[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-37-g3607ab2
by Werner Koch
cvs at cvs.gnupg.org
Mon Nov 6 15:16:14 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via 3607ab2cf382296cb398a92d5ec792239960bf7b (commit)
via 78a6d0ce88ae14d8324fbab3aee3286b17e49259 (commit)
from 680161647ad56d1ca92988f80bcc4d6fcb20b1eb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3607ab2cf382296cb398a92d5ec792239960bf7b
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 6 14:20:03 2017 +0100
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)
diff --git a/agent/agent.h b/agent/agent.h
index 19f9f49..c2d8579 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -485,8 +485,10 @@ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
char **passphrase_addr);
/*-- protect.c --*/
+unsigned long get_calibrated_s2k_count (void);
unsigned long get_standard_s2k_count (void);
unsigned char get_standard_s2k_count_rfc4880 (void);
+unsigned long get_standard_s2k_time (void);
int agent_protect (const unsigned char *plainkey, const char *passphrase,
unsigned char **result, size_t *resultlen,
unsigned long s2k_count, int use_ocb);
diff --git a/agent/command.c b/agent/command.c
index e20361a..0916f88 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2843,20 +2843,22 @@ static const char hlp_getinfo[] =
"Multipurpose function to return a variety of information.\n"
"Supported values for WHAT are:\n"
"\n"
- " version - Return the version of the program.\n"
- " pid - Return the process id of the server.\n"
- " socket_name - Return the name of the socket.\n"
+ " version - Return the version of the program.\n"
+ " pid - Return the process id of the server.\n"
+ " socket_name - Return the name of the socket.\n"
" ssh_socket_name - Return the name of the ssh socket.\n"
- " scd_running - Return OK if the SCdaemon is already running.\n"
- " s2k_count - Return the calibrated S2K count.\n"
+ " scd_running - Return OK if the SCdaemon is already running.\n"
+ " s2k_time - Return the time in milliseconds required for S2K.\n"
+ " s2k_count - Return the standard S2K count.\n"
+ " s2k_count_cal - Return the calibrated S2K count.\n"
" std_env_names - List the names of the standard environment.\n"
" std_session_env - List the standard session environment.\n"
" std_startup_env - List the standard startup environment.\n"
- " cmd_has_option\n"
- " - Returns OK if the command CMD implements the option OPT.\n"
- " connections - Return number of active connections.\n"
- " jent_active - Returns OK if Libgcrypt's JENT is active.\n"
- " restricted - Returns OK if the connection is in restricted mode.\n";
+ " connections - Return number of active connections.\n"
+ " jent_active - Returns OK if Libgcrypt's JENT is active.\n"
+ " restricted - Returns OK if the connection is in restricted mode.\n"
+ " cmd_has_option CMD OPT\n"
+ " - Returns OK if command CMD has option OPT.\n";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
@@ -3014,6 +3016,20 @@ cmd_getinfo (assuan_context_t ctx, char *line)
rc = gpg_error (GPG_ERR_FALSE);
#endif
}
+ else if (!strcmp (line, "s2k_count_cal"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", get_calibrated_s2k_count ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
+ else if (!strcmp (line, "s2k_time"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_time ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
else
rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
return rc;
diff --git a/agent/protect.c b/agent/protect.c
index ab26220..3073fc4 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -191,16 +191,13 @@ calibrate_s2k_count (void)
}
-
-/* Return the standard S2K count. */
+/* Return the calibrated S2K count. This is only public for the use
+ * of the Assuan getinfo s2k_count_cal command. */
unsigned long
-get_standard_s2k_count (void)
+get_calibrated_s2k_count (void)
{
static unsigned long count;
- if (opt.s2k_count)
- return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
-
if (!count)
count = calibrate_s2k_count ();
@@ -209,6 +206,26 @@ get_standard_s2k_count (void)
}
+/* Return the standard S2K count. */
+unsigned long
+get_standard_s2k_count (void)
+{
+ if (opt.s2k_count)
+ return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
+
+ return get_calibrated_s2k_count ();
+}
+
+
+/* Return the milliseconds required for the standard S2K
+ * operation. */
+unsigned long
+get_standard_s2k_time (void)
+{
+ return calibrate_s2k_count_one (get_standard_s2k_count ());
+}
+
+
/* Same as get_standard_s2k_count but return the count in the encoding
as described by rfc4880. */
unsigned char
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 6579622..afe2804 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -186,6 +186,9 @@ this convention).
@node Agent Options
@section Option Summary
+Options may either be used on the command line or, after stripping off
+the two leading dashes, in the configuration file.
+
@table @gnupgtabopt
@anchor{option --options}
@@ -193,8 +196,9 @@ this convention).
