aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd:p15: Accept P15 cards with a zero-length label.Werner Koch3 days1-2/+11
| | | | | | | | | | | * scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label. -- Some versions of the CardOS personalisation software seem to store a missing labels as zero-length object instead of not storing the object at all. Due to a lack of such a card this patch has not been tested.
* gpgsm: Extend --learn-card by an optional s/n argument.Werner Koch2025-03-171-19/+52
| | | | | | | | | | | | | | | | * agent/command.c (cmd_learn): Allow for s/n argument. * agent/learncard.c (agent_handle_learn): Ditto. * agent/call-scd.c (agent_card_learn): Ditto. Pass it on to scd. * scd/command.c (cmd_switchcard): Factor most code out to ... (switchcard_core): new. (cmd_learn): Add option --demand to specify a s/n. * sm/gpgsm.c (main): Allow a s/n argument for --learn-card. -- This help Kleopatra to get a stable certificate listing. GnuPG-bug-id: 7379
* scd,w32: Fix posssible lockup due to lost select results.Werner Koch2025-03-141-2/+5
| | | | | | | | | | | | | | | | * scd/scdaemon.c (handle_connections) [W32]: Do not continue the loop when an event was encountered. -- Here the event handle is passed to npth_eselect so that this function can detect the event and reset the event. There is no need to consume this information here. However, npth_select might also got a ready file descriptor along with the event and by doing a "continue" we would miss the ready state of the file descriptor. The fix is to do nothing here, similar to what we do in gpg-agent. Fixes-commit: f9acc7d18bb90f47dafe7e32ae92f567756d6b12 GnuPG-bug-id: 2982
* Log the Windows system error code at more places.Werner Koch2025-03-051-3/+6
| | | | | | | | | | | | | | | * common/asshelp.c (log_libassuan_system_error): New. * agent/gpg-agent.c (create_server_socket): Use new log function. (handle_connections): Log system error code for a failed accept. * dirmngr/dirmngr.c (handle_connections): Ditto. * kbx/keyboxd.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. * tpm2d/tpm2daemon.c (handle_connections): Ditto. * dirmngr/dirmngr.c (main): Log system error code for a failed bin. * kbx/keyboxd.c (create_server_socket): Ditto. * scd/scdaemon.c (create_server_socket): Ditto. * tpm2d/tpm2daemon.c (create_server_socket): Ditto.
* scd: Use gpgrt_spawn_actions_set_env_rev to have clean semantics.NIIBE Yutaka2024-12-201-11/+3
| | | | | | | | | | * scd/app.c (report_change): Use gpgrt_spawn_actions_set_env_rev. -- It's UTF-8 string. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: No hard lock-up when apdu_connect never returns.NIIBE Yutaka2024-11-181-4/+15
| | | | | | | | | | | | * scd/app.c (new_card_lock): New. (select_application): Scanning is serialized by NEW_CARD_LOCK. For app_new_register, we hold the W-lock. (initialize_module): Initialize NEW_CARD_LOCK. -- GnuPG-bug-id: 7402 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clean up app_send_active_apps and app_send_card_list.NIIBE Yutaka2024-11-121-8/+6
| | | | | | | | | | | * scd/app.c (send_card_and_app_list): Only handle the case with WANTCARD=NULL. (app_send_card_list): Follow the change. (app_send_active_apps): Factor out the case with WANTCARD!=NULL. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix a memory leak.NIIBE Yutaka2024-11-111-0/+4
| | | | | | | | * scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix resource leaks on error paths.NIIBE Yutaka2024-11-112-4/+13
| | | | | | | | | | * scd/app-dinsig.c (do_readcert): Don't return directly but care about releasing memory. * scd/app-nks.c (readcert_from_ef): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix getinfo active_apps.NIIBE Yutaka2024-11-061-1/+3
| | | | | | | | | | * scd/app.c (send_card_and_app_list): Avoid locking recursively. -- Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b GnuPG-bug-id: 7323 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Serialize CARD access for send_card_and_app_list.NIIBE Yutaka2024-11-061-2/+7
| | | | | | | | | * scd/app.c (send_card_and_app_list): Lock the CARD. -- GnuPG-bug-id: 7323 Signed-off-by: NIIBE Yutaka <[email protected]>
* common,gpg,scd,sm: Fix for Curve25519 OID supporting new and old.NIIBE Yutaka2024-10-081-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (openpgp_curve_to_oid): Add new argument to select OID by OpenPGP version. * common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning selected OID for Curve25519. * common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change, selecting by the version. * g10/export.c (match_curve_skey_pk): Likewise. (transfer_format_to_openpgp): Likewise. * g10/gpg.c (list_config): Likewise, print new OID. * g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version. * sm/encrypt.c (ecdh_encrypt): Likewise, don't care. * sm/minip12.c (build_ecc_key_sequence): Likewise, new OID. * scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't care. (ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise, old OID. -- GnuPG-bug-id: 7316 Signed-off-by: NIIBE Yutaka <[email protected]>
