gpg,gpgsm: Hide password in debug output also for asked passwords.

* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

GnuPG-bug-id: 6654

The drawback of this solution is that we don't see any IPC lines from
the assuan_transact.  Everything else would require larger changes to
libassuan.

1 files changed, 5 insertions, 1 deletions

diff --git a/g10/call-agent.c b/g10/call-agent.c
index 4defa7990..c90cdfda5 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1995,7 +1995,7 @@ agent_get_passphrase (const char *cache_id,
   char *arg4 = NULL;
   membuf_t data;
   struct default_inq_parm_s dfltparm;
-  int have_newsymkey;
+  int have_newsymkey, wasconf;
 
   memset (&dfltparm, 0, sizeof dfltparm);
 
@@ -2047,10 +2047,14 @@ agent_get_passphrase (const char *cache_id,
   xfree (arg4);
 
   init_membuf_secure (&data, 64);
+  wasconf = assuan_get_flag (agent_ctx, ASSUAN_CONFIDENTIAL);
+  assuan_begin_confidential (agent_ctx);
   rc = assuan_transact (agent_ctx, line,
                         put_membuf_cb, &data,
                         default_inq_cb, &dfltparm,
                         NULL, NULL);
+  if (!wasconf)
+    assuan_end_confidential (agent_ctx);
 
   if (rc)
     xfree (get_membuf (&data, NULL));