* agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
(USE_GCRY_THREAD_CBS): New macro, defined if
GCRY_THREAD_OPTION_VERSION is 0.
(fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
(main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.
* agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
* tools/gpg-connect-agent.c (help_cmd_p): New.
(main): Treat an "SCD HELP" the same as "HELP".
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
* command-ssh.c (card_key_available): Change wording of no key
diagnostic.
(ssh_handler_request_identities): Do not call card_key_available
if the scdaemon is disabled.
When this mode is set an inquire will be sent to the client to retrieve
the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the
GENKEY and PASSWD commands use when generating a new key.
The protection used in the exported key used a different iteration
count than given in the S2K field. Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again. Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
2011-04-20 Marcus Brinkmann <mb@g10code.com>
* command.c (cmd_import_key): Release key from failed import
before converting openpgp private key in the openpgp-private-key
case.
Without Libgcrypt 1.5 is was not possible to use ECC keys. ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.
Also fixed a few missing prototypes.
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm. The hash algorithm
is used by app-openpgp.c only for a sanity check.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week. Adjusted my own ChangeLog
entries to be consistent with that entry.
Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future. "git diff -b" is useful
to read the actual changes ;-).
The ECC-INTEGRATION-2-1 branch can be closed now.
Import and export of secret keys does now work. Encryption has been
fixed to be compatible with the sample messages.
This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
Quite some changes were needed but in the end we have less code than
before. Instead of trying to do everything with MPIs and pass them
back and forth between Libgcrypt and GnuPG, we know use the
S-expression based interface and make heavy use of our opaque MPI
feature.
Encryption, decryption, signing and verification work with
self-generared keys.
Import and export does not yet work; thus it was not possible to check
the test keys at https://sites.google.com/site/brainhub/pgpecckeys .
Changed order of some conditional to make to put the special case into
the true branch. Indentation changes. Minor other changes to make the
ECC code more similar to the rest of our code.
It builds but many sefltests still fail. Need to fix that before
using it with an ECDH enabled libgcrypt.
[/]
2011-01-21 Werner Koch <wk@g10code.com>
* configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP.
(HAVE_GCRY_PK_ECDH): Add new test.
[agent/]
2011-01-21 Werner Koch <wk@g10code.com>
* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.
[include/]
2011-01-21 Werner Koch <wk@g10code.com>
* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
because we now require libgcrypt 1.4.6.
(GCRY_PK_ECDH): Add replacement.
The following works:
gpg2 --gen-key (ECC)
gpg2 --list-keys
gpg2 --list-packets ~/.gnupg/pubring.gpg
gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>
ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* command.c (start_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
scd/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* command.c (scd_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
sm/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on
fds.
g10/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds.
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not
assuan_pipe_connect_ext.
* command.c (start_command_handler): Change
assuan_init_socket_server_ext into assuan_init_socket_server.
* call-scd.c (start_scd): Update use of assuan_socket_connect and
assuan_pipe_connect.
* gpg-agent.c (check_own_socket_thread, check_for_running_agent):
Update use of assuan_socket_connect.
common/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.
scd/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* command.c (scd_command_handler): Call assuan_init_socket_server,
not assuan_init_socket_server_ext.
sm/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* call-dirmngr.c (start_dirmngr_ext): Update use of
assuan_pipe_connect and assuan_socket_connect.
tools/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (start_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* command.c (reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
common/
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
type to gpg_error_t.
g10/
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* server.c (reset_notify, input_notify, output_notify): Update to
new assuan interface.
(register_commands): Use assuan_handler_t.
scd/
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* command.c (reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
sm/
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* server.c (reset_notify, input_notify, output_notify): Update to
new assuan interface.
(register_commands): Use assuan_handler_t.
* call-agent.c (membuf_data_cb, default_inq_cb)
(inq_ciphertext_cb, scd_serialno_status_cb)
(scd_keypairinfo_status_cb, istrusted_status_cb)
(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
* command-ssh.c (stream_read_string): Initialize LENGTH to zero.
