| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Print message.
--
GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 0bf54e60d31389812d05c3fd29bece876204561d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--
By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id. The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.
Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe)
Resolved conflicts:
g10/options.h
|
| |
|
|
|
|
| |
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
(cherry picked from commit dd868acb0d13a9f119c0536777350a6c237a66a1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--
We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature. Thus if key
flags are used in any way, the default key capabilities are never
used.
This allows to create a key with key flags set to all zero so it can't
be used. This better reflects common sense.
(cherry picked from commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf)
(cherry picked from commit 0a805ed1604ef3e9b27f3e22a936a2d439300e9f)
Resolved conflicts:
include/cipher.h
|
| |
|
|
|
|
|
|
|
|
|
| |
* keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file
has been given.
* keyserver/gpgkeys_hkp.c (main): Ditto.
--
GnuPG-bug-id: 1542
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit e957b9b3f408491f36660499b215aebcf2633a95)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* until/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.
--
This is a more general fix for the nested compression packet bug. In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth. Handle errors from
check_compressed.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/mpi-internal.h (MPN_COPY_INCR): Make it work.
--
This bug has been with us since the version 0.0.0 of GnuPG.
Fortunately it only affects an optimized code path which is rarely
used in practice: If the shift size matches the size of a
limb (i.e.. 32 or 64); this is is_prime in primegen.c. Over there the
Rabin-Miller test may fail with a probability of 2^-31 (that is if the
to be tested prime - 1 has the low 32 bits cleared). In practice the
probability is even much less because we first do a Fermat test on the
randomly generated candidates which sorts out the majority of
composite numbers.
The bug in MPN_COPY_INCR was found by Sven Bjorn.
Signed-off-by: Werner Koch <[email protected]>
(back ported from Libgcrypt
commit 7f7a5ef59962ae1a819b5060f9b781469bfe27d5)
|
| |
|
|
|
|
|
|
|
|
| |
--
Except for a minor change by David Shaw, all code has been written by
me. After termination of my copyright assignment, I change that
notice to reflect the new legal state.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/gpg.c (main): Special case setup_trustdb for --encrypt.
--
(back ported from commit 498b9a95dc65c43240835d64cc92d8fb43014d53)
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
* configure.ac: s/my_/mym4_/. Add new release building code.
|
| |
|
|
|
|
|
|
|
|
| |
* include/cipher.h (PUBKEY_ALGO_ECC): New.
* g10/keyid.c (pubkey_letter): Add letter 'C'.
--
ID 22 will be used for generic ECC, i.e. one which can be used for
ECDSA and ECDH. The only support in 1.4 will pretty printing the
algorithm id.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents
hold in secure memory.
--
The attack is described in a paper to be pusblished at eprint.iacr.org:
Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
Flush+Reload is a cache side-channel attack that monitors access to
data in shared pages. In this paper we demonstrate how to use the
attack to extract private encryption keys from GnuPG. The high
resolution and low noise of the Flush+Reload attack enables a spy
program to recover over 98% of the bits of the private key in a
single decryption or signing round. Unlike previous attacks, the
attack targets the last level L3 cache. Consequently, the spy
program and the victim do not need to share the execution core of
the CPU. The attack is not limited to a traditional OS and can be
used in a virtualised environment, where it can attack programs
executing in a different VM.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* configure.ac: Use git rev-parse to retrieve the revision.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* g10/gpgv.c: Fix void dotlock_remove_lockfiles.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* include/dotlock.h (dotlock_remove_lockfiles_reclaim): New.
(dotlock_destroy, dotlock_remove_lockfiles): Add a flag to reclaim
memory or not.
* util/dotlock.c (dotlock_create): Use
dotlock_remove_lockfiles_reclaim for atexit.
(dotlock_destroy_unix, dotlock_destroy)
(dotlock_remove_lockfiles): Add a reclaim flag.
(dotlock_remove_lockfiles_reclaim): New.
* g10/signal.c (got_fatal_signal): Disable flag of reclaim memory to
avoid non-async-face call.
