| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (istrusted_internal): When LISTMODE is enabled,
TRUSTLISTFPR status output should be done.
--
GnuPG-bug-id: 7363
Fixes-commit: 4fa82eec43e8d205fa336113f6ea554923fd6986
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (istrusted_internal): Add arg listmode and print
new status line in this mode. Adjust callers.
(agent_listtrusted): Add new args ctrl and status_mode. Get all
trusted keys and then call is_trusted_internal for all of them.
* agent/command.c (cmd_listtrusted): Add new option --status.
--
This allows in a non-restricted connection to list all trusted keys in
one go.
(cherry picked from commit 4275d5fa7a51731544d243ba16628a9958ffe3ce)
|
| |
|
|
|
|
|
|
| |
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--
Fixes-commit: 6d45fcdd3c3e8d039b05f7276e7619c19fc957d1
GnuPG-bug-Id: 5079
|
| |
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_keytocard): Copy LINE.
--
GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_write_private_key): Init FP.
--
With
Fixes-commit: 3b69d8bf7146b8d10737d0cfea9c97affc60ad73
we took a shortcut but forgot to init FP which is usually set after
the new check. At least in the AppImage this always triggered a segv
and gpg or Kleopatra had to restart the agent. Not a problem in 2.4
becuase this code is a hack we don't need in 2.4 due to that new
ephemeral key storing feature.
GnuPG-bug-id: 6944
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--
Signed-off-by: Jakub Jelen <[email protected]>
This is part of
GnuPG-bug-id: 7129
(cherry picked from commit 379fc5569d604c4a7b5f12b2bbfc4106893c2a9e)
|
| |
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_keyinfo): Only forbid list command.
--
GnuPG-bug-id: 7003
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.
* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.
--
This was a regression in 2.2.42. We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42. With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.
GnuPG-bug-id: 6944
|
| |
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (read_key_file): Add optional arg r_orig_key_value
to return the old Key value. Change all callers.
(agent_write_private_key): Detect whether the Key entry was really
changed.
--
GnuPG-bug-id: 6829
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nve_set): Add arg PK. Change the caller. Check whether to change at
all.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (KEYTOCARD_TIMESTAMP_FORMAT): Remove and use format
string direct.
(cmd_keytocard): Change timestamp to an u64 and use the new u64 parser
functions. Use split_fields. Add ecdh parameter stuff. Take the
default timestamp from the keyfile.
* agent/findkey.c (agent_key_from_file): Add arg timestamp and set it.
Adjust all callers.
--
This is backport from 2.4 but only the agent part. We consider it
more relibale if we also pass the ECDH parameters along in 2.2.
Adding the timestamp stuff should not harm either. Because we now
have the u64 time string parser, we use them here.
See-commit: c03ba92576e34f791430ab1c68814ff16c81407b
See-commit: c795be79c14fac01b984bdc2e2041d2141f27612
This patch is somewhat related to:
GnuPG-bug-id: 6378, 5538
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (struct trustitem_s): Add field de_vs.
(read_one_trustfile): Parse it.
(istrusted_internal): Emit TRUSTLISTFLAG status line.
* sm/gpgsm.h (struct rootca_flags_s): Add field de_vs.
* sm/call-agent.c (istrusted_status_cb): Detect the flags.
* sm/sign.c (write_detached_signature): Remove unused vars.
--
Right now this flag has no effect; we first need to specify the exact
behaviour.
GnuPG-bug-id: 5079
(cherry picked from commit a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (struct trustitem_s): Add flag "qual".
(read_one_trustfile): Rename arg "allow_include" to "systrust" and
change callers. Parse new flag "qual".
(istrusted_internal): Print all flags.
* sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag.
* sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified".
* sm/certchain.c (do_validate_chain): Take care of the qualified flag.
--
(cherry picked from commit 7c8c6060616ab91f5490e91a0fb9efc9aee9f58e)
|
| |
|
|
| |
* agent/findkey.c (agent_write_private_key): Fix error reporting.
|
| |
|
|
|
|
|
| |
* agent/call-scd.c (agent_scd_check_aliveness): Call assuan_set_flag
only for !HAVE_W32_SYSTEM.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--
This avoids the use of the VirtualStore uner Windows.
GnuPG-bug-id: 6503
Backported from 2.4; some manifest files already existed in 2.2 but
not in 2.4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c: Remove assert.h and use log_assert all over the
file.
(fname_from_keygrip): Add arg for_new.
(is_shadowed_key): New.
(agent_write_private_key): Rewrite to use read, write to new file,
rename pattern. Ignore attempts to overwrite a regular key file by a
shadow key file.
(read_key_file): Move all cleanup code to the end of the function.
--
GnuPG-bug-id: 6386
I am not shure whether we should allow overwriting with FORCE set.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (opt): Remove enable_extended_key_format.
* agent/gpg-agent.c (enum cmd_and_opt_values): Turn
oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy
options.
* agent/protect.c (do_encryption): Remove arg use_ocb and
corresponding code.