(start_command_handler_ssh): Use es_fgetc/es_ungetc to check if
EOF has been reached before trying to process another request.
g10/
* passphrase.c (passphrase_get): Set the cancel flag on all error
from the agent. Fixes a bug reported by Tom Duerbusch.
sm/
* gpgsm.c (main): Let --gen-key print a more informative error
message.
* protect-tool.c (get_passphrase): New arg OPT_CHECK.
(get_new_passphrase): Enable OTP_CHECK on the first call.
* command.c (cmd_get_passphrase): Implement option --check.
* gpg-agent.c (MIN_PASSPHRASE_LEN): New
(parse_rereadable_options): New option --min-passphrase-len.
* genkey.c (check_passphrase_constraints): New.
(agent_genkey, agent_protect_and_store): Call new function. Fix
memory leak.
* call-pinentry.c (agent_askpin): Allow translation of the displayed
error message.
(agent_popup_message_start): Remove arg CANCEL_BTN.
(popup_message_thread): Use --one-button option.
* command.c (cmd_passwd): Now that we don't distinguish between
assuan and regular error codes we can jump to the end on error.
common/
* simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.
* server.c (skip_options): Skip leading spaces.
(has_option): Honor "--".
(cmd_export): Add option --data to do an inline export. Skip all
options.
* certdump.c (gpgsm_fpr_and_name_for_status): New.
* verify.c (gpgsm_verify): Use it to print correct status messages.
doc/
* gpgsm.texi (GPGSM EXPORT): Document changes.
* preset-passphrase.c (preset_passphrase): Do not strip off last
character of passphrase.
(make_hexstring): New function.
* command.c (cmd_preset_passphrase): Use parse_hexstring to syntax
check passphrase argument. Truncate passphrase at delimiter.
* command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20
instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL
byte - KEY_GRIP_RAW is a raw binary string anyway.
char * vs. unsigned char * warnings. The GNU coding standards used to
say that these mismatches are okay and better than a bunch of casts.
Obviously this has changed now.
* gpg-agent.c: New option --write-env-file.
* gpg-agent.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
(es_func_fd_read, es_func_fd_write): Protect against EINTR.
* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
* scdaemon.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
(handle_connections): Include the file descriptor into the name of
the thread.
* dynload.h: s/__inline__/inline/.
* tlv.c [GNUPG_MAJOR_VERSION==1]: Define constants instead of
including a gnupg 1.4 header.
* watchgnupg.c: Make sure that PF_LCOAL and AF_LOCAL are defines.
Noted by Ray Link.
(agent_scd_check_aliveness): New.
* gpg-agent.c (handle_tick): Test for an alive scdaemon.
(handle_signal): Print thread info on SIGUSR1.
* scdaemon.c (handle_signal): Print thread info on SIGUSR1.
(show_file): Implement it.
* keyformat.txt: Define the created-at attribute for keys.
* ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level.
(parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good.
(ccid_transceive): Arghhh. The seqno is another bit in the
R-block than in the I block, this was wrong at one place.
* scdaemon.c: New options --debug-ccid-driver and
--debug-disable-ticker.
* app-openpgp.c (do_genkey, do_writekey): Factored code to check
for existing key out into ..
(does_key_exist): .. New function.
* gpg-connect-agent.c (add_definq, show_definq, clear_definq)
(handle_inquire): New.
(read_and_print_response): Handle INQUIRE command.
(main): Implement control commands.
sm/
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
this filter. Changed all callers.
* certchain.c (find_up_search_by_keyid): New helper.
(find_up): Also try using the AKI.keyIdentifier.
(find_up_external): Ditto.
* command-ssh.c (ssh_request_spec): New member: secret_input.
(REQUEST_SPEC_DEFINE): New argument: secret_input.
(request_specs): Add secret_input flag.
(request_spec_lookup): New function ...
(ssh_request_process): ... use it here; depending on secret_input
flag allocate secure or non-secure memory.
* command-ssh.c (sexp_key_extract): Removed FIXME, since
xtrymallos does set errno correctly by now.
(sexp_extract_identifier): Remove const attribute from identifier.
