[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.12-28-gd1bee9d
by Werner Koch
cvs at cvs.gnupg.org
Mon Feb 11 11:04:05 CET 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via d1bee9d1efa28fa9d35b7eed1e616c6362fd044e (commit)
via d29d73264f607642281fb701a17015306c8fc4d7 (commit)
via ee8d1a9e6c09b3ecc4b46f47b79358f78d458916 (commit)
via 14816c798099925e47908e7ce415412d72fbe28e (commit)
via c075274aac0ffd388df638548b75a7d90e7e929d (commit)
via 6651a0640d0f1b4dd161210dc55974d9b93b7253 (commit)
via 14ea581a1c040b53b0ad4c51136a7948363b1e4b (commit)
from c16685b2f5021105ef0560cb3db68ef43bcdb9c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d1bee9d1efa28fa9d35b7eed1e616c6362fd044e
Author: Werner Koch <wk at gnupg.org>
Date: Fri Feb 8 12:35:26 2019 +0100
sm: In --gen-key with "key from card" show also the algorithm.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.
--
This extends the prompt to show something like
Serial number of the card: FF020001008A77F6
Available keys:
(1) 4130F84FA3704F4645924AEC3FFA48AD26D33656 PIV.9A nistp384
(2) AB2988FB8C227BCD5175BF92F66AA3A95AE83214 PIV.9E rsa2048
(3) DB7DDAEAA88534BA45CCD7A9B761425103EA2090 PIV.9C rsa2048
(4) BABB48C3D80ACCF9839F101DF2910966C8B988DF PIV.9D nistp256
Your selection? 1
Having the algorithm here is helpful in particular because right now
we support only RSA with X.509. Take care: PIV card based certificate
creation does not yet work.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 0328976c94adc2c518c7a7763a35319a0000c5e2)
Note that 2.2 does not support PIV cards, but the feature also works
also with other cards.
diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c
index 9772a3b..b131d7d 100644
--- a/sm/certreqgen-ui.c
+++ b/sm/certreqgen-ui.c
@@ -244,7 +244,27 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream)
{
tty_printf (_("Available keys:\n"));
for (count=1,sl=keypairlist; sl; sl = sl->next, count++)
- tty_printf (" (%d) %s\n", count, sl->d);
+ {
+ ksba_sexp_t pkey;
+ gcry_sexp_t s_pkey;
+ char *algostr = NULL;
+ const char *keyref;
+
+ keyref = strchr (sl->d, ' ');
+ if (keyref)
+ {
+ keyref++;
+ if (!gpgsm_agent_readkey (ctrl, 1, keyref, &pkey))
+ {
+ if (!gcry_sexp_new (&s_pkey, pkey, 0, 0))
+ algostr = pubkey_algo_string (s_pkey);
+ gcry_sexp_release (s_pkey);
+ }
+ xfree (pkey);
+ }
+ tty_printf (" (%d) %s %s\n", count, sl->d, algostr);
+ xfree (algostr);
+ }
xfree (answer);
answer = tty_get (_("Your selection? "));
tty_kill_prompt ();
commit d29d73264f607642281fb701a17015306c8fc4d7
Author: Werner Koch <wk at gnupg.org>
Date: Fri Feb 8 12:10:45 2019 +0100
common: Provide function to get public key algo names in our format.
* common/sexputil.c (pubkey_algo_string): New.
--
The new gpg format for public key algorithms is useful at other places
as well. Thus we make this new function available. Note that the
code we use in gpg is not based on s-expressions and thus a new
function was required.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 03bf8e967adb2dd13329ba1089deb419d49e55c0)
Not yet used in 2.2 but will likely be needed by future backports.
diff --git a/common/sexputil.c b/common/sexputil.c
index f30790a..5e51f68 100644
--- a/common/sexputil.c
+++ b/common/sexputil.c
@@ -577,3 +577,61 @@ get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen)
gcry_sexp_release (sexp);
return algo;
}
+
+
+/* Given the public key S_PKEY, return a new buffer with a descriptive
+ * string for its algorithm. This function may return NULL on memory
+ * error. */
+char *
+pubkey_algo_string (gcry_sexp_t s_pkey)
+{
+ const char *prefix;
+ gcry_sexp_t l1;
+ char *algoname;
+ int algo;
+ char *result;
+
+ l1 = gcry_sexp_find_token (s_pkey, "public-key", 0);
+ if (!l1)
+ return xtrystrdup ("E_no_key");
+ {
+ gcry_sexp_t l_tmp = gcry_sexp_cadr (l1);
+ gcry_sexp_release (l1);
+ l1 = l_tmp;
+ }
+ algoname = gcry_sexp_nth_string (l1, 0);
+ gcry_sexp_release (l1);
+ if (!algoname)
+ return xtrystrdup ("E_no_algo");
+
+ algo = gcry_pk_map_name (algoname);
+ switch (algo)
+ {
+ case GCRY_PK_RSA: prefix = "rsa"; break;
+ case GCRY_PK_ELG: prefix = "elg"; break;
+ case GCRY_PK_DSA: prefix = "dsa"; break;
+ case GCRY_PK_ECC: prefix = ""; break;
+ default: prefix = NULL; break;
+ }
+
+ if (prefix && *prefix)
+ result = xtryasprintf ("%s%u", prefix, gcry_pk_get_nbits (s_pkey));
+ else if (prefix)
+ {
+ const char *curve = gcry_pk_get_curve (s_pkey, 0, NULL);
+ const char *name = openpgp_oid_to_curve
+ (openpgp_curve_to_oid (curve, NULL), 0);
+
+ if (name)
+ result = xtrystrdup (name);
+ else if (curve)
+ result = xtryasprintf ("X_%s", curve);
+ else
+ result = xtrystrdup ("E_unknown");
+ }
+ else
+ result = xtryasprintf ("X_algo_%d", algo);
+
+ xfree (algoname);
+ return result;
+}
diff --git a/common/util.h b/common/util.h
index 36f1b93..27f565b 100644
--- a/common/util.h
+++ b/common/util.h
@@ -199,6 +199,7 @@ gpg_error_t get_rsa_pk_from_canon_sexp (const unsigned char *keydata,
int get_pk_algo_from_key (gcry_sexp_t key);
int get_pk_algo_from_canon_sexp (const unsigned char *keydata,
size_t keydatalen);
+char *pubkey_algo_string (gcry_sexp_t s_pkey);
/*-- convert.c --*/
int hex2bin (const char *string, void *buffer, size_t length);
commit ee8d1a9e6c09b3ecc4b46f47b79358f78d458916
Author: Werner Koch <wk at gnupg.org>
Date: Fri Feb 8 09:32:55 2019 +0100
common: New functions get_option_value and ascii_strupr.
* common/server-help.c (get_option_value): New.
* common/stringhelp.c (ascii_strupr): New.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit e2f18023b3b3b7e55b35218f65e37448d1011172)
This might come handy when we eventually backport other changes.
diff --git a/common/server-help.c b/common/server-help.c
index 53a888a..e5a69e0 100644
--- a/common/server-help.c
+++ b/common/server-help.c
@@ -30,8 +30,22 @@
#include <config.h>
#include <string.h>
-#include "server-help.h"
#include "util.h"
+#include "server-help.h"
+
+
+static GPGRT_INLINE gpg_error_t
+my_error (int e)
+{
+ return gpg_err_make (default_errsource, (e));
+}
+
+static GPGRT_INLINE gpg_error_t
+my_error_from_syserror (void)
+{
+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+}
+
/* Skip over options in LINE.
