| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
* g10/sign.c (update_keysig_packet): Use digest_algo.
|
| |
|
|
|
|
|
|
| |
* g10/pkclist.c (build_pk_list): Print two diagnostics only in
non-quiet mode.
--
(back-ported from commit 8325d616593187ff227853de0295e3269b96edcb)
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* jnlib/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--
This option is currently of no use. However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG. For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option". To avoid that the following line can be put
above that option in gpg.conf
ignore-invalid-option foobar
This meta option may be given several times or several option names
may be given as arguments (space delimited). Note that this option is
not available on the command line.
(cherry-picked from commit 41d564333d35c923f473aa90625d91f8fe18cd0b)
|
| |
|
|
|
| |
* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
have SRV support in the first place.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Check for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
each target. Once we find one that resolves to an address (whether
IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
SRV name as the "host". Force the HTTP Host header to be the same.
|
| |
|
|
|
|
| |
* common/http.c (send_request, connect_server): Set proper Host header
(no :port, host is that of the SRV) when SRV is used in the
curl-shim.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (send_request, connect_server, http_open): Use a
struct srv instead of a single srvtag so we can pass the chosen host
and port back to the caller.
(connect_server): Use the proper port in the HAVE_GETADDRINFO case.
* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
chosen host and port.
* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.
|
| |
|
|
| |
* scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (pcsc_no_service): Remove.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
pcsc_no_service support.
(apdu_open_reader): Remove R_NO_SERVICE.
* scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
* scd/command.c (reader_disabled): Remove.
(get_reader_slot): Follow the change of R_NO_SERVICE.
(open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
support.
* scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
--
Daemon should handle all possible cases. Even if such a difficult
case like reader_disabled, it should not exit.
|
| |
|
|
|
|
|
|
|
|
| |
* scd/command.c (update_reader_status_file): Don't call
get_reader_slot.
--
This fix has a impact that the insertion of a card reader will not be
detected upon the insertion, but will be deferred until user tries to
access his card.
|
| | |
|
| |
|
|
|
|
| |
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
full fingerprints from the keyserver (the comment in the code was
correct, the code was not).
|
| |
|
|
|
|
|
|
|
|
| |
* g10/misc.c (map_pk_openpgp_to_gcry): New.
* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
--
Although we don't have support for ECC, we want to print a proper
algorithm name in keyserver listings. This will only work while using
a ECC enabled Libgcrypt. Problem reported by Kristian Fiskerstrand.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data
* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.
--
Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* findkey.c (agent_public_key_from_file): Fix use of
gcry_sexp_build_array.
--
A test case leading to a segv in Libgcrypt is
gpg-connect-agent \
"READKEY 9277C5875C8AFFCB727661C18BE4E0A0DEED9260" /bye
The keygrip was created by "monkeysphere s", which has a comment.
gcry_sexp_build_array expects pointers to the arguments which is quite
surprising. Probably ARG_NEXT was accidentally implemented wrongly.
Anyway, we can't do anything about it and thus need to fix the check
the users of this function.
Some-comments-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* scd/apdu.c (PCSC_E_NO_SERVICE): New.
(open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
(open_pcsc_reader_wrapped): Set pcsc_no_service.
|
| |
|
|
| |
* po/fr.po: Update.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
agent/genkey.c: s/to to/to/
sm/*.c: s/failed to allocated/failed to allocate/
sm/certlist.c: s/should have not/should not have/
Consistency fix:
* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
|
| | |
|
| |
|
|
| |
* po/Makefile.in.in: Use --previous with msgmerge.
|
| |
|
|
| |
* scd/ccid-driver.c (ccid_transceive_secure): Handle VENDOR_FSIJ.
|
| |
|
|
|
| |
* scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means
SW_HOST_NO_READER.
|
| |
|
|
| |
* scd/comman.c (do_reset): Let clear card_removed flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (new_reader_slot): Acquire lock.
(open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, open_rapdu_reader): Release lock.
--
Fixes a test case of:
No libpcsclite1 installed.
Run gpg-agent
Run command "gpg-connect-agent learn /bye" with no card/token
Sometimes it fails: ERR 100663356 Not supported <SCD>
While it should be always: ERR 100663404 Card error <SCD>
|
| |
|
|
|
|
|
| |
* scd/apdu.c (lock_slot, trylock_slot, unlock_slot): Move.
--
This is for upcoming changes.
|
| |
|
|
| |
* scd/iso7816.c (iso7816_reset_retry_counter): Implement.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (select_application): Reorder application tests.
--
Although the DINSIG application is available on most German cards, it
is in reality not used. Thus showing the Geldkarte application is
more desirable for a good user experience.
Conflicts:
scd/app.c
|
| |
|
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_connect): Do not test for zero atrlen.
--
When gpg-agent prompts for insertion of a card this error would be
returned.
Co-authored-by: Ben Kibbey <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
(open_ccid_reader): Use ccid_keypad_operation for verify and modify.
* scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
(ccid_transceive_apdu_level): Permit sending packet where
apdulen <= 289. Support receiving packets in a chain.
(ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.
|
| |
|
|
|
| |
* scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
(pcsc_keypad_modify): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.
* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on. use_keypad only makes sense for
iso7816_change_reference_data_kp.
* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
|
| |
|
|
|
| |
* app-openpgp.c (do_change_pin): Fix pincb messages when
use_keypad == 1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* iso7816.h (iso7816_change_reference_data_kp): Remove arguments
of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN.
* iso7816.c (iso7816_change_reference_data_kp): Call
apdu_keypad_modify.
(iso7816_change_reference_data): Don't call
iso7816_change_reference_data_kp.
* apdu.h (apdu_keypad_modify): New.
* apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New.
(struct reader_table_s): New memeber function keypad_modify.
(new_reader_slot, open_ct_reader, open_ccid_reader)
(open_rapdu_reader): Initialize keypad_modify.
* app-openpgp.c (do_change_pin): Handle keypad and call
iso7816_change_reference_data_kp if it is the case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN.
* iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only
handle thecase with PININFO.
(iso7816_verify): Call apdu_send_simple.
* app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of
iso7816_verify_kp.
* app-nks.c (verify_pin): Likewise.
* app-dinsig.c (verify_pin): Likewise.
* apdu.c: Include "iso7816.h".
(struct reader_table_s): New memeber function keypad_verify.
Add fields verify_ioctl and modify_ioctl in pcsc.
(CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT)
(FEATURE_MODIFY_PIN_DIRECT): New.
(pcsc_control): New.
(control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
(check_pcsc_keypad, pcsc_keypad_verify): New.
(ccid_keypad_verify, apdu_keypad_verify): New.
(new_reader_slot): Initialize with check_pcsc_keypad,
pcsc_keypad_verify, verify_ioctl and modify_ioctl.
(open_ct_reader): Initialize keypad_verify with NULL.
(open_ccid_reader): Initialize keypad_verify.
(open_rapdu_reader): Initialize keypad_verify with NULL.
(apdu_open_reader): Initialize pcsc_control.
* pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control.
(handle_control): New.
(main): Handle the case 6 of handle_control.
|
| |
|
|
|
| |
--
Finally Jim's git-fix-log thingy comes handy.
|
| |
|
|
|
|
| |
* scd/apdu.c (open_pcsc_reader_wrapped): Show error number.
* scd/command.c (get_reader_slot): Return -1 on error.
|
| |
|
|
| |
* scd/command.c (do_reset): Assign slot after setting slot_table.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (update_card_removed): Do no act on an invalid VRDR.
(do_reset): Ignore apdu_reset error codes for no and inactive card.
Close the reader before setting the slot to -1.
(update_reader_status_file): Notify the application before closing the
reader.
--
With this change the scd now works as it did in the past. In
particular there is no more endless loop trying to open the reader by
the update_reader_status_file ticker function. That bug basically
blocked all card operations until the scdaemon was killed.
|
| |
|
|
| |
* scd/command.c (cmd_serialno): Retry once for an inactive card.
|
| |
|
|
|
|
|
| |
* scd/apdu.c (apdu_connect): Return status codes for no card available
and inactive card.
* scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
(open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
(SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
(parse_ccid_descriptor): Use them.
(scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
ST-2000. Suggested by Matthias-Christian Ott.
Conflicts:
scd/ccid-driver.c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not a part of pin pad support series of mine.
As I found the bug while I am preparing the patches, I report this.
As CCID protocol is little endian, wLangId of US English = 0x0409
is represented as two bytes of 0x09 then 0x04.
It is really confusing that the code like following is floating
around:
pin_verify -> wLangId = HOST_TO_CCID_16(0x0904);
But, it is 0x0409 (not 0x0904). It is defined in the documentation:
http://www.usb.org/developers/docs/USB_LANGIDs.pdf
and origin of this table is Microsoft. We can see it at:
http://msdn.microsoft.com/en-us/library/bb165625%28VS.80%29.aspx
Yes, it would be better not to hard-code 0x0409. It would be better
to try current locale of the user, or to use the first entry of string
descriptor. I don't have time to implement such a thing...
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace gcry_md_start_debug by gcry_md_debug in all files.
* agent/gpg-agent.c (fixed_gcry_pth_init): Use only if
GCRY_THREAD_OPTION_VERSION is 0
* scd/scdaemon.c (fixed_gcry_pth_init): Ditto.
--
Libgcrypt 1.6 will have some minor API changes. In particular some
deprecated macros and functions will be removed. PTH will also be
dropped in favor of a thread model neutral locking method.
|
| |
|
|
| |
* g10/keylist.c (list_keyblock_colon): Print digest_algo.
|
| |
|
|
|
|
|
|
|
| |
* common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES.
--
In general this is not required because automake does this for files
in BUILT_SOURCES anyway. However, having them in CLEANFILES is wrong.
This is bug#1398.
|
| |
|
|
|
| |
* scripts/git-log-footer: Add more years; we actually published the
first code in 1997.
|
