From bafa7bf27f7d059708d73abc739dbd4e5f5c5682 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 9 Nov 2023 13:36:12 +0900
Subject: gpg,sm: Set confidential in assuan communication for password.

* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.

--

Cherry pick from master commit of:
	ec1446f9446506b5fbdf90cdeb9cbe1f410a657e

GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/call-agent.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'g10/call-agent.c')

diff --git a/g10/call-agent.c b/g10/call-agent.c
index eb9f8e29b..4defa7990 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -161,6 +161,7 @@ default_inq_cb (void *opaque, const char *line)
             || has_leading_keyword (line, "NEW_PASSPHRASE"))
            && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
     {
+      assuan_begin_confidential (parm->ctx);
       if (have_static_passphrase ())
         {
           s = get_static_passphrase ();
@@ -187,6 +188,7 @@ default_inq_cb (void *opaque, const char *line)
             err = assuan_send_data (parm->ctx, pw, strlen (pw));
           xfree (pw);
         }
+      assuan_end_confidential (parm->ctx);
     }
   else if ((s = has_leading_keyword (line, "CONFIRM"))
            && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK
-- 
cgit v1.2.3


From def8f5f3d28bd5b19fd68e9fbd2eeb1d04c08db1 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 14 Nov 2023 15:08:20 +0100
Subject: gpg,gpgsm: Hide password in debug output also for asked passwords.

* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

GnuPG-bug-id: 6654

The drawback of this solution is that we don't see any IPC lines from
the assuan_transact.  Everything else would require larger changes to
libassuan.
---
 g10/call-agent.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'g10/call-agent.c')

diff --git a/g10/call-agent.c b/g10/call-agent.c
index 4defa7990..c90cdfda5 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1995,7 +1995,7 @@ agent_get_passphrase (const char *cache_id,
   char *arg4 = NULL;
   membuf_t data;
   struct default_inq_parm_s dfltparm;
-  int have_newsymkey;
+  int have_newsymkey, wasconf;
 
   memset (&dfltparm, 0, sizeof dfltparm);
 
@@ -2047,10 +2047,14 @@ agent_get_passphrase (const char *cache_id,
   xfree (arg4);
 
   init_membuf_secure (&data, 64);
+  wasconf = assuan_get_flag (agent_ctx, ASSUAN_CONFIDENTIAL);
+  assuan_begin_confidential (agent_ctx);
   rc = assuan_transact (agent_ctx, line,
                         put_membuf_cb, &data,
                         default_inq_cb, &dfltparm,
                         NULL, NULL);
+  if (!wasconf)
+    assuan_end_confidential (agent_ctx);
 
   if (rc)
     xfree (get_membuf (&data, NULL));
-- 
cgit v1.2.3