security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Merge branch 'STABLE-BRANCH-2-2' into master

Browse Source
This commit is contained in:
Werner Koch 2017-12-11 10:42:38 +01:00
commit b38ca59bdb
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
7 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
agent/gpg-agent.c
View File

@ -135,6 +135,7 @@ enum cmd_and_opt_values
oDisableScdaemon, oDisableScdaemon,
oDisableCheckOwnSocket, oDisableCheckOwnSocket,
oS2KCount, oS2KCount,
oAutoExpandSecmem,
oWriteEnvFile oWriteEnvFile
}; };
@ -252,6 +253,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_u (oS2KCount, "s2k-count", "@"), ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
ARGPARSE_op_u (oAutoExpandSecmem, "auto-expand-secmem", "@"),
/* Dummy options for backward compatibility. */ /* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@ -1025,6 +1028,7 @@ main (int argc, char **argv )
assuan_set_malloc_hooks (&malloc_hooks); assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_sock_init (); assuan_sock_init ();
assuan_sock_set_system_hooks (ASSUAN_SYSTEM_NPTH);
setup_libassuan_logging (&opt.debug, NULL); setup_libassuan_logging (&opt.debug, NULL);
setup_libgcrypt_logging (); setup_libgcrypt_logging ();
@ -1233,6 +1237,14 @@ main (int argc, char **argv )
socket_name_browser = pargs.r.ret_str; socket_name_browser = pargs.r.ret_str;
break; break;
case oAutoExpandSecmem:
/* Try to enable this option. It will officially only be
* supported by Libgcrypt 1.9 but 1.8.2 already supports it
* on the quiet and thus we use the numeric value value. */
gcry_control (78 /*GCRYCTL_AUTO_EXPAND_SECMEM*/,
(unsigned int)pargs.r.ret_ulong, 0);
break;
case oDebugQuickRandom: case oDebugQuickRandom:
/* Only used by the first stage command line parser. */ /* Only used by the first stage command line parser. */
break; break;

6
agent/keyformat.txt
View File

@ -271,7 +271,7 @@ to keys stored on a token:
(comment whatever) (comment whatever)
) )
The currently used protocol is "ti-v1" (token info version 1). The The currently used protocol is "t1-v1" (token info version 1). The
second list with the information has this layout: second list with the information has this layout:
(card_serial_number id_string_of_key fixed_pin_length) (card_serial_number id_string_of_key fixed_pin_length)
@ -379,7 +379,7 @@ Example:
(protected-shared-secret (protected-shared-secret
((desc "List of system passphrases") ((desc "List of system passphrases")
(key "uid-1002" ("Knuth" "Donald Ervin Knuth")) (key "uid-1002" ("Knuth" "Donald Ervin Knuth"))
(key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra")) (key "uid-1001" ("Dijkstra" "Edsger Wybe Dijkstra"))
(key) (key)
(protected mode (parms) encrypted_octet_string) (protected mode (parms) encrypted_octet_string)
(protected-at "20100915T111722") (protected-at "20100915T111722")
@ -402,7 +402,7 @@ hashed:
((desc "List of system passphrases") ((desc "List of system passphrases")
(key "uid-1002" ("Knuth" "Donald Ervin Knuth")) (key "uid-1002" ("Knuth" "Donald Ervin Knuth"))
(key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra")) (key "uid-1001" ("Dijkstra" "Edsger Wybe Dijkstra"))
(key) (key)
(value 4:1002 "signal flags at the lock") (value 4:1002 "signal flags at the lock")
(value 4:1001 "taocp") (value 4:1001 "taocp")

2
agent/protect.c
View File

@ -1494,7 +1494,7 @@ make_shadow_info (const char *serialno, const char *idstring)
/* Create a shadow key from a public key. We use the shadow protocol /* Create a shadow key from a public key. We use the shadow protocol
"ti-v1" and insert the S-expressionn SHADOW_INFO. The resulting "t1-v1" and insert the S-expressionn SHADOW_INFO. The resulting
S-expression is returned in an allocated buffer RESULT will point S-expression is returned in an allocated buffer RESULT will point
to. The input parameters are expected to be valid canonicalized to. The input parameters are expected to be valid canonicalized
S-expressions */ S-expressions */

2
agent/t-protect.c
View File

@ -288,7 +288,7 @@ static void
test_agent_shadow_key (void) test_agent_shadow_key (void)
{ {
/* Create a shadow key from a public key. We use the shadow protocol /* Create a shadow key from a public key. We use the shadow protocol
"ti-v1" and insert the S-expressionn SHADOW_INFO. The resulting "t1-v1" and insert the S-expressionn SHADOW_INFO. The resulting
S-expression is returned in an allocated buffer RESULT will point S-expression is returned in an allocated buffer RESULT will point
to. The input parameters are expected to be valid canonicalized to. The input parameters are expected to be valid canonicalized
S-expressions */ S-expressions */

5
build-aux/speedo.mk
View File

@ -514,7 +514,10 @@ else
speedo_pkg_pinentry_configure = --enable-pinentry-gtk2 speedo_pkg_pinentry_configure = --enable-pinentry-gtk2
endif endif
speedo_pkg_pinentry_configure += \ speedo_pkg_pinentry_configure += \
--disable-pinentry-qt4 \ --disable-pinentry-qt5 \
--disable-pinentry-qt \
--disable-pinentry-fltk \
--disable-pinentry-tty \
CPPFLAGS=-I$(idir)/include \ CPPFLAGS=-I$(idir)/include \
LDFLAGS=-L$(idir)/lib \ LDFLAGS=-L$(idir)/lib \
CXXFLAGS=-static-libstdc++ CXXFLAGS=-static-libstdc++

11
doc/gpg-agent.texi
View File

@ -652,6 +652,17 @@ Select the digest algorithm used to compute ssh fingerprints that are
communicated to the user, e.g. in pinentry dialogs. OpenSSH has communicated to the user, e.g. in pinentry dialogs. OpenSSH has
transitioned from using MD5 to the more secure SHA256. transitioned from using MD5 to the more secure SHA256.
@item --auto-expand-secmem @var{n}
@opindex auto-expand-secmem
Allow Libgcrypt to expand its secure memory area as required. The
optional value @var{n} is a non-negative integer with a suggested size
in bytes of each additionally allocated secure memory area. The value
is rounded up to the next 32 KiB; usual C style prefixes are allowed.
For an heavy loaded gpg-agent with many concurrent connection this
option avoids sign or decrypt errors due to out of secure memory error
returns.
@item --s2k-count @var{n} @item --s2k-count @var{n}
@opindex s2k-count @opindex s2k-count
Specify the iteration count used to protect the passphrase. This Specify the iteration count used to protect the passphrase. This

6
g10/parse-packet.c
View File

@ -3087,6 +3087,12 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
else else
pt->name[i] = c; pt->name[i] = c;
} }
/* Fill up NAME so that a check with valgrind won't complain about
* reading from uninitalized memory. This case may be triggred by
* corrupted packets. */
for (; i < namelen; i++)
pt->name[i] = 0;
pt->timestamp = read_32 (inp); pt->timestamp = read_32 (inp);
if (pktlen) if (pktlen)
pktlen -= 4; pktlen -= 4;