Merge branch 'STABLE-BRANCH-2-2' into master

2025-01-30 16:17:02 +01:00 · 2017-12-11 10:42:38 +01:00 · 2017-12-11 10:42:38 +01:00 · b38ca59bdb
commit b38ca59bdb
parent 34defc9bce 3e72143023
7 changed files with 38 additions and 6 deletions
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -135,6 +135,7 @@ enum cmd_and_opt_values
  oDisableScdaemon,
  oDisableCheckOwnSocket,
  oS2KCount,
+  oAutoExpandSecmem,

  oWriteEnvFile
 };
@ -252,6 +253,8 @@ static ARGPARSE_OPTS opts[] = {

  ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),

+  ARGPARSE_op_u (oAutoExpandSecmem, "auto-expand-secmem", "@"),
+
  /* Dummy options for backward compatibility.  */
  ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
  ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@ -1025,6 +1028,7 @@ main (int argc, char **argv )
  assuan_set_malloc_hooks (&malloc_hooks);
  assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
  assuan_sock_init ();
+  assuan_sock_set_system_hooks (ASSUAN_SYSTEM_NPTH);
  setup_libassuan_logging (&opt.debug, NULL);

  setup_libgcrypt_logging ();
@ -1233,6 +1237,14 @@ main (int argc, char **argv )
          socket_name_browser = pargs.r.ret_str;
          break;

+        case oAutoExpandSecmem:
+          /* Try to enable this option.  It will officially only be
+           * supported by Libgcrypt 1.9 but 1.8.2 already supports it
+           * on the quiet and thus we use the numeric value value.  */
+          gcry_control (78 /*GCRYCTL_AUTO_EXPAND_SECMEM*/,
+                        (unsigned int)pargs.r.ret_ulong,  0);
+          break;
+
        case oDebugQuickRandom:
          /* Only used by the first stage command line parser.  */
          break;
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@ -271,7 +271,7 @@ to keys stored on a token:
   (comment whatever)
 )

-The currently used protocol is "ti-v1" (token info version 1).  The
+The currently used protocol is "t1-v1" (token info version 1).  The
 second list with the information has this layout:

 (card_serial_number id_string_of_key fixed_pin_length)
@ -379,7 +379,7 @@ Example:
 (protected-shared-secret
   ((desc "List of system passphrases")
    (key "uid-1002" ("Knuth" "Donald Ervin Knuth"))
-    (key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra"))
+    (key "uid-1001" ("Dijkstra" "Edsger Wybe Dijkstra"))
    (key)
    (protected mode (parms) encrypted_octet_string)
    (protected-at "20100915T111722")
@ -402,7 +402,7 @@ hashed:

   ((desc "List of system passphrases")
    (key "uid-1002" ("Knuth" "Donald Ervin Knuth"))
-    (key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra"))
+    (key "uid-1001" ("Dijkstra" "Edsger Wybe Dijkstra"))
    (key)
    (value 4:1002 "signal flags at the lock")
    (value 4:1001 "taocp")
--- a/agent/protect.c
+++ b/agent/protect.c
@ -1494,7 +1494,7 @@ make_shadow_info (const char *serialno, const char *idstring)


 /* Create a shadow key from a public key.  We use the shadow protocol
-  "ti-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
+  "t1-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
  S-expression is returned in an allocated buffer RESULT will point
  to. The input parameters are expected to be valid canonicalized
  S-expressions */
--- a/agent/t-protect.c
+++ b/agent/t-protect.c
@ -288,7 +288,7 @@ static void
 test_agent_shadow_key (void)
 {
 /* Create a shadow key from a public key.  We use the shadow protocol
-  "ti-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
+  "t1-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
  S-expression is returned in an allocated buffer RESULT will point
  to. The input parameters are expected to be valid canonicalized
  S-expressions */
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@ -514,7 +514,10 @@ else
 speedo_pkg_pinentry_configure = --enable-pinentry-gtk2
 endif
 speedo_pkg_pinentry_configure += \
-        --disable-pinentry-qt4 \
+        --disable-pinentry-qt5   \
+        --disable-pinentry-qt    \
+	--disable-pinentry-fltk  \
+	--disable-pinentry-tty   \
 	CPPFLAGS=-I$(idir)/include   \
 	LDFLAGS=-L$(idir)/lib        \
 	CXXFLAGS=-static-libstdc++
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -652,6 +652,17 @@ Select the digest algorithm used to compute ssh fingerprints that are
 communicated to the user, e.g. in pinentry dialogs.  OpenSSH has
 transitioned from using MD5 to the more secure SHA256.

+
+@item --auto-expand-secmem @var{n}
+@opindex auto-expand-secmem
+Allow Libgcrypt to expand its secure memory area as required.  The
+optional value @var{n} is a non-negative integer with a suggested size
+in bytes of each additionally allocated secure memory area.  The value
+is rounded up to the next 32 KiB; usual C style prefixes are allowed.
+For an heavy loaded gpg-agent with many concurrent connection this
+option avoids sign or decrypt errors due to out of secure memory error
+returns.
+
@item --s2k-count @var{n}
@opindex s2k-count
 Specify the iteration count used to protect the passphrase.  This
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -3087,6 +3087,12 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
 	else
 	  pt->name[i] = c;
    }
+  /* Fill up NAME so that a check with valgrind won't complain about
+   * reading from uninitalized memory.  This case may be triggred by
+   * corrupted packets.  */
+  for (; i < namelen; i++)
+    pt->name[i] = 0;
+
  pt->timestamp = read_32 (inp);
  if (pktlen)
    pktlen -= 4;