| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all
callers of opendir, readdir, and closedir to use these functions.
--
GnuPG-bug-id: 5098
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--
Yet another wrapper for Unicode support on Windows.
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
--
We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change. At a
very few places we keep using stdio (for example due to the use of
popen).
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
|
| |
|
|
|
|
| |
* agent/cache.c (agent_get_cache): Avoid dereferencing NULL.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
of a KEYPAIRINFO.
* scd/command.c (do_readkey): Ditto.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-nks.c (do_learn_status_core): Ditto.
(struct fid_cache_s): Add field algostr.
(flush_fid_cache): Release it.
(keygripstr_from_pk_file): Fill it and add it to the cache. Use a
single exit label.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
r_algostr. Change all callers.
--
This is helpful so that callers do not need to parse the key for this
basic information. Use "scd readkey --info-only" to return the info
status line instead of the key material; using just --info returns the
info in addition to the key material.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_keyinfo): Allow KEYINFO command for one key.
(cmd_scd): Allow SCD command to invoke GETINFO, GETATTR, and
KEYINFO --list=encr sub commands.
--
GnuPG-bug-id: 5063
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--
GnuPG-bug-id: 2312
|
| |
|
|
|
|
|
|
| |
* agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
--
GnuPG-bug-id: 4866
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* configure.ac: Add option --disable-tests. Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
|
| |
|
|
|
|
|
|
| |
* agent/command.c (cmd_get_passphrase): Take care of --repeat with
--newsymkey.
--
GnuPG-bug-id: 4997
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
new key to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_sethash): Add option --pss and allow for
--hash=null.
* agent/agent.h (struct server_control_s): Add digest.is_pss and
zero where needed.
* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
* scd/command.c (cmd_pksign): Add for --hash=none.
--
This is not a full implementaion of PSS but allows scdaemon card
drivers to detect already PSS formatted data.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (start_pinentry): Don't use pid_t.
--
When pid_t is 64-bit integer and unsigned long is 32-bit,
it never matches, because left hand side does not fill
upper 32-bit.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
same as with !OPT_NEWSYMKEY.
--
In loopback mode there shall not be any repeat because the caller is
expected to do any confirmation before passing a new passphrase to
gpg.
Fixes-commit: eace4bbe1ded8b01f9ad52ebc1871f2fd13c3a08
GnuPG-bug-id: 4991
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.
Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--
This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-scd.c: Factor re-usable code out to ...
* agent/call-daemon.c: new. Store infos in an array to allow for
other backend daemons.
* agent/Makefile.am (gpg_agent_SOURCES): Add new file.
* agent/agent.h: Include assuan.h.
(enum daemon_type): New.
(opt): Replace scdaemon_program by daemon_program array. Replace
scd_local by a array d_local. Change users accordingly.
--
The model I'm using for a TPM daemon is the current scdaemon. That
includes start and stop handlers plus liveness checks and an assuan
socket generator. To avoid massive code duplication (and save me a
lot of effort), I've elected to strip this code out of call-scd.c into
a generic framework which can then be reused as is by the TPM handling
daemon.
Signed-off-by: James Bottomley <[email protected]>
Co-authored-by: Werner Koch <[email protected]>
Modified original patch for 2.2 heavily to fit the new framework used
in master (gnupg 2.3)
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
--
For TPM support it is necessary to indroduce another type of shadow
key, so allow other agent functions to extract the type so they can
make the right decisions based on it.
Signed-off-by: James Bottomley <[email protected]>
Minor editorial changes by wk
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* agent/findkey.c (key_parms_from_sexp, is_eddsa): Remove.
(agent_pk_get_algo): Remove.
* agent/pksign.c (agent_pksign_do): Use get_pk_algo_from_key.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/agent.h (agent_is_dsa_key, agent_is_eddsa_key): Remove.
(agent_pk_get_algo): New.
* agent/findkey.c (agent_pk_get_algo): New.
* agent/pksign.c (do_encode_dsa): Use generic GCRY_PK_ECC.
(agent_pksign_do): Use agent_pk_get_algo.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_is_eddsa_key): Remove dead case.
--
There is no possibility the call of key_parms_from_sexp returns
"eddsa".
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/sexp-secret.c (fixup_when_ecc_private_key): Ignore shadowed
keys.
--
Fixes-commit: 47c1c329ed823a562185f86e98ac903605104f11
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* agent/sexp-secret.c (fixup_when_ecc_private_key): Use curve name
to identify the issue.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/Makefile.am: Add sexp-secret.c.
* agent/agent.h: New function declarations.
* agent/sexp-secret.c: New.
* agent/findkey.c (agent_key_from_file): Use sexp_sscan_private_key.
* agent/protect-tool.c (read_and_unprotect): Fix up private part,
calling fixup_when_ecc_private_key.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (scan_pgp_format): New with SOS support.
(do_unprotect): Use scan_pgp_format, handle opaque MPI for ECC.
(convert_from_openpgp_main): Use opaque MPI for ECC.