@opindex options
Reads configuration from @var{file} instead of from the default
per-user configuration file. The default configuration file is named
- at file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly
-below the home directory of the user.
+ at file{gpg-agent.conf} and expected in the @file{.gnupg} directory
+directly below the home directory of the user. This option is ignored
+if used in an options file.
@anchor{option --homedir}
@include opt-homedir.texi
@@ -652,19 +656,25 @@ transitioned from using MD5 to the more secure SHA256.
@opindex s2k-count
Specify the iteration count used to protect the passphrase. This
option can be used to override the auto-calibration done by default.
-This auto-calibration computes a count which requires 100ms to mangle
-a given passphrase. To view the auto-calibrated count do not use this
-option (or use 0 for @var{n}) and run this command:
+The auto-calibration computes a count which requires 100ms to mangle
+a given passphrase.
+
+To view the actually used iteration count and the milliseconds
+required for an S2K operation use:
@example
gpg-connect-agent 'GETINFO s2k_count' /bye
+gpg-connect-agent 'GETINFO s2k_time' /bye
@end example
+To view the auto-calibrated count use:
+
+ at example
+gpg-connect-agent 'GETINFO s2k_count_cal' /bye
+ at end example
- at end table
-All the long options may also be given in the configuration file after
-stripping off the two leading dashes.
+ at end table
@mansect files
commit 78a6d0ce88ae14d8324fbab3aee3286b17e49259
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 6 13:57:30 2017 +0100
agent: New option --s2k-count.
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--
This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e)
diff --git a/agent/agent.h b/agent/agent.h
index 7bb46fa..19f9f49 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -171,6 +171,10 @@ struct
/* The digest algorithm to use for ssh fingerprints when
* communicating with the user. */
int ssh_fingerprint_digest;
+
+ /* The value of the option --s2k-count. If this option is not given
+ * or 0 an auto-calibrated value is used. */
+ unsigned long s2k_count;
} opt;
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 030d1da..2e19d19 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -134,6 +134,8 @@ enum cmd_and_opt_values
oPuttySupport,
oDisableScdaemon,
oDisableCheckOwnSocket,
+ oS2KCount,
+
oWriteEnvFile
};
@@ -248,6 +250,8 @@ static ARGPARSE_OPTS opts[] = {
),
ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
+ ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
+
/* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@@ -819,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
disable_check_own_socket = 0;
/* Note: When changing the next line, change also gpgconf_list. */
opt.ssh_fingerprint_digest = GCRY_MD_MD5;
+ opt.s2k_count = 0;
return 1;
}
@@ -910,6 +915,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.ssh_fingerprint_digest = i;
break;
+ case oS2KCount:
+ opt.s2k_count = pargs->r.ret_ulong;
+ break;
+
default:
return 0; /* not handled */
}
diff --git a/agent/protect.c b/agent/protect.c
index c257861..ab26220 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -198,6 +198,9 @@ get_standard_s2k_count (void)
{
static unsigned long count;
+ if (opt.s2k_count)
+ return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
+
if (!count)
count = calibrate_s2k_count ();
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d7a562a..6579622 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -648,6 +648,19 @@ Select the digest algorithm used to compute ssh fingerprints that are
communicated to the user, e.g. in pinentry dialogs. OpenSSH has
transitioned from using MD5 to the more secure SHA256.
+ at item --s2k-count @var{n}
+ at opindex s2k-count
+Specify the iteration count used to protect the passphrase. This
+option can be used to override the auto-calibration done by default.
+This auto-calibration computes a count which requires 100ms to mangle
+a given passphrase. To view the auto-calibrated count do not use this
+option (or use 0 for @var{n}) and run this command:
+
+ at example
+gpg-connect-agent 'GETINFO s2k_count' /bye
+ at end example
+
+
@end table
All the long options may also be given in the configuration file after
@@ -813,6 +826,7 @@ again. Only certain options are honored: @code{quiet},
@code{pinentry-invisible-char},
@code{default-cache-ttl},
@code{max-cache-ttl}, @code{ignore-cache-for-signing},
+ at code{s2k-count},
@code{no-allow-external-cache}, @code{allow-emacs-pinentry},
@code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
@code{disable-check-own-socket}. @code{scdaemon-program} is also
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 6 ++++++
agent/command.c | 36 ++++++++++++++++++++++++++----------
agent/gpg-agent.c | 9 +++++++++
agent/protect.c | 26 +++++++++++++++++++++++---
doc/gpg-agent.texi | 34 +++++++++++++++++++++++++++++-----
5 files changed, 93 insertions(+), 18 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list