agent: New option --s2k-count.

* agent/agent.h (opt): New field 's2k_count'. * agent/gpg-agent.c (oS2KCount): New enum value. (opts): New option --s2k-count. (parse_rereadable_options): Set opt.s2k_count. -- This option is useful to speed up the starting of gpg-agent and in cases where the auto-calibration runs into problems due to a broken time measurement facility. Signed-off-by: Werner Koch <wk@gnupg.org>
2024-05-28 21:50:02 +02:00 · 2017-11-06 13:57:30 +01:00 · 2017-11-06 13:57:30 +01:00 · f7212f1d11
commit f7212f1d11
parent 922bae8082
4 changed files with 30 additions and 0 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -171,6 +171,10 @@ struct
  /* The digest algorithm to use for ssh fingerprints when
   * communicating with the user.  */
  int ssh_fingerprint_digest;
  /* The value of the option --s2k-count.  If this option is not given
   * or 0 an auto-calibrated value is used.  */
  unsigned long s2k_count;
 } opt;
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -134,6 +134,8 @@ enum cmd_and_opt_values
  oPuttySupport,
  oDisableScdaemon,
  oDisableCheckOwnSocket,
  oS2KCount,
  oWriteEnvFile
 };
@ -248,6 +250,8 @@ static ARGPARSE_OPTS opts[] = {
                ),
  ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
  ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
  /* Dummy options for backward compatibility.  */
  ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
  ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@ -819,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      disable_check_own_socket = 0;
      /* Note: When changing the next line, change also gpgconf_list.  */
      opt.ssh_fingerprint_digest = GCRY_MD_MD5;
      opt.s2k_count = 0;
      return 1;
    }
@ -910,6 +915,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
        opt.ssh_fingerprint_digest = i;
      break;
    case oS2KCount:
      opt.s2k_count = pargs->r.ret_ulong;
      break;
    default:
      return 0; /* not handled */
    }
--- a/agent/protect.c
+++ b/agent/protect.c
@ -198,6 +198,9 @@ get_standard_s2k_count (void)
 {
  static unsigned long count;
  if (opt.s2k_count)
    return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
  if (!count)
    count = calibrate_s2k_count ();
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -648,6 +648,19 @@ Select the digest algorithm used to compute ssh fingerprints that are
 communicated to the user, e.g. in pinentry dialogs.  OpenSSH has
 transitioned from using MD5 to the more secure SHA256.
@item --s2k-count @var{n}
@opindex s2k-count
 Specify the iteration count used to protect the passphrase.  This
 option can be used to override the auto-calibration done by default.
 This auto-calibration computes a count which requires 100ms to mangle
 a given passphrase.  To view the auto-calibrated count do not use this
 option (or use 0 for @var{n}) and run this command:
@example
 gpg-connect-agent 'GETINFO s2k_count' /bye
@end example
@end table
 All the long options may also be given in the configuration file after
@ -813,6 +826,7 @@ again.  Only certain options are honored: @code{quiet},
@code{pinentry-invisible-char},
@code{default-cache-ttl},
@code{max-cache-ttl}, @code{ignore-cache-for-signing},
@code{s2k-count},
@code{no-allow-external-cache}, @code{allow-emacs-pinentry},
@code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
@code{disable-check-own-socket}.  @code{scdaemon-program} is also