[Pkg-gnupg-commit] [gnupg2] 14/16: import more bugfixes and hardware from upstream
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Feb 6 04:20:14 UTC 2018
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 75f4f9ffbc57ea66f4ce8b70aaa02c5a352a50ac
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Feb 5 22:26:17 2018 -0500
import more bugfixes and hardware from upstream
---
...ve-assuan-error-comment-for-cmd-keyserver.patch | 35 +++
...oc-Note-pinentry-mode-for-passphrase-opts.patch | 55 ++++
...en-key-as-an-alias-for-quick-generate-key.patch | 25 ++
...-use-of-future-default-with-quick-add-key.patch | 157 +++++++++++
...g-Update-list-of-card-vendors-from-master.patch | 28 ++
...pport-KDF-Data-Object-of-OpenPGPcard-V3.3.patch | 288 +++++++++++++++++++++
debian/patches/series | 6 +
7 files changed, 594 insertions(+)
diff --git a/debian/patches/dirmngr-Improve-assuan-error-comment-for-cmd-keyserver.patch b/debian/patches/dirmngr-Improve-assuan-error-comment-for-cmd-keyserver.patch
new file mode 100644
index 0000000..17ff5f9
--- /dev/null
+++ b/debian/patches/dirmngr-Improve-assuan-error-comment-for-cmd-keyserver.patch
@@ -0,0 +1,35 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Sat, 27 Jan 2018 19:46:19 +0100
+Subject: dirmngr: Improve assuan error comment for cmd keyserver.
+
+* dirmngr/server.c: Add error comment in case --resolve fails in
+ensure_keyserver.
+--
+
+GnuPG-bug-id: 3756
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit f8e868d9dfb6fc1390e421e7993a1d076309ed83)
+---
+ dirmngr/server.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/dirmngr/server.c b/dirmngr/server.c
+index 3d0768b..ab2ca85 100644
+--- a/dirmngr/server.c
++++ b/dirmngr/server.c
+@@ -2134,8 +2134,13 @@ cmd_keyserver (assuan_context_t ctx, char *line)
+ if (resolve_flag)
+ {
+ err = ensure_keyserver (ctrl);
+- if (!err)
+- err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
++ if (err)
++ {
++ assuan_set_error (ctx, err,
++ "Bad keyserver configuration in dirmngr.conf");
++ goto leave;
++ }
++ err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
+ if (err)
+ goto leave;
+ }
diff --git a/debian/patches/doc-Note-pinentry-mode-for-passphrase-opts.patch b/debian/patches/doc-Note-pinentry-mode-for-passphrase-opts.patch
new file mode 100644
index 0000000..8e9baf9
--- /dev/null
+++ b/debian/patches/doc-Note-pinentry-mode-for-passphrase-opts.patch
@@ -0,0 +1,55 @@
+From: Andre Heinecke <aheinecke at intevation.de>
+Date: Mon, 8 Jan 2018 19:09:28 +0100
+Subject: doc: Note pinentry-mode for passphrase opts
+
+* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
+Note that pinentry-mode needs to be loopback.
+
+Signed-off-by: Andre Heinecke <aheinecke at intevation.de>
+(cherry picked from commit 6fb5713f4a6976900cc70c140e61043b6ef688d1)
+---
+ doc/gpg.texi | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 35bb9a8..9776a3b 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -3082,8 +3082,9 @@ will be read from file descriptor @var{n}. If you use 0 for @var{n},
+ the passphrase will be read from STDIN. This can only be used if only
+ one passphrase is supplied.
+
+-Note that this passphrase is only used if the option @option{--batch}
+-has also been given. This is different from GnuPG version 1.x.
++Note that since Version 2.0 this passphrase is only used if the
++option @option{--batch} has also been given. Since Version 2.1
++the @option{--pinentry-mode} also needs to be set to @code{loopback}.
+
+ @item --passphrase-file @var{file}
+ @opindex passphrase-file
+@@ -3092,8 +3093,10 @@ be read from file @var{file}. This can only be used if only one
+ passphrase is supplied. Obviously, a passphrase stored in a file is
+ of questionable security if other users can read this file. Don't use
+ this option if you can avoid it.
+-Note that this passphrase is only used if the option @option{--batch}
+-has also been given. This is different from GnuPG version 1.x.
++
++Note that since Version 2.0 this passphrase is only used if the
++option @option{--batch} has also been given. Since Version 2.1
++the @option{--pinentry-mode} also needs to be set to @code{loopback}.
