Corrected Bug in PKCS Session Opening

- Changed PKCS session opening code to try read-only mode first and then
try read-write mode.  The original call used an incorrect definition to
specify read-only mode which caused an error with some PKCS libraries.
- Removed unnecessary call to get token information.
- Changed slot enumeration call to only return slots that actually have
tokens inserted.
- Changed PKCS code to use the PKCS SDK bool definitions instead of the
Windows SDK definitions.
- Updated build files and binaries for 0.69 Update 1.

binaries/puttycac-hash.txt

@@ -1,69 +1,69 @@
 
 Algorithm       Hash                                                                   Path
 ---------       ----                                                                   ----
-SHA256          56CAA4A8EC6AEE709BA0D33F0773BC5F8F762A20A0CE8599B77AB532D4E429F9       \binaries\x64\pageant.exe
-SHA256          08CEFA3244DBB72138FEBF489CA842117EF8B44B816A59D2C895359584AD5A53       \binaries\x64\plink.exe
-SHA256          0999BA44D997F1EDC90D4AE2F8A3A4F5FA80D197142D7D6621E2B602A52277E8       \binaries\x64\pscp.exe
-SHA256          06957EBA85494CA462DDE329A4C406A584F6C1006640522F8A6F4A674574DBEB       \binaries\x64\psftp.exe
-SHA256          1301FBE6E08F94338DF186E3790FC42B7679E6478DD734161404A5E4671F38A1       \binaries\x64\putty.exe
-SHA256          B730217355F7CEB11C5518FCFA8D264509ACFE9BA6D741D553DDBB265F7BCB75       \binaries\x64\puttygen.exe
-SHA256          F36225712005369C3A736F970E0E6676A8A0A3B085CEF3223A553C82A0C77295       \binaries\x64\puttytel.exe
-SHA256          426B4B44B5A2566B30A6ACF887219D4F411F1B0D51EF5BB672A75709799C08EF       \binaries\x64\testbn.exe
-SHA256          37A162DF62023B846701568FA5CFD561A83F5E706B8537B394944D280BDCF5AE       \binaries\x86\pageant.exe
-SHA256          CA582134619F5CF4108C856AF4DAF19683FE0210B9D53B94E9D62B69353FEFB2       \binaries\x86\plink.exe
-SHA256          4F97362EA7B6818290315942744B247D97AE5FF30FCD978C5E9C5D90CA55166F       \binaries\x86\pscp.exe
-SHA256          33C93D0D904C0FEA12C736FC82A5EAC7549B9032506786BD6B59199271FBE2FE       \binaries\x86\psftp.exe
-SHA256          C46B45616FB34EDD616C7DD78CC1438BCE5FA7229D2E0EE09CE7BEA76585566F       \binaries\x86\putty.exe
-SHA256          58CE233B052505780C99228B4A7339CF6335E3A90087553958B3B4910466C407       \binaries\x86\puttygen.exe
-SHA256          EF57BF9EE277D77BB8E39B5D4CD4F288AD638534512EE83EB8AC4263FB215106       \binaries\x86\puttytel.exe
-SHA256          C104ACE7B5B6E8835639F26375F99C3BF7FED0F852FAA0B6F6E6B2B6A26FC9DF       \binaries\x86\testbn.exe
-SHA256          874580C0786D8A1BA9A765D555935F6400B7657F6E49A2EF2D4070C916869146       \binaries\puttycac-0.69-installer.msi
-SHA256          8B401444CC4E56E66AB22AE325C5803751314EEBF545BB053CA97FA621C62556       \binaries\puttycac-64bit-0.69-installer.msi
+SHA256          16ECA2D8DF09ACEB3E3A6AE535F7D7596D063155689B12538BE0529B8687BCCC       \binaries\x64\pageant.exe
+SHA256          D2ED75D2CB580F972B4A1E2972AF66D6B619F092B69E290D8576338C4DD2F411       \binaries\x64\plink.exe
+SHA256          30E3A9254BE03B0C83F2F611B165A13F0A96D12BD884B7BD41E39C72A103825D       \binaries\x64\pscp.exe
+SHA256          BE5A11733EFDA05904417F0DF8E61E98E5B24D549D9176814CA77ACE0EEA6860       \binaries\x64\psftp.exe
+SHA256          A209703B4FCB8C1BAD58016CA69ED1AB99D85468D785EA22F2E345CB1E7CD8DF       \binaries\x64\putty.exe
+SHA256          02B4348B74135E6E5205D9D064A6D42510BBCDFA0557F1CACE03103C2A66E677       \binaries\x64\puttygen.exe
+SHA256          20D8A0AC2424AC1EB8FD0E679BAB296AD34428A266AD291734C776CFF3B86D5F       \binaries\x64\puttytel.exe
+SHA256          384C8F116571ABBF0DB9DA800B96194E8AC33D6ED7FCEC6A96E405291BDA4270       \binaries\x64\testbn.exe
+SHA256          AC518DD6B020FA47EFB79F9D04F49BA687FACF5F124F967F8245392EEF67AA3B       \binaries\x86\pageant.exe
+SHA256          2B49208A718F693E8576AFED6DD3C60610E423D35FB3055EC60A7FD5DF65119B       \binaries\x86\plink.exe
+SHA256          559068D74555A26170521D75E0628C4099EE1F261506A1268339707252404787       \binaries\x86\pscp.exe
+SHA256          DB09C484D64BBFF8105262627C7003B933D24407BEC4E39CDD36546D9CD02F23       \binaries\x86\psftp.exe
+SHA256          60F49A1D9786252DC55610D0561B93830CC3DC85F1F992D672463A2FDB6C9AA1       \binaries\x86\putty.exe
+SHA256          6B1465F5488081ECCC672ADA4A1B81C09EB0AD3C8CEE24188912F7297FBC76F3       \binaries\x86\puttygen.exe
+SHA256          81D05DC64E003C490BA0D0E115CFAE24E503F31F8AD8D8373907668AA6B4602F       \binaries\x86\puttytel.exe
+SHA256          18F1E52D163D6EA8AD41A163CBBBC92A5BC62784E96EBFF219314F02D56A4D3E       \binaries\x86\testbn.exe
+SHA256          39C5D153D893BDC9EEA8FC21C228E5A85A9A6B4D5F614EC93E9CCFA113E156AF       \binaries\puttycac-0.69u1-installer.msi
+SHA256          7E42867E60452E660C126C9D1355A0B6CB0EA95322E6F836E13BD16388E43096       \binaries\puttycac-64bit-0.69u1-installer.msi
 
