agent: Support unprotected ssh keys.

* agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty passphrase is supplied, do not protect the key. GnuPG-bug-id: 2856 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-26 14:54:39 +02:00 · 2017-06-26 14:54:39 +02:00 · 2739647985
parent b49b1a87ac
commit 2739647985
1 changed files with 12 additions and 1 deletions
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@ -2980,6 +2980,7 @@ ssh_key_extract_comment (gcry_sexp_t key, char **r_comment)

 /* This function converts the key contained in the S-Expression KEY
   into a buffer, which is protected by the passphrase PASSPHRASE.
+   If PASSPHRASE is the empty passphrase, the key is not protected.
   Returns usual error code.  */
 static gpg_error_t
 ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
@ -3000,7 +3001,17 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
  gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n);
  /* FIXME: guarantee?  */

-  err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1);
+  if (*passphrase)
+    err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1);
+  else
+    {
+      /* The key derivation function does not support zero length
+       * strings.  Store key unprotected if the user wishes so.  */
+      *buffer = buffer_new;
+      *buffer_n = buffer_new_n;
+      buffer_new = NULL;
+      err = 0;
+    }

 out: