aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 1.4.17gnupg-1.4.17Werner Koch2014-06-234-21/+53
|
* po: Auto-updateWerner Koch2014-06-2329-1/+350
| | | | --
* doc: Update from master.Werner Koch2014-06-232-103/+330
|
* Fix syntax error introduced with 60bd6488Werner Koch2014-06-231-3/+4
| | | | * g10/apdu.c (pcsc_dword_t): Fix syntax error.
* Screen keyserver responses.Stefan Tomanek2014-06-233-39/+116
| | | | | | | | | | | | | | | | | | | | | | * g10/main.h: Typedef import_filter for filter callbacks. * g10/import.c (import): Add filter callbacks to param list. (import_one): Ditto. (import_secret_one): Ditto. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_retrieval_filter): New. (keyserver_spawn): Pass filter to import_keys_stream() -- These changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. Signed-off-by: Stefan Tomanek <[email protected]> Re-indention and minor changes by wk.
* Print hash algorithm in sig recordsWerner Koch2014-06-231-6/+2
| | | | | | | | | | | * g10/keylist.c (list_keyblock_colon): Print field 16. -- We have this info already in gnupg-2 and it is easy to add it to 1.4. Debian-bug-id: 672658 Patch written and tested by Daniel Leidert. See above.
* Remove useless diagnostic in MDC verification.Werner Koch2014-06-231-6/+4
| | | | | | | | | * g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC packet header and a bad MDC. -- The separate diagnostic was introduced for debugging a problems. For explaining an MDC error a single error message is easier to understand.
* w32: Fix typo in README.W32.Werner Koch2014-06-231-2/+3
| | | | | -- GnuPG-bug-id: 1488
* intl: Fix for uClibc.Werner Koch2014-06-231-2/+3
| | | | | | | | | | * intl/localename.c (gl_locale_name_thread_unsafe): Take care of uCLIBC. -- Patch provided by "vriera". GnuPG-bug-id: 1642
* PC/SC cleanup.Werner Koch2014-06-231-43/+56
| | | | | | | | | | | | | * g10/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word) when a word was 16-bit. (struct reader_table_s): Fixes for types. (struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1). Throughout: Fixes for types. -- GnuPG-bug-id: 1358 This is a backport of commit ae22d629b6028aa994ff09f012e1cb029575eeae.
* gpg: Use more specific reason codes for INV_RECP.Werner Koch2014-06-232-6/+16
| | | | | | | | | | * g10/pkclist.c (build_pk_list): Use more specific reasons codes for INV_RECP. -- GnuPG-bug-id: 1650 Note that this patch is a bit more limited than the one in 2.1.
* doc: Remove outdated Russian man page.Werner Koch2014-06-233-3085/+3
| | | | | | | | | | | | | * configure.ac (DOCBOOK_TO_MAN): Remove. * doc/gpg.ru.sgml: Remove. * doc/Makefile.am: Remove all gpg.ru related code. -- The man page is outdated and we do not use docbook for a long time now. If someone wants to revive such a man page, it would be best to translate the respective parts of the GnuPG manual in git master. GnuPG-bug-id: 1652
* gpg: Avoid infinite loop in uncompressing garbled packets.Werner Koch2014-06-201-9/+12
| | | | | | | | | | | | | | | * g10/compress.c (do_uncompress): Limit the number of extra FF bytes. -- A packet like (a3 01 5b ff) leads to an infinite loop. Using --max-output won't help if it is a partial packet. This patch actually fixes a regression introduced on 1999-05-31 (c34c6769). Actually it would be sufficient to stuff just one extra 0xff byte. Given that this problem popped up only after 15 years, I feel safer to allow for a very few FF bytes. Thanks to Olivier Levillain and Florian Maury for their detailed report.