(agent_protect): Ditto. Change all callers.
* agent/command.c (cmd_readkey): Do not test for key availability here
but defer that agent_write_shadow_key.
* agent/findkey.c (agent_write_private_key): Simplify due to the
removal of disable-extended-key-format.
(write_extended_private_key): Fold into agent_write_private_key.
Remove the maybe_update arg.
(agent_write_shadow_key): Ditto. Simplify.
--
GnuPG-bug-id: 6386
Backported-from-master: 6d792ae2eb46b3c411d36a87f0d08fbfc1b65cc9
But with large changes to get 2.2 more aligned with master again. This
is not finished; in particular the bug is not fixed; this comes wit
the next patch.
|
| |
|
|
|
|
|
|
| |
* agent/call-pinentry.c (start_pinentry): Add new default text.
--
GnuPG-bug-id: 4950
(cherry picked from commit b2a6e5b5169602052ae87d38588bdd3bd76fddad)
|
| |
|
|
|
|
|
| |
* agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets.
* g10/gpg.c (main) <aGenRandom>: Add Level 30.
(cherry picked from commit ae2f1f0785e429d6dbb577a1fcf9a880aaff8e49)
|
| |
|
|
| |
* agent/trustlist.c (agent_marktrusted): Use gnupg_access.
|
| |
|
|
|
|
|
| |
* agent/findkey.c (agent_write_private_key): Fix condition.
--
Fixes-commit: 755920d4335730fbf25e24342dc9c8a8a772dac3
|
| |
|
|
|
|
|
| |
* agent/command.c (cmd_readkey): Also allow for $AUTHKEYID in card
mode.
* g10/call-agent.c (agent_update_shadow_keys): new.
* g10/card-util.c (current_card_status): Call it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_write_private_key): Factor file name
generation out to ...
(fname_from_keygrip): new.
(write_extended_private_key): Add and implement new arg MAYBE_UPDATE.
(agent_write_shadow_key): Ditto.
* agent/command.c (cmd_readkey): Update the shadow-key in card mode.
--
GnuPG-bug-id 6135
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/divert-scd.c (linefeed_to_percent0A): New.
(ask_for_card): Add arg grip. Read Token and Label items and use
them.
(divert_pksign, divert_pkdecrypt): Pass down grip.
* agent/findkey.c (write_extended_private_key): Add args serialno,
keyref, and dispserialno. Writen Token item.
(agent_write_private_key): Add args serialno, keyref, and
dispserialno.
(read_key_file): Add arg r_keymeta.
(agent_keymeta_from_file): New.
(agent_write_shadow_key): Remove leading spaces from serialno and keyid.
* agent/protect-tool.c (agent_write_private_key): Ditto.
* agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to
agent_write_shadow_key.
* agent/command-ssh.c (card_key_available): Ditto.
--
GnuPG-bug-id: 6135
This patch backports some changes from master but also adds the
Display-S/N tracking.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here. Implement --no-user-trustlist. Also
repalce "allow_include" by "systrust" and adjust callers.
--
With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt. However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.
The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.
GnuPG-bug-id: 5990
Backported-from-master: 1530d04725d475bf29328eab40b42f72ff8aa06b
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.
--
Cherry-picked from master commit of:
99d2931887e5ba0db9007024b3420b110603d5be
GnuPG-bug-id: 6035
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
and assuan_end_confidential, and wipe the memory after use.
* agent/command.c (cmd_preset_passphrase): Likewise.
* scd/command.c (pin_cb): Likewise.
--
Backport the change of master commit of:
052f58422dca1044aba7acb4cf57416e7a8cb01f
GnuPG-bug-id: 5977
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.
--
GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--
Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.
The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.
GnuPG-bug-id: 5794
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
have a default. Remove runtime flag.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
(known_options_gpg_agent): Add a few missing runtime flags. Remove
"options". Add "check-sym-passphrase-pattern".
(known_options_scdaemon, known_options_gpgsm): Remove "options".
(dirmngr): Ditto.
* tools/gpgconf-comp.c (is_known_option): Return only options having a
value for name. Thus we list list options from the known_options
tables.
|
| |
|
|
|
|
|
| |
* agent/gpg-agent.c (main): Use gnupg_argparse.
* tools/gpgconf-comp.c: Use gnupg_opt_t.
* tools/gpgconf.c (show_version_gnupg): Use strusage.
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit c693b7f4ade97357c33b410728bb741674255487)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c: Remove all regular option descriptions. They
are now read in from the component. Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--
This second part removes all regular option descriptions because they
can be read from the components. A few were missing in the components
and thus moved to there.
Signed-off-by: Werner Koch <[email protected]>
This is a backport from master (2.3).
|
| |
|
|
|
|
|
|
| |
* agent/gpg-agent.c (main): Move detection up.
--
The problem is that PARGS is re-used and when detecting a possible
incorrect use, the flag that "--" has already been seen has gone.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.
* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option. Add comment to eventually implement it.
--
Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always
NULL.
