nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00
Code Issues Projects Releases Wiki Activity

Pageant: allow adding encrypted key to cleartext.

Browse Source 
The protocol already allowed adding an encrypted form to a cleartext key
already held by the agent, and you might want to do so if, say, the key
happened to originally be added in cleartext-only form but you want to
be able to forget that with 'pageant -R' in future.
This commit is contained in:
Jacob Nevins 2021-04-05 15:07:09 +01:00
parent 70a31df9f1
commit 569fc2681c
1 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pageant.c
View File

@ -1989,24 +1989,38 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase,
for (size_t i = 0; i < kl->nkeys; i++) { for (size_t i = 0; i < kl->nkeys; i++) {
/* /*
* If the key already exists in the agent, we're done * If the key already exists in the agent, we're done,
* ... *unless* it's encrypted in the agent and we're * except in the following special cases:
* being asked to add it unencrypted, in which case we
* still want to upload the unencrypted version to
* cause the key to become decrypted.
* *
* It's encrypted in the agent, and we're being asked
* to add it unencrypted, in which case we still want
* to upload the unencrypted version to cause the key
* to become decrypted.
* (Rationale: if you know in advance you're going to * (Rationale: if you know in advance you're going to
* want it, and don't want to be interrupted at an * want it, and don't want to be interrupted at an
* unpredictable moment to be asked for the * unpredictable moment to be asked for the
* passphrase.) * passphrase.)
*
* The agent only has cleartext, and we're being asked
* to add it encrypted, in which case we'll add the
* encrypted form.
* (Rationale: if you might want to re-encrypt the key
* at some future point, but it happened to have been
* initially added in cleartext, perhaps by something
* other than Pageant.)
*/ */
if (ptrlen_eq_ptrlen(ptrlen_from_strbuf(blob), if (ptrlen_eq_ptrlen(ptrlen_from_strbuf(blob),
kl->keys[i].blob)) { kl->keys[i].blob)) {
bool have_unencrypted = bool have_unencrypted =
!(kl->keys[i].flags & !(kl->keys[i].flags &
LIST_EXTENDED_FLAG_HAS_NO_CLEARTEXT_KEY); LIST_EXTENDED_FLAG_HAS_NO_CLEARTEXT_KEY);
if (have_unencrypted || add_encrypted) { bool have_encrypted =
/* Key is already present; we can now leave. */ (kl->keys[i].flags &
LIST_EXTENDED_FLAG_HAS_ENCRYPTED_KEY_FILE);
if ((have_unencrypted && !add_encrypted)
|| (have_encrypted && add_encrypted)) {
/* Key is already present in the desired form;
* we can now leave. */
keylist_free(kl); keylist_free(kl);
strbuf_free(blob); strbuf_free(blob);
return PAGEANT_ACTION_OK; return PAGEANT_ACTION_OK;