From cdc28c59fe5da6ac478485ae474a931ed964eaa4 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 14 Nov 2023 15:08:20 +0100
Subject: [PATCH] gpg,gpgsm: Hide password in debug output also for asked
 passwords.

* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

GnuPG-bug-id: 6654

The drawback of this solution is that we don't see any IPC lines from
the assuan_transact.  Everything else would require larger changes to
libassuan.
---
 g10/call-agent.c | 6 +++++-
 sm/call-agent.c  | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/g10/call-agent.c b/g10/call-agent.c
index e6d142c62..20235d2ad 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1616,7 +1616,7 @@ agent_get_passphrase (const char *cache_id,
   char *arg4 = NULL;
   membuf_t data;
   struct default_inq_parm_s dfltparm;
-  int have_newsymkey;
+  int have_newsymkey, wasconf;
 
   memset (&dfltparm, 0, sizeof dfltparm);
 
@@ -1668,10 +1668,14 @@ agent_get_passphrase (const char *cache_id,
   xfree (arg4);
 
   init_membuf_secure (&data, 64);
+  wasconf = assuan_get_flag (agent_ctx, ASSUAN_CONFIDENTIAL);
+  assuan_begin_confidential (agent_ctx);
   rc = assuan_transact (agent_ctx, line,
                         put_membuf_cb, &data,
                         default_inq_cb, &dfltparm,
                         NULL, NULL);
+  if (!wasconf)
+    assuan_end_confidential (agent_ctx);
 
   if (rc)
     xfree (get_membuf (&data, NULL));
diff --git a/sm/call-agent.c b/sm/call-agent.c
index c4afd27d7..438da5112 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -1306,6 +1306,7 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
   char *arg4 = NULL;
   membuf_t data;
   struct default_inq_parm_s inq_parm;
+  int wasconf;
 
   *r_passphrase = NULL;
 
@@ -1324,9 +1325,13 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
   xfree (arg4);
 
   init_membuf_secure (&data, 64);
+  wasconf = assuan_get_flag (agent_ctx, ASSUAN_CONFIDENTIAL);
+  assuan_begin_confidential (agent_ctx);
   err = assuan_transact (agent_ctx, line,
                          put_membuf_cb, &data,
                          default_inq_cb, &inq_parm, NULL, NULL);
+  if (!wasconf)
+    assuan_end_confidential (agent_ctx);
 
   if (err)
     xfree (get_membuf (&data, NULL));