(ssh_handler_request_identities): Remove const attribute from
key_type; removes ugly casts and FIXME.
(sexp_key_extract): Remove const attribute from comment.
(ssh_send_key_public): Remove const attribute from
key_type/comment; removes ugly cast.
(data_sign): Remove const attribute from identifier; removes ugly
cast.
(key_secret_to_public): Remove const attribute from comment;
removes ugly cast.
(ssh_handler_sign_request): Remove const attribute from p.
(sexp_key_extract): Use make_cstring().
(ssh_key_extract_comment): Likewise.
(ssh_key_to_buffer): Use secure memory for memory area to hold the
key S-Expression.
Added more comments.
%0A may pass through.
* agent.h (server_control_s): New field USE_AUTH_CALL.
* call-scd.c (agent_card_pksign): Make use of it.
* command-ssh.c (data_sign): Set the flag.
(ssh_send_key_public): New arg OVERRIDE_COMMENT.
(card_key_available): Add new arg CARDSN.
(ssh_handler_request_identities): Use the card s/n as comment.
(sexp_key_extract): Use GCRYMPI_FMT_STD.
(data_sign): Ditto.
* learncard.c (make_shadow_info): Moved to ..
* protect.c (make_shadow_info): .. here. Return NULL on malloc
failure. Made global.
* agent.h: Add prototype.
* xasprintf.c (xtryasprintf): New.
* app-openpgp.c (get_public_key): Make sure not to return negative
numbers.
(do_sign): Allow passing of indata with algorithm prefix.
(do_auth): Allow OPENPGP.3 as an alternative ID.
* app.c (app_getattr): Return just the S/N but not the timestamp.
* no-libgcrypt.c (gcry_strdup): New.
../g10/call-agent.c
(card_getattr_cb, agent_card_getattr): New.
* command-ssh.c (card_key_available): New.
(ssh_handler_request_identities): First see whether a card key is
available.
* app.c (app_getattr): Return APPTYPE or SERIALNO type even if the
application does dot support the getattr call.
* app.c (select_application): Return an error code and the
application context in an new arg.
* command.c (open_card): Adjusted for that. Don't use the
fallback if no card is present. Return an error if the card has
been removed without a reset.
(do_reset, cmd_serialno): Clear that error flag.
(TEST_CARD_REMOVAL): New. Use it with all command handlers.
(scd_update_reader_status_file): Set the error flag on all changes.
select returns with -1.
* tools.texi (gpg-connect-agent): New.
* app-openpgp.c (get_one_do): Never try to get a non cacheable
object from the cache.
(get_one_do): Add new arg to return an error code. Changed all
callers.
(do_getattr): Let it return a proper error code.
* app.c (select_application): Return an error code and the
application context in an new arg.
* command.c (open_card): Adjusted for that. Don't use the
fallback if no card is present. Return an error if the card has
been removed without a reset.
(do_reset, cmd_serialno): Clear that error flag.
(TEST_CARD_REMOVAL): New. Use it with all command handlers.
* scdaemon.c (ticker_thread): Termintate if a shutdown is pending.
* apdu.c: Added some PCSC error codes.
(pcsc_error_to_sw): New.
(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
(open_pcsc_reader): Do proper error code mapping.
* gpg-connect-agent.c: New.
* Makefile.am: Add it.
(ssh_identity_register): Partly rewritten.
(open_control_file, search_control_file, add_control_entry): New.
(ssh_handler_request_identities): Return only files listed in our
control file.
* findkey.c (unprotect): Check for allocation error.
* agent.h (opt): Add fields to record the startup terminal
settings.
* gpg-agent.c (main): Record them and do not force keep display
with --enable-ssh-support.
* command-ssh.c (start_command_handler_ssh): Use them here.
* gpg-agent.c: Renamed option --ssh-support to
--enable-ssh-support.
* command.c (cmd_readkey): New.
(register_commands): Register new command "READKEY".
* command-ssh.c (ssh_request_process): Improved logging.
* findkey.c (agent_write_private_key): Always use plain open.
