aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Make the use of "--verify FILE" for detached sigs harder.Werner Koch2014-11-145-48/+130
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch <[email protected]> (backported from commit 69384568f66a48eff3968bb1714aa13925580e9f) Updated doc/gpg.texi.
* gpg: Add import option "keep-ownertrust".Werner Koch2014-11-123-2/+23
| | | | | | | | | | | | | | * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -- This option is in particular useful to convert from a pubring.gpg to the new pubring.kbx in GnuPG 2.1 or vice versa: gpg1 --export | gpg2 --import-options keep-ownertrust --import (cherry-picked from commit da95d0d37841b34e2f3d7047f14ab4d98a7c0c56)
* doc: Minor fixWerner Koch2014-10-031-1/+1
| | | | | | -- Thanks to dkg for the reminder.
* mpi: Fix compiler warning.Werner Koch2014-10-031-2/+2
| | | | * mpi/mpi-inv.c (mpi_invm): Do not return a value.
* gpg: Add build and runtime support for larger RSA keysDaniel Kahn Gillmor2014-10-035-3/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
* doc: Cleanup gpg.texi.Werner Koch2014-09-292-326/+14
| | | | | | -- We don't need the gpgone and gpgtwoone macros anymore.
* doc: Final update from master (gnupg 2.1)Werner Koch2014-09-293-44/+218
| | | | | | | | | | | | * doc/Makefile.am (sources_from_trunk): Remove. (update-source): Make it a dummy. * doc/gpg.texi: Update. * doc/yat2m.c: Update. -- Maintaining 3 versions in of the gpg manual in one file is getting more complicated with 2.1. Thus we stop this now and keep the manual for 1.4 separate.
* Allow use of --debug-level=LEVEL without '='.Werner Koch2014-09-292-1/+3
| | | | * g10/gpg.c (opts): Fix "debug-level".
* mpi: Improve mpi_invm to detect bad input.Werner Koch2014-09-111-0/+5
| | | | | | | | | | * mpi/mpi-inv.c (mpi_invm): Return 0 for bad input. -- Without this patch the function may enter an endless loop. This is a backport from libgcrypt. GnuPG-bug-id: 1713
* mpi: Suppress set-but-unused-variables warnings.Werner Koch2014-08-203-3/+13
| | | | | | | | | | | | * include/types.h (GNUPG_GCC_ATTR_UNUSED): Define for gcc >= 3.5. * mpi/mpih-div.c (mpihelp_divmod_1, mpihelp_mod_1): Mark dummy as unused. * mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused. -- Due to the use of macros and longlong.h, we use variables which are only used by some architectures. At least gcc 4.7.2 prints new warnings about set but not used variables. This patch silences them.
* Fix strict-alias warnings for rijndael.cWerner Koch2014-08-201-19/+19
| | | | | | | * cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t cast. -- This extends commit 0ad1458f827c7602ef7f1a4652af05641fd02b62
* gpg: Allow compressed data with algorithm 0.Werner Koch2014-08-201-4/+1
| | | | | | | | | | * g10/mainproc.c (proc_compressed): Remove superfluous check for an algorithm number of 0. -- (backport from commit 88633bf3d417aeb5ea0f75508aba8e32adc8acef) GnuPG-bug-id: 1326, 1684
* gpg: Fix regression due to the keyserver import filter.Werner Koch2014-08-063-42/+58
| | | | | | | | | | | | | * g10/keyserver.c (keyserver_retrieval_filter): Change args. Rewrite to take subpakets in account. * g10/import.c (import_one, import_secret_one): Pass keyblock to filter. -- GnuPG-bug-id: 1680 Resolved conflicts: g10/main.h - s/import_filter/import_filter_t/g
* Add kbnode_t for easier backporting.Werner Koch2014-08-061-0/+1
| | | | * g10/global.h (kbnode_t): New.
