| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Replace fixed-info
by an s-exp parameter. Do not expect the algo and extra length octet.
--
This code needs more work, for example extracting the curve from the
s-expression and mapping it to a KEM algo. It might even be better
top move parts of the code to common/.
|
|
* agent/cvt-openpgp.c (extract_private_key): Support Kyber algorithms.
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map KEM to Kyber.
* common/sexputil.c (get_pk_algo_from_key): Increase buffer for use
with "kyber1024".
* g10/call-agent.c (agent_get_keyinfo): Fix warning.
* g10/keygen.c (do_create_from_keygrip): Support Kyber.
(ask_algo): Ditto.
--
To test create a standard key and the use --edit-key and "addkey" with
selection 13 and use the comma delimited keygrips.
GnuPG-bug-id: 7014
|
|
* agent/command.c (cmd_readkey): Jump to leave on reading error.
--
Fixes-commit: d7a3c455c5e29b19b66772f86dda925064e34896
|
|
* agent/command.c (cmd_pkdecrypt): Fix comparison.
* agent/agent.h (enum kemids): Rename type and strip trailing comma.
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Allow building
with Libgcrypt < 1.11
--
Eventually we should change the libgcrypt requirement in configure.
|
|
* agent/agent.h (enum kemid): New.
(agent_kem_decrypt): New.
* agent/command.c (cmd_pkdecrypt): Support --kem option to call
agent_kem_decrypt.
* agent/pkdecrypt.c (reverse_buffer): New.
(agent_hybrid_pgp_kem_decrypt): New.
(agent_kem_decrypt): New.
--
Now, it only supports X25519 + ML-KEM.
GnuPG-bug-id: 7014
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (struct server_control_s): Add have_keygrip1.
* agent/command.c (reset_notify): Clear have_keygrip1 field.
(cmd_havekey): Add --another option handling.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program. Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--
GnuPG-bug-id: 7017
|
|
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode
but ignore the cacheid.
--
The use case is symmetric encryption via the extra-socket. To avoid
that the gpg running on the server has access to the cache we set the
cache id to NULL so that the cache is not used at all.
|
|
* agent/agent.h (struct ephemeral_private_key_s): New.
(struct server_control_s): Add ephemeral_mode and ephemeral_keys.
(GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New.
* agent/genkey.c (clear_ephemeral_keys): New.
(store_key): Add arg ctrl and implement ephemeral_mode. Change all
callers.
(agent_genkey): Replace args no_protection and preset by a generic new
flags arg.
* agent/findkey.c (wipe_and_fclose): New.
(agent_write_private_key): Add arg ctrl and implement ephemeral_mode.
Change all callers.
(agent_update_private_key): Ditto
(read_key_file): Ditto.
(agent_key_available): Ditto.
* agent/command-ssh.c (card_key_available): Do not update display s/n
in ephemeral mode. This is however enver triggred.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral
keys.
* agent/command.c (cmd_genkey): Use the new flags instead of separate
vars.
(cmd_readkey): Create a shadow key only in non-ephemeral_mode.
(cmd_getinfo): Add sub-command "ephemeral".
(option_handler): Add option "ephemeral".
--
The idea here that a session can be switched in an ephemeral mode
which does not store or read keys from disk but keeps them local to
the session.
GnuPG-bug-id: 6944
|
|
* agent/command.c (cmd_havekey): Add new option --info.
* tools/card-call-scd.c (scd_readkey): Allow using without result arg.
(struct havekey_status_parm_s): New.
(havekey_status_cb): New.
(scd_havekey_info): New.
(scd_delete_key): New.
* tools/gpg-card.c (print_keygrip): Add arg with_lf.
(cmd_checkkeys): New.
(cmdCHECKKEYS): New.
(cmds): Add command "checkkeys".
(dispatch_command, interactive_loop): Call cmd_checkkeys.
--
GnuPG-bug-id: 6943
|
|
--
This name is used by Kleopatra for quite some time now but was missing
a specification.
|
|
--
Also fix a typo in a macro.
|
|
* agent/gpg-agent.c (main): The value of reliable_homedir_inotify
doesn't not related to nodetach, and it's only zero in the specific
condition.
* kbx/keyboxd.c (handle_connections): Remove the last argument.
(main): Remove reliable_homedir_inotify, as it's always one.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (reliable_homedir_inotify): Remove the global.
(handle_connections): Add reliable_homedir_inotify as an arg.
Don't call gnupg_inotify_watch_delete_self when it's not reliable.
(check_others_thread): No check of reliable_homedir_inotify repeatedly
in the loop.
* kbx/keyboxd.c (reliable_homedir_inotify): Remove the global.
(handle_connections): Add reliable_homedir_inotify as an arg.
(handle_tick): No check of reliable_homedir_inotify in the loop.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (handle_connections): Don't disable use of inotify
when it has the --disable-check-own-socket option.
