[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-37-g3607ab2

by Werner Koch cvs at cvs.gnupg.org
Mon Nov 6 15:16:14 CET 2017


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  3607ab2cf382296cb398a92d5ec792239960bf7b (commit)
       via  78a6d0ce88ae14d8324fbab3aee3286b17e49259 (commit)
      from  680161647ad56d1ca92988f80bcc4d6fcb20b1eb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3607ab2cf382296cb398a92d5ec792239960bf7b
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Nov 6 14:20:03 2017 +0100

    agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
    
    * agent/command.c (cmd_getinfo): New sub-commands.
    * agent/protect.c (get_standard_s2k_count): Factor some code out to ...
    (get_calibrated_s2k_count): new.
    (get_standard_s2k_time): New.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)

diff --git a/agent/agent.h b/agent/agent.h
index 19f9f49..c2d8579 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -485,8 +485,10 @@ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
                                      char **passphrase_addr);
 
 /*-- protect.c --*/
+unsigned long get_calibrated_s2k_count (void);
 unsigned long get_standard_s2k_count (void);
 unsigned char get_standard_s2k_count_rfc4880 (void);
+unsigned long get_standard_s2k_time (void);
 int agent_protect (const unsigned char *plainkey, const char *passphrase,
                    unsigned char **result, size_t *resultlen,
 		   unsigned long s2k_count, int use_ocb);
diff --git a/agent/command.c b/agent/command.c
index e20361a..0916f88 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2843,20 +2843,22 @@ static const char hlp_getinfo[] =
   "Multipurpose function to return a variety of information.\n"
   "Supported values for WHAT are:\n"
   "\n"
-  "  version     - Return the version of the program.\n"
-  "  pid         - Return the process id of the server.\n"
-  "  socket_name - Return the name of the socket.\n"
+  "  version         - Return the version of the program.\n"
+  "  pid             - Return the process id of the server.\n"
+  "  socket_name     - Return the name of the socket.\n"
   "  ssh_socket_name - Return the name of the ssh socket.\n"
-  "  scd_running - Return OK if the SCdaemon is already running.\n"
-  "  s2k_count   - Return the calibrated S2K count.\n"
+  "  scd_running     - Return OK if the SCdaemon is already running.\n"
+  "  s2k_time        - Return the time in milliseconds required for S2K.\n"
+  "  s2k_count       - Return the standard S2K count.\n"
+  "  s2k_count_cal   - Return the calibrated S2K count.\n"
   "  std_env_names   - List the names of the standard environment.\n"
   "  std_session_env - List the standard session environment.\n"
   "  std_startup_env - List the standard startup environment.\n"
-  "  cmd_has_option\n"
-  "              - Returns OK if the command CMD implements the option OPT.\n"
-  "  connections - Return number of active connections.\n"
-  "  jent_active - Returns OK if Libgcrypt's JENT is active.\n"
-  "  restricted  - Returns OK if the connection is in restricted mode.\n";
+  "  connections     - Return number of active connections.\n"
+  "  jent_active     - Returns OK if Libgcrypt's JENT is active.\n"
+  "  restricted      - Returns OK if the connection is in restricted mode.\n"
+  "  cmd_has_option CMD OPT\n"
+  "                  - Returns OK if command CMD has option OPT.\n";
 static gpg_error_t
 cmd_getinfo (assuan_context_t ctx, char *line)
 {
@@ -3014,6 +3016,20 @@ cmd_getinfo (assuan_context_t ctx, char *line)
       rc = gpg_error (GPG_ERR_FALSE);
 #endif
     }
+  else if (!strcmp (line, "s2k_count_cal"))
+    {
+      char numbuf[50];
+
+      snprintf (numbuf, sizeof numbuf, "%lu", get_calibrated_s2k_count ());
+      rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+    }
+  else if (!strcmp (line, "s2k_time"))
+    {
+      char numbuf[50];
+
+      snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_time ());
+      rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+    }
   else
     rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
   return rc;
diff --git a/agent/protect.c b/agent/protect.c
index ab26220..3073fc4 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -191,16 +191,13 @@ calibrate_s2k_count (void)
 }
 
 
-
-/* Return the standard S2K count.  */
+/* Return the calibrated S2K count.  This is only public for the use
+ * of the Assuan getinfo s2k_count_cal command.  */
 unsigned long
-get_standard_s2k_count (void)
+get_calibrated_s2k_count (void)
 {
   static unsigned long count;
 
-  if (opt.s2k_count)
-    return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
-
   if (!count)
     count = calibrate_s2k_count ();
 
@@ -209,6 +206,26 @@ get_standard_s2k_count (void)
 }
 
 
+/* Return the standard S2K count.  */
+unsigned long
+get_standard_s2k_count (void)
+{
+  if (opt.s2k_count)
+    return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
+
+  return get_calibrated_s2k_count ();
+}
+
+
+/* Return the milliseconds required for the standard S2K
+ * operation.  */
+unsigned long
+get_standard_s2k_time (void)
+{
+  return calibrate_s2k_count_one (get_standard_s2k_count ());
+}
+
+
 /* Same as get_standard_s2k_count but return the count in the encoding
    as described by rfc4880.  */
 unsigned char
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 6579622..afe2804 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -186,6 +186,9 @@ this convention).
 @node Agent Options
 @section Option Summary
 
+Options may either be used on the command line or, after stripping off
+the two leading dashes, in the configuration file.
+
 @table @gnupgtabopt
 
 @anchor{option --options}
@@ -193,8 +196,9 @@ this convention).
 @opindex options
 Reads configuration from @var{file} instead of from the default
 per-user configuration file.  The default configuration file is named
- at file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly
-below the home directory of the user.
+ at file{gpg-agent.conf} and expected in the @file{.gnupg} directory
+directly below the home directory of the user.  This option is ignored
+if used in an options file.
 
