aboutsummaryrefslogtreecommitdiffstats
path: root/scd (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* scd:p15: Rename some variables and functions for clarity.Werner Koch2020-04-151-20/+20
| | | | | | | | | | | * scd/app-p15.c: Rename keyinfo to prkdf. Signed-off-by: Werner Koch <[email protected]> Backported from master. Removed the do_with_keygrip related parts because that function is not available. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Cache the PIN.Werner Koch2020-04-151-0/+8
| | | | | | | | | | | * scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified. (verify_pin): Make use of it. -- Theee is still a problem with the APDUs we send: Switching between signing and decryption does work but not in the other way. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Add missing keygrip retrieval for decryption.Werner Koch2020-04-011-0/+8
| | | | | | | | | | * scd/app-p15.c (do_decipher): Get the keygrip. -- This was lost during the backport. Fixes-commit: 4af38ea5e450b3eb79af98b9876b2b968110a459 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Support decryption with CardOS 5 cards.Werner Koch2020-04-011-2/+99
| | | | | | | | | | | | | | | * scd/app-p15.c (do_decipher): New. -- tested using the D-TRUSt card and a SCR3310 reader. The Kobil KAAN Advanced, I used for the signing tests could not be used because it supports only Short APDU Level exchange. Signed-off-by: Werner Koch <[email protected]> Back ported from master. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Factor PIN verification out to a new function.Werner Koch2020-04-011-189/+224
| | | | | | | | | | | | * scd/app-p15.c (do_sign): Factor code out to ... (prepare_verify_pin, verify_pin): new functions. -- Signed-off-by: Werner Koch <[email protected]> Bakc ported from master Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Support signing with CardOS 5 cards.Werner Koch2020-04-015-101/+285
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg r_pkey and change all callers. (app_help_get_keygrip_string): Ditto. * scd/app-p15.c (struct cdf_object_s): Use bit flags (struct aodf_object_s): Ditto. Add field 'fid'. (struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and keynbits. (parse_certid): Allow a keygrip instead of a certid aka keyref. (read_ef_aodf): Store the FID. (keygripstr_from_prkdf): Rename to ... (keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache. Change callers to directly use the values from the object. Also store the algo and length of the key ion the object. (keyref_from_keyinfo): New. Factored out code. (do_sign): Support SHA-256 and >2048 bit RSA keys. common/scd:p15: Support signing with CardOS 5 cards. * common/util.h (KEYGRIP_LEN): New. -- This has been tested with a D-Trust card featuring 3072 bit keys. Note that non-repudiation key for a qualified signature does not yet work because we do not yet support rsaPSS padding. Thus a gpgsm --learn shows a couple of Bad Signature errors for this key. Signed-off-by: Werner Koch <[email protected]> Back ported from master: - Removed do_with_keygrip - Added KEYGRIP_LEN - app_help_get_keygrip_string_pk actually added. - Move keygrip_from_prkdf in do_sign before the verification. It used to work in master only because there it is implictly called prior to signing by do_with_keygrip Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Read certificates in extended mode.Werner Koch2020-04-012-1/+17
| | | | | | | | | | | | * scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode. * scd/app-common.h (app_get_slot): New. -- Signed-off-by: Werner Koch <[email protected]> (Back ported from master) Added app_get_slot.
* scd: Add function for binary read in extended mode.Werner Koch2020-04-012-4/+17
| | | | | | | * scd/iso7816.c (iso7816_read_binary): Factor code out to ... (iso7816_read_binary_ext): new function. Add arg extended_mode. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Improve diagnosticsWerner Koch2020-04-011-164/+202
| | | | | | | | | | | | -- This removes almost all log_debug calls and uses opt.verbose and log_info to show card information. Also avoid too long and thus harder to read lines. Signed-off-by: Werner Koch <[email protected]> (back ported from master)
* scd:p15: Detect CardOS 5 cards and print some basic infos.Werner Koch2020-04-011-15/+150
| | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence the garbage warning for null bytes. (print_tokeninfo_tokenflags): New. (read_ef_tokeninfo): Print manufacturer, label, and flags. (app_select_p15): No need to use the app_get_slot macro. (CARD_TYPE_CARDOS_50): New const. (card_atr_list): Detect CardOS 5.0 -- The card under test is a "Test-Signaturkarte D-TRUST Card 3.1" for a mere 49 Euro and no specs available. D-Trust is a branch of the German Bundesdruckerei. Compare that to Telesec and Yubikey who have always been nice enough to send bunches of sample cards without a need to wade through lots of forms and not even asking for money. Guess which cards I prefer. Signed-off-by: Werner Koch <[email protected]> (backported from master)
* scd: Fix pinpad handling when KDF enabled.NIIBE Yutaka2020-03-181-0/+2
