security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00
Code Activity

agent: New option --auto-expand-secmem.

Browse Source 
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--

Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.

GnuPG-bug-id: 3530
This commit is contained in:
Werner Koch 2017-11-24 10:30:25 +01:00
parent 531182b7f8
commit 18af15249d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
agent/gpg-agent.c
View File

@ -135,6 +135,7 @@ enum cmd_and_opt_values
oDisableScdaemon, oDisableScdaemon,
oDisableCheckOwnSocket, oDisableCheckOwnSocket,
oS2KCount, oS2KCount,
oAutoExpandSecmem,
oWriteEnvFile oWriteEnvFile
}; };
@ -252,6 +253,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_u (oS2KCount, "s2k-count", "@"), ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
ARGPARSE_op_u (oAutoExpandSecmem, "auto-expand-secmem", "@"),
/* Dummy options for backward compatibility. */ /* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@ -1233,6 +1236,14 @@ main (int argc, char **argv )
socket_name_browser = pargs.r.ret_str; socket_name_browser = pargs.r.ret_str;
break; break;
case oAutoExpandSecmem:
/* Try to enable this option. It will officially only be
* supported by Libgcrypt 1.9 but 1.8.2 already supports it
* on the quiet and thus we use the numeric value value. */
gcry_control (78 /*GCRYCTL_AUTO_EXPAND_SECMEM*/,
(unsigned int)pargs.r.ret_ulong, 0);
break;
case oDebugQuickRandom: case oDebugQuickRandom:
/* Only used by the first stage command line parser. */ /* Only used by the first stage command line parser. */
break; break;

11
doc/gpg-agent.texi
View File

@ -652,6 +652,17 @@ Select the digest algorithm used to compute ssh fingerprints that are
communicated to the user, e.g. in pinentry dialogs. OpenSSH has communicated to the user, e.g. in pinentry dialogs. OpenSSH has
transitioned from using MD5 to the more secure SHA256. transitioned from using MD5 to the more secure SHA256.
@item --auto-expand-secmem @var{n}
@opindex auto-expand-secmem
gAllow Libgcrypt to expand its secure memory area as required. The
optional value @var{n} is a non-negative integer with a suggested size
in bytes of each additionally allocated secure memory area. The value
is rounded up to the next 32 KiB; usual C style prefixes are allowed.
For an heavy loaded gpg-agent with many concurrent connection this
option avoids sign or decrypt errors due to out of secure memory error
returns.
@item --s2k-count @var{n} @item --s2k-count @var{n}
@opindex s2k-count @opindex s2k-count
Specify the iteration count used to protect the passphrase. This Specify the iteration count used to protect the passphrase. This