From 6651a0640d0f1b4dd161210dc55974d9b93b7253 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 5 Feb 2019 14:48:49 +0100
Subject: [PATCH] scd: Allow standard keyref scheme for app-openpgp.

* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
--

The generic keyref allows for better error detection in case a keyref
is send to a wrong card.  This has been taken from master commit
3231ecdafd71ac47b734469b07170756979ede72 which has additional changed
for gpg-card-tool, which is only available there.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 doc/wks.texi      |  2 +-
 scd/app-openpgp.c | 15 ++++++++++++++-
 scd/iso7816.c     |  1 +
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/doc/wks.texi b/doc/wks.texi
index d6798b1ab..7a19e75ff 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -124,7 +124,7 @@ Requires installation of that command.
 @item --with-colons
 @opindex with-colons
 This option has currently only an effect on the @option{--supported}
-command.  If it is used all arguimenst on the command line are taken
+command.  If it is used all arguments on the command line are taken
 as domain names and tested for WKD support.  The output format is one
 line per domain with colon delimited fields.  The currently specified
 fields are (future versions may specify additional fields):
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 760332ef9..db206f5d9 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -2563,6 +2563,8 @@ do_writecert (app_t app, ctrl_t ctrl,
      -       2   1      Verify CHV2 and set a new CHV1 and CHV2.
      -       2   2      Verify Reset Code and set a new PW1.
      -       3   any    Verify CHV3/PW3 and set a new CHV3/PW3.
+
+   The CHVNO can be prefixed with "OPENPGP.".
  */
 static gpg_error_t
 do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
@@ -2571,7 +2573,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
                void *pincb_arg)
 {
   int rc = 0;
-  int chvno = atoi (chvnostr);
+  int chvno;
   char *resetcode = NULL;
   char *oldpinvalue = NULL;
   char *pinvalue = NULL;
@@ -2585,6 +2587,17 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
 
   (void)ctrl;
 
+  if (digitp (chvnostr))
+    chvno = atoi (chvnostr);
+  else if (!ascii_strcasecmp (chvnostr, "OPENPGP.1"))
+    chvno = 1;
+  else if (!ascii_strcasecmp (chvnostr, "OPENPGP.2"))
+    chvno = 2;
+  else if (!ascii_strcasecmp (chvnostr, "OPENPGP.3"))
+    chvno = 3;
+  else
+    return gpg_error (GPG_ERR_INV_ID);
+
   memset (&pininfo, 0, sizeof pininfo);
   pininfo.fixedlen = -1;
   pininfo.minlen = minlen;
diff --git a/scd/iso7816.c b/scd/iso7816.c
index 9e550736b..b7819bfc9 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -330,6 +330,7 @@ iso7816_change_reference_data (int slot, int chvno,
 
   sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA,
                          oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
+  wipememory (buf, oldchvlen+newchvlen);
   xfree (buf);
   return map_sw (sw);