aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd: No hard lock-up when apdu_connect never returns.NIIBE Yutaka2024-11-181-4/+15
| | | | | | | | | | | | * scd/app.c (new_card_lock): New. (select_application): Scanning is serialized by NEW_CARD_LOCK. For app_new_register, we hold the W-lock. (initialize_module): Initialize NEW_CARD_LOCK. -- GnuPG-bug-id: 7402 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clean up app_send_active_apps and app_send_card_list.NIIBE Yutaka2024-11-121-8/+6
| | | | | | | | | | | * scd/app.c (send_card_and_app_list): Only handle the case with WANTCARD=NULL. (app_send_card_list): Follow the change. (app_send_active_apps): Factor out the case with WANTCARD!=NULL. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix a memory leak.NIIBE Yutaka2024-11-111-0/+4
| | | | | | | | * scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix resource leaks on error paths.NIIBE Yutaka2024-11-112-4/+13
| | | | | | | | | | * scd/app-dinsig.c (do_readcert): Don't return directly but care about releasing memory. * scd/app-nks.c (readcert_from_ef): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix getinfo active_apps.NIIBE Yutaka2024-11-061-1/+3
| | | | | | | | | | * scd/app.c (send_card_and_app_list): Avoid locking recursively. -- Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b GnuPG-bug-id: 7323 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Serialize CARD access for send_card_and_app_list.NIIBE Yutaka2024-11-061-2/+7
| | | | | | | | | * scd/app.c (send_card_and_app_list): Lock the CARD. -- GnuPG-bug-id: 7323 Signed-off-by: NIIBE Yutaka <[email protected]>
* common,gpg,scd,sm: Fix for Curve25519 OID supporting new and old.NIIBE Yutaka2024-10-081-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (openpgp_curve_to_oid): Add new argument to select OID by OpenPGP version. * common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning selected OID for Curve25519. * common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change, selecting by the version. * g10/export.c (match_curve_skey_pk): Likewise. (transfer_format_to_openpgp): Likewise. * g10/gpg.c (list_config): Likewise, print new OID. * g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version. * sm/encrypt.c (ecdh_encrypt): Likewise, don't care. * sm/minip12.c (build_ecc_key_sequence): Likewise, new OID. * scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't care. (ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise, old OID. -- GnuPG-bug-id: 7316 Signed-off-by: NIIBE Yutaka <[email protected]>
* common,gpg,scd,sm: Use openpgp_oid_or_name_to_curve to get curve.NIIBE Yutaka2024-10-081-2/+1
| | | | | | | | | | | | * common/sexputil.c (pubkey_algo_string): Use openpgp_oid_or_name_to_curve. * g10/card-util.c (current_card_status, ask_card_keyattr): Likewise. * scd/app-piv.c (writekey_ecc): Likewise. * sm/fingerprint.c (gpgsm_get_key_algo_info): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Fix last commit to build on Windows.Werner Koch2024-09-201-1/+1
| | | | | | | | * scd/app.c (struct mrsw_lock): Move notify_watchers out of the system specific condition. -- Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
* scd: Fix DEVINFO, allowing no clients which watch the change.NIIBE Yutaka2024-09-201-3/+7
| | | | | | | | | | | * scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers. (card_list_signal): Only when watchers wait, kick by write(2). (card_list_wait): Increment/decrement notify_watchers field. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix DEVINFO to allow multiple clients.NIIBE Yutaka2024-09-181-0/+9
| | | | | | | | | * scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:w32: Fix for setting an environment block with GNUPGHOME.NIIBE Yutaka2024-09-061-3/+2
| | | | | | | | | | * scd/app.c (report_change): It's ASCII or multi-byte encoded string. It's gpgrt's spawn function which converts it to wide char string internally if needed. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:w32: Export GNUPGHOME for scd-event.NIIBE Yutaka2024-09-051-12/+11
| | | | | | | | * scd/app.c (report_change): Set up GNUPGHOME. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New getinfo subcommand "manufacturer"Werner Koch2024-08-053-3/+12
| | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand "manufacturer". * scd/app-openpgp.c (get_manufacturer): Rename to ... (app_openpgp_manufacturer): this and make global. -- Example: $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye D Magrathea OK
