security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-09 23:39:51 +02:00
Code Activity
9,607 Commits 100 Branches 301 Tags 69 MiB
9b297a9d44
Commit Graph

998 Commits

Author SHA1 Message Date
Werner Koch
dd727ec968
scd: Renamed a constant in ccid-driver.c 
* scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
--

Just for documentation reasons.
 2022-04-14 10:26:40 +02:00
Werner Koch
6294ae282d
scd: Minor code reorganization 
* scd/ccid-driver.c: Move struct defines to the top.
--
 2022-04-14 10:15:23 +02:00
Werner Koch
8ac92f0e80
scd: Fix memory leak in ccid-driver. 
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--

Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers.  In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.

Fixes-commit: 8a41e73c31
 2022-04-14 10:15:23 +02:00
Werner Koch
618aa8689a
scd:p15: Improve the PIN prompt for Genua cards. 
* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
(cardproduct2str): Add it.
(read_p15_info): Detect and set GENUA
(make_pin_prompt): Take holder string from the AODF.
 2022-04-13 13:06:27 +02:00
Werner Koch
0dcc249852
scd: Support for GeNUA cards. 
* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
cards.
 2022-04-11 17:48:45 +02:00
NIIBE Yutaka
f584ad9504 scd,tpm2d: Fix for consistent use of socket FD. 
* scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument
but no INT2FD to listen.  Use GNUPG_INVALID_FD.
* tpm2d/command.c (tpm2d_command_handler): Likewise.
* scd/scdaemon.c (start_connection_thread): Follow the change.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
* scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t.
* tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-31 21:03:13 +09:00
NIIBE Yutaka
a67a09be30 scd,w32: Fix socket resource leak. 
* scd/scdaemon.c (main): Use gnupg_fd_t for socket, and use
assuan_sock_close for the socket allocated by assuan_sock_new.
(handle_connections): Use gnupg_fd_t for listen_fd.
Use assuan_sock_close for the socket by npth_accept.

--

GnuPG-bug-id: 5029
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-29 09:55:02 +09:00
NIIBE Yutaka
c6dd9ff929 scd: Fix DEVINFO with no --watch. 
* scd/app.c (app_send_devinfo): Fix for outputing once.
* scd/command.c (hlp_devinfo): Fix comment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-15 15:19:11 +09:00
NIIBE Yutaka
665b59a066 Fix previous commit. 
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-11 14:09:22 +09:00
NIIBE Yutaka
934864d399 scd: Enhance PASSWD command to accept KEYGRIP optionally. 
* scd/command.c (cmd_passwd): Handle KEYGRIP optionally.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-10 11:11:38 +09:00
NIIBE Yutaka
d577ed2956 scd: Use same idiom for same work. 
* scd/command.c (cmd_serialno, cmd_getattr): Use 'while' instead of
'for'.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-10 11:02:11 +09:00
NIIBE Yutaka
58e6990eaa scd: Fix PK_AUTH with --challenge-response option. 
* scd/app.c (app_auth): It's only APPTYPE_OPENPGP which supports
the challenge response interaction.
* scd/command.c (cmd_pkauth): It only wants if it works or not.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-04 10:11:38 +09:00
NIIBE Yutaka
44621120a2 scd: Add --challenge-response option to PK_AUTH for OpenPGP card. 
* scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix)
(sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up.
(gen_challenge): New.
(do_auth): Support challenge-response check if it signs correctly.
* scd/app.c (app_auth): Remove the check INDATA and INDATALEN.
* scd/command.c (cmd_pkauth): Support --challenge-response option.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-03 17:45:49 +09:00
NIIBE Yutaka
8e650dbd48 scd: Let READKEY support --format=ssh option. 
* scd/command.c (do_readkey): Support --format=ssh option.
* common/ssh-utils.c (ssh_public_key_in_base64): New.
* common/ssh-utils.h (ssh_public_key_in_base64): New declaration.