 
 
 Algorithm       Hash                                                                   Path
 ---------       ----                                                                   ----
-SHA1            E62C665777DD618199A7C4C8900AF478215B6406                               \binaries\x64\pageant.exe
-SHA1            0D8D6D9D93748B57349B7EF66C932E6378BD7B7B                               \binaries\x64\plink.exe
-SHA1            429077E8B20EEEBCEDC890267C24F5E592E59509                               \binaries\x64\pscp.exe
-SHA1            3722A57FFEE63AFE0E3B1B65EF9F74A30E308D28                               \binaries\x64\psftp.exe
-SHA1            0C8F3258E5F3F2A86D58774DF42E7BFF82A86ADD                               \binaries\x64\putty.exe
-SHA1            B9EF70709718AF88105A8FB588E11DB4D850A412                               \binaries\x64\puttygen.exe
-SHA1            D42C22E279925140BD40DC642A213AC708EA6CFE                               \binaries\x64\puttytel.exe
-SHA1            809BCA95BFF129D02E10141564E67203B66216AC                               \binaries\x64\testbn.exe
-SHA1            81D3D24766D504B7055376D634097C307D10C015                               \binaries\x86\pageant.exe
-SHA1            816CAB9CEEE822A59D63FA6120C4D436F0E4C82C                               \binaries\x86\plink.exe
-SHA1            2A829BD84F8767D0966EAD4D54D76F63326E9DFD                               \binaries\x86\pscp.exe
-SHA1            334CF3469EA55DEF724D6BFCFA0F18F556072097                               \binaries\x86\psftp.exe
-SHA1            028BF845DDFA138B57ECF5A0B3B5BD080A82B1CE                               \binaries\x86\putty.exe
-SHA1            89341D8783CE22C94B426E03240543A67A217377                               \binaries\x86\puttygen.exe
-SHA1            A50AA8D0D4D658AAE063BD7EFD1A8903609B63E1                               \binaries\x86\puttytel.exe
-SHA1            FD6DD500BE38341D28C6E62EAB983999EAFF4434                               \binaries\x86\testbn.exe
-SHA1            E22F09DD27459B483F90911326701B9C22483DB2                               \binaries\puttycac-0.69-installer.msi
-SHA1            96399D7EA3F3DC6F5D7BF5241442B7D8B2A4CF17                               \binaries\puttycac-64bit-0.69-installer.msi
+SHA1            8F01896B83DB35047DAFE8B7587FB978284F555E                               \binaries\x64\pageant.exe
+SHA1            BF5E718807B8B5C333E7D8AD4DB5E9716A089391                               \binaries\x64\plink.exe
+SHA1            6EC4FABB2EAAADA4D4CFF10BBFD1EC6F9C894F7E                               \binaries\x64\pscp.exe
+SHA1            D15CAB6B9EBAE7F39631D715233BC95D49C5E2DA                               \binaries\x64\psftp.exe
+SHA1            5C9D6CF63D2CF57FC84EC439589A4939F1AF00A5                               \binaries\x64\putty.exe
+SHA1            00091E578C9A5E339448937BDAAF6E637B9C96BA                               \binaries\x64\puttygen.exe
+SHA1            887DDCCE41BCCE30534CF70193169057F55DAA04                               \binaries\x64\puttytel.exe
+SHA1            539DC83350AA6AC2A3719E67F2BC0F0BA53034BC                               \binaries\x64\testbn.exe
+SHA1            7EED429A3859496B87530F7BC2DB5F5BB8FAADD7                               \binaries\x86\pageant.exe
+SHA1            B11080146C6C8F975036989A80857E09A1A3E509                               \binaries\x86\plink.exe
+SHA1            D147D3DD2AAFF1430C058F858987F55F6D2043C5                               \binaries\x86\pscp.exe
+SHA1            9FBAC831D41436A42C0D0DFDC92E5F2B63678CF5                               \binaries\x86\psftp.exe
+SHA1            F3735E40DE242BB7498249E5CEDA58ACBA27F5D8                               \binaries\x86\putty.exe
+SHA1            8F323F2CFE7DFAFDDC0D1356E3EDFBADD87B60AB                               \binaries\x86\puttygen.exe
+SHA1            E1777FBFA6A9DFE1BC18EAEA81AB04EBF5C25994                               \binaries\x86\puttytel.exe
+SHA1            2A1CF370C169C609A4FC195EF631CB7498742AD4                               \binaries\x86\testbn.exe
+SHA1            B37F4629451285C90315E7C791A422DD8FD77CE3                               \binaries\puttycac-0.69u1-installer.msi
+SHA1            1CABB3BCB72E04814174C38B3023E6AB43B5B71B                               \binaries\puttycac-64bit-0.69u1-installer.msi
 
 
 
