| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.
* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.
--
This was a regression in 2.2.42. We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42. With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.
GnuPG-bug-id: 6944
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (opt): Remove enable_extended_key_format.
* agent/gpg-agent.c (enum cmd_and_opt_values): Turn
oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy
options.
* agent/protect.c (do_encryption): Remove arg use_ocb and
corresponding code.
(agent_protect): Ditto. Change all callers.
* agent/command.c (cmd_readkey): Do not test for key availability here
but defer that agent_write_shadow_key.
* agent/findkey.c (agent_write_private_key): Simplify due to the
removal of disable-extended-key-format.
(write_extended_private_key): Fold into agent_write_private_key.
Remove the maybe_update arg.
(agent_write_shadow_key): Ditto. Simplify.
--
GnuPG-bug-id: 6386
Backported-from-master: 6d792ae2eb46b3c411d36a87f0d08fbfc1b65cc9
But with large changes to get 2.2 more aligned with master again. This
is not finished; in particular the bug is not fixed; this comes wit
the next patch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/divert-scd.c (linefeed_to_percent0A): New.
(ask_for_card): Add arg grip. Read Token and Label items and use
them.
(divert_pksign, divert_pkdecrypt): Pass down grip.
* agent/findkey.c (write_extended_private_key): Add args serialno,
keyref, and dispserialno. Writen Token item.
(agent_write_private_key): Add args serialno, keyref, and
dispserialno.
(read_key_file): Add arg r_keymeta.
(agent_keymeta_from_file): New.
(agent_write_shadow_key): Remove leading spaces from serialno and keyid.
* agent/protect-tool.c (agent_write_private_key): Ditto.
* agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to
agent_write_shadow_key.
* agent/command-ssh.c (card_key_available): Ditto.
--
GnuPG-bug-id: 6135
This patch backports some changes from master but also adds the
Display-S/N tracking.
|
| |
|
|
|
|
|
|
|
|
| |
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.
--
GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg. Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing. Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constraints flag from the supplied pinentry
struct.
--
Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different. Thus a
the use of a different pattern file will be useful. Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.
GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <[email protected]>
Backported-from-master: 7c45a69eb988e9c0329d75900af0c5b1e47291b7
agent: New option --check-sym-passphrase-pattern.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--
These are taken from these commits:
98c52ae * card: Intialize pointer to avoid double free
fc5fac8 * kbx: Avoid uninitialized read
fa0771f * g10: Avoid memory leaks
25aa353 * dirmgr: Avoid double free
33a2362 * agent: Fix memory leaks
e6132bc * sm: Avoid memory leaks and double double-free
2af7bb2 * g10: Fix memory leaks
0d2c1e9 * dirmgr: clean up memory on error code paths
GnuPG-bug-id: 5393
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
newkey to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
* agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
--
Signed-off-by: Werner Koch <[email protected]>
Backported-from-master: 0da923a1240ac78d60c92cdd8488c4e405c3243b
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.
Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (do_getpin): New.
(agent_askpin): Use do_getpin.
(agent_get_passphrase): Add arg pininfo. Use do_getpin.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--
This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.
Signed-off-by: Werner Koch <[email protected]>
Backported-from-master: eace4bbe1ded8b01f9ad52ebc1871f2fd13c3a08
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.
* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto. Take RESTRICTED into account.
(agent_get_cache): Ditto.
--
If requests are coming from different sources they should not share the
same cache. This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.
GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
* agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
--
Note that in genkey() max_length is set to MAX_PASSPHRASE_LEN + 1
because in agent_askpin() decrements that value before conveying it to
the loopback.
GnuPG-bug-id: 3254
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
* agent/w32main.c: Ditto.
--
For openpty function, we need to include util.h on some OS.
We also have util.h in common/, so this change is needed.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
--
This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/protect.c (agent_protect): Add arg use_ocb. Change all caller
to pass -1 for default.
* agent/protect-tool.c: New option --debug-use-ocb.
(oDebugUseOCB): New.
(opt_debug_use_ocb): New.
(main): Set option.
(read_and_protect): Implement option.
* agent/protect.c (OCB_MODE_SUPPORTED): New macro.
(PROT_DEFAULT_TO_OCB): New macro.
(do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
and timestamp_exp_len. Implement OCB.
(agent_protect): Change to support OCB.
(do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
Implement OCB.
(merge_lists): Allow NULL for sha1hash.
(agent_unprotect): Change to support OCB.
(agent_private_key_type): Remove debug output.
--
Instead of using the old OpenPGP way of appending a hash of the
plaintext and encrypt that along with the plaintext, the new scheme
uses a proper authenticated encryption mode. See keyformat.txt for a
description. Libgcrypt 1.7 is required.
This mode is not yet enabled because there would be no way to return
to an older GnuPG version. To test the new scheme use
gpg-protect-tool:
./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
./gpg-protect-tool -av -P abc -u <prot.key
Any key from the private key storage should work.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len. Process at most LEN bytes.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
(start_pinentry, setup_qualitybar): Likewise.
(agent_askpin): Fix return value check of check_cb.
* agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
(ssh_identity_register): Fix return value check of agent_askpin.
* agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
* agent/findkey.c (try_unprotect_cb): Likewise.
* agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
(agent_ask_new_passphrase): Fix return value check of agent_askpin.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
PI2. Check return value of the malloc function.
* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
for PI2. Wipe PI2.