Don't depend on an umask for permissions.
(agent_key_from_file): Factored file reading code out to ..
(read_key_file): .. new function.
(agent_public_key_from_file): New.
* command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp
template, clarified.
(ssh_sexp_extract): Support shadowed-private-key-sexp; treat
protected-private key and shadowed-private-key as public keys.
(key_secret_to_public): Rewritten: simply use ssh_sexp_extract()
and ssh_sexp_construct().
1.9.
* agent.h (agent_exit): Add JNLIB_GCC_A_NR to indicate that this
function won't return.
* gpg-agent.c (check_for_running_agent): Initialize pid to a
default value if not needed.
* command-ssh.c: Removed stdint.h. s/byte_t/unsigned char/,
s/uint32/u32/ becuase that is what we have always used in GnuPG.
(ssh_request_specs): Moved to top of file.
(ssh_key_types): Ditto.
(make_cstring): Ditto.
(data_sign): Don't use a variable for the passphrase prompt, make
it translatable.
(ssh_request_process):
* findkey.c (modify_description): Renamed arguments for clarity,
polished documentation. Make comment a C-string. Fixed case of
DESCRIPTION being just "%".
(agent_key_from_file): Make sure comment string to a C-string.
* gpg-agent.c (create_socket_name): Cleanup the implemntation, use
DIMof, agent_exit, removed superflous args and return the
allocated string as value. Documented. Changed callers.
(create_server_socket): Cleanups similar to above. Changed callers.
(cleanup_do): Renamed to ..
(remove_socket): .. this. Changed caller.
(handle_connections): The signals are to be handled in the select
and not in the accept. Test all FDs after returning from a
select. Remove the event tests from the accept calls. The select
already assured that the accept won't block.
* command-ssh.c (ssh_handler_request_identities)
(ssh_handler_sign_request, ssh_handler_add_identity)
(ssh_handler_remove_identity, ssh_handler_remove_all_identities)
(ssh_handler_lock, ssh_handler_unlock): Changed to return an error
code instead of a boolean.
(ssh_request_process): Changed to return a boolean instead of an
error; adjust caller.
(ssh_request_handle_t): Adjusted type.
(ssh_request_spec): New member: identifier.
(REQUEST_SPEC_DEFINE): New macro; use it for initialization of
request_specs[].
(ssh_request_process): In debugging mode, log identifier of
handler to execute.
(start_command_handler_ssh): Moved most of the stream handling
code ...
(ssh_request_process): ... here.
* command-ssh.c: New file.
* Makefile.am (gpg_agent_SOURCES): New source file: command-ssh.c.
* findkey.c (modify_description): New function.
(agent_key_from_file): Support comment field in key s-expressions.
* gpg-agent.c (enum cmd_and_opt_values): New item: oSSHSupport.
(opts) New entry for oSSHSupport.
New variable: socket_name_ssh.
(cleanup_do): New function based on cleanup().
(cleanup): Use cleanup_do() for socket_name and socket_name_ssh.
(main): New switch case for oSSHSupport.
(main): Move socket name creation code to ...
(create_socket_name): ... this new function.
(main): Use create_socket_name() for creating socket names for
socket_name and for socket_name_ssh in case ssh support is
enabled.
Move socket creation code to ...
(create_server_socket): ... this new function.
(main): Use create_server_socket() for creating sockets.
In case standard_socket is set, do not only store a socket name in
socket_name, but also in socket_name_ssh.
Generate additional environment info strings for ssh support.
Pass additional ssh socket argument to handle_connections.
(start_connection_thread_ssh): New function.
(handle_connections): Use select to multiplex between gpg-agent
and ssh-agent protocol.
* agent.h (struct opt): New member: ssh_support.
Declare function: start_command_handler_ssh.
* Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that
pwquery may use stuff from jnlib. Conditionally add -lwsock2
(gpg_protect_tool_LDADD): Ditto.
* preset-passphrase.c (main): Use default_homedir().
(main) [W32]: Initialize sockets.
* simple-pwquery.c (agent_open) [W32]: Implement for W32.