(apply_protection): Set GCRYMPI_FLAG_USER1 flag for encrypted secret.
(extract_private_key): Use "/qd" for ECC, opaque MPI.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_key_to_blob): Prepare for non-prefixed
point representation of EdDSA.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_receive_key): Curve is "Ed25519".
Use sexp_key_construct always.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* agent/pksign.c (do_encode_md): Directly use sexp_build.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (struct server_control_s): Add field digest.data.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
* agent/command.c (reset_notify): Ditto.
(start_command_handler): ditto.
(cmd_sethash): Add new option --inquire.
* agent/call-scd.c (agent_card_pksign): For now return an error if
inquire mode was used.
* agent/command-ssh.c (ssh_handler_sign_request): Make sure
digest.data is cleared.
* agent/divert-scd.c (divert_pksign): Implement inquire mode.
* agent/pksign.c (agent_pksign_do): Ditto.
--
This is required to support EdDSA according to RFC8410.
GnuPG-bug-id: 4888
|
| |
|
|
|
|
|
|
|
|
| |
* agent/protect-tool.c (read_key): Detect simple extended key format.
--
This is a quick hack to get a useful error messages. The real fix is
to replace the protect tool by a more useful new tool.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list. Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--
There is no need to read the list of options from the components
unless they convey a default value. It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed. Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Fixes-commit: c693b7f4ade97357c33b410728bb741674255487
|
| |
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c: Remove all regular option descriptions. They
are now read in from the component. Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--
This second part removes all regular option descriptions because they
can be read from the components. A few were missing in the components
and thus moved to there.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (reread_configuration): Use a two-part config
file.
* dirmngr/dirmngr.c (reread_configuration): Ditto.
--
If --options is used to to set a specific options file, this file and
not the default file needs to be re-read on SIGHUP.
GnuPG-bug-id: 4788
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/preset-passphrase.c: Switch to the new option parser.
* agent/protect-tool.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
--
This is another part of changes. A followup patch will address the
remaining daemons.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpgv.c: Use new option parser.
* sm/gpgsm.c: Ditto.
* agent/gpg-agent.c: Ditto.
(opts): Add option --no-options.
--
This is the next part of changes. The latest libgpg-error is required
so that that re-reading options (SIGHUP) works.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h. Do this also for all main modules which use our option
parser except for gpg. Replace calls to strusage by calls to
gpgrt_strusage everywhere.
* g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t. Rework the option
parser to make use of the new gpgrt_argparser.
--
This is not yet finished but a make check works. gpg has the most
complex and oldest option handling and thus this is the first
migration target. SE-Linux checks and version-ed config files are
missing and will be added later.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-scd.c (agent_card_serialno): Allow NULL for R_SERIAL.
(struct readkey_status_parm_s): New.
(readkey_status_cb): New.
(agent_card_readkey): Add optional arg R_KEYREF and change all
callers.
* agent/findkey.c (key_parms_from_sexp): Allow also a "public-key".
* agent/divert-scd.c (ask_for_card): Allow for SHADOW_INFO being NULL.
* agent/pksign.c (agent_pksign_do): Fallback to sign with an on-card
if there is no stub key yet. Create the stub key. Also fixed a
misnaming between s_pkey and s_skey.
--
This change allows to create OpenPGP keys directly from a card without
first making sure that a stub key exists. It is also the less
surprising behaviour.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.
* g10/main.h: Put util.h before the local header files.
--
This change is required for use with gcc/ld's LTO feature which does
not allow common blocks. Further gcc 10 will make -fno-common the
default and thus this chnage is always needed. What a pitty.
Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7)
- Applied respective chnages also to gpg-card and keyboxd.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (struct server_local_s): Add last_card_keyinfo.
(eventcounter): Add maybe_key_change.
(cmd_genkey, cmd_scd, cmd_import_key, cmd_delete_key): Bump new
counter.
(cmd_keyinfo): Cache the keyinfo from the card.
(start_command_handler): Release the cache.
--
This cache speeds up processing of commands like "gpg -K" because
scdaemon does not need to be asked for each key as long as nothing
changed with the card.
We should have a better notification service from scdaemon to make
sure that we get only the relevant events. What we do right now is a
bit course but sufficient.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* agent/call-scd.c (agent_card_free_keyinfo): Use xfree.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (maybe_switch_app): Factor reselect code out to ...
(run_reselect): new.
(app_write_learn_status): Tweak diagnostics.
(app_do_with_keygrip): Run reselect if a card has more than one
switchable application.
* agent/call-scd.c (agent_card_serialno): Ditto.
* tools/card-call-scd.c (start_agent): Use option --all with SERIALNO.
(scd_serialno): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (card_key_available): Supply KEYINFO argument.
Call agent_card_readkey by KEYGRIP of KEYINFO.
Don't use $AUTHKEYID, but IDSTR of KEYINFO.
(ssh_handler_request_identities): Follow the change of
card_key_available.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
