1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

agent: always use hexgrip when storing key password

--
The current code uses the binary ctrl->keygrip, but all the passphrase
storage engines expect this to be a string, so convert the binary
keygrip to a hex one before passing it in as the keyid.  This fixes a
crash seen in some libsecret implementations where a non-ascii keyid
isn't well handled.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
James Bottomley via Gnupg-devel 2022-01-14 08:49:33 -05:00 committed by Werner Koch
parent 38e100acb7
commit af2fbd9b01
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -141,14 +141,17 @@ agent_tpm2d_writekey (ctrl_t ctrl, unsigned char **shadow_info,
static gpg_error_t static gpg_error_t
pin_cb (ctrl_t ctrl, const char *prompt, char **passphrase) pin_cb (ctrl_t ctrl, const char *prompt, char **passphrase)
{ {
*passphrase = agent_get_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER); char hexgrip[2*KEYGRIP_LEN + 1];
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
*passphrase = agent_get_cache (ctrl, hexgrip, CACHE_MODE_USER);
if (*passphrase) if (*passphrase)
return 0; return 0;
return agent_get_passphrase(ctrl, passphrase, return agent_get_passphrase(ctrl, passphrase,
_("Please enter your passphrase, so that the " _("Please enter your passphrase, so that the "
"secret key can be unlocked for this session"), "secret key can be unlocked for this session"),
prompt, NULL, 0, prompt, NULL, 0,
ctrl->keygrip, CACHE_MODE_USER, NULL); hexgrip, CACHE_MODE_USER, NULL);
} }
int int
@ -160,6 +163,7 @@ agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
char line[ASSUAN_LINELENGTH]; char line[ASSUAN_LINELENGTH];
membuf_t data; membuf_t data;
struct inq_parm_s inqparm; struct inq_parm_s inqparm;
char hexgrip[2*KEYGRIP_LEN + 1];
rc = start_tpm2d (ctrl); rc = start_tpm2d (ctrl);
if (rc) if (rc)
@ -183,7 +187,10 @@ agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
inq_extra, &inqparm, inq_extra, &inqparm,
NULL, NULL); NULL, NULL);
if (!rc) if (!rc)
agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0); {
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
agent_put_cache (ctrl, hexgrip, CACHE_MODE_USER, inqparm.pin, 0);
}
xfree (inqparm.pin); xfree (inqparm.pin);
@ -208,6 +215,7 @@ agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
char line[ASSUAN_LINELENGTH]; char line[ASSUAN_LINELENGTH];
membuf_t data; membuf_t data;
struct inq_parm_s inqparm; struct inq_parm_s inqparm;
char hexgrip[2*KEYGRIP_LEN + 1];
rc = start_tpm2d (ctrl); rc = start_tpm2d (ctrl);
if (rc) if (rc)
@ -231,7 +239,10 @@ agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
inq_extra, &inqparm, inq_extra, &inqparm,
NULL, NULL); NULL, NULL);
if (!rc) if (!rc)
agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0); {
bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
agent_put_cache (ctrl, hexgrip, CACHE_MODE_USER, inqparm.pin, 0);
}
xfree (inqparm.pin); xfree (inqparm.pin);