* Post release updatesWerner Koch2014-06-303-2/+6
| | | | --
* Release 1.4.18gnupg-1.4.18Werner Koch2014-06-301-1/+7
|
* Limit keysize for unattended key generation to useful values.Werner Koch2014-06-301-2/+10
| | | | | | | | | | | | * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. (gen_rsa): Enforce keysize 1024 to 4096. (gen_dsa): Enforce keysize 768 to 3072. -- It was possible to create 16k RSA keys in batch mode. In addition to the silliness of such keys, they have the major drawback that GnuPG, with its limited amount of specially secured memory areas, the use of such keys may lead to an "out of secure memory" condition.
* Make screening of keyserver result work with multi-key commands.Werner Koch2014-06-301-23/+45
| | | | | | | | | | | | | | * g10/keyserver.c (ks_retrieval_filter_arg_s): new. (keyserver_retrieval_filter): Use new struct and check all descriptions. (keyserver_spawn): Pass filter arg suing the new struct. -- This is a fix for commit 52303043. The old code did only work for a single key. It failed as soon as several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A B C").
* Add CVE numberWerner Koch2014-06-301-1/+1
| | | | --
* Post release changes.Werner Koch2014-06-233-2/+6
| | | | --
* Release 1.4.17gnupg-1.4.17Werner Koch2014-06-234-21/+53
|
* po: Auto-updateWerner Koch2014-06-2329-1/+350
| | | | --
* doc: Update from master.Werner Koch2014-06-232-103/+330
|
* Fix syntax error introduced with 60bd6488Werner Koch2014-06-231-3/+4
| | | | * g10/apdu.c (pcsc_dword_t): Fix syntax error.
* Screen keyserver responses.Stefan Tomanek2014-06-233-39/+116
| | | | | | | | | | | | | | | | | | | | | | * g10/main.h: Typedef import_filter for filter callbacks. * g10/import.c (import): Add filter callbacks to param list. (import_one): Ditto. (import_secret_one): Ditto. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_retrieval_filter): New. (keyserver_spawn): Pass filter to import_keys_stream() -- These changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. Signed-off-by: Stefan Tomanek <[email protected]> Re-indention and minor changes by wk.
* Print hash algorithm in sig recordsWerner Koch2014-06-231-6/+2
| | | | | | | | | | | * g10/keylist.c (list_keyblock_colon): Print field 16. -- We have this info already in gnupg-2 and it is easy to add it to 1.4. Debian-bug-id: 672658 Patch written and tested by Daniel Leidert. See above.
* Remove useless diagnostic in MDC verification.Werner Koch2014-06-231-6/+4
| | | | | | | | | * g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC packet header and a bad MDC. -- The separate diagnostic was introduced for debugging a problems. For explaining an MDC error a single error message is easier to understand.
* w32: Fix typo in README.W32.Werner Koch2014-06-231-2/+3
| | | | | -- GnuPG-bug-id: 1488
* intl: Fix for uClibc.Werner Koch2014-06-231-2/+3
| | | | | | | | | | * intl/localename.c (gl_locale_name_thread_unsafe): Take care of uCLIBC. -- Patch provided by "vriera". GnuPG-bug-id: 1642
* PC/SC cleanup.Werner Koch2014-06-231-43/+56
| | | | | | | | | | | | | * g10/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word) when a word was 16-bit. (struct reader_table_s): Fixes for types. (struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1). Throughout: Fixes for types. -- GnuPG-bug-id: 1358 This is a backport of commit ae22d629b6028aa994ff09f012e1cb029575eeae.
* gpg: Use more specific reason codes for INV_RECP.Werner Koch2014-06-232-6/+16
| | | | | | | | | | * g10/pkclist.c (build_pk_list): Use more specific reasons codes for INV_RECP. -- GnuPG-bug-id: 1650 Note that this patch is a bit more limited than the one in 2.1.