* scd: New getinfo subcommand "dump_state".Werner Koch2024-08-021-4/+7
| | | | | | | | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand. Always init CTRL for simplicity. -- A state dump looks like app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1 app_dump_state: app=0x00007f1b38018100 type='openpgp' app_dump_state: app=0x00007f1b3800cb70 type='piv' app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0 app_dump_state: app=0x00007f1b38016fc0 type='openpgp' and can also be triggered by a SIGUSR1. This explicit command allows to dump the state also on Windows. Use for example gpg-connect-agent 'scd getinfo dump_state' /bye
* scd: Avoid memory leak.Jakub Jelen2024-07-221-0/+1
| | | | | | | | | * scd/app-p15.c (do_sign): Free allocated memory on error. -- GnuPG-bug-id: 7201 Signed-off-by: Jakub Jelen <[email protected]>
* common: On Windows, we care about how PIPE handles are inherited.NIIBE Yutaka2024-07-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): It's for POSIX. * kbx/keyboxd.c (handle_connections): Ditto. * scd/app.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. tpm2d/tpm2daemon.c (handle_connections): Ditto. * tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH. (do_inbound_pipe): Use GNUPG_PIPE_INBOUND. (do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND. * common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound. (_gpg_decrypt): Likewise. * common/exechelp-posix.c (gnupg_create_pipe): Add an argument. * common/exechelp-w32.c (create_pipe_and_estream): Care about how PIPE handles are inherited to child process. (gnupg_create_pipe): Add an argument. * common/exechelp.h: Add enum values. -- Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add <unistd.h> for read(2) / write(2) .NIIBE Yutaka2024-07-091-0/+1
| | | | | | | | | | * scd/app.c: Include <unistd.h>. -- Reported-by: David Bohman GnuPG-bug-id: 7193 Signed-off-by: NIIBE Yutaka <[email protected]>
* Use gpgrt_process_spawn API from libgpg-error.NIIBE Yutaka2024-07-092-6/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API. * common/asshelp.c (start_new_service): Ditto. * common/exechelp.h: Remove gnupg_process_spawn API. * common/exechelp-posix.c: Remove gnupg_process_spawn implementation. * common/exechelp-w32.c: Likewise. * common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API. * common/t-exechelp.c (test_pipe_stream): Remove. * dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use the gpgrt API. (ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto. * dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h. * g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API. * g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto. * g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h. * scd/apdu.c: No need to include exechelp.h. * scd/app.c (report_change): Use the gpgrt API. * sm/export.c, sm/import.c: No need to include exechelp.h. * tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap) (do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the gpgrt API. * tools/gpg-auth.c: No need to include exechelp.h. * tools/gpg-card.c (cmd_gpg): Use the gpgrt API. * tools/gpg-connect-agent.c: No need to include exechelp.h. * tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage) (start_gpg_encrypt): Use the gpgrt API. * tools/gpgconf-comp.c (gpg_agent_runtime_change) (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Ditto. * tools/gpgconf.c (show_versions_via_dirmngr): Ditto. * tools/gpgtar-create.c (gpgtar_create): Ditto. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- GnuPG-bug-id: 7192 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Restrict use of DEVINFO --watch command for socket connection.NIIBE Yutaka2024-06-261-1/+8
| | | | | | | | | | * scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when it's not socket when KEEP_LOOPING != 0. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Finish DEVINFO --watch command on input close.NIIBE Yutaka2024-06-251-9/+85
| | | | | | | | | | | | | | * scd/app.c (card_list_signal): Use pipe on POSIX system, event on Windows. (card_list_wait): Detect input change as well as card list event change. (app_send_devinfo): Finish the command on input close. (initialize_module_command): Initialize pipe or event. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Factor out scd_init_event function.NIIBE Yutaka2024-06-252-26/+35
