| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* common/session-env.c (stdenvnames): Add field "disabled".
(INITIAL_ARRAYSIZE): Increase size a bit.
(session_env_mod_stdenvnames): New.
(session_env_list_stdenvnames): Handle the disabled flag.
* agent/gpg-agent.c (oChangeStdEnvName): New.
(opts): Add --change-std-env-name.
(main): Implement option.
--
GnuPG-bug-id: 7522
|
|
* agent/command-ssh.c (ssh_send_available_keys): Adjust key counter
for skipped keys.
--
Fixes-commit: 8b8a8b246c443d5631a88ec59b88edf00aa0ff51
which introduced a regression due to an extra variable for counting
the keys.
The bug showed up for example if a card with a Brainpool Auth key was
also used. Unfortunately OpenSSH still does not allow for Brainpool
keys.
|
|
* agent/findkey.c (read_key_file): Free BUF.
--
Fixes-commit: 434a641d40cbff82beb9f485e0adca72419bfdf2
Signed-off-by: Sorah Fukumori <[email protected]>
|
|
* agent/gpg-agent.c (opts): Rename option supervised.
* dirmngr/dirmngr.c (opts): Ditto.
--
The --supervised way to start gpg-agent has been deprecated for 2.5
years and will probably entirely removed with version 2.6.0. To allow
its use until its removal the systemd service description need to be
adjusted to use this option. The reason for the deprecation are
conflicts with the way systemd starts gpg-agent and gpg expects how
gpg-agent is started. In particular gpg expects that the gpg-agent
matching its own version is started. Further the systemd way is not
portable to other platforms and long term experience on Windows has
show that the standard way of starting gpg-agent is less error prone.
Note to those who want to re-introduse this option: Pretty please do
not use socket names conflicting with our standard socket names. For
example use /run/user/1000/foo-gnupg/S.gpg-agent.
|
|
* agent/call-scd.c (agent_card_pkdecrypt): Remove unused variables.
--
Fixes-commit: fe147645d2397dd77b646a253965c5994f360f26
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-scd.c (prepare_setdata): New.
(agent_card_pksign): Use prepare_setdata for SETDATA.
(agent_card_pkdecrypt): Likewise.
--
GnuPG-bug-id: 7436
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/trustlist.c (istrusted_internal): When LISTMODE is enabled,
TRUSTLISTFPR status output should be done.
--
GnuPG-bug-id: 7363
Signed-off-by: NIIBE Yutaka <[email protected]>
Fixes-commit: 4275d5fa7a51731544d243ba16628a9958ffe3ce
|
|
* agent/call-daemon.c (wait_child_thread): Call assuan_release for
PRIMARY_CTX when it's kept for reuse.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/trustlist.c (istrusted_internal): Add arg listmode and print
new status line in this mode. Adjust callers.
(agent_listtrusted): Add new args ctrl and status_mode. Get all
trusted keys and then call is_trusted_internal for all of them.
* agent/command.c (cmd_listtrusted): Add new option --status.
--
This allows in a non-restricted connection to list all trusted keys in
one go.
|
|
* agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.
|
|
* agent/findkey.c (unprotect): Print a diagnostic if unprotection
failed.
--
GnuPG-bug-id: 6375
|
|
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--
Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f
GnuPG-bug-Id: 5079
|
|
* agent/command.c (cmd_keytocard): Copy LINE.
--
GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
|
|
* agent/command-ssh.c (ssh_send_available_keys): Close file and
directory on error paths.
--
GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <[email protected]>
|
|
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Free memory on
errors.
--
GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <[email protected]>
|
|
* agent/gpg-agent.c (handle_connections): It's for POSIX.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/app.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
tpm2d/tpm2daemon.c (handle_connections): Ditto.
* tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH.
(do_inbound_pipe): Use GNUPG_PIPE_INBOUND.
(do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND.
* common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound.
(_gpg_decrypt): Likewise.
* common/exechelp-posix.c (gnupg_create_pipe): Add an argument.
* common/exechelp-w32.c (create_pipe_and_estream): Care about
how PIPE handles are inherited to child process.
(gnupg_create_pipe): Add an argument.
* common/exechelp.h: Add enum values.
--
Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-scd.c (agent_card_devinfo): Check if client connects
by a socket.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (main): Let it have defined value.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (daemon_start): Add REQ_SOCK argument.
* agent/call-daemon.c (daemon_start): Support specifying a socket
connection.
* agent/call-scd.c (start_scd): Connection don't care.
* agent/call-tpm2d.c (start_tpm2d): Likewise.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-daemon.c (struct daemon_local_s): Remove G field.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.
--
When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-scd.c (handle_pincache_put): Use log_debug only in cache
debug mode.
|
|
--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
|
|
* common/exechelp-posix.c (call_spawn_cb): Remove.