* doc: Remove outdated Russian man page.Werner Koch2014-06-233-3085/+3
| | | | | | | | | | | | | * configure.ac (DOCBOOK_TO_MAN): Remove. * doc/gpg.ru.sgml: Remove. * doc/Makefile.am: Remove all gpg.ru related code. -- The man page is outdated and we do not use docbook for a long time now. If someone wants to revive such a man page, it would be best to translate the respective parts of the GnuPG manual in git master. GnuPG-bug-id: 1652
* gpg: Avoid infinite loop in uncompressing garbled packets.Werner Koch2014-06-201-9/+12
| | | | | | | | | | | | | | | * g10/compress.c (do_uncompress): Limit the number of extra FF bytes. -- A packet like (a3 01 5b ff) leads to an infinite loop. Using --max-output won't help if it is a partial packet. This patch actually fixes a regression introduced on 1999-05-31 (c34c6769). Actually it would be sufficient to stuff just one extra 0xff byte. Given that this problem popped up only after 15 years, I feel safer to allow for a very few FF bytes. Thanks to Olivier Levillain and Florian Maury for their detailed report.
* gpg: Need to init the trustdb for import.Werner Koch2014-03-061-0/+1
| | | | | | | | | | * g10/trustdb.c (clear_ownertrusts): Init trustdb. -- This is actually a hack to fix a bug introduced with commit 2528178. Debian uses it and thus we should do too. GnuPG-bug-id: 1622
* Support building using the latest mingw-w64 toolchain.Werner Koch2014-01-231-1/+1
| | | | | | | | | | | | | | * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection. -- From: Stephen Kitt <[email protected]> All MinGW targets require underscores when linking. This patch fixes acinclude.m4 and the resulting configure so they don't limit the use of underscores to the old mingw32msvc targets. Debian-bug-id: 730271 Signed-off-by: Werner Koch <[email protected]>
* Post release version number bump.Werner Koch2013-12-132-1/+4
| | | | --
* Release 1.4.16gnupg-1.4.16Werner Koch2013-12-132-4/+4
|
* Change --show-session-key to print the session key earlier.Werner Koch2013-12-112-10/+11
| | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Move show_session_key code to ... * g10/decrypt-data.c (decrypt_data): here. -- This feature can be used to return the session key for just a part of a file. For example to downloading just the first 32k of a huge file, decrypting that incomplete part and while ignoring all the errors break out the session key. The session key may then be used on the server to decrypt the entire file without the need to have the private key on the server. This is the same feature as commit 101a54add351ff62793cbfbf3877787c4791f833 for 2.1 and commit 3ae90ff28c500967cb90b1176299d2ca01ef450f for 2.0. GnuPG-bug-id: 1389 Signed-off-by: Werner Koch <[email protected]>
* Update config.{guess,sub} and some copyright notices.Werner Koch2013-12-107-125/+186
| | | | | | | * scripts/config.guess, scripts/config.sub: Update to version 2013-11-29. Signed-off-by: Werner Koch <[email protected]>
* Prepare for newer automakes which default to parallel tests.Werner Koch2013-12-051-0/+29
| | | | | | | | | | * checks/Makefile.am: Add a list of test dependencies. -- We want to keep the tests in a specific order because that helps to compare tests and some tests rely on others anyway. Signed-off-by: Werner Koch <[email protected]>
* Normalize the MPIs used as input to secret key functions.Werner Koch2013-12-033-6/+25
| | | | | | | | | | | | | | | | | | | * cipher/rsa.c (secret): Normalize the INPUT. (rsa_decrypt): Pass reduced data to secret. * cipher/elgamal.c (decrypt): Normalize A and B. * cipher/dsa.c (sign): Normalize HASH. -- mpi_normalize is in general not required because extra leading zeroes do not harm the computation. However, adding extra all zero limbs or padding with multiples of N may be useful in side-channel attacks. In particular they are used by the acoustic crypt-analysis. This is an extra pre-caution which alone would not be sufficient to mitigate the described attack. CVE-id: CVE-2013-4576 Signed-off-by: Werner Koch <[email protected]>