--
Fixes-commit: db5dc7a91af3774cfbce0bc533e0f0b5498402fe
GnuPG-bug-id: 5577
|
| |
|
|
| |
* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
(MAX_GENPIN_TRIES): Remove.
* agent/call-pinentry.c (struct entry_parm_s):
(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
(is_generated_pin): New.
(inq_cb): Suppress constraints checking for a generated passphrase.
No more need for several tries to generate the passphrase.
(do_getpin): Store a generated passphrase/pin in the status field.
(agent_askpin): Suppress constraints checking for a generated
passphrase.
(agent_get_passphrase): Ditto.
* agent/command.c (cmd_get_passphrase): Ditto.
--
A generated passphrase has enough entropy so that all kind of extra
checks would only reduce the actual available entropy. We thus detect
if a passphrase has been generated (and not changed) and skip all
passphrase constraints checking.
|
| |
|
|
|
|
| |
* agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ...
(DEFAULT_GENPIN_BITS): this and increase to 150.
(generate_pin): Make sure that we use at least 128 bits.
|
| |
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c: Remove unused assert.h.
(inq_cb): Fix use use of assuan_end_confidential in case of nested
use.
(do_getpin): Ditto.
(setup_formatted_passphrase): Escape the help string.
(setup_enforced_constraints): Ignore empty help strings.
|
| |
|
|
| |
* agent/call-pinentry.c (atfork_core): Pass DISPLAY.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg. Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing. Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constraints flag from the supplied pinentry
struct.
--
Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different. Thus a
the use of a different pattern file will be useful. Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.
GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <[email protected]>
Backported-from-master: 7c45a69eb988e9c0329d75900af0c5b1e47291b7
agent: New option --check-sym-passphrase-pattern.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c: Include zb32.
(MAX_GENPIN_TRIES): New.
(DEFAULT_GENPIN_BYTES): New.
(generate_pin): New.
(setup_genpin): New.
(inq_quality): Rename to ...
(inq_cb): this. Handle checkpin inquiry.
(setup_enforced_constraints): New.
(agent_get_passphrase): Call sertup_genpin. Call
setup_enforced_constraints if new passphrase is requested.
--
This implements the gpg-agent side for checking whether a new passphrase
entered by the user in pinentry satisfies the passphrase constraints.
Performing a checkpin inquiry is only allowed if the passphrase
constraints are enforced. setup_enforced_constraints sends necessary
options and translated strings to pinentry.
The patch also merges 557ddbde32585c534626b57a595a2ccf28fd585e et
al. from master to add the genpin inquiry machinery.
The suggested passphrase has the required entropy of 128 bits.
GnuPG-bug-id: 5517, 5532
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (opt): Add field pinentry_formatted_passphrase.
* agent/call-pinentry.c (setup_formatted_passphrase): New.
(agent_get_passphrase): Pass option to pinentry.
* agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
(opts): Add option.
(parse_rereadable_options): Set option.
--
GnuPG-bug-id: 5553, 5517
This is a squashed backport of two commits from master.
Backport-from-master: bf20a80f68449cc83b67c53ba9a0a84c45827ac4
Backport-from-master: 99601778f4a9dc1c9fee792361c959f5e0732cfd
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (convert_from_openpgp_main): Return
GPG_ERR_BAD_SECKEY.
--
Backport master commit of:
21ef425e222ddfa460b37dece63adb67ff2e4dd1
When non-protected case, error at gcry_pk_testkey results
GPG_ERR_BAD_PASSPHRASE. Here, it should be converted to
GPG_ERR_BAD_SECKEY, or else, user will be asked passwd even if it's
not protected.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--
These are taken from these commits:
98c52ae * card: Intialize pointer to avoid double free
fc5fac8 * kbx: Avoid uninitialized read
fa0771f * g10: Avoid memory leaks
25aa353 * dirmgr: Avoid double free
33a2362 * agent: Fix memory leaks
e6132bc * sm: Avoid memory leaks and double double-free
2af7bb2 * g10: Fix memory leaks
0d2c1e9 * dirmgr: clean up memory on error code paths
GnuPG-bug-id: 5393
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_readkey): Add option --no-data and special
handling for $SIGNKEYID and $AUTHKEYID.
* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
output.
* g10/skclist.c (enum_secret_keys): Automagically get a missing public
key for the current card.
Signed-off-by: Werner Koch <[email protected]>
Backported-from-master: 50293ec2ebf2a997dbad9a47166d694efcc0709a)
|
| |
|
|
|
|
|
| |
* agent/command.c (cmd_readkey): Test for shadow key before creating
it.
(cherry picked from commit 8f2c9cb73538baab7da8107f2cceb2f6fc49642a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
curves.
--
For example when using my standard ed25519 token and testing cards
with only Brainpool support, the ssh-agent failed due to the unknown
curves seen on the card. This patches fixes this by ignoring keys
with unknown curves.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 2d2391dfc25cfe160581b1bb4b4b8fc4764ac304)
|