| | | | | | | | * scd/scdaemon.c (scd_init_event): New. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix the previous commit.NIIBE Yutaka2024-06-171-0/+2
| | | | | | | | | | * scd/scdaemon.c (start_connection_thread): Recover call of scd_command_handler. -- GnuPG-bug-id: 7160 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix how scdaemon pipe server finishes.NIIBE Yutaka2024-06-173-15/+8
| | | | | | | | | | | | | | * scd/scdaemon.h (scd_command_handler): Fix the return type. * scd/command.c (scd_command_handler): Not return a value. * scd/scdaemon.c (pipe_server): Make it auto variable in main. (main): Use auto PIPE_SERVER variable. (start_connection_thread): When it's a pipe connection and it finishes, let the service shutdown. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* indent: Fix spellingDaniel Kahn Gillmor2024-05-3110-18/+18
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* spawn: Remove spawn callback, introduce gnupg_spawn_actions.NIIBE Yutaka2024-05-311-10/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (call_spawn_cb): Remove. (gnupg_spawn_actions_new, gnupg_spawn_actions_release) (gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork) (gnupg_spawn_actions_set_redirect) (gnupg_spawn_actions_set_inherit_fds): New. (my_exec, spawn_detached): Use spawn actions. (gnupg_spawn_helper): Remove. (gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions. * common/exechelp-w32.c: Ditto. * common/exechelp.h: Ditto. * agent/genkey.c (do_check_passphrase_pattern): Follow the change of gnupg_process_spawn API. * common/asshelp.c (start_new_service): Likewise. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * common/t-exechelp.c (test_pipe_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * g10/photoid.c (run_with_pipe): Likewise. * scd/app.c (report_change): Likewise. * tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd): Likewise. * tools/gpg-card.c (cmd_gpg): Likewise. * tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise. (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Avoid buffer overrun with more than 16 PC/SC readers.Jakub Jelen2024-05-281-1/+1
| | | | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Fix end condition. -- Signed-off-by: Jakub Jelen <[email protected]> This is part of GnuPG-bug-id: 7129 Fixes-commit: e8534f899915a039610973a84042cbe25a5e7ce2
* scd:openpgp: Add new vendor.Werner Koch2024-05-221-0/+1
| | | | --
* scd:piv: Support listing of retired keys with KEYINFO.Werner Koch2024-05-061-21/+21
| | | | | | | | | | | | * scd/app-piv.c (data_objects): Mark returned key as having a keypair. (do_with_keygrip): Check against encrusage and not used one tag. * tools/gpg-card.c (piv_keyref_is_retired): New. (list_all_kinfo): Pretty print retired keys. -- This allows to list all existing retired keys without using separate readkey commands.
* scd:openpgp: Robust Data Object handling for constructed case.NIIBE Yutaka2024-04-151-0/+50
| | | | | | | | | | | * scd/app-openpgp.c (get_cached_data): When it comes with its tag and length for the constructed Data Object, remove them. -- GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix data_objects specification for F9 and FA.NIIBE Yutaka2024-03-271-2/+2
| | | | | | | | | * scd/app-openpgp.c (data_objects): These are constructed objects. -- GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new OpenPGP vendorWerner Koch2024-03-261-0/+1
| | | | --
* Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-03-127-119/+179
|\ | | | | | | | | | | | | | | -- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
| * scd: Improve code reability of ccid-driver.cWerner Koch2024-03-071-96/+49
| | | | | | | | | | * scd/ccid-driver.c (my_npth_unprotect, my_npth_protect): New. Replace all direct uses by these wrappers.
| * scd: Add support for ACR-122UWerner Koch2024-03-072-1/+7
| | | | | | | | | | | | | | | | | | * scd/ccid-driver.h (VENDOR_ACR, ACR_122U): New. * scd/ccid-driver.c (ccid_open_usb_reader): Do not call libsub_set_interface_alt_setting for this reader. -- Co-authored-by: [email protected]
| * scd: Let the CCID module auto detach the kernel driver.Werner Koch2024-03-073-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Call libusb_set_auto_detach_kernel_driver. * scd/scdaemon.c (oCompatibilityFlags): New. (opts): Add option "compatibility-flags". (compatibility_flags): New. (main): Parse flags. * scd/scdaemon.h (opt): Add field compat_flags. (COMPAT_CCID_NO_AUTO_DETACH): New.
