aboutsummaryrefslogtreecommitdiffstats
path: root/agent (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpgsm: Extend --learn-card by an optional s/n argument.Werner Koch2025-03-174-10/+30
| | | | | | | | | | | | | | | | * agent/command.c (cmd_learn): Allow for s/n argument. * agent/learncard.c (agent_handle_learn): Ditto. * agent/call-scd.c (agent_card_learn): Ditto. Pass it on to scd. * scd/command.c (cmd_switchcard): Factor most code out to ... (switchcard_core): new. (cmd_learn): Add option --demand to specify a s/n. * sm/gpgsm.c (main): Allow a s/n argument for --learn-card. -- This help Kleopatra to get a stable certificate listing. GnuPG-bug-id: 7379
* w32: On socket nonce mismatch close the socket.Werner Koch2025-03-052-8/+14
| | | | | | | | | | | | | | | | | * agent/gpg-agent.c (start_connection_thread_std): Close socket on nonce mismatch. (start_connection_thread_extra): Ditto. (start_connection_thread_browser): Ditto. (start_connection_thread_ssh): Ditto. * dirmngr/dirmngr.c (start_connection_thread): Ditto. * kbx/keyboxd.c (start_connection_thread): Ditto. -- Usually Libassuan takes care of closing the socket but because we do the nonce check before setting up Assuan we need to explicit close it. GnuPG-bug-id: 7434
* Log the Windows system error code at more places.Werner Koch2025-03-051-8/+4
| | | | | | | | | | | | | | | * common/asshelp.c (log_libassuan_system_error): New. * agent/gpg-agent.c (create_server_socket): Use new log function. (handle_connections): Log system error code for a failed accept. * dirmngr/dirmngr.c (handle_connections): Ditto. * kbx/keyboxd.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. * tpm2d/tpm2daemon.c (handle_connections): Ditto. * dirmngr/dirmngr.c (main): Log system error code for a failed bin. * kbx/keyboxd.c (create_server_socket): Ditto. * scd/scdaemon.c (create_server_socket): Ditto. * tpm2d/tpm2daemon.c (create_server_socket): Ditto.
* agent: Improve diagnostics for a bind call failure.Werner Koch2025-02-181-3/+11
| | | | | | | | | * agent/gpg-agent.c (create_server_socket): Fix translation. Add diagnostic for bind retry. Print windows error code after bind failure. -- GnuPG-bug-id: 7434
* agent: New option --change-std-env-name.Werner Koch2025-02-121-1/+6
| | | | | | | | | | | | | * common/session-env.c (stdenvnames): Add field "disabled". (INITIAL_ARRAYSIZE): Increase size a bit. (session_env_mod_stdenvnames): New. (session_env_list_stdenvnames): Handle the disabled flag. * agent/gpg-agent.c (oChangeStdEnvName): New. (opts): Add --change-std-env-name. (main): Implement option. -- GnuPG-bug-id: 7522
* agent: Fix ssh-agent's request_identities for skipped keys.Werner Koch2025-01-221-2/+4
| | | | | | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Adjust key counter for skipped keys. -- Fixes-commit: 8b8a8b246c443d5631a88ec59b88edf00aa0ff51 which introduced a regression due to an extra variable for counting the keys. The bug showed up for example if a card with a Brainpool Auth key was also used. Unfortunately OpenSSH still does not allow for Brainpool keys.
* agent: Fix a memory leak.Sorah Fukumori2025-01-141-0/+1
| | | | | | | | | * agent/findkey.c (read_key_file): Free BUF. -- Fixes-commit: 434a641d40cbff82beb9f485e0adca72419bfdf2 Signed-off-by: Sorah Fukumori <[email protected]>
* Stronger deprecate the --supervised option.Werner Koch2025-01-081-9/+12
| | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (opts): Rename option supervised. * dirmngr/dirmngr.c (opts): Ditto. -- The --supervised way to start gpg-agent has been deprecated for 2.5 years and will probably entirely removed with version 2.6.0. To allow its use until its removal the systemd service description need to be adjusted to use this option. The reason for the deprecation are conflicts with the way systemd starts gpg-agent and gpg expects how gpg-agent is started. In particular gpg expects that the gpg-agent matching its own version is started. Further the systemd way is not portable to other platforms and long term experience on Windows has show that the standard way of starting gpg-agent is less error prone. Note to those who want to re-introduse this option: Pretty please do not use socket names conflicting with our standard socket names. For example use /run/user/1000/foo-gnupg/S.gpg-agent.
