1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

1014 Commits

Author SHA1 Message Date
Werner Koch
934a60de6b
ssh: Fix adding an ed25519 key with a zero length comment.
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--

Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.

The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.

GnuPG-bug-id: 5794
2022-01-28 19:59:11 +01:00
James Bottomley via Gnupg-devel
af2fbd9b01
agent: always use hexgrip when storing key password
--
The current code uses the binary ctrl->keygrip, but all the passphrase
storage engines expect this to be a string, so convert the binary
keygrip to a hex one before passing it in as the keyid.  This fixes a
crash seen in some libsecret implementations where a non-ascii keyid
isn't well handled.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2022-01-24 22:22:05 +01:00
NIIBE Yutaka
c3db27fa85 agent: Fix comment for .po generation.
* agent/call-pinentry.c (setup_formatted_passphrase): Move comment to
inside.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-21 10:11:04 +09:00
Werner Koch
bd5c775878
agent: Print the non-option warning earlier.
* agent/gpg-agent.c (main): Move detection up.
--

The problem is that PARGS is re-used and when detecting a possible
incorrect use, the flag that "--" has already been seen has gone.
2021-11-14 18:06:33 +01:00
Werner Koch
dd708f60d5
agent,dirmngr: New option --steal-socket
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.

* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.  Add comment to eventually implement it.
--

Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-13 14:56:40 +01:00
Jakub Jelen
ae3d0bb8e7 agent: Avoid uninitialized buffer.
* agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to
avoid its use on unexpected inputs.

--

GnuPG-bug-id: 5393
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-12 15:36:02 +09:00
Jakub Jelen
50f32eb066 agent: Correctly free memory on error path.
* agent/protect.c (merge_lists): Free memory on error.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-12 15:35:56 +09:00
NIIBE Yutaka
3918fa1a94 agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-05 14:05:56 +09:00
NIIBE Yutaka
eeb25df6f8 agent: Fix calibrate_get_time use of clock_gettime.
* agent/protect.c (USE_CLOCK_GETTIME): New macro.
(calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME.

--

GnuPG-bug-id: 5623
Fixes-commit: 380bce13d94ff03c96e39ac1d834f382c5c730a1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-05 11:53:29 +09:00
Werner Koch
af3b190154
agent: Fix segv in GET_PASSPHRASE (regression)
* agent/command.c (cmd_get_passphrase): Do not deref PI.  PI is always
NULL.
--

Fixes-commit: b89b1f35c29ceaebe39b31444936aa66c9297f2c
GnuPG-bug-id: 5577
2021-09-07 08:57:44 +02:00
Werner Koch
661c2ae966
agent: Use the sysconfdir for a pattern file.
* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
2021-08-18 19:21:22 +02:00
Werner Koch
b89b1f35c2
agent: Ignore passphrase constraints for a generated passphrase.
* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
(MAX_GENPIN_TRIES): Remove.
* agent/call-pinentry.c (struct entry_parm_s):
(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
(is_generated_pin): New.
(inq_cb): Suppress constraints checking for a generated passphrase.
No more need for several tries to generate the passphrase.
(do_getpin): Store a generated passphrase/pin in the status field.
(agent_askpin): Suppress constraints checking for a generated
passphrase.
(agent_get_passphrase): Ditto.
* agent/command.c (cmd_get_passphrase): Ditto.
--

A generated passphrase has enough entropy so that all kind of extra
checks would only reduce the actual available entropy.  We thus detect
if a passphrase has been generated (and not changed) and skip all
passphrase constraints checking.
2021-08-18 18:46:39 +02:00
Werner Koch
8ed7910347
agent: Improve the GENPIN callback.
* agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by  ...
(DEFAULT_GENPIN_BITS): this and increase to 150.
(generate_pin): Make sure that we use at least 128 bits.
2021-08-18 11:24:53 +02:00
Werner Koch
9fb6466602
agent: Fix for zero length help string in pinentry hints.
* agent/call-pinentry.c: Remove unused assert.h.
(inq_cb): Fix use use of assuan_end_confidential in case of nested
use.
(do_getpin): Ditto.
(setup_formatted_passphrase): Escape the help string.
(setup_enforced_constraints): Ignore empty help strings.
--

(Ported from 2.2)
2021-08-18 10:36:42 +02:00
Werner Koch
1305baf099
agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient
* agent/call-pinentry.c (atfork_core): Pass DISPLAY.
2021-08-13 14:08:53 +02:00
Werner Koch
7c45a69eb9
agent: New option --check-sym-passphrase-pattern.
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg.  Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing.  Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constrainst flag from the supplied pinentry
struct.
--

Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different.  Thus a
the use of a different pattern file will be useful.  Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.

GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-13 13:42:31 +02:00
Ingo Klöcker
99601778f4 agent: Make --pinentry-formatted-passphrase a simple flag
* agent/agent.h (opt): Change type of pinentry_formatted_passphrase
to int (as for other flags).
* agent/call-pinentry.c (setup_formatted_passphrase): Remove no longer
needed translated strings. Write option without value to Assuan
connection.
* agent/gpg-agent.c (opts): Use ARGPARSE_s_n for
oPinentryFormattedPassphrase.
(parse_rereadable_options): Set option to 1.
--

GnuPG-bug-id: 5553, 5517
2021-08-12 10:50:33 +02:00
Ingo Klöcker
5976d293ef
agent: Add checkpin inquiry for pinentry
* agent/call-pinentry.c (inq_cb): Handle checkpin inquiry.
(setup_enforced_constraints): New.
(agent_get_passphrase): Call setup_enforced_constraints if new
passphrase is requested.
--

This implements the gpg-agent side for checking whether a new passphrase
entered by the user in pinentry satisfies the passphrase constraints.
Performing a checkpin inquiry is only allowed if the passphrase
constraints are enforced. setup_enforced_constraints sends necessary
options and translated strings to pinentry.

GnuPG-bug-id: 5517, 5532
2021-08-10 12:05:57 +02:00
Ingo Klöcker
bf20a80f68
agent: New option --pinentry-formatted-passphrase
* agent/agent.h (opt): Add field pinentry_formatted_passphrase.
* agent/call-pinentry.c (setup_formatted_passphrase): New.
(agent_get_passphrase): Pass option to pinentry.
* agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
(opts): Add option.
(parse_rereadable_options): Set option.
--

GnuPG-bug-id: 5517
2021-08-10 12:05:53 +02:00
Ingo Klöcker
b2a6e5b516 agent: Add translatable text for Caps Lock hint
* agent/call-pinentry.c (start_pinentry): Add new default text.
--

GnuPG-bug-id: 4950
2021-07-21 12:57:44 +02:00
Werner Koch
a6efde307f
agent: Fix regression in agent_get_shadow_info_type.
* agent/protect.c (agent_get_shadow_info_type): Return the correct
value.
--

Fixes-commit: 33a2362e566c0e0d7011abf2e5fa5704d7cb4206
GnuPG-bug-id: 5393
2021-06-25 20:23:01 +02:00
NIIBE Yutaka
7a80004d54 agent: Fix importing protected secret key.
* agent/cvt-openpgp.c (do_unprotect): Only modify SKEY when it is
correctly decrypted.

--

GnuPG-bug-id: 5122
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-09 10:57:52 +09:00
NIIBE Yutaka
21ef425e22 agent: Appropriate error code for importing key with no passwd.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Return
GPG_ERR_BAD_SECKEY.

--

When non-protected case, error at gcry_pk_testkey results
GPG_ERR_BAD_PASSPHRASE.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-04 13:44:05 +09:00
NIIBE Yutaka
36f50b259c agent: Fix calling handle_pincache_put.
* agent/call-scd.c (padding_info_cb): Fix the argument.

--

GnuPG-bug-id: 5436
Reported-by: Bogdan Luca
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-28 13:43:59 +09:00
Jakub Jelen
33a2362e56
agent: Fix memory leaks
* agent/call-daemon.c (daemon_start): free wctp
* agent/call-scd.c (agent_card_pksign): return error instead of noop
(card_keyinfo_cb): free keyinfo.  Restructure to avoid a goto backwards.
* agent/protect.c (agent_get_shadow_info_type): allocate only as a last
action.  Catch xtrymalloc failure.
(agent_is_tpm2_key): Free buf.

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Additional changes are:
- Restructure to avoid a goto backwards.
- Catch xtrymalloc failure.

GnuPG-bug-id: 5393
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-20 14:28:49 +02:00
Jakub Jelen
a95ddffdcd
agent: Avoid memory leaks in error code paths.
* agent/command.c (cmd_genkey): Use goto instead of return.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto.
* agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct
pointer
(agent_genkey): Release memory
* agent/gpg-agent.c (check_own_socket): Free sockname
* agent/protect-tool.c (read_key): Free buf.
(agent_askpin): Free passphrase

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Changed original patch to not add a free before a GPG_ERR_BUG.

Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5393
2021-05-20 13:38:07 +02:00
Werner Koch
40da61b89b
gpg: Improve speed of secret key listing.
* agent/command.c (cmd_keyinfo): Factor some code out to ...
(get_keyinfo_on_cards): ... new.
(cmd_havekey): Add --list mode.
* g10/gpg.h (struct server_control_s): Add new caching vars.
* g10/gpg.c (gpg_deinit_default_ctrl): Release cache.
* g10/call-agent.c (agent_probe_any_secret_key): Init and try to use
the keygrip cache.
(agent_genkey): Clear the cache.
(agent_import_key): Ditto.

