mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
agent: always use hexgrip when storing key password
-- The current code uses the binary ctrl->keygrip, but all the passphrase storage engines expect this to be a string, so convert the binary keygrip to a hex one before passing it in as the keyid. This fixes a crash seen in some libsecret implementations where a non-ascii keyid isn't well handled. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
parent
38e100acb7
commit
af2fbd9b01
@ -141,14 +141,17 @@ agent_tpm2d_writekey (ctrl_t ctrl, unsigned char **shadow_info,
|
|||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
pin_cb (ctrl_t ctrl, const char *prompt, char **passphrase)
|
pin_cb (ctrl_t ctrl, const char *prompt, char **passphrase)
|
||||||
{
|
{
|
||||||
*passphrase = agent_get_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER);
|
char hexgrip[2*KEYGRIP_LEN + 1];
|
||||||
|
|
||||||
|
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
|
||||||
|
*passphrase = agent_get_cache (ctrl, hexgrip, CACHE_MODE_USER);
|
||||||
if (*passphrase)
|
if (*passphrase)
|
||||||
return 0;
|
return 0;
|
||||||
return agent_get_passphrase(ctrl, passphrase,
|
return agent_get_passphrase(ctrl, passphrase,
|
||||||
_("Please enter your passphrase, so that the "
|
_("Please enter your passphrase, so that the "
|
||||||
"secret key can be unlocked for this session"),
|
"secret key can be unlocked for this session"),
|
||||||
prompt, NULL, 0,
|
prompt, NULL, 0,
|
||||||
ctrl->keygrip, CACHE_MODE_USER, NULL);
|
hexgrip, CACHE_MODE_USER, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -160,6 +163,7 @@ agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
|
|||||||
char line[ASSUAN_LINELENGTH];
|
char line[ASSUAN_LINELENGTH];
|
||||||
membuf_t data;
|
membuf_t data;
|
||||||
struct inq_parm_s inqparm;
|
struct inq_parm_s inqparm;
|
||||||
|
char hexgrip[2*KEYGRIP_LEN + 1];
|
||||||
|
|
||||||
rc = start_tpm2d (ctrl);
|
rc = start_tpm2d (ctrl);
|
||||||
if (rc)
|
if (rc)
|
||||||
@ -183,7 +187,10 @@ agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
|
|||||||
inq_extra, &inqparm,
|
inq_extra, &inqparm,
|
||||||
NULL, NULL);
|
NULL, NULL);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0);
|
{
|
||||||
|
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
|
||||||
|
agent_put_cache (ctrl, hexgrip, CACHE_MODE_USER, inqparm.pin, 0);
|
||||||
|
}
|
||||||
|
|
||||||
xfree (inqparm.pin);
|
xfree (inqparm.pin);
|
||||||
|
|
||||||
@ -208,6 +215,7 @@ agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
|
|||||||
char line[ASSUAN_LINELENGTH];
|
char line[ASSUAN_LINELENGTH];
|
||||||
membuf_t data;
|
membuf_t data;
|
||||||
struct inq_parm_s inqparm;
|
struct inq_parm_s inqparm;
|
||||||
|
char hexgrip[2*KEYGRIP_LEN + 1];
|
||||||
|
|
||||||
rc = start_tpm2d (ctrl);
|
rc = start_tpm2d (ctrl);
|
||||||
if (rc)
|
if (rc)
|
||||||
@ -231,7 +239,10 @@ agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
|
|||||||
inq_extra, &inqparm,
|
inq_extra, &inqparm,
|
||||||
NULL, NULL);
|
NULL, NULL);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0);
|
{
|
||||||
|
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
|
||||||
|
agent_put_cache (ctrl, hexgrip, CACHE_MODE_USER, inqparm.pin, 0);
|
||||||
|
}
|
||||||
|
|
||||||
xfree (inqparm.pin);
|
xfree (inqparm.pin);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user