(readline) [W32]: Use recv instead of read.
(writen) [W32]: Use send instead of write.
(my_stpcpy): Define a stpcpy replacement so that this file
continues to be self-contained.
(agent_send_all_options) [W32]: Don't call ttyname.
* gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New
* gnupg.texi: Add a logo.
* sysnotes.texi: New.
* gpgsm.c (main): Use default_homedir().
(main) [W32]: Default to disabled CRL checks.
* gpgconf-comp.c (get_config_pathname) [DOSISH]: Detect absolute
pathnames with a drive letter.
directories default to c:/gnupg. Require libassuan 0.6.9.
* gpg-agent.c (main) [W32]: Now that Mutexes work we can remove
the pth_init kludge.
(main): Add new options --[no-]use-standard-socket.
(check_for_running_agent): Check whether it is running on the
standard socket.
* sysutils.h [W32]: Define sleep.
* util.h: Add prototype for mkdtemp.
* call-agent.c (start_agent): Before starting a pipe server start
to connect to a server on the standard socket. Use PATHSEP
* call-dirmngr.c (start_dirmngr): Use PATHSEP.
* import.c: Include unistd.h for dup and close.
now use the identical implementation from ../common/membuf.c.
* pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use
membuf functions to return the value.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* genkey.c (agent_genkey): Ditto.
* command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced
assuan_get_data_fp() by a the membuf scheme.
(clear_outbuf, write_and_clear_outbuf): New.
* membuf.c (put_membuf): Wipe out buffer after a failed realloc.
(_pth_strerror): Renamed to ...
(w32_strerror): .. this. And let callers provide a buffer.
(spawn_helper_thread): Removed HD arg and hardwire the stack size
to 32k.
(do_pth_wait): Removed use of ATTR; not needed for the helper
threads.
(helper_thread): Renamed to ..
(launch_thread): .. this. Release handle if not joinable.
(struct pth_priv_hd_s): Renamed to ...
(struct thread_info_s): .. this. Add member JOINABLE and TH.
* stringhelp.c (w32_strerror) [W32]: New.
* w32-pth.c, w32-pth.h: Added real code written by Timo Schulz.
Not finished, though.
* gpgconf-comp.c <ignore-ocsp-service-url>: Fixed typo.
when the log file has not beend hadled. This is will let the main
option processing continue. Fixed a bug introduced on 2004-09-4
resulting in logging to stderr until a HUP has been given.
(main): Don't close the listen FD.
passphrase has been given.
* gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the
expected pinentry filename.
* import.c (parse_p12): Write an error status line for bad
passphrases. Add new arg CTRL and changed caller.
* export.c (export_p12): Likewise.
* agent.h: Declare: agent_pksign_do.
(struct server_control_s): New member: raw_value.
* pksign.c (do_encode_md): New argument: raw_value; support
generation of raw (non-pkcs1) data objects; adjust callers.
(agent_pksign_do): New function, based on code ripped
out from agent_pksign.
(agent_pksign): Use agent_pksign_do.
* command.c (start_command_handler): Set ctrl.digest.raw_value.
(main): The default action is now to check for an already running
agent.
(parse_rereadable_options): Set logfile only on reread.
(main): Do not print the "is development version" note.
prompts passed to gpg-agent are utf-8 encoded. Add new prompt values.
(import_p12_file, import_p12_file, export_p12_file): Changed calls
to get_passphrase so that better prompts are displayed.
(get_new_passphrase): New.
(start_connection_thread): Hack to simulate a ticker.
* trustlist.c (agent_trustlist_housekeeping)
(agent_reload_trustlist): New. Protected all global functions
here with a simple counter which is sufficient for Pth.
* fingerprint.c (gpgsm_get_key_algo_info): New.
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
* keylist.c (list_cert_colon): Really print the algorithm and key
length.
(list_cert_raw, list_cert_std): Ditto.
(list_cert_colon): Reorganized to be able to tell whether a root
certificate is trusted.
(main): New option --allow-mark-trusted.