* gpg: Need to init the trustdb for import.Werner Koch2014-03-061-0/+1
| | | | | | | | | | * g10/trustdb.c (clear_ownertrusts): Init trustdb. -- This is actually a hack to fix a bug introduced with commit 2528178. Debian uses it and thus we should do too. GnuPG-bug-id: 1622
* Support building using the latest mingw-w64 toolchain.Werner Koch2014-01-231-1/+1
| | | | | | | | | | | | | | * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection. -- From: Stephen Kitt <[email protected]> All MinGW targets require underscores when linking. This patch fixes acinclude.m4 and the resulting configure so they don't limit the use of underscores to the old mingw32msvc targets. Debian-bug-id: 730271 Signed-off-by: Werner Koch <[email protected]>
* Post release version number bump.Werner Koch2013-12-132-1/+4
| | | | --
* Release 1.4.16gnupg-1.4.16Werner Koch2013-12-132-4/+4
|
* Change --show-session-key to print the session key earlier.Werner Koch2013-12-112-10/+11
| | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Move show_session_key code to ... * g10/decrypt-data.c (decrypt_data): here. -- This feature can be used to return the session key for just a part of a file. For example to downloading just the first 32k of a huge file, decrypting that incomplete part and while ignoring all the errors break out the session key. The session key may then be used on the server to decrypt the entire file without the need to have the private key on the server. This is the same feature as commit 101a54add351ff62793cbfbf3877787c4791f833 for 2.1 and commit 3ae90ff28c500967cb90b1176299d2ca01ef450f for 2.0. GnuPG-bug-id: 1389 Signed-off-by: Werner Koch <[email protected]>
* Update config.{guess,sub} and some copyright notices.Werner Koch2013-12-107-125/+186
| | | | | | | * scripts/config.guess, scripts/config.sub: Update to version 2013-11-29. Signed-off-by: Werner Koch <[email protected]>
* Prepare for newer automakes which default to parallel tests.Werner Koch2013-12-051-0/+29
| | | | | | | | | | * checks/Makefile.am: Add a list of test dependencies. -- We want to keep the tests in a specific order because that helps to compare tests and some tests rely on others anyway. Signed-off-by: Werner Koch <[email protected]>
* Normalize the MPIs used as input to secret key functions.Werner Koch2013-12-033-6/+25
| | | | | | | | | | | | | | | | | | | * cipher/rsa.c (secret): Normalize the INPUT. (rsa_decrypt): Pass reduced data to secret. * cipher/elgamal.c (decrypt): Normalize A and B. * cipher/dsa.c (sign): Normalize HASH. -- mpi_normalize is in general not required because extra leading zeroes do not harm the computation. However, adding extra all zero limbs or padding with multiples of N may be useful in side-channel attacks. In particular they are used by the acoustic crypt-analysis. This is an extra pre-caution which alone would not be sufficient to mitigate the described attack. CVE-id: CVE-2013-4576 Signed-off-by: Werner Koch <[email protected]>
* Use blinding for the RSA secret operation.Werner Koch2013-12-034-17/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * cipher/random.c (randomize_mpi): New. * g10/gpgv.c (randomize_mpi): New stub. * cipher/rsa.c (USE_BLINDING): Define macro. (secret): Implement blinding. -- GPG 1.x has never used any protection against timing attacks on the RSA secret operation. The rationale for this has been that there was no way to mount a remote timing attack on GnuPG. With the turning up of Acoustic Cryptanalysis (http://cs.tau.ac.il/~tromer/acoustic) this assumption no longer holds true and thus we need to do do something about it. Blinding seems to be a suitable mitigation to the threat of key extraction. It does not help against distinguishing used keys, though. Note that GPG 2.x uses Libgcrypt which does blinding by default. The performance penalty is negligible: Modifying the core pubkey_sign or pubkey_decrypt function to run 100 times in a loop, the entire execution times for signing or decrypting a small message using a 4K RSA key on a Thinkpad X220 are Without blinding: 5.2s (8.9s) With blinding: 5.6s (9.3s) The numbers in parentheses give the values without the recently implemented k-ary exponentiation code. Thus for the next release the user will actually experience faster signing and decryption. A drawback of blinding is that we need random numbers even for decryption (albeit at low quality). Signed-off-by: Werner Koch <[email protected]> CVE-id: CVE-2013-4576
* gpg: Change armor Version header to emit only the major version.Werner Koch2013-11-275-24/+51