* common,gpg,scd,sm: Use openpgp_oid_or_name_to_curve to get curve.NIIBE Yutaka2024-10-081-2/+1
| | | | | | | | | | | | * common/sexputil.c (pubkey_algo_string): Use openpgp_oid_or_name_to_curve. * g10/card-util.c (current_card_status, ask_card_keyattr): Likewise. * scd/app-piv.c (writekey_ecc): Likewise. * sm/fingerprint.c (gpgsm_get_key_algo_info): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Fix last commit to build on Windows.Werner Koch2024-09-201-1/+1
| | | | | | | | * scd/app.c (struct mrsw_lock): Move notify_watchers out of the system specific condition. -- Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
* scd: Fix DEVINFO, allowing no clients which watch the change.NIIBE Yutaka2024-09-201-3/+7
| | | | | | | | | | | * scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers. (card_list_signal): Only when watchers wait, kick by write(2). (card_list_wait): Increment/decrement notify_watchers field. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix DEVINFO to allow multiple clients.NIIBE Yutaka2024-09-181-0/+9
| | | | | | | | | * scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:w32: Fix for setting an environment block with GNUPGHOME.NIIBE Yutaka2024-09-061-3/+2
| | | | | | | | | | * scd/app.c (report_change): It's ASCII or multi-byte encoded string. It's gpgrt's spawn function which converts it to wide char string internally if needed. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:w32: Export GNUPGHOME for scd-event.NIIBE Yutaka2024-09-051-12/+11
| | | | | | | | * scd/app.c (report_change): Set up GNUPGHOME. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New getinfo subcommand "manufacturer"Werner Koch2024-08-053-3/+12
| | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand "manufacturer". * scd/app-openpgp.c (get_manufacturer): Rename to ... (app_openpgp_manufacturer): this and make global. -- Example: $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye D Magrathea OK
* scd: New getinfo subcommand "dump_state".Werner Koch2024-08-021-4/+7
| | | | | | | | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand. Always init CTRL for simplicity. -- A state dump looks like app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1 app_dump_state: app=0x00007f1b38018100 type='openpgp' app_dump_state: app=0x00007f1b3800cb70 type='piv' app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0 app_dump_state: app=0x00007f1b38016fc0 type='openpgp' and can also be triggered by a SIGUSR1. This explicit command allows to dump the state also on Windows. Use for example gpg-connect-agent 'scd getinfo dump_state' /bye
* scd: Avoid memory leak.Jakub Jelen2024-07-221-0/+1
| | | | | | | | | * scd/app-p15.c (do_sign): Free allocated memory on error. -- GnuPG-bug-id: 7201 Signed-off-by: Jakub Jelen <[email protected]>
* common: On Windows, we care about how PIPE handles are inherited.NIIBE Yutaka2024-07-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): It's for POSIX. * kbx/keyboxd.c (handle_connections): Ditto. * scd/app.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. tpm2d/tpm2daemon.c (handle_connections): Ditto. * tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH. (do_inbound_pipe): Use GNUPG_PIPE_INBOUND. (do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND. * common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound. (_gpg_decrypt): Likewise. * common/exechelp-posix.c (gnupg_create_pipe): Add an argument. * common/exechelp-w32.c (create_pipe_and_estream): Care about how PIPE handles are inherited to child process. (gnupg_create_pipe): Add an argument. * common/exechelp.h: Add enum values. -- Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add <unistd.h> for read(2) / write(2) .NIIBE Yutaka2024-07-091-0/+1
| | | | | | | | | | * scd/app.c: Include <unistd.h>. -- Reported-by: David Bohman GnuPG-bug-id: 7193 Signed-off-by: NIIBE Yutaka <[email protected]>