--

Code duplication (agent/command-ssh.c) will be cleaned up later.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-03-02 14:07:46 +09:00
Werner Koch
597253ca17
scd:p15: Used extended mode already for RSA 2048 
* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.
--
 2022-02-21 12:17:08 +01:00
NIIBE Yutaka
f9c9938b28 scd,pcsc: Fix error handling for a reader with reader-port. 
* scd/apdu.c (apdu_open_reader): Make sure dl->idx is always
incremented to handle error from open_pcsc_reader correctly.

--

Reported-by: Anže Jenšterle
GnuPG-bug-id: 5758
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2022-01-04 14:56:29 +09:00
NIIBE Yutaka
a575b0aba5 scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE. 
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.

--

GnuPG-bug-id: 5682
Co-authored-by: Klas Lindfors
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-11-15 11:40:41 +09:00
Jakub Jelen
c0b1bcc5c6 scd: Avoid memory leak. 
* scd/command.c (cmd_readkey): Free allocated memory on failure path.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2021-11-12 15:35:38 +09:00
Werner Koch
c36f9917bb
scd: Add new OpenPGP card vendor. 
--
 2021-11-04 16:35:41 +01:00
NIIBE Yutaka
49f7fcb90b scd: Simplify the loop of DEVINFO. 
* scd/app.c (app_send_devinfo): Factor out lock/unlock.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-11-02 14:06:16 +09:00
NIIBE Yutaka
99e00ec6db scd: Fix the previous commit. 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-29 11:47:17 +09:00
NIIBE Yutaka
48e824b6ea scd: Modify DEVINFO behavior to support looping forever. 
* scd/app.c (struct mrsw_lock): Add notify_cond member.
(notify_cond): Remove.
(card_list_r_lock, card_list_r_unlock): Rename.
(card_list_w_lock, card_list_w_unlock): Rename.
(card_list_signal, card_list_wait): New, fixing thinko about
notify/wakeup with MRSW lock.
(app_send_devinfo): Support looping.
(select_application): Notify app_send_devinfo thread for newly
detected device.
(initialize_module_command): Initialize notify_cond member.
(app_wait): Remove.
* scd/command.c (cmd_devinfo): Use new API of app_send_devinfo.
* scd/scdaemon.h (app_wait): Remove.

--

GnuPG-bug-id: 5359
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-29 10:58:26 +09:00
NIIBE Yutaka
3918fa1a94 agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep. 
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-10-05 14:05:56 +09:00
Werner Koch
255d4d5815
sm: Add LotW support to the key listing 
* sm/certdump.c (parse_dn_part): Translate OID to "Callsign"
* sm/keylist.c (oidtranstbl): Some more OIDs.
--

This is Ham thingy to make it easier to read LotW certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-09-09 13:30:22 +02:00
NIIBE Yutaka
1565baa93a scd: Don't release the context until list_finish for PC/SC. 
* scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here.
(apdu_dev_list_finish): Decrement PCSC.COUNT.

--

GnuPG-bug-id: 5416
Fixes-commit: 32baa9acfb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-08-20 15:22:28 +09:00
NIIBE Yutaka
5c8124b8b9 scd: Small clean up for card access. 
* scd/app.c (app_get_challenge): Remove the check to ref_count.
* scd/command.c (send_client_notifications): Update comments.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-22 11:22:47 +09:00
NIIBE Yutaka
50ad29f9a7 scd: Fix direct use of card with no ctrl->card_ctx. 
* scd/app.c (maybe_switch_app): Remove check of ref_count.