* g10/keylist.c (list_all, list_one): Pass ctrl to
agent_probe_any_secret_key.
* g10/getkey.c (lookup): Ditto.
--

With this change we first ask the agent for a list of all secret
keygrips and use that list instead of asking the agent for each public
key.  Speeds up my "gpg -K" with a lot of secret and public keys by
more than 25%.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-19 02:42:35 +02:00
Werner Koch
310b064f52
agent: Use SHA-256 for SSH fingerprint by default
* agent/gpg-agent.c (parse_rereadable_options): Change default ssh
fingerprint digest.
(main): Ditto.
--

Co-authored-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5434
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-12 08:55:51 +02:00
Werner Koch
965bb0693c
A few minor code cleanups and typo fixes.
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-11 09:06:34 +02:00
Werner Koch
0b875aa11a
agent,w32: Silence the get_peercred failed diagnostic
--
2021-04-23 09:52:57 +02:00
Werner Koch
50293ec2eb
gpg: Allow decryption w/o public key but with correct card inserted.
* agent/command.c (cmd_readkey): Add option --no-data and special
handling for $SIGNKEYID and $AUTHKEYID.
* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
output.
* g10/skclist.c (enum_secret_keys): Automagically get a missing public
key for the current card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-23 08:50:39 +02:00
Werner Koch
84c2d97cca
agent: Require verbose level 2 for handler started/terminated notices.
* agent/gpg-agent.c (do_start_connection_thread): Silence diags even
more.
2021-04-23 08:50:39 +02:00
Werner Koch
8f2c9cb735
agent: Silence error messages for READKEY --card
* agent/command.c (cmd_readkey): Test for shadow key before creating
it.
2021-04-21 21:00:28 +02:00
Werner Koch
45918813f0
Support log-file option from common.conf for all daemon.
* agent/gpg-agent.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* dirmngr/dirmngr.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* kbx/keyboxd.c: Include comopt.h.
(main): Read log-file option from common.conf.
(reread_configuration): Ditto.
* scd/scdaemon.c: Include comopt.h.
(main): Read log-file option from common.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-20 10:50:10 +02:00
Jakub Jelen
cd66b2eb0d agent,kbx: Add LIBASSUAN_CLFAGS.
* agent/Makefile.am (gpg_preset_passphrase_CFLAGS, t_protect_CFLAGS):
Add LIBASSUAN_CFLAGS.
* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS):
Likewise.

--

GnuPG-bug-id: 5389
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-04-13 13:54:14 +09:00
Werner Koch
2d2391dfc2
agent: Skip unknown unknown ssh curves seen on cards.
* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
curves.
--

For example when using my standard ed25519 token and testing cards
with only Brainpool support, the ssh-agent failed due to the unknown
curves seen on the card.  This patches fixes this by ignoring keys
with unknown curves.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-29 15:39:32 +02:00
Werner Koch
6de1ec3ba5
agent: Add debug output for failed RSA signature verification
* agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
and print some debug info in the error case.
--

Note that the addition of do_encode_dsa has no immediate effect
because we use the code only for RSA.  However, for debugging it can
be useful to change the code to check also other created signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-26 14:30:58 +01:00
Werner Koch
26215cb211
agent: Simplify a function.
* agent/findkey.c (agent_public_key_from_file): Use a membuf instead
of handcounting space.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-18 09:53:09 +01:00
Werner Koch
1523b5f76f
gpg: New option --no-auto-trust-new-key.
* g10/gpg.c (oNoAutoTrustNewKey): New.
(opts): Add --no-auto-trust-new-key.
(main): Set it.
* g10/options.h (opt): Add flags.no_auto_trust_new_key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
Werner Koch
43bb5250a6
agent: Fix build without TPM
--
2021-03-10 15:52:20 +01:00
James Bottomley
92b601fcee
gpg: Add new command keytotpm to convert a private key to TPM format
* agent/command.c (cmd_keytotpm): New.
(agent/command.c): Register new command KEYTOTPM.
* g10/call-agent.c (agent_keytotpm): New.
* g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
(keyedit_menu): Implement.

--

The plumbing is done in two parts: the agent is modified to understand
a KEYTOTPM assuan command taking the key grip as an argument.  This
simply obtains the key s expression and calls the existing writeky
diversion to the tpm2daemon.  The daemon reponds with the TPM
conversion of the key and that key is then stored in the keyfile as a
shadowed-private-key with "tpm2-v1" type.

To effect the conversion, all the user does from gpg --edit-key is
select which private key they wish to move (or move the primary if no
key is selected) and type keytotpm.  The conversion to TPM form is
instantaneous and once converted, the actual key cannot be recovered,
meaning that if you want your gpg key to move to a new laptop you must
keep an unconverted backup copy in a safe location.