* Use gpgrt_process_spawn API from libgpg-error.NIIBE Yutaka2024-07-092-6/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API. * common/asshelp.c (start_new_service): Ditto. * common/exechelp.h: Remove gnupg_process_spawn API. * common/exechelp-posix.c: Remove gnupg_process_spawn implementation. * common/exechelp-w32.c: Likewise. * common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API. * common/t-exechelp.c (test_pipe_stream): Remove. * dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use the gpgrt API. (ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto. * dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h. * g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API. * g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto. * g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h. * scd/apdu.c: No need to include exechelp.h. * scd/app.c (report_change): Use the gpgrt API. * sm/export.c, sm/import.c: No need to include exechelp.h. * tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap) (do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the gpgrt API. * tools/gpg-auth.c: No need to include exechelp.h. * tools/gpg-card.c (cmd_gpg): Use the gpgrt API. * tools/gpg-connect-agent.c: No need to include exechelp.h. * tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage) (start_gpg_encrypt): Use the gpgrt API. * tools/gpgconf-comp.c (gpg_agent_runtime_change) (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Ditto. * tools/gpgconf.c (show_versions_via_dirmngr): Ditto. * tools/gpgtar-create.c (gpgtar_create): Ditto. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- GnuPG-bug-id: 7192 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Restrict use of DEVINFO --watch command for socket connection.NIIBE Yutaka2024-06-261-1/+8
| | | | | | | | | | * scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when it's not socket when KEEP_LOOPING != 0. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Finish DEVINFO --watch command on input close.NIIBE Yutaka2024-06-251-9/+85
| | | | | | | | | | | | | | * scd/app.c (card_list_signal): Use pipe on POSIX system, event on Windows. (card_list_wait): Detect input change as well as card list event change. (app_send_devinfo): Finish the command on input close. (initialize_module_command): Initialize pipe or event. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Factor out scd_init_event function.NIIBE Yutaka2024-06-252-26/+35
| | | | | | | | * scd/scdaemon.c (scd_init_event): New. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix the previous commit.NIIBE Yutaka2024-06-171-0/+2
| | | | | | | | | | * scd/scdaemon.c (start_connection_thread): Recover call of scd_command_handler. -- GnuPG-bug-id: 7160 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix how scdaemon pipe server finishes.NIIBE Yutaka2024-06-173-15/+8
| | | | | | | | | | | | | | * scd/scdaemon.h (scd_command_handler): Fix the return type. * scd/command.c (scd_command_handler): Not return a value. * scd/scdaemon.c (pipe_server): Make it auto variable in main. (main): Use auto PIPE_SERVER variable. (start_connection_thread): When it's a pipe connection and it finishes, let the service shutdown. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* indent: Fix spellingDaniel Kahn Gillmor2024-05-3110-18/+18
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* spawn: Remove spawn callback, introduce gnupg_spawn_actions.NIIBE Yutaka2024-05-311-10/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (call_spawn_cb): Remove. (gnupg_spawn_actions_new, gnupg_spawn_actions_release) (gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork) (gnupg_spawn_actions_set_redirect) (gnupg_spawn_actions_set_inherit_fds): New. (my_exec, spawn_detached): Use spawn actions. (gnupg_spawn_helper): Remove. (gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions. * common/exechelp-w32.c: Ditto. * common/exechelp.h: Ditto. * agent/genkey.c (do_check_passphrase_pattern): Follow the change of gnupg_process_spawn API. * common/asshelp.c (start_new_service): Likewise. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * common/t-exechelp.c (test_pipe_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * g10/photoid.c (run_with_pipe): Likewise. * scd/app.c (report_change): Likewise. * tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd): Likewise. * tools/gpg-card.c (cmd_gpg): Likewise. * tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise. (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Avoid buffer overrun with more than 16 PC/SC readers.Jakub Jelen2024-05-281-1/+1
| | | | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Fix end condition. -- Signed-off-by: Jakub Jelen <[email protected]> This is part of GnuPG-bug-id: 7129 Fixes-commit: e8534f899915a039610973a84042cbe25a5e7ce2
* scd:openpgp: Add new vendor.Werner Koch2024-05-221-0/+1
| | | | --
* scd:piv: Support listing of retired keys with KEYINFO.Werner Koch2024-05-061-21/+21
| | | | | | | | | | | | * scd/app-piv.c (data_objects): Mark returned key as having a keypair. (do_with_keygrip): Check against encrusage and not used one tag. * tools/gpg-card.c (piv_keyref_is_retired): New. (list_all_kinfo): Pretty print retired keys. -- This allows to list all existing retired keys without using separate readkey commands.
