security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Make sure that we are not accidently working with the PIV app. 

* g10/call-agent.c (agent_scd_switchapp): New.
* g10/card-util.c (get_info_for_key_operation): Call it.
--

It may happen that the active card was last used for PIV and in that
case certain commands will fail because they assume the OpenPGP app.
Fortunately we have a pretty central place to assure that the right
app has been selected.

The bug can be easily noticed on Windows.

GnuPG-bug-id: 6378
This commit is contained in:
Werner Koch 2023-04-18 17:04:58 +02:00
parent f7e00dc73d
commit fa4f716917
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -31,6 +31,8 @@ Noteworthy changes in version 2.4.1 (unreleased)
* gpg: Make list-options "show-sig-subpackets" work again.
Fixes regression in 2.4.0. [rG5a223303d7]
* gpg: Fix the keytocard command for Yubikeys. [T6378]
Release-info: https://dev.gnupg.org/T6454

24
g10/call-agent.c
View File

@ -1700,6 +1700,30 @@ agent_scd_cardlist (strlist_t *result)
}
/* Make the app APPNAME the one on the card. This is sometimes
* required to make sure no other process has switched a card to
* another application. The only useful APPNAME is "openpgp". */
gpg_error_t
agent_scd_switchapp (const char *appname)
{
int err;
char line[ASSUAN_LINELENGTH];
if (appname && !*appname)
appname = NULL;
err = start_agent (NULL, (1 | FLAG_FOR_CARD_SUPPRESS_ERRORS));
if (err)
return err;
snprintf (line, DIM(line), "SCD SWITCHAPP --%s%s",
appname? " ":"", appname? appname:"");
return assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL,
NULL, NULL);
}
struct card_keyinfo_parm_s {
int error;

3
g10/call-agent.h
View File

@ -108,6 +108,9 @@ gpg_error_t agent_scd_keypairinfo (ctrl_t ctrl, const char *keyref,
/* Return list of cards. */
int agent_scd_cardlist (strlist_t *result);
/* Switch/assure a certain application. */
gpg_error_t agent_scd_switchapp (const char *appname);
/* Free a keypair info list. */
void free_keypair_info (keypair_info_t l);

1
g10/card-util.c
View File

@ -1289,6 +1289,7 @@ get_info_for_key_operation (struct agent_card_info_s *info)
int rc;
memset (info, 0, sizeof *info);
agent_scd_switchapp ("openpgp");
rc = agent_scd_getattr ("SERIALNO", info);
if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
|| strlen (info->serialno) != 32 )