security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

2009-08-20 Daiki Ueno <ueno@unixuser.org>

Browse Source 
* mainproc.c (proc_encrypted): Clear passphrase cached with S2K
      cache ID if decryption failed.
    * passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
    * gpgv.c (passphrase_clear_cache): New stub.
This commit is contained in:
Werner Koch 2009-08-20 08:41:15 +00:00
parent 43387e13c0
commit 7cde92403c
7 changed files with 37 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.maint
View File

@ -21,7 +21,8 @@ Release process:
* Make sure that all new PO files are checked in. * Make sure that all new PO files are checked in.
* Decide whether you want to update the automake standard files * Decide whether you want to update the automake standard files
(Mainly config.guess and config.sub). (Mainly config.guess and config.sub).
* [1.4 only] Update gpg.texi and gpgv.texi from the trunk. * [1.4 only] Update gpg.texi and gpgv.texi from the trunk:
make -C doc update-source-from-gnupg-2
* Run "make -C po update-po". * Run "make -C po update-po".
* Write NEWS entries and set the release date in NEWS. * Write NEWS entries and set the release date in NEWS.
* In configure.ac set "my_issvn" to "no". * In configure.ac set "my_issvn" to "no".

7
g10/ChangeLog
View File

@ -1,3 +1,10 @@
2009-08-20 Daiki Ueno <ueno@unixuser.org>
* mainproc.c (proc_encrypted): Clear passphrase cached with S2K
cache ID if decryption failed.
* passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
* gpgv.c (passphrase_clear_cache): New stub.
2009-08-11 Werner Koch <wk@g10code.com> 2009-08-11 Werner Koch <wk@g10code.com>
* call-agent.c (get_serialno_cb): New. From ../agent/call-scd.c. * call-agent.c (get_serialno_cb): New. From ../agent/call-scd.c.

8
g10/gpgv.c
View File

@ -426,6 +426,14 @@ passphrase_to_dek (u32 *keyid, int pubkey_algo,
return NULL; return NULL;
} }
void
passphrase_clear_cache (u32 *keyid, const char *cacheid, int algo)
{
(void)keyid;
(void)cacheid;
(void)algo;
}
struct keyserver_spec * struct keyserver_spec *
parse_preferred_keyserver(PKT_signature *sig) parse_preferred_keyserver(PKT_signature *sig)
{ {

7
g10/mainproc.c
View File

@ -586,6 +586,13 @@ proc_encrypted( CTX c, PACKET *pkt )
write_status( STATUS_DECRYPTION_FAILED ); write_status( STATUS_DECRYPTION_FAILED );
} }
else { else {
if (gpg_err_code (result) == GPG_ERR_BAD_KEY
&& *c->dek->s2k_cacheid != '\0')
{
log_debug(_("cleared passphrase cached with ID: %s\n"),
c->dek->s2k_cacheid);
passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
}
write_status( STATUS_DECRYPTION_FAILED ); write_status( STATUS_DECRYPTION_FAILED );
log_error(_("decryption failed: %s\n"), g10_errstr(result)); log_error(_("decryption failed: %s\n"), g10_errstr(result));
/* Hmmm: does this work when we have encrypted using multiple /* Hmmm: does this work when we have encrypted using multiple

16
g10/passphrase.c
View File

@ -452,6 +452,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
DEK *dek; DEK *dek;
STRING2KEY help_s2k; STRING2KEY help_s2k;
int dummy_canceled; int dummy_canceled;
char s2k_cacheidbuf[1+16+1], *s2k_cacheid = NULL;
if (!canceled) if (!canceled)
canceled = &dummy_canceled; canceled = &dummy_canceled;
@ -573,19 +574,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
} }
else else
{ {
char *cacheid = NULL;
char buf[1+16+1];
if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3)) if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
{ {
memset (buf, 0, sizeof buf); memset (s2k_cacheidbuf, 0, sizeof s2k_cacheidbuf);
*buf = 'S'; *s2k_cacheidbuf = 'S';
bin2hex (s2k->salt, 8, buf + 1); bin2hex (s2k->salt, 8, s2k_cacheidbuf + 1);
cacheid = buf; s2k_cacheid = s2k_cacheidbuf;
} }
/* Divert to the gpg-agent. */ /* Divert to the gpg-agent. */
pw = passphrase_get (keyid, mode == 2, cacheid, pw = passphrase_get (keyid, mode == 2, s2k_cacheid,
(mode == 2 || mode == 4)? opt.passwd_repeat : 0, (mode == 2 || mode == 4)? opt.passwd_repeat : 0,
tryagain_text, custdesc, custprompt, canceled); tryagain_text, custdesc, custprompt, canceled);
if (*canceled) if (*canceled)
@ -608,6 +606,8 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
dek->keylen = 0; dek->keylen = 0;
else else
hash_passphrase (dek, pw, s2k); hash_passphrase (dek, pw, s2k);
if (s2k_cacheid)
memcpy (dek->s2k_cacheid, s2k_cacheid, sizeof dek->s2k_cacheid);
xfree(last_pw); xfree(last_pw);
last_pw = pw; last_pw = pw;
return dek; return dek;

4
include/ChangeLog
View File

@ -1,3 +1,7 @@
2009-08-20 Daiki Ueno <ueno@unixuser.org> (wk)
* cipher.h (struct DEK): Add field S2K_CACHEID.
2008-04-18 Werner Koch <wk@g10code.com> 2008-04-18 Werner Koch <wk@g10code.com>
* cipher.h (CIPHER_ALGO_CAMELLIA256): Change ID to 13. * cipher.h (CIPHER_ALGO_CAMELLIA256): Change ID to 13.

1
include/cipher.h
View File

@ -94,6 +94,7 @@ typedef struct
int use_mdc; int use_mdc;
int symmetric; int symmetric;
byte key[32]; /* This is the largest used keylen (256 bit). */ byte key[32]; /* This is the largest used keylen (256 bit). */
char s2k_cacheid[1+16+1];
} DEK; } DEK;