From 09357d7eae3efd8db1df79ef191f12038e905c6c Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Thu, 19 May 2022 14:04:33 +0900 Subject: [PATCH] agent: Supply GRIP=NULL for agent_key_from_file, for real use. * agent/findkey.c (agent_key_from_file): Change the semantics of GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH. * agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL. * agent/pksign.c (agent_pksign_do): Likewise. -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka --- agent/findkey.c | 33 +++++++++++++++++---------------- agent/pkdecrypt.c | 2 +- agent/pksign.c | 2 +- 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/agent/findkey.c b/agent/findkey.c index 45c374d94..87289eced 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -962,7 +962,10 @@ remove_key_file (const unsigned char *grip) /* Return the secret key as an S-Exp in RESULT after locating it using - the GRIP. If the operation shall be diverted to a token, an + the GRIP. Caller should set GRIP=NULL, when a key in a file is + intended to be used for cryptographic operation. In this case, + CTRL->keygrip is used to locate the file, and it may ask a user for + confirmation. If the operation shall be diverted to a token, an allocated S-expression with the shadow_info part from the file is stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO. CACHE_MODE defines now the cache shall be used. DESC_TEXT may be @@ -999,13 +1002,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, if (r_timestamp) *r_timestamp = (time_t)(-1); - err = read_key_file (grip, &s_skey, &keymeta); - if (err) - { - if (gpg_err_code (err) == GPG_ERR_ENOENT) - err = gpg_error (GPG_ERR_NO_SECKEY); - return err; - } + if (!grip && !ctrl->have_keygrip) + return gpg_error (GPG_ERR_NO_SECKEY); + + err = read_key_file (grip? grip : ctrl->keygrip, &s_skey, &keymeta); /* For use with the protection functions we also need the key as an canonical encoded S-expression in a buffer. Create this buffer @@ -1087,14 +1087,15 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, &desc_text_final); gcry_free (comment_buffer); - if (!err) - { - err = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip, - cache_mode, lookup_ttl, r_passphrase); - if (err) - log_error ("failed to unprotect the secret key: %s\n", - gpg_strerror (err)); - } + if (!err) + { + err = unprotect (ctrl, cache_nonce, desc_text_final, &buf, + grip? grip : ctrl->keygrip, + cache_mode, lookup_ttl, r_passphrase); + if (err) + log_error ("failed to unprotect the secret key: %s\n", + gpg_strerror (err)); + } xfree (desc_text_final); } diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index cf6c1491d..ba3d90469 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -68,7 +68,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, log_printhex (ciphertext, ciphertextlen, "cipher: "); } err = agent_key_from_file (ctrl, NULL, desc_text, - ctrl->keygrip, &shadow_info, + NULL, &shadow_info, CACHE_MODE_NORMAL, NULL, &s_skey, NULL, NULL); if (gpg_err_code (err) == GPG_ERR_NO_SECKEY) no_shadow_info = 1; diff --git a/agent/pksign.c b/agent/pksign.c index 170dc9644..a4aff041b 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -314,7 +314,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, if (!ctrl->have_keygrip) return gpg_error (GPG_ERR_NO_SECKEY); - err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, + err = agent_key_from_file (ctrl, cache_nonce, desc_text, NULL, &shadow_info, cache_mode, lookup_ttl, &s_skey, NULL, NULL); if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)