 Algorithm       Hash                                                                   Path
 ---------       ----                                                                   ----
-MD5             8C448B85DCA578A4483A9385066FD109                                       \binaries\x64\pageant.exe
-MD5             561EDEAAACBB63E6EA56D998011812A9                                       \binaries\x64\plink.exe
-MD5             ADE7AC5E69D4EDE5367FC6AFBE720CA4                                       \binaries\x64\pscp.exe
-MD5             A3CA6DB9D52448EFBF2BECFEBBA40A49                                       \binaries\x64\psftp.exe
-MD5             0DB6BD37A62BBAA132B69AFD7DE0098C                                       \binaries\x64\putty.exe
-MD5             764F71E77DC42DA2E1641B603771238A                                       \binaries\x64\puttygen.exe
-MD5             82331CCEEEEC90B94793A1589C5C5EBB                                       \binaries\x64\puttytel.exe
-MD5             ED698BF558E756DE6491746D94C1CE5B                                       \binaries\x64\testbn.exe
-MD5             EF291CA63F85F61C6BD28B1E5F04E0CD                                       \binaries\x86\pageant.exe
-MD5             25AC27AB51A77D844F8A21FD2B526993                                       \binaries\x86\plink.exe
-MD5             6D634006AA1D1081E59A125FB3F39295                                       \binaries\x86\pscp.exe
-MD5             50035B3702C62C1795BFF4CB4C3F6F5F                                       \binaries\x86\psftp.exe
-MD5             A4B5E7367AE1F1A4D490D26920070177                                       \binaries\x86\putty.exe
-MD5             2D243A21974FB1A8D9EBA1F76F7A23F0                                       \binaries\x86\puttygen.exe
-MD5             21AD0B9B4E8854C7931C0C74C116BAD3                                       \binaries\x86\puttytel.exe
-MD5             3E62B147C2315DC2F574B590EEB1BCE2                                       \binaries\x86\testbn.exe
-MD5             F422900C5013198637B0B458ECE1282D                                       \binaries\puttycac-0.69-installer.msi
-MD5             C4528DE427ABB659D3F66F0DA2C4E9F1                                       \binaries\puttycac-64bit-0.69-installer.msi
+MD5             1CB1516C199849363C3D359BCFBA9387                                       \binaries\x64\pageant.exe
+MD5             F5014E80259BA027BC7695AC1845DFDB                                       \binaries\x64\plink.exe
+MD5             8EC168FCBAE44FCC1345764A4C12147E                                       \binaries\x64\pscp.exe
+MD5             6A896B0DD998428BE85B564575D06809                                       \binaries\x64\psftp.exe
+MD5             55CDAA17DE011267D5712F7FB96F17C5                                       \binaries\x64\putty.exe
+MD5             9C927DF9C8AC62A274F937426209B633                                       \binaries\x64\puttygen.exe
