diff --git a/NEWS b/NEWS index ced6b5c2b..215e74f10 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,9 @@ Noteworthy changes in version 2.0.15 (unreleased) * New command --passwd for GPG. + * Fixes a regression in 2.0.14 which prevented unprotection of new + or changed gpg-agent passphrases. + Noteworthy changes in version 2.0.14 (2009-12-21) ------------------------------------------------- diff --git a/agent/ChangeLog b/agent/ChangeLog index 78982994c..918d29f37 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2010-01-26 Werner Koch + + * protect.c (do_encryption): Encode the s2kcount and do not use a + static value of 96. + 2009-12-21 Werner Koch * command.c (cmd_getinfo): Add sub-command "s2k_count". diff --git a/agent/protect.c b/agent/protect.c index accb0ca1e..097a1b36b 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -360,19 +360,25 @@ do_encryption (const unsigned char *protbegin, size_t protlen, in canoncical format of course. We use asprintf and %n modifier and dummy values as placeholders. */ - p = xtryasprintf - ("(9:protected%d:%s((4:sha18:%n_8bytes_2:96)%d:%n%*s)%d:%n%*s)", - (int)strlen (modestr), modestr, - &saltpos, - blklen, &ivpos, blklen, "", - enclen, &encpos, enclen, ""); - if (!p) - { - gpg_error_t tmperr = out_of_core (); - xfree (iv); - xfree (outbuf); - return tmperr; - } + { + char countbuf[35]; + + snprintf (countbuf, sizeof countbuf, "%lu", get_standard_s2k_count ()); + p = xtryasprintf + ("(9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s)", + (int)strlen (modestr), modestr, + &saltpos, + (unsigned int)strlen (countbuf), countbuf, + blklen, &ivpos, blklen, "", + enclen, &encpos, enclen, ""); + if (!p) + { + gpg_error_t tmperr = out_of_core (); + xfree (iv); + xfree (outbuf); + return tmperr; + } + } *resultlen = strlen (p); *result = (unsigned char*)p; memcpy (p+saltpos, iv+2*blklen, 8);