aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd:p15: Accept P15 cards with a zero-length label.Werner Koch2025-04-241-2/+11
| | | | | | | | | | | * scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label. -- Some versions of the CardOS personalisation software seem to store a missing labels as zero-length object instead of not storing the object at all. Due to a lack of such a card this patch has not been tested.
* scd,w32: Fix posssible lockup due to lost select results.Werner Koch2025-04-021-2/+5
| | | | | | | | | | | | | | | | | * scd/scdaemon.c (handle_connections) [W32]: Do not continue the loop when an event was encountered. -- Here the event handle is passed to npth_eselect so that this function can detect the event and reset the event. There is no need to consume this information here. However, npth_select might also got a ready file descriptor along with the event and by doing a "continue" we would miss the ready state of the file descriptor. The fix is to do nothing here, similar to what we do in gpg-agent. Fixes-commit: f9acc7d18bb90f47dafe7e32ae92f567756d6b12 GnuPG-bug-id: 2982 (cherry picked from commit a7ec3792c5d1891180265c946bc021cd8a205e54)
* scd: No hard lock-up when apdu_connect never returns.NIIBE Yutaka2024-11-181-4/+15
| | | | | | | | | | | | * scd/app.c (new_card_lock): New. (select_application): Scanning is serialized by NEW_CARD_LOCK. For app_new_register, we hold the W-lock. (initialize_module): Initialize NEW_CARD_LOCK. -- GnuPG-bug-id: 7402 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix a memory leak.NIIBE Yutaka2024-11-131-0/+4
| | | | | | | | * scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix resource leaks on error paths.NIIBE Yutaka2024-11-132-4/+13
| | | | | | | | | | * scd/app-dinsig.c (do_readcert): Don't return directly but care about releasing memory. * scd/app-nks.c (readcert_from_ef): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clean up app_send_active_apps and app_send_card_list.NIIBE Yutaka2024-11-121-8/+6
| | | | | | | | | | | * scd/app.c (send_card_and_app_list): Only handle the case with WANTCARD=NULL. (app_send_card_list): Follow the change. (app_send_active_apps): Factor out the case with WANTCARD!=NULL. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix getinfo active_apps.NIIBE Yutaka2024-11-081-1/+3
| | | | | | | | | | * scd/app.c (send_card_and_app_list): Avoid locking recursively. -- Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b GnuPG-bug-id: 7323 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Serialize CARD access for send_card_and_app_list.NIIBE Yutaka2024-11-081-2/+7
| | | | | | | | | * scd/app.c (send_card_and_app_list): Lock the CARD. -- GnuPG-bug-id: 7323 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add <unistd.h> for read(2) / write(2) .NIIBE Yutaka2024-10-301-0/+1
| | | | | | | | | | | * scd/app.c: Include <unistd.h>. -- Reported-by: David Bohman GnuPG-bug-id: 7193 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 1d5cfa9b7fd22e1c46eeed5fa9fed2af6f81d34f)
* w32: Fix last commit to build on Windows.Werner Koch2024-09-201-1/+1
| | | | | | | | * scd/app.c (struct mrsw_lock): Move notify_watchers out of the system specific condition. -- Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
* scd: Fix DEVINFO, allowing no clients which watch the change.NIIBE Yutaka2024-09-201-3/+7
| | | | | | | | | | | * scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers. (card_list_signal): Only when watchers wait, kick by write(2). (card_list_wait): Increment/decrement notify_watchers field. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix DEVINFO to allow multiple clients.NIIBE Yutaka2024-09-191-0/+9
| | | | | | | | | * scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New getinfo subcommand "manufacturer"Werner Koch2024-08-073-3/+12
| | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand "manufacturer". * scd/app-openpgp.c (get_manufacturer): Rename to ... (app_openpgp_manufacturer): this and make global. -- Example: $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye D Magrathea OK
* scd: New getinfo subcommand "dump_state".Werner Koch2024-08-071-4/+7
| | | | | | | | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand. Always init CTRL for simplicity. -- A state dump looks like app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1 app_dump_state: app=0x00007f1b38018100 type='openpgp' app_dump_state: app=0x00007f1b3800cb70 type='piv' app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0 app_dump_state: app=0x00007f1b38016fc0 type='openpgp' and can also be triggered by a SIGUSR1. This explicit command allows to dump the state also on Windows. Use for example gpg-connect-agent 'scd getinfo dump_state' /bye
* agent: Handle SCD DEVINFO --watch command in a special way.Werner Koch2024-07-011-1/+1
| | | | | | | | | | | | | * agent/call-scd.c (devinfo_watch_thread): New. (agent_card_devinfo): New. (agent_card_scd): Call agent_card_devinfo when it's DEVINFO_WATCH_COMMAND. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit b3f1f2cd192b71f2c19ec6f871ece0c175d46db0)
* scd: Restrict use of DEVINFO --watch command for socket connection.NIIBE Yutaka2024-07-011-1/+8
| | | | | | | | | | | * scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when it's not socket when KEEP_LOOPING != 0. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit d98521b934ec6a5abb0ad18e39a26009a8806c52)
* scd: Finish DEVINFO --watch command on input close.NIIBE Yutaka2024-07-011-9/+85
| | | | | | | | | | | | | | | * scd/app.c (card_list_signal): Use pipe on POSIX system, event on Windows. (card_list_wait): Detect input change as well as card list event change. (app_send_devinfo): Finish the command on input close. (initialize_module_command): Initialize pipe or event. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 36d8cffc6cd2838e7cb439c566fdd2b3dd076c15)
* scd: Factor out scd_init_event function.NIIBE Yutaka2024-07-012-26/+35
| | | | | | | | | * scd/scdaemon.c (scd_init_event): New. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 9aa6faaf10cf6739b0ddf5b42b6181a5c2a0000c)
* Fix the previous commit.NIIBE Yutaka2024-07-011-0/+2
| | | | | | | | | | | * scd/scdaemon.c (start_connection_thread): Recover call of scd_command_handler. -- GnuPG-bug-id: 7160 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 9bc3f2ad52ce527a3eb1a713eef3268affa0697e)
* scd: Fix how scdaemon pipe server finishes.NIIBE Yutaka2024-07-013-15/+8
| | | | | | | | | | | | | | | * scd/scdaemon.h (scd_command_handler): Fix the return type. * scd/command.c (scd_command_handler): Not return a value. * scd/scdaemon.c (pipe_server): Make it auto variable in main. (main): Use auto PIPE_SERVER variable. (start_connection_thread): When it's a pipe connection and it finishes, let the service shutdown. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 01fa318be0f8ca60c78d99403fbfb75edb521b16)
* scd: Avoid buffer overrun with more than 16 PC/SC readers.Jakub Jelen2024-05-291-1/+1
| | | | | | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Fix end condition. -- Signed-off-by: Jakub Jelen <[email protected]> This is part of GnuPG-bug-id: 7129 Fixes-commit: e8534f899915a039610973a84042cbe25a5e7ce2 (cherry picked from commit 4c1b0070354db0b9b0516d9e5453e47fc03a0aac)
* scd:openpgp: Add new vendor.Werner Koch2024-05-291-0/+2
| | | | --
* scd:openpgp: Robust Data Object handling for constructed case.NIIBE Yutaka2024-05-161-0/+50
| | | | | | | | | | | | | | * scd/app-openpgp.c (get_cached_data): When it comes with its tag and length for the constructed Data Object, remove them. -- Cherry-pick master commit of: 35ef87d8d9db42c3077996317781986a692552cc GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Improve code reability of ccid-driver.cWerner Koch2024-03-071-96/+49
| | | | | * scd/ccid-driver.c (my_npth_unprotect, my_npth_protect): New. Replace all direct uses by these wrappers.
* scd: Add support for ACR-122UWerner Koch2024-03-072-1/+7
| | | | | | | | | * scd/ccid-driver.h (VENDOR_ACR, ACR_122U): New. * scd/ccid-driver.c (ccid_open_usb_reader): Do not call libsub_set_interface_alt_setting for this reader. -- Co-authored-by: [email protected]
* scd: Let the CCID module auto detach the kernel driver.Werner Koch2024-03-073-0/+41
| | | | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Call libusb_set_auto_detach_kernel_driver. * scd/scdaemon.c (oCompatibilityFlags): New. (opts): Add option "compatibility-flags". (compatibility_flags): New. (main): Parse flags. * scd/scdaemon.h (opt): Add field compat_flags. (COMPAT_CCID_NO_AUTO_DETACH): New.
* scd:p15: Fix typo in a commentMario Haustein2024-02-201-1/+1
|
* scd:p15: Add ECC support for D-Trust Card 4.1/4.4Mario Haustein2024-02-201-6/+4
| | | | | | * scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC cards. (do_decipher): Ditto.
