agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.

* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. (cmd_put_secret): Likewise. * scd/command.c (pin_cb): Likewise. -- GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-01-03 12:11:33 +01:00 · 2022-05-25 14:53:06 +09:00 · 2022-05-25 14:53:06 +09:00 · 052f58422d
commit 052f58422d
parent 8e859331ea
3 changed files with 23 additions and 5 deletions
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@ -384,7 +384,12 @@ inq_needpin (void *opaque, const char *line)
      rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
                            line, pin, pinlen);
      if (!rc)
-        rc = assuan_send_data (parm->ctx, pin, pinlen);
+        {
+          assuan_begin_confidential (parm->ctx);
+          rc = assuan_send_data (parm->ctx, pin, pinlen);
+          assuan_end_confidential (parm->ctx);
+        }
+      wipememory (pin, pinlen);
      xfree (pin);
    }
  else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT")))
--- a/agent/command.c
+++ b/agent/command.c
@ -2387,7 +2387,11 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)

      rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%zu", maxlen);
      if (!rc)
-	rc = assuan_inquire (ctx, "PASSPHRASE", &passphrase, &len, maxlen);
+        {
+          assuan_begin_confidential (ctx);
+          rc = assuan_inquire (ctx, "PASSPHRASE", &passphrase, &len, maxlen);
+          assuan_end_confidential (ctx);
+        }
    }
  else
    rc = set_error (GPG_ERR_NOT_IMPLEMENTED, "passphrase is required");
@ -2396,7 +2400,10 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
    {
      rc = agent_put_cache (ctrl, grip_clear, CACHE_MODE_ANY, passphrase, ttl);
      if (opt_inquire)
-	xfree (passphrase);
+        {
+	  wipememory (passphrase, len);
+          xfree (passphrase);
+        }
    }

 leave:
@ -3219,8 +3226,12 @@ cmd_put_secret (assuan_context_t ctx, char *line)
    {
      err = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u",MAXLEN_PUT_SECRET);
      if (!err)
-        err = assuan_inquire (ctx, "SECRET",
-                              &value, &valuelen, MAXLEN_PUT_SECRET);
+        {
+          assuan_begin_confidential (ctx);
+          err = assuan_inquire (ctx, "SECRET",
+                                &value, &valuelen, MAXLEN_PUT_SECRET);
+          assuan_end_confidential (ctx);
+        }
      if (err)
        goto leave;
    }
--- a/scd/command.c
+++ b/scd/command.c
@ -978,7 +978,9 @@ pin_cb (void *opaque, const char *info, char **retstr)

  /* Fixme: Write an inquire function which returns the result in
     secure memory and check all further handling of the PIN. */
+  assuan_begin_confidential (ctx);
  rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN);
+  assuan_end_confidential (ctx);
  xfree (command);
  if (rc)
    return rc;