agent: Supply GRIP=NULL for agent_key_from_file, for real use.

* agent/findkey.c (agent_key_from_file): Change the semantics of GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH. * agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL. * agent/pksign.c (agent_pksign_do): Likewise. -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-19 14:04:33 +09:00 · 2022-05-19 14:04:33 +09:00 · 09357d7eae
parent 1b1684cf61
commit 09357d7eae
3 changed files with 19 additions and 18 deletions
--- a/agent/findkey.c
+++ b/agent/findkey.c
@ -962,7 +962,10 @@ remove_key_file (const unsigned char *grip)


 /* Return the secret key as an S-Exp in RESULT after locating it using
-   the GRIP.  If the operation shall be diverted to a token, an
+   the GRIP.  Caller should set GRIP=NULL, when a key in a file is
+   intended to be used for cryptographic operation.  In this case,
+   CTRL->keygrip is used to locate the file, and it may ask a user for
+   confirmation.  If the operation shall be diverted to a token, an
   allocated S-expression with the shadow_info part from the file is
   stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO.
   CACHE_MODE defines now the cache shall be used.  DESC_TEXT may be
@ -999,13 +1002,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
  if (r_timestamp)
    *r_timestamp = (time_t)(-1);

-  err = read_key_file (grip, &s_skey, &keymeta);
-  if (err)
-    {
-      if (gpg_err_code (err) == GPG_ERR_ENOENT)
-        err = gpg_error (GPG_ERR_NO_SECKEY);
-      return err;
-    }
+  if (!grip && !ctrl->have_keygrip)
+    return gpg_error (GPG_ERR_NO_SECKEY);
+
+  err = read_key_file (grip? grip : ctrl->keygrip, &s_skey, &keymeta);

  /* For use with the protection functions we also need the key as an
     canonical encoded S-expression in a buffer.  Create this buffer
@ -1087,14 +1087,15 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
                                          &desc_text_final);
        gcry_free (comment_buffer);

-	if (!err)
-	  {
-	    err = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
-                            cache_mode, lookup_ttl, r_passphrase);
-	    if (err)
-	      log_error ("failed to unprotect the secret key: %s\n",
-			 gpg_strerror (err));
-	  }
+        if (!err)
+          {
+            err = unprotect (ctrl, cache_nonce, desc_text_final, &buf,
+                             grip? grip : ctrl->keygrip,
+                             cache_mode, lookup_ttl, r_passphrase);
+            if (err)
+              log_error ("failed to unprotect the secret key: %s\n",
+                         gpg_strerror (err));
+          }

 	xfree (desc_text_final);
      }
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@ -68,7 +68,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
      log_printhex (ciphertext, ciphertextlen, "cipher: ");
    }
  err = agent_key_from_file (ctrl, NULL, desc_text,
-                             ctrl->keygrip, &shadow_info,
+                             NULL, &shadow_info,
                             CACHE_MODE_NORMAL, NULL, &s_skey, NULL, NULL);
  if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
    no_shadow_info = 1;
--- a/agent/pksign.c
+++ b/agent/pksign.c
@ -314,7 +314,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
  if (!ctrl->have_keygrip)
    return gpg_error (GPG_ERR_NO_SECKEY);

-  err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
+  err = agent_key_from_file (ctrl, cache_nonce, desc_text, NULL,
                             &shadow_info, cache_mode, lookup_ttl,
                             &s_skey, NULL, NULL);
  if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)