* scd:p15: Take derive usage into account for decryption (2).Werner Koch2024-02-201-1/+2
| | | | | | | * scd/app-p15.c (do_getattr): Yet another palce to fix. -- GnuPG-bug-id: 7000 Co-authored-by: Mario Haustein <[email protected]>
* scd:p15: Handle duplicate certificate ids.Werner Koch2024-02-201-2/+44
| | | | | | | | | | | * scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter. (objid_in_cdflist_p): New. (read_p15_info): Clear the counter. (read_ef_cdf): Detect and fix duplicate IDs. -- GnuPG-bug-id: 7001 Reported-by: Mario Haustein <[email protected]>
* scd:p15: Take derive usage into account for decryption.Werner Koch2024-02-201-15/+21
| | | | | | | | | | | | | | | | * scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'. (do_auth): Allow usageflags.sign_recover. (do_decipher): Allow usageflags.derive. (do_with_keygrip): Take usageflags.derive into account. (do_gettatr): Ditto. (do_decipher): Take a missing AODF for authentication not needed. -- This is required for D-Trust ECC cards. The AODF thing is unrelated but seems to be a good idea. GnuPG-bug-id: 7000
* scd:openpgp: Allow PIN length of 6 also with a reset code.Werner Koch2024-01-301-2/+15
| | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b scd:openpgp: Allow PIN length of 6 also with a reset code. * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
* doc: Fix spelling errors found by lintian.Werner Koch2024-01-291-1/+1
| | | | | | -- Reported-by: Andreas Metzler <[email protected]>
* scd:p15: Allow signing for CVISION cardsWerner Koch2024-01-101-4/+81
| | | | | | | | | | | * scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION product. -- The code for the Starcos cards has been implemented according to the 3.52 manual However, this does not work with my test cards. Protocol analysis shows that decryption can be used for the cryptovision product. Thus we do it the same for now.
* scd:p15: Allow PIN verification and decryption for CVISION cards.Werner Koch2024-01-091-15/+55
| | | | | | | | | | | | | | | | * scd/app-p15.c (CARD_PRODUCT_CVISION): New. (IS_STARCOS_3): New. (read_p15_info): Detect this product. (prepare_verify_pin): Add special handling for this product. (do_decipher): Use dedicated MSE for Starcos 3 cards. -- To check the verification run gpg-card verify User_PIN For our test cards the "Benutzer-PIN" must be given. For decryption tests gpgsm can be used; --always-trust helps to avoid chain issues.
* scd: Add support for SCE 7.0Werner Koch2024-01-043-5/+108
| | | | | | | | | | | | | | | | | * scd/app-common.h (CARDTYPE_SCE7): New. * scd/app.c (strcardtype): Support it. (atr_to_cardtype): New. (app_new_register): Try to get the cardtype from atr_to_cardtype. * scd/app-piv.c (app_select_piv): Tweak for SCE7. Add general method to construct a S/N from the Card UUID. -- The test cards I have are rsa2048 with X.509 certificates. I don't have the entire chain but loading the certificates work. For testing I created an OpenPGP key from the keys and tested signing and decryption. GnuPG-bug-id: 6919
* scd:openpgp: Add the length check for new PIN.NIIBE Yutaka2023-12-221-16/+32
| | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Make sure new PIN length is longer than MINLEN. -- GnuPG-bug-id: 6843 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Add a diagnostic for unsupported DTRUST4 features.Werner Koch2023-12-201-1/+4
| | | | * scd/app-p15.c (do_sign): Add a diagnostic.
* scd:p15: Add support for D-Trust Card 4.1/4.4Mario Haustein via Gnupg-devel2023-12-201-9/+71
| | | | | | | | | * scd/app-p15.c (CARD_PRODUCT_DTRUST4) New. (app_select_p15): This cards uses a different AID for PKCS#15 application (do_sign): The card doesn't support MSE SET, but requires MSE RESTORE to a predefined template. (do_decipher): Ditto.
* scd:p15: Add support for CardOS 5.4Mario Haustein via Gnupg-devel2023-12-201-2/+8
| | | | * scd/app-p15.c (CARD_TYPE_CARDOS_54): New.