@@ -114,6 +128,40 @@ has_option_name (const char *line, const char *name)
}
+/* Parse an option with the format "--NAME=VALUE" which must occur in
+ * LINE before a double-dash. LINE is written to but not modified by
+ * this function. If the option is found and has a value the value is
+ * stored as a malloced string at R_VALUE. If the option was not
+ * found or an error occurred NULL is stored there. Note that
+ * currently the value must be a string without any space; we may
+ * eventually update this function to allow for a quoted value. */
+gpg_error_t
+get_option_value (char *line, const char *name, char **r_value)
+{
+ char *p, *pend;
+ int c;
+
+ *r_value = NULL;
+
+ p = (char*)has_option_name (line, name);
+ if (!p || p >= skip_options (line))
+ return 0;
+
+ if (*p != '=' || !p[1] || spacep (p+1))
+ return my_error (GPG_ERR_INV_ARG);
+ p++;
+ for (pend = p; *pend && !spacep (pend); pend++)
+ ;
+ c = *pend;
+ *pend = 0;
+ *r_value = xtrystrdup (p);
+ *pend = c;
+ if (!p)
+ return my_error_from_syserror ();
+ return 0;
+}
+
+
/* Return a pointer to the argument of the option with NAME. If such
an option is not given, NULL is returned. */
char *
diff --git a/common/server-help.h b/common/server-help.h
index 9e3d7ad..9d2f4cf 100644
--- a/common/server-help.h
+++ b/common/server-help.h
@@ -55,6 +55,14 @@ int has_leading_option (const char *line, const char *name);
or a space. */
const char *has_option_name (const char *line, const char *name);
+/* Same as has_option_name but ignores all options after a "--" and
+ * does not return a const char ptr. */
+char *has_leading_option_name (char *line, const char *name);
+
+/* Parse an option with the format "--NAME=VALUE" and return the value
+ * as a malloced string. */
+gpg_error_t get_option_value (char *line, const char *name, char **r_value);
+
/* Return a pointer to the argument of the option with NAME. If such
an option is not given, NULL is returned. */
char *option_value (const char *line, const char *name);
diff --git a/common/stringhelp.c b/common/stringhelp.c
index 0abac8a..68fe997 100644
--- a/common/stringhelp.c
+++ b/common/stringhelp.c
@@ -810,6 +810,19 @@ ascii_strlwr (char *s)
return s;
}
+/* Upcase all ASCII characters in S. */
+char *
+ascii_strupr (char *s)
+{
+ char *p = s;
+
+ for (p=s; *p; p++ )
+ if (isascii (*p) && *p >= 'a' && *p <= 'z')
+ *p &= ~0x20;
+
+ return s;
+}
+
int
ascii_strcasecmp( const char *a, const char *b )
{
diff --git a/common/stringhelp.h b/common/stringhelp.h
index 5b07af9..7df6c76 100644
--- a/common/stringhelp.h
+++ b/common/stringhelp.h
@@ -76,6 +76,7 @@ int ascii_islower (int c);
int ascii_toupper (int c);
int ascii_tolower (int c);
char *ascii_strlwr (char *s);
+char *ascii_strupr (char *s);
int ascii_strcasecmp( const char *a, const char *b );
int ascii_strncasecmp (const char *a, const char *b, size_t n);
int ascii_memcasecmp( const void *a, const void *b, size_t n );
commit 14816c798099925e47908e7ce415412d72fbe28e
Author: Werner Koch <wk at gnupg.org>
Date: Wed Feb 6 14:07:42 2019 +0100
scd: Make app_genkey and supporting ISO function more flexible.
* scd/app.c (app_genkey): Add arg keytype.
* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
* scd/command.c (cmd_genkey): Adjust for change.
* scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
args p1 and p2.
(iso7816_read_public_key): Adjust for this.
(iso7816_generate_keypair): Add new args p1 and p2.
* scd/app-openpgp.c (do_genkey): Adjust for changes.
