aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2023-11-14 14:08:20 +0000
committerWerner Koch <[email protected]>2023-11-14 14:08:20 +0000
commitcdc28c59fe5da6ac478485ae474a931ed964eaa4 (patch)
tree5258ae9dd0d20f956546b05a9e438db05457fa08
parentgpgsm: Re-introduce the bad passphrase hint for pkcs#12. (diff)
downloadgnupg-cdc28c59fe5da6ac478485ae474a931ed964eaa4.tar.gz
gnupg-cdc28c59fe5da6ac478485ae474a931ed964eaa4.zip
gpg,gpgsm: Hide password in debug output also for asked passwords.
* g10/call-agent.c (agent_get_passphrase): Call assuan_begin_confidential and assuan_end_confidential. * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto. -- GnuPG-bug-id: 6654 The drawback of this solution is that we don't see any IPC lines from the assuan_transact. Everything else would require larger changes to libassuan.
Diffstat
-rw-r--r--g10/call-agent.c6
-rw-r--r--sm/call-agent.c5
2 files changed, 10 insertions, 1 deletions
diff --git a/g10/call-agent.c b/g10/call-agent.c
index e6d142c62..20235d2ad 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1616,7 +1616,7 @@ agent_get_passphrase (const char *cache_id,
char *arg4 = NULL;
membuf_t data;
struct default_inq_parm_s dfltparm;
- int have_newsymkey;
+ int have_newsymkey, wasconf;
memset (&dfltparm, 0, sizeof dfltparm);
@@ -1668,10 +1668,14 @@ agent_get_passphrase (const char *cache_id,
xfree (arg4);
init_membuf_secure (&data, 64);
+ wasconf = assuan_get_flag (agent_ctx, ASSUAN_CONFIDENTIAL);
+ assuan_begin_confidential (agent_ctx);
rc = assuan_transact (agent_ctx, line,
put_membuf_cb, &data,
default_inq_cb, &dfltparm,
NULL, NULL);
+ if (!wasconf)
+ assuan_end_confidential (agent_ctx);
if (rc)
xfree (get_membuf (&data, NULL));
diff --git a/sm/call-agent.c b/sm/call-agent.c
index c4afd27d7..438da5112 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -1306,6 +1306,7 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
char *arg4 = NULL;
membuf_t data;
struct default_inq_parm_s inq_parm;
+ int wasconf;
*r_passphrase = NULL;
@@ -1324,9 +1325,13 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
xfree (arg4);
init_membuf_secure (&data, 64);
+ wasconf = assuan_get_flag (agent_ctx, ASSUAN_CONFIDENTIAL);
+ assuan_begin_confidential (agent_ctx);
err = assuan_transact (agent_ctx, line,
put_membuf_cb, &data,
default_inq_cb, &inq_parm, NULL, NULL);
+ if (!wasconf)
+ assuan_end_confidential (agent_ctx);
if (err)
xfree (get_membuf (&data, NULL));
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-14 01:09:48 +0000