aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd: Support OpenPGP card V3 for RSA.NIIBE Yutaka2016-11-301-23/+34
| | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and max_rsp_data fields as Extended Capabilities bits are different. (get_cached_data) Use extcap.max_certlen_3. (get_one_do): Don't use exmode=1. (determine_rsa_response): New. (get_public_key, do_genkey): Call determine_rsa_response. (do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data. (do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data. (do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8. (show_caps): Remove max_cmd_data and max_rsp_data. (app_select_openpgp): Likewise. -- Backport of master commit: b89e63e5c326af71470124b410e6429cbd2b5c43 OpenPGP card V3 had introduced incompatible change in Extended Capabilities bits. We can work around by this change by not using those bits. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix receive buffer size.NIIBE Yutaka2016-11-301-2/+3
| | | | | | | | | | | | | | * scd/apdu.c (send_le): Fix the size, adding two for status bytes to Le. -- Backport of master commit: 5c2db9dedfe9dbb14ffec24751ca23a69cead94e This is long standing bug. So far, Le was not exact value. Since forthcoming change will introduce exact value of expected length of response data, this change is needed. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't limit to ST-2xxx for PC/SC.NIIBE Yutaka2016-11-301-1/+5
| | | | | | | | | | | | * scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID. -- Backport of master commit: b6066ab18a67195817babaf9eccf896c2b3c7b0e Some other products by Cherry works with pinpad, although it only works for smaller keys (RSA 1024). TPDU support is good for larger keys. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix status info encoding.NIIBE Yutaka2016-11-301-1/+2
| | | | | | | | | | * scd/command.c (send_status_info): Do percent plus encoding correctly. -- Backport of master commit: 4ee4d0b02172cf56d9582bb99e32a65c75315b25 Reported-by: David Härdeman <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: minor cleanup to merge other works.NIIBE Yutaka2016-11-303-42/+35
| | | | | | | | | | | * scd/iso7816.c (do_generate_keypair): Use const char * for DATA. (iso7816_generate_keypair, iso7816_read_public_key): Likewise. * scd/app-openpgp.c (get_public_key): Follow the change. (do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT. -- Backport of master commit: f1845f25dbea79c191427710fa56ed01e63a045b Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix an action after card removal.NIIBE Yutaka2016-11-301-4/+2
| | | | | | | | | | | | | | | | | | * scd/command.c (update_card_removed): Call apdu_close_reader here. -- Backport of master commit: f9e49c80e706a27d5e30d4b3237ff26367a67130 This is update of the commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 It is better apdu_close_reader is called in update_card_removed. The commit 1598a4476466822e7e9c757ac471089d3db4b545 introduced a regression, it doesn't close the reader after removal of the card, while the code before the commit call apdu_close_reader in do_reset. So, this fix. GnuPG-bug-id: 2449 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Release the card reader after card removal.NIIBE Yutaka2016-11-301-1/+4
| | | | | | | | | | * scd/command.c (update_reader_status_file): Call apdu_close_reader. -- Backport of master commit: 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 GnuPG-bug-id: 2651 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clean up unused shutdown method.NIIBE Yutaka2016-11-303-103/+0
| | | | | | | | | | | * scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove. (reset_ccid_reader): Don't set shutdown_reader. * scd/ccid-driver.c (ccid_shutdown_reader): Remove. -- Backport of master commit: d1ae7103352fbda2a05f098379cd3043a0ab5566 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix card removal/reset on multiple contexts.NIIBE Yutaka2016-11-292-37/+44