--
The OpenPGP card creates keys according to parameters read from a data
object. Other cards we are about to implement require a direct
specification of the requested keytype. This patch implements the
required changes.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c)
diff --git a/scd/app-common.h b/scd/app-common.h
index 4e3f432..2619823 100644
--- a/scd/app-common.h
+++ b/scd/app-common.h
@@ -105,8 +105,8 @@ struct app_ctx_s {
void *pincb_arg,
const unsigned char *pk, size_t pklen);
gpg_error_t (*genkey) (app_t app, ctrl_t ctrl,
- const char *keynostr, unsigned int flags,
- time_t createtime,
+ const char *keyref, const char *keytype,
+ unsigned int flags, time_t createtime,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
gpg_error_t (*change_pin) (app_t app, ctrl_t ctrl,
@@ -177,8 +177,8 @@ gpg_error_t app_writekey (app_t app, ctrl_t ctrl,
void *pincb_arg,
const unsigned char *keydata, size_t keydatalen);
gpg_error_t app_genkey (app_t app, ctrl_t ctrl,
- const char *keynostr, unsigned int flags,
- time_t createtime,
+ const char *keynostr, const char *keytype,
+ unsigned int flags, time_t createtime,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
gpg_error_t app_get_challenge (app_t app, ctrl_t ctrl, size_t nbytes,
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index db206f5..4792653 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -4035,8 +4035,8 @@ do_writekey (app_t app, ctrl_t ctrl,
/* Handle the GENKEY command. */
static gpg_error_t
-do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- time_t createtime,
+do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, const char *keytype,
+ unsigned int flags, time_t createtime,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
@@ -4052,6 +4052,8 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
int exmode = 0;
int le_value = 256; /* Use legacy value. */
+ (void)keytype; /* Ignored for OpenPGP cards. */
+
if (keyno < 0 || keyno > 2)
return gpg_error (GPG_ERR_INV_ID);
@@ -4100,7 +4102,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
log_info (_("please wait while key is being generated ...\n"));
start_at = time (NULL);
- err = iso7816_generate_keypair (app->slot, exmode,
+ err = iso7816_generate_keypair (app->slot, exmode, 0x80, 0,
(keyno == 0? "\xB6" :
keyno == 1? "\xB8" : "\xA4"),
2, le_value, &buffer, &buflen);
diff --git a/scd/app.c b/scd/app.c
index 6391c3b..ac9a658 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -865,8 +865,8 @@ app_writekey (app_t app, ctrl_t ctrl,
/* Perform a SETATTR operation. */
gpg_error_t
-app_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- time_t createtime,
+app_genkey (app_t app, ctrl_t ctrl, const char *keynostr,
+ const char *keytype, unsigned int flags, time_t createtime,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
@@ -881,7 +881,7 @@ app_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
err = lock_app (app, ctrl);
if (err)
return err;
- err = app->fnc.genkey (app, ctrl, keynostr, flags,
+ err = app->fnc.genkey (app, ctrl, keynostr, keytype, flags,
createtime, pincb, pincb_arg);
unlock_app (app);
if (opt.verbose)
diff --git a/scd/command.c b/scd/command.c
index ec6793a..1dfa652 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -1138,7 +1138,8 @@ cmd_genkey (assuan_context_t ctx, char *line)
keyno = xtrystrdup (keyno);
if (!keyno)
return out_of_core ();
- rc = app_genkey (ctrl->app_ctx, ctrl, keyno, force? 1:0,
+ rc = app_genkey (ctrl->app_ctx, ctrl, keyno, NULL,
+ force? APP_GENKEY_FLAG_FORCE : 0,
timestamp, pin_cb, ctx);
xfree (keyno);
diff --git a/scd/iso7816.c b/scd/iso7816.c
index b7819bf..e8b517e 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -629,7 +629,7 @@ iso7816_general_authenticate (int slot, int extended_mode,
returned. In that case a value of -1 uses a large default
(e.g. 4096 bytes), a value larger 256 used that value. */
static gpg_error_t
-do_generate_keypair (int slot, int extended_mode, int read_only,
+do_generate_keypair (int slot, int extended_mode, int p1, int p2,
const char *data, size_t datalen, int le,
unsigned char **result, size_t *resultlen)
{
@@ -641,7 +641,7 @@ do_generate_keypair (int slot, int extended_mode, int read_only,