(gnupg_spawn_actions_new, gnupg_spawn_actions_release)
(gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork)
(gnupg_spawn_actions_set_redirect)
(gnupg_spawn_actions_set_inherit_fds): New.
(my_exec, spawn_detached): Use spawn actions.
(gnupg_spawn_helper): Remove.
(gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions.
* common/exechelp-w32.c: Ditto.
* common/exechelp.h: Ditto.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change of
gnupg_process_spawn API.
* common/asshelp.c (start_new_service): Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* common/t-exechelp.c (test_pipe_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Likewise.
* scd/app.c (report_change): Likewise.
* tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd):
Likewise.
* tools/gpg-card.c (cmd_gpg): Likewise.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise.
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--
Signed-off-by: Jakub Jelen <[email protected]>
This is part of
GnuPG-bug-id: 7129
|
|
* agent/call-scd.c (handle_pincache_get): Set PIN to NULL. Also add
DBG_CACHE conditionals and don't return the pin in the debug output.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <[email protected]>
|
|
* agent/genkey.c (store_key): Clear ERR on success.
--
This fixes a real problem which might let ephemeral store mode fail
randomly.
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <[email protected]>
|
|
* agent/agent.h (agent_card_ecc_kem): New.
* agent/divert-scd.c (agent_card_ecc_kem): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key): New.
(ecc_extract_sk_from_key): New.
(ecc_raw_kem, get_cardkey, ecc_get_curve): New.
(ecc_pgp_kem_decrypt): Support a key on smartcard for ECC.
(composite_pgp_kem_decrypt): Handle a case of a key on smartcard.
* common/sexputil.c (get_ecc_curve_from_key): New.
* common/util.h (get_ecc_curve_from_key): New.
--
GnuPG-bug-id: 7097
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info
memory.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-scd.c (padding_info_cb): Allow NULL.
(agent_card_pkdecrypt): Likewise.
* agent/divert-scd.c (divert_pkdecrypt): Likewise.
* agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Likewise.
--
It's for RSA PKCD#1 encoding if the decrypt operation removes padding
or not. When caller knows it's not RSA, this information is no use
and it is better to allow NULL with the variable R_PADDING.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New.
(composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512.
* agent/pkdecrypt.c (ecc_table): Support bp512
* g10/pkglue.c (do_encrypt_kem): Ditto.
* tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384,
and bp512.
* tests/openpgp/privkeys: Add corresponding private keys.
* tests/openpgp/samplemsgs: Add sample messages for those keys.
--
GnuPG-bug-id: 6815
|
|
* configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0
* agent/pkdecrypt.c (struct ecc_params): Move constants to the top.
--
It does not make anymore sense to allow building with older Libgcrypt
versions. After all PQ key support is a major feature and for this we
need Libgcrypt.
|
|
* agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field.
(ecc_table): Update.
(get_ecc_params): Use strcmp.
(composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about
ML-KEM 512 and 1024.
--
Co-authored-by: Werner Koch <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/pkdecrypt.c (ecc_table): New.
(get_ecc_params): New.
(composite_pgp_kem_decrypt): Support other curves.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for
correctness. Add error diagnostics and one extra check.
--
GnuPG-bug-id: 7014
|
|
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Rename.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Change the format
of SEXP in the protocol for symmetric cipher algorithm identifier.
--
GnuPG-bug-id: 7014
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
--
Signed-off-by: Todd Zullinger <[email protected]>
|
|
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code
the value of FIXED_INFO. Get it from frontend.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/util.h (compute_kmac256): Remove.
(gnupg_ecc_kem_kdf, gnupg_kem_combiner): New.
* common/kmac.c (compute_kmac256): Don't expose.
(gnupg_ecc_kem_kdf, gnupg_kem_combiner): New.
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use
gnupg_ecc_kem_kdf and gnupg_kem_combiner.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/cvt-openpgp.c (extract_private_key): Support Kyber algorithms.
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map KEM to Kyber.
* common/sexputil.c (get_pk_algo_from_key): Increase buffer for use
with "kyber1024".
* g10/call-agent.c (agent_get_keyinfo): Fix warning.
* g10/keygen.c (do_create_from_keygrip): Support Kyber.
(ask_algo): Ditto.
--
To test create a standard key and the use --edit-key and "addkey" with
selection 13 and use the comma delimited keygrips.
GnuPG-bug-id: 7014
|
|
* agent/command.c (cmd_readkey): Jump to leave on reading error.
--
Fixes-commit: d7a3c455c5e29b19b66772f86dda925064e34896
|
|
* agent/command.c (cmd_readkey): Jump to leave on reading error.
--
Fixes-commit: d7a3c455c5e29b19b66772f86dda925064e34896
|
