| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids needing to setgid gpg-agent. It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one. If there are other protections we should do them too.
This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.
The remaining options for debugging are:
* launch the agent from gdb directly
* connect gdb to a running agent as the superuser
Upstream bug: https://dev.gnupg.org/T1211
Gbp-Pq: Topic block-ptrace-on-secret-daemons
Gbp-Pq: Name Avoid-simple-memory-dumps-via-ptrace.patch
|
| |
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.
--
Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_setattr): Add new table item to flush a
different tag.
--
For whatever reasons the OpenPGP card reads the 3 CA fingerprints from
one object but sets them individually using 3 different tags. The
cache flushing was not prepared for this and so a changed CA
fingerprint showed only up after a card reset. This patch fixes it.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6)
Fixed conflict by removing the UIF-* entries from the table.
|
| |
|
|
|
|
|
| |
* scd/app.c (check_conflict): Ignore "undefined".
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.h (SW_HOST_CANCELLED): New.
* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
--
Cherry-picked master commit of:
2396055c096884d521c26b76f26263a146207c24
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (app_genkey): Add arg keytype.
* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
* scd/command.c (cmd_genkey): Adjust for change.
* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
args p1 and p2.
(iso7816_read_public_key): Adjust for this.
(iso7816_generate_keypair): Add new args p1 and p2.
* scd/app-openpgp.c (do_genkey): Adjust for changes.
--
The OpenPGP card creates keys according to parameters read from a data
object. Other cards we are about to implement require a direct
specification of the requested keytype. This patch implements the
required changes.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
change from int to unsigned int.
--
This is basically a documentation fix.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit c26af8ac263ea006ed32e110a09271e4bfbf1f37)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
--
The generic keyref allows for better error detection in case a keyref
is send to a wrong card. This has been taken from master commit
3231ecdafd71ac47b734469b07170756979ede72 which has additional changed
for gpg-card-tool, which is only available there.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (cmd_passwd): Add option --clear.
(send_status_printf): New.
* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
* scd/app-nks.c (do_change_pin): Return an error if that option is
used.
* scd/app-openpgp.c (do_change_pin): Ditto.
--
Card application may support this option to clear the PIN verification
status of a specific PIN.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 29929e65521279eabc98a67c766fe485057405a9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_send_direct): New arg R_SW.
* scd/command.c (cmd_apdu): Ditto.
* scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
(iso7816_general_authenticate): New.
* scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
arg.
--
iso7816_general_authenticate will be used for the PIV card support.
The new arg to iso7816_apdu_direct and apdu_send_direct allows to get
the raw status word back without the need to handle an output buffer.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 70bb5c7931598590b1acfae90bf4657f5911d2d3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
just handle this event as failure.
--
Cherry-picked from master commit:
5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa
It used to try another interrupt transfer request to make sure
if it fails again.
GnuPG-bug-id: 4308
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (set_prompt_cb): New member function.
(set_prompt_cb_ccid_reader): New function.
(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
(apdu_set_prompt_cb): New.
* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
* ccid-driver.c (ccid_set_prompt_cb): New.
(bulk_in): Call ->prompt_cb when timer extension.
* scd/command.c (popup_prompt): New.
--
Cherry-picked master commit of:
7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_learn_status): Report KDF attr.
* g10/card-util.c (current_card_status): Output KDF for with_colons.
--
Backport of master commit: 05d163aebc04db109ec5e004eb04a4b3796f6421
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
--
Cherry-picked from master commit of:
78f542e1f4495195db2e668f9cd41657fb1afc77
We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".
GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
(cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
|
| |
|
|
|
|
| |
* scd/app-openpgp.c (do_setattr): Clear auth state.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.
--
Gnuk has "admin-less" mode. To support "admin-less" mode with KDF
feature, salt should be same for user and admin. Thus, I introduce a
valid use of single salt.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.
--
In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent. Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA. But, many card
implementation uses P and Q, try this option. If other cases,
factory-reset would be easier option.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
* g10/card-util.c (gen_kdf_data, kdf_setup): New.
(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
* scd/app-openpgp.c (do_getattr): Emit KDF capability.
