security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

Minor fixes

This commit is contained in:
Werner Koch 2002-08-09 18:13:24 +00:00
parent 850a4d5214
commit ebaf7d6e45
7 changed files with 60 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
agent/ChangeLog
View File

@ -1,3 +1,13 @@
2002-07-26 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): New option --ignore-cache-for-signing.
* command.c (option_handler): New server option
use-cache-for-signing defaulting to true.
(cmd_pksign): handle global and per session option.
* findkey.c (agent_key_from_file, unprotect): New arg
ignore_cache. Changed all callers.
* pksign.c (agent_pksign): Likewise.
2002-06-29 Werner Koch <wk@gnupg.org> 2002-06-29 Werner Koch <wk@gnupg.org>
* query.c (start_pinentry): Use GNUPG_DERAULT_PINENTRY. * query.c (start_pinentry): Use GNUPG_DERAULT_PINENTRY.
@ -25,7 +35,7 @@
(import_p12_file): Store the new file if requested. (import_p12_file): Store the new file if requested.
(main): New options --force and --store. (main): New options --force and --store.
* gpg-agent.c (main): Set a global flag when runing detached. * gpg-agent.c (main): Set a global flag when running detached.
* query.c (start_pinentry): Pass the list of FD to keep in the * query.c (start_pinentry): Pass the list of FD to keep in the
child when not running detached. child when not running detached.
* call-scd.c (start_scd): Ditto. * call-scd.c (start_scd): Ditto.

6
agent/agent.h
View File

@ -47,6 +47,8 @@ struct {
int running_detached; /* we are running detached from the tty. */ int running_detached; /* we are running detached from the tty. */
int ignore_cache_for_signing;
} opt; } opt;
@ -115,7 +117,7 @@ void start_command_handler (int, int);
int agent_write_private_key (const unsigned char *grip, int agent_write_private_key (const unsigned char *grip,
const void *buffer, size_t length, int force); const void *buffer, size_t length, int force);
GCRY_SEXP agent_key_from_file (const unsigned char *grip, GCRY_SEXP agent_key_from_file (const unsigned char *grip,
unsigned char **shadow_info); unsigned char **shadow_info, int ignore_cache);
int agent_key_available (const unsigned char *grip); int agent_key_available (const unsigned char *grip);
/*-- query.c --*/ /*-- query.c --*/
@ -133,7 +135,7 @@ void agent_unlock_cache_entry (void **cache_id);
/*-- pksign.c --*/ /*-- pksign.c --*/
int agent_pksign (CTRL ctrl, FILE *outfp); int agent_pksign (CTRL ctrl, FILE *outfp, int ignore_cache);
/*-- pkdecrypt.c --*/ /*-- pkdecrypt.c --*/
int agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen, int agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,

14
agent/command.c
View File

@ -48,6 +48,7 @@
struct server_local_s { struct server_local_s {
ASSUAN_CONTEXT assuan_ctx; ASSUAN_CONTEXT assuan_ctx;
int message_fd; int message_fd;
int use_cache_for_signing;
}; };
@ -286,9 +287,15 @@ static int
cmd_pksign (ASSUAN_CONTEXT ctx, char *line) cmd_pksign (ASSUAN_CONTEXT ctx, char *line)
{ {
int rc; int rc;
int ignore_cache = 0;
CTRL ctrl = assuan_get_pointer (ctx); CTRL ctrl = assuan_get_pointer (ctx);
rc = agent_pksign (ctrl, assuan_get_data_fp (ctx)); if (opt.ignore_cache_for_signing)
ignore_cache = 1;
else if (!ctrl->server_local->use_cache_for_signing)
ignore_cache = 1;
rc = agent_pksign (ctrl, assuan_get_data_fp (ctx), ignore_cache);
if (rc) if (rc)
log_error ("command pksign failed: %s\n", gnupg_strerror (rc)); log_error ("command pksign failed: %s\n", gnupg_strerror (rc));
return map_to_assuan_status (rc); return map_to_assuan_status (rc);
@ -516,7 +523,7 @@ cmd_learn (ASSUAN_CONTEXT ctx, char *line)
static int static int
option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value) option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value)
{ {
/* CTRL ctrl = assuan_get_pointer (ctx); */ CTRL ctrl = assuan_get_pointer (ctx);
/* FIXME: We should not change opt. here. It is not a problem right /* FIXME: We should not change opt. here. It is not a problem right
now but as soon as we are allowing concurrent connections we mess now but as soon as we are allowing concurrent connections we mess
@ -561,6 +568,8 @@ option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value)
if (!opt.lc_messages) if (!opt.lc_messages)
return ASSUAN_Out_Of_Core; return ASSUAN_Out_Of_Core;
} }
else if (!strcmp (key, "use-cache-for-signing"))
ctrl->server_local->use_cache_for_signing = *value? atoi (value) : 0;
else else
return ASSUAN_Invalid_Option; return ASSUAN_Invalid_Option;
@ -656,6 +665,7 @@ start_command_handler (int listen_fd, int fd)
ctrl.server_local = xcalloc (1, sizeof *ctrl.server_local); ctrl.server_local = xcalloc (1, sizeof *ctrl.server_local);
ctrl.server_local->assuan_ctx = ctx; ctrl.server_local->assuan_ctx = ctx;
ctrl.server_local->message_fd = -1; ctrl.server_local->message_fd = -1;
ctrl.server_local->use_cache_for_signing = 1;
if (DBG_ASSUAN) if (DBG_ASSUAN)
assuan_set_log_stream (ctx, log_get_stream ()); assuan_set_log_stream (ctx, log_get_stream ());

45
agent/findkey.c
View File

@ -114,7 +114,7 @@ try_unprotect_cb (struct pin_entry_info_s *pi)
should be the hex encoded keygrip of that key to be used with the should be the hex encoded keygrip of that key to be used with the
cahing mechanism. */ cahing mechanism. */
static int static int
unprotect (unsigned char **keybuf, const unsigned char *grip) unprotect (unsigned char **keybuf, const unsigned char *grip, int ignore_cache)
{ {
struct pin_entry_info_s *pi; struct pin_entry_info_s *pi;
struct try_unprotect_arg_s arg; struct try_unprotect_arg_s arg;
@ -129,22 +129,23 @@ unprotect (unsigned char **keybuf, const unsigned char *grip)
/* first try to get it from the cache - if there is none or we can't /* first try to get it from the cache - if there is none or we can't
unprotect it, we fall back to ask the user */ unprotect it, we fall back to ask the user */
{ if (!ignore_cache)
void *cache_marker; {
const char *pw = agent_get_cache (hexgrip, &cache_marker); void *cache_marker;
if (pw) const char *pw = agent_get_cache (hexgrip, &cache_marker);
{ if (pw)
rc = agent_unprotect (*keybuf, pw, &result, &resultlen); {
agent_unlock_cache_entry (&cache_marker); rc = agent_unprotect (*keybuf, pw, &result, &resultlen);
if (!rc) agent_unlock_cache_entry (&cache_marker);
{ if (!rc)
xfree (*keybuf); {
*keybuf = result; xfree (*keybuf);
return 0; *keybuf = result;
} return 0;
rc = 0; }
} rc = 0;
} }
}
pi = gcry_calloc_secure (1, sizeof (*pi) + 100); pi = gcry_calloc_secure (1, sizeof (*pi) + 100);
pi->max_length = 100; pi->max_length = 100;
@ -173,10 +174,12 @@ unprotect (unsigned char **keybuf, const unsigned char *grip)
/* Return the secret key as an S-Exp after locating it using the grip. /* Return the secret key as an S-Exp after locating it using the grip.
Returns NULL if key is not available or the operation should be Returns NULL if key is not available or the operation should be
diverted to a token. In the latter case shadow_info will point to diverted to a token. In the latter case shadow_info will point to
an allocated S-Expression with the shadow_info part from the an allocated S-Expression with the shadow_info part from the file.
file. */ With IGNORE_CACHE passed as true the passphrase is not taken from
the cache.*/
GCRY_SEXP GCRY_SEXP
agent_key_from_file (const unsigned char *grip, unsigned char **shadow_info) agent_key_from_file (const unsigned char *grip, unsigned char **shadow_info,
int ignore_cache)
{ {
int i, rc; int i, rc;
char *fname; char *fname;
@ -249,7 +252,7 @@ agent_key_from_file (const unsigned char *grip, unsigned char **shadow_info)
case PRIVATE_KEY_CLEAR: case PRIVATE_KEY_CLEAR:
break; /* no unprotection needed */ break; /* no unprotection needed */
case PRIVATE_KEY_PROTECTED: case PRIVATE_KEY_PROTECTED:
rc = unprotect (&buf, grip); rc = unprotect (&buf, grip, ignore_cache);
if (rc) if (rc)
log_error ("failed to unprotect the secret key: %s\n", log_error ("failed to unprotect the secret key: %s\n",
gnupg_strerror (rc)); gnupg_strerror (rc));

6
agent/gpg-agent.c
View File

@ -81,6 +81,8 @@ enum cmd_and_opt_values
oDefCacheTTL, oDefCacheTTL,
oDisablePth, oDisablePth,
oIgnoreCacheForSigning,
aTest }; aTest };
@ -113,6 +115,8 @@ static ARGPARSE_OPTS opts[] = {
{ oScdaemonProgram, "scdaemon-program", 2 , "path to SCdaemon program" }, { oScdaemonProgram, "scdaemon-program", 2 , "path to SCdaemon program" },
{ oDefCacheTTL, "default-cache-ttl", 4, { oDefCacheTTL, "default-cache-ttl", 4,
"|N|expire cached PINs after N seconds"}, "|N|expire cached PINs after N seconds"},
{ oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
"do not use the PIN cache when signing"},
{0} {0}
}; };
@ -407,6 +411,8 @@ main (int argc, char **argv )
case oScdaemonProgram: opt.scdaemon_program = pargs.r.ret_str; break; case oScdaemonProgram: opt.scdaemon_program = pargs.r.ret_str; break;
case oDefCacheTTL: opt.def_cache_ttl = pargs.r.ret_ulong; break; case oDefCacheTTL: opt.def_cache_ttl = pargs.r.ret_ulong; break;
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
default : pargs.err = configfp? 1:2; break; default : pargs.err = configfp? 1:2; break;
} }
} }

2
agent/pkdecrypt.c
View File

@ -64,7 +64,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
log_printhex ("keygrip:", ctrl->keygrip, 20); log_printhex ("keygrip:", ctrl->keygrip, 20);
log_printhex ("cipher: ", ciphertext, ciphertextlen); log_printhex ("cipher: ", ciphertext, ciphertextlen);
} }
s_skey = agent_key_from_file (ctrl->keygrip, &shadow_info); s_skey = agent_key_from_file (ctrl->keygrip, &shadow_info, 0);
if (!s_skey && !shadow_info) if (!s_skey && !shadow_info)
{ {
log_error ("failed to read the secret key\n"); log_error ("failed to read the secret key\n");

4
agent/pksign.c
View File

@ -86,7 +86,7 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
/* SIGN whatever information we have accumulated in CTRL and write it /* SIGN whatever information we have accumulated in CTRL and write it
back to OUTFP. */ back to OUTFP. */
int int
agent_pksign (CTRL ctrl, FILE *outfp) agent_pksign (CTRL ctrl, FILE *outfp, int ignore_cache)
{ {
GCRY_SEXP s_skey = NULL, s_hash = NULL, s_sig = NULL; GCRY_SEXP s_skey = NULL, s_hash = NULL, s_sig = NULL;
GCRY_MPI frame = NULL; GCRY_MPI frame = NULL;
@ -98,7 +98,7 @@ agent_pksign (CTRL ctrl, FILE *outfp)
if (!ctrl->have_keygrip) if (!ctrl->have_keygrip)
return seterr (No_Secret_Key); return seterr (No_Secret_Key);
s_skey = agent_key_from_file (ctrl->keygrip, &shadow_info); s_skey = agent_key_from_file (ctrl->keygrip, &shadow_info, ignore_cache);
if (!s_skey && !shadow_info) if (!s_skey && !shadow_info)
{ {
log_error ("failed to read the secret key\n"); log_error ("failed to read the secret key\n");