| | | | | | | | | | | | | | | | | | * g10/options.h (opt): Rename field no_version to emit_version. * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version to bump up opt.emit_version. * g10/armor.c (armor_filter): Implement different --emit-version values. -- GnuPG-bug-id: 1572 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e951782e937ce290be0d89d83e84b3daea997587) Resolved conflicts: NEWS g10/armor.c g10/gpg.c
* mpi: mpi-pow improvementsWerner Koch2013-10-181-0/+443
| | | | | | | | | | | | | | | | | | | | | | | * mpi/mpi-pow.c (USE_ALGORITHM_SIMPLE_EXPONENTIATION): New. (mul_mod) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New. (mpi_powm) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New implementation of left-to-right k-ary exponentiation. -- This is a backport from Libgcrypt commit 45aa6131e93fac89d46733b3436d960f35fb99b2 Signed-off-by: NIIBE Yutaka <[email protected]> For the Yarom/Falkner flush+reload cache side-channel attack, we changed the code so that it always calls the multiplication routine (even if we can skip it to get result). This results some performance regression. This change is for recovering performance with efficient algorithm. Signed-off-by: Werner Koch <[email protected]>
* Print the keyid for key packets with --list-packets.Werner Koch2013-10-181-1/+11
| | | | | | | | | | * g10/parse-packet.c (parse_key): Add keyid printing. -- This is backport from GnuPG-2. Note that the --list-packets command is for debugging only and not part iof the stable API. Signed-off-by: Werner Koch <[email protected]>
* mpi: Fix syntax error for mips64 and gcc < 4.4Werner Koch2013-10-111-1/+1
| | | | | | | * mpi/longlong.h [__mips && gcc < 4.4]: Fix cpp syntax error. -- GnuPG-bug-id: 1465
* gpg: Do not require a trustdb with --always-trust.Werner Koch2013-10-115-93/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE. * g10/trustdb.c (trustdb_args): Add field no_trustdb. (init_trustdb): Set that field. (revalidation_mark): Take care of a nonexistent trustdb file. (read_trust_options): Ditto. (get_ownertrust): Ditto. (get_min_ownertrust): Ditto. (update_ownertrust): Ditto. (update_min_ownertrust): Ditto. (clear_ownertrusts): Ditto. (cache_disabled_value): Ditto. (check_trustdb_stale): Ditto. (get_validity): Ditto. * g10/gpg.c (main): Do not create a trustdb with most commands for trust-model always. -- This slightly changes the semantics of most commands in that they won't create a trustdb if --trust-model=always is used. It just does not make sense to create a trustdb if there is no need for it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e) Resolved conflicts: g10/gpg.c g10/tdbio.h g10/trustdb.c (indentation fixes)
* Post release updates.Werner Koch2013-10-042-1/+5
| | | | --
* Release 1.4.15gnupg-1.4.15Werner Koch2013-10-041-2/+10
|
* po: Autoupdate due to changed order of strings.Werner Koch2013-10-0429-100/+100
| | | | --
* doc: Update from master.Werner Koch2013-10-043-25/+74
|
* gpg: Print a "not found" message for an unknown key in --key-edit.Werner Koch2013-10-041-0/+4
| | | | | | | | | * g10/keyedit.c (keyedit_menu): Print message. -- GnuPG-bug-id: 1420 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0bf54e60d31389812d05c3fd29bece876204561d)
* gpg: Protect against rogue keyservers sending secret keys.Werner Koch2013-10-043-8/+20
| | | | | | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_NO_SECKEY): New. * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new flag. * g10/import.c (import_secret_one): Deny import if flag is set. -- By modifying a keyserver or a DNS record to send a secret key, an attacker could trick a user into signing using a different key and user id. The trust model should protect against such rogue keys but we better make sure that secret keys are never received from remote sources. Suggested-by: Stefan Tomanek Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe) Resolved conflicts: g10/options.h
* gpg: Allow setting of all zero key flagsDaniel Kahn Gillmor2013-10-041-3/+0
| | | | | | * g10/keygen.c (do_add_key_flags): Do not check for empty key flags. (cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151) (cherry picked from commit dd868acb0d13a9f119c0536777350a6c237a66a1)
* gpg: Distinguish between missing and cleared key flags.Werner Koch2013-10-042-1/+8