+
+ @item --passphrase @var{string}
+ @opindex passphrase
+@@ -3101,8 +3104,10 @@ Use @var{string} as the passphrase. This can only be used if only one
+ passphrase is supplied. Obviously, this is of very questionable
+ security on a multi-user system. Don't use this option if you can
+ avoid it.
+-Note that this passphrase is only used if the option @option{--batch}
+-has also been given. This is different from GnuPG version 1.x.
++
++Note that since Version 2.0 this passphrase is only used if the
++option @option{--batch} has also been given. Since Version 2.1
++the @option{--pinentry-mode} also needs to be set to @code{loopback}.
+
+ @item --pinentry-mode @var{mode}
+ @opindex pinentry-mode
diff --git a/debian/patches/doc-Note-quick-gen-key-as-an-alias-for-quick-generate-key.patch b/debian/patches/doc-Note-quick-gen-key-as-an-alias-for-quick-generate-key.patch
new file mode 100644
index 0000000..34834bf
--- /dev/null
+++ b/debian/patches/doc-Note-quick-gen-key-as-an-alias-for-quick-generate-key.patch
@@ -0,0 +1,25 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Thu, 25 Jan 2018 15:14:37 +0100
+Subject: doc: Note --quick-gen-key as an alias for --quick-generate-key
+
+--
+
+(cherry picked from commit 91a3d15cee32f82a8422e76655a605c5048eaad8)
+---
+ doc/gpg.texi | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 9776a3b..927d77d 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -622,7 +622,9 @@ This section explains the main commands for key management.
+ @table @gnupgtabopt
+
+ @item --quick-generate-key @var{user-id} [@var{algo} [@var{usage} [@var{expire}]]]
++ at itemx --quick-gen-key
+ @opindex quick-generate-key
++ at opindex quick-gen-key
+ This is a simple command to generate a standard key with one user id.
+ In contrast to @option{--generate-key} the key is generated directly
+ without the need to answer a bunch of prompts. Unless the option
diff --git a/debian/patches/gpg-Fix-the-use-of-future-default-with-quick-add-key.patch b/debian/patches/gpg-Fix-the-use-of-future-default-with-quick-add-key.patch
new file mode 100644
index 0000000..932aa97
--- /dev/null
+++ b/debian/patches/gpg-Fix-the-use-of-future-default-with-quick-add-key.patch
@@ -0,0 +1,157 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Thu, 18 Jan 2018 13:38:23 +0100
+Subject: gpg: Fix the use of future-default with --quick-add-key.
+
+* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
+(parse_key_parameter_string): Add arg suggested_use and implement
+fallback. Change callers to pass 0 for new arg.
+(parse_algo_usage_expire): Pass the parsed USAGESTR to
+parse_key_parameter_string so that it can use it in case a subkey is
+to be created.
+--
+
+The problem here was that future-default gives the primary and subkey
+algorithm. However, when using future-default for adding a key, the
+second part was always used which is for encryption. If the caller
+now wanted to create a signing subkey using the future-default
+parameters this did not worked.
+
+ gpg --batch --passphrase "" --quick-add-key FPR future-default encr
+
+aready worked as did
+
+ gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign
+
+but
+
+ gpg --batch --passphrase "" --quick-add-key FPR future-default sign
+
+does only work with this fix.
+
+GnuPG-bug-id: 3747
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit e1e35db510c9222e7a7dc208c2e49df556954170)
+---
+ g10/keygen.c | 46 ++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 34 insertions(+), 12 deletions(-)
+
+diff --git a/g10/keygen.c b/g10/keygen.c
+index dc0f3f8..d4f4849 100644
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -2894,9 +2894,11 @@ generate_user_id (KBNODE keyblock, const char *uidstr)
+ * success is returned. On error an error code is returned. Note
+ * that STRING may be modified by this function. NULL may be passed
+ * for any parameter. FOR_SUBKEY shall be true if this is used as a
++ * subkey. If CLEAR_CERT is set a default CERT usage will be cleared;
++ * this is useful if for example the default algorithm is used for a
+ * subkey. */
+ static gpg_error_t
+-parse_key_parameter_part (char *string, int for_subkey,
++parse_key_parameter_part (char *string, int for_subkey, int clear_cert,
+ int *r_algo, unsigned int *r_size,
+ unsigned int *r_keyuse,
+ char const **r_curve)
+@@ -3047,6 +3049,10 @@ parse_key_parameter_part (char *string, int for_subkey,
+ if (!for_subkey)
+ keyuse |= PUBKEY_USAGE_CERT;
+
++ /* But if requested remove th cert usage. */
++ if (clear_cert)
++ keyuse &= ~PUBKEY_USAGE_CERT;
++
+ /* Check that usage is actually possible. */
+ if (/**/((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
+ && !pubkey_get_nsig (algo))
+@@ -3118,14 +3124,16 @@ parse_key_parameter_part (char *string, int for_subkey,
+ * -1 := Both parts
+ * 0 := Only the part of the primary key
+ * 1 := If there is one part parse that one, if there are
+- * two parts parse the second part. Always return
+- * in the args for the primary key (R_ALGO,....).