*resultlen = 0;
sw = apdu_send_le (slot, extended_mode,
- 0x00, CMD_GENERATE_KEYPAIR, read_only? 0x81:0x80, 0,
+ 0x00, CMD_GENERATE_KEYPAIR, p1, p2,
datalen, data,
le >= 0 && le < 256? 256:le,
result, resultlen);
@@ -659,12 +659,12 @@ do_generate_keypair (int slot, int extended_mode, int read_only,
gpg_error_t
-iso7816_generate_keypair (int slot, int extended_mode,
+iso7816_generate_keypair (int slot, int extended_mode, int p1, int p2,
const char *data, size_t datalen,
int le,
unsigned char **result, size_t *resultlen)
{
- return do_generate_keypair (slot, extended_mode, 0,
+ return do_generate_keypair (slot, extended_mode, p1, p2,
data, datalen, le, result, resultlen);
}
@@ -675,7 +675,7 @@ iso7816_read_public_key (int slot, int extended_mode,
int le,
unsigned char **result, size_t *resultlen)
{
- return do_generate_keypair (slot, extended_mode, 1,
+ return do_generate_keypair (slot, extended_mode, 0x81, 0,
data, datalen, le, result, resultlen);
}
diff --git a/scd/iso7816.h b/scd/iso7816.h
index 44781ff..8da5a94 100644
--- a/scd/iso7816.h
+++ b/scd/iso7816.h
@@ -105,9 +105,11 @@ gpg_error_t iso7816_general_authenticate (int slot, int extended_mode,
unsigned char **result,
size_t *resultlen);
gpg_error_t iso7816_generate_keypair (int slot, int extended_mode,
- const char *data, size_t datalen,
- int le,
- unsigned char **result, size_t *resultlen);
+ int p1, int p2,
+ const char *data, size_t datalen,
+ int le,
+ unsigned char **result,
+ size_t *resultlen);
gpg_error_t iso7816_read_public_key (int slot, int extended_mode,
const char *data, size_t datalen,
int le,
commit c075274aac0ffd388df638548b75a7d90e7e929d
Author: Werner Koch <wk at gnupg.org>
Date: Wed Feb 6 12:24:30 2019 +0100
scd: Fix parameter name of app_change_key.
* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
change from int to unsigned int.
--
This is basically a documentation fix.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit c26af8ac263ea006ed32e110a09271e4bfbf1f37)
diff --git a/scd/app-common.h b/scd/app-common.h
index 37e3c60..4e3f432 100644
--- a/scd/app-common.h
+++ b/scd/app-common.h
@@ -25,11 +25,14 @@
#include <npth.h>
#include <ksba.h>
-
+/* Flags used with app_change_pin. */
#define APP_CHANGE_FLAG_RESET 1 /* PIN Reset mode. */
#define APP_CHANGE_FLAG_NULLPIN 2 /* NULL PIN mode. */
#define APP_CHANGE_FLAG_CLEAR 4 /* Clear the given PIN. */
+/* Flags used with app_genkey. */
+#define APP_GENKEY_FLAG_FORCE 1 /* Force overwriting existing key. */
+
/* Bit flags set by the decipher function into R_INFO. */
#define APP_DECIPHER_INFO_NOPAD 1 /* Padding has been removed. */
@@ -181,9 +184,9 @@ gpg_error_t app_genkey (app_t app, ctrl_t ctrl,
gpg_error_t app_get_challenge (app_t app, ctrl_t ctrl, size_t nbytes,
unsigned char *buffer);
gpg_error_t app_change_pin (app_t app, ctrl_t ctrl,
- const char *chvnostr, int reset_mode,
- gpg_error_t (*pincb)(void*, const char *, char **),
- void *pincb_arg);
+ const char *chvnostr, unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg);
gpg_error_t app_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
diff --git a/scd/app.c b/scd/app.c
index c430579..6391c3b 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -914,7 +914,8 @@ app_get_challenge (app_t app, ctrl_t ctrl, size_t nbytes, unsigned char *buffer)
/* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation. */
gpg_error_t
-app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
+app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+ unsigned int flags,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
@@ -929,8 +930,7 @@ app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
err = lock_app (app, ctrl);
if (err)
return err;
- err = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode,
- pincb, pincb_arg);
+ err = app->fnc.change_pin (app, ctrl, chvnostr, flags, pincb, pincb_arg);
unlock_app (app);
if (opt.verbose)
log_info ("operation change_pin result: %s\n", gpg_strerror (err));
commit 6651a0640d0f1b4dd161210dc55974d9b93b7253
Author: Werner Koch <wk at gnupg.org>
Date: Tue Feb 5 14:48:49 2019 +0100
scd: Allow standard keyref scheme for app-openpgp.
