agent: Make the S2K calibration time runtime configurable.

* agent/protect.c (s2k_calibration_time): New file global var. (calibrate_s2k_count): Use it here. (get_calibrated_s2k_count): Replace function static var by ... (s2k_calibrated_count): new file global var. (set_s2k_calibration_time): New function. * agent/gpg-agent.c (oS2KCalibration): New const. (opts): New option --s2k-calibration. (parse_rereadable_options): Parse that option. -- Note that using an unrelistic high value (like 60000) takes quite some time for calibration. GnuPG-bug-id: 3399 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit cbcc8c1954)
2025-07-02 22:46:30 +02:00 · 2018-12-11 18:12:51 +01:00 · 2018-12-11 18:12:51 +01:00 · de29a50e7c
commit de29a50e7c
parent 0cf0f3aaf8
4 changed files with 43 additions and 9 deletions
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -669,12 +669,19 @@ For an heavy loaded gpg-agent with many concurrent connection this
 option avoids sign or decrypt errors due to out of secure memory error
 returns.

+@item --s2k-calibration @var{milliseconds}
+@opindex s2k-calibration
+Change the default calibration time to @var{milliseconds}.  The given
+value is capped at 60 seconds; a value of 0 resets to the compiled-in
+default.  This option is re-read on a SIGHUP (or @code{gpgconf
+--reload gpg-agent}) and the S2K count is then re-calibrated.
+
@item --s2k-count @var{n}
@opindex s2k-count
 Specify the iteration count used to protect the passphrase.  This
 option can be used to override the auto-calibration done by default.
-The auto-calibration computes a count which requires 100ms to mangle
-a given passphrase.
+The auto-calibration computes a count which requires by default 100ms
+to mangle a given passphrase.  See also @option{--s2k-calibration}.

 To view the actually used iteration count and the milliseconds
 required for an S2K operation use: