1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

agent: New option --s2k-count.

* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-11-06 13:57:30 +01:00
parent 922bae8082
commit f7212f1d11
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 30 additions and 0 deletions

View File

@ -171,6 +171,10 @@ struct
/* The digest algorithm to use for ssh fingerprints when /* The digest algorithm to use for ssh fingerprints when
* communicating with the user. */ * communicating with the user. */
int ssh_fingerprint_digest; int ssh_fingerprint_digest;
/* The value of the option --s2k-count. If this option is not given
* or 0 an auto-calibrated value is used. */
unsigned long s2k_count;
} opt; } opt;

View File

@ -134,6 +134,8 @@ enum cmd_and_opt_values
oPuttySupport, oPuttySupport,
oDisableScdaemon, oDisableScdaemon,
oDisableCheckOwnSocket, oDisableCheckOwnSocket,
oS2KCount,
oWriteEnvFile oWriteEnvFile
}; };
@ -248,6 +250,8 @@ static ARGPARSE_OPTS opts[] = {
), ),
ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"), ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
/* Dummy options for backward compatibility. */ /* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@ -819,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
disable_check_own_socket = 0; disable_check_own_socket = 0;
/* Note: When changing the next line, change also gpgconf_list. */ /* Note: When changing the next line, change also gpgconf_list. */
opt.ssh_fingerprint_digest = GCRY_MD_MD5; opt.ssh_fingerprint_digest = GCRY_MD_MD5;
opt.s2k_count = 0;
return 1; return 1;
} }
@ -910,6 +915,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.ssh_fingerprint_digest = i; opt.ssh_fingerprint_digest = i;
break; break;
case oS2KCount:
opt.s2k_count = pargs->r.ret_ulong;
break;
default: default:
return 0; /* not handled */ return 0; /* not handled */
} }

View File

@ -198,6 +198,9 @@ get_standard_s2k_count (void)
{ {
static unsigned long count; static unsigned long count;
if (opt.s2k_count)
return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
if (!count) if (!count)
count = calibrate_s2k_count (); count = calibrate_s2k_count ();

View File

@ -648,6 +648,19 @@ Select the digest algorithm used to compute ssh fingerprints that are
communicated to the user, e.g. in pinentry dialogs. OpenSSH has communicated to the user, e.g. in pinentry dialogs. OpenSSH has
transitioned from using MD5 to the more secure SHA256. transitioned from using MD5 to the more secure SHA256.
@item --s2k-count @var{n}
@opindex s2k-count
Specify the iteration count used to protect the passphrase. This
option can be used to override the auto-calibration done by default.
This auto-calibration computes a count which requires 100ms to mangle
a given passphrase. To view the auto-calibrated count do not use this
option (or use 0 for @var{n}) and run this command:
@example
gpg-connect-agent 'GETINFO s2k_count' /bye
@end example
@end table @end table
All the long options may also be given in the configuration file after All the long options may also be given in the configuration file after
@ -813,6 +826,7 @@ again. Only certain options are honored: @code{quiet},
@code{pinentry-invisible-char}, @code{pinentry-invisible-char},
@code{default-cache-ttl}, @code{default-cache-ttl},
@code{max-cache-ttl}, @code{ignore-cache-for-signing}, @code{max-cache-ttl}, @code{ignore-cache-for-signing},
@code{s2k-count},
@code{no-allow-external-cache}, @code{allow-emacs-pinentry}, @code{no-allow-external-cache}, @code{allow-emacs-pinentry},
@code{no-allow-mark-trusted}, @code{disable-scdaemon}, and @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
@code{disable-check-own-socket}. @code{scdaemon-program} is also @code{disable-check-own-socket}. @code{scdaemon-program} is also