++ * two parts parse the part which best matches the
++ * SUGGESTED_USE or in case that can't be evaluated the second part.
++ * Always return using the args for the primary key (R_ALGO,....).
+ *
+ */
+ gpg_error_t
+ parse_key_parameter_string (const char *string, int part,
++ unsigned int suggested_use,
+ int *r_algo, unsigned int *r_size,
+- unsigned *r_keyuse,
++ unsigned int *r_keyuse,
+ char const **r_curve,
+ int *r_subalgo, unsigned int *r_subsize,
+ unsigned *r_subkeyuse,
+@@ -3164,18 +3172,31 @@ parse_key_parameter_string (const char *string, int part,
+ *secondary++ = 0;
+ if (part == -1 || part == 0)
+ {
+- err = parse_key_parameter_part (primary, 0, r_algo, r_size,
++ err = parse_key_parameter_part (primary, 0, 0, r_algo, r_size,
+ r_keyuse, r_curve);
+ if (!err && part == -1)
+- err = parse_key_parameter_part (secondary, 1, r_subalgo, r_subsize,
++ err = parse_key_parameter_part (secondary, 1, 0, r_subalgo, r_subsize,
+ r_subkeyuse, r_subcurve);
+ }
+ else if (part == 1)
+ {
+ /* If we have SECONDARY, use that part. If there is only one
+- * part consider this to be the subkey algo. */
+- err = parse_key_parameter_part (secondary? secondary : primary, 1,
+- r_algo, r_size, r_keyuse, r_curve);
++ * part consider this to be the subkey algo. In case a
++ * SUGGESTED_USE has been given and the usage of the secondary
++ * part does not match SUGGESTED_USE try again using the primary
++ * part. Noet thar when falling back to the primary key we need
++ * to force clearing the cert usage. */
++ if (secondary)
++ {
++ err = parse_key_parameter_part (secondary, 1, 0,
++ r_algo, r_size, r_keyuse, r_curve);
++ if (!err && suggested_use && r_keyuse && !(suggested_use & *r_keyuse))
++ err = parse_key_parameter_part (primary, 1, 1 /*(clear cert)*/,
++ r_algo, r_size, r_keyuse, r_curve);
++ }
++ else
++ err = parse_key_parameter_part (primary, 1, 0,
++ r_algo, r_size, r_keyuse, r_curve);
+ }
+
+ xfree (primary);
+@@ -3262,7 +3283,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key,
+ * for the curve etc. That is a ugly but demanded for backward
+ * compatibility with the batch key generation. It would be
+ * better to make full use of parse_key_parameter_string. */
+- parse_key_parameter_string (NULL, 0,
++ parse_key_parameter_string (NULL, 0, 0,
+ &i, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL);
+
+@@ -3996,7 +4017,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
+ unsigned int keyuse, subkeyuse;
+ const char *curve, *subcurve;
+
+- err = parse_key_parameter_string (algostr, -1,
++ err = parse_key_parameter_string (algostr, -1, 0,
+ &algo, &size, &keyuse, &curve,
+ &subalgo, &subsize, &subkeyuse,
+ &subcurve);
+@@ -4375,7 +4396,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
+ #endif
+ , "--full-generate-key" );
+
+- err = parse_key_parameter_string (NULL, -1,
++ err = parse_key_parameter_string (NULL, -1, 0,
+ &algo, &size, &keyuse, &curve,
+ &subalgo, &subsize,
+ &subkeyuse, &subcurve);
+@@ -4922,6 +4943,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
+ }
+
+ err = parse_key_parameter_string (algostr, for_subkey? 1 : 0,
++ usagestr? parse_usagestr (usagestr):0,
+ &algo, &nbits, &use, &curve,
+ NULL, NULL, NULL, NULL);
+ if (err)