--
Before the fix, it checks the homedir using the gnupg_stat function
when --disable-check-own-socket is enabled, without trying use of
inotify.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (read_key_file): Add optional arg r_orig_key_value
to return the old Key value. Change all callers.
(agent_write_private_key): Detect whether the Key entry was really
changed.
--
GnuPG-bug-id: 6829
|
|
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nvc_set): Set flag unless value did not change.
(nve_set): Add arg PK. Change the caller.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
|
|
* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.
* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo. Also simply condition.
(agent_get_passphrase): Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
|
|
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call
agent_delete_key before agent_write_private_key. Recover
from an error.
--
Cherry-picked from master commit of:
eda3997b439e415f1bebaa3be20c8bdb43d3a1d0
Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202
Signed-off-by: James Bottomley <[email protected]>
|
|
* agent/findkey.c (agent_write_private_key): Initialize FP.
--
Cherry-picked from master commit of:
a8618fdccdab228a8bbe3efeb87223a68fa57219
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_update_private_key): Check FNAME0.
--
Cherry-pick master commit of:
08e529fa7cfa8f55256337dd525fe8724c78cd92
Fixes-commit: a216e9c028ee389c4bf0250b822d567ffe9ad85e
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_update_private_key): Check FNAME0.
--
Fixes-commit: a216e9c028ee389c4bf0250b822d567ffe9ad85e
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call
agent_delete_key before agent_write_private_key. Recover
from an error.
--
Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202
Signed-off-by: James Bottomley <[email protected]>
|
|
* agent/trustlist.c (struct trustitem_s): Use unsigned int.
* common/audit.c (struct log_item_s): Likewise.
* g10/packet.h (struct seckey_info): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_write_private_key): Initialize FP.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/cache.c (insert_to_timer_list): Round up when >= a half second.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (handle_connections): Also check SOCK_INOTIFY_FD
when spawning check_onw_socket_thread. When removal of the socket
is detected, do same as AGENT_PROBLEM_SOCKET_TAKEOVER.
--
GnuPG-bug-id: 6692
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/cache.c (insert_to_timer_list): Update TV_SEC of the top entry
when inserted.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/cache.c (remove_from_timer_list_new): Fix cut&paste error.
TV_SEC field should not be touched.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/cache.c (struct timer_s): New.
(struct cache_item_s): Add a member filed T for timer.
(the_timer_list, the_timer_list_new): New.
(insert_to_timer_list_new, insert_to_timer_list): New.
(remove_from_timer_list, remove_from_timer_list_new): New.
(housekeeping): Remove.
(compute_expiration, update_expiration): New.
(do_expire): New.
(TIMERTICK_INTERVAL): Remove.
(agent_cache_expiration): Use timer list to manage the expiration
of cache entries.
(agent_flush_cache): Call update_expiration when needed.
(agent_put_cache): Don't call housekeeping any more, but
update_expiration for an entry in question.
(agent_get_cache): Likewise.
--
GnuPG-bug-id: 6681
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_cache_housekeeping): Remove.
(agent_cache_expiration): New.
* agent/cache.c (agent_cache_housekeeping): Remove.
(agent_cache_expiration): New.
* agent/gpg-agent.c (TIMERTICK_INTERVAL): Remove.
(handle_tick): Remove.
(handle_connections): Call agent_cache_expiration and use the timeout
value determined by the call.
--
GnuPG-bug-id: 6681
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (CHECK_PROBLEMS_INTERVAL): New.
(socket_takeover_detected): Remove.
(problem_detected): New.
(handle_tick): Don't check parent PID and homedir in this function.
(handle_connections): Spawn check_others_thread when needed. Handle
AGENT_PROBLEM_PARENT_HAS_GONE and AGENT_PROBLEM_HOMEDIR_REMOVED.
(check_own_socket_thread): Check SHUTDOWN_PENDING variable in the
loop. Use PROBLEM_DETECTED variable.
(check_others_thread): New.
--
GnuPG-bug-id: 6693
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (handle_connections): Only spawn the thread
when CHECK_OWN_SOCKET_INTERVAL > 0.
[CHECK_OWN_SOCKET_INTERVAL == 0] (check_own_socket_pid_cb)
(do_check_own_socket, check_own_socket_thread): Ifdef out.
--
GnuPG-bug-id: 6692
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (handle_connections): Check the takeover when
interrupted.
(check_own_socket_thread): Kick the loop when detected.
--
GnuPG-bug-id: 6692
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (check_own_socket_running): Remove.
(socket_takeover_detected): New.
(check_own_socket): Remove.
(handle_tick): Don't call check_own_socket any more.
(handle_connections): Start off the check_own_socket_thread.
Check socket_takeover_detected to handle the event.
(do_check_own_socket): New, factoring out the task.
(check_own_socket_thread): Loop with the interval.
--
GnuPG-bug-id: 6692
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_kick_the_loop): New.
* agent/gpg-agent.c [HAVE_W32_SYSTEM] (the_event2): New.
[HAVE_PSELECT_NO_EINTR] (event_pipe_fd): New.