| | | | | | | | | | | | | | | | * scd/app.c (application_notify_card_reset): Add message for debug. *scd/command.c (update_card_removed): Call release_application and set SLOT -1 here. (struct server_local_s): Remove app_ctx_marked_for_release. (do_reset): Don't mark release but call release_application here. (open_card): Remove app_ctx_marked_for_release handling. (update_reader_status_file): Don't set SLOT here, so that it can be released the APP by application_notify_card_reset in update_card_removed. -- Backport of master commit: 1598a4476466822e7e9c757ac471089d3db4b545 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix race conditions for release_application.NIIBE Yutaka2016-11-291-4/+6
| | | | | | | | | | | | * scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling release_application. -- Backport of master commit: 0c1fd4e9884ed7c1edd1819762b9e8a77f606ed3 Thanks to Ben Warren for the report. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make option --homedir work.Werner Koch2016-11-291-0/+1
| | | | | | | | | | | * scd/scdaemon.c (opts): Add --homedir. -- Backport of master commit: def512eb67c8a380f3b873cee0f156deef0b6dda Without that entry the homedir setting won't work. GnuPG-bug-id: 2386 Signed-off-by: Werner Koch <[email protected]>
* scd: More fix of error return path.NIIBE Yutaka2016-11-291-2/+2
| | | | | | | | | | | * scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of apdu_connect. -- Backport of master commit: 6677d8b61446eb5760a30a2488c992d6e895a9ed GnuPG-bug-id: 2306 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Improve error handling.Justus Winter2016-11-291-1/+1
| | | | | | | | | | * scd/app-openpgp.c (get_public_key): Improve error handling. -- Backport master commit: 6a37b45a7f13cf5d2ae7d6c9cd796a4bd197b80d Found using the Clang Static Analyzer. Signed-off-by: Justus Winter <[email protected]>
* scd: Fix error handling with libusb-compat library.NIIBE Yutaka2016-11-291-7/+12
| | | | | | | | | | | * scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE. -- With libusb-compat library, the error is different than original libusb. (The libusb-compat library is used by Fedora.) Backport of master commit: 1e94a672efb8bf66f416bc63bf6670e509a21fe5
* scd: Handle error correctly.NIIBE Yutaka2016-11-291-5/+5
| | | | | | | | * scd/apdu.c (apdu_connect): Initialize variables and check an error of apdu_get_status_internal. -- Backport from master commit: 6bb7206e357acfd7276a8f1334c0f0c9cc6ed100
* scd: KEYNO cleanup.NIIBE Yutaka2016-11-291-30/+33
| | | | | | | | | | * scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey) (change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey) (compare_fingerprint, check_against_given_fingerprint): KEYNO starts from 0. -- Backport of master commit: fd689e85423d0d80d725f0315c52d94f0e9766f8
* scd: Use cipher.h for constants.NIIBE Yutaka2016-11-292-7/+9
| | | | | | | * scd/app-openpgp.c: Include cipher.h. -- Backport from master commit:f5d356fb5bbbd0e05a753612455253e4bc335266
* scd: Reset nonnull_nad to zero for VENDOR_GEMPC.Niibe Yutaka2016-06-191-1/+1
| | | | | | | | | | | | | | | | * (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device. -- We can't use the driver for 08E6:3438, while it works well under PC/SC service. I found that the library of ccid always uses the node address = ZERO for all transactions. So, we extend the same handling for not only GEMPC_CT30, but also for all its devices. Debian-bug-id: 814584 Signed-off-by: NIIBE Yutaka <[email protected]> (backport form master commit 971064f8b7ad676326b2a468f688037a303717df)
* scd: Fix commit 9a9bfd77.NIIBE Yutaka2015-12-151-0/+1
| | | | * scd/app.c (check_application_conflict): Get SLOT.