* trustlist.c (agent_marktrusted): Use it here.
* gpg-agent.texi (Agent Options): Add --allow-mark-trusted.
* gpgconf-comp.c: Add --allow-mark-trusted for the gpg-agent.
(store_private_key): Print status messages for imported keys.
(read_and_unprotect): Ditto for bad passphrase.
* import.c (check_and_store): Do not update the stats for hidden
imports of issuer certs.
(popen_protect_tool): Request statusmessages from the protect-tool.
(parse_p12): Detect status messages. Add new arg STATS and update them.
(print_imported_summary): Include secret key stats.
changing oLogFile.
(current_logfile): New.
* logging.c (log_set_file): Make sure the log stream will be
closed even if the stderr fileno will be assigned to a new socket.
detached.
* logging.h (JNLIB_LOG_WITH_PREFIX): Add constants for the flag
values.
* logging.c (log_set_prefix): New flag DETACHED.
(fun_writer): Take care of this flag.
(log_test_fd): New.
Introduce PACKAGE_GT and set it to gnupg2.
* gpg-agent.c (main): Use new libgcrypt thread library register
scheme.
* Makevars (DOMAIN): Init from PACKAGE_GT
* genkey.c (reenter_compare_cb): Do not set the error text.
(agent_protect_and_store, agent_genkey): Force a re-enter after a
non-matching passphrase.
* query.c (agent_askpin): Add new arg INITIAL_ERRTEXT; changed
all callers.
(export_p12_file): Read a certificate from STDIN and pass it to
p12_build. Detect a keygrip and construct the filename in that
case. Unprotcet a key if needed. Print error messages for key
formats we can't handle.
(release_passphrase): New.
(get_passphrase): New arg PROMPTNO. Return the allocated
string. Changed all callers.
* minip12.c: Revamped the build part.
(p12_build): New args CERT and CERTLEN.
* simple-pwquery.c (agent_open): Don't mangle INFOSTR.
* export.c (export_p12, popen_protect_tool)
(gpgsm_p12_export): New.
* gpgsm.c (main): New command --export-secret-key-p12.
* command.c (start_command_handler): Init it here.
* gpg-agent.c (agent_init_default_ctrl): and here.
* call-scd.c: Add the CTRL arg to all functions calling start_scd
and pass it to start_scd. Changed all callers
(start_scd): Keep track of the current active connection.
(agent_reset_scd): New.
* command.c (start_command_handler): Call it here.
* learncard.c (agent_handle_learn): Add arg CTRL; changed caller.
(send_cert_back): Ditto.
that we have more detailed error messages in the upper layers.
This fixes the handling pinentry's cancel button.
* pksign.c (agent_pksign): Changed accordingly.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* command.c (cmd_passwd): Ditto.
* scdaemon.c, scdaemon.h: New option --pcsc-ccid.
* ccid-driver.c, ccid-driver.h: New but far from being useful.
* Makefile.am: Add above.
* apdu.c: Add support for that ccid driver.
* findkey.c: Include <fcntl.h>.
(agent_write_private_key): Prefer POSIX compatibity, open and
fdopen, over the simplicity of GNU extensions, fopen(file, "x").
(agent_get_passphrase): Ditto.
* Makefile.am: Renamed the binary protect-tool to gpg-protect-tool.
* protect-tool.c: Removed the note about internal use only.
* gpg-agent.c (main): New option --daemon so that the program is
not accidently started in the background.
pinentry.
* Makefile.am: Renamed the binary protect-tool to gpg-protect-tool.
* protect-tool.c: Removed the note about internal use only.
* gpg-agent.c (main): New option --daemon so that the program is
not accidently started in the background.
* findkey.c (agent_write_private_key,agent_key_from_file)
(agent_key_available): Use GNUPG_PRIVATE_KEYS_DIR constant.
* gpg-agent.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
* protect-tool.c (store_private_key): New.
(import_p12_file): Store the new file if requested.
(main): New options --force and --store.
* gpg-agent.c (main): Set a global flag when runing detached.
* query.c (start_pinentry): Pass the list of FD to keep in the
child when not running detached.
