[Pkg-gnupg-commit] [gnupg2] 77/185: agent: Support unprotected ssh keys.

[Daniel Kahn Gillmor]

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit 273964798592cd479c111f47e8ce46d5b1999d6a
Author: Justus Winter <justus at g10code.com>
Date:   Mon Jun 26 14:54:39 2017 +0200

    agent: Support unprotected ssh keys.
    
    * agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty
    passphrase is supplied, do not protect the key.
    
    GnuPG-bug-id: 2856
    Signed-off-by: Justus Winter <justus at g10code.com>
---
 agent/command-ssh.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index e450aed..c5897ef 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2980,6 +2980,7 @@ ssh_key_extract_comment (gcry_sexp_t key, char **r_comment)
 
 /* This function converts the key contained in the S-Expression KEY
    into a buffer, which is protected by the passphrase PASSPHRASE.
+   If PASSPHRASE is the empty passphrase, the key is not protected.
    Returns usual error code.  */
 static gpg_error_t
 ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
@@ -3000,7 +3001,17 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
   gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n);
   /* FIXME: guarantee?  */
 
-  err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1);
+  if (*passphrase)
+    err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1);
+  else
+    {
+      /* The key derivation function does not support zero length
+       * strings.  Store key unprotected if the user wishes so.  */
+      *buffer = buffer_new;
+      *buffer_n = buffer_new_n;
+      buffer_new = NULL;
+      err = 0;
+    }
 
  out:
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git