| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* agent/call-daemon.c (struct wait_child_thread_parm_s): Remove PID
field.
(wait_child_thread): Don't touch the internals but call
assuan_pipe_wait_server_termination.
(daemon_start): Don't use PID.
(agent_daemon_dump_state): Don't use PID.
* agent/call-pinentry.c (watch_sock): Call assuan_pipe_kill_server.
(agent_popup_message_stop): Likewise.
--
GnuPG-bug-id: 6487
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* dirmngr/dirmngr.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(thread_init): Don't call assuan_set_system_hooks.
* g10/gpg.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* g13/g13.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Set the syscall clamp with gpgrt_set_syscall_clamp.
Don't call assuan_set_system_hooks.
* kbx/keyboxd.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* scd/scdaemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* sm/gpgsm.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* tpm2d/tpm2daemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (handle_connections): Use assuan_sock_accept.
* dirmngr/dirmngr.c (handle_connections): Ditto.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
* tpm2d/tpm2daemon.c (handle_connections): Ditto.
--
GnuPG-bug-id: 6599
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.h (FD2NUM): New.
* agent/call-pinentry.c (watch_sock): Use FD2NUM.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/dirmngr.c (handle_connections): Likewise.
* dirmngr/http.c (connect_with_timeout): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* tpm2d/tpm2daemon.c (handle_connections): Likewise.
--
GnuPG-bug-id: 6598
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* configure.ac (HAVE_SOCKET): Detect SOCKET type.
* agent/command-ssh.c [HAVE_SOCKET] (start_command_handler_ssh): Use
SOCKET to cast.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.h (FD_DBG): New.
* agent/gpg-agent.c (check_nonce): Use FD_DBG.
(do_start_connection_thread, start_connection_thread_ssh): Likewise.
* common/iobuf.c (fd_cache_close, file_filter, do_open): Likewise.
(do_iobuf_fdopen): Likewise.
* dirmngr/dirmngr.c (check_nonce, start_connection_thread)
(handle_connections): Likewise.
* dirmngr/http.c (_my_socket_new, _my_socket_ref): Likewise.
(_my_socket_unref): Likewise.
* g10/decrypt.c (decrypt_message_fd): Likewise.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/openfile.c (open_outfile): Likewise.
* g10/plaintext.c (get_output_file, hash_datafile_by_fd): Likewise.
* g10/verify.c (gpg_verify): Likewise.
* kbx/keyboxd.c (check_nonce, do_start_connection_thread): Likewise.
* scd/scdaemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
* sm/gpgsm.c (open_es_fread, open_es_fwrite): Likewise.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
--
GnuPG-bug-id: 6597
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-pinentry.c (agent_query_dump_state): Use %lx to
format thread ID.
--
Fixes-commit: ba6f8b3d9ec83b35c4f3839853567491fee2f99c
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-daemon.c [HAVE_W32_SYSTEM] (daemon_start): Use %p
for the format with a pointer.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_write_private_key): Partly rewrite to align
with 2.2 code and to make sure that we don't overwrite a real key.
(is_shadowed_key): New.
--
This change is now also needed in 2.4 due to the the former change
"Create and use Token entries to track the display s/n".
GnuPG-bug-id: 6386
|
|
* agent/findkey.c (fname_from_keygrip): New.
(agent_write_private_key): Use here. Use temp file for updating.
(agent_update_private_key): Use fname_from_keygrip and use gnupg
rename function instead of a vanilla rename.
|
|
* agent/findkey.c (agent_write_private_key): Add arg dispserialno and
update the token.
(agent_write_shadow_key): Add arg dispserialno and adjust all callers.
--
GnuPG-bug-id: 6135
Note that this has been forward ported from 2.2
|
|
* agent/findkey.c (agent_write_private_key): Partly rewrite to align
with 2.2 code and to make sure that we don't overwrite a real key.
(is_shadowed_key): New.
--
This change is now also needed in 2.4 due to the the former change
"Create and use Token entries to track the display s/n".
GnuPG-bug-id: 6386
|
|
* agent/findkey.c (fname_from_keygrip): New.
(agent_write_private_key): Use here. Use temp file for updating.
(agent_update_private_key): Use fname_from_keygrip and use gnupg
rename function instead of a vanilla rename.
|
|
* agent/findkey.c (agent_write_private_key): Add arg dispserialno and
update the token.
(agent_write_shadow_key): Add arg dispserialno and adjust all callers.
--
GnuPG-bug-id: 6135
Note that this has been forward ported from 2.2
|
|
* agent/gpg-agent.c (handle_connections): Break if supervised.
* dirmngr/dirmngr.c (is_supervised): New.
(handle_connections): Break if supervised.
--
For supervised agent/dirmngr, 'systemctl stop' behaves just like
'gpgconf --kill', ignoring existing connections.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-daemon.c (wait_child_thread): Call assuan_set_flag only
for !HAVE_W32_SYSTEM.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
--
|
|
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--
This avoids the use of the VirtualStore uner Windows.
GnuPG-bug-id: 6503
|
|
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--
This avoids the use of the VirtualStore uner Windows.
GnuPG-bug-id: 6503
|
|
* common/exechelp-posix.c (do_exec, gnupg_spawn_process): Remove.
(check_syscall_func, pre_syscall, post_syscall) : New.
(do_create_socketpair, posix_open_null, call_spawn_cb): New.
(my_exec, spawn_detached, gnupg_spawn_helper): New.
(gnupg_process_spawn, process_kill, gnupg_process_terminate): New.
(gnupg_process_get_fds, gnupg_process_get_streams): New.
(process_vctl, gnupg_process_ctl): New.
(gnupg_process_wait, gnupg_process_release): New.
(gnupg_process_wait_list): New.
* common/exechelp-w32.c: Add definition of _WIN32_WINNT as 0x600.
(check_syscall_func, pre_syscall, post_syscall): New.
(gnupg_spawn_process): Remove.
(check_windows_version): New.
(spawn_detached, gnupg_spawn_helper, gnupg_process_spawn): New.
(gnupg_process_get_fds, gnupg_process_get_streams): New.
(process_kill, process_vctl, gnupg_process_ctl): New.
(gnupg_process_wait, gnupg_process_terminate): New.
(gnupg_process_release, gnupg_process_wait_list): New.
* common/exechelp.h: Re-write for new API.
* common/exectool.c (gnupg_exec_tool_stream): Follow the change.
* common/asshelp.c (start_new_service): Likewise.
* agent/genkey.c (do_check_passphrase_pattern): Likewise.
* dirmngr/ldap-wrapper.c (struct wrapper_context_s): Use PROC.
(destroy_wrapper): Follow the change of API.
(read_log_data): Follow the change of API, use printable_pid.
(ldap_reaper_thread, ldap_wrapper_release_context): Likewise.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Follow the change of API.
(show_photo): Likewise.
* g13/be-encfs.c (run_umount_helper): Likewise.
(run_encfs_tool): Likewise.
* g13/g13.c: Add including ./common/exechelp.h.
* g13/mount.c: Likewise.
* g13/runner.c: Follow the change of API.
* g13/runner.h: Follow the change of API.
* scd/app.c (setup_env): New.
(report_change): Follow the change of API.
* tests/gpgscm/ffi.c (proc_object_finalize): New.
(proc_object_to_string): New.
(proc_wrap, proc_unwrap): New.
(do_spawn_process): Remove.
(do_process_spawn): New.
(setup_std_fds): New.
(do_spawn_process_fd): Remove.
(do_process_spawn_fd): New.
(do_wait_process): Remove.
(do_process_wait): New.
(do_wait_processes): Remove.
* tests/gpgscm/t-child.scm: Follow the change of API.
* tests/gpgscm/tests.scm: Likewise.
* tests/openpgp/defs.scm: Likewise.
* tests/tpm2dtests/defs.scm: Likewise.
* tools/gpg-card.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgconf.c: Likewise.
* tools/gpgtar-create.c: Likewise.
* tools/gpgtar-extract.c: Likewise.
* tools/gpgtar-list.c: Likewise.
--
GnuPG-bug-id: 6275
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (cmd_keytocard): Add new arg for ECDH params.
* scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to
compute the fingerprint.
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str.
* g10/keyid.c (ecdh_param_str_from_pk): New.
* g10/card-util.c (card_store_subkey): Pass ECDH params to writekey.
* g10/keygen.c (card_store_key_with_backup): Ditto.
* scd/app-openpgp.c (store_fpr): Add arg update.
(rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid
writing the fingerprint back to the card if not set.
(read_public_key): Also add arg meta_update.
(get_public_key): Do not pass it as true here...
(do_genkey): ... but here.
(rsa_write_key, ecc_writekey): Force string the fingerprint.
--
The problem showed up because in 2.4 we changed the standard ECDH
parameter some years ago. Now when trying to write an ECDH key
created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong
fingerprint and thus gpg was not able to find the key again by
fingerprint.