 @anchor{option --homedir}
 @include opt-homedir.texi
@@ -652,19 +656,25 @@ transitioned from using MD5 to the more secure SHA256.
 @opindex s2k-count
 Specify the iteration count used to protect the passphrase.  This
 option can be used to override the auto-calibration done by default.
-This auto-calibration computes a count which requires 100ms to mangle
-a given passphrase.  To view the auto-calibrated count do not use this
-option (or use 0 for @var{n}) and run this command:
+The auto-calibration computes a count which requires 100ms to mangle
+a given passphrase.
+
+To view the actually used iteration count and the milliseconds
+required for an S2K operation use:
 
 @example
 gpg-connect-agent 'GETINFO s2k_count' /bye
+gpg-connect-agent 'GETINFO s2k_time' /bye
 @end example
 
+To view the auto-calibrated count use:
+
+ at example
+gpg-connect-agent 'GETINFO s2k_count_cal' /bye
+ at end example
 
- at end table
 
-All the long options may also be given in the configuration file after
-stripping off the two leading dashes.
+ at end table
 
 
 @mansect files

commit 78a6d0ce88ae14d8324fbab3aee3286b17e49259
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Nov 6 13:57:30 2017 +0100

    agent: New option --s2k-count.
    
    * agent/agent.h (opt): New field 's2k_count'.
    * agent/gpg-agent.c (oS2KCount): New enum value.
    (opts): New option --s2k-count.
    (parse_rereadable_options): Set opt.s2k_count.
    --
    
    This option is useful to speed up the starting of gpg-agent and in
    cases where the auto-calibration runs into problems due to a broken
    time measurement facility.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e)

diff --git a/agent/agent.h b/agent/agent.h
index 7bb46fa..19f9f49 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -171,6 +171,10 @@ struct
   /* The digest algorithm to use for ssh fingerprints when
    * communicating with the user.  */
   int ssh_fingerprint_digest;
+
+  /* The value of the option --s2k-count.  If this option is not given
+   * or 0 an auto-calibrated value is used.  */
+  unsigned long s2k_count;
 } opt;
 
 
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 030d1da..2e19d19 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -134,6 +134,8 @@ enum cmd_and_opt_values
   oPuttySupport,
   oDisableScdaemon,
   oDisableCheckOwnSocket,
+  oS2KCount,
+
   oWriteEnvFile
 };
 
@@ -248,6 +250,8 @@ static ARGPARSE_OPTS opts[] = {
                 ),
   ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
 
+  ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
+
   /* Dummy options for backward compatibility.  */
   ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
   ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@@ -819,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       disable_check_own_socket = 0;
       /* Note: When changing the next line, change also gpgconf_list.  */
       opt.ssh_fingerprint_digest = GCRY_MD_MD5;
+      opt.s2k_count = 0;
       return 1;
     }
 
@@ -910,6 +915,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
         opt.ssh_fingerprint_digest = i;
       break;
 
+    case oS2KCount:
+      opt.s2k_count = pargs->r.ret_ulong;
+      break;
+
     default:
       return 0; /* not handled */
     }
diff --git a/agent/protect.c b/agent/protect.c
index c257861..ab26220 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -198,6 +198,9 @@ get_standard_s2k_count (void)
 {
   static unsigned long count;
 
+  if (opt.s2k_count)
+    return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
+
   if (!count)
     count = calibrate_s2k_count ();
 
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d7a562a..6579622 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -648,6 +648,19 @@ Select the digest algorithm used to compute ssh fingerprints that are
 communicated to the user, e.g. in pinentry dialogs.  OpenSSH has
 transitioned from using MD5 to the more secure SHA256.
 
+ at item --s2k-count @var{n}
+ at opindex s2k-count
+Specify the iteration count used to protect the passphrase.  This
+option can be used to override the auto-calibration done by default.
+This auto-calibration computes a count which requires 100ms to mangle
+a given passphrase.  To view the auto-calibrated count do not use this
+option (or use 0 for @var{n}) and run this command:
+
+ at example
+gpg-connect-agent 'GETINFO s2k_count' /bye
+ at end example
+
+
 @end table
 
 All the long options may also be given in the configuration file after
@@ -813,6 +826,7 @@ again.  Only certain options are honored: @code{quiet},
 @code{pinentry-invisible-char},
 @code{default-cache-ttl},
 @code{max-cache-ttl}, @code{ignore-cache-for-signing},
+ at code{s2k-count},
 @code{no-allow-external-cache}, @code{allow-emacs-pinentry},
 @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
 @code{disable-check-own-socket}.  @code{scdaemon-program} is also

-----------------------------------------------------------------------

Summary of changes:
 agent/agent.h      |  6 ++++++
 agent/command.c    | 36 ++++++++++++++++++++++++++----------
 agent/gpg-agent.c  |  9 +++++++++
 agent/protect.c    | 26 +++++++++++++++++++++++---
 doc/gpg-agent.texi | 34 +++++++++++++++++++++++++++++-----
 5 files changed, 93 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org




More information about the Gnupg-commits mailing list