| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* scd/app.c (check_application_conflict): Get SLOT.
|
|
* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.
--
Signed-off-by: Daniel Hoffend <[email protected]>
GnuPG-bug-id: 2167
In Windows 8 (and later), PC/SC service only runs when reader/token is
plugged in. After its removal, it returns PCSC_E_NO_SERVICE error.
This error should be handled as no reader. This comment is by gniibe.
(backport of commit d1a97585c5e73fbc7d4cf90e38f76ffc5aea305f)
|
|
* scd/app.c (lock_table): Remove LAST_APP field.
(lock_reader, app_dump_state, application_notify_card_reset)
(release_application): Follow the change.
(check_conflict): New.
(check_application_conflict): Lock the slot and call check_conflict.
(select_application): Call check_conflict and not use LAST_APP.
--
We don't need LAST_APP field but just keep the application context by
APP field. Since we have a reference counter, it is possible if we
can deallocate or not.
(backport of commit 9639af5f16a7ed908cbce2415330b9fcd88edc90)
|
|
* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
got an error from apdu_disconnect.
* scd/app-common.h (no_reuse): Remove.
* scd/app.c (application_notify_card_reset): Deallocate APP here.
(select_application, release_application): Don't use NO_REUSE.
--
Reproducible scenario: Invoke gpg --card-edit session from a terminal.
Invoke another gpg --card-edit session from another. Remove a token.
Insert a token again. Type RET on both terminals. One of terminal
answers "Conflicting usage".
Perhaps, having NO_REUSE field was to avoid race conditions. Now,
APP can be safely deallocated by application_notify_card_reset.
Thanks to the2nd.
(backport of commit f42c50dbf00c2e6298ca6830cbe6d36805fa54a3)
|
|
* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
(ccid_transceive_apdu_level, ccid_transceive): Use.
--
It is reported that key generation causes timeout with OpenPGPcard
v2.1. Ideally, timeout value could be determined at run-time by
examining card's ATR. Compile-time fixed value is OK for internal
CCID driver.
(cherry-picked from 2.1 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa)
|
|
* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
for TPDU card reader.
--
(backport from 2.1 commit 5e1d2fe6555d06f9dcd2daac713b2edfbc0428a5)
GnuPG-bug-id: 2003, 2004
This is needed for PC/SC on Debian Jessie. Note that it's not only
for Cherry ST-2000, but also, for any TPDU card readers.
|
|
* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
template of APDU.
--
(backport from 2.1 commit 444e9232aa9e00aacd939cbf7bdb881b550dfebe)
GnuPG-bug-id: 2003, 2004
|
|
* scd/apdu.c (open_pcsc_reader_direct): Partial string match.
* scd/pcsc-wrapper.c (handle_open): Likewise.
--
(backport from 2.1 commit 01a2a61bc4b34817c4216888265f65d59a33dad3)
The card reader name by PC/SC service might include USB bus,
which varies (on some platform like GNU/Linux). Thus, it's
better to match partial string.
Original patch was submitted by anstein. I changed it to fallback to
the first reader if no match found.
GnuPG-bug-id: 1618, 1930
|
|
* scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
* scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
* scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard.
(struct ccid_driver_s): New field of max_ccid_msglen.
Remove ifsd field.
(parse_ccid_descriptor): Initialize max_ccid_msglen.
(ccid_transceive_apdu_level): Implement sending extended APDU in
chain of CCID message.
--
With this patch, we won't need PC/SC library/service any more.
GnuPG-bug-id: 1947
(backported from 2.1 commit 971d558e862db878a7310e06ed7116dbe36886ab)
|
|
* scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
(control_pcsc_wrapped): Ditto.
--
pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as
NULL.
Reported by Stack 0.3:
bug: anti-dce
model: |
control_pcsc.exit77:
%retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \
%pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ]
%tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728
br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728
stack:
- /home/wk/s/gnupg/scd/apdu.c:1882:0
ncore: 1
core:
- /home/wk/s/gnupg/scd/apdu.c:1309:0
- buffer overflow
(backported from 2.1 commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa)
|
|
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
This fixes sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.
(back ported from commit 2183683bd633818dd031b090b5530951de76f392)
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.
--
Variable 'rc' in send_escape_cmd was overwritten before it was
returned, leading to incorrect computation.
Signed-off-by: Joshua Rogers <[email protected]>
[Log entry reformatted - wk]
|
|
* scd/command.c (cmd_readkey): avoid double-free of cert
--
When ksba_cert_new() fails, cert will be double-freed.
Debian-Bug-Id: 773471
Original patch changed by wk to do the free only at leave.
|
|
* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.
--
Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.
Debian-Bug-Id: 773474
|
|
* scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
allow for larger certificates.
|
|
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
reader.
(GEMPC_CT30): New product id.
--
GnuPG-bug-id: 1638
Resolved conflicts:
scd/ccid-driver.h - Removed. product ids are in ccid-driver.c.
|
|
* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
libgcrypt >= 1.6.
(main): Ditto.
* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
(main): Ditto.
--
This is not anymore needed but kept for compatibility with Libgcrypt <
1.6.
|
|
--
GnuPG-bug-id: 1561
Note that this is not a complete solution. The libgpg-error include
directory has now a higher preference but ld may not pick up the right
library if another one is installed. The problem is that the -L
option and the -l options are not emitted separately by
gpg-error-config.
|
|
* scd/app.c (select_application): Skip serial number reading.
--
(cherry picked from commit 792e137ec7997a0ff5c54ff970611238d28d4ba8)
Resolved conflicts:
scd/app.c: Take care of already changed geldkarte/dinsig
order.
|
|
* scd/apdu.c (pcsc_vendor_specific_init): Add suggested parens.