| | | | | | | | | | | | | | | | | | | * include/cipher.h (PUBKEY_USAGE_NONE): New. * g10/getkey.c (parse_key_usage): Set new flag. -- We do not want to use the default capabilities (derived from the algorithm) if any key flags are given in a signature. Thus if key flags are used in any way, the default key capabilities are never used. This allows to create a key with key flags set to all zero so it can't be used. This better reflects common sense. (cherry picked from commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf) (cherry picked from commit 0a805ed1604ef3e9b27f3e22a936a2d439300e9f) Resolved conflicts: include/cipher.h
* keyserver: Allow use of cURL's default CA store.Werner Koch2013-10-042-3/+5
| | | | | | | | | | | * keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file has been given. * keyserver/gpgkeys_hkp.c (main): Ditto. -- GnuPG-bug-id: 1542 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e957b9b3f408491f36660499b215aebcf2633a95)
* gpg: Limit the nesting level of I/O filters.Werner Koch2013-10-041-32/+43
| | | | | | | | | | | | * until/iobuf.c (MAX_NESTING_FILTER): New. (iobuf_push_filter2): Limit the nesting level. -- This is a more general fix for the nested compression packet bug. In particular this helps g10/import.c:read_block to stop pushing compression filters onto an iobuf stream. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix bug with deeply nested compressed packets.Werner Koch2013-10-022-9/+46
| | | | | | | | | | * g10/mainproc.c (MAX_NESTING_DEPTH): New. (proc_compressed): Return an error code. (check_nesting): New. (do_proc_packets): Check packet nesting depth. Handle errors from check_compressed. Signed-off-by: Werner Koch <[email protected]>
* Fix bug in mpi_tdiv_q_2exp.Werner Koch2013-09-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | * mpi/mpi-internal.h (MPN_COPY_INCR): Make it work. -- This bug has been with us since the version 0.0.0 of GnuPG. Fortunately it only affects an optimized code path which is rarely used in practice: If the shift size matches the size of a limb (i.e.. 32 or 64); this is is_prime in primegen.c. Over there the Rabin-Miller test may fail with a probability of 2^-31 (that is if the to be tested prime - 1 has the low 32 bits cleared). In practice the probability is even much less because we first do a Fermat test on the randomly generated candidates which sorts out the majority of composite numbers. The bug in MPN_COPY_INCR was found by Sven Bjorn. Signed-off-by: Werner Koch <[email protected]> (back ported from Libgcrypt commit 7f7a5ef59962ae1a819b5060f9b781469bfe27d5)
* mpicalc: Change copyright notice.Werner Koch2013-09-041-2/+5
| | | | | | | | | | -- Except for a minor change by David Shaw, all code has been written by me. After termination of my copyright assignment, I change that notice to reflect the new legal state. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use 2048 as the default keysize in batch mode.Werner Koch2013-08-301-3/+3
| | | | | | | * g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to 2048. Signed-off-by: Werner Koch <[email protected]>
* gpg: No need to create a trustdb when encrypting with --always-trust.Werner Koch2013-08-021-0/+6
| | | | | | | | | * g10/gpg.c (main): Special case setup_trustdb for --encrypt. -- (back ported from commit 498b9a95dc65c43240835d64cc92d8fb43014d53) Signed-off-by: Werner Koch <[email protected]>
* Post release updates.Werner Koch2013-07-252-1/+4
| | | | --
* Release 1.4.14.gnupg-1.4.14Werner Koch2013-07-253-5/+5
|
* Autoupdate a translation.Werner Koch2013-07-251-73/+154
| | | | --
* Update Chinese translation.Jedi Lin2013-07-251-140/+75
|
* Update to modern beta release numbering scheme.Werner Koch2013-07-251-17/+23
| | | | * configure.ac: s/my_/mym4_/. Add new release building code.
* Prepare for a forthcoming new algorithm id.Werner Koch2013-07-252-0/+2
| | | | | | | | | | * include/cipher.h (PUBKEY_ALGO_ECC): New. * g10/keyid.c (pubkey_letter): Add letter 'C'. -- ID 22 will be used for generic ECC, i.e. one which can be used for ECDSA and ECDH. The only support in 1.4 will pretty printing the algorithm id.
* Mitigate a flush+reload cache attack on RSA secret exponents.Werner Koch2013-07-252-3/+21
| | | | | | | | | | | | | | | | | | | | | | | | | * mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents hold in secure memory. -- The attack is described in a paper to be pusblished at eprint.iacr.org: Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be used in a virtualised environment, where it can attack programs executing in a different VM. Signed-off-by: Werner Koch <[email protected]>
* Fix git revision parsing.Werner Koch2013-07-251-2/+2
| | | | | | * configure.ac: Use git rev-parse to retrieve the revision. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 09:16:43 +0000