* scd:openpgp: Fallback to default ECDH params in writekey.Werner Koch2023-11-231-3/+5
| | | | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Use default ECDH parameters and remove the now useless check. -- This seems to be better than bailing out. In almost all cases our standard parameters are used and if not, well, the fingerprint will be wrong. GnuPG-bug-id: 6378
* scd: New option --debug-allow-pin-logging.Werner Koch2023-11-213-4/+10
| | | | | | | | | | | | | * scd/scdaemon.c (oDebugAllowPINLogging): New. (opts): Add option. (main): Set option. * scd/scdaemon.h (opt): Add debug_allow_pin_logging. * scd/apdu.c (pcsc_send_apdu): Do not hide the PIN dat in the debug output if the option is set. (send_apdu_ccid): Ditto. -- This option is only required during development.
* scd:p15: Basic support for Starcos 3.2.Werner Koch2023-11-161-32/+51
| | | | | | | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_STARCOS_32): New. (card_atr_list): Add ATR for my sample card. (cardtype2str): Add starcos string. (select_ef_by_path): Factor all code out to ... (select_by_path): this. Add arg to request a directory. Simplify the case pathlen>1 case. Fix error printing. (select_df_by_path): New. (prepare_verify_pin): For starcos select a DF. (app_select_p15): Don't use extended mode for starcos. -- This allows reading the certificates from my sample cards. Signing does not yet work; I need to do get some I/O traces using other software. The basic support for AET cards shut still work but I have not found my AET card.
* scd: Minor debug output tweakWerner Koch2023-11-162-2/+4
| | | | | * scd/apdu.c (send_le): Do not dump "[all zero]" if tehre is no data. * scd/iso7816.c (iso7816_select_mf): Cosmetic fix.
* scd: Return GPG_ERR_PIN_BLOCKED when it's blocked.NIIBE Yutaka2023-11-081-2/+2
| | | | | | | | | | | | | | * scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use GPG_ERR_PIN_BLOCKED. (check_pin): Likewise. -- Cherry-pick from master commit: e6b3d53db36dba8aef640fc0a99cc079551a965a GnuPG-bug-id: 6425 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Return better error codes for the Reset Code.Werner Koch2023-10-061-3/+3
| | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where appropriate. * common/util.h: Add error codes missing in gpgrt 1.46. * agent/call-pinentry.c (unlock_pinentry): Handle GPG_ERR_BAD_RESET_CODE. (agent_askpin): Ditlo. Also simply condition. (agent_get_passphrase): Ditto. * g10/call-agent.c (status_sc_op_failure): Handle GPG_ERR_BAD_RESET_CODE. * g10/card-util.c (write_sc_op_status): Ditto. * tools/card-call-scd.c (status_sc_op_failure): Ditto.
* scd:p15: Make signing work for Nexus cards.Werner Koch2023-07-041-12/+19
| | | | | | | | * scd/app-p15.c (CARD_PRODUCT_NEXUS): New. (read_p15_info): Detect Nexus cards. (get_dispserialno): Use product_id instead of comparing the manufacturer_id. (do_sign): Handle Nexus like BELPIC.
* scd:piv: Fix authentication with Administration Key.NIIBE Yutaka2023-06-281-2/+2
| | | | | | | | | | | | | * scd/app-piv.c (auth_adm_key): Fix the value of the Response Tag. (do_setattr): Fix the comment. -- Cherry-pick master commit of: 7cfbf0dd72d8d5c14fbf19c13722d153bd1cbd70 Reported-by: Heiko Schäfer <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Add missing supportedOS Ids for Windows-10Werner Koch2023-05-241-0/+1
| | | | --
* w32: Add missing manifests and set a requestedExecutionLevel.Werner Koch2023-05-243-1/+32
| | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.w32-manifest.in: New. * dirmngr/dirmngr-client-w32info.rc: New. * dirmngr/dirmngr-client.w32-manifest.in: New. * dirmngr/dirmngr-w32info.rc: New. * dirmngr/dirmngr.w32-manifest.in: New. * dirmngr/dirmngr_ldap-w32info.rc: New. * dirmngr/dirmngr_ldap.w32-manifest.in: New. * g10/gpgv-w32info.rc: New. * g10/gpgv.w32-manifest.in: New. * kbx/keyboxd.w32-manifest.in: New. * scd/scdaemon.w32-manifest.in: New. * sm/gpgsm.w32-manifest.in: New. -- This avoids the use of the VirtualStore uner Windows. GnuPG-bug-id: 6503
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 17:49:16 +0000