* agent: Clean up for the refactoring.NIIBE Yutaka2024-12-161-2/+2
| | | | | | | | | * agent/call-scd.c (agent_card_pkdecrypt): Remove unused variables. -- Fixes-commit: fe147645d2397dd77b646a253965c5994f360f26 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Use SETDATA --apend for larger data to communicate scdaemon.NIIBE Yutaka2024-12-051-22/+31
| | | | | | | | | | | * agent/call-scd.c (prepare_setdata): New. (agent_card_pksign): Use prepare_setdata for SETDATA. (agent_card_pkdecrypt): Likewise. -- GnuPG-bug-id: 7436 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix status output for LISTTRUSTED.NIIBE Yutaka2024-10-311-2/+2
| | | | | | | | | | | * agent/trustlist.c (istrusted_internal): When LISTMODE is enabled, TRUSTLISTFPR status output should be done. -- GnuPG-bug-id: 7363 Signed-off-by: NIIBE Yutaka <[email protected]> Fixes-commit: 4275d5fa7a51731544d243ba16628a9958ffe3ce
* agent: Fix resource leak for PRIMARY_CTX.NIIBE Yutaka2024-10-221-0/+3
| | | | | | | | | * agent/call-daemon.c (wait_child_thread): Call assuan_release for PRIMARY_CTX when it's kept for reuse. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add option --status to the LISTRUSTED command.Werner Koch2024-10-013-16/+60
| | | | | | | | | | | | | * agent/trustlist.c (istrusted_internal): Add arg listmode and print new status line in this mode. Adjust callers. (agent_listtrusted): Add new args ctrl and status_mode. Get all trusted keys and then call is_trusted_internal for all of them. * agent/command.c (cmd_listtrusted): Add new option --status. -- This allows in a non-restricted connection to list all trusted keys in one go.
* agent: Replace hack for old Libgcrypt versions for auto-expand-secmem.Werner Koch2024-09-271-4/+1
| | | | * agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.
* agent: Better diagnostic for a failed key unprotection.Werner Koch2024-09-271-0/+2
| | | | | | | | * agent/findkey.c (unprotect): Print a diagnostic if unprotection failed. -- GnuPG-bug-id: 6375
* agent: Fix detection of the trustflag de-vs.Werner Koch2024-09-191-1/+1
| | | | | | | | * agent/trustlist.c (read_one_trustfile): Fix comparison. -- Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f GnuPG-bug-Id: 5079
* agent: Fix KEYTOCARD for the use case with loopback pinentry.NIIBE Yutaka2024-09-031-0/+7
| | | | | | | | | * agent/command.c (cmd_keytocard): Copy LINE. -- GnuPG-bug-id: 7283 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: When diverting to a card show the name of unsupported algos.Werner Koch2024-08-091-1/+14
| | | | * agent/divert-scd.c (divert_pkdecrypt): Improve error message.