diff --git a/debian/patches/gpg-Update-list-of-card-vendors-from-master.patch b/debian/patches/gpg-Update-list-of-card-vendors-from-master.patch
new file mode 100644
index 0000000..74eb07c
--- /dev/null
+++ b/debian/patches/gpg-Update-list-of-card-vendors-from-master.patch
@@ -0,0 +1,28 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Thu, 1 Feb 2018 12:05:19 +0100
+Subject: gpg: Update list of card vendors from master
+
+--
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit f98e193c84250bbc49d5d1c625f54f2c14501ae3)
+---
+ g10/card-util.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/g10/card-util.c b/g10/card-util.c
+index a396b7d..759dde8 100644
+--- a/g10/card-util.c
++++ b/g10/card-util.c
+@@ -212,9 +212,11 @@ get_manufacturer (unsigned int no)
+ case 0x000A: return "Dangerous Things";
+
+ case 0x002A: return "Magrathea";
++ case 0x0042: return "GnuPG e.V.";
+
+ case 0x1337: return "Warsaw Hackerspace";
+ case 0x2342: return "warpzone"; /* hackerspace Muenster. */
++ case 0xBD0E: return "Paranoidlabs";
+ case 0xF517: return "FSIJ";
+
+ /* 0x0000 and 0xFFFF are defined as test cards per spec,
diff --git a/debian/patches/scd-Support-KDF-Data-Object-of-OpenPGPcard-V3.3.patch b/debian/patches/scd-Support-KDF-Data-Object-of-OpenPGPcard-V3.3.patch
new file mode 100644
index 0000000..af53794
--- /dev/null
+++ b/debian/patches/scd-Support-KDF-Data-Object-of-OpenPGPcard-V3.3.patch
@@ -0,0 +1,288 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Mon, 22 Jan 2018 19:46:14 +0900
+Subject: scd: Support KDF Data Object of OpenPGPcard V3.3.
+
+* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
+(pin2hash_if_kdf): New.
+(verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf.
+(verify_chv2, do_sign): Follow the change of verify_a_chv.
+(verify_chv3, do_change_pin): Use pin2hash_if_kdf.
+
+--
+
+GnuPG-bug-id: 3152
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 91303b7df9c3e810cfcd4920f78bac6f8b7df2b2)
+---
+ scd/app-openpgp.c | 119 ++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 94 insertions(+), 25 deletions(-)
+
+diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
+index 6fcec3e..c9f2840 100644
+--- a/scd/app-openpgp.c
++++ b/scd/app-openpgp.c
+@@ -121,6 +121,7 @@ static struct {
+ /* V3.0 */
+ { 0x7F74, 0, 0, 1, 0, 0, 0, 0, "General Feature Management"},
+ { 0x00D5, 0, 0, 1, 0, 0, 0, 0, "AES key data"},
++ { 0x00F9, 0, 0, 1, 0, 0, 0, 0, "KDF data object"},
+ { 0 }
+ };
+
+@@ -199,7 +200,7 @@ struct app_local_s {
+ unsigned int private_dos:1;
+ unsigned int algo_attr_change:1; /* Algorithm attributes changeable. */
+ unsigned int has_decrypt:1; /* Support symmetric decryption. */
+- unsigned int kdf_do:1; /* Support KDF DOs. */
++ unsigned int kdf_do:1; /* Support KDF DO. */
+
+ unsigned int sm_algo:2; /* Symmetric crypto algo for SM. */
+ unsigned int pin_blk2:1; /* PIN block 2 format supported. */
+@@ -980,6 +981,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
+ { "PRIVATE-DO-4", 0x0104 },
+ { "$AUTHKEYID", 0x0000, -3 },
+ { "$DISPSERIALNO",0x0000, -4 },
++ { "KDF", 0x00F9 },
+ { NULL, 0 }
+ };
+ int idx, i, rc;
+@@ -2054,6 +2056,47 @@ get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
+ return result;
+ }
+
++/* Compute hash if KDF-DO is available. CHVNO must be 0 for reset
++ code, 1 or 2 for user pin and 3 for admin pin.