When you do a list command, all TPM keys show up as

     card-no: TPM-Protected

The key is stored encrypted to the TPM2 storage seed and since each
TPM has a unique seed, only the single TPM contained in your laptop
can now read the key.  This means you cannot simply copy the shadowed
key file over to a new laptop, you must copy over the backup copy and
then convert it to TPM form on the new laptop.

To decomission your laptop, execute a tssclear command which
regenerates the storage seed and effectively shreds all keys.  Note
when you have done this *every* TPM2 shadowed private key becomes
unreadable by any TPM and all are effectively destroyed.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Very minor cosmetic changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-10 13:34:18 +01:00
James Bottomley
1f995b9ba4
agent: Add new shadow key type and functions to call tpm2daemon
* agent/call-tpm2d.c: New.
* divert-tpm2.c: New.
* agent/Makefile.am: Add new files.
* agent/agent.h (DAEMON_TPM2D): New.  Add stub fucntions.
* agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* agent/command.c (do_one_keyinfo): Handle tpmv2.
* agent/gpg-agent.c (oTpm2daemonProgram): New.
(opts): New option --tpm2daemon-program.
(parse_rereadable_options): Handle option.
* agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d.
(agent_pksign_do): Ditto.
---

A new shadow key type: "tpm2-v1" is introduced signalling that the
shadowed key is handled by the tpm2daemon.  A function to identify
this type is introduced and diversions to the tpm2daemon functions are
conditioned on this function for pkign and pkdecrypt where the same
diversions to scd are currently done.  The (info) field of the
shadowed key stores the actual TPM key.  The TPM key is encrypted so
only the physical TPM it was created on can read it (so no special
protection is required for the info filed), but if the (info) field
becomes corrupt or damaged, the key will be lost (unlike the token
case, where the key is actually moved inside the token).

Note, this commit adds handling for existing TPM format shadow keys,
but there is still no way to create them.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Additional changes:
* Add ChangeLog entries.
* Some minor indentation fixes.
* agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck
  work.
* agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an
  gpg_error_t.  Mark args as unused.
* agent/protect.c (agent_is_tpm2_key): Free BUF.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-10 13:23:05 +01:00
Werner Koch
33c492dcb9
w32: Cleanup use of pid_t in call-daemon
* agent/call-daemon.c (struct wait_child_thread_parm_s) [W32]: Do not
use HANDLE for pid_t.
(wait_child_thread): Ditto.
--

Mingw has its own definition of pid_t as does libassuan.  We should use
this instead of using HANDLE.  Things are a bit complicated in
Windows, because Windows also has a pid_t but that is mostly useless;
in particular because you can't wait on a real pid but need a handle.
2021-03-08 21:53:29 +01:00
Werner Koch
0be4861762
po: Change translatability of a fallback string.
* agent/call-pinentry.c (setup_genpin): Do not make the fallback
translatable.
2021-02-18 14:43:43 +01:00
NIIBE Yutaka
42e637a1c3 agent: Comment spell fix.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-02-12 16:07:19 +09:00
Werner Koch
224e26cf7b
agent: Support ssh-agent extensions for environment variables.
* common/session-env.c (session_env_list_stdenvnames): Extend to allow
return all names as one string.
* agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
(SSH_RESPONSE_EXTENSION_FAILURE): New.
(request_specs): Add handler for the extension command.
(ssh_handler_extension): New.
--

The extension mechanism is specified in
https://tools.ietf.org/html/draft-miller-ssh-agent-04

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-25 10:35:06 +01:00
Werner Koch
9500432b7a
Require Libgcrypt 1.9
* configure.ac: Require at least Libgcrypt 1.9.0.  Remove all
GCRYPT_VERSION_NUMBER dependent code.
--

Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-19 10:33:03 +01:00
NIIBE Yutaka
eda3c688fc agent: Allow decryption with card but no file.
* agent/pkdecrypt.c (agent_pkdecrypt): Support decryption with card
but without a stub key.

--

GnuPG-bug-id: 5170
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 15:15:45 +09:00
NIIBE Yutaka
9beab36dfa agent: Clean up the API of agent_pkdecrypt.
* agent/agent.h (agent_pkdecrypt): Use gpg_error_t type.
* agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 15:06:33 +09:00
NIIBE Yutaka
cbb0e069f5 agent: Allow pksign operation with card but no file.
* agent/pksign.c (agent_pksign_do): Add support with no file.

--

GnuPG-bug-id: 5166
Signed-off-by: Ingo Klöcker <dev@ingo-kloecker.de>
2020-12-08 13:20:29 +09:00