| | | | | | | | | | * scd/app-openpgp.c (do_getattr): Send the KDF DO information. -- Fixes-commit: 95c7498b76231d3297541172d878f6a26702539b Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 11da441016222337284c519ff56aca34e3042373)
* scd: Disable pinpad if it's impossible by KDF DO.NIIBE Yutaka2020-03-181-6/+29
| | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field. (do_getattr): Set pinpad.disabled field. (check_pinpad_request): Use the pinpad.disabled field. (do_setattr): Update pinpad.disabled field. -- GnuPG-bug-id: 4832 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 95c7498b76231d3297541172d878f6a26702539b) Signed-off-by: Werner Koch <[email protected]>
* build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.Werner Koch2020-02-102-0/+2
| | | | | | | | | | | | | | | | | | | | | | * common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only here but now without the Norcroft-C. Change all other places where it gets defined. * common/iobuf.h (iobuf_debug_mode): Declare unconditionally as extern. * common/iobuf.c (iobuf_debug_mode): Define it here. * agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in all main modules of all other programs. * g10/main.h: Put util.h before the local header files. -- This change is required for use with gcc/ld's LTO feature which does not allow common blocks. Further gcc 10 will make -fno-common the default and thus this chnage is always needed. What a pitty. Co-authored-by: Tomáš Mráz GnuPG-bug-id: 4831 Signed-off-by: Werner Koch <[email protected]>
* scd,ccid: Add support of GEMPC_EZIO.NIIBE Yutaka2019-11-152-5/+20
| | | | | | | | | | | * scd/ccid-driver.h (GEMPC_EZIO): New. * scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO. -- This is backport from master. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Extend keypairinfo with usage flags.Werner Koch2019-08-211-0/+11
| | | | | | * scd/app-nks.c (do_learn_status_core): Return usage. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Extend keypairinfo with usage flags.Werner Koch2019-08-211-0/+10
| | | | | | | * scd/app-openpgp.c (send_keypair_info): Return usage. -- Signed-off-by: Werner Koch <[email protected]>
* scd: New standard attributes $ENCRKEYID and $SIGNKEYID.Werner Koch2019-08-212-4/+34
| | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo. * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto. * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and "$SIGNKEYID". * scd/app-nks.c (do_getattr): Add attributes too. -- We already have $AUTHKEYID to locate the keyref of the key to be used with ssh. It will also be useful to have default keyref for encryption and signing. For example, this will allow us to replace the use of "OPENPGP.2" by a app type specific keyref. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58) Removed changes for the non-existing app-piv.c. Added support for NKS.
* gpg: Repurpose the ISO defined DO "sex" to "salutation".Werner Koch2019-08-211-1/+1
| | | | | | | | | | | | | * g10/card-util.c (current_card_status): String changes. (change_sex): Description change. (cmds): Add "salutation"; keep "sex" as an alias. -- Note that we can't change the used values or tags but at least the UI should show reflect the real purpose of the field. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
* scd: Handle CCID bwi of time extension.NIIBE Yutaka2019-08-121-1/+6
| | | | | | | | | | | | | | | | * scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier value as defined section 6.2.6 in CCID specification. -- Backport master commit of: 996c497a864d820af06333014b2c5f74d1054866 For TPDU level transfer, it was handled. This is fix for APDU level transfer. GnuPG-bug-id: 4646 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix bBWI value.NIIBE Yutaka2019-08-121-2/+2
| | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU level transfer. (ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU level transfer. -- Backported master commit of: 858dc9564326e65e6d8771af160d4513aea1e4eb GnuPG-bug-id: 4654 Signed-off-by: NIIBE Yutaka <[email protected]>
* spelling: Fix "synchronize"Daniel Kahn Gillmor2019-06-242-2/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* scd: Add dummy option --application-priority.Werner Koch2019-04-021-1/+8
| | | | Signed-off-by: Werner Koch <[email protected]>
* g10: Fix symmetric cipher algo constant for ECDH.NIIBE Yutaka2019-03-271-2/+2
| | | | | | | | | | | * g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for ECC strength 384, according to RFC-6637. -- Reported-by: Trevor Bentley Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c)
* scd: Fix flushing of CA-FPR data objectsWerner Koch2019-03-071-20/+22
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_setattr): Add new table item to flush a different tag. -- For whatever reasons the OpenPGP card reads the 3 CA fingerprints from one object but sets them individually using 3 different tags. The cache flushing was not prepared for this and so a changed CA fingerprint showed only up after a card reset. This patch fixes it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6) Fixed conflict by removing the UIF-* entries from the table.