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
--
The generic keyref allows for better error detection in case a keyref
is send to a wrong card. This has been taken from master commit
3231ecdafd71ac47b734469b07170756979ede72 which has additional changed
for gpg-card-tool, which is only available there.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/wks.texi b/doc/wks.texi
index d6798b1..7a19e75 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -124,7 +124,7 @@ Requires installation of that command.
@item --with-colons
@opindex with-colons
This option has currently only an effect on the @option{--supported}
-command. If it is used all arguimenst on the command line are taken
+command. If it is used all arguments on the command line are taken
as domain names and tested for WKD support. The output format is one
line per domain with colon delimited fields. The currently specified
fields are (future versions may specify additional fields):
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 760332e..db206f5 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -2563,6 +2563,8 @@ do_writecert (app_t app, ctrl_t ctrl,
- 2 1 Verify CHV2 and set a new CHV1 and CHV2.
- 2 2 Verify Reset Code and set a new PW1.
- 3 any Verify CHV3/PW3 and set a new CHV3/PW3.
+
+ The CHVNO can be prefixed with "OPENPGP.".
*/
static gpg_error_t
do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
@@ -2571,7 +2573,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
void *pincb_arg)
{
int rc = 0;
- int chvno = atoi (chvnostr);
+ int chvno;
char *resetcode = NULL;
char *oldpinvalue = NULL;
char *pinvalue = NULL;
@@ -2585,6 +2587,17 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
(void)ctrl;
+ if (digitp (chvnostr))
+ chvno = atoi (chvnostr);
+ else if (!ascii_strcasecmp (chvnostr, "OPENPGP.1"))
+ chvno = 1;
+ else if (!ascii_strcasecmp (chvnostr, "OPENPGP.2"))
+ chvno = 2;
+ else if (!ascii_strcasecmp (chvnostr, "OPENPGP.3"))
+ chvno = 3;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
memset (&pininfo, 0, sizeof pininfo);
pininfo.fixedlen = -1;
pininfo.minlen = minlen;
diff --git a/scd/iso7816.c b/scd/iso7816.c
index 9e55073..b7819bf 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -330,6 +330,7 @@ iso7816_change_reference_data (int slot, int chvno,
sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA,
oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
+ wipememory (buf, oldchvlen+newchvlen);
xfree (buf);
return map_sw (sw);
commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jan 30 14:40:26 2019 +0100
gpg: Emit an ERROR status if no key was found with --list-keys.
* g10/keylist.c (list_one): Emit status line.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 140fda8c61422ec055c3f7e214cc35706c4320dd)
diff --git a/g10/keylist.c b/g10/keylist.c
index 66b03bb..262ea8d 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -610,6 +610,7 @@ list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
{
log_error ("error reading key: %s\n", gpg_strerror (rc));
getkey_end (ctrl, ctx);
+ write_status_error ("keylist.getkey", rc);
return;
}
-----------------------------------------------------------------------
Summary of changes:
common/server-help.c | 50 +++++++++++++++++++++++++++++++++++++++++++-
common/server-help.h | 8 ++++++++
common/sexputil.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++
common/stringhelp.c | 13 ++++++++++++
common/stringhelp.h | 1 +
common/util.h | 1 +
doc/wks.texi | 2 +-
g10/keylist.c | 1 +
scd/app-common.h | 19 +++++++++--------
scd/app-openpgp.c | 23 +++++++++++++++++----
scd/app.c | 12 +++++------
scd/command.c | 3 ++-
scd/iso7816.c | 11 +++++-----
scd/iso7816.h | 8 +++++---
sm/certreqgen-ui.c | 22 +++++++++++++++++++-
15 files changed, 202 insertions(+), 30 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list