The patch also avoids updating the stored fingerprint in certain
situations.
This fix is somewhat related to
GnuPG-bug-id: 6378
|
|
* agent/command-ssh.c (ssh_send_available_keys): Redefine the order of
keys.
--
GnuPG-bug-id: 6212
|
|
* agent/trustlist.c (struct trustitem_s): Add field de_vs.
(read_one_trustfile): Parse it.
(istrusted_internal): Emit TRUSTLISTFLAG status line.
* sm/gpgsm.h (struct rootca_flags_s): Add field de_vs.
* sm/call-agent.c (istrusted_status_cb): Detect the flags.
* sm/sign.c (write_detached_signature): Remove unused vars.
--
Right now this flag has no effect; we first need to specify the exact
behaviour.
GnuPG-bug-id: 5079
|
|
* agent/command.c (cmd_preset_passphrase): Add option.
* agent/preset-passphrase.c (oRestricted): New.
(opts): Add option --restricted.
(main): Set option.
(preset_passphrase): Use option.
--
We use a different cache for connections from the extra-socket.
However, with gpg-preset-passphrase is only able to preset a
passphrase into the regular cache. Further, a restricted connection
may not use PRESET_PASSPHRASE. To solve this we add an new option to
preset the passphrase into the "restricted" cache. For the
gpg-preset-passphrase tool we also add the option --restricted.
Note that this does not yet work with gpg-preset-passphrase --forget.
|
|
* agent/agent.h (opt): Remove enable_extended_key_format.
* agent/gpg-agent.c (enum cmd_and_opt_values): Turn
oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy
options.
* agent/protect.c (do_encryption): Remove arg use_ocb and
corresponding code.
(agent_protect): Ditto. Change all callers.
* agent/findkey.c (agent_write_private_key): Simplify due to the
removal of disable-extended-key-format.
(write_extended_private_key): Fold into agent_write_private_key.
--
This change is related to
GnuPG-bug-id: 6386
but should have no visible effect except for the removal of
option --disable-extended-key-format.
|
|
* agent/call-pinentry.c (agent_get_passphrase): Do SETREPEATOK.
(agent_askpin): Ditto.
Signed-off-by: Ben Kibbey <[email protected]>
|
|
* agent/findkey.c (agent_key_from_file): Check the error of
read_key_file again.
* agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was
found. Also remove useless condition.
--
The first patch fixes a likely merge error. The second is about the
actual return code: If we have no smardcard but simply try to decrypt
with the current smartcard we should return the originla error code.
GnuPG-bug-id: 5170
Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
|
|
* agent/findkey.c (public_key_from_file): Add arg r_sshorder.
(agent_ssh_key_from_file): Ditto.
* agent/command-ssh.c (struct key_collection_item_s): New.
(struct key_collection_s): New.
(search_control_file): Add art r_lnr.
(add_to_key_array): New.
(free_key_array): New.
(compare_key_collection_items): New.
(ssh_send_available_keys): Rewrite to return the keys in the user
given order.
--
GnuPG-bug-id: 6212
We now first return the keys from active cards, followed by keys
listed in sshcontrol, finally from those with the "Use-for-ssh" key
attribute. Keys from active cards are returned sorted by their S/N.
Keys from sshcontrol are returned in the order they are given in that
file. Use-for-ssh keys are ordered by the value assigned to that key
attribute. The values for the latter are clamped at 99999.
|
|
* common/name-value.c (nvc_get_boolean): Rewrite.
--
The function may now return a positive or negative number instead of
just 1 for true. All callers were already prepared for this.
GnuPG-bug-id: 6212
|
|
* agent/command.c (cmd_scd): Allow it.
--
This is important because Scute uses "SCD SERIALNO --all".
|
|
* agent/Makefile.am [HAVE_W32CE_SYSTEM]: Remove.
* am/cmacros.am [HAVE_W32CE_SYSTEM]: Remove.
* autogen.sh: Remove W32ce_ variables.
* configure.ac: Likewise.
* dirmngr/Makefile.am (extra_bin_ldflags): Remove.
* g10/Makefile.am [HAVE_W32CE_SYSTEM]: Remove.
* kbx/Makefile.am: Likewise.
* sm/Makefile.am (extra_bin_ldflags): Remove.
* tools/Makefile.am (extra_bin_ldflags): Remove.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (cmd_export_key): Add option --mode1003.
(command_has_option): Ditto.
