| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/textfilter.c (copy_clearsig_text): Free the buffer.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
(backport from master commit:
6b9a89e4c7d6f19de62e0a908a8d80c98bf99819)
|
| |
|
|
|
|
| |
* cipher/rsa.c (secret): Don't keep secmem.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs.
* cipher/rsa.c: Change include file.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
nonce R for mpi_powm computation.
--
Backport of libgcrypt 8725c99ffa41778f382ca97233183bcd687bb0ce.
Signed-off-by: Marcus Brinkmann <[email protected]>
|
| |
|
|
|
|
| |
* mpi/mpi-pow.c (mpi_powm): Fix allocation size.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size. Move
the assignment to base_u into the loop. Copy content refered by RP to
BASE_U except the last of the loop.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
(backport commit of libgcrypt master:
78130828e9a140a9de4dafadbc844dbb64cb709a)
|
| |
|
|
|
|
|
|
|
|
|
| |
* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.
--
(backport of libgcrypt master commit:
719468e53133d3bdf12156c5bfdea2bf15f9f6f1)
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
[__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC.
--
This is a backport of libgcrypt 8aa4f2161 and 3b1cc9e6c.
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 3182
|
| |
|
|
|
| |
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 3243
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (proc_parameter_file): Fix secmem leak.
--
proc_parameter_file adds certain parameters to the list in the PARA
argument; however, these new entries are leaked because they
are added to head, while the PARA list is released by the caller
of proc_parameter_file.
GnuPG-bug-id: 1371
Signed-off-by: Ineiev <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/build-packet.c (do_user_id): Avoid indeterminate length header.
--
We are able to import such user ids but when exporting them the
exported data could not be imported again because the parser bails out
on invalid keyrings. This is now fixed and should be backported.
Note that in 1.4 and 2.0 this is only an issue for attribute packets.
In 2.1 user IDs were also affected.a
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
Correctly set TAR when --tar is specified. Pass TAR_ARGS to tar.
(cherry-picked by dkg from master branch's
84ebf15b06e435453b2f58775f97a3a1c61a7e55)
--
Signed-off-by: Neal H. Walfield <[email protected]>
Co-authored-by: Michael Mönch <[email protected]>
GnuPG-bug-id 1351
GnuPG-bug-id 1442
|
| |
|
|
|
|
| |
--
Minor change: Re-insert the old copyright year 2004. - wk
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
| |
* g10/gpg.c (opts): Add dummy option.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
* Makefile.am (distcheck-hook): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/random.c (mix_pool): Store the first hash at the end of the
pool.
--
This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG.
An attacker who obtains 580 bytes of the random number from the
standard RNG can trivially predict the next 20 bytes of output.
This bug does not affect the default generation of
keys because running gpg for key creation creates at most 2 keys from
the pool: For a single 4096 bit RSA key 512 byte of random are
required and thus for the second key (encryption subkey), 20 bytes
could be predicted from the the first key. However, the security of
an OpenPGP key depends on the primary key (which was generated first)
and thus the 20 predictable bytes should not be a problem. For the
default key length of 2048 bit nothing will be predictable.
For the former default of DSA+Elgamal key it is complicate to give an
answer: For 2048 bit keys a pool of 30 non-secret candidate primes of
about 300 bits each are first created. This reads at least 1140 bytes
from the pool and thus parts could be predicted. At some point a 256
bit secret is read from the pool; which in the worst case might be
partly predictable.
The bug was found and reported by Felix Dörre and Vladimir Klebanov,
Karlsruhe Institute of Technology. A paper describing the problem in
detail will shortly be published.
CVE-id: CVE-2016-6313
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version
--
The version of GnuPG in use is not particularly helpful. It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.
Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.
It's probably better to take the more parsimonious approach to
metadata production by default.
(backport of master commit c9387e41db7520d176edd3d6613b85875bdeb32c)
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
"allow to" with clearer text
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
| |
* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
util/regcomp.c, util/regex_internal.c: correct the spelling of
"occured" to "occurred"
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.
--
(backport of master
commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
This amends db246f8b which accidentally included the compiled
translation files.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status. Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.
--
(backport of master
commit e32c575e0f3704e7563048eea6d26844bdfc494b)
It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings. In such a use case, it is possible that
the key validation itself is skipped.
For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_keysize): It's 768 only for DSA.
--
GnuPG-bug-id: 2238
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (main): Call set_packet_list_mode after assignment of
opt.list_packets.
* g10/mainproc.c (do_proc_packets): Don't stop processing with
--list-packets as the comment says.
* g10/options.h (list_packets): Fix the comment.
* g10/parse-packet.c: Fix the condition for opt.list_packets.
--
(backport from 2.0 commit 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b
which is backport of master
commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a)
Debian-bug-id: 828109
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tdbio.c (create_version_record): Call create_hashtable to always
make hashtable, together with the version record.
(get_trusthashrec): Remove call to create_hashtable.
--
GnuPG-bug-id: 1675
Thanks to Scott Moser to reproducible script and patience.
Signed-off-by: NIIBE Yutaka <[email protected]>
(backport from master
commit 35a3ce2acf78a95fecbccfd8db0560cca24232df)
|
| |
|
|
|
|
|
|
|
|
|
| |
--
GnuPG-bug-id: 1394
Note that --try-secret-key was already removed with commit
2889a70c102271a1b6ff529bafb6748c4e773014
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
--
GnuPG-bug-id: 2239
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check
the directory and create it if none before calling take_write_lock.
--
Thanks to Marc Deslauriers for the bug report and his patch.
GnuPG-bug-id: 2246
Signed-off-by: NIIBE Yutaka <[email protected]>
(backport from master
commit 2f3e42047d17313eeb38d354048f343158402a8d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
* cipher/blowfish.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
* cipher/camellia.c (CAMELLIA_RR8): Ditto.
* cipher/cast5.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
(do_cast_setkey): Ditto.
* cipher/twofish.c (INPACK): Ditto.
* util/iobuf.c (block_filter): Ditto.
--
For cipher/des.c
Reported-by: Balint Reczey <[email protected]>
See commit 57af33d9e7c9b20b413b96882e670e75a67a5e65 for details.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* include/iobuf.h (struct iobuf_struct): Remove DESC.
* util/iobuf.c (iobuf_desc): New.
(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
(file_filter, sock_filter, block_filter): Fill the description.
* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
g10/progress.c, g10/textfilter.c: Likewise.
--
Newer GCC warns against possible alignment difference of pointers.
This change can silence those warnings.
Signed-off-by: NIIBE Yutaka <[email protected]>
(backported from 2.1 commit 3f52c7da3940ec06572270d511000dc7fe9c27d2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
(start_gatherer): Detect misbehaving sysconf.
--
See
GnuPG-bug-id: 1778
for the reason of this patch. There is no concrete bug report but this
chnage should not harm.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* Makefile.am: Use -e for testing .git.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
(backport commit of 96237b9a63a50aed1884cb06f84279b977d6a8fa)
|
| | |
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
| |
* g10/tdbio.c (ftruncate): Do not define if already defined.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
