1 files changed, 22 insertions, 3 deletions

diff --git a/sm/decrypt.c b/sm/decrypt.c
index bd6f61038..bac63e1bc 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -515,7 +515,7 @@ pwri_parse_pbkdf2 (const unsigned char *der, size_t derlen,
  *
  */
 static gpg_error_t
-pwri_decrypt (gcry_sexp_t enc_val,
+pwri_decrypt (ctrl_t ctrl, gcry_sexp_t enc_val,
               unsigned char **r_result, unsigned int *r_resultlen,
               struct decrypt_filter_parm_s *parm)
 {
@@ -541,6 +541,7 @@ pwri_decrypt (gcry_sexp_t enc_val,
   unsigned int saltlen;
   unsigned long iterations;
   enum gcry_md_algos digest_algo;
+  char *passphrase = NULL;
 
 
   *r_resultlen = 0;
@@ -654,10 +655,23 @@ pwri_decrypt (gcry_sexp_t enc_val,
       goto leave;
     }
 
-  err = gcry_kdf_derive ("abc", 3,
+  err = gpgsm_agent_ask_passphrase
+    (ctrl,
+     i18n_utf8 (N_("Please enter the password for decryption.")),
+     0, &passphrase);
+  if (err)
+    goto leave;
+
+  err = gcry_kdf_derive (passphrase, strlen (passphrase),
                          GCRY_KDF_PBKDF2, digest_algo,
                          salt, saltlen, iterations,
                          keklen, kek);
+  if (passphrase)
+    {
+      wipememory (passphrase, strlen (passphrase));
+      xfree (passphrase);
+      passphrase = NULL;
+    }
   if (err)
     {
       log_error ("deriving key from passphrase failed: %s\n",
@@ -732,6 +746,11 @@ pwri_decrypt (gcry_sexp_t enc_val,
       wipememory (result, resultlen);
       xfree (result);
     }
+  if (passphrase)
+    {
+      wipememory (passphrase, strlen (passphrase));
+      xfree (passphrase);
+    }
   gcry_cipher_close (encr_hd);
   xfree (derive_algo_str);
   xfree (encr_algo_str);
@@ -786,7 +805,7 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip,
       if (rc)
         goto leave;
 
-      rc = pwri_decrypt (s_enc_val, &decrypted, &decryptedlen, parm);
+      rc = pwri_decrypt (ctrl, s_enc_val, &decrypted, &decryptedlen, parm);
       gcry_sexp_release (s_enc_val);
       if (rc)
         goto leave;