| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label.
--
Some versions of the CardOS personalisation software seem to store a
missing labels as zero-length object instead of not storing the object
at all.
Due to a lack of such a card this patch has not been tested.
|
|
* scd/scdaemon.c (handle_connections) [W32]: Do not continue the loop
when an event was encountered.
--
Here the event handle is passed to npth_eselect so that this function
can detect the event and reset the event. There is no need to consume
this information here. However, npth_select might also got a ready
file descriptor along with the event and by doing a "continue" we
would miss the ready state of the file descriptor. The fix is to do
nothing here, similar to what we do in gpg-agent.
Fixes-commit: f9acc7d18bb90f47dafe7e32ae92f567756d6b12
GnuPG-bug-id: 2982
(cherry picked from commit a7ec3792c5d1891180265c946bc021cd8a205e54)
|
|
* scd/app.c (new_card_lock): New.
(select_application): Scanning is serialized by NEW_CARD_LOCK.
For app_new_register, we hold the W-lock.
(initialize_module): Initialize NEW_CARD_LOCK.
--
GnuPG-bug-id: 7402
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-dinsig.c (do_readcert): Don't return directly but care about
releasing memory.
* scd/app-nks.c (readcert_from_ef): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (send_card_and_app_list): Only handle the case with
WANTCARD=NULL.
(app_send_card_list): Follow the change.
(app_send_active_apps): Factor out the case with WANTCARD!=NULL.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (send_card_and_app_list): Avoid locking recursively.
--
Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (send_card_and_app_list): Lock the CARD.
--
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c: Include <unistd.h>.
--
Reported-by: David Bohman
GnuPG-bug-id: 7193
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 1d5cfa9b7fd22e1c46eeed5fa9fed2af6f81d34f)
|
|
* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
specific condition.
--
Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
|
|
* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
(card_list_signal): Only when watchers wait, kick by write(2).
(card_list_wait): Increment/decrement notify_watchers field.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--
Example:
$ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
D Magrathea
OK
|
|
* scd/command.c (cmd_getinfo): Add subcommand. Always init CTRL for
simplicity.
--
A state dump looks like
app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
app_dump_state: app=0x00007f1b38018100 type='openpgp'
app_dump_state: app=0x00007f1b3800cb70 type='piv'
app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
app_dump_state: app=0x00007f1b38016fc0 type='openpgp'
and can also be triggered by a SIGUSR1. This explicit command allows
to dump the state also on Windows. Use for example
gpg-connect-agent 'scd getinfo dump_state' /bye
|
|
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit b3f1f2cd192b71f2c19ec6f871ece0c175d46db0)
|
|
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit d98521b934ec6a5abb0ad18e39a26009a8806c52)
|
|
* scd/app.c (card_list_signal): Use pipe on POSIX system, event on
Windows.
(card_list_wait): Detect input change as well as card list event
change.
(app_send_devinfo): Finish the command on input close.
(initialize_module_command): Initialize pipe or event.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 36d8cffc6cd2838e7cb439c566fdd2b3dd076c15)
|
|
* scd/scdaemon.c (scd_init_event): New.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 9aa6faaf10cf6739b0ddf5b42b6181a5c2a0000c)
|
|
* scd/scdaemon.c (start_connection_thread): Recover call of
scd_command_handler.
--
GnuPG-bug-id: 7160
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 9bc3f2ad52ce527a3eb1a713eef3268affa0697e)
|
|
* scd/scdaemon.h (scd_command_handler): Fix the return type.
* scd/command.c (scd_command_handler): Not return a value.
* scd/scdaemon.c (pipe_server): Make it auto variable in main.
(main): Use auto PIPE_SERVER variable.
(start_connection_thread): When it's a pipe connection and it
finishes, let the service shutdown.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 01fa318be0f8ca60c78d99403fbfb75edb521b16)
|
|
* scd/apdu.c (apdu_dev_list_start): Fix end condition.
--
Signed-off-by: Jakub Jelen <[email protected]>
This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f899915a039610973a84042cbe25a5e7ce2
(cherry picked from commit 4c1b0070354db0b9b0516d9e5453e47fc03a0aac)
|
|
--
|
|
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.
--
Cherry-pick master commit of:
35ef87d8d9db42c3077996317781986a692552cc
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/ccid-driver.c (my_npth_unprotect, my_npth_protect): New.
Replace all direct uses by these wrappers.
|
|
* scd/ccid-driver.h (VENDOR_ACR, ACR_122U): New.
* scd/ccid-driver.c (ccid_open_usb_reader): Do not call
libsub_set_interface_alt_setting for this reader.
--
Co-authored-by: [email protected]
|
|
* scd/ccid-driver.c (ccid_open_usb_reader): Call
libusb_set_auto_detach_kernel_driver.
* scd/scdaemon.c (oCompatibilityFlags): New.
(opts): Add option "compatibility-flags".
(compatibility_flags): New.
(main): Parse flags.
* scd/scdaemon.h (opt): Add field compat_flags.
(COMPAT_CCID_NO_AUTO_DETACH): New.
|
|
|
|
* scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC
cards.
(do_decipher): Ditto.
|
|
* scd/app-p15.c (do_getattr): Yet another palce to fix.
