[git] GnuPG - branch, master, updated. gnupg-2.2.7-369-gb283869
by Werner Koch
cvs at cvs.gnupg.org
Mon Feb 11 09:08:26 CET 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via b2838694402ce0cfc2ef70451bf0e6677b875ca9 (commit)
from 53beea56afecde76f0f4ca93fc50ca59298a093e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b2838694402ce0cfc2ef70451bf0e6677b875ca9
Author: Werner Koch <wk at gnupg.org>
Date: Mon Feb 11 09:07:54 2019 +0100
scd: For PIV cards used NO_AUTH instead of BAD_PIN.
* common/util.h (GPG_ERR_NO_AUTH, GPG_ERR_BAD_AUTH): Add replacement
codes for gpgrt < 1.36.
* scd/app-piv.c (auth_adm_key):
(do_genkey, do_writecert): Use better error codes.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/util.h b/common/util.h
index d5bb225..8895137 100644
--- a/common/util.h
+++ b/common/util.h
@@ -39,7 +39,10 @@
* libgpg-error version. Define them here.
* Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21)
*/
-
+#if GPG_ERROR_VERSION_NUMBER < 0x012400 /* 1.36 */
+#define GPG_ERR_NO_AUTH 314
+#define GPG_ERR_BAD_AUTH 315
+#endif /*GPG_ERROR_VERSION_NUMBER*/
/* Hash function used with libksba. */
#define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
diff --git a/scd/app-piv.c b/scd/app-piv.c
index 1d70db5..36086f5 100644
--- a/scd/app-piv.c
+++ b/scd/app-piv.c
@@ -890,6 +890,8 @@ auth_adm_key (app_t app, const unsigned char *value, size_t valuelen)
PIV_ALGORITHM_3DES_ECB_0, 0x9B,
tmpl, tmpllen, 0,
&outdata, &outdatalen);
+ if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+ err = gpg_error (GPG_ERR_BAD_AUTH);
if (err)
goto leave;
if (!(outdatalen && *outdata == 0x7c
@@ -921,6 +923,8 @@ auth_adm_key (app_t app, const unsigned char *value, size_t valuelen)
PIV_ALGORITHM_3DES_ECB_0, 0x9B,
tmpl, tmpllen, 0,
&outdata, &outdatalen);
+ if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+ err = gpg_error (GPG_ERR_BAD_AUTH);
if (err)
goto leave;
if (!(outdatalen && *outdata == 0x7c
@@ -937,7 +941,7 @@ auth_adm_key (app_t app, const unsigned char *value, size_t valuelen)
goto leave;
if (memcmp (witness, tmpl+14, 8))
{
- err = gpg_error (GPG_ERR_BAD_SIGNATURE);
+ err = gpg_error (GPG_ERR_BAD_AUTH);
goto leave;
}
@@ -993,6 +997,9 @@ set_adm_key (app_t app, const unsigned char *value, size_t valuelen)
wipememory (apdu+8, 24);
if (err)
log_error ("piv: setting admin key failed; sw=%04x\n", sw);
+ /* A PIN is not required, thus use a better error code. */
+ if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+ err = gpg_error (GPG_ERR_NO_AUTH);
}
else
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
@@ -2490,6 +2497,9 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keyrefstr, const char *keytype,
tmpl, tmpllen, 0, &buffer, &buflen);
if (err)
{
+ /* A PIN is not required, thus use a better error code. */
+ if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+ err = gpg_error (GPG_ERR_NO_AUTH);
log_error (_("generating key failed\n"));
return err;
}
@@ -2562,6 +2572,9 @@ do_writecert (app_t app, ctrl_t ctrl,
(int)0x71, (size_t)1, "", /* No compress */
(int)0xfe, (size_t)0, "", /* Empty LRC. */
(int)0, (size_t)0, NULL);
+ /* A PIN is not required, thus use a better error code. */
+ if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+ err = gpg_error (GPG_ERR_NO_AUTH);
if (err)
log_error ("piv: failed to write cert to %s: %s\n",
dobj->keyref, gpg_strerror (err));
-----------------------------------------------------------------------
Summary of changes:
common/util.h | 5 ++++-
scd/app-piv.c | 15 ++++++++++++++-
2 files changed, 18 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list