* scd: Fix removal of unplugged usb readers on Windows.Daniel Hoffend2015-12-151-0/+3
| | | | | | | | | | | | | | | | * scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code. -- Signed-off-by: Daniel Hoffend <[email protected]> GnuPG-bug-id: 2167 In Windows 8 (and later), PC/SC service only runs when reader/token is plugged in. After its removal, it returns PCSC_E_NO_SERVICE error. This error should be handled as no reader. This comment is by gniibe. (backport of commit d1a97585c5e73fbc7d4cf90e38f76ffc5aea305f)
* scd: Simplify saving application context.NIIBE Yutaka2015-12-151-61/+41
| | | | | | | | | | | | | | | | | * scd/app.c (lock_table): Remove LAST_APP field. (lock_reader, app_dump_state, application_notify_card_reset) (release_application): Follow the change. (check_conflict): New. (check_application_conflict): Lock the slot and call check_conflict. (select_application): Call check_conflict and not use LAST_APP. -- We don't need LAST_APP field but just keep the application context by APP field. Since we have a reference counter, it is possible if we can deallocate or not. (backport of commit 9639af5f16a7ed908cbce2415330b9fcd88edc90)
* scd: Fix "Conflicting usage" bug.NIIBE Yutaka2015-12-153-27/+13
| | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we got an error from apdu_disconnect. * scd/app-common.h (no_reuse): Remove. * scd/app.c (application_notify_card_reset): Deallocate APP here. (select_application, release_application): Don't use NO_REUSE. -- Reproducible scenario: Invoke gpg --card-edit session from a terminal. Invoke another gpg --card-edit session from another. Remove a token. Insert a token again. Type RET on both terminals. One of terminal answers "Conflicting usage". Perhaps, having NO_REUSE field was to avoid race conditions. Now, APP can be safely deallocated by application_notify_card_reset. Thanks to the2nd. (backport of commit f42c50dbf00c2e6298ca6830cbe6d36805fa54a3)
* scd: Fix ccid-driver timeout for OpenPGPcard v2.1.NIIBE Yutaka2015-09-171-3/+6
| | | | | | | | | | | | | | * scd/ccid-driver.c (CCID_CMD_TIMEOUT): New. (ccid_transceive_apdu_level, ccid_transceive): Use. -- It is reported that key generation causes timeout with OpenPGPcard v2.1. Ideally, timeout value could be determined at run-time by examining card's ATR. Compile-time fixed value is OK for internal CCID driver. (cherry-picked from 2.1 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa)
* scd: pinpad workaround for PC/SC implementations.NIIBE Yutaka2015-06-231-4/+12
| | | | | | | | | | | | | | * scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer for TPDU card reader. -- (backport from 2.1 commit 5e1d2fe6555d06f9dcd2daac713b2edfbc0428a5) GnuPG-bug-id: 2003, 2004 This is needed for PC/SC on Debian Jessie. Note that it's not only for Cherry ST-2000, but also, for any TPDU card readers.
* scd: Fix Cherry ST-2000 support for pinpad input.NIIBE Yutaka2015-06-232-6/+16
| | | | | | | | | | | | * scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15. * scd/ccid-driver.c (ccid_transceive_secure): Add zero for the template of APDU. -- (backport from 2.1 commit 444e9232aa9e00aacd939cbf7bdb881b550dfebe) GnuPG-bug-id: 2003, 2004
* scd: PC/SC reader selection by partial string match.NIIBE Yutaka2015-05-012-10/+21
| | | | | | | | | | | | | | | | | | * scd/apdu.c (open_pcsc_reader_direct): Partial string match. * scd/pcsc-wrapper.c (handle_open): Likewise. -- (backport from 2.1 commit 01a2a61bc4b34817c4216888265f65d59a33dad3) The card reader name by PC/SC service might include USB bus, which varies (on some platform like GNU/Linux). Thus, it's better to match partial string. Original patch was submitted by anstein. I changed it to fallback to the first reader if no match found. GnuPG-bug-id: 1618, 1930
* scd: better handling of extended APDU.NIIBE Yutaka2015-04-153-83/+87
| | | | | | | | | | | | | | | | | * scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0. * scd/app-common.h (struct app_ctx_s): Use bit fields for flags. * scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard. (struct ccid_driver_s): New field of max_ccid_msglen. Remove ifsd field. (parse_ccid_descriptor): Initialize max_ccid_msglen. (ccid_transceive_apdu_level): Implement sending extended APDU in chain of CCID message. -- With this patch, we won't need PC/SC library/service any more. GnuPG-bug-id: 1947 (backported from 2.1 commit 971d558e862db878a7310e06ed7116dbe36886ab)