--

Fixes-commit: 0d6b4210cf
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-22 09:43:30 +09:00
NIIBE Yutaka
0d6b4210cf scd: Fix access to list of cards (3/3). 
* scd/app-common.h (card_reset): Simplify more.
(select_additional_application): Supply CARD.
(card_ref, card_unref): Remove.
(card_get, card_put): New.
* scd/app.c (card_reset): No locking/unlocking inside.
(app_switch_current_card): Fix comment.
(select_additional_application): No locking/unlocking inside.
(do_with_keygrip): New, unlocked version.
(card_get): New, with support of KEYGRIP.
(card_unref): Remove.
(card_put): New.
(app_write_learn_status, app_readcert: No locking/unlocking inside.
(app_readkey, app_getattr, app_setattr, app_sign, app_auth): Likewise.
(app_decipher, app_writecert, app_writekey): Likewise.
(app_genkey, app_get_challenge, app_change_pin): Likewise.
(app_check_pin, app_switch_active_app): Likewise.
* scd/command.c (do_reset): Use card_get/card_put.
(open_card_with_request): Use card_get/card_put, return CARD locked.
(cmd_serialno): Follow the change of open_card_with_request.
(cmd_switchapp): Use card_get/card_put.
(cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign): Likewise.
(cmd_pkauth, cmd_pkdecrypt, cmd_getattr): Likewise.
(cmd_setattr, cmd_writecert, cmd_writekey): Likewise.
(cmd_genkey, cmd_random, cmd_passwd): Likewise.
(cmd_checkpin, cmd_getinfo, cmd_restart): Likewise.
(cmd_disconnect, cmd_apdu, cmd_devinfo): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 17:22:26 +09:00
NIIBE Yutaka
b436fb6766 scd: Fix access to list of cards (2/3). 
* scd/app-common.h (card_reset, select_application): Simplify.
* scd/app.c (card_reset, select_application): Simplify.
* scd/command.c (do_reset): Follow the change.
(open_card, open_card_with_request): Follow the change.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 15:59:03 +09:00
NIIBE Yutaka
216945a80e scd: Fix access to list of cards (1/3). 
* scd/app.c (card_list_lock): Use MRSW lock.
(lock_r_card_list, unlock_r_card_list): New.
(lock_w_card_list, unlock_w_card_list): New.
(app_dump_state, app_send_devinfo): Use the MRSW lock.
(select_application, app_switch_current_card): Likewise.
(scd_update_reader_status_file): Likewise.
(initialize_module_command, send_card_and_app_list): Likewise.
(app_do_with_keygrip, app_wait): Likewise.

--

GnuPG-bug-id: 5524
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-21 15:34:16 +09:00
Werner Koch
924c8221fb
scd: Silence compiler waring about unused args. 
--
 2021-07-08 14:11:10 +02:00
NIIBE Yutaka
044e5a3c38 scd: Detect external interference when PCSC_SHARED. 
* scd/app-common.h (check_aid): New method.
* scd/app-openpgp.c (do_check_aid): New.
* scd/app-piv.c (do_check_aid): New.
* scd/app.c (check_external_interference): New.
(maybe_switch_app): Check interference to determine switching is
needed.

--

GnuPG-bug-id: 5484
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-07-06 14:52:29 +09:00
NIIBE Yutaka
25ae80b8eb scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer. 
* scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-23 12:08:20 +09:00
Werner Koch
e387cc97c8
scd:p15: Prepare AODF parsing for other authentication types. 
* scd/app-p15.c (auth_type_t): New.
(struct aodf_object_s): Add field auth_type.
(read_ef_aodf): Distinguish between pin and authkey types.  Include
the authtype in the verbose mode diags.
--

Note that the bulk of chnages are just indentation chnages.  There
should be no functional change.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-22 11:11:46 +02:00
Werner Koch
029924a46e
scd:p15: Add pre-check for ascii-numeric PINs. 
* scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
 2021-06-18 18:02:08 +02:00
Werner Koch
544ec7872a
scd:p15: Add basic support for AET JCOP cards. 
* scd/app-p15.c (CARD_TYPE_AET): New.
(cardtype2str): Add string.
(card_atr_list): Add corresponding ATR.
(app_local_s): New flag no_extended_mode.  Turn two other flags into
bit flags.
(select_ef_by_path): Hack to handle the 3FFF thing.
(readcert_by_cdf): Do not use etxended mode for AET.
(app_select_p15): Set no_extended_mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
Werner Koch
7a8545c91b
scd:p15: Handle cards with bad encoded path objects. 
* scd/app-p15.c (read_ef_prkdf, read_ef_pukdf)
(read_ef_cdf, read_ef_aodf): Allow for a zero length path and
correctly skip unsupported auth types.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
Werner Koch
44f977d0e3
scd: Improve reading of binary records. 
* scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the
same as 6b00.
* scd/apdu.c (apdu_get_atr): Modify debug messages.
* scd/app-p15.c (app_select_p15): Print FCI on error.
(read_p15_info): Clean up diag in presence of debug options.
--