++ */
++static gpg_error_t
++pin2hash_if_kdf (app_t app, int chvno, char *pinvalue, int *r_pinlen)
++{
++ gpg_error_t err = 0;
++ void *relptr;
++ unsigned char *buffer;
++ size_t buflen;
++
++ if (app->app_local->extcap.kdf_do
++ && (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL)))
++ {
++ char *salt;
++ unsigned long s2k_count;
++ char dek[32];
++
++ salt = &buffer[(chvno==3 ? 34 : (chvno==0 ? 24 : 14))];
++ s2k_count = (((unsigned int)buffer[8] << 24)
++ | (buffer[9] << 16) | (buffer[10] << 8) | buffer[11]);
++ err = gcry_kdf_derive (pinvalue, strlen (pinvalue),
++ GCRY_KDF_ITERSALTED_S2K,
++ DIGEST_ALGO_SHA256, salt, 8,
++ s2k_count, sizeof (dek), dek);
++ if (!err)
++ {
++ /* pinvalue has a buffer of MAXLEN_PIN+1, 32 is OK. */
++ *r_pinlen = 32;
++ memcpy (pinvalue, dek, *r_pinlen);
++ wipememory (dek, *r_pinlen);
++ }
++
++ xfree (relptr);
++ }
++ else
++ *r_pinlen = strlen (pinvalue);
++
++ return err;
++}
++
+
+ /* Verify a CHV either using the pinentry or if possible by
+ using a pinpad. PINCB and PINCB_ARG describe the usual callback
+@@ -2068,8 +2111,8 @@ get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
+ static gpg_error_t
+ verify_a_chv (app_t app,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+- void *pincb_arg,
+- int chvno, unsigned long sigcount, char **pinvalue)
++ void *pincb_arg, int chvno, unsigned long sigcount,
++ char **pinvalue, int *pinlen)
+ {
+ int rc = 0;
+ char *prompt_buffer = NULL;
+@@ -2081,6 +2124,7 @@ verify_a_chv (app_t app,
+ log_assert (chvno == 1 || chvno == 2);
+
+ *pinvalue = NULL;
++ *pinlen = 0;
+
+ remaining = get_remaining_tries (app, 0);
+ if (remaining == -1)
+@@ -2169,8 +2213,9 @@ verify_a_chv (app_t app,
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+
+- rc = iso7816_verify (app->slot, 0x80+chvno,
+- *pinvalue, strlen (*pinvalue));
++ rc = pin2hash_if_kdf (app, chvno, *pinvalue, pinlen);
++ if (!rc)
++ rc = iso7816_verify (app->slot, 0x80+chvno, *pinvalue, *pinlen);
+ }
+
+ if (rc)
+@@ -2194,11 +2239,12 @@ verify_chv2 (app_t app,
+ {
+ int rc;
+ char *pinvalue;
++ int pinlen;
+
+ if (app->did_chv2)
+ return 0; /* We already verified CHV2. */
+
+- rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);
++ rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen);
+ if (rc)
+ return rc;
+ app->did_chv2 = 1;
+@@ -2209,7 +2255,7 @@ verify_chv2 (app_t app,
+ the card is not configured to require a verification before
+ each CHV1 controlled operation (force_chv1) and if we are not
+ using the pinpad (PINVALUE == NULL). */
+- rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
++ rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen);
+ if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
+ rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
+ if (rc)
+@@ -2319,6 +2365,7 @@ verify_chv3 (app_t app,
+ else
+ {
+ char *pinvalue;
++ int pinlen;
+
+ rc = pincb (pincb_arg, prompt, &pinvalue);
+ xfree (prompt);
+@@ -2338,7 +2385,9 @@ verify_chv3 (app_t app,
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+
+- rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
++ rc = pin2hash_if_kdf (app, 3, pinvalue, &pinlen);
++ if (!rc)
++ rc = iso7816_verify (app->slot, 0x83, pinvalue, pinlen);
+ xfree (pinvalue);
+ }
+
+@@ -2389,6 +2438,7 @@ do_setattr (app_t app, const char *name,
+ { "SM-KEY-MAC", 0x00D2, 3, 0, 1 },
+ { "KEY-ATTR", 0, 0, 3, 1 },
+ { "AESKEY", 0x00D5, 3, 0, 1 },
++ { "KDF", 0x00F9, 3, 0, 1 },
+ { NULL, 0 }
+ };
+ int exmode;
+@@ -2501,6 +2551,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+ pininfo_t pininfo;
+ int use_pinpad = 0;
+ int minlen = 6;
++ int pinlen0 = 0;
++ int pinlen = 0;
+
+ (void)ctrl;
+ memset (&pininfo, 0, sizeof pininfo);
+@@ -2685,10 +2737,17 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+ rc = gpg_error_from_syserror ();
