[git] GnuPG - branch, master, updated. gnupg-2.2.1-68-g52d41c8
by Werner Koch
cvs at cvs.gnupg.org
Mon Nov 6 15:07:58 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 52d41c8b0f4af6278d18d8935399ddad16a26856 (commit)
via f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e (commit)
from 922bae8082f2f8d696ea0e7d7e9e4d986789bdfc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 52d41c8b0f4af6278d18d8935399ddad16a26856
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 6 14:20:03 2017 +0100
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/agent.h b/agent/agent.h
index 47cc345..687635d 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -486,8 +486,10 @@ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
char **passphrase_addr);
/*-- protect.c --*/
+unsigned long get_calibrated_s2k_count (void);
unsigned long get_standard_s2k_count (void);
unsigned char get_standard_s2k_count_rfc4880 (void);
+unsigned long get_standard_s2k_time (void);
int agent_protect (const unsigned char *plainkey, const char *passphrase,
unsigned char **result, size_t *resultlen,
unsigned long s2k_count, int use_ocb);
diff --git a/agent/command.c b/agent/command.c
index 3b249b1..7c7e8a4 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2843,20 +2843,22 @@ static const char hlp_getinfo[] =
"Multipurpose function to return a variety of information.\n"
"Supported values for WHAT are:\n"
"\n"
- " version - Return the version of the program.\n"
- " pid - Return the process id of the server.\n"
- " socket_name - Return the name of the socket.\n"
+ " version - Return the version of the program.\n"
+ " pid - Return the process id of the server.\n"
+ " socket_name - Return the name of the socket.\n"
" ssh_socket_name - Return the name of the ssh socket.\n"
- " scd_running - Return OK if the SCdaemon is already running.\n"
- " s2k_count - Return the calibrated S2K count.\n"
+ " scd_running - Return OK if the SCdaemon is already running.\n"
+ " s2k_time - Return the time in milliseconds required for S2K.\n"
+ " s2k_count - Return the standard S2K count.\n"
+ " s2k_count_cal - Return the calibrated S2K count.\n"
" std_env_names - List the names of the standard environment.\n"
" std_session_env - List the standard session environment.\n"
" std_startup_env - List the standard startup environment.\n"
- " cmd_has_option\n"
- " - Returns OK if the command CMD implements the option OPT.\n"
- " connections - Return number of active connections.\n"
- " jent_active - Returns OK if Libgcrypt's JENT is active.\n"
- " restricted - Returns OK if the connection is in restricted mode.\n";
+ " connections - Return number of active connections.\n"
+ " jent_active - Returns OK if Libgcrypt's JENT is active.\n"
+ " restricted - Returns OK if the connection is in restricted mode.\n"
+ " cmd_has_option CMD OPT\n"
+ " - Returns OK if command CMD has option OPT.\n";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
@@ -3014,6 +3016,20 @@ cmd_getinfo (assuan_context_t ctx, char *line)
rc = gpg_error (GPG_ERR_FALSE);
#endif
}
+ else if (!strcmp (line, "s2k_count_cal"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", get_calibrated_s2k_count ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
+ else if (!strcmp (line, "s2k_time"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_time ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
else
rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
return rc;
diff --git a/agent/protect.c b/agent/protect.c
index 9b4ba91..fe44f18 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -191,16 +191,13 @@ calibrate_s2k_count (void)
}
-
-/* Return the standard S2K count. */
+/* Return the calibrated S2K count. This is only public for the use
+ * of the Assuan getinfo s2k_count_cal command. */
unsigned long
-get_standard_s2k_count (void)
+get_calibrated_s2k_count (void)
{
static unsigned long count;
- if (opt.s2k_count)
- return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
-
if (!count)
count = calibrate_s2k_count ();
@@ -209,6 +206,26 @@ get_standard_s2k_count (void)
}
+/* Return the standard S2K count. */
+unsigned long
+get_standard_s2k_count (void)
+{
+ if (opt.s2k_count)
+ return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
+
+ return get_calibrated_s2k_count ();
+}
+
+
+/* Return the milliseconds required for the standard S2K
+ * operation. */
+unsigned long
+get_standard_s2k_time (void)
+{
+ return calibrate_s2k_count_one (get_standard_s2k_count ());
+}
+
+
/* Same as get_standard_s2k_count but return the count in the encoding
as described by rfc4880. */
unsigned char
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 6579622..afe2804 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -186,6 +186,9 @@ this convention).
@node Agent Options
@section Option Summary
+Options may either be used on the command line or, after stripping off
+the two leading dashes, in the configuration file.