* scd: Don't let the "undefined" app cause a conflict error.Werner Koch2019-02-251-0/+3
| | | | | | | * scd/app.c (check_conflict): Ignore "undefined". Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
* scd: Distinguish cancel by user and protocol error.NIIBE Yutaka2019-02-193-3/+6
| | | | | | | | | | | | | | * scd/apdu.h (SW_HOST_CANCELLED): New. * scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED. (pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED. * scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED. -- Cherry-picked master commit of: 2396055c096884d521c26b76f26263a146207c24 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make app_genkey and supporting ISO function more flexible.Werner Koch2019-02-116-19/+24
| | | | | | | | | | | | | | | | | | | | * scd/app.c (app_genkey): Add arg keytype. * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member. * scd/command.c (cmd_genkey): Adjust for change. * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new args p1 and p2. (iso7816_read_public_key): Adjust for this. (iso7816_generate_keypair): Add new args p1 and p2. * scd/app-openpgp.c (do_genkey): Adjust for changes. -- The OpenPGP card creates keys according to parameters read from a data object. Other cards we are about to implement require a direct specification of the requested keytype. This patch implements the required changes. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c)
* scd: Fix parameter name of app_change_key.Werner Koch2019-02-112-7/+10
| | | | | | | | | | | | * scd/app-common.h (APP_GENKEY_FLAG_FORCE): New. * scd/app.c (app_change_pin): Rename arg reset_mode to flags and change from int to unsigned int. -- This is basically a documentation fix. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c26af8ac263ea006ed32e110a09271e4bfbf1f37)
* scd: Allow standard keyref scheme for app-openpgp.Werner Koch2019-02-112-1/+15
| | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. This has been taken from master commit 3231ecdafd71ac47b734469b07170756979ede72 which has additional changed for gpg-card-tool, which is only available there. Signed-off-by: Werner Koch <[email protected]>
* scd: Add option --clear to PASSWD.Werner Koch2019-01-226-6/+45
| | | | | | | | | | | | | | | | * scd/command.c (cmd_passwd): Add option --clear. (send_status_printf): New. * scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New. * scd/app-nks.c (do_change_pin): Return an error if that option is used. * scd/app-openpgp.c (do_change_pin): Ditto. -- Card application may support this option to clear the PIN verification status of a specific PIN. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 29929e65521279eabc98a67c766fe485057405a9)
* scd: One new and one improved 7816 function.Werner Koch2019-01-226-27/+90
| | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): New arg R_SW. * scd/command.c (cmd_apdu): Ditto. * scd/iso7816.c (iso7816_apdu_direct): New arg R_SW. (iso7816_general_authenticate): New. * scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new arg. -- iso7816_general_authenticate will be used for the PIV card support. The new arg to iso7816_apdu_direct and apdu_send_direct allows to get the raw status word back without the need to handle an output buffer. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70bb5c7931598590b1acfae90bf4657f5911d2d3)
* scd: Fix for USB INTERRUPT transfer.NIIBE Yutaka2019-01-161-2/+1
| | | | | | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE, just handle this event as failure. -- Cherry-picked from master commit: 5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa It used to try another interrupt transfer request to make sure if it fails again. GnuPG-bug-id: 4308 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support "acknowledge button" feature.NIIBE Yutaka2018-12-187-1/+97
| | | | | | | | | | | | | | | | | | * scd/apdu.c (set_prompt_cb): New member function. (set_prompt_cb_ccid_reader): New function. (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader. (apdu_set_prompt_cb): New. * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb. * ccid-driver.c (ccid_set_prompt_cb): New. (bulk_in): Call ->prompt_cb when timer extension. * scd/command.c (popup_prompt): New. -- Cherry-picked master commit of: 7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make "learn" report about KDF data object.NIIBE Yutaka2018-12-061-0/+2
| | | | | | | | | | * scd/app-openpgp.c (do_learn_status): Report KDF attr. * g10/card-util.c (current_card_status): Output KDF for with_colons. -- Backport of master commit: 05d163aebc04db109ec5e004eb04a4b3796f6421 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix signing authentication status.NIIBE Yutaka2018-10-151-1/+4
| | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing. -- Cherry-picked from master commit of: 78f542e1f4495195db2e668f9cd41657fb1afc77 We have a corner case: In "not forced" situation and authenticated, and it is changed to "forced", card implementaiton can actually accept signing, but GnuPG requires authentication, because it is "forced". GnuPG-bug-id: 4177 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add support for Trustica Cryptoucan.Jiří Keresteš2018-07-293-3/+13
| | | | (cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
* scd: Writing KDF resets auth state.NIIBE Yutaka2018-04-031-1/+7
| | | | | | * scd/app-openpgp.c (do_setattr): Clear auth state. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10,scd: Support single salt for KDF data object.NIIBE Yutaka2018-03-301-7/+22
