diff options
| author | Werner Koch <[email protected]> | 2017-11-24 09:30:25 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-11-24 09:30:25 +0000 |
| commit | 18af15249de5f826c3fa8d1d40e876734adcd0cf (patch) | |
| tree | 735b9f0d7cd82dea2574cbde5b06bde6fbf75f16 | |
| parent | build: Update distsigkey.gpg (diff) | |
| download | gnupg-18af15249de5f826c3fa8d1d40e876734adcd0cf.tar.gz gnupg-18af15249de5f826c3fa8d1d40e876734adcd0cf.zip | |
agent: New option --auto-expand-secmem.
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--
Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.
GnuPG-bug-id: 3530
| -rw-r--r-- | agent/gpg-agent.c | 11 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 11 |
2 files changed, 22 insertions, 0 deletions
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 0b2b98212..1696e4ecd 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -135,6 +135,7 @@ enum cmd_and_opt_values oDisableScdaemon, oDisableCheckOwnSocket, oS2KCount, + oAutoExpandSecmem, oWriteEnvFile }; @@ -252,6 +253,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_u (oS2KCount, "s2k-count", "@"), + ARGPARSE_op_u (oAutoExpandSecmem, "auto-expand-secmem", "@"), + /* Dummy options for backward compatibility. */ ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), @@ -1233,6 +1236,14 @@ main (int argc, char **argv ) socket_name_browser = pargs.r.ret_str; break; + case oAutoExpandSecmem: + /* Try to enable this option. It will officially only be + * supported by Libgcrypt 1.9 but 1.8.2 already supports it + * on the quiet and thus we use the numeric value value. */ + gcry_control (78 /*GCRYCTL_AUTO_EXPAND_SECMEM*/, + (unsigned int)pargs.r.ret_ulong, 0); + break; + case oDebugQuickRandom: /* Only used by the first stage command line parser. */ break; diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index afe280462..10f8900ca 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -652,6 +652,17 @@ Select the digest algorithm used to compute ssh fingerprints that are communicated to the user, e.g. in pinentry dialogs. OpenSSH has transitioned from using MD5 to the more secure SHA256. + +@item --auto-expand-secmem @var{n} +@opindex auto-expand-secmem +gAllow Libgcrypt to expand its secure memory area as required. The +optional value @var{n} is a non-negative integer with a suggested size +in bytes of each additionally allocated secure memory area. The value +is rounded up to the next 32 KiB; usual C style prefixes are allowed. +For an heavy loaded gpg-agent with many concurrent connection this +option avoids sign or decrypt errors due to out of secure memory error +returns. + @item --s2k-count @var{n} @opindex s2k-count Specify the iteration count used to protect the passphrase. This |