security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

agent: always use hexgrip when storing key password

Browse Source 
--
The current code uses the binary ctrl->keygrip, but all the passphrase
storage engines expect this to be a string, so convert the binary
keygrip to a hex one before passing it in as the keyid.  This fixes a
crash seen in some libsecret implementations where a non-ascii keyid
isn't well handled.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
James Bottomley via Gnupg-devel 2022-01-14 08:49:33 -05:00 committed by Werner Koch
parent 38e100acb7
commit af2fbd9b01
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
agent/call-tpm2d.c
View File

@ -141,14 +141,17 @@ agent_tpm2d_writekey (ctrl_t ctrl, unsigned char **shadow_info,
static gpg_error_t
pin_cb (ctrl_t ctrl, const char *prompt, char **passphrase)
{
*passphrase = agent_get_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER);
char hexgrip[2*KEYGRIP_LEN + 1];
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
*passphrase = agent_get_cache (ctrl, hexgrip, CACHE_MODE_USER);
if (*passphrase)
return 0;
return agent_get_passphrase(ctrl, passphrase,
_("Please enter your passphrase, so that the "
"secret key can be unlocked for this session"),
prompt, NULL, 0,
ctrl->keygrip, CACHE_MODE_USER, NULL);
hexgrip, CACHE_MODE_USER, NULL);
}
int
@ -160,6 +163,7 @@ agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
char line[ASSUAN_LINELENGTH];
membuf_t data;
struct inq_parm_s inqparm;
char hexgrip[2*KEYGRIP_LEN + 1];
rc = start_tpm2d (ctrl);
if (rc)
@ -183,7 +187,10 @@ agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
inq_extra, &inqparm,
NULL, NULL);
if (!rc)
agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0);
{
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
agent_put_cache (ctrl, hexgrip, CACHE_MODE_USER, inqparm.pin, 0);
}
xfree (inqparm.pin);
@ -208,6 +215,7 @@ agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
char line[ASSUAN_LINELENGTH];
membuf_t data;
struct inq_parm_s inqparm;
char hexgrip[2*KEYGRIP_LEN + 1];
rc = start_tpm2d (ctrl);
if (rc)
@ -231,7 +239,10 @@ agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
inq_extra, &inqparm,
NULL, NULL);
if (!rc)
agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0);
{
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
agent_put_cache (ctrl, hexgrip, CACHE_MODE_USER, inqparm.pin, 0);
}
xfree (inqparm.pin);