| | | | | | | | | | | | | | * g10/card-util.c (gen_kdf_data): Support single salt. (kdf_setup): Can have argument for single salt. * scd/app-openpgp.c (pin2hash_if_kdf): Support single salt. -- Gnuk has "admin-less" mode. To support "admin-less" mode with KDF feature, salt should be same for user and admin. Thus, I introduce a valid use of single salt. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support changing key attribute back to RSA.NIIBE Yutaka2018-03-301-6/+18
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA. -- In the OpenPGP card specification, there are multiple options to support RSA (having P and Q or not, etc.), and it is implementation dependent. Since GnuPG doesn't have knowledge which card implementation support which option and there is no way (yet) for card to express itself which key attributes are supported, we haven't supported key attribute change back to RSA. But, many card implementation uses P and Q, try this option. If other cases, factory-reset would be easier option. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,scd: Use pointer to represent HANDLE.NIIBE Yutaka2018-03-271-6/+10
| | | | | | | * agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p. * scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support KDF DO setup.NIIBE Yutaka2018-03-221-2/+3
| | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse the capability for KDF. * g10/card-util.c (gen_kdf_data, kdf_setup): New. (card_edit): New admin command cmdKDFSETUP to call kdf_setup. * scd/app-openpgp.c (do_getattr): Emit KDF capability. -- GnuPG-bug-id: 3823 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: signal mask should be set just after npth_init.NIIBE Yutaka2018-03-191-11/+17
| | | | | | | | | | | | | * scd/scdaemon.c (setup_signal_mask): New. (main): Call setup_signal_mask. (handle_connections): Remove signal mask setup. -- For new thread, signal mask is inherited by thread creation. Thus, it is best to setup signal mask just after npth_init. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix suspend/resume handling for CCID driver.NIIBE Yutaka2018-03-151-1/+2
| | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb to see if it's suspend/resume. -- Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all URBs are cancelled. We need to see if it's real NODEV error or its by suspend/resume. We can distinguish by sending URB again. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: After fatal error, shutdown a reader.NIIBE Yutaka2018-03-131-0/+9
| | | | | | | | | | * scd/apdu.c (pcsc_send_apdu): Notify main loop after fatal errors. -- GnuPG-bug-id: 3825 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix for GNU/Linux suspend/resume.NIIBE Yutaka2018-03-131-4/+2
| | | | | | | | | | | | | | | * configure.ac (require_pipe_to_unblock_pselect): Default is "yes". * scd/scdaemon.c (scd_kick_the_loop): Minor clean up. -- Normally SIGCONT or SIGUSR2 works for unblocking pselect. But on my machine with GNU/Linux, when a machine is suspend/resume-ed, pselect keeps blocked, while signal itself is delivered. It's better to use pipe. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix typo in previous commit.NIIBE Yutaka2018-03-121-1/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: More fix with PC/SC for Windows.NIIBE Yutaka2018-03-081-18/+20
| | | | | | | | | | * scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS. Add debug log. -- GnuPG-bug-id: 3825 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix status check when using PC/SC.NIIBE Yutaka2018-03-082-3/+14
| | | | | | | | | | | | | | | | | | | * scd/apdu.c (struct reader_table_s): Add field of current_state. (new_reader_slot): Initialize current_state. (pcsc_get_status): Keep the status in READER_TABLE array. Return SW_HOST_NO_READER when PCSC_STATE_CHANGED. * scd/scdaemon.c (handle_connections): Silence a warning. -- To detect some change of card status, including suspend/resume possibly, SCardGetStatusChange should be used keeping the dwCurrentState field. This change could improve situation for suspend/resume with Yubikey on Windows. Even not, this is doing the Right Thing. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Use new function to print status strings.Werner Koch2018-02-141-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/asshelp2.c (vprint_assuan_status_strings): New. (print_assuan_status_strings): New. * agent/command.c (agent_write_status): Replace by call to new function. * dirmngr/server.c (dirmngr_status): Ditto. * g13/server.c (g13_status): Ditto. * g13/sh-cmd.c (g13_status): Ditto. * sm/server.c (gpgsm_status2): Ditto. * scd/command.c (send_status_info): Bump up N. -- This fixes a potential overflow if LFs are passed to the status string functions. This is actually not the case and would be wrong because neither the truncating in libassuan or our escaping is not the Right Thing. In any case the functions need to be more robust and comply to the promised interface. Thus the code has been factored out to a helper function and N has been bumped up correctly and checked in all cases. For some uses this changes the behaviour in the error case (i.e. CR or LF passed): It will now always be C-escaped and not passed to libassuan which would truncate the line at the first LF. Reported-by: private_pers
* scd: Improve KDF-DO supportArnaud Fontaine2018-02-131-1/+2
| | | | | | | | | | * scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO. -- Length check added by gniibe. Signed-off-by: Arnaud Fontaine <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 21:29:49 +0000