* scd: Fix possible NULL deref in apdu.cWerner Koch2015-04-151-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL. (control_pcsc_wrapped): Ditto. -- pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as NULL. Reported by Stack 0.3: bug: anti-dce model: | control_pcsc.exit77: %retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \ %pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ] %tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728 br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728 stack: - /home/wk/s/gnupg/scd/apdu.c:1882:0 ncore: 1 core: - /home/wk/s/gnupg/scd/apdu.c:1309:0 - buffer overflow (backported from 2.1 commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa)
* Use inline functions to convert buffer data to scalars.Werner Koch2015-02-124-26/+24
| | | | | | | | | | | | | | | | * include/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -- This fixes sign extension on shift problems. Hanno Böck found a case with an invalid read due to this problem. To fix that almost all uses of "<< 24" and "<< 8" are changed by this patch to use an inline function from host2net.h. (back ported from commit 2183683bd633818dd031b090b5530951de76f392) Signed-off-by: Werner Koch <[email protected]>
* Remove incorrect expression leading to errors.Joshua Rogers2015-01-251-1/+1
| | | | | | | | | | | | * scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'. -- Variable 'rc' in send_escape_cmd was overwritten before it was returned, leading to incorrect computation. Signed-off-by: Joshua Rogers <[email protected]> [Log entry reformatted - wk]
* scd: Avoid double-free on error condition in scdDaniel Kahn Gillmor2015-01-131-4/+2
| | | | | | | | | | | | * scd/command.c (cmd_readkey): avoid double-free of cert -- When ksba_cert_new() fails, cert will be double-freed. Debian-Bug-Id: 773471 Original patch changed by wk to do the free only at leave.
* scd: Fix possibly inhibited checkpin of the admin pin.Werner Koch2015-01-091-1/+1
| | | | | | | * scd/app-openpgp.c (do_check_pin): Do not check a byte of a released buffer. Signed-off-by: Werner Koch <[email protected]>
* scd: fix get_public_key for OpenPGPcard v1.0.Joshua Rogers2015-01-081-1/+1
| | | | | | | | | | | * scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use. -- Inside the get_public_key function, 'fp' was opened using popen, but incorrectly closed using fclose. Debian-Bug-Id: 773474
* scd: Allow for certificates > 1024 with PC/SC.Andreas Schwier2014-07-211-1/+1
| | | | | * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too allow for larger certificates.
* scd: Support reader Gemalto IDBridge CT30Werner Koch2014-06-271-0/+6
| | | | | | | | | | | | * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that reader. (GEMPC_CT30): New product id. -- GnuPG-bug-id: 1638 Resolved conflicts: scd/ccid-driver.h - Removed. product ids are in ccid-driver.c.
* Remove thread callbacks for libgcrypt >= 1.6.Werner Koch2014-06-241-2/+9
| | | | | | | | | | | | * agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with libgcrypt >= 1.6. (main): Ditto. * scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto. (main): Ditto. -- This is not anymore needed but kept for compatibility with Libgcrypt < 1.6.
* Improve configure option --with-libgpg-error-prefixWerner Koch2014-06-241-2/+2
| | | | | | | | | | | -- GnuPG-bug-id: 1561 Note that this is not a complete solution. The libgpg-error include directory has now a higher preference but ld may not pick up the right library if another one is installed. The problem is that the -L option and the -l options are not emitted separately by gpg-error-config.
* scd: Skip S/N reading for the "undefined" application.Werner Koch2014-03-121-64/+79
| | | | | | | | | | | * scd/app.c (select_application): Skip serial number reading. -- (cherry picked from commit 792e137ec7997a0ff5c54ff970611238d28d4ba8) Resolved conflicts: scd/app.c: Take care of already changed geldkarte/dinsig order.