* agent: Avoid memory leak when handling ssh keys.Jakub Jelen2024-07-221-0/+4
| | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Close file and directory on error paths. -- GnuPG-bug-id: 7201 Signed-off-by: Jakub Jelen <[email protected]>
* agent: Avoid memory leak when handling tpm2.Jakub Jelen2024-07-221-0/+1
| | | | | | | | | | * agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Free memory on errors. -- GnuPG-bug-id: 7201 Signed-off-by: Jakub Jelen <[email protected]>
* common: On Windows, we care about how PIPE handles are inherited.NIIBE Yutaka2024-07-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): It's for POSIX. * kbx/keyboxd.c (handle_connections): Ditto. * scd/app.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. tpm2d/tpm2daemon.c (handle_connections): Ditto. * tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH. (do_inbound_pipe): Use GNUPG_PIPE_INBOUND. (do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND. * common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound. (_gpg_decrypt): Likewise. * common/exechelp-posix.c (gnupg_create_pipe): Add an argument. * common/exechelp-w32.c (create_pipe_and_estream): Care about how PIPE handles are inherited to child process. (gnupg_create_pipe): Add an argument. * common/exechelp.h: Add enum values. -- Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834 Signed-off-by: NIIBE Yutaka <[email protected]>
* Use gpgrt_process_spawn API from libgpg-error.NIIBE Yutaka2024-07-091-8/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API. * common/asshelp.c (start_new_service): Ditto. * common/exechelp.h: Remove gnupg_process_spawn API. * common/exechelp-posix.c: Remove gnupg_process_spawn implementation. * common/exechelp-w32.c: Likewise. * common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API. * common/t-exechelp.c (test_pipe_stream): Remove. * dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use the gpgrt API. (ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto. * dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h. * g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API. * g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto. * g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h. * scd/apdu.c: No need to include exechelp.h. * scd/app.c (report_change): Use the gpgrt API. * sm/export.c, sm/import.c: No need to include exechelp.h. * tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap) (do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the gpgrt API. * tools/gpg-auth.c: No need to include exechelp.h. * tools/gpg-card.c (cmd_gpg): Use the gpgrt API. * tools/gpg-connect-agent.c: No need to include exechelp.h. * tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage) (start_gpg_encrypt): Use the gpgrt API. * tools/gpgconf-comp.c (gpg_agent_runtime_change) (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Ditto. * tools/gpgconf.c (show_versions_via_dirmngr): Ditto. * tools/gpgtar-create.c (gpgtar_create): Ditto. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- GnuPG-bug-id: 7192 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Require use of "SCD DEVINFO --watch" command with socket.NIIBE Yutaka2024-06-281-0/+3
| | | | | | | | | | * agent/call-scd.c (agent_card_devinfo): Check if client connects by a socket. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Initialize thread_startup.fd for pipe connection.NIIBE Yutaka2024-06-281-0/+1
| | | | | | | | * agent/gpg-agent.c (main): Let it have defined value. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Handle SCD DEVINFO --watch command in a special way.NIIBE Yutaka2024-06-271-0/+96
| | | | | | | | | | | | * agent/call-scd.c (devinfo_watch_thread): New. (agent_card_devinfo): New. (agent_card_scd): Call agent_card_devinfo when it's DEVINFO_WATCH_COMMAND. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:daemon: Add an argument to specify requiring socket connection.NIIBE Yutaka2024-06-274-5/+13
| | | | | | | | | | | | | * agent/agent.h (daemon_start): Add REQ_SOCK argument. * agent/call-daemon.c (daemon_start): Support specifying a socket connection. * agent/call-scd.c (start_scd): Connection don't care. * agent/call-tpm2d.c (start_tpm2d): Likewise. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Clean up for scdaemon handling.NIIBE Yutaka2024-06-111-5/+1
| | | | | | | | * agent/call-daemon.c (struct daemon_local_s): Remove G field. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix a race condition which results accessing finished scd.NIIBE Yutaka2024-06-111-4/+6
| | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): Decision of connection/reuse of CTX and assignment to ->ctx should be done with the lock. -- When scdaemon is exiting and agent tries to spawn/connect/reconnect, there is a race condition between detecting finish of scd and spawn/connect/reconnect. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Silence debug output from the PIN caching.Werner Koch2024-06-061-3/+5
| | | | | * agent/call-scd.c (handle_pincache_put): Use log_debug only in cache debug mode.
