A bunch of minor changes

2025-07-02 22:46:30 +02:00 · 2009-12-21 16:19:09 +00:00 · 2009-12-21 16:19:09 +00:00 · 4b4e243f7d
commit 4b4e243f7d
parent 9129fcd868
19 changed files with 312 additions and 119 deletions
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -50,6 +50,58 @@ static char *next_pw = NULL;
 static char *last_pw = NULL;


+
+/* Pack an s2k iteration count into the form specified in 2440.  If
+   we're in between valid values, round up.  With value 0 return the
+   old default.  */
+unsigned char
+encode_s2k_iterations (int iterations)
+{
+  gpg_error_t err;
+  unsigned char c=0;
+  unsigned char result;
+  unsigned int count;
+
+  if (!iterations)
+    {
+      unsigned long mycnt;
+
+      /* Ask the gpg-agent for a useful iteration count.  */
+      err = agent_get_s2k_count (&mycnt);
+      if (err || mycnt < 65536)
+        {
+          /* Don't print an error if an older agent is used.  */
+          if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
+            log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
+          /* Default to 65536 which we used up to 2.0.13.  */
+          return 96; 
+        }
+      else if (mycnt >= 65011712)
+        return 255; /* Largest possible value.  */
+      else
+        return encode_s2k_iterations ((int)mycnt);
+    }
+
+  if (iterations <= 1024)
+    return 0;  /* Command line arg compatibility.  */
+
+  if (iterations >= 65011712)
+    return 255;
+  
+  /* Need count to be in the range 16-31 */
+  for (count=iterations>>6; count>=32; count>>=1)
+    c++;
+
+  result = (c<<4)|(count-16);
+
+  if (S2K_DECODE_COUNT(result) < iterations)
+    result++;
+  
+  return result;
+}
+
+
+
 /* Hash a passphrase using the supplied s2k. 
   Always needs: dek->algo, s2k->mode, s2k->hash_algo.  */
 static void
@ -474,7 +526,15 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
    {
      gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
      if ( s2k->mode == 3 )
-        s2k->count = opt.s2k_count;
+        {
+          /* We delay the encoding until it is really needed.  This is
+             if we are going to dynamically calibrate it, we need to
+             call out to gpg-agent and that should not be done during
+             option processing in main().  */
+          if (!opt.s2k_count)
+            opt.s2k_count = encode_s2k_iterations (0);
+          s2k->count = opt.s2k_count;
+        }
    }

  /* If we do not have a passphrase available in NEXT_PW and status