--
GnuPG-bug-id: 7000
Co-authored-by: Mario Haustein <[email protected]>
|
|
* scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter.
(objid_in_cdflist_p): New.
(read_p15_info): Clear the counter.
(read_ef_cdf): Detect and fix duplicate IDs.
--
GnuPG-bug-id: 7001
Reported-by: Mario Haustein <[email protected]>
|
|
* scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'.
(do_auth): Allow usageflags.sign_recover.
(do_decipher): Allow usageflags.derive.
(do_with_keygrip): Take usageflags.derive into account.
(do_gettatr): Ditto.
(do_decipher): Take a missing AODF for authentication not needed.
--
This is required for D-Trust ECC cards.
The AODF thing is unrelated but seems to be a good idea.
GnuPG-bug-id: 7000
|
|
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b
scd:openpgp: Allow PIN length of 6 also with a reset code.
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
|
|
--
Reported-by: Andreas Metzler <[email protected]>
|
|
* scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION
product.
--
The code for the Starcos cards has been implemented according to the
3.52 manual However, this does not work with my test cards. Protocol
analysis shows that decryption can be used for the cryptovision
product. Thus we do it the same for now.
|
|
* scd/app-p15.c (CARD_PRODUCT_CVISION): New.
(IS_STARCOS_3): New.
(read_p15_info): Detect this product.
(prepare_verify_pin): Add special handling for this product.
(do_decipher): Use dedicated MSE for Starcos 3 cards.
--
To check the verification run
gpg-card verify User_PIN
For our test cards the "Benutzer-PIN" must be given. For decryption
tests gpgsm can be used; --always-trust helps to avoid chain issues.
|
|
* scd/app-common.h (CARDTYPE_SCE7): New.
* scd/app.c (strcardtype): Support it.
(atr_to_cardtype): New.
(app_new_register): Try to get the cardtype from atr_to_cardtype.
* scd/app-piv.c (app_select_piv): Tweak for SCE7. Add general method
to construct a S/N from the Card UUID.
--
The test cards I have are rsa2048 with X.509 certificates. I don't
have the entire chain but loading the certificates work. For testing
I created an OpenPGP key from the keys and tested signing and
decryption.
GnuPG-bug-id: 6919
|
|
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length
is longer than MINLEN.
--
GnuPG-bug-id: 6843
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-p15.c (do_sign): Add a diagnostic.
|
|
* scd/app-p15.c (CARD_PRODUCT_DTRUST4) New.
(app_select_p15): This cards uses a different AID for PKCS#15
application
(do_sign): The card doesn't support MSE SET, but requires MSE RESTORE to
a predefined template.
(do_decipher): Ditto.
|
|
* scd/app-p15.c (CARD_TYPE_CARDOS_54): New.
|
|
* scd/app-openpgp.c (ecc_writekey): Use default ECDH parameters and
remove the now useless check.
--
This seems to be better than bailing out. In almost all cases our
standard parameters are used and if not, well, the fingerprint will be
wrong.
GnuPG-bug-id: 6378
|
|
* scd/scdaemon.c (oDebugAllowPINLogging): New.
(opts): Add option.
(main): Set option.
* scd/scdaemon.h (opt): Add debug_allow_pin_logging.
* scd/apdu.c (pcsc_send_apdu): Do not hide the PIN dat in the debug
output if the option is set.
(send_apdu_ccid): Ditto.
--
This option is only required during development.
|
|
* scd/app-p15.c (CARD_TYPE_STARCOS_32): New.
(card_atr_list): Add ATR for my sample card.
(cardtype2str): Add starcos string.
(select_ef_by_path): Factor all code out to ...
(select_by_path): this. Add arg to request a directory. Simplify the
case pathlen>1 case. Fix error printing.
(select_df_by_path): New.
(prepare_verify_pin): For starcos select a DF.
(app_select_p15): Don't use extended mode for starcos.
--
This allows reading the certificates from my sample cards. Signing
does not yet work; I need to do get some I/O traces using other
software. The basic support for AET cards shut still work but I have
not found my AET card.
|
|
* scd/apdu.c (send_le): Do not dump "[all zero]" if tehre is no data.
* scd/iso7816.c (iso7816_select_mf): Cosmetic fix.
|
|
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use
GPG_ERR_PIN_BLOCKED.
(check_pin): Likewise.
--
Cherry-pick from master commit:
e6b3d53db36dba8aef640fc0a99cc079551a965a
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.
* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo. Also simply condition.
(agent_get_passphrase): Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
|
|
* scd/app-p15.c (CARD_PRODUCT_NEXUS): New.
(read_p15_info): Detect Nexus cards.
(get_dispserialno): Use product_id instead of comparing the
manufacturer_id.
(do_sign): Handle Nexus like BELPIC.
|
|
* scd/app-piv.c (auth_adm_key): Fix the value of the Response Tag.
(do_setattr): Fix the comment.
--
Cherry-pick master commit of:
7cfbf0dd72d8d5c14fbf19c13722d153bd1cbd70
Reported-by: Heiko Schäfer <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--
This avoids the use of the VirtualStore uner Windows.
GnuPG-bug-id: 6503
|