+MD5             D4C2983162C61984F2BDE062CE5C813B                                       \binaries\x64\puttytel.exe
+MD5             B2CF9B04E45C85E84EEEDE49188B8393                                       \binaries\x64\testbn.exe
+MD5             3C19D8F0B0A326D52ADF0FF063E80285                                       \binaries\x86\pageant.exe
+MD5             BBFC52788027A655F72C2D9F0DEE5DC0                                       \binaries\x86\plink.exe
+MD5             90D809AC744A8091A9DA7F1895462C13                                       \binaries\x86\pscp.exe
+MD5             E898A05BA4D3186BB08E9216A97D4E3B                                       \binaries\x86\psftp.exe
+MD5             B7D7D841F6C83D3DF88CBA326538EA45                                       \binaries\x86\putty.exe
+MD5             A7E4BAB83BAA6BC1D194FD5ED1153EB4                                       \binaries\x86\puttygen.exe
+MD5             33C5681B03D8531C1C2FFEB9D82535B2                                       \binaries\x86\puttytel.exe
+MD5             F826D89F73532C95D7E5B87CF7C69CE5                                       \binaries\x86\testbn.exe
+MD5             965B8CE7B3C2E620BB38336FE30DC80E                                       \binaries\puttycac-0.69u1-installer.msi
+MD5             8FC41845A57FB4E2844AA97A44F3A3D2                                       \binaries\puttycac-64bit-0.69u1-installer.msi
 
 

cert/cert_pkcs.c

@@ -266,8 +266,8 @@ void cert_pkcs_load_cert(LPCSTR szCert, PCCERT_CONTEXT* ppCertCtx, HCERTSTORE* p
 	CK_FUNCTION_LIST_PTR pFunctionList = cert_pkcs_load_library(szLibrary);
 	if (pFunctionList == NULL) return;
 
-	CK_BBOOL bFalse = 0;
-	CK_BBOOL bTrue = 1;
+	CK_BBOOL bFalse = CK_FALSE;
+	CK_BBOOL bTrue = CK_TRUE;
 	CK_OBJECT_CLASS iObjectType = CKO_CERTIFICATE;
 	CK_ATTRIBUTE aFindCriteria[] = {
 		{ CKA_CLASS,    &iObjectType, sizeof(CK_OBJECT_CLASS) },
@@ -383,7 +383,7 @@ HCERTSTORE cert_pkcs_get_cert_store(LPCSTR * szHint, HWND hWnd)
 	// get slots -- assume a safe maximum
 	CK_SLOT_ID pSlotList[32];
 	CK_ULONG iSlotCount = _countof(pSlotList);
-	if (pFunctionList->C_GetSlotList(FALSE, pSlotList, &iSlotCount) != CKR_OK)
+	if (pFunctionList->C_GetSlotList(CK_TRUE, pSlotList, &iSlotCount) != CKR_OK)
 	{
 		return NULL;
 	}
@@ -396,30 +396,27 @@ HCERTSTORE cert_pkcs_get_cert_store(LPCSTR * szHint, HWND hWnd)
 	// enumerate all slot counts
 	for (CK_ULONG iSlot = 0; iSlot < iSlotCount; iSlot++)
 	{
-		struct CK_TOKEN_INFO tTokenInfo;
-		if (pFunctionList->C_GetTokenInfo(pSlotList[iSlot], &tTokenInfo) != CKR_OK)
-		{
-			continue;
-		}
-
+		// open the session - first try read-only and then read-write
 		CK_SESSION_HANDLE hSession;
 		if (pFunctionList->C_OpenSession(pSlotList[iSlot],
-			CKF_SERIAL_SESSION | CKR_SESSION_READ_ONLY, NULL_PTR, NULL_PTR, &hSession) != CKR_OK)
+				CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession) != CKR_OK &&
+			pFunctionList->C_OpenSession(pSlotList[iSlot],
+				CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) != CKR_OK)
 		{
 			continue;
 		}
 