* Use blinding for the RSA secret operation.Werner Koch2013-12-034-17/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * cipher/random.c (randomize_mpi): New. * g10/gpgv.c (randomize_mpi): New stub. * cipher/rsa.c (USE_BLINDING): Define macro. (secret): Implement blinding. -- GPG 1.x has never used any protection against timing attacks on the RSA secret operation. The rationale for this has been that there was no way to mount a remote timing attack on GnuPG. With the turning up of Acoustic Cryptanalysis (http://cs.tau.ac.il/~tromer/acoustic) this assumption no longer holds true and thus we need to do do something about it. Blinding seems to be a suitable mitigation to the threat of key extraction. It does not help against distinguishing used keys, though. Note that GPG 2.x uses Libgcrypt which does blinding by default. The performance penalty is negligible: Modifying the core pubkey_sign or pubkey_decrypt function to run 100 times in a loop, the entire execution times for signing or decrypting a small message using a 4K RSA key on a Thinkpad X220 are Without blinding: 5.2s (8.9s) With blinding: 5.6s (9.3s) The numbers in parentheses give the values without the recently implemented k-ary exponentiation code. Thus for the next release the user will actually experience faster signing and decryption. A drawback of blinding is that we need random numbers even for decryption (albeit at low quality). Signed-off-by: Werner Koch <[email protected]> CVE-id: CVE-2013-4576
* gpg: Change armor Version header to emit only the major version.Werner Koch2013-11-275-24/+51
| | | | | | | | | | | | | | | | | | * g10/options.h (opt): Rename field no_version to emit_version. * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version to bump up opt.emit_version. * g10/armor.c (armor_filter): Implement different --emit-version values. -- GnuPG-bug-id: 1572 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e951782e937ce290be0d89d83e84b3daea997587) Resolved conflicts: NEWS g10/armor.c g10/gpg.c
* mpi: mpi-pow improvementsWerner Koch2013-10-181-0/+443
| | | | | | | | | | | | | | | | | | | | | | | * mpi/mpi-pow.c (USE_ALGORITHM_SIMPLE_EXPONENTIATION): New. (mul_mod) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New. (mpi_powm) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New implementation of left-to-right k-ary exponentiation. -- This is a backport from Libgcrypt commit 45aa6131e93fac89d46733b3436d960f35fb99b2 Signed-off-by: NIIBE Yutaka <[email protected]> For the Yarom/Falkner flush+reload cache side-channel attack, we changed the code so that it always calls the multiplication routine (even if we can skip it to get result). This results some performance regression. This change is for recovering performance with efficient algorithm. Signed-off-by: Werner Koch <[email protected]>
* Print the keyid for key packets with --list-packets.Werner Koch2013-10-181-1/+11
| | | | | | | | | | * g10/parse-packet.c (parse_key): Add keyid printing. -- This is backport from GnuPG-2. Note that the --list-packets command is for debugging only and not part iof the stable API. Signed-off-by: Werner Koch <[email protected]>
* mpi: Fix syntax error for mips64 and gcc < 4.4Werner Koch2013-10-111-1/+1
| | | | | | | * mpi/longlong.h [__mips && gcc < 4.4]: Fix cpp syntax error. -- GnuPG-bug-id: 1465
* gpg: Do not require a trustdb with --always-trust.Werner Koch2013-10-115-93/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE. * g10/trustdb.c (trustdb_args): Add field no_trustdb. (init_trustdb): Set that field. (revalidation_mark): Take care of a nonexistent trustdb file. (read_trust_options): Ditto. (get_ownertrust): Ditto. (get_min_ownertrust): Ditto. (update_ownertrust): Ditto. (update_min_ownertrust): Ditto. (clear_ownertrusts): Ditto. (cache_disabled_value): Ditto. (check_trustdb_stale): Ditto. (get_validity): Ditto. * g10/gpg.c (main): Do not create a trustdb with most commands for trust-model always. -- This slightly changes the semantics of most commands in that they won't create a trustdb if --trust-model=always is used. It just does not make sense to create a trustdb if there is no need for it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e) Resolved conflicts: g10/gpg.c g10/tdbio.h g10/trustdb.c (indentation fixes)
* Post release updates.Werner Koch2013-10-042-1/+5
| | | | --
* Release 1.4.15gnupg-1.4.15Werner Koch2013-10-041-2/+10
|
* po: Autoupdate due to changed order of strings.Werner Koch2013-10-0429-100/+100
| | | | --