+
@table @gnupgtabopt
@anchor{option --options}
@@ -193,8 +196,9 @@ this convention).
@opindex options
Reads configuration from @var{file} instead of from the default
per-user configuration file. The default configuration file is named
- at file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly
-below the home directory of the user.
+ at file{gpg-agent.conf} and expected in the @file{.gnupg} directory
+directly below the home directory of the user. This option is ignored
+if used in an options file.
@anchor{option --homedir}
@include opt-homedir.texi
@@ -652,19 +656,25 @@ transitioned from using MD5 to the more secure SHA256.
@opindex s2k-count
Specify the iteration count used to protect the passphrase. This
option can be used to override the auto-calibration done by default.
-This auto-calibration computes a count which requires 100ms to mangle
-a given passphrase. To view the auto-calibrated count do not use this
-option (or use 0 for @var{n}) and run this command:
+The auto-calibration computes a count which requires 100ms to mangle
+a given passphrase.
+
+To view the actually used iteration count and the milliseconds
+required for an S2K operation use:
@example
gpg-connect-agent 'GETINFO s2k_count' /bye
+gpg-connect-agent 'GETINFO s2k_time' /bye
@end example
+To view the auto-calibrated count use:
+
+ at example
+gpg-connect-agent 'GETINFO s2k_count_cal' /bye
+ at end example
- at end table
-All the long options may also be given in the configuration file after
-stripping off the two leading dashes.
+ at end table
@mansect files
commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 6 13:57:30 2017 +0100
agent: New option --s2k-count.
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--
This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/agent.h b/agent/agent.h
index bf8d244..47cc345 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -171,6 +171,10 @@ struct
/* The digest algorithm to use for ssh fingerprints when
* communicating with the user. */
int ssh_fingerprint_digest;
+
+ /* The value of the option --s2k-count. If this option is not given
+ * or 0 an auto-calibrated value is used. */
+ unsigned long s2k_count;
} opt;
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 030d1da..2e19d19 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -134,6 +134,8 @@ enum cmd_and_opt_values
oPuttySupport,
oDisableScdaemon,
oDisableCheckOwnSocket,
+ oS2KCount,
+
oWriteEnvFile
};
@@ -248,6 +250,8 @@ static ARGPARSE_OPTS opts[] = {
),
ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
+ ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
+
/* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@@ -819,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
disable_check_own_socket = 0;
/* Note: When changing the next line, change also gpgconf_list. */
opt.ssh_fingerprint_digest = GCRY_MD_MD5;
+ opt.s2k_count = 0;
return 1;
}
@@ -910,6 +915,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.ssh_fingerprint_digest = i;
break;
+ case oS2KCount:
+ opt.s2k_count = pargs->r.ret_ulong;
+ break;
+
default:
return 0; /* not handled */
}
diff --git a/agent/protect.c b/agent/protect.c
index 9b262a9..9b4ba91 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -198,6 +198,9 @@ get_standard_s2k_count (void)
{
static unsigned long count;
+ if (opt.s2k_count)
+ return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
+
if (!count)
count = calibrate_s2k_count ();
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d7a562a..6579622 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -648,6 +648,19 @@ Select the digest algorithm used to compute ssh fingerprints that are
communicated to the user, e.g. in pinentry dialogs. OpenSSH has
transitioned from using MD5 to the more secure SHA256.
+ at item --s2k-count @var{n}
+ at opindex s2k-count
+Specify the iteration count used to protect the passphrase. This
+option can be used to override the auto-calibration done by default.
+This auto-calibration computes a count which requires 100ms to mangle
+a given passphrase. To view the auto-calibrated count do not use this
+option (or use 0 for @var{n}) and run this command:
+
+ at example
+gpg-connect-agent 'GETINFO s2k_count' /bye
+ at end example
+
+
@end table
All the long options may also be given in the configuration file after
@@ -813,6 +826,7 @@ again. Only certain options are honored: @code{quiet},
@code{pinentry-invisible-char},
@code{default-cache-ttl},
@code{max-cache-ttl}, @code{ignore-cache-for-signing},
+ at code{s2k-count},
@code{no-allow-external-cache}, @code{allow-emacs-pinentry},
@code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
@code{disable-check-own-socket}. @code{scdaemon-program} is also
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 6 ++++++
agent/command.c | 36 ++++++++++++++++++++++++++----------
agent/gpg-agent.c | 9 +++++++++
agent/protect.c | 26 +++++++++++++++++++++++---
doc/gpg-agent.texi | 34 +++++++++++++++++++++++++++++-----
5 files changed, 93 insertions(+), 18 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list