-		CK_BBOOL bFalse = 0;
-		CK_BBOOL bTrue = 1;
+		CK_BBOOL bFalse = CK_FALSE;
+		CK_BBOOL bTrue = CK_TRUE;
 		CK_OBJECT_CLASS iObjectType = CKO_CERTIFICATE;
 		CK_ATTRIBUTE aFindCriteria[] = {
 			{ CKA_CLASS,    &iObjectType, sizeof(CK_OBJECT_CLASS) },
 			{ CKA_TOKEN,    &bTrue,       sizeof(CK_BBOOL) },
 			{ CKA_PRIVATE,  &bFalse,      sizeof(CK_BBOOL) }
 		};
 
-		// enumerate all eligible certs in store
-		CK_OBJECT_HANDLE aCertList[32];
+		// enumerate all eligible certs in token slot
+		CK_OBJECT_HANDLE aCertList[16];
 		CK_ULONG iCertListSize = 0;
 		if (pFunctionList->C_FindObjectsInit(hSession, aFindCriteria, _countof(aFindCriteria)) != CKR_OK ||
 			pFunctionList->C_FindObjects(hSession, aCertList, _countof(aCertList), &iCertListSize) != CKR_OK ||
@@ -538,7 +535,7 @@ void pkcs_lookup_token_cert(LPCSTR szCert, CK_SESSION_HANDLE_PTR phSession, CK_O
 	// get slots -- assume a safe maximum
 	CK_SLOT_ID pSlotList[32];
 	CK_ULONG iSlotCount = _countof(pSlotList);
-	if (pFunctionList->C_GetSlotList(FALSE, pSlotList, &iSlotCount) != CKR_OK)
+	if (pFunctionList->C_GetSlotList(CK_TRUE, pSlotList, &iSlotCount) != CKR_OK)
 	{
 		return;
 	}
@@ -552,9 +549,12 @@ void pkcs_lookup_token_cert(LPCSTR szCert, CK_SESSION_HANDLE_PTR phSession, CK_O
 			continue;
 		}
 
+		// open the session - first try read-only and then read-write
 		CK_SESSION_HANDLE hSession;
 		if (pFunctionList->C_OpenSession(pSlotList[iSlot],
-			CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) != CKR_OK)
+				CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession) != CKR_OK &&
+			pFunctionList->C_OpenSession(pSlotList[iSlot],
+				CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) != CKR_OK)
 		{
 			continue;
 		}

packager/build.cmd

@@ -1,8 +1,8 @@
 @ECHO OFF
 
 :: version information
-SET VER=0.69
-SET VERN=0.69.0.0
+SET VER=0.69u1
+SET VERN=0.69.0.1
 
 :: cert info to use for signing
 SET CERT=9CC90E20ABF21CDEF09EE4C467A79FD454140C5A

version.h

@@ -1,6 +1,6 @@
 /* Generated by automated build script */
 #define RELEASE 0.69
-#define TEXTVER "Release 0.69"
-#define SSHVER "PuTTY-Release-0.69"
-#define BINARY_VERSION 0,69,0,0
-#define SOURCE_COMMIT "b1829b81b5c0d12dcc91f6b50b0b4d83c3df6a8e"
+#define TEXTVER "Release 0.69-1"
+#define SSHVER "PuTTY-Release-0.69-1"
+#define BINARY_VERSION 0,69,0,1
+#define SOURCE_COMMIT "deadbeefdeadbeefdeadbeefdeadbeefdeadbeef"

windows/winpgntc.c

@@ -104,7 +104,7 @@ agent_pending_query *agent_query(
      * Either way, we need a synchronous request.
      */
 #ifdef PUTTY_CAC
-	HWND hCallingWindow = GetActiveWindow();
+	HWND hCallingWindow = GetFocus();
 	SetFocus(hwnd);
 	BringWindowToTop(hwnd);
 #endif // PUTTY_CAC