Some cards return 6a86 instead of 6b00.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-06-18 17:42:38 +02:00
NIIBE Yutaka
7718244168 scd: Fix RESET handling. 
* scd/app.c (scd_update_reader_status_file): Clear ->reset_requested.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-17 16:07:09 +09:00
NIIBE Yutaka
4e02db75e3 scd: Support clearing of Reset Code by ''. 
* scd/app-openpgp.c (do_change_pin): Allow null-string.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-11 13:42:01 +09:00
Werner Koch
cd53c6d0f3
scd: Add new card vendor. 
--
 2021-06-10 21:55:36 +02:00
NIIBE Yutaka
c3a9ee0b65 scd: Fix serial number detection for Yubikey 5. 
* scd/app.c (app_new_register): Handle serial number correctly.

--

GnuPG-bug-id: 5442
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-08 10:37:48 +09:00
NIIBE Yutaka
ee5b6af370 scd: Fix READER-PORT option handling for PC/SC. 
* scd/apdu.c (apdu_open_reader): READERNO should be -1 when
READER-PORT is specified for PC/SC.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-06-07 11:38:25 +09:00
NIIBE Yutaka
5b1806454c scd: Fix zero-byte handling in ECC. 
* scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte.

--

Fixes-commit: a25c99b156
GnuPG-bug-id: 5163
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-28 11:34:56 +09:00
Jakub Jelen
27e7bde12e
scd: avoid memory leaks 
* scd/app-p15.c (send_certinfo): free labelbuf
  (do_sign): goto leave instead of return
* scd/app-piv.c (do_sign): goto leave instead of return, fix typo in
  variable name, avoid using uninitialized variables
* scd/command.c (cmd_genkey): goto leave instead of return

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
 2021-05-20 14:48:18 +02:00
Ingo Klöcker
65bc5ea95e scd:p15: Fix logic for appending product name to MANUFACTURER. 
* scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
manufacturer_id does not already contain a bracket and if we have a
product name.
 2021-05-18 09:45:06 +02:00
NIIBE Yutaka
58b330e935 scd: Remove wrong assertion and add protection to PCSC.COUNT. 
* scd/apdu.c (apdu_dev_list_finish): Fix for calling
release_pcsc_context.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-14 13:06:10 +09:00
Werner Koch
965bb0693c
A few minor code cleanups and typo fixes. 
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
 2021-05-11 09:06:34 +02:00
NIIBE Yutaka
32baa9acfb scd: Serialize READER_TABLE access for PC/SC. 
* scd/apdu.c (apdu_dev_list_start): Remove locking READER_TABLE_LOCK.
Don't increment PCSC.COUNT here.
(apdu_dev_list_finish): Don't decrement PCSC.COUNT here.
(apdu_open_reader): Protect access with READER_TABLE_LOCK.

--

GnuPG-bug-id: 5416
Fixes-commit: 8d81fd7c01
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-11 10:25:12 +09:00
NIIBE Yutaka
ec5591dc4e scd: Fix close_pcsc_reader. 
* scd/apdu.c (close_pcsc_reader): Don't touch .RDRNAME field.
(apdu_dev_list_finish): Clear .RDRNAME field and replace call of
close_pcsc_reader by release_pcsc_context.  Add assertion.

--

GnuPG-bug-id: 5416
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 2021-05-10 10:49:21 +09:00