[Pkg-gnupg-commit] [gnupg2] 11/112: agent: Add known keys to sshcontrol.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 30 17:48:13 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 270f7f7b8b235cc93516566702e2a1d256605cca
Author: Justus Winter <justus at g10code.com>
Date: Tue Jul 19 16:48:38 2016 +0200
agent: Add known keys to sshcontrol.
* agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
even if it is already in the private key store.
* tests/openpgp/ssh.scm: Test this.
GnuPG-bug-id: 2316
Signed-off-by: Justus Winter <justus at g10code.com>
---
agent/command-ssh.c | 16 +++++++++-------
tests/openpgp/ssh.scm | 12 ++++++++++++
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index e3cd4b9..48f1b3d 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3152,8 +3152,8 @@ reenter_compare_cb (struct pin_entry_info_s *pi)
/* Store the ssh KEY into our local key storage and protect it after
asking for a passphrase. Cache that passphrase. TTL is the
maximum caching time for that key. If the key already exists in
- our key storage, don't do anything. When entering a new key also
- add an entry to the sshcontrol file. */
+ our key storage, don't do anything. When entering a key also add
+ an entry to the sshcontrol file. */
static gpg_error_t
ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
gcry_sexp_t key, int ttl, int confirm)
@@ -3175,15 +3175,17 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
if (err)
goto out;
- /* Check whether the key is already in our key storage. Don't do
- anything then. */
- if ( !agent_key_available (key_grip_raw) )
- goto out; /* Yes, key is available. */
+ bin2hex (key_grip_raw, 20, key_grip);
err = ssh_get_fingerprint_string (key, &key_fpr);
if (err)
goto out;
+ /* Check whether the key is already in our key storage. Don't do
+ anything then besides (re-)adding it to sshcontrol. */
+ if ( !agent_key_available (key_grip_raw) )
+ goto key_exists; /* Yes, key is available. */
+
err = ssh_key_extract_comment (key, &comment);
if (err)
goto out;
@@ -3249,11 +3251,11 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
goto out;
/* Cache this passphrase. */
- bin2hex (key_grip_raw, 20, key_grip);
err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl);
if (err)
goto out;
+ key_exists:
/* And add an entry to the sshcontrol file. */
err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm);
diff --git a/tests/openpgp/ssh.scm b/tests/openpgp/ssh.scm
index cc47772..fe0b115 100755
--- a/tests/openpgp/ssh.scm
+++ b/tests/openpgp/ssh.scm
@@ -50,3 +50,15 @@
(unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
(error "key not added"))))
car keys)
+
+(info "Checking for issue2316...")
+(unlink (string-append GNUPGHOME "/sshcontrol"))
+(pipe:do
+ (pipe:open (path-join (in-srcdir "samplekeys")
+ (string-append "ssh-rsa.key"))
+ (logior O_RDONLY O_BINARY))
+ (pipe:spawn `(,SSH-ADD -)))
+(unless
+ (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "")
+ "MD5:c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
+ (error "known private key not (re-)added to sshcontrol"))
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list