* indent: Fix spellingDaniel Kahn Gillmor2024-05-319-12/+12
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* spawn: Remove spawn callback, introduce gnupg_spawn_actions.NIIBE Yutaka2024-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (call_spawn_cb): Remove. (gnupg_spawn_actions_new, gnupg_spawn_actions_release) (gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork) (gnupg_spawn_actions_set_redirect) (gnupg_spawn_actions_set_inherit_fds): New. (my_exec, spawn_detached): Use spawn actions. (gnupg_spawn_helper): Remove. (gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions. * common/exechelp-w32.c: Ditto. * common/exechelp.h: Ditto. * agent/genkey.c (do_check_passphrase_pattern): Follow the change of gnupg_process_spawn API. * common/asshelp.c (start_new_service): Likewise. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * common/t-exechelp.c (test_pipe_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * g10/photoid.c (run_with_pipe): Likewise. * scd/app.c (report_change): Likewise. * tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd): Likewise. * tools/gpg-card.c (cmd_gpg): Likewise. * tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise. (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Avoid uninitialized access in GENKEY command on parameter error.Jakub Jelen2024-05-281-2/+2
| | | | | | | | | | * agent/command.c (cmd_genkey): Moved init_membuf to the top. -- Signed-off-by: Jakub Jelen <[email protected]> This is part of GnuPG-bug-id: 7129
* agent: Avoid double free of empty string in the PIN caching.Werner Koch2024-05-281-3/+7
| | | | | | | | | | * agent/call-scd.c (handle_pincache_get): Set PIN to NULL. Also add DBG_CACHE conditionals and don't return the pin in the debug output. -- This is part of GnuPG-bug-id: 7129 Co-authored-by: Jakub Jelen <[email protected]>
* agent: Make sure to return success in ephemeral store mode.Werner Koch2024-05-281-0/+1
| | | | | | | | | | | | * agent/genkey.c (store_key): Clear ERR on success. -- This fixes a real problem which might let ephemeral store mode fail randomly. This is part of GnuPG-bug-id: 7129 Co-authored-by: Jakub Jelen <[email protected]>
* agent:kem:ecc: Support a key on smartcard.NIIBE Yutaka2024-04-263-74/+243
| | | | | | | | | | | | | | | | | * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:kem: Fix memory leaks.NIIBE Yutaka2024-04-251-3/+6
| | | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info memory. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Allow NULL for R_PADDING, when calling scd and tpm2d.NIIBE Yutaka2024-04-253-8/+13
| | | | | | | | | | | | | | | * agent/call-scd.c (padding_info_cb): Allow NULL. (agent_card_pkdecrypt): Likewise. * agent/divert-scd.c (divert_pkdecrypt): Likewise. * agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Likewise. -- It's for RSA PKCD#1 encoding if the decrypt operation removes padding or not. When caller knows it's not RSA, this information is no use and it is better to allow NULL with the variable R_PADDING. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:kem: Factor out ECC KEM operation from composite KEM.NIIBE Yutaka2024-04-241-107/+136
| | | | | | | | | * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Simplify diverting operation to the smartcard.NIIBE Yutaka2024-04-241-10/+5
| | | | | | | | * agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Support Kyber with Brainpool512r1.Werner Koch2024-04-231-0/+6
| | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512. * agent/pkdecrypt.c (ecc_table): Support bp512 * g10/pkglue.c (do_encrypt_kem): Ditto. * tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384, and bp512. * tests/openpgp/privkeys: Add corresponding private keys. * tests/openpgp/samplemsgs: Add sample messages for those keys. -- GnuPG-bug-id: 6815
* Require Libgcrypt 1.11.0Werner Koch2024-04-231-60/+69
| | | | | | | | | | * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0 * agent/pkdecrypt.c (struct ecc_params): Move constants to the top. -- It does not make anymore sense to allow building with older Libgcrypt versions. After all PQ key support is a major feature and for this we need Libgcrypt.
* agent:kem: More fix for PQC KEM with X448.NIIBE Yutaka2024-04-231-17/+16
| | | | | | | | | | | * agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field. (ecc_table): Update. (get_ecc_params): Use strcmp. (composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:kem: Support other ML-KEM variants.NIIBE Yutaka2024-04-231-11/+40
| | | | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:kem: Support other ECC curves.NIIBE Yutaka2024-04-231-21/+105
| | | | | | | | | | * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add more diagnostics to PQC decryption.Werner Koch2024-04-111-16/+69
| | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
* agent: Rename the function using the word "composite"NIIBE Yutaka2024-04-111-5/+5
| | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Rename. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix PQC decryption.NIIBE Yutaka2024-04-111-28/+9
| | | | | | | | | | * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Change the format of SEXP in the protocol for symmetric cipher algorithm identifier. -- GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Move keyformat.txt to here.Werner Koch2024-04-111-520/+0
| | | | --
* doc: Fix a few typos in agent/keyformat.txtTodd Zullinger via Gnupg-devel2024-04-111-6/+6
| | | | | | -- Signed-off-by: Todd Zullinger <[email protected]>
* agent:kem: Externalize FIXED_INFO.NIIBE Yutaka2024-04-101-18/+51
| | | | | | | | | * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 23:44:04 +0000