diff options
| author | James Bottomley via Gnupg-devel <[email protected]> | 2022-01-14 13:49:33 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-01-24 21:22:05 +0000 |
| commit | af2fbd9b01a1ef6e4c378db03c4a289c342f7a66 (patch) | |
| tree | 80d20960d9930798de62d028524bab9f17d94eb3 /agent/call-tpm2d.c | |
| parent | gpg: Print Yubikey version correctly. (diff) | |
| download | gnupg-af2fbd9b01a1ef6e4c378db03c4a289c342f7a66.tar.gz gnupg-af2fbd9b01a1ef6e4c378db03c4a289c342f7a66.zip | |
agent: always use hexgrip when storing key password
--
The current code uses the binary ctrl->keygrip, but all the passphrase
storage engines expect this to be a string, so convert the binary
keygrip to a hex one before passing it in as the keyid. This fixes a
crash seen in some libsecret implementations where a non-ascii keyid
isn't well handled.
Signed-off-by: James Bottomley <[email protected]>
Diffstat (limited to 'agent/call-tpm2d.c')
| -rw-r--r-- | agent/call-tpm2d.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/agent/call-tpm2d.c b/agent/call-tpm2d.c index 6fae5d85a..1048c7d63 100644 --- a/agent/call-tpm2d.c +++ b/agent/call-tpm2d.c @@ -141,14 +141,17 @@ agent_tpm2d_writekey (ctrl_t ctrl, unsigned char **shadow_info, static gpg_error_t pin_cb (ctrl_t ctrl, const char *prompt, char **passphrase) { - *passphrase = agent_get_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER); + char hexgrip[2*KEYGRIP_LEN + 1]; + + bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip); + *passphrase = agent_get_cache (ctrl, hexgrip, CACHE_MODE_USER); if (*passphrase) return 0; return agent_get_passphrase(ctrl, passphrase, _("Please enter your passphrase, so that the " "secret key can be unlocked for this session"), prompt, NULL, 0, - ctrl->keygrip, CACHE_MODE_USER, NULL); + hexgrip, CACHE_MODE_USER, NULL); } int @@ -160,6 +163,7 @@ agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest, char line[ASSUAN_LINELENGTH]; membuf_t data; struct inq_parm_s inqparm; + char hexgrip[2*KEYGRIP_LEN + 1]; rc = start_tpm2d (ctrl); if (rc) @@ -183,7 +187,10 @@ agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest, inq_extra, &inqparm, NULL, NULL); if (!rc) - agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0); + { + bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip); + agent_put_cache (ctrl, hexgrip, CACHE_MODE_USER, inqparm.pin, 0); + } xfree (inqparm.pin); @@ -208,6 +215,7 @@ agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher, char line[ASSUAN_LINELENGTH]; membuf_t data; struct inq_parm_s inqparm; + char hexgrip[2*KEYGRIP_LEN + 1]; rc = start_tpm2d (ctrl); if (rc) @@ -231,7 +239,10 @@ agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher, inq_extra, &inqparm, NULL, NULL); if (!rc) - agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0); + { + bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip); + agent_put_cache (ctrl, hexgrip, CACHE_MODE_USER, inqparm.pin, 0); + } xfree (inqparm.pin); |