+ else
+ {
+- strcpy (stpcpy (buffer, resetcode), pinvalue);
+- rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
+- buffer, strlen (buffer));
+- wipememory (buffer, strlen (buffer));
++ strcpy (buffer, resetcode);
++ rc = pin2hash_if_kdf (app, 0, buffer, &pinlen0);
++ if (!rc)
++ {
++ strcpy (buffer+pinlen0, pinvalue);
++ rc = pin2hash_if_kdf (app, 0, buffer+pinlen0, &pinlen);
++ }
++ if (!rc)
++ rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
++ buffer, pinlen0+pinlen);
++ wipememory (buffer, pinlen0 + pinlen);
+ xfree (buffer);
+ }
+ }
+@@ -2700,16 +2759,19 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+ rc = gpg_error (GPG_ERR_BAD_PIN);
+ }
+ else
+- rc = iso7816_put_data (app->slot, 0, 0xD3,
+- pinvalue, strlen (pinvalue));
++ {
++ rc = pin2hash_if_kdf (app, 0, pinvalue, &pinlen);
++ if (!rc)
++ rc = iso7816_put_data (app->slot, 0, 0xD3, pinvalue, pinlen);
++ }
+ }
+ else if (reset_mode)
+ {
+- rc = iso7816_reset_retry_counter (app->slot, 0x81,
+- pinvalue, strlen (pinvalue));
++ rc = pin2hash_if_kdf (app, 1, pinvalue, &pinlen);
++ if (!rc)
++ rc = iso7816_reset_retry_counter (app->slot, 0x81, pinvalue, pinlen);
+ if (!rc && !app->app_local->extcap.is_v2)
+- rc = iso7816_reset_retry_counter (app->slot, 0x82,
+- pinvalue, strlen (pinvalue));
++ rc = iso7816_reset_retry_counter (app->slot, 0x82, pinvalue, pinlen);
+ }
+ else if (!app->app_local->extcap.is_v2)
+ {
+@@ -2750,14 +2812,20 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+ pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
+ }
+ else
+- rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
+- oldpinvalue, strlen (oldpinvalue),
+- pinvalue, strlen (pinvalue));
++ {
++ rc = pin2hash_if_kdf (app, chvno, oldpinvalue, &pinlen0);
++ if (!rc)
++ rc = pin2hash_if_kdf (app, chvno, pinvalue, &pinlen);
++ if (!rc)
++ rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
++ oldpinvalue, pinlen0,
++ pinvalue, pinlen);
++ }
+ }
+
+ if (pinvalue)
+ {
+- wipememory (pinvalue, strlen (pinvalue));
++ wipememory (pinvalue, pinlen);
+ xfree (pinvalue);
+ }
+ if (rc)
+@@ -2771,7 +2839,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+ }
+ if (oldpinvalue)
+ {
+- wipememory (oldpinvalue, strlen (oldpinvalue));
++ wipememory (oldpinvalue, pinlen0);
+ xfree (oldpinvalue);
+ }
+ return rc;
+@@ -4277,8 +4345,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
+ if (!app->did_chv1 || app->force_chv1 )
+ {
+ char *pinvalue;
++ int pinlen;
+
+- rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue);
++ rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue, &pinlen);
+ if (rc)
+ return rc;
+
+@@ -4291,7 +4360,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
+ pinpad has been used. */
+ if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2)
+ {
+- rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
++ rc = iso7816_verify (app->slot, 0x82, pinvalue, pinlen);
+ if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
+ rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
+ if (rc)
diff --git a/debian/patches/series b/debian/patches/series
index 45ad2c3..5666995 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,3 +26,9 @@ build-Increase-libassuan-min-version-to-2.5.0.patch
scd-Fix-for-inactive-card-at-start-by-internal-CCID-drive.patch
gpg-Allow-the-use-of-cv25519-and-ed25519-in-the-keygen-pa.patch
gpg-Allow-futuredefault-as-alias-for-future-default.patch
+doc-Note-pinentry-mode-for-passphrase-opts.patch
+gpg-Fix-the-use-of-future-default-with-quick-add-key.patch
+scd-Support-KDF-Data-Object-of-OpenPGPcard-V3.3.patch
+doc-Note-quick-gen-key-as-an-alias-for-quick-generate-key.patch
+dirmngr-Improve-assuan-error-comment-for-cmd-keyserver.patch
+gpg-Update-list-of-card-vendors-from-master.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list