--
For whatever stupid reasons I once allocated only one memory area and
split that into PI and PI2. This is actually a common pattern with
malloc but here we used a made up object size and do not take the
extra alignment required into account. One of these not yet hit by
a (sig)bus PC/VAX hacker bugs.
Instead of trying to fix the alignment, it is better to use a second
calloc for the second struct.
GnuPG-bug-id: 2112
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (MAX_PASSPHRASE_LEN): Define.
* agent/command-ssh.c (ssh_identity_register): Use it instead of a
hard-coded literal.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
* agent/findkey.c (unprotect): Likewise.
* agent/genkey.c (agent_ask_new_passphrase): Likewise.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
GnuPG-bug-id: 2038
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
pinentry loopback mode.
* agent/genkey.c (check_passphrase_constraints): Immediately return when
pinentry mode is loopback.
--
Fixes endless loop when inquiring a passphrase with
pinentry-mode=loopback that may not satisfy passphrase contraints.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (LunderscorePROTO): New.
* common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
* common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
i18n_localegettext. Expand LunderscorePROTO.
* agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
again to keep the old translations.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
* common/i18n.c (i18n_localegettext): New stub.
* common/i18n.h: Expand the LunderscoreIMPL macro.
* agent/agent.h (L_): New.
(LunderscoreIMPL): New.
* agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
caller.
* agent/findkey.c (try_unprotect_cb): Add local var ctrl.
* agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
by xtrystrdup to avoid gcc warning. Unfortinately this changes the
string.
(agent_ask_new_passphrase): Cleanup the use of initial_errtext.
--
Static strings in gpg-agent need to be translated according to the
locale set by the caller. This is required so that a gpg-agent can be
started in one locale and a gpg can be run in another. If we don't do
this the static strings (prompt, buttons) are not or in the wrong
locale translated while dynamic strings (e.g. key description) uses
the locale of gpg.
This is only the first part of the change the actual local switching
still needs to be implemented.
Debian-bug-id: 788983
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent. Update callers.
* agent/genkey.c (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent. If FAILED_CONSTRAINT
is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if
SILENT was set.
(agent_ask_new_passphrase): Change initial_errtext's type from a const
char * to a char *. Pass it to check_passphrase_constraints. If it
contains malloc's memory, free it.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Based on a patch provided by Watson Yuuma Sato <[email protected]>
in issue 2018.
|
| |
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (agent_askpin): Add args keyinfo and
cache_mode. Change all callers to pass (NULL,0) for them. Send
SETKEYINFO command.
* agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
the new args.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/genkey.c (agent_ask_new_passphrase): Remove useless condition.
* agent/command-ssh.c (ssh_identity_register): Ditto.
--
Detected by Stack 0.3:
bug: anti-simplify
model: |
%tobool22 = icmp ne i8* %arraydecay21, null, !dbg !717
--> true
stack:
- /home/wk/s/gnupg/agent/genkey.c:385:0
ncore: 1
core:
- /home/wk/s/gnupg/agent/genkey.c:362:0
- pointer overflow
bug: anti-simplify
model: |
%tobool35 = icmp ne i8* %arraydecay34, null, !dbg !1053
--> true
stack:
- /home/wk/s/gnupg/agent/command-ssh.c:3120:0
ncore: 1
core:
- /home/wk/s/gnupg/agent/command-ssh.c:3103:0
- pointer overflow
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and
with_repeat.
* agent/call-pinentry.c (close_button_status_cb): Rewrite and check
for PIN_REPEAT. Change users to check only the relevant bit.
(agent_askpin): Support repeat logic of new Pinentries.
* agent/command-ssh.c (ssh_identity_register): Use the new repeat
feature.
* agent/genkey.c (agent_ask_new_passphrase): Ditto.
--
If we need to confirm a passphrase entry (e.g. for new passphrase) we
set a flag into the pinentry info block. The we try to use the new
pinentry command SETREPEATERROR; if that fails, we continue as usual.
If that succeeds we ask the pinentry to show the repeat (confirmation)
prompt and on successful return we set another flag in the pinentry
info block so that the caller can skip its own confirmation check. A
new status line from the pinentry indicates that the feature is
actually supported (it may not be supported on certain systems for
example when using the ncurses backend).
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
| |
* agent/genkey.c (check_passphrase_constraints): Build a final warning
after all checks.
|
| |
|
|
|
| |
* agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
check to the front.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/genkey.c: s/to to/to/
* sm/*.c: s/failed to allocated/failed to allocate/
* sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/
* g10/seskey.c: missing closing parenthesis
* dirmngr/crlcache.c: s/may has/may have/
Consistency fix:
* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
* dirmngr/dirmngr_ldap: no period in Syntax
* dirmngr/dirmngr-client.c: infinitive for option description:
s/certificates are expected/expect certificates/
|
| |
|
|
|
| |
When the inquired passphrase has a 0 length then treat it as no
protection.
|
| | |
|
| |
|
|
|
|
| |
When this mode is set an inquire will be sent to the client to retrieve
the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the
GENKEY and PASSWD commands use when generating a new key.
|
| | |
|
| |
|
|
| |
When unset or 0, the calibrated count will be used.
|
| |
|
|
|
| |
This option may be used to change the default ttl values use with the
--preset option of GENKEY and PASSWD.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
A couple of forward ported changes.
Doc updates.
|
| | |
|
| |
|
|
|
| |
Prepare for more use cases of the cache nonce.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
A few code changes to support dirmngr.
|