--
GnuPG-bug-id: 3823
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/scdaemon.c (setup_signal_mask): New.
(main): Call setup_signal_mask.
(handle_connections): Remove signal mask setup.
--
For new thread, signal mask is inherited by thread creation.
Thus, it is best to setup signal mask just after npth_init.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
to see if it's suspend/resume.
--
Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all
URBs are cancelled. We need to see if it's real NODEV error or its by
suspend/resume. We can distinguish by sending URB again.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (pcsc_send_apdu): Notify main loop after
fatal errors.
--
GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.
--
Normally SIGCONT or SIGUSR2 works for unblocking pselect. But on my
machine with GNU/Linux, when a machine is suspend/resume-ed, pselect
keeps blocked, while signal itself is delivered.
It's better to use pipe.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
Add debug log.
--
GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (struct reader_table_s): Add field of current_state.
(new_reader_slot): Initialize current_state.
(pcsc_get_status): Keep the status in READER_TABLE array.
Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
* scd/scdaemon.c (handle_connections): Silence a warning.
--
To detect some change of card status, including suspend/resume
possibly, SCardGetStatusChange should be used keeping the
dwCurrentState field.
This change could improve situation for suspend/resume with Yubikey on
Windows. Even not, this is doing the Right Thing.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--
This fixes a potential overflow if LFs are passed to the status
string functions. This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing. In any case the functions need to be more robust and
comply to the promised interface. Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.
For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.
Reported-by: private_pers
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.
--
Length check added by gniibe.
Signed-off-by: Arnaud Fontaine <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.
--
When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent. Now, it returns NULL for both
cases.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.
--
On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason. Use pipe instead, for such systems.
GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
(pin2hash_if_kdf): New.
(verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf.
(verify_chv2, do_sign): Follow the change of verify_a_chv.
(verify_chv3, do_change_pin): Use pin2hash_if_kdf.
--
GnuPG-bug-id: 3152
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/ccid-driver.c (do_close_reader): Set NULL on close.
(bulk_in): Move DEBUGOUT and check by EP_INTR.
(ccid_get_atr): Clear powered_off flag after initial status check.
--
Many card readers automatically turn on inserted card, but some
defaults to turning off at start.
GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--
GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
* scd/app.c (select_application): Always kick the loop if new APP.
* scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
(ccid_slot_status): Setup interrupt transfer when !ON_WIRE.
--
We can use the interrupt transfer to be notified about card status
change. In this case, we don't need to issue PC_to_RDR_GetSlotStatus
command. This change improve the setup the notification; it should be
done after registration of APP.
When the setup is done just after opening the USB connection (before
issuing PC_to_RDR_IccPowerOn), a reader might notifies about no card
availability (because of not yet powered on), even though the card is
ready to be powered on.
GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_decipher): Support larger length.
--
Reported-by: Achim Pietig <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--
Co-authored-by: Arnaud Fontaine <[email protected]>
Arnaud wrote:
Actually, when the incorrect expected response length (i.e. Le
field) is transmitted to the card, the card's answer is missing a
byte (i.e. ... 6101) so an additional command has to be sent to the
card to retrieve the last byte. Using the correct length avoids to
send the additional command to retrieve the missing byte, when the
computed length is wrong.
Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--
Note that only dirmngr did not call the chdir with --no-detach. thus
we kept it this way.
Tested gpg-agent by checking the properties shown by procexp.
Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
This reverts commit 78ebc62604d77600b9865950610717d28c6027a2.
Gnupg-bug-id: 2670
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 2670
|
| |
|
|
|
|
| |
* scd/app-openpgp.c (data_objects): Use unsigned ints.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* scd/ccid-driver.c (intr_cb): Only kick the loop for removal.
(bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* scd/app-openpgp.c (show_caps): Output more messages.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
"URL", "Private DO N" can be longer size >= 256.
(struct app_local_s): Define bits for v3 card.
(get_cached_data): Use extcap.max_special_do for special DOs.
(app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.
--
GnuPG-bug-id: 3262
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
failure.
--
Reported-by: Yuriy M. Kaminskiy <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
--
In addition, fix trailing spaces in tests/inittests.
GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <[email protected]>
|
