mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-09 23:39:51 +02:00
agent: Supply GRIP=NULL for agent_key_from_file, for real use.
* agent/findkey.c (agent_key_from_file): Change the semantics of GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH. * agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL. * agent/pksign.c (agent_pksign_do): Likewise. -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
1b1684cf61
commit
09357d7eae
|
@ -962,7 +962,10 @@ remove_key_file (const unsigned char *grip)
|
||||||
|
|
||||||
|
|
||||||
/* Return the secret key as an S-Exp in RESULT after locating it using
|
/* Return the secret key as an S-Exp in RESULT after locating it using
|
||||||
the GRIP. If the operation shall be diverted to a token, an
|
the GRIP. Caller should set GRIP=NULL, when a key in a file is
|
||||||
|
intended to be used for cryptographic operation. In this case,
|
||||||
|
CTRL->keygrip is used to locate the file, and it may ask a user for
|
||||||
|
confirmation. If the operation shall be diverted to a token, an
|
||||||
allocated S-expression with the shadow_info part from the file is
|
allocated S-expression with the shadow_info part from the file is
|
||||||
stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO.
|
stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO.
|
||||||
CACHE_MODE defines now the cache shall be used. DESC_TEXT may be
|
CACHE_MODE defines now the cache shall be used. DESC_TEXT may be
|
||||||
|
@ -999,13 +1002,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
|
||||||
if (r_timestamp)
|
if (r_timestamp)
|
||||||
*r_timestamp = (time_t)(-1);
|
*r_timestamp = (time_t)(-1);
|
||||||
|
|
||||||
err = read_key_file (grip, &s_skey, &keymeta);
|
if (!grip && !ctrl->have_keygrip)
|
||||||
if (err)
|
return gpg_error (GPG_ERR_NO_SECKEY);
|
||||||
{
|
|
||||||
if (gpg_err_code (err) == GPG_ERR_ENOENT)
|
err = read_key_file (grip? grip : ctrl->keygrip, &s_skey, &keymeta);
|
||||||
err = gpg_error (GPG_ERR_NO_SECKEY);
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* For use with the protection functions we also need the key as an
|
/* For use with the protection functions we also need the key as an
|
||||||
canonical encoded S-expression in a buffer. Create this buffer
|
canonical encoded S-expression in a buffer. Create this buffer
|
||||||
|
@ -1089,7 +1089,8 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
|
||||||
|
|
||||||
if (!err)
|
if (!err)
|
||||||
{
|
{
|
||||||
err = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
|
err = unprotect (ctrl, cache_nonce, desc_text_final, &buf,
|
||||||
|
grip? grip : ctrl->keygrip,
|
||||||
cache_mode, lookup_ttl, r_passphrase);
|
cache_mode, lookup_ttl, r_passphrase);
|
||||||
if (err)
|
if (err)
|
||||||
log_error ("failed to unprotect the secret key: %s\n",
|
log_error ("failed to unprotect the secret key: %s\n",
|
||||||
|
|
|
@ -68,7 +68,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
|
||||||
log_printhex (ciphertext, ciphertextlen, "cipher: ");
|
log_printhex (ciphertext, ciphertextlen, "cipher: ");
|
||||||
}
|
}
|
||||||
err = agent_key_from_file (ctrl, NULL, desc_text,
|
err = agent_key_from_file (ctrl, NULL, desc_text,
|
||||||
ctrl->keygrip, &shadow_info,
|
NULL, &shadow_info,
|
||||||
CACHE_MODE_NORMAL, NULL, &s_skey, NULL, NULL);
|
CACHE_MODE_NORMAL, NULL, &s_skey, NULL, NULL);
|
||||||
if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
|
if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
|
||||||
no_shadow_info = 1;
|
no_shadow_info = 1;
|
||||||
|
|
|
@ -314,7 +314,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
|
||||||
if (!ctrl->have_keygrip)
|
if (!ctrl->have_keygrip)
|
||||||
return gpg_error (GPG_ERR_NO_SECKEY);
|
return gpg_error (GPG_ERR_NO_SECKEY);
|
||||||
|
|
||||||
err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
|
err = agent_key_from_file (ctrl, cache_nonce, desc_text, NULL,
|
||||||
&shadow_info, cache_mode, lookup_ttl,
|
&shadow_info, cache_mode, lookup_ttl,
|
||||||
&s_skey, NULL, NULL);
|
&s_skey, NULL, NULL);
|
||||||
if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
|
if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user