* call-scd.c (start_scd): Ditto.
* query.c (agent_askpin): Use the callback to check for a correct
PIN. Removed the start_err_text argument becuase it is not
anymore needed; changed callers.
* findkey.c (unprotect): Replace our own check loop by a callback.
(try_unprotect_cb): New.
* genkey.c (reenter_compare_cb): New.
(agent_genkey): Use this callback here. Fixed setting of the pi2
variable and a segv in case of an empty PIN.
* divert-scd.c (getpin_cb): Removed some unused stuff and
explained what we still have to change.
* call-scd.c: Seirialized all scdaeom access when using Pth.
* cache.c: Made the cache Pth-thread-safe.
(agent_unlock_cache_entry): New.
* findkey.c (unprotect): Unlock the returned cache value.
* command.c (cmd_get_passphrase): Ditto.
* gpg-agent.c (main): Register pth_read/write with Assuan.
* configure.ac: Check for locale.h.
agent/
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
* agent.h (struct opt): Add members display, ttyname, ttytype,
lc_ctype, and lc_messages.
* gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname,
oTTYtype, oLCctype, and LCmessages.
(main): Handle these options.
* command.c (option_handler): New function.
(register_commands): Register option handler.
* query.c (start_pinentry): Pass the various display and tty
options to the pinentry.
sm/
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.h (struct opt): New members display, ttyname, ttytype,
lc_ctype, lc_messages.
* gpgsm.c (enum cmd_and_opt_values): New members oDisplay,
oTTYname, oTTYtype, oLCctype, oLCmessages.
(opts): New entries for these options.
(main): Handle these new options.
* call-agent.c (start_agent): Set the various display and tty
parameter after resetting.
* gpgsm.c: New command --learn-card
* call-agent.c (learn_cb,gpgsm_agent_learn): New.
* gpgsm.c (main): Print error messages for non-implemented commands.
agent/
* learncard.c: New.
* divert-scd.c (ask_for_card): The serial number is binary so
convert it to hex here.
* findkey.c (agent_write_private_key): New.
* genkey.c (store_key): And use it here.
scd/
* pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done.
* divert-scd.c (divert_pkdecrypt): Changed interface and
implemented it.
used and divert the operation in this case.
* pkdecrypt.c (agent_pkdecrypt): Likewise
* findkey.c (agent_key_from_file): Add optional arg shadow_info
and have it return information about a shadowed key.
* protect.c (agent_get_shadow_info): New.
* protect.c (snext,sskip,smatch): Moved to
* sexp-parse.h: new file.
* divert-scd.c: New.
* protect.c (agent_private_key_type): New.
* agent.h: Add PRIVATE_KEY_ enums.
* findkey.c (agent_key_from_file): Use it to decide whether we
have to unprotect a key.
(unprotect): Cache the passphrase.
* findkey.c (agent_key_from_file,agent_key_available): The key
files do now require a ".key" suffix to make a script's life
easier.
* genkey.c (store_key): Ditto.
* cache.c: New.
* command.c (cmd_get_passphrase): Use the cache.
(cmd_clear_passphrase): Ditto.
* gpg-agent.c: Removed unused cruft and implement the socket
based server.
(my_strusage): Take bug report address from configure.ac.
* command.c (start_command_handler): Add an argument to start as
regular server.
(start_command_handler): Enable Assuan logging.
based server.
(my_strusage): Take bug report address from configure.ac.
* command.c (start_command_handler): Add an argument to start as
regular server.
(start_command_handler): Enable Assuan logging.
2001-12-14 Marcus Brinkmann <marcus@g10code.de>
* assuan-buffer.c (_assuan_read_line): New variable ATTICLEN, use
it to save the length of the attic line.
Rediddle the code a bit to make it more clear what happens.
agent/
2001-12-19 Marcus Brinkmann <marcus@g10code.de>
* query.c (start_pinentry): Add new argument to assuan_pipe_connect.
sm/
2001-12-19 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c (start_agent): Add new argument to assuan_pipe_connect.