a1e86fc0
gpg: Unfinished support for v5 signatures.
* g10/parse-packet.c (parse_signature): Allow for v5 signatures.
* g10/sig-check.c (check_signature_end_simple): Support the 64bit v5
byte count.
* g10/sign.c (hash_sigversion_to_magic): Ditto.
(write_signature_packets): Request v5 sig for v5 keys.  Remove useless
condition.
(make_keysig_packet): Request v5 sig for v5 keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 16:18:27 +02:00