[!HAVE_PSELECT_NO_EINTR] (main_thread_pid): New.
(create_an_event): New, factored out.
(get_agent_daemon_notify_event): Use create_an_event.
(handle_signal): Add a case for SIGCONT.
(agent_kick_the_loop): New.
(handle_connections): Call pselect possibly with the pipe.
Call eselect with THE_EVENT2.
--
GnuPG-bug-id: 6682
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (thread_init_once): Call assuan_control.
* g10/gpg.c (main): Likewise.
* g13/g13.c (main): Likewise.
* kbx/keyboxd.c (thread_init_once): Likewise.
* scd/scdaemon.c (main): Likewise.
* sm/gpgsm.c (main): Likewise.
* tpm2d/tpm2daemon.c (main): Likewise.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-daemon.c (struct wait_child_thread_parm_s): Remove PID
field.
(wait_child_thread): Don't touch the internals but call
assuan_pipe_wait_server_termination.
(daemon_start): Don't use PID.
(agent_daemon_dump_state): Don't use PID.
* agent/call-pinentry.c (watch_sock): Call assuan_pipe_kill_server.
(agent_popup_message_stop): Likewise.
--
GnuPG-bug-id: 6487
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* dirmngr/dirmngr.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(thread_init): Don't call assuan_set_system_hooks.
* g10/gpg.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* g13/g13.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Set the syscall clamp with gpgrt_set_syscall_clamp.
Don't call assuan_set_system_hooks.
* kbx/keyboxd.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* scd/scdaemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* sm/gpgsm.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* tpm2d/tpm2daemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (handle_connections): Use assuan_sock_accept.
* dirmngr/dirmngr.c (handle_connections): Ditto.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
* tpm2d/tpm2daemon.c (handle_connections): Ditto.
--
GnuPG-bug-id: 6599
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.h (FD2NUM): New.
* agent/call-pinentry.c (watch_sock): Use FD2NUM.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/dirmngr.c (handle_connections): Likewise.
* dirmngr/http.c (connect_with_timeout): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* tpm2d/tpm2daemon.c (handle_connections): Likewise.
--
GnuPG-bug-id: 6598
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (HAVE_SOCKET): Detect SOCKET type.
* agent/command-ssh.c [HAVE_SOCKET] (start_command_handler_ssh): Use
SOCKET to cast.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.h (FD_DBG): New.
* agent/gpg-agent.c (check_nonce): Use FD_DBG.
(do_start_connection_thread, start_connection_thread_ssh): Likewise.
* common/iobuf.c (fd_cache_close, file_filter, do_open): Likewise.
(do_iobuf_fdopen): Likewise.
* dirmngr/dirmngr.c (check_nonce, start_connection_thread)
(handle_connections): Likewise.
* dirmngr/http.c (_my_socket_new, _my_socket_ref): Likewise.
(_my_socket_unref): Likewise.
* g10/decrypt.c (decrypt_message_fd): Likewise.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/openfile.c (open_outfile): Likewise.
* g10/plaintext.c (get_output_file, hash_datafile_by_fd): Likewise.
* g10/verify.c (gpg_verify): Likewise.
* kbx/keyboxd.c (check_nonce, do_start_connection_thread): Likewise.
* scd/scdaemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
* sm/gpgsm.c (open_es_fread, open_es_fwrite): Likewise.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
--
GnuPG-bug-id: 6597
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-pinentry.c (agent_query_dump_state): Use %lx to
format thread ID.
--
Fixes-commit: ba6f8b3d9ec83b35c4f3839853567491fee2f99c
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-daemon.c [HAVE_W32_SYSTEM] (daemon_start): Use %p
for the format with a pointer.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_write_private_key): Partly rewrite to align
with 2.2 code and to make sure that we don't overwrite a real key.
(is_shadowed_key): New.
--
This change is now also needed in 2.4 due to the the former change
"Create and use Token entries to track the display s/n".
GnuPG-bug-id: 6386
|
|
* agent/findkey.c (fname_from_keygrip): New.
(agent_write_private_key): Use here. Use temp file for updating.
(agent_update_private_key): Use fname_from_keygrip and use gnupg
rename function instead of a vanilla rename.
|
|
* agent/findkey.c (agent_write_private_key): Add arg dispserialno and
update the token.
(agent_write_shadow_key): Add arg dispserialno and adjust all callers.
--
GnuPG-bug-id: 6135
Note that this has been forward ported from 2.2
|
|
* agent/findkey.c (agent_write_private_key): Partly rewrite to align
with 2.2 code and to make sure that we don't overwrite a real key.
(is_shadowed_key): New.
--
This change is now also needed in 2.4 due to the the former change
"Create and use Token entries to track the display s/n".
GnuPG-bug-id: 6386
|
|
* agent/findkey.c (fname_from_keygrip): New.
(agent_write_private_key): Use here. Use temp file for updating.
(agent_update_private_key): Use fname_from_keygrip and use gnupg
rename function instead of a vanilla rename.
|
