agent: Supply GRIP=NULL for agent_key_from_file, for real use.

* agent/findkey.c (agent_key_from_file): Change the semantics of
GRIP.  Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH.
* agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL.
* agent/pksign.c (agent_pksign_do): Likewise.

--

GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

3 files changed, 19 insertions, 18 deletions

diff --git a/agent/findkey.c b/agent/findkey.c
index 45c374d94..87289eced 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -962,7 +962,10 @@ remove_key_file (const unsigned char *grip)
 
 
 /* Return the secret key as an S-Exp in RESULT after locating it using
-   the GRIP.  If the operation shall be diverted to a token, an
+   the GRIP.  Caller should set GRIP=NULL, when a key in a file is
+   intended to be used for cryptographic operation.  In this case,
+   CTRL->keygrip is used to locate the file, and it may ask a user for
+   confirmation.  If the operation shall be diverted to a token, an
    allocated S-expression with the shadow_info part from the file is
    stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO.
    CACHE_MODE defines now the cache shall be used.  DESC_TEXT may be
@@ -999,13 +1002,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
   if (r_timestamp)
     *r_timestamp = (time_t)(-1);
 
-  err = read_key_file (grip, &s_skey, &keymeta);
-  if (err)
-    {
-      if (gpg_err_code (err) == GPG_ERR_ENOENT)
-        err = gpg_error (GPG_ERR_NO_SECKEY);
-      return err;
-    }
+  if (!grip && !ctrl->have_keygrip)
+    return gpg_error (GPG_ERR_NO_SECKEY);
+
+  err = read_key_file (grip? grip : ctrl->keygrip, &s_skey, &keymeta);
 
   /* For use with the protection functions we also need the key as an
      canonical encoded S-expression in a buffer.  Create this buffer
@@ -1087,14 +1087,15 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
                                           &desc_text_final);
         gcry_free (comment_buffer);
 
-	if (!err)
-	  {
-	    err = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
-                            cache_mode, lookup_ttl, r_passphrase);
-	    if (err)
-	      log_error ("failed to unprotect the secret key: %s\n",
-			 gpg_strerror (err));
-	  }
+        if (!err)
+          {
+            err = unprotect (ctrl, cache_nonce, desc_text_final, &buf,
+                             grip? grip : ctrl->keygrip,
+                             cache_mode, lookup_ttl, r_passphrase);
+            if (err)
+              log_error ("failed to unprotect the secret key: %s\n",
+                         gpg_strerror (err));
+          }
 
 	xfree (desc_text_final);
       }
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index cf6c1491d..ba3d90469 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -68,7 +68,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
       log_printhex (ciphertext, ciphertextlen, "cipher: ");
     }
   err = agent_key_from_file (ctrl, NULL, desc_text,
-                             ctrl->keygrip, &shadow_info,
+                             NULL, &shadow_info,
                              CACHE_MODE_NORMAL, NULL, &s_skey, NULL, NULL);
   if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
     no_shadow_info = 1;
diff --git a/agent/pksign.c b/agent/pksign.c
index 170dc9644..a4aff041b 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -314,7 +314,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
   if (!ctrl->have_keygrip)
     return gpg_error (GPG_ERR_NO_SECKEY);
 
-  err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
+  err = agent_key_from_file (ctrl, cache_nonce, desc_text, NULL,
                              &shadow_info, cache_mode, lookup_ttl,
                              &s_skey, NULL, NULL);
   if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)