* g10/build-packet.c (do_key): Implement mode 1003.
* g10/parse-packet.c (parse_key): Ditto.
* g10/options.h (EXPORT_MODE1003): New.o
* g10/call-agent.c (agent_export_key): Add arg mode1003.
* g10/export.c (parse_export_options): Add "mode1003"
(secret_key_to_mode1003): New.
(receive_seckey_from_agent): Add arg mode1003.
(do_export_one_keyblock): Pass option down.
--
This option allows to export a secret key in GnuPG's native format.
Thus no re-encryption is required and further the public key parameters
are also authenticated if a protection passphrase has been used.
Note that --import is not yet able to handle this new mode. Although
old version of GnuPG will bail out with "invalid packet" if a mode1003
exported secret key is seen.
|
|
* agent/cvt-openpgp.c (convert_from_openpgp_main): Take care of
version 5 keys.
--
GnuPG-bug-id: 6294
|
|
* Makefile.am (check-all): Add EXEEXT.
* agent/all-tests.scm: Append EXEEXT.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/trustlist.c (agent_marktrusted): Use gnupg_access.
|
|
* agent/command-ssh.c (card_key_available): Replace blanks.
--
For managing the authorized_key file of ssh it is convenient if the
comment does not have any spaces. Thus we now return
cardno:FFFE_50FF3D01
instead of
cardno:FFFE 50FF3D01
Note that gpg --export-ssh-key uses the keyid as comment because it
does not known the S/N of the card. Gpg-agent however does not know
about OpenPGP and uses the s/n.
|
|
* agent/command.c (cmd_keyattr): Reject when disabled extended key
format. Handle the case when key is in non-extended format.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/exechelp-posix.c (do_exec): Remove PREEXEC argument.
(gnupg_spawn_process): Likewise.
(gnupg_spawn_process_fd): Follow the change of do_exec.
(gnupg_spawn_process_detached): Likewise.
* common/exechelp-w32.c (gnupg_spawn_process): Remove PREEXEC.
* common/exechelp.h (gnupg_spawn_process): Remove PREEXEC.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* tests/gpgscm/ffi.c (do_spawn_process): Likewise.
* tools/gpgconf-comp.c (gc_component_check_options): Likewise.
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.
--
PREEXEC is not portable feature and it's not used.
GnuPG-bug-id: 6249
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (start_command_handler_ssh_stream): New.
* agent/command-ssh.c (start_command_handler_ssh_stream): New.
* agent/gpg-agent.c (oWin32OpenSSHSupport): New.
(W32_DEFAILT_AGENT_PIPE_NAME): New.
(main): Add oWin32OpenSSHSupport support.
(win32_openssh_thread): New.
(handle_connections): Spawn win32_openssh_thread.
* configure.ac (NEED_GPGRT_VERSION): Require libgpg-error 1.46.
--
GnuPG-bug-id: 3883
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (do_one_keyinfo): Add arg list_mode. Check
attribute Remote-list.
(cmd_keyinfo): Change semantics to return nothing in restricted list
mode.
|
|
* agent/protect.c (agent_get_shadow_info_type): It's a write only
variable, useful for debugging.
* g10/key-check.c (key_check_all_keysigs): Likewise.
* g10/keyedit.c (show_basic_key_info, menu_expire): Likewise.
* scd/app-sc-hsm.c (read_ef_prkd): Likewise.
* dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars.
* dirmngr/ks-action.c (ks_action_help): Remove unused variables.
* dirmngr/server.c (make_keyserver_item): Likewise.
* dirmngr/validate.c (check_cert_sig): Initialize the variable.
* scd/app-p15.c (select_and_read_record): Likewise.
* tests/gpgscm/scheme.c (scheme_init_new): A function with no args.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (main): Print an error message if no-autostart is
set in common.conf.
|
|
--
|
|
* agent/command.c (do_one_keyinfo): New arg need_Attr.
(cmd_keyinfo): New option --need-attr.
* agent/findkey.c (public_key_from_file): Use nvc_get_boolean.
--
This option makes it easier to list keys suitable only for certain
purposes.
The second patch makes if compliant to the description in
keyformat.txt
|
|
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command-ssh.c: Fix comments.
* agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check.
--
GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets.
* g10/gpg.c (main) <aGenRandom>: Add Level 30.
|
|
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.
--
GnuPG-bug-id: 6035
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (cmd_keyattr): Check the ATTRNAME.
--
GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <[email protected]>
|