* scd:openpgp: Robust Data Object handling for constructed case.NIIBE Yutaka2024-04-151-0/+50
| | | | | | | | | | | * scd/app-openpgp.c (get_cached_data): When it comes with its tag and length for the constructed Data Object, remove them. -- GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix data_objects specification for F9 and FA.NIIBE Yutaka2024-03-271-2/+2
| | | | | | | | | * scd/app-openpgp.c (data_objects): These are constructed objects. -- GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new OpenPGP vendorWerner Koch2024-03-261-0/+1
| | | | --
* Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-03-127-119/+179
|\ | | | | | | | | | | | | | | -- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
| * scd: Improve code reability of ccid-driver.cWerner Koch2024-03-071-96/+49
| | | | | | | | | | * scd/ccid-driver.c (my_npth_unprotect, my_npth_protect): New. Replace all direct uses by these wrappers.
| * scd: Add support for ACR-122UWerner Koch2024-03-072-1/+7
| | | | | | | | | | | | | | | | | | * scd/ccid-driver.h (VENDOR_ACR, ACR_122U): New. * scd/ccid-driver.c (ccid_open_usb_reader): Do not call libsub_set_interface_alt_setting for this reader. -- Co-authored-by: [email protected]
| * scd: Let the CCID module auto detach the kernel driver.Werner Koch2024-03-073-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Call libusb_set_auto_detach_kernel_driver. * scd/scdaemon.c (oCompatibilityFlags): New. (opts): Add option "compatibility-flags". (compatibility_flags): New. (main): Parse flags. * scd/scdaemon.h (opt): Add field compat_flags. (COMPAT_CCID_NO_AUTO_DETACH): New.
| * scd:p15: Fix typo in a commentMario Haustein2024-02-201-1/+1
| |
| * scd:p15: Add ECC support for D-Trust Card 4.1/4.4Mario Haustein2024-02-201-6/+4
| | | | | | | | | | | | * scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC cards. (do_decipher): Ditto.
| * scd:p15: Take derive usage into account for decryption (2).Werner Koch2024-02-201-1/+2
| | | | | | | | | | | | | | * scd/app-p15.c (do_getattr): Yet another palce to fix. -- GnuPG-bug-id: 7000 Co-authored-by: Mario Haustein <[email protected]>
| * scd:p15: Handle duplicate certificate ids.Werner Koch2024-02-201-2/+44
| | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter. (objid_in_cdflist_p): New. (read_p15_info): Clear the counter. (read_ef_cdf): Detect and fix duplicate IDs. -- GnuPG-bug-id: 7001 Reported-by: Mario Haustein <[email protected]>
| * scd:p15: Take derive usage into account for decryption.Werner Koch2024-02-201-15/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'. (do_auth): Allow usageflags.sign_recover. (do_decipher): Allow usageflags.derive. (do_with_keygrip): Take usageflags.derive into account. (do_gettatr): Ditto. (do_decipher): Take a missing AODF for authentication not needed. -- This is required for D-Trust ECC cards. The AODF thing is unrelated but seems to be a good idea. GnuPG-bug-id: 7000
| * scd:openpgp: Allow PIN length of 6 also with a reset code.Werner Koch2024-01-301-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b scd:openpgp: Allow PIN length of 6 also with a reset code. * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
| * doc: Fix spelling errors found by lintian.Werner Koch2024-01-291-1/+1
| | | | | | | | | | | | -- Reported-by: Andreas Metzler <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-01-264-24/+244
|\| | | | | | | | | | | | | | | -- Fixed conflicts: NEWS configure.ac doc/gpg.texi
| * scd:p15: Allow signing for CVISION cardsWerner Koch2024-01-101-4/+81
| | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION product. -- The code for the Starcos cards has been implemented according to the 3.52 manual However, this does not work with my test cards. Protocol analysis shows that decryption can be used for the cryptovision product. Thus we do it the same for now.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 23:42:15 +0000