* g10/keydb.c (maybe_create_keyring): Follow the API change.
* g10/gpgv.c: Follow the API change.
--
signal handler got_fatal_signal should not call non-async-signal-safe
functions. When malloc is interrupted by a signal, it screws up.
This issue is reported:
https://bugs.g10code.com/gnupg/issue1515
http://bugs.debian.org/399904
|
| |
|
|
|
|
| |
* keyserver/gpgkeys_hkp.c (get_key): Use curl_easy_setinfo to get the
HTTP status code so we can tell the difference between a successful
retrieval, a partial retrieval, a not-found, or a server failed.
|
| |
|
|
|
| |
* keyserver/curl-shim.h, keyserver/curl-shim.c (curl_easy_getinfo):
New. Return the HTTP status code for the last transfer.
|
| |
|
|
| |
* configure.ac: OS X now needs BIND_8_COMPAT and -lresolv
|
| |
|
|
|
|
| |
* configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/.
--
GnuPG-bug-id: 1459
|
| |
|
|
|
|
| |
* cipher/idea.c: Replace use of WORDS_BIGENDIAN by BIG_ENDIAN_HOST.
--
GnuPG-bug-id: 1461
|
| |
|
|
|
| |
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data.
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
| |
* keyserver/gpgkeys_hkp.c (srv_replace): Make sure SRVCOUNT is
always initialized.
--
See commit 5c557a51.
|
| |
|
|
|
|
|
| |
* doc/Makefile.am (update-source): Copy from Git master.
(update-source-from-gnupg-2): Remove.
* doc/gpg.texi: Fix minor typos and grammar bugs.
* doc/yat2m.c: Change diagnostics to updated coding standards.
|
| |
|
|
| |
* scripts/config.guess, scripts/config.sub: Update.
|
| |
|
|
| |
* po/da.po: Update.
|
| |
|
|
|
|
|
| |
--
Applied changes from Jedi Lin as received in May and fixed fuzzies due
to English typo corrections.
|
| |
|
|
|
|
|
|
| |
* g10/pkclist.c (build_pk_list): Print two diagnostics only in
non-quiet mode.
--
(back-ported from commit 8325d616593187ff227853de0295e3269b96edcb)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--
A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring. This change skips all
packets which are not allowed in a keyblock.
GnuPG-bug-id: 1455
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Check for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
each target. Once we find one that resolves to an address (whether
IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
SRV name as the "host". Force the HTTP Host header to be the same.
Backported from 6b1f71055ebab36989e2089cfde319d2ba40ada7
* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
have SRV support in the first place.
Backported from 732f3d1d4786239db5f31f82cc04ec79326cc13c
|
| |
|
|
|
|
|
|
| |
* common/http.c (send_request, connect_server): Set proper Host header
(no :port, host is that of the SRV) when SRV is used in the
curl-shim.
Backported from cbe98b2cb1e40ba253300e604996681ae191e363
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
--
A variable definition with initialization shall have only one variable
per type.
|
| |
|
|
| |
* util/http.c (connect_server): Bump SRVINDEX and not SRV.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (send_request, connect_server, http_open): Use a
struct srv instead of a single srvtag so we can pass the chosen host
and port back to the caller.
(connect_server): Use the proper port in the HAVE_GETADDRINFO case.
* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
chosen host and port.
* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.
Backported from ba9e974f1fd85b3dbbfb5e26d7a14f71d07c7cf2
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* util/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--
This option is currently of no use. However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG. For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option". To avoid that the following line can be put
above that option in gpg.conf
ignore-invalid-option foobar
This meta option may be given several times or several option names
may be given as arguments (space delimited). Note that this option is
not available on the command line.
(backported from commit 41d564333d35c923f473aa90625d91f8fe18cd0b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
* util/membuf.c (put_membuf_str): New.
(get_membuf): Make LEN optional.
--
This fixes an obvious bug in locales where the translated string is
longer than the original. The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.
En passant we also removed the trailing white space on continued
lines.
Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
|
| |
|
|
| |
--
|
