diff options
Diffstat (limited to 'scd')
| -rw-r--r-- | scd/ChangeLog | 5 | ||||
| -rw-r--r-- | scd/apdu.c | 3 | ||||
| -rw-r--r-- | scd/app-openpgp.c | 72 |
3 files changed, 45 insertions, 35 deletions
diff --git a/scd/ChangeLog b/scd/ChangeLog index b7dfda603..105b92583 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,8 @@ +2009-06-18 Werner Koch <[email protected]> + + * app-openpgp.c (verify_chv2): Remove special case for v2 cards. + (get_public_key): Use extended mode. + 2009-06-17 Werner Koch <[email protected]> * iso7816.c (iso7816_get_data): Add arg EXTENDED_MODE. Change all diff --git a/scd/apdu.c b/scd/apdu.c index c9fe43b2f..156c37eb8 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -671,6 +671,9 @@ readn (int fd, void *buf, size_t buflen, size_t *nread) while (nleft > 0) { #ifdef USE_GNU_PTH +# ifdef HAVE_W32_SYSTEM +# error Cannot use pth_read here because it expects a system HANDLE. +# endif n = pth_read (fd, buf, nleft); #else n = read (fd, buf, nleft); diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index f9ada2551..3f97d28cf 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1118,11 +1118,25 @@ get_public_key (app_t app, int keyno) if (app->card_version > 0x0100) { + int exmode, le_value; + /* We may simply read the public key out of these cards. */ + if (app->app_local->cardcap.ext_lc_le) + { + exmode = 1; /* Use extended length. */ + le_value = app->app_local->extcap.max_rsp_data; + } + else + { + exmode = 0; + le_value = 256; /* Use legacy value. */ + } + err = iso7816_read_public_key - (app->slot, 0, (const unsigned char*)(keyno == 0? "\xB6" : - keyno == 1? "\xB8" : "\xA4"), 2, - 0, + (app->slot, exmode, + (const unsigned char*)(keyno == 0? "\xB6" : + keyno == 1? "\xB8" : "\xA4"), 2, + le_value, &buffer, &buflen); if (err) { @@ -1579,43 +1593,31 @@ verify_chv2 (app_t app, char *pinvalue; if (app->did_chv2) - return 0; /* We already verified CHV2 (PW1 for v2 cards). */ + return 0; /* We already verified CHV2. */ - if (app->app_local->extcap.is_v2) - { - /* Version two cards don't have a CHV2 anymore. We need to - verify CHV1 (now called PW1) instead. */ - rc = verify_a_chv (app, pincb, pincb_arg, 1, 0, &pinvalue); - if (rc) - return rc; - app->did_chv2 = 1; - } - else - { - /* Version 1 cards only. */ - rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue); - if (rc) - return rc; - app->did_chv2 = 1; + rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue); + if (rc) + return rc; + app->did_chv2 = 1; - if (!app->did_chv1 && !app->force_chv1 && pinvalue) + if (!app->did_chv1 && !app->force_chv1 && pinvalue) + { + /* For convenience we verify CHV1 here too. We do this only if + the card is not configured to require a verification before + each CHV1 controlled operation (force_chv1) and if we are not + using the keypad (PINVALUE == NULL). */ + rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue)); + if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) + rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); + if (rc) { - /* For convenience we verify CHV1 here too. We do this only - if the card is not configured to require a verification - before each CHV1 controlled operation (force_chv1) and if - we are not using the keypad (PINVALUE == NULL). */ - rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue)); - if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) - rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); - if (rc) - { - log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc)); - flush_cache_after_error (app); - } - else - app->did_chv1 = 1; + log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc)); + flush_cache_after_error (app); } + else + app->did_chv1 = 1; } + xfree (pinvalue); return rc; |