| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* scd/app.c (new_card_lock): New.
(select_application): Scanning is serialized by NEW_CARD_LOCK.
For app_new_register, we hold the W-lock.
(initialize_module): Initialize NEW_CARD_LOCK.
--
GnuPG-bug-id: 7402
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (send_card_and_app_list): Only handle the case with
WANTCARD=NULL.
(app_send_card_list): Follow the change.
(app_send_active_apps): Factor out the case with WANTCARD!=NULL.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-dinsig.c (do_readcert): Don't return directly but care about
releasing memory.
* scd/app-nks.c (readcert_from_ef): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (send_card_and_app_list): Avoid locking recursively.
--
Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (send_card_and_app_list): Lock the CARD.
--
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/util.h (openpgp_curve_to_oid): Add new argument to select OID
by OpenPGP version.
* common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning
selected OID for Curve25519.
* common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change,
selecting by the version.
* g10/export.c (match_curve_skey_pk): Likewise.
(transfer_format_to_openpgp): Likewise.
* g10/gpg.c (list_config): Likewise, print new OID.
* g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version.
* sm/encrypt.c (ecdh_encrypt): Likewise, don't care.
* sm/minip12.c (build_ecc_key_sequence): Likewise, new OID.
* scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't
care.
(ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise,
old OID.
--
GnuPG-bug-id: 7316
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sexputil.c (pubkey_algo_string): Use
openpgp_oid_or_name_to_curve.
* g10/card-util.c (current_card_status, ask_card_keyattr): Likewise.
* scd/app-piv.c (writekey_ecc): Likewise.
* sm/fingerprint.c (gpgsm_get_key_algo_info): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
specific condition.
--
Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
|
|
* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
(card_list_signal): Only when watchers wait, kick by write(2).
(card_list_wait): Increment/decrement notify_watchers field.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (report_change): It's ASCII or multi-byte encoded string.
It's gpgrt's spawn function which converts it to wide char string
internally if needed.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (report_change): Set up GNUPGHOME.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--
Example:
$ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
D Magrathea
OK
|
|
* scd/command.c (cmd_getinfo): Add subcommand. Always init CTRL for
simplicity.
--
A state dump looks like
app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
app_dump_state: app=0x00007f1b38018100 type='openpgp'
app_dump_state: app=0x00007f1b3800cb70 type='piv'
app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
app_dump_state: app=0x00007f1b38016fc0 type='openpgp'
and can also be triggered by a SIGUSR1. This explicit command allows
to dump the state also on Windows. Use for example
gpg-connect-agent 'scd getinfo dump_state' /bye
|
|
* scd/app-p15.c (do_sign): Free allocated memory on error.
--
GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <[email protected]>
|
|
* agent/gpg-agent.c (handle_connections): It's for POSIX.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/app.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
tpm2d/tpm2daemon.c (handle_connections): Ditto.
* tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH.
(do_inbound_pipe): Use GNUPG_PIPE_INBOUND.
(do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND.
* common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound.
(_gpg_decrypt): Likewise.
* common/exechelp-posix.c (gnupg_create_pipe): Add an argument.
* common/exechelp-w32.c (create_pipe_and_estream): Care about
how PIPE handles are inherited to child process.
(gnupg_create_pipe): Add an argument.
* common/exechelp.h: Add enum values.
--
Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c: Include <unistd.h>.
--
Reported-by: David Bohman
GnuPG-bug-id: 7193
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app.c (card_list_signal): Use pipe on POSIX system, event on
Windows.
(card_list_wait): Detect input change as well as card list event
change.
(app_send_devinfo): Finish the command on input close.
(initialize_module_command): Initialize pipe or event.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/scdaemon.c (scd_init_event): New.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/scdaemon.c (start_connection_thread): Recover call of
scd_command_handler.
--
GnuPG-bug-id: 7160
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/scdaemon.h (scd_command_handler): Fix the return type.
* scd/command.c (scd_command_handler): Not return a value.
* scd/scdaemon.c (pipe_server): Make it auto variable in main.
(main): Use auto PIPE_SERVER variable.
(start_connection_thread): When it's a pipe connection and it
finishes, let the service shutdown.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
|
|
* common/exechelp-posix.c (call_spawn_cb): Remove.
(gnupg_spawn_actions_new, gnupg_spawn_actions_release)
(gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork)
(gnupg_spawn_actions_set_redirect)
(gnupg_spawn_actions_set_inherit_fds): New.
(my_exec, spawn_detached): Use spawn actions.
(gnupg_spawn_helper): Remove.
(gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions.
* common/exechelp-w32.c: Ditto.
* common/exechelp.h: Ditto.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change of
gnupg_process_spawn API.