* scd/ccid-driver.c (ccid_get_atr): Cast DEBUGOUT_1 arg to int.
|
|
* scd/apdu.c (check_pcsc_pinpad): Set default values here.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
values, as it's too late.
--
cherry picked from master.
|
|
* scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
those are specified.
(pcsc_pinpad_modify): Remove old check code.
--
cherry picked from master.
|
|
* scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.
--
cherry picked from master.
|
|
* scd/apdu.c (open_pcsc_reader_direct): Don't call
pcsc_vendor_specific_init here, but...
(connect_pcsc_card): Call it here.
--
Thanks to Martin Wolters for the bug report (backport from master).
|
|
* scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
Advance.
--
Cherry pick from master.
|
|
* scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
length.
--
GnuPG-bug-id: 1549
Cherry pick from master.
|
|
* scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
PINPAD_VERLEN_SUPPORTED.
(CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
PCSCv2_PART10_PROPERTY_*): New.
(new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
(pcsc_vendor_specific_init): New.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
pcsc_vendor_specific_init.
(check_pcsc_pinpad): Not detect here but use the result of
pcsc_vendor_specific_init.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.
--
(cherry picked from commit 95a3bffeaf07e8bf9487d4b165c336d166236fc1)
Signed-off-by: NIIBE Yutaka
--
|
|
* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.
--
Updates of original patch by wk:
- unsigned char *rsa_u, *rsa_dp, rsa_dq;
+ unsigned char *rsa_u, *rsa_dp, *rsa_dq;
and AUTHORS. Missing signed-off-by assumed due to DCO send the other
day.
(cherry picked from commit cc67918c088e90c1d9a507af5f6288e8faa93d87)
Solved conflicts:
AUTHORS => Removed
scd/app-openpgp.c => s/.rsa.format/.format/.
|
|
* scd/app-openpgp.c (parse_login_data): Release RELPTR. Fix parsing.
--
Signed-off-by: NIIBE Yutaka
|
|
* scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
and size of command.
--
Signed-off-by: NIIBE Yutaka
|
|
* scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
(SCARD_CTL_CODE): Define if not defined.
(reader_table_s): Add is_spr532.
(new_reader_slot): Clear it.
(check_pcsc_pinpad): Set it.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 5c5e52df4b92e23045ac87abac09357de58920d4)
|
|
* tools/gpgconf-comp.c (gc_options_scdaemon): Add
enable-pinpad-varlen.
* scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b)
|
|
* scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
--
For W32 and probably for Cygwin we don't need the wrapper, thus the
problems does not exhibit itself.
|
|
* common/gnupg.ico: New. Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.
Signed-off-by: Werner Koch <[email protected]>
|
|
* scd/ccid-driver.c (VENDOR_REINER, CYBERJACK_GO): New.
(ccid_transceive_secure): Handle the case for VENDOR_REINER.
Original work was by Alina Friedrichsen (tiny change).
--
This is revised version which adapts changes of ccid-driver.
|
|
--
This is required by newer mingw toolchain versions which demand that
winsock2.h is included before windows.h. Now, due to the use of
socket definitions in pth.h we need to include winsock2.h also in
pth.h, now pth.h is often included after an include of windows.h and
thus the compiler spits out a warning. To avoid that we include
winsock2.h at all places the compiler complains about.
|
|
* scd/scdaemon.c (opts): Ignore --disable-keypad.
--
The renaming of --disable-keypad to --disable-pinpad might mess up
configuration files managed with a GUI. The GUI does not not anymore
know about the old option and would allow the user to switch
"disable-pinpad" on. However, a "disable-keypad" might still linger
in the conf file with gpgconf not knowing about it. Thus the conf
file would always be rejected and manual intervention would be
required. Ignoring the old option nicely solves the problem.
|
|
* common/homedir.c (gnupg_module_name): It's now libexecdir.
* scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
(bin_PROGRAMS): Remove scdaemon.
|
|
* scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
PCSC_STATE_PRESENT.
* scd/pcsc-wrapper.c (handle_status): Ditto.
|
|
* scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
pcsc_dword_t.
|
|
* scd/command.c (update_reader_status_file): Add condition
ss->status == 0.
--
To reproduce the bug: (1) insert card,
(2) run "gpg2 --card-status",
(3) remove card, (4) invoke "gpg2 --card-edit",
(5) invoke some command like "verify"
The last step fails (but with no error message to user).
|
|
* scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word)
when a word was 16-bit.
(struct reader_table_s): Fixes for types.
(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
Throughout: Fixes for types.
* scd/pcsc-wrapper.c: Likewise.
--
Problem reported for 1.4.x by the issue 1358.
|
|
* scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
of maxlen for pinpad input is now 15 (was: 25).
* scd/ccid-driver.c (ccid_transceive_secure): Likewise.
--
For newer PC/SC, it is better to use FEATURE_GET_TLV_PROPERTIES to get
bMaxPINSize.
|
|
* scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
APDU.
--
This is still ad hoc change, but it's OK. Supporting full extended
APDU exchange level is not worth yet.
|
|
* NEWS: Mention scd changes.
* agent/divert-scd.c (getpin_cb): Change message.
* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.
* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.
* scd/iso7816.h (iso7816_check_pinpad): Rename.
* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.
* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.
* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.
* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.
* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
|
|
* scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
|
|
* apdu.h (apdu_send_simple_kp): Remove.
* apdu.c (apdu_send_simple_kp): Remove.
|
|
* scd/ccid-driver.c (ccid_vendor_specific_init): New.
(ccid_open_reader): Call ccid_vendor_specific_init.
|
|
* scd/app-openpgp.c (parse_login_data): Support P=N format.
|