* scd: Fix two compiler warnings.Werner Koch2013-11-272-129/+129
| | | | | * scd/apdu.c (pcsc_vendor_specific_init): Add suggested parens. * scd/ccid-driver.c (ccid_get_atr): Cast DEBUGOUT_1 arg to int.
* scd: more pinpad input fix for PC/SC.NIIBE Yutaka2013-11-131-10/+5
| | | | | | | | | | * scd/apdu.c (check_pcsc_pinpad): Set default values here. (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default values, as it's too late. -- cherry picked from master.
* scd: more pinpad fix.NIIBE Yutaka2013-11-111-8/+5
| | | | | | | | | | * scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when those are specified. (pcsc_pinpad_modify): Remove old check code. -- cherry picked from master.
* scd: pinpad fix for PC/SC on Windows.NIIBE Yutaka2013-10-291-1/+8
| | | | | | | | * scd/apdu.c (SCARD_CTL_CODE): Fix for Windows. -- cherry picked from master.
* scd: fix pinpad input on Windows.NIIBE Yutaka2013-10-251-1/+2
| | | | | | | | | | * scd/apdu.c (open_pcsc_reader_direct): Don't call pcsc_vendor_specific_init here, but... (connect_pcsc_card): Call it here. -- Thanks to Martin Wolters for the bug report (backport from master).
* scd: add pinpad readers information for PC/SC service.NIIBE Yutaka2013-10-161-11/+26
| | | | | | | | | | * scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN Advance. -- Cherry pick from master.
* scd: remove pin length check.NIIBE Yutaka2013-10-151-6/+0
| | | | | | | | | * scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin length. -- GnuPG-bug-id: 1549 Cherry pick from master.
* scd: PC/SC pinpad input improvement.NIIBE Yutaka2013-08-301-62/+168
| | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and PINPAD_VERLEN_SUPPORTED. (CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES, PCSCv2_PART10_PROPERTY_*): New. (new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax. (pcsc_vendor_specific_init): New. (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call pcsc_vendor_specific_init. (check_pcsc_pinpad): Not detect here but use the result of pcsc_vendor_specific_init. (pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage. -- (cherry picked from commit 95a3bffeaf07e8bf9487d4b165c336d166236fc1) Signed-off-by: NIIBE Yutaka --
* scd: add support for RSA_CRT and RSA_CRT_N key import.Jonas Borgström2013-08-291-7/+68
| | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support. -- Updates of original patch by wk: - unsigned char *rsa_u, *rsa_dp, rsa_dq; + unsigned char *rsa_u, *rsa_dp, *rsa_dq; and AUTHORS. Missing signed-off-by assumed due to DCO send the other day. (cherry picked from commit cc67918c088e90c1d9a507af5f6288e8faa93d87) Solved conflicts: AUTHORS => Removed scd/app-openpgp.c => s/.rsa.format/.format/.
* scd: fix parsing login-data DO.NIIBE Yutaka2013-08-271-12/+13
| | | | | | | | * scd/app-openpgp.c (parse_login_data): Release RELPTR. Fix parsing. -- Signed-off-by: NIIBE Yutaka
* scd: fix Vega for Alpha reader.NIIBE Yutaka2013-08-271-2/+6
| | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling and size of command. -- Signed-off-by: NIIBE Yutaka
* scd: Make SPRx32 pinpad work with PC/SC on Windows.Werner Koch2013-08-211-7/+27
| | | | | | | | | | | | * scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE. (SCARD_CTL_CODE): Define if not defined. (reader_table_s): Add is_spr532. (new_reader_slot): Clear it. (check_pcsc_pinpad): Set it. (pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 5c5e52df4b92e23045ac87abac09357de58920d4)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 11:53:57 +0000