* common/asshelp.c (start_new_service): Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* common/t-exechelp.c (test_pipe_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Likewise.
* scd/app.c (report_change): Likewise.
* tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd):
Likewise.
* tools/gpg-card.c (cmd_gpg): Likewise.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise.
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/apdu.c (apdu_dev_list_start): Fix end condition.
--
Signed-off-by: Jakub Jelen <[email protected]>
This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f899915a039610973a84042cbe25a5e7ce2
|
|
--
|
|
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.
--
Cherry-pick master commit of:
35ef87d8d9db42c3077996317781986a692552cc
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-piv.c (data_objects): Mark returned key as having a keypair.
(do_with_keygrip): Check against encrusage and not used one tag.
* tools/gpg-card.c (piv_keyref_is_retired): New.
(list_all_kinfo): Pretty print retired keys.
--
This allows to list all existing retired keys without using separate
readkey commands.
|
|
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.
--
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-openpgp.c (data_objects): These are constructed objects.
--
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
|
|
* scd/ccid-driver.c (my_npth_unprotect, my_npth_protect): New.
Replace all direct uses by these wrappers.
|
|
* scd/ccid-driver.h (VENDOR_ACR, ACR_122U): New.
* scd/ccid-driver.c (ccid_open_usb_reader): Do not call
libsub_set_interface_alt_setting for this reader.
--
Co-authored-by: [email protected]
|
|
* scd/ccid-driver.c (ccid_open_usb_reader): Call
libusb_set_auto_detach_kernel_driver.
* scd/scdaemon.c (oCompatibilityFlags): New.
(opts): Add option "compatibility-flags".
(compatibility_flags): New.
(main): Parse flags.
* scd/scdaemon.h (opt): Add field compat_flags.
(COMPAT_CCID_NO_AUTO_DETACH): New.
|
|
|
|
* scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC
cards.
(do_decipher): Ditto.
|
|
* scd/app-p15.c (do_getattr): Yet another palce to fix.
--
GnuPG-bug-id: 7000
Co-authored-by: Mario Haustein <[email protected]>
|
|
* scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter.
(objid_in_cdflist_p): New.
(read_p15_info): Clear the counter.
(read_ef_cdf): Detect and fix duplicate IDs.
--
GnuPG-bug-id: 7001
Reported-by: Mario Haustein <[email protected]>
|
|
* scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'.
(do_auth): Allow usageflags.sign_recover.
(do_decipher): Allow usageflags.derive.
(do_with_keygrip): Take usageflags.derive into account.
(do_gettatr): Ditto.
(do_decipher): Take a missing AODF for authentication not needed.
--
This is required for D-Trust ECC cards.
The AODF thing is unrelated but seems to be a good idea.
GnuPG-bug-id: 7000
|
|
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b
scd:openpgp: Allow PIN length of 6 also with a reset code.
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
|
|
--
Reported-by: Andreas Metzler <[email protected]>
|
|
* scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION
product.
--
The code for the Starcos cards has been implemented according to the
3.52 manual However, this does not work with my test cards. Protocol
analysis shows that decryption can be used for the cryptovision
product. Thus we do it the same for now.
|
|
* scd/app-p15.c (CARD_PRODUCT_CVISION): New.
(IS_STARCOS_3): New.
(read_p15_info): Detect this product.
(prepare_verify_pin): Add special handling for this product.
(do_decipher): Use dedicated MSE for Starcos 3 cards.
--
To check the verification run
gpg-card verify User_PIN
For our test cards the "Benutzer-PIN" must be given. For decryption
tests gpgsm can be used; --always-trust helps to avoid chain issues.
|
|
* scd/app-common.h (CARDTYPE_SCE7): New.
* scd/app.c (strcardtype): Support it.
(atr_to_cardtype): New.
(app_new_register): Try to get the cardtype from atr_to_cardtype.
* scd/app-piv.c (app_select_piv): Tweak for SCE7. Add general method
to construct a S/N from the Card UUID.
--
The test cards I have are rsa2048 with X.509 certificates. I don't
have the entire chain but loading the certificates work. For testing
I created an OpenPGP key from the keys and tested signing and
decryption.
GnuPG-bug-id: 6919
|
|
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length
is longer than MINLEN.
--
GnuPG-bug-id: 6843
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* scd/app-p15.c (do_sign): Add a diagnostic.
|
|
* scd/app-p15.c (CARD_PRODUCT_DTRUST4) New.
(app_select_p15): This cards uses a different AID for PKCS#15
application
(do_sign): The card doesn't support MSE SET, but requires MSE RESTORE to
a predefined template.
(do_decipher): Ditto.
|
|
* scd/app-p15.c (CARD_TYPE_CARDOS_54): New.
|
