[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.3-5-g18af152
by Werner Koch
cvs at cvs.gnupg.org
Fri Nov 24 10:35:03 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via 18af15249de5f826c3fa8d1d40e876734adcd0cf (commit)
from 531182b7f84f3cc75268a645728cb862dd20acee (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 18af15249de5f826c3fa8d1d40e876734adcd0cf
Author: Werner Koch <wk at gnupg.org>
Date: Fri Nov 24 10:30:25 2017 +0100
agent: New option --auto-expand-secmem.
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--
Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.
GnuPG-bug-id: 3530
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 0b2b982..1696e4e 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -135,6 +135,7 @@ enum cmd_and_opt_values
oDisableScdaemon,
oDisableCheckOwnSocket,
oS2KCount,
+ oAutoExpandSecmem,
oWriteEnvFile
};
@@ -252,6 +253,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
+ ARGPARSE_op_u (oAutoExpandSecmem, "auto-expand-secmem", "@"),
+
/* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@@ -1233,6 +1236,14 @@ main (int argc, char **argv )
socket_name_browser = pargs.r.ret_str;
break;
+ case oAutoExpandSecmem:
+ /* Try to enable this option. It will officially only be
+ * supported by Libgcrypt 1.9 but 1.8.2 already supports it
+ * on the quiet and thus we use the numeric value value. */
+ gcry_control (78 /*GCRYCTL_AUTO_EXPAND_SECMEM*/,
+ (unsigned int)pargs.r.ret_ulong, 0);
+ break;
+
case oDebugQuickRandom:
/* Only used by the first stage command line parser. */
break;
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index afe2804..10f8900 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -652,6 +652,17 @@ Select the digest algorithm used to compute ssh fingerprints that are
communicated to the user, e.g. in pinentry dialogs. OpenSSH has
transitioned from using MD5 to the more secure SHA256.
+
+ at item --auto-expand-secmem @var{n}
+ at opindex auto-expand-secmem
+gAllow Libgcrypt to expand its secure memory area as required. The
+optional value @var{n} is a non-negative integer with a suggested size
+in bytes of each additionally allocated secure memory area. The value
+is rounded up to the next 32 KiB; usual C style prefixes are allowed.
+For an heavy loaded gpg-agent with many concurrent connection this
+option avoids sign or decrypt errors due to out of secure memory error
+returns.
+
@item --s2k-count @var{n}
@opindex s2k-count
Specify the iteration count used to protect the passphrase. This
-----------------------------------------------------------------------
Summary of changes:
agent/gpg-agent.c | 11 +++++++++++
doc/gpg-agent.texi | 11 +++++++++++
2 files changed, 22 insertions(+)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list