| * scd:p15: Fix typo in a commentMario Haustein2024-02-201-1/+1
| |
| * scd:p15: Add ECC support for D-Trust Card 4.1/4.4Mario Haustein2024-02-201-6/+4
| | | | | | | | | | | | * scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC cards. (do_decipher): Ditto.
| * scd:p15: Take derive usage into account for decryption (2).Werner Koch2024-02-201-1/+2
| | | | | | | | | | | | | | * scd/app-p15.c (do_getattr): Yet another palce to fix. -- GnuPG-bug-id: 7000 Co-authored-by: Mario Haustein <[email protected]>
| * scd:p15: Handle duplicate certificate ids.Werner Koch2024-02-201-2/+44
| | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter. (objid_in_cdflist_p): New. (read_p15_info): Clear the counter. (read_ef_cdf): Detect and fix duplicate IDs. -- GnuPG-bug-id: 7001 Reported-by: Mario Haustein <[email protected]>
| * scd:p15: Take derive usage into account for decryption.Werner Koch2024-02-201-15/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'. (do_auth): Allow usageflags.sign_recover. (do_decipher): Allow usageflags.derive. (do_with_keygrip): Take usageflags.derive into account. (do_gettatr): Ditto. (do_decipher): Take a missing AODF for authentication not needed. -- This is required for D-Trust ECC cards. The AODF thing is unrelated but seems to be a good idea. GnuPG-bug-id: 7000
| * scd:openpgp: Allow PIN length of 6 also with a reset code.Werner Koch2024-01-301-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b scd:openpgp: Allow PIN length of 6 also with a reset code. * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
| * doc: Fix spelling errors found by lintian.Werner Koch2024-01-291-1/+1
| | | | | | | | | | | | -- Reported-by: Andreas Metzler <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-01-264-24/+244
|\| | | | | | | | | | | | | | | -- Fixed conflicts: NEWS configure.ac doc/gpg.texi
| * scd:p15: Allow signing for CVISION cardsWerner Koch2024-01-101-4/+81
| | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION product. -- The code for the Starcos cards has been implemented according to the 3.52 manual However, this does not work with my test cards. Protocol analysis shows that decryption can be used for the cryptovision product. Thus we do it the same for now.
| * scd:p15: Allow PIN verification and decryption for CVISION cards.Werner Koch2024-01-091-15/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (CARD_PRODUCT_CVISION): New. (IS_STARCOS_3): New. (read_p15_info): Detect this product. (prepare_verify_pin): Add special handling for this product. (do_decipher): Use dedicated MSE for Starcos 3 cards. -- To check the verification run gpg-card verify User_PIN For our test cards the "Benutzer-PIN" must be given. For decryption tests gpgsm can be used; --always-trust helps to avoid chain issues.
| * scd: Add support for SCE 7.0Werner Koch2024-01-043-5/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (CARDTYPE_SCE7): New. * scd/app.c (strcardtype): Support it. (atr_to_cardtype): New. (app_new_register): Try to get the cardtype from atr_to_cardtype. * scd/app-piv.c (app_select_piv): Tweak for SCE7. Add general method to construct a S/N from the Card UUID. -- The test cards I have are rsa2048 with X.509 certificates. I don't have the entire chain but loading the certificates work. For testing I created an OpenPGP key from the keys and tested signing and decryption. GnuPG-bug-id: 6919
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2023-12-226-68/+184
|\| | | | | | | | | | | | | | | | | | | -- Fixed conflicts in NEWS g10/encrypt.c sm/encrypt.c sm/sign.c
| * scd:openpgp: Add the length check for new PIN.NIIBE Yutaka2023-12-221-16/+32
| | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Make sure new PIN length is longer than MINLEN. -- GnuPG-bug-id: 6843 Signed-off-by: NIIBE Yutaka <[email protected]>
| * scd:p15: Add a diagnostic for unsupported DTRUST4 features.Werner Koch2023-12-201-1/+4
| | | | | | | | * scd/app-p15.